Configuration manual
Contents
1. Enable remote HTTPS access on port 443 Enable remote SSH access on port 22 Enable remote SNMP access on port 161 Send all remaining incoming packets to default server Default Server IP Address Y Masquerade outgoing packets Apply Figure 34 Example 2 NAT configuration In this configuration equipment wired behind the router defines the address Server IP Ad dress The router replies while PING on address of SIM card Access on web interface of the equipment behind the router is possible by the help of Port Forwarding when behind IP ad 47 Connel um A BSB ELECTRONICS Company 4 CONFIGURATION dress of SIM is indicating public port of equipment on which we want to come up At demand on port 80 it is surveyed singles outer ports Public port there this port isn t defined therefore at check selection Enable remote http access it automatically opens the web interface router If this choice isn t selected and is selected volition Send all remaining incoming packets to the default server fulfill oneself connection on induction IP address If it is not selected selection Send all remaining incoming packets to default server and Default server IP address then connection requests a failure 4 10 OpenVPN Tunnel Configuration OpenVPN tunnel configuration can be called up by option OpenVPN tem in the menu OpenVPN tunnel allows protected connection of two networks LAN2. Connel um A BSB ELECTRONICS Company IKE Mode IKE Algorithm IKE Encryption IKE Hash IKE DH Group ESP Algorithm ESP Encryption ESP Hash PFS PFS DH Group Key Lifetime IKE Lifetime Rekey Margin Rekey Fuzz DPD Delay DPD Timeout Continued from previous page KA AAA Defines mode for establishing connection main or aggressive If the aggressive mode is selected establishing of IPsec tunnel will be faster but encryption will set permanently on 3DES MD5 Way of algorithm selection e auto encryption and hash alg are selected automatically e manual encryption and hash alg are defined by the user Encryption algorithm 3DES AES128 AES192 AES256 Hash algorithm MD5 nebo SHA 1 Diffie Hellman groups determine the strength of the key used in the key exchange process Higher group numbers are more se cure but require additional time to compute the key Group with higher number provides more security but requires more pro cessing time Way of algorithm selection e auto encryption and hash alg are selected automatically e manual encryption and hash alg are defined by the user Encryption algorithm DES 3DES AES128 AES192 AES256 Hash algorithm MD5 nebo SHA 1 Ensures that derived session keys are not compromised if one of the private keys is compromised in the future Diffie Hellman group number see KE DH Group Lifetime key data part of tunnel The mini
3. DNS Server Enable dynamic DHCP leases IP Pool Start 192 168 3 2 IP Pool End 1192 168 3 254 Lease Time 1600 Figure 26 WLAN configuration 38 Connel um A B amp B ELECTRONICS Company mes 4 TON FIG U RATION 4 7 Backup Routes Using the configuration form on the Backup Routes page can be set backing up primary connection by other connections to internet mobile network For each back up connection can be defined a priority Own switching is done based on set priorities and state of the connection for Primary LAN and Secondary LAN lf Enable backup routes switching option is checked the default route is selected accord ing to the settings below Namely according to status of enabling each of backup route i e Enable backup routes switching for Mobile WAN Enable backup routes switching for PPPoE Enable backup routes switching for WiFi STA Enable backup routes switching for Primary LAN or Enable backup routes switching for Secondary LAN according to explicitly set pri orities and according to status of connection check if it is enabled In addition network interfaces belonging to individual backup routes have checked a flag RUNNING This check fixes for example disconnecting of an ethernet cable Attention If you want to use connection to mobile WAN as one of the backup routes it is necessary to enable Che
4. oaoa 5 dO WP lt en Seo ee bee e eee SARA een Er 9 Se WIR OCGA sen bE VENCE SAE ANDES RE RSS EE A ox 10 So Network StatUS sus nie pa e E E dus RR Cad ee eee E dd 12 SO DAOP AUS seus casada eee ee eee da 14 Of IPE S eso user e e Ass 15 3 6 DynNDNS StatlUsS e rrgs ee ee edd asnos 15 do SUSIOMLO s44 eb s ranr MOH ETE BEES eee A E 16 4 Configuration 18 4 1 LAN Configuration aooo 2 0 18 4 2 VRRP Configuration aoaaa a a 23 4 3 Mobile WAN Configuration aooaa a a a 2 000 eee ee 25 4 3 1 Connection to Mobile Network oaaao a a 25 4 3 2 DNS Address Configuration a eee 26 4 3 3 Check Connection to Mobile Network Configuration 26 4 3 4 Data Limit Configuration 0 0 00 ee eee ee 27 4 3 5 Switch Between SIM Cards Configuration 28 4 3 6 PPPoE Bridge Mode Configuration 04 29 4 4 PPPoE Configuration 0 2 a 32 4 5 WiFi Configuration a a 33 4 6 WLAN Configuration 0 a a 37 4 7 Backup Routes aoaaa 39 4 8 Firewall Configuration 1 40 4 9 NAT Configuration a a 44 4 10 OpenVPN Tunnel Configuration 2 0 e eee ee ee 48 4 11 IPsec Tunnel Configuration 2 000 ee ee ee 53 4 12 GRE Tunnels Configuration 0 0 000 ee ee 57 Connel um A B amp B ELECTRONICS Company O N T E N T S 4 13 L2TP Tunnel Configuration ee 60 4
5. topology of the example With the serial gateway you can enable the serial line communicating devices to access the internet or another network These devices meters PLC etc can upload and download the useful data then The situation is depicted in the fig 92 The Conel router has to have serial interface port RS232 or RS232 485 installed to serve as a serial gateway Configuration is done in the Mobile WAN and Expansion Port 1 items or Expansion Port 2 for RS422 485 in the Configuration section of the web interface In this situation the router is equipped with the RS232 interface port Mobile WAN configuration is the same as in the previous situations Just insert the SIM card into the SIM1 slot at the back of the router and attach the antenna to the ANT connector at the front No extra configuration is needed depending on the SIM card used for more details see chapter 4 3 1 Expansion Port 1 configuration The interface RS232 port can be configured in the Con figuration section Expansion Port 1 item see fig 93 It s necessary to enable the RS232 port checking the Enable expansion port 1 access over TCP UDP It is possible to edit the serial communication parameters not needed in this situation Important are Protocol Mode and Port items where parameters of communication out to the network and internet can be 103 Cornell um A B amp B ELECTRONICS Company 7 CONFIGURATION IN TYPICAL SITUATIONS configur
6. 95 Cornell um A B amp B ELECTRONICS Company 7 CONFIGURATION IN TYPICAL SITUATIONS General Mobile WAN WIFI WiFi Scan Network DHCP IPsec DynDNS System Log Configuration VREF Mobile WAN PPPoE WiFi Primary LAN Secondary DHCP Client disabled v disabled IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Bridged no w no i Media Type auto negotiation auto negot Default Gateway DNS Server i Enable dynamic DHCP leases IP Pool Start 192 168 1 2 IF Pool End 192 168 1 254 Lease Time 600 sec Figure 82 Access to the Internet from LAN LAN configuration Mobile WAN Configuration Connection to the mobile network can be configured in the Mobile WAN item in the Configuration section see fig 83 In this case depending on the SIM card the configuration form can be blank just make sure that Create connection to mobile network on the top is checked factory default For more details see chapter 4 3 1 General Mobile WAN WiFi WiFi Scan Network DHCP IPsec DynDNS System Log Configuration PFP WiFi WLAN Backup Routes Firewall
7. Figure 53 Example 1 SMS configuration Example 2 Configuration of sending SMS via serial interface on the PORT1 SMS Configuration _ Send SMS on power up Send SMS on connect to mobile network J Send SMS on disconnect from mobile network Send SMS when datalimit is exceeded _ Send SMS when binary input on I O port BINO is active Add timestamp to SMS Phone Number 1 Phone Number 2 Phone Number 3 Unit ID BINO SMS Enable remote control via SMS Phone Number 1 Phone Number 2 Phone Number 3 Enable AT SMS protocol on expansion port 1 Baudrate 9600 v Enable AT SMS protocol on expansion port 2 Baudrate 9600 M Enable AT SMS protocol over TCP TCP Port can be blank Figure 54 Example 2 SMS configuration 19 why Cone um al A B amp B ELECTRONICS Company am 4 CONFIGURATION Example 3 Configuration of controlling the router via SMS from any phone number SMS Configuration _ Send SMS on power up Send SMS on connect to mobile network Send SMS on disconnect from mobile network _ Send SMS when datalimit is exceeded _ Send SMS when binary input on I O port BINO is active Add timestamp to SMS Phone Number 1 Phone Number 2 Phone Number 3 Unit ID BINO SMS Y Enable remote control via SMS Phone Number 1 i Phone Number 2
8. C Onc um A B amp B ELECTRONICS Company CONFIGURATION MANUAL for v3 Routers N RS232 RS485 DIV GPS ANT o ARA A o gt BAR O O InO Inf Out ETHO ETH1 USB PWR Ind o Pl gt i E am In a Out C Cornell mm A BSB ELECTRONICS Company USED SYMBOLS ae gt Used symbols Danger important notice which may have an influence on the user s safety or the function of the device Attention notice on possible problems which can arise in specific cases Information notice information which contains useful advice or special interest Firmware version Actual version of firmware is 4 0 2 November 28 2014 GPL licence Source codes under GPL licence are available free of charge by sending an email to info conel cz TUVRheinland COTI ISO 9001 Conel s r o Sokolska 71 562 04 Usti nad Orlici Czech Republic Manual Rev 1 released in CZ November 25 2014 Connel um A BSB ELECTRONICS Company E a O N T E N T S Contents 1 Basic Information 1 2 Access to the Web Configuration 2 2 1 Preventing the domain disagreement message 3 3 Status 4 3 1 General Status dy ipida iaaa a 4 3 1 1 Mobile Connection 0 ee 4 3 1 2 Primary LAN Secondary LAN WiFi 4 3 1 3 Peripheral Ports ee 5 3 1 4 System Information eee 5 3 2 Mobile WAN Status
9. Create connection to mobile network Primary SIM card APN Username Password Authentication IP Address PAP or CHAP bl Phone Number Operator Network Type PIN MRU 1500 MTU 1500 automatic selection 7 DNS Settings DNS Server get from operator Figure 83 Access to the Internet from LAN Mobile WAN configuration To check whether the connection is working properly go to Mobile WAN item in the Status section Information about operator signal strength etc is available At the bottom the message Connection successfully established will be written out In the Network item there is information about a newly created network interface usbO mobile connection IP address from operator route table etc can be found here Internet is accessible from LAN now 96 Cornell um 7 CONFIGURATION IN TYPICAL SITUATIONS 7 2 Backed Up Access to the Internet from LAN Mobile network Conel router q usbO e IP from operator ethO 192 168 1 1 de wlanO IP from DHCP ETH eth1 ETH 10 40 28 120 i l Ne Cable connection Wireless connection Figure 84 Backed up access to the Internet topology of the example In the situa
10. Phone Number 3 Enable AT SMS protocol on expansion port 1 Baudrate 9600 M Enable AT SMS protocol on expansion port 2 Baudrate 9600 v Enable AT SMS protocol over TCP TCP Port can be blank Figure 55 Example 3 SMS configuration Example 4 Configuration of controlling the router via SMS from the two phone numbers SMS Configuration _ Send SMS on power up Send SMS on connect to mobile network Send SMS on disconnect from mobile network _ Send SMS when datalimit is exceeded _ Send SMS when binary input on I O port BINO is active Add timestamp to SMS Phone Number 1 Phone Number 2 Phone Number 3 Unit ID BINO SMS 4 Enable remote control via SMS Phone Number 1 728123456 Phone Number 2 766254864 Phone Number 3 Enable AT SMS protocol on expansion port 1 Baudrate 9600 v Enable AT SMS protocol on expansion port 2 Baudrate 9600 al Enable AT SMS protocol over TCP TCP Port can be blank Figure 56 Example 4 SMS configuration 76 Connel um A B amp B ELECTRONICS Company a 4 TON FIG U RATION 4 20 Expansion Port Configuration Configuring of the expansion port can be done via Expansion Port 1 or Expansion Port 2 items in the menu If RS232 port is present configuration of the Expansion Port 1 only is needed If RS232 485 port is present configuration of RS232 interface is acce
11. allow Enabled filtering of forwarded packets Source Destination Target Port Action allow allow allow allow allow allow allow allow y Enable protection against DoS attacks can be blank Figure 28 Firewall configuration 42 Cornell um A B amp B ELECTRONICS Company l 4 s TON F U RATION Example of the firewall configuration The router has allowed the following access e from address 171 92 5 45 using any protocol e from address 10 0 2 123 using TCP protocol on port 1000 e from address 142 2 26 54 using ICMP protocol a SY 10 0 2 123 tra a ay a 1 1 92 5 45 Sa 142 2 26 54 Figure 29 Topology of example firewall configuration Firewall Configuration Enable filtering of incoming packets Source Protocol Target Port Action 17192545 alla 2 110 0 2 123 TCP 1000 allow 2 EM JEM a Ja Ee S Ja J a o RS ta RES ta RES ta Figure 30 Example firewall configuration 43 Connel um A B amp B ELECTRONI
12. enables X 509 authenti cation in multiclient mode e X 509 Certificate client enables X 509 authentication in client mode e X 509 Certificate server enables X 509 authentication in server mode Pre shared Secret Authentication using pre shared secret can be used for all offered authentication mode CA Certificate Auth using CA Certificate can be used for username password and X 509 Certificate modes DH Parameters Protocol for exchange key DH parameters can be used for X 509 Certificate authentication in server mode Local Certificate This authentication certificate can be used for X 509 Certificate authentication mode Local Private Key lt can be used for X 509 Certificate authentication mode Username Authentication using a login name and password authentication can be used for username password mode Password Authentication using a login name and password authentication can be used for username password mode Extra Options Allows to define additional parameters of OpenVPN tunnel such as DHCP options etc Table 36 OpenVPN tunnels configuration 90 A B amp B ELECTRONICS Company 4 CONFIGURATION C Create ist OpenVPN tunnel Description Protocol UDP a UDP port 194 Remote IP Address Remote Subnet Remote Subnet Mask Redirect Gateway Local Interface IP Address Remote Interface IP Address WN Ping Interval sec Ping Timeout sec Renegotiate Interval sec Max Fragment
13. Connel um A B amp B ELECTRONICS Company 4 TON F U RATION If Check TCP connection checked the check of the connection would be activated tem A Keepalive Time Time after which it will carry out verification of the connection Keepalive Interval Waiting time on answer Keepalive Probes Number of tests Table 65 Expansion Port configuration Check TCP connection When item Use CD as indicator of the TCP connection selected indication of the TCP connection state using signal CD DTR on the router would be activated Active TCP connection is on Nonactive TCP connection is off Table 66 CD signal description When item Use DTR as control of TCP connection selected control of the TCP connection using signal CD DTR on the router would be activated DTR Description client Active The router allows establishing a TCP Router starts TCP connection connection Nonactive The router does not permit establishing Router stops TCP connection a TCP connection Table 67 DTR signal description The changes in settings will apply after pressing the Apply button 78 Cornell um A B amp B ELECTRONICS Company i 4 COIN FIG U RATION Expansion Port 1 Configuration Enable expansion port 1 access over TCP UDP Baudrate 9600 ve Parity Stop Bits Re Split Timeout msec Protocol TCP Ea Mode C Check TCP connection Keepalive Time 3600 sec C Use CD as indicator of TCP connection C
14. Figure 23 Example 3 Mobile WAN configuration 31 Connel um A B amp B ELECTRONICS Company a 4 TON FIG U RATION 4 4 PPPoE Configuration To enter the PPPoE configuration select the PPPoE menu item If the Create PPPoE con nection option is selected the router tries to establish PPPoE connection after switching on PPPoE Point to Point over Ethernet is a network protocol which PPP frames encapsulat ing to the Ethernet frames PPPOE client to connect devices that support PPPoE bridge or a server typically ADSL router After connecting the router obtains the IP address of the device to which it is connected All communications from the device behind the PPPoE server is forwarded to industrial router PPPoE Configuration Create PPPoE connection Username password S Authentication PAP or CHAP e MRL 14 92 bytes MTU 1492 bytes Get DNS addresses from server Figure 24 PPPoE configuration AA A Username Username for secure access to PPPoE Password Password for secure access to PPPoE Authentication Authentication protocol in GSM network e PAP or CHAP authentication method is chosen by router e PAP it is used PAP authentication method e CHAP it is used CHAP authentication method MRU Maximum Receiving Unit It is the identifier of the maximum size of packet which is possible to recese in given environment De fault value is set to 1492 bytes Other settings may cause in
15. Use DTR as control of TCP connection Apply Figure 57 Expansion port configuration Examples of the expansion port configuration PC RS232 ppp0 10 0 0 1 EM 192 168 1 1 Em ppp0 10 0 0 2 gt 192 168 1 100 Settings in application on PC Settings in the router TCP connection on 10 0 0 2 2000 Mode TCP Server Default Gateway 192 168 1 1 Server Addres TCP Port 2000 Figure 58 Example 1 expansion port configuration 79 Cornell mm A B amp B ELECTRONICS Company CONFIGURATION PLC pppO 10 0 0 1 A ppp 10 0 0 2 Settings in the router Settings in the router Mode TCP Client Mode TCP Server Server Addres 10 0 0 2 Server Addres TCP Port 2000 TCP Port 2000 Figure 59 Example 2 expansion port configuration All v3 routers provide a program called getty which allows user to connect to the router via the serial line router must be fitted with an expansion port RS232 Getty displays the prompt and after entering the username passes it on login program which asks for a password verifies it and runs the shell After logging in it is possible to manage the system as well as a user is connected via SSH 80 Connel um A BSB ELECTRONICS Company 4 21 USB Port Configuration The USB port configuration can be made choosing USB Port option in the menu Config uration can be done if USB RS232 converter connected CA AA Baudrate Appli
16. bin0 is active If binary input isn t active this put isn t active parameter enables switching back to default SIM card Switch to default SIM card after This parameter defines the method how the router will timeout try to switch back to default SIM card or default APN Table 23 Switch between SIM card configurations The following parameters define the time after which the router attempts to go back to the default SIM card or APN KC Description Initial timeout The first attempt to switch back to the primary SIM card or APN shall be made for the time defined in the parameter Initial Time out range of this parameter is from 1 to 10000 minutes Subsequent Timeout In an unsuccessful attempt to switch to default SIM card the router on the second attempt to try for the time defined in the parameter Subsequent Timeout range is from 1 to 10000 min Additive constants Any further attempt to switch back to the primary SIM card or APN shall be made in time computed as the sum of the previous time trial and time defined in the parameter Additive constants range is 1 10000 minutes Table 24 Switch between SIM card configurations Example If parameter Switch to default SIM card after timeout is checked and parameters are set as follows Initial Timeout 60 min Subsequent Timeout 30 min and Additive Timeout 20 min the first attempt to switch the primary SIM card or APN shall be carried out after 60 minutes Switched to a fai
17. fault telephone number used 99 1 Operator This item can be defined PLNM preferred carrier code Network type e Automatic selection router automatically selects transmission method according to the availability of transmission technology e Furthermore according to the type of router it s also possible to select a specific method of data transmission GPRS UMTS PIN PIN parameter should be set only if it requires a SIM card router SIM card is blocked in case of several bad attempts to enter the PIN MRU Maximum Receiving Unit It s an identifier of maximum size of packet which is possible to receive in a given environment Default value is 1500 B Other settings may cause incorrect transmission of data MTU Maximum Transmission Unit It s an identifier of max size of packet which is possible to transfer in a given environment Default value is 1500 B Other settings may cause incorrect transmission of data Table 19 Mobile WAN connection configuration 20 Cornell um A B amp B ELECTRONICS Company aa 4 CONFIGURATION Tips for working with the Mobile WAN configuration form e If the size is set incorrectly data transfer may not be succeeded By setting a lower MTU it occurs to more frequent fragmentation of data which means higher overhead and also the possibility of damage of packet during defragmentation On the contrary the higher value of MTU can cause that the network does not transfer the
18. secure communications Functions such as DHCP NAT NAT T DynDNS NTP VRRP control by SMS backup primary connection and many other Automatic check of PPP connection offering an automatic restart feature in case of connection fail hardware watchdog monitoring the status of the router It s possible to insert Linux scripts for various actions Several different configurations for one LTE wireless router and the option to switch between them e g via SMS binary input status etc Automatic upgrade configuration and firmware update from server This allows mass reconfiguration of many routers at one time Ways of configuration Routers can be configured via web browser or Secure Shell SSH Configuration via Web Browser is described in this Configuration Manual Commands and scripts applicable in configuration via SSH are described in Commands and Scripts for v2 and v3 Routers Application Note 1 The standard and optional equipment and technical parameters of your router can be found in User s Manual of your router You can use additional software communication VPN server SmartCluster 2 and software for router monitoring R SeeNet 8 4 This Configuration Manual describes e Configuration of the router item by item according to the web interface chapters 3 to 6 e Examples of these typical configurations of the router chapter 7 Access to the Internet from LAN Local Area Network via mobile network Backed up access to t
19. 2000 Figure 61 Example 1 USB port configuration Equipment e USB RS232 pppO 10 0 0 1 EM Y ppp0 10 0 0 2 SY Settings in the router Settings in the router Mode TCP Client Mode TCP Server Server Addres 10 0 0 2 Server Addres TCP Port 2000 TCP Port 2000 Figure 62 Example 2 USB port configuration 83 Connel um A B amp B ELECTRONICS Company 4 CONFIGURATION 4 22 Startup Script In the window Startup Script it is possible to create own scripts which will be executed after all initial scripts The changes in settings will apply after pressing the Apply button Startup Script El bin sh H This script will be executed after all the other init scripts You can put your own initialization stuff in here Figure 63 Startup script O Change take effect after shut down and witch on router by the help of button Reboot in web administration or by SMS message Example of Startup script When start the router stop syslogd program and start syslogd with remote logging on address 192 168 2 115 and limited to 100 entries listing Startup Script Startup Script ll bin sh This script will be executed after all the other init scripts You can put your own initialization stuff in here killall syslogd syslogd R 192 166 2 115 S 100 Figure 64 Example of Startup script 84 Connel um A BSB ELECTRONICS Company oe 4 CONFIGURATION
20. Configuration SMTP Server Address smtp domain com Username name domain com Password pass Own Email Address name domain com Figure 52 SMTP configuration E mail can be sent from the Startup script Startup Script item in the Configuration section or via SSH connection The command email is can be used with the following parameters o receiver s E mail address e S subject em message e a attachment file o r number of attempts to send email default 2 attempts set O Commands and parameters can be entered only in lowercase Example of sending an e mail email t name domain com s subject m message a ca directory abc doc r 5 This command sends e mail to address name domain com with the subject subject body message message and attachment abc doc right from the directory c directory and attempts to send 5 times 70 Connel um A B amp B ELECTRONICS Company n 4 TON F U RATION e 4 19 SMS Configuration SMS configuration can invoked by SMS item in the Configuration section Sending of SMS can be defined in various events and states of the router Sending od SMS can be configured in the first part of the window tem AA Send SMS on power up Automatic sending of SMS messages after power up Send SMS on connect to mobile Automatic sending SMS message after connection to network mobile network Send SMS on disconnect to mo Automatic sen
21. Data limit configuration e 21 Default and backup SIM configuration 0000028 28 Switch between SIM card configurations 2 ee 29 Switch between SIM card configurations a a eee 29 PPPoE configuration 32 WiFi configuration 36 WLAN configuration 37 Configuration of DHCP Server o 38 Backup ROUTES o eecia braba ERE Bw BO Ed ga E 40 Filtering of incoming packets ee 41 Forwarding filtering oaoa o 42 NAT configuration 44 Configuration of send all incoming packets o a 44 Remote access configuration o 45 Overview OpenVPN tunnels o 2 48 OpenVPN tunnels configuration ee ee 50 Example OpenVPN configuration 0 0 00 eee ee ee ee 52 Overview IPsec tunnels 53 IPsec tunnel configuration e 55 Example IPsec configuration aooo a a 57 vii Connel um A B amp B ELECTRONICS Company a E ST O F TA R L E S 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 Overview GRE tunnels aoaaa aa a a a a 58 GRE tunnel configuration a 58 Example GRE tunnel configuration a aooaa aa a a a a a 59 L2TP tunnel configuration o 60 Example L2TP tu
22. Pool End Lease Time sec O Enable static DHCP leases MAC Address IP Address 01 23 45 67 89 ab 192 168 1 10 01 54 68 18 ba 7e 192 168 111 Figure 14 Example 2 LAN Configuration 21 Cornell um A B amp B ELECTRONICS Company e 4 CONFIGURATION Example 3 The network interface with default gateway and DNS server e Default gateway IP address is 192 168 1 20 e DNS server IP address is 192 168 1 20 CJ 192 168 1 2 192 168 1 3 dl 192 168 1 4 BO GSM GPRS 192 168 1 1 192 168 1 20 Figure 15 Example 3 Topology of LAN Configuration LAN Configuration Primary LAN Secondary LAN Tertiary LAN DHCP Client disabled v enabled v emabled 7 waddress hasi oo S Subnet Mask 255 255 255 0 E Bridged no Y no 7 no T Media Type auto negotiation r auto negotiation r auto negotiation Default Gateway 192168120 S EA DNS Server 182 168 120 Enable dynamic DHCP leases IP Pool Start 192 168 1 2 IP Pool End 192 168 1 4 Lease Time se Enable static DHCP leases MAC Address IP Address Figure 16 Example 3 LAN Configuration 22 Connel um A B amp B ELECTRONICS Company l 4 CO N G U RATIO N 4 2 VRRP Configuration To enter the VRRP configuration select the VRRP menu item VRRP protocol Virtual Router Redundancy Protocol is a technique that enables forwarding of routing from main router to backup router in the case of main router failure I
23. accessible in Configuration section 16 apt h m Cone um A B amp B ELECTRONICS Company 2013 07 02 013 0702 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 2013 07 02 12 46 14 12 46 19 12 46 19 12 46 19 12 46 19 12 46 19 12 46 19 12 46 19 12 46 19 12 46 20 12 46 20 12 46 20 12 46 20 12 46 29 12 46 29 12 46 29 12 46 29 12 46 29 12 46 30 12 46 31 12 46 31 system Log System Messages System log daemon started pepsd 426 pppsd 426 pepsd 426 pppsd started module is turned on selected SIM lat dnsmasg 453 started version 2 59 cachesize 150 dnsmasq 453 cleared cache bard 455 pppsd 426 pppsd 426 bard started selected APN conel agnep cz Waiting for registration pppsd 426 starting usbd usbd 500 usbd 500 sshd 506 usbd 500 usbd 500 usbd 500 bard 455 bard 455 bard 455 usbd started establishing connection Server listening on 0 0 0 0 port 22 connection established local IP address 10 0 1 229 primary DNS address 10 0 0 1 backup route selected Mobile WAN script etc scripts ip up started script etc scripts ip up finished status dnsmasg 453 reading etc resolv conf dnsmasg 453 using nameserver 10 0 0 1453 Example of logging into the remot
24. from the operator By way of contrast set manually option allows you to set IP addresses of Primary DNS servers manually using the DNS Server item 4 3 3 Check Connection to Mobile Network Configuration If the Check Connection item is set to enabled or enabled bind checking the connection to mobile network is activated Router will automatically send ping requests to the specified domain or IP address Ping IP Address item in regular time interval Ping Interval In case of unsuccessful ping a new one will be sent after ten seconds If it fails to ping the IP address of three times in a row the router terminates the current connection and tries to establish new 26 Connel um A B amp B ELECTRONICS Company e 4 P CO N F U RAT O N ones Checking can be set separately for two SIM cards or two APNs As a ping address can be used an IP address for which it is certain that it is still functional and is possible to send ICMP ping e g DNS server of operator In the case of the enabled option ping requests are sent on the basis of routing table Thus the requests may be sent through any available interface If you require each ping request to be sent through the network interface which was created on the occasion of establishing a connection to the mobile operator it is necessary to set the Check Connection item to enabled bind The disabled variant deactivates checking the connection to mobile network CA EA Ping I
25. packet If the P address field is not filled in the operator automatically assigns the IP address when it is establishing the connection If filled IP address supplied by the operator router accelerate access to the network If the APN field is not filled in the router automatically selects the APN by the IMSI code of the SIM card If the PLMN operator number format is not in the list of APN then default APN is internet The mobile operator defines APN e lf the word blank is filled in the APN field router interprets APN as blank O ATTENTION e If only one SIM card is plugged in the router router has one slot for a SIM card router switches between the APN Router with two SIM cards switches between SIM cards e Correct PIN must be filled For SIM cards with two APN s there will be the same PIN for both APN s Otherwise the SIM card can be blocked by false SIM PIN Items marked with an asterisk must be filled in only if this information is required by the op erator carrier In case of unsuccessful establishing a connection to mobile network is recommended to check the accuracy of entered data Alternatively try a different authentication method or network type 4 3 2 DNS Address Configuration The DNS Settings item is designed for easier configuration on the client side When this item is set to the value get from opertor router makes an attempt to automatically get an IP address of the primary and secondary DNS server
26. side e L2TP server in the case of a server must be defined IP address range offered by the server e L2TP client in case of client must be defined the IP address of the server Server IP Address IP address of server Client Start IP Address Start IP address in range which is offered by server to clients Client End IP Address End IP address in range which is offered by server to clienis Local IP Address IP address of the local side of the tunnel Remote IP Address IP address of the remote side of the tunnel Remote Subnet Address of the network behind the remote side of the tunnel Remote Subnet Mask The mask of the network behind the remote side of the tunnel Username Username for login to L2TP tunnel Password Password for login to L2TP tunnel Table 44 L2TP tunnel configuration The changes in settings will apply after pressing the Apply button L2TP Tunnel Configuration C Create L2TP tunnel Mode L2TP client e Server IP Address Client Start IP Address Client End IP Address Local IP Address Remote IP Address i Remote Subnet Remote Subnet Mask Username Password can be blank Figure 44 L2TP tunnel configuration 60 Connel um A B amp B ELECTRONICS Company l 4 a CO N F U RATIO N Example of the L2TP Tunnel configuration 192 168 1 2 Router A pppO 10 0 0 1 192 168 1 1 pppO 10 0 0 2 192 168 2 1 ee Default Gateway 192 168 1 1
27. stations shall maintain a local TSF timer freq Frequency band of WiFi network kHz beacon interval Period of time synchronization capability List of access point AP properties signal Signal level of access point AP last seen Last response time of access point AP SSID Identifier of access point AP Supported rates DS Parameter set ERP Extended supported rates RSN Supported rates of access point AP The channel on which access point AP broadcasts Extended Rate PHY information element providing backward compatibility Supported rates of access point AP that are beyond the scope of eight rates mentioned in Supported rates item Robust Secure Network The protocol for establishing a se cure communication through wireless network 802 11 Table 10 Information about Neighbouring WiFi Networks 10 why Cone um A BSB ELECTRONICS Company 5 e 3 ST ATU S WiFi Scan List of BS5s B55 00 22 88 02 0b bd on wlan0 TSF 446998707938 usec 5d 04 09 58 freq 2447 beacon interval 100 capability ESS Privacy ShortSlotTime 0x0411 signal 87 00 dBm last seen 930 ms ago Information elements from Probe Response frame S5ID conelguest Supported rates 1 0 2 0 5 5 11 0 6 0 9 0 12 0 18 0 DS Parameter set channel amp ERP Barker Preamble Mode Extended supported rates 24 0 36 0 48 0 54 0 RSH Version 1 Group cipher CCMP Pairwise ciphers CCHP Authentication suites PSK Capab
28. the position 1 None indicates that this position is equipped with no port Expansion Port 2 Expansion port fitted to the position 2 None indicates that this position is equipped with no port Binary Input State of binary input Binary Output State of binary output Table 2 Peripheral Ports 3 1 4 System Information KC Description Firmware Version Information about the firmware version Serial Number Serial number of the router in case of N A is not available Profile Current profile standard or alternative profiles profiles are used for example to switch between different modes of operation Supply Voltage Supply voltage of the router Temperature Temperature in the router Time Current date and time Uptime Indicates how long the router is used Table 3 System Information 3 2 Mobile WAN Status The Mobile WAN menu item contains current information about connections to the mobile network The first part of this page Mobile Network Information displays basic information about mobile network the router operates in There is also information about the module which is mounted in the router CA A Registration State of the network registration Operator Specifies the operator s network the router operates in Technology Transmission technology PLMN Code of operator Cell Cell the router is connected to LAC Location Area Code unique number assigned to each location area Continued on next page Connel
29. to mobile ne Check Connection Ping IP Address Ping Interval fecessary for unin operation enabled bind T SE disabled om disabled gt Mobile WAN configuration 99 Cornell um 7 CONFIGURATION IN TYPICAL SITUATIONS Backup Routes configuration Finally configure the priorities of the backup routes The eth1 wired connection has the highest priority in this situation In case of failure the second priority has WiFi wlan0 network interface and then the mobile connection usbO network interface See fig 89 for corresponding settings of the Backup Routes item System of backup routes has to be activated by checking the Enable backup routes switching item Then enable backup routes switching at every backup route used and set up the priorities Click the Apply button to confirm the changes For detailed configuration see chapter 4 7 General Enable backup routes switching Mobile WAN WiFi i Enable backup routes switching for Mobile WAN Gua WiFi Scan Priority 3rd Ml Network DHCP Enable backup routes switching for PPPoE IPsec Priority Ist a DynDNS Ping IP Address System Log Ping Interval Es Configuration Enable backup routes switching for WiFi STA aie Priority 2nd ff VRRP is Ge i Ping IP Address Mobile WAN PPPoE Ping Interval EN sec WiFi Backup Routes Priority Ist 7 Tove al Ping IP Address Enable b
30. to the one which looks like one homogenous In the OpenVPN Tunnels Configuration window are two rows each row for one configured OpenVPN tunnel CA AA Create Enables the individual tunnels Description Displays a name of the tunnel specified in the configuration form Edit Configuration of OpenVPN tunnel Table 35 Overview OpenVPN tunnels Open PN Tunnels Configuration Create Description e EM Figure 35 OpenVPN tunnels configuration KC AA Description Description or name of tunnel Protocol Communication protocol e UDP OpenVPN will communicate using UDP e TCP server OpenVPN will communicate using TCP in server mode e TCP client OpenVPN will communicate using TCP in client mode UDP TCP port Port of the relevant protocol UDP or TCP Remote IP Address IP address of opposite tunnel side domain name can be used Continued on next page 48 Connel um A B amp B ELECTRONICS Company 4 CONFIGURATION Continued from previous page item Description Remote Subnet Remote Subnet Mask Redirect Gateway Local Interface IP Address Remote Interface IP Address Ping Interval Ping Timeout Renegotiate Interval Max Fragment Size Compression NAT Rules IP address of a network behind opposite tunnel side Subnet mask of a network behind opposite tunnel side Allows to redirect all traffic on Ethernet Defines the IP address of a local interface Defin
31. um A BSB ELECTRONICS Company 3 STATUS Continued from previous page CA Description Channel Channel the router communicates on Signal Strength Signal strength of the selected cell Signal Quality Signal quality of the selected cell e EC IO for UMTS and CDMA it s the ratio of the signal received from the pilot channel EC to the overall level of the spectral density ie the sum of the signals of other cells IO e RSRQ for LTE technology Defined as the ratio RRE e The value is not available for the EDGE technology Neighbours Signal strength of neighboring hearing cells Manufacturer Module manufacturer Model Type of module Revision Revision of module IMEI IMEI International Mobile Equipment Identity number of module ESN ESN Electronic Serial Number number of module for CDMA routers MEID MEID number of module Table 4 Mobile Network Information Highlighted in red adjacent cells have a close signal quality which means that there is imminence of frequent switching between the current and the highlighted cell The next section of this window displays information about the quality of the connection in each period Today Yesterday This week Last week This period Last period Today from 0 00 to 23 59 Yesterday from 0 00 to 23 59 This week from Monday 0 00 to Sunday 23 59 Last week from Monday 0 00 to Sunday 23 59 This accounting period Last accounting period Table 5 Description of Perio
32. 00 100 100 2 tunO 100 100 100 1 public IP 10 0 6 239 Tunnel VPN e Router Cable connection Wireless connection ETH Network 10 40 28 0 LAN Figure 90 Secure networks interconnection topology of the example VPN Virtual Private Network is a secured encrypted and authenticated verified con nection of two LANs into one so it performs as one homogenous LAN LANs are connected over public untrusted network Internet see fig 90 In Conel routers you can use more ways protocols for this reason e OpenVPN it is also configuration item in the web interface of the router see chapter 4 10 or Application Note 5 e Psec it is also configuration item in the web interface of the router see chapter 4 11 or Application Note 6 You can create also non encrypted tunnels GRE PPTP and L2TP with Conel router In combination with IPsec you can use GRE or L2TP tunnel to create VPN There is an example of OpenVPN tunnel in the fig 90 The prerequisite in this situation is that we know IP address of opposite router IP address of opposite side of the tunnel not necessary and the pre shared secret key To create the OpenVPN tunnel it is necessary to configure the Mobile WAN and OpenVPN items in the Configuration section Mobile WAN configuration The mobile connection can be configured the same way as in the previous situations router connects itself after inserting the SIM card into SIM1
33. 1 4 1 30140 2 2 lt address gt 10 0 2 VIF value information field 1 3 6 1 4 1 30140 2 2 lt address gt 11 0 2 measured value 1 3 6 1 4 1 30140 2 2 lt address gt 12 0 3 3 1 3 6 1 4 1 30140 2 2 lt address gt 13 0 VIF value information field measured value 1 3 6 1 4 1 30140 2 2 lt address gt 100 0 47 VIF value information field 1 3 6 1 4 1 30140 2 2 lt address gt 101 0 47 measured value Table 55 Object identifier for M BUS port The meter address can be from range 0 254 when 254 is broadcast All SPECTRE v3 routers also provide information about internal temperature of the device OID 1 3 6 1 4 1 30140 3 3 and power voltage OID 1 3 6 1 4 1 30140 3 4 It is important to set the IP address of the SNMP agent router in field Remote SNMP agent After enter the IP address is in a MIB tree part is possible show object identifier The path to objects is iso org dod internet private enterprises conel protocols The path to information about router is iso org dod internet mgmt gt mib 2 system 68 why Cone um A B amp B ELECTRONICS Company CO N F U RAT O N MG SOFT MIB Browser Professional Edition File Edit View SNMP Action Tools Window Help NORA ima scared Query MB Ping Remote SNMP agent Split 192 168 2 250 al E vertical MIB tree Query results El Fa MIB Tree EE ccitt Remote address 1927 4668
34. 14 PPTP Tunnel Configuration A 62 4 15 DynDNS Client Configuration o ee 64 4 16 NTP Client Configuration a a 65 4 17 SNMP Configuration 66 4 18 SMTP Configuration a a a 70 4 19 SMS Configuration a 71 4 19 1 SendingSMS 2 0 0 0 0 ce 73 4 20 Expansion Port Configuration mo 77 4 21 USB Port Configuration 0 0 2 e 81 422 Startup oC e sss reirse cisi aaa 84 Ao UP DOWN SOMPE e amp s esset amd Cee kb AA 85 4 24 Automatic Update Configuration aoao aoao e 2 2 86 5 Customization 88 dd USerMOQUICS s gt s usura rosa ore 88 6 Administration 90 6 1 Remote cCcess 90 6 2 Change Profile o e o o 90 6 3 Change Password 91 6 4 Set Real Time Clock e 91 6 5 Set SMS Service Center Address 2 91 6 6 Unlock SIM Card ys oe hb es sds a e bu es 92 Or OTA Mo a eere rene pudene r Een 92 6 8 Backup Configuration a e e 93 6 9 Restore Configuration 0 a 93 6 10 Update Firmware 93 BARBA 94 7 Configuration in Typical Situations 95 7 1 Access to the Internet from LAN 2 95 7 2 Backed Up Access to the Internet from LAN 97 7 3 Secure Networks Interconnection or Using VPN 101 7 4 Serial Gatewa
35. 2 250 port 161 transport IP UDP Be em Local address 192 168 2 119 port 4915 transport IP UDP Protocol version SHM Pwd S org EE dod E Request binding aes internet T 1 sysLocation O DisplavwStringi null Response binding E mgmt 1 sysLocation 0 DisplayString Usti nad Orlici 55 73 74 60 20 6E 61 64 20 4F 72 60 69 63 69 hex EE mib 2 OID 1361 21 14 fom OOO A E Figure 50 Example of the MIB browser SNMP Configuration W Enable SNMP agent Location Usti nad Orlici Contact Jack Roghul 420 732 123 4 W Enable SNMPv1 v2 access Community public Enable SNMPv3 access Username Authentication Privacy Privacy Password W Enable I O extension 4 Enable M BUS extension Baudrate 300 Parity even Stop Bits 4 Enable reporting to supervisory system can be blank Figure 51 Example of SNMP configuration 69 Connel um A B amp B ELECTRONICS Company Eaa 4 CONFIGURATION 4 18 SMTP Configuration The item SMTP is used for configuring SMTP Simple Mail Transfer Protocol client for sending e mails tem Description SMTP Server Address IP or domain address of the mail server Username Name to e mail account Password Password to e mail account Own E mail Address Address of the sender Table 56 SMTP client configuration Mobile operator can block other SMTP servers then you can use only the SMTP server of operator Example settings SMTP client SMTP
36. 4 23 Up Down Script In the window Up Down Script it is possible to create own scripts In the item Up script is defined a script which begins after establishing a PPP WAN connection In the item Down Script is defined script which begins after lost a PPP WAN connection The changes in settings will apply after pressing the Apply button Up Down Script Up Script hin sh This script will be executed when FFP WAN connection is established Down Script bin sh This script will be executed when FFP WAN connection is lost Figure 65 Up Down script Example of UP Down script After establishing or lost a connection the router sends an email with information about establishing or loss a connection Up Down Script Up Script E pin sh This script will be executed when PPP WAN connection is established email t namefdomain com s Conel router m PPP connection is established Down Script bin sh This script will be executed when PPP WAN connection is lost email t namefdomain com s Conel router m PPP connection is lost Figure 66 Example of Up Down script 85 Connel um A B amp B ELECTRONICS Company a 4 TON FIG U RATION 4 24 Automatic Update Configuration In the window Automatic update it is possible to set automatic configuration update This choice enables that the router automatically downloads the configuration and the newest
37. CS Company R 4 TON FIG U RATION e 4 9 NAT Configuration To enter the Network Address Translation configuration select the NAT menu item NAT Network address Translation Port address Translation PAT is a method of adjusting the net work traffic through the router default transcript and or destination IP addresses often change the number of TCP UDP port for walk through IP packets The window contains sixteen entries for the definition of NAT rules A A Public Port Public port Private Port Private port Type Protocol selection Server IP address IP address which will be forwarded incoming data Table 32 NAT configuration If necessary set more than sixteen rules for NAT rules then is possible insert into start up script following script Startup Script item in the Configuration section iptables t nat A napt p tcp dport PORT _PUBLIC j DNAT to destination IPADDR PORT1 _PRIVATE Concrete IP address IPADDR and ports numbers PORT PUBLIC and PORT_PRIVATE are filled up into square bracket The following items are used to set the routing of all incoming traffic from the PPP to the connected computer AMA AAA Send all remaining incoming By checking this item and setting the Default Server item packets to default server it is possible to put the router into the mode in which all incoming data from GPRS will be routed to the computer with the defined IP address Default Server IP Address Send all inc
38. Default Gateway 192 168 2 1 A Figure 45 Topology of example L2TP tunnel configuration Configuration of the L2TP tunnel Configuration EN CO Mode L2TP Server L2TP Client Server IP Address 10 0 0 1 Client Start IP Address 192 168 1 2 Client End IP Address 192 168 1 254 Local IP Address 192 168 1 1 Remote IP Address Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 299 259 295 0 255 259 255 0 Username username username Password password password Table 45 Example L2TP tunel configuration 61 Connel um A B amp B ELECTRONICS Company E 4 4 TON F U RATION 4 14 PPTP Tunnel Configuration O PPTP is an unencrypted protocol To enter the PPTP tunnels configuration selectthe PPTP menu item PPTP tunnel allows protected connection by password of two networks LAN to the one which it looks like one homogenous Itis a similar method of VPN execution as L2TP The tunnels are active after selecting Create PPTP tunnel stem CE Mode PPTP tunnel mode on the router side e PPTP server in the case of a server must be defined IP address range offered by the server e PPTP client in case of client must be defined the IP address of the server Server IP Address IP address of server Local IP Address IP address of the local side of the tunnel Remote IP Address IP address of the remote side of the tunnel Remote Subnet Address of the network behind the remote side of the tunnel Rem
39. DynDNS record is already up to date e DynDNS record successfully update e DNS error encountered e DynDNS server failure For correct function of DynDNS SIM card of router must have public IP address assigned 3 9 System Log In case of any connection problems it is possible to view the system log by pressing the System Log menu item Detailed reports from individual applications running in the router are displayed Use the Save Log button to save the system log to a connected computer The second button Save Report is used for creating detailed report generates all support needed information in one file The default length of the system log is 1000 lines After reaching 1000 lines the new file is created for storing the system log After completion of 1000 lines in the second file the first file is overwritten with the new one Program syslogd can be started with two options to modify its behavior Option s fol lowed by decimal number sets the maximal number of lines in one log file Option r followed by hostname or IP address enables logging to a remote syslog daemon In the Linux OS has to be remote logging on the target computer enabled typically running syslogd r In the Windows OS has to be syslog server installed e g Syslog Watcher To start syslogd with these options the etc init d syslog script can be modified or killall syslogd and syslogd lt options gt amp lines can be added into Startup Script
40. Firmware To view the information about the firmware version and instructions for its update select the Update Firmware menu item New firmware is selected via Browse button and update the following pressing the Update button It takes about three and half minutes to complete the update Update Firmware Firmware version 20 7 2010 12 16 New Firmware Figure 79 Update firmware 93 Connel um A B amp B ELECTRONICS Company 6 ADMINISTRATION After successful firmware update the following statement is listed informs about update of the FLASH memory Uploading firmware to RAM ok Pe oe ae ok Reboot in progress Continue here after reboot O Upload firmware of different device can cause damage of the router During the update of the firmware the permanent power supply has to be maintained 6 11 Reboot To reboot the router select the Reboot menu item and then press the Reboot button Reboot The reboot process will take about 20 seconds to complete Figure 80 Reboot 94 Cornell um mma 7 CONFIGURATION IN TYPICAL SITUATIONS 7 Configuration in Typical Situations Although Conel routers have wide variety of usage they are used in these typical situations mostly In this chapter there are four examples of router s configuration in the typical situations Examples include the configuration of all items needed for router to work properly in that situation 7 1 Access to the Inte
41. GPADDR Displays the IP address of the pppo interface AT CGSN Returns the product serial number AT CIMI Returns the International Mobile Subscriber Identity number IMSI AT CMGD Deletes a message from the location Continued on next page 73 Connel um A B amp B ELECTRONICS Company 4 TON F U RATION Continued from previous page AT Command AT CMGF Sets the presentation format of short messages AT CMGL Lists messages of a certain status from a message storage area AT CMGR Reads a message from a message storage area AT CMGS Sends a short message from the device to entered tel number AT CMGW Writes a short message to SIM storage AT CMSS Sends a message from SIM storage location value AT COPS Identifies the available mobile networks AT CPIN Is used to query and enter a PIN code AT CPMS Selects SMS memory storage types to be used for short message operations AT CREG Displays network registration status AT CSCA Sets the short message service centre SMSC number AT CSCS Selecis the character sei AT CSQ Returns the signal strength of the registered network AT GMI Returns the manufacturer specific identity AT GMM Returns the manufacturer specific model identity AT GMR Returns the manufacturer specific model revision identity AT GSN Returns the product serial number ATE Determines whether or not the device echoes characters ATI Transmits the manufacturer specific information about the device Table 63
42. IP address SIM card Table 59 Control SMS 72 Connel um A B amp B ELECTRONICS Company Choosing Enable AT SMS protocol on expansion port 1 and Baudrate it is possible to send receive an SMS on the serial Port 1 KC EA Baudrate Communication speed on expansion port 1 Table 60 Send SMS on serial PORT1 configuration Choosing Enable AT SMS protocol on expansion port 2 and Baudrate itis possible to send receive an SMS on the serial Port 2 CA A Baudrate Communication speed on expansion port 2 Table 61 Send SMS on serial PORT2 configuration Choosing Enable AT SMS protocol on TCP port and enter the TCP port it is possible to send receive an SMS on the TCP port SMS messages are sent with the help of standard AT commands AC AA TCP Port TCP port the sending receiving SMS messages will be allowed on Table 62 Send SMS on ethernet PORT1 configuration 4 19 1 Sending SMS After establishing connection with the router via serial interface or Ethernet it is possible to use AT commands for work with SMS messages The following table lists the commands that are supported by Conel routers For other AT commands OK response is always sent There is no support for complex AT commands in such a case ERROR response is sent by router AT Command AT CGMI Returns the manufacturer specific identity AT CGMM Returns the manufacturer specific model identity AT CGMR Returns the manufacturer specific model revision identity AT C
43. List of AT commands A detailed description and examples of these AT commands can be found in the application note AT commands Example 1 SMS sending configuration After powering up the router at the mentioned the phone number comes SMS in this form Router Unit ID has been powered up Signal strength xx dBm After connect to mobile network at the mentioned phone number comes SMS in this form Router Unit ID has established connection to mobile network IP address xxX xXX XXX XXX After disconnect to mobile network at the mentioned phone number comes SMS in this form Router Unit ID has lost connection to mobile network IP address xxx xxx xxx xxx 74 why Cone um ap A B amp B ELECTRONICS Company 4 a CO N F U RATIO N SMS Configuration Send SMS on power up Y Send SMS on connect to mobile network Send SMS on disconnect from mobile network Send SMS when datalimit is exceeded Send SMS when binary input on I O port BINO is active Y Add timestamp to SMS Phone Number 1 723123456 Phone Number 2 756858635 Phone Number 3 603854758 Unit ID BINO SMS 4 Enable remote control via SMS Phone Number 1 Phone Number 2 Phone Number 3 Enable AT SMS protocol on expansion port 1 Baudrate 9600 M Enable AT SMS protocol on expansion port 2 Baudrate 9600 M Enable AT SMS protocol over TCP TCP Port can be blank
44. N interface set the Operating Mode to station STA enable the DHCP client and fill in the default gateway and DNS server for accessing the Internet Click the Apply button to confirm the changes For details see chapter 4 6 Configure connection to a WiFi network in the WiFi item see fig 87 Here check the Enable WiFi and fill in the data for connection SS D security password and confirm clicking the Apply button For detailed configuration see 4 5 chapter To verify successful WiFi connection see Status section WiFi item There will be wpa_state COMPLETED written out if connected successfully General Enable WLAN interface Mobile WAN Operating Mode station STA T WiFi WiFi Scan DHCP Client enabled F Network IP Address DHCP Subnet Mask IPsec DynDNS Bridged no 7 System Log E Default Gateway 1192 168 3 1 eis gu DNS Server 192 168 3 1 LAN VRRP Enable dynamic DHCP leases Mobile WAN IP Pool Start PPPOE IP Pool End i Lease Time 0 sec Sackup Routes Apply Firewall Figure 86 Backed up access to the Internet WLAN configuration Mobile WAN configuration To configure the mobile connection it is sufficient to insert the SIM card into the SIM1 slot and attach the antenna to the ANT connector as in previous situation depending on used SIM card For using the system of backup routes it s necessary to enable check of connection in the Mobile WAN item see fig 88 Set the Check connection opti
45. OE COMNGUIAUION s s caseras eee eee de he wend EEE A 32 WiFi configuration 36 WLAN configuration 38 Backup Routes 5 20 sms o dm E Ed he E Bae eds oo 39 Firewall configuration 42 Topology of example firewall configuration o 43 Example firewall configuration 43 Example 1 Topology of NAT configuration 04 45 Example 1 NAT configuration 0 46 Example 2 topology of NAT configuration 47 Example 2 NAT configuration a eee ee ee ee 47 OpenVPN tunnels configuration o 48 OpenVPN tunnel configuration ee 51 Topology of example OpenVPN configuration 04 52 IPsec tunnels configuration o 93 IPsec tunnels configuration o 56 Topology of example IPsec configuration a ao aoa oaoa a a a a 004 57 Connel um A BsB ELECTRONICS Company meras ST 0 F F e U RES 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 GRE tunnels configuration e 58 GRE tunnel configuration o oo a e a a 59 Topology of GRE tunnel configuration a 59 L2TP tunnel configuration a o oo 60 Topo
46. ON a 192 168 1 3 GSM GPRS 192 168 1 1 192 168 1 4 Figure 11 Example 1 Topology of LAN Configuration LAN Configuration Primary LAN Secondary LAN Tertiary LAN DHCP Client addres 9216811 Do po Subnet Mask 2552552550 Bridged Media Type Default Gateway o pm server o o o Enable dynamic DHCP leases IP Pool Start 192 168 1 2 IF Pool End 192 168 1 4 Lease Time sec Enable static DHCP leases MAC Address IP Address Figure 12 Example 1 LAN Configuration Example 2 The network interface with dynamic and static DHCP server 20 4 CONFIGURATION e The range of allocated addresses from 192 168 1 2 to 192 168 1 4 e The address is allocated 10 minutes e Client with MAC address 01 23 45 67 89 ab has IP address 192 168 1 10 e Client with MAC address 01 54 68 18 ba 7e has IP address 192 168 1 11 QC 192 168 1 2 Es 192 168 1 3 Ro E BO GSM GPRS 192 168 1 1 SY 192 168 1 10 192 168 1 11 01 23 45 67 89 ab 01 54 68 18 ba 7e Figure 13 Example 2 Topology of LAN Configuration LAN Configuration Primary LAN Secondary LAN Tertiary LAN DHCP Client disabled w enabled v emabled IP address DIB oo E A Subnet Mask 2552552550 Do o Bridged CO iim ii Media Type auto negotiation v auto negotiation v auto negotiation ro Default Gateway Doo To SD Do oO E Y Enable dynamic DHCP leases 1P Pool Start 1P
47. P Address Destinations IP address or domain name of ping queries Ping Interval Time intervals between the outgoing pings Table 20 Check connection to mobile network configuration If the Enable Traffic Monitoring option is selected then the router stops sending ping ques tions to the Ping IP Address and it will watch traffic in connection to mobile network If this connection is without traffic longer than the Ping Interval then the router sends ping questions to the Ping IP Address Attention The enabling of Check connection to mobile network is necessary for uninterrupted and lasting operation of the router 4 3 4 Data Limit Configuration KC EA Data limit With this parameter you can set the maximum expected amount of data transmitted sent and received over GPRS in one billing period month Warning Threshold Parameter Warning Threshold determine per cent of Data Limit in the range of 50 to 99 which if is exceeded then the router sends SMS in the form Router has exceeded value of Warning Threshold of data limit Accounting Start Parameter sets the day of the month in which the billing cycle starts SIM card used Start of the billing period defines the op erator which gives the SIM card The router begin to count the transferred data since that day Table 21 Data limit configuration If parameters Switch to backup SIM card when data limit is exceeded and switch to default SIM card when data limit isn t exceeded s
48. Protocol Specifies protocol for remote access e all access is enabled for all protocols e TCP access is enabled for TCP protocol e UDP access is enabled for UDP protocol e ICMP access is enabled for ICMP protocol Target Port The port number on which access to the router is allowed Action Type of action e allow access is allowed e deny access is denied Table 30 Filtering of incoming packets The following part of the configuration form defines the forwarding policy If Enabled filter ing of forwarded packets item is not checked packets are automatically accepted If this item is checked and incoming packet is addressed to another network interface it will go to the FORWARD chain In case that the FORWARD chain accepted this packet there is a rule for its forwarding it will be sent out If the forwarding rule does not exist packet will be dropped Then there is a table for defining the rules It is possible to allow all traffic within the selected protocol rule specifies only protocol or create stricter rules by specifying items for source IP address destination IP address and port CL Description Source IP address of source device Destination IP address of destination device Protocol Specifies protocol for remote access e all access is enabled for all protocols e TCP access is enabled for TCP protocol e UDP access is enabled for UDP protocol e ICMP access is enabled for ICMP
49. SNMP agent configuration Enabling SNMPv1 v2 is performed using the Enable SNMPv1 v2 access item It is also necessary to define a password for access to the SNMP agent Community Standard public is predefined The Enable SNMPv3 access item allows you to enable SNMPv3 Then you must define the following parameters KA A Username User name Authentication Encryption algorithm on the Authentication Protocol that is used to ensure the identity of users Authentication Password Password used to generate the key used for authentication Privacy Encryption algorithm on the Privacy Protocol that is used to ensure confidentiality of data Privacy Password Password for encryption on the Privacy Protocol Table 51 SNMPv3 configuration In addition you can continue with this configuration e By choosing Enable I O extension it is possible to monitor binary inputs I O on the router e By choosing Enable M BUS extension and enter the Baudrate Parity and Stop Bits it is possible to monitor the meter status connected to the expansion port MBUS status 66 Connel um A B amp B ELECTRONICS Company CA A Baudrate Communication speed Parity Control parity bit e none data will be sent without parity e even data will be sent with even parity e odd data will be sent with odd parity Stop Bits Number of stop bit Table 52 SNMP configuration MBUS extension By choosing Enable reporting to supervisory syst
50. Server IP or domain address primary NTP server Address Secondary NTP IP or domain address secondary NTP server Server Address Timezone By this parameter it is possible to set the time zone of the router Daylight Saving Time Using this parameter can be defined time shift e No time shift is disabled e Yes time shift is allowed Table 49 NTP configuration Example of the NTP conf with set primary ntp cesnet cz and secondary tik cesnet cz NTP server and with daylight saving time NTF Configuration C Enable local NTP service Synchronize clock with NTP server Primary NTP Server intp cesnet cz a Secondary NTP Server tik cesnet ca Timezone GMT 01 00 Daylight Saving Time yes Mi Figure 49 Example of NTP configuration 65 Connel um A B amp B ELECTRONICS Company 4 ON E U RATION 4 17 SNMP Configuration To enter the SNMP configuration it is possible with SNMP agent v1 v2 or v3 configuration which sends information about the router eventually about the I O inputs or the expansion port MBUS SNMP Simple Network Management Protocol provides status information about network elements such as routers or end computers To enable this service check the Enable SNMP agent item EA Description Name Designation of the router Location Placing of the router Contact Person who manages the router together with information how to contact this person Table 50
51. Size bytes Compression LZ0 w NAT Rules Authenticate Mode E Pre shared Secret CA Certificate DH Parameters Local Certificate Local Private Key can be blank E Figure 36 OpenVPN tunnel configuration 91 Connel um A B amp B ELECTRONICS Company l 4 a CO N F U RATIO N Example of the OpenVPN tunnel configuration Router A pppO 10 0 0 1 192 168 1 0 Router B tun0 19 16 1 0 pppO 10 0 0 2 ii 192 168 2 0 tun0 19 16 2 0 ere Default Gateway 192 168 1 1 Default Gateway 192 168 2 1 aoe Figure 37 Topology of example OpenVPN configuration OpenVPN tunnel configuration Configuration ES E Protocol UDP UDP UDP Port 1194 1194 Remote IP Address 10 0 0 2 10 0 0 1 Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 299 255 255 0 293 299 299 0 Local Interface IP Address 19 16 1 0 19 16 2 0 Remote Interface IP Address 19 16 2 0 19 18 1 0 Compression LZO LZO Authenticate mode none none Table 37 Example OpenVPN configuration O Examples of different options for configuration and authentication of OpenVPN tunnel can be found in the application note OpenVPN Tunnel 5 92 Connel um A B amp B ELECTRONICS Company 4 CONFIGURATION 4 11 IPsec Tunnel Configuration IPsec tunnel configuration can be called up by option Psec item in the menu IPsec tunnel allows protected encrypted connection of two networks LAN to the one which looks like one homogenous In the IPsec Tunne
52. Tx Data TAS EB VRRP More Information Mobile WAN PPPoE WiFi IP Address Unassigned WLAN MAC Address 7C 66 9D 35 A3 F8 Backup Routes More Information Firewall NAT OpenVPN IP Address Unassigned ee MAC Address 78 A5 04 2F 7E 3D Secondary LAN More Information Peripheral Ports Expansion Port 1 None Expansion Port 2 None Binary Input O OFF Binary Input 1 OFF Binary Output OFF System Information Expansion Port 1 Expansion Port 2 Firmware Version 4 0 2 2014 11 20 BETA USB Port Serial Number N A Profile Standard li Sac Supply Voltage UE be Oy Up Down Script Temperature 39 C Automatic Update Time 2014 11 24 14 22 00 Uptime days 7 hours 28 minutes Customization User Modules Administration Change Profile Change Password Set Real Time Clock Set SMS Service Center Unlock SIM Card Send SMS Backup Configuration Restore Configuration Update Firmware Reboot Figure 1 Example of the web configuration Cornell um a san a acme 2 ACCESS TO THE WEB CONFIGURATION The left part of the web interface contains the menu with sections for monitoring Status Configuration Customization and Administration of the router Name and Location items in the right upper corner displays the name and location of the router filled in the SNMP configuration see SNMP Configuration For increased safety of the network managed by the router the default router
53. a e e a a e a 86 User MOGUICS 4 564424 be 64H RELA AAA 89 viii Connel um A B amp B ELECTRONICS Company gt 1 BASIC INFORMATION 1 Basic Information Cellular routers SPECTRE v3 LTE are designed for communication in mobile networks using LTE HSPA UMTS EDGE or GPRS technology Data transfer speed is up to 100 Mbit s download and up to 50 Mbit s upload The router is an ideal solution for wireless connection of traffic and security camera systems individual computers LANs automatic teller machines ATM other self service terminals etc Standard equipment of the router Two Ethernet 10 100 ports one USB 2 0 Host port two binary inputs and one output I O connector Two readers for 3 V and 1 8 V SIM cards memory card reader for microSD cards maximum capacity of inserted card can be 64 GB 32 GB in case of SDHC cards Optional equipment of the router The router can be equipped with WiFi module on cus tomer s request it is not possible to add it to the router later in the future Other possible inter faces are Three ports SWITCH serial line RS232 or combined serial line RS485 RS232 Router is supplied either in a plastic or metal casing based on the requirements of the customer For details see the router s Technical manual Configuration possibilities Statistics about the router activities signal strength detailed system log etc Creation of VPN tunnels using technologies IPSec OpenVPN and L2TP for
54. ackup routes switching for Primary LAN NAT Ping Interval sec OpenVPN E IPsec i Enable backup routes switching for Secondary LAN q a Priority ist Y od Ping IP Add Nal Ores Ed ing ress DynDNS Ping Interval sec Figure 89 Backed up access to the Internet Backup Routes configuration The router configured this way now serves to computers in LAN for backed up access to the Internet You can verify the configured network interfaces in the Status section in the Network item There you should see active network interfaces ethO connection to LAN eth1 wired connection to the Internet wlan0 WiFi connection to the Internet and usbO mobile connection to the Internet IP adresses and other data are included At the bottom you can see the Route Table and corresponding changes of it when e g wired connection fails or cable disconnected default route changes to wlan0 And the same if WiFi is not available the mobile connection will be used Backup routes are working even if not activated in the Backup Routes item but with implicit priorities of network interfaces set as factory default These priorities are different from the ones desired in this situation see chapter 4 7 100 Cornell um mma 7 CONFIGURATION IN TYPICAL SITUATIONS 7 3 Secure Networks Interconnection or Using VPN Mobile Conel router network Router OpenVPN a Tunnel S tunO 1
55. ange password 6 4 Set Real Time Clock Disposable setting of the router internal clock can be invoked by pressing the Set Real Time Clock item in the main menu of the web interface Date and time can be set manually through the Date and Time items Always enter data in a format that is illustrated in the figure below The clock can be also adjusted according to the specified NTP server Finally it is necessary to press the Apply button Set Real Time Clock 2013 07 08 12 50 17 Apply Figure 74 Set real time clock 6 5 Set SMS Service Center Address This option is not available in cable routers In some cases it is needed to set the phone number of the SMS service centre because of SMS sending This parameter can not be set when the SIM card has set phone number of the SMS service centre The phone number can be formed without international prefix xxx xxx xxx or with international prefix for example 420 xxx xxx xxx 91 Connel um A BSB ELECTRONICS Company a 6 ADMINISTRATION Set SMS Service Center Address Service Center Address Figure 75 Set SMS service center address 6 6 Unlock SIM Card a This option is not available in cable routers Possibility to unlock SIM PIN is under Unlock SIM Card item If the inserted SIM card is secured by a PIN number enter the PIN to field SIM PIN and push button Apply SIM card is blocked after three failed attempts to enter the PIN code Unlock SIM C
56. ard SIM PIN Figure 76 Unlock SIM card 6 7 Send SMS a This option is not available in cable routers sending SMS messages is possible in menu Send SMS The SMS message will be sent after entering the Phone number and text SMS Message and by pushing button Send Mes sages of the standard length 160 characters can be sent For sending long SMS messages the user module pduSMS can be used Send SMS Phone number Message Figure 77 Send SMS 92 Cornell um A B amp B ELECTRONICS Company aa 6 ADMINISTRATION SMS message sending via HTTPS request is in the form GET send_exec cgi phone 2B420712345678 amp message lest Authorization Basic cm9vdDpyb290 HTTPS request will be sent to TCP connection on router port 443 Router sends an SMS message with text Test SMS is sent to phone number 420712345678 Authorization is in the format user password coded by BASE64 In the example is used for root root 6 8 Backup Configuration The router configuration is possible to save by help of the Backup Configuration menu item After clicking on this menu it is possible to check a destination directory where it will save the router configuration 6 9 Restore Configuration In case it is needed to restore the router configuration it is possible in Restore Configura tion menu item to check configuration by help Browse button Restore Configuration Figure 78 Restore configuration 6 10 Update
57. ared base authentication using WEP key e WPA PSK authentication using better authentication method PSK PSK e WPA2 PSK authentication using AES encryption Encryption Type of data encryption in WiFi network e None No data encryption e WEP Encryption using static WEP keys This encryption can be used for Shared authentication e TKIP Dynamic management of encryption keys which can be used for WPA PSK and WPA2 PSK authentication e AES Improved encryption used for WPA2 PSK authentication WEP Key Type Type of WEP key for WEP encryption e ASCII WEP key is entered in ASCII format e HEX WEP key is entered in hexadecimal format WEP Default Key Specifies default WEP key Continued on next page 34 Connel um A BSB ELECTRONICS Company Continued from previous page AC A WEP Key 1 4 ltems for different four WEP keys e WEP key in ASCII format must be entered in quotes and must have the following lengths 5 ASCII characters 40b WEP key 13 ASCII characters 104b WEP key 16 ASCII characters 128b WEP key e WEP key in hexadecimal format must be entered using only hexadecimal digits and must the following lengths 10 hexadecimal digits 40b WEP key 26 hexadecimal digits 104b WEP key 32 hexadecimal digits 128b WEP key WPA PSK Type The type of encryption when WPA PSK authenticating e 256 bit secret e ASCII passphrase e PSK File WPA PSK Key fo
58. ay topology of the example 2 2 103 Serial Gateway konfigurace Expansion Port o o 104 vi Connel um A B amp B ELECTRONICS Company o ST O F TA B L E S List of Tables ONO 01 BON ECO OOo lSOOSOSO OS OSOONNNNNNNNNNAs aa O O OOo EONAO O ONO BONA AOOONO 0 E O NO Mobile GONNECII N sepi xamsa dta pepeg a 4 Penpheral POS corras aaa AAA 5 System Information oaoa a a a a a a a a 5 Mobile Network Information a 6 Description of Periods 6 Mobile Network Statistics aoa oaoa oa a a e a 7 Name STaliStiCS s e2 eteee bean ar 7 State Information about Access Point ooo a a a a a a a a 9 State Information about Connected Clients 9 Information about Neighbouring WiFi Networks oaoa 10 Description of interface in network status oaoa aoao a e e e a 0028 12 Description of Information in Network Status ooo a a 13 DHCP status description a aoa aoaaa a a 14 Configuration of the Network Interface 18 Configuration of Dynamic DHCP Server 19 Configuration of Static DHCP Server 19 VRRP CONTIQUEQUON s sa a a as E A A 23 GHECK CONNECION ss ce secador wd Be a e E ds 23 Mobile WAN connection configuration 25 Check connection to mobile network configuration 27
59. ble 11 Description of interface in network status Each of the interfaces shows the following information CA A HWadar Hardware unique address of networks interface inet IP address of interface P t P IP address second ends connection Beast Broadcast address Mask Mask of network MTU Maximum packet size that the equipment is able to transmit Metric Number of routers over which packet must go trought RX e packets received packets e errors number of errors e dropped dropped packets e overruns incoming packets lost because of overload e frame wrong incoming packets because of incorrect packet size Continued on next page 12 Connel um A B amp B ELECTRONICS Company 3 ST ATU S E Continued from previous page CA A TA e packets transmit packets e errors number of errors dropped dropped packeis overruns outgoing packets lost because of overload carrier wrong outgoing packets with errors resulting from the physical layer collisions Number of collisions on physical layer txqueuelen Length of front network device RX bytes Total number of received bytes TX bytes Total number of transmitted bytes Table 12 Description of Information in Network Status It is possible to read status of connection to mobile network from the network information If the GPRS EDGE connection to mobile network is active it will be shown in the system information as a ppp0 inter
60. c Pot Private Port Type Server IP Address PL e PL ey PL ey PL ey PL ey PL ey PL dr PL ey PL ey LM Jem PL ey PL ey AA Enable remote HTTPS access on port Enable remote SSH access on port W Enable remote SNMP access on port W Send all remaining incoming packets to default server Default Server IP Address 192 168 1 2 Y Masquerade outgoing packets Figure 32 Example 1 NAT configuration In these configurations it is important to have marked choice of Send all remaining incom ing packets it default server IP address in this case is the address of the device behind the router Connected equipment behind the router must have set Default Gateway on the router Connected device replies while PING on IP address of SIM card 46 Cornell um A B amp B ELECTRONICS Company 4 CONFIGURATION Example 2 Configuration with more connected equipment Q Switch pppO 10 0 0 1 SY 162 209 13 222 192 168 1 2 80 10 0 0 1 83 10 0 0 1 81 192 168 1 3 80 192 168 1 4 80 Figure 33 Example 2 topology of NAT configuration NAT Configuration Public Port Private Port Type Server IP Address 81 180 TCP v 1192 168 1 2 82 80 TCP v 1192 168 1 3 83 80 TCP_v 192 168 1 4 TCP v TCP v TCP v TCP vw TCP v TCP v TCP v TCP v TCP
61. c1 192 168 2 0 24 10 0 0 132 10 0 1 228 192 168 1 0 24 erouted eroute omer HZ ipsecl uyip mmset hisip unset myap r ete scripts updomi hisup etcs script supdonn ipsecl ike_life 3600s ipsec life 3600s rekey margin 540s rekey fuzz 100 keyingtries ipsecl policy PSHRtENCRYPT TUNNELtUP prio 24 24 interface pppO ipsecl newest ISAEMP Si fl newest IPsec SA fo ipsecl IKE algorithm newest AES CEC 125 5HA41 MODP2048 2 ipsecl 500 STATE QUICK Ie sent O12 IPsec SA established EVENT 34 REPLACE in 2705s newest IPSEC erout 2 ipsecl esp d07es08010 0 1 228 esp 7esbetTeeG 10 0 0 132 tum 0 10 0 1 228 tun 0010 0 0 132 ref 0 refhim 4254 1 ipsecl 500 STATE MAIN Id ISAFMP SA established EVENT SA REPLACE in 2733s newest ISAKMP lastdpd ls se Figure 7 IPsec Status 3 8 DynDNS status The result of DynDNS record update from the server www dyndns org can be invoked pressing the DynDNS item in the Status menu DynDNS Status Last DynDNS Update Status DynDNS record successfully updated Figure 8 DynDNS status 15 Connel um A B amp B ELECTRONICS Company E 2 3 ST ATU S Following messages are possible when detecting the status of DynDNS record update e DynDNS client is disabled e Invalid username or password e Specified hostname doesn t exist e Invalid hostname format e Hosiname exists but not under specified username e No update performed yet e
62. ck Connection at Mobile WAN configuration to enable bind option see chapter 4 3 1 Backup Routes Configuration Enable backup routes switching Enable backup routes switching for Mobile WAN priority it Enable backup routes switching for PPPoE Priority st Ping IP Address Ping Interval Enable backup routes switching for WiFi STA Priority 1st Ping IP Address Ping Interval Enable backup routes switching for Primary LAN Priority 1st Ping IP Address Ping Interval _ Enable backup routes switching for Secondary LAN Priority 4st Ping IP Address Ping Interval Enable backup routes switching for Tertiary LAN Priority 4st Ping IP Address Ping Interval Figure 27 Backup Routes 39 Connel um A B amp B ELECTRONICS Company e 4 z CO N F U RAT O N lf Enable backup routes switching option is not checked Backup routes system operates in the so called backward compatibility mode The default route is selected based on implicit priorities according to the status of enabling settings for each of network interface as the case may be enabling services that set these network interfaces Names of backup routes and corresponding network interfaces in order of implicit priorities e Mobile WAN pppX usbX PPPoE ppp0 e WiFi STA wlan0 e Secondary LAN eth1 e lertiary LAN eth2 Primary LAN eth0 Example Secondary LAN is selected as the defau
63. cor rect data transmission MTU Maximum Transmission Unit It is the identifier of the maximum size of packet which is possible to transfer in given environment Default value is set to 1492 bytes Other settings may cause in correct data transmission Table 25 PPPoE configuration If setting bad packet size value MRU MTU the transmission can be unsuccessful 32 Connel um A B amp B ELECTRONICS Company e 4 z CO N F U RAT O N 4 5 WiFi Configuration db This item is available only if the router is equipped with a WiFi module The form for configuration of WiFi network can be invoked by pressing the WiFi item in the main menu of the router web interface Enable WiFi check box at the top of this form is used to activate WiFi lt is also possible to set the following properties CA AA Operating mode WiFi operating mode e access point AP router becomes an access point to which other devices in station STA mode can be connected e station STA router becomes a client station it means that receives data packets from the available access point AP and sends data from cable connection via wifi network SSID Unique identifier of WiFi network Broadcast SSID Method of broadcasting the unique identifier of SSID network in bea con frame and type of response to a request for sending the beacon frame e Enabled SSID is broadcasted in beacon frame e Zero length Beacon frame does not incl
64. ding SMS message after disconnection bile network to mobile network Send SMS when datalimit Automatic sending SMS message after datalimit ex exceeded ceeded Send SMS when binary input on Automatic sending SMS message after binary input I O port BINO is active on I O port BINO is active Text of message is in tended parameter BINO Add timestamp to SMS Adds time stamp to sent SMS messages This stamp has a fixed format YYYY MM DD hh mm ss Phone Number 1 Telephone numbers for sending automatically gener ated SMS Phone Number 2 Telephone numbers for sending automatically gener ated SMS Phone Number 3 Telephone numbers for sending automatically gener ated SMS Unit ID The name of the router that will be sent in an SMS BINO SMS SMS text messages when activate the binary input on the router Table 57 Send SMS configuration In the second part of the window it is possible to set function Enable remote control via SMS After enabling it is possible to control the router by SMS message 11 Connel um A B amp B ELECTRONICS Company l 4 CO N E G U RAT O N stem Description Phone Number 1 This control can be configured for up to three numbers If is set Enable remote control via SMS all incoming SMS are processed and deleted In the default settings this parameter is turned on Phone Number 2 This control can be configured for up to three numbers If is set Enable remote control via SMS all incomi
65. dress IP address of the router and IP address of the DNS server IP address of the router to the connected clients If these values are filled in by the user in the configuration form they are preferred DHCP server supports static and dynamic assignment of IP addresses Dynamic DHCP server assigns clients IP addresses from a defined address space Static DHCP assigns IP addresses that correspond to the MAC addresses of connected clients CA A Enable dynamic If checked dynamic DHCP server enabled DHCP leases IP Pool Start Start of IP addresses allocated to the DHCP clients IP Pool End End of IP addresses allocated to the DHCP clients Lease time Client can use the IP address for this amount of time in seconds Table 15 Configuration of Dynamic DHCP Server CA AA Enable static If checked static DHCP server enabled DHCP leases MAC Address MAC address of a DHCP client IP Address Assigned IP address Table 16 Configuration of Static DHCP Server It is important not to overlap ranges of static allocated IP addresses with addresses allo cated by the dynamic DHCP Collision of IP addresses and incorrect function of network may occur if ranges overlaped Example 1 The network interface with dynamic DHCP server e The range of dynamic allocated addresses from 192 168 1 2 to 192 168 1 4 e The address is allocated 600 second 10 minutes 19 Cornell um A B amp B ELECTRONICS Company 4 CONFIGURATI
66. ds Connel um A BSB ELECTRONICS Company 3 ST ATU S CA A Signal Min Minimal signal strength Signal Avg Average signal strength Signal Max Maximal signal strength Cells Number of switch between cells Availability Availability of the router via the mobile network expressed as a percent age Table 6 Mobile Network Statistics Tips for Mobile Network Statistics table e Availability of connection to mobile network is information expressed as a percentage that is calculated by the ratio of time when connection to mobile network is established to the time when the router is turned on e After you place your cursor on the maximum or minimum signal strength the last time when the router reached this signal strength is displayed In the middle part of this page is displayed information about transferred data and number of connections for both SIM cards for each period CA A RX data Total volume of received data TX data Total volume of sent data Connections Number of connection to mobile network establishment Table 7 Traffic Statistics The last part Mobile Network Connection Log informs about the mobile network connec tion and problems in establishment Registration Operator Signal Strength Neighbours Mobile WAN Status Mobile Network Information Home Network T Mobile CZ EDGE 23001 6926 353E 30 71 dBm 83 dBm 80 81 dBm 57 93 dBm 59 More Information Signa
67. e daemon at 192 168 2 115 Figure 9 System Log Startup Script STATUS Startup Script l bin sh killall syslogd syslogd R 192 166 2 115 Figure 10 Example program syslogd start with the parameter r This script will be executed after all the other init scripts You can put your own initialization stuff in here 17 Connel um A B amp B ELECTRONICS Company e 4 z CO N F U RAT O N 4 Configuration 4 1 LAN Configuration To enter the Local Area Network configuration select the LAN menu item in the Con figuration section Primary LAN is for the first ETH routers interface left ETH connector Secondary LAN is for the second ETH routers interface right ETH connector Tertiary LAN is for the SWITCH Expansion Port 3x Ethernet if installed CA Deseription DHCP Client e disabled The router does not allow automatic allocation IP ad dress from a DHCP server in LAN network e enabled The router allows automatic allocation IP address from a DHCP server in LAN network IP address Fixed set IP address of network interface ETH Subnet Mask IP address of Subnet Mask Bridged e no router is not used as a bridge default e yes router is used as a bridge Media type e Auto negation The router automatically sets the best speed and duplex mode of communication according to the network s possibilities e 100 Mbps Full Duplex The router communicate
68. ed The TCP protocol is chosen in this situation and the router will work as the server listening on the 2345 TCP port Confirm the configuration clicking the Apply button Status General Mobile WAN WiFi WiFi Scan Network DHCP IPsec DynDNS System Log Configuration LAM VRRP Mobile WAN PPPoE WiFi WLAN Backup Routes Firewall NAT OpenWPN IPsec GRE Enable expansion port 1 access over TCP UDP Baudrate 9600 FI Data Bits Bo Parity none I Stop Bits Me Split Timeout msec Protocol TCP r Mode server Server Address TEF Port 2345 Check TCP connection Keepalive Time sec Keepalive Interval sec Keepalive Probes _ Use CD as indicator of TCP connection _ Use DTR as control of TCP connection Apply Figure 93 Serial Gateway konfigurace Expansion Port 1 To communicate with the serial device PLC connect from the PC in fig 92 labeled as SCADA as a TCP client to the IP address 10 0 6 238 port 2345 public IP address of the SIM card used in the Conel router corresponding to the usbO network interface Devices can now communicate To check the connection go to System Log Status section and look for the TCP connection established message 104 Cornell mm A B amp B ELECTRONICS Company 8 RECOMMENDED LITERATURE 8 Recommended Literature 1 2 3 4 5 6 7 Conel Conel Conel Conel Conel Conel Conel Commands and Scripts for
69. ed communication speed Data Bits Number of data bits Parity Control parity bit e none will be sent without parity e even will be sent with even parity e Odd will be sent with odd parity Stop Bits Number of stop bit Split Timeout Time to rupture reports If you receive will identify the gap between two characters which is longer than the parameter value in millisec onds Then all of the received data compiled and sent the message Protocol Communication protocol e TCP communication using a linked protocol TCP e UDP communication using a unlinked protocol UDP Mode Mode of connection e TCP server router will listen to incoming requests about TCP connection e TCP client router will connect to a TCP server on the speci fied IP address and TCP port Server Address In mode TCP client it is necessary to enter the Server IP address TCP Port In both modes of connection it is necessary to specify the TCP port the router will communicate on Table 68 USB port configuration 1 When Check TCP connection selected check of the established TCP connection would be activated KE ATT Keepalive Time Time after which it will carry out verification of the connection Keepalive Interval Waiting time on answer Keepalive Probes Number of tests Table 69 USB PORT configuration 2 81 Connel um A BsB ELECTRONICS Company 4 5 CO N F U RAT O N When item Use CD as indicator of the TCP connec
70. ee ewe EE eee we eee ee bee E S 88 Added usermodule e 88 SSH remote access configuration ooa oaoa a a e e a ee ee 90 Change DIOG psr rige mr eee a ee REE E 90 Change password oaoa a e 91 Set realtime clock daanan eead aE 91 Set SMS service center address e 92 Unlock SIM card a 92 SENA OMS sesos er vcicrrrsosna torre AAA A 92 Restore configuration a e a 93 Update firmware a 93 ReEDOOls siso see Ena FALAR eee eee ee a 94 Access to the Internet from LAN topology of the example 95 Access to the Internet from LAN LAN configuration 96 Access to the Internet from LAN Mobile WAN configuration 96 Backed up access to the Internet topology of the example 97 Cornell mm A B amp B ELECTRONICS Company 85 86 8 88 89 90 91 92 93 LIST OF FIGURES Backed up access to the Internet LAN configuration 97 Backed up access to the Internet WLAN configuration 98 Backed up access to the Internet WiFi configuration 99 Backed up access to the Internet Mobile WAN configuration 99 Backed up access to the Internet Backup Routes configuration 100 Secure networks interconnection topology of the example 101 Secure networks interconnection OpenVPN configuration 102 Serial Gatew
71. ee alternative profiles It is possible to copy actual configuration to selected configuration by selecting Copy settings from current profile to selected profile Example of profiles usage Profiles can be used to switch between different modes of operation of the router router has established connection the router has not established connection and the router creates a tunnel to the service center Change of the profile can be done using a binary input SMS or Web interface of the router Change Profile Profile F Standard w E Copy settings from current profile to selected profile Figure 72 Change profile 90 Connel um A B amp B ELECTRONICS Company A 6 ADMINISTRATION 6 3 Change Password To open the dialog box for changing the access password select the Change Password menu item Password must contain only numeric and letters with at least one upper case character one lower case character at least one number and must be at least 8 characters long The new password will be saved after pressing the Apply button In basic settings of the router the password is set on root in default For the security of your network we highly recommend to change this default password Change Password Password must contain only numeric and letters with at least one upper case character one lower case character at least one number and must be at least 8 characters long New Password Confirm Password Figure 73 Ch
72. ee next subsection or Send SMS when datalimit is exceeded see SMS configuration are not selected the data limit will not count using the oldest versions of Conel routers 2 Connel um A B amp B ELECTRONICS Company 4 3 5 Switch Between SIM Cards Configuration At the bottom of configuration it is possible to set rules for switching between two APN s on the SIM card in the event that one SIM card is inserted or between two SIM cards in the event that two SIM cards are inserted CI EA Default SIM card This parameter sets default APN or SIM card from which it will try to establish the connection to mobile network If this parameter is set to none the router launches in offline mode and it is necessary to establish connection to mobile network via SMS message Backup SIM card Defines backup APN or SIM card that the router will switch the defining one of the following rules Table 22 Default and backup SIM configuration lf parameter Backup SIM card is set to none then parameters Switch to other SIM card when connection fails Switch to backup SIM card when roaming is detected and switch to default SIM card when home network is detected and Switch to backup SIM card when data limit is exceeded and switch to default SIM card when data limit isn t exceeded switch the router to off line mode CMA Description Switch to other SIM card when If connection to mobile network fails then this param connection fails eter ens
73. el 57 Connel um A BSB ELECTRONICS Company tem AA Create Enables the individual tunnels Description Displays the name of the tunnel specified in the configuration form Edit Configuration of GRE tunnel Table 41 Overview GRE tunnels GRE Tunnels Configuration Create Description 1st F z A nd ino ard no 4th no Figure 41 GRE tunnels configuration KC AAA Description Description of tunnel Remote IP Address IP address of the remote side of the tunnel Local Interface IP IP address of the local side of the tunnel Address Remote Interface IP IP address of the remote side of the tunnel Address Remote Subnet IP address of the network behind the remote side of the tunnel Remote Subnet Mask Mask of the network behind the remote side of the tunnel Multicasts Enables disables multicast e disabled multicast disabled e enabled multicast enabled Pre shared Key An optional value that defines the 32 bit shared key in numeric format through which the filtered data through the tunnel This key must be defined on both routers as same otherwise the router will drop received packets Using this key the data do not provide a tunnel through Table 42 GRE tunnel configuration O Attention GRE tunnel doesn t connect itself via NAT The changes in settings will apply after pressing the Apply button 98 Connel um A BSB ELECTRONICS Com
74. em and enter the IP Address and Period it is possible to send statistical information to the monitoring system R SeeNet CA A IP Address IP address Period Period of sending statistical information in minutes Table 53 SNMP configuration R SeeNet Every monitor value is uniquely identified by the help of number identifier O D Object Identifier For binary input and output the following range of OID is used ELA AA 1 3 6 1 4 1 30140 2 3 1 0 Binary input BINO values 0 1 1 3 6 1 4 1 30140 2 3 2 0 Binary output OUTO values 0 1 Table 54 Object identifier for binary input and output For the expansion port M BUS the following range of OID is used EA Desoription 1 3 6 1 4 1 30140 2 2 lt address gt 1 0 IdNumber meter number 1 3 6 1 4 1 30140 2 2 lt address gt 2 0 Manufacturer 1 3 6 1 4 1 80140 2 2 lt address gt 3 0 Version specified meter version 1 3 6 1 4 1 80140 2 2 lt address gt 4 0 Medium type of metered medium 1 3 6 1 4 1 30140 2 2 lt address gt 5 0 Status errors report 1 3 6 1 4 1 30140 2 2 lt address gt 6 0 O VIF value information field 1 3 6 1 4 1 30140 2 2 lt address gt 7 0 O measured value Continued on next page 67 Connel um A B amp B ELECTRONICS Company 4 CONFIGURATION Continued from previous page CA AAA 1 3 6 1 4 1 30140 2 2 lt address gt 8 0 1 VIF value information field 1 3 6 1 4 1 30140 2 2 lt address gt 9 0 1 measured value 1 3 6
75. es the IP address of the interface of opposite tunnel side Defines the time interval after which sends a message to oppo site side of tunnel for checking the existence of the tunnel Defines the time interval during which the router waits for a mes sage sent by the opposite side For proper verification of Open VPN tunnel Ping Timeout must be greater than Ping Interval Sets renegotiate period reauthorization of the OpenVPN tun nel This parameter can be set only when Authenticate Mode is set to username password or X 509 certificate After this time period router changes the tunnel encryption to ensure the con tinues safety of the tunnel Defines the maximum size of a sent packet sent data can be compressed e none no compression is used e LZO a lossless compression is used must be set on both sides of the tunnel Applies NAT rules to the OpenVPN tunnel e not applied NAT rules are not applied to the OpenVPN tunnel e applied NAT rules are applied to the OpenVPN tunnel Continued on next page 49 Connel um A B amp B ELECTRONICS Company a 4 TON FIG U RATION Continued from previous page A Desoription Authenticate Mode Sets authentication mode e none no authentication is set e Pre shared secret sets the shared key for both sides of the tunnel e Username password enables authentication using CA Certificate Username and Password e X 509 Certificate multiclient
76. f the Enable VRRP is checked then it is possible to set the following parameters AA Deseription Virtual Server IP Address This parameter sets virtual server IP address This address should be the same for both routers A connected device sends its data via this virtual address Virtual Server ID Parameter Virtual Server ID distinguishes one virtual router on the network from others Main and backup routers must use the same value for this parameter Host Priority The router with higher priority set by the parameter Host Priority is the main router According to RFC 2338 the main router has the highest possible priority 255 The backup router has priority in range 1 254 init value is 100 The priority value equals O is not allowed Table 17 VRRP configuration lt is possible to set Check connection flag in the second part of the window as a supplement of VRRP standard The currently active router main backup will send testing messages to defined Ping IP Address at periodic time intervals Ping Interval with Ping Timeout waiting for answer If there are no answers from remote devices Ping IP Address for a defined number of probes Ping Probes then connection is switched to the other line tem EA Ping IP Address Destinations IP address ping queries Address can not specify as domain name Ping Interval Time intervals between the outgoing pings Ping Timeout Time to wait to answer Ping Probes Number of failed ping
77. face UMTS mobile connection will be shown as usbO interface At the bottom there is the Route Table displayed Network Status Interfaces echo Link encap Ethernet Hlladdr O0 11 22 33 44 55 inet addr 192 168 1 1 Beast 197 168 1 255 Mask 255 255 2 55 0 UP BROADCAST BUNNING MULTICAST HTU 1500 Hetric 1l PX packets 407 errors 0 dropped 0 overruns 0 frame 0 TH packets 46l errors 0 dropped 0 overrunms 0 carrier 0 collisions O tuqueuelen 32 PX bytes 51793 150 5 HB TA bytes 321507 514 2 KB Interrupt 23 ppp Link encap Point Point Protocol inet addr 10 169 80 137 F t P 10 0 0 1 Mask 255 255 255 255 UF POINTOPOINT BUNNING NOARP MULTICAST MTU 1500 Metric 1 Ex packets 35 errors 0 dropped 0 overruns 0 frame 0 TH packets 46 errors dropped 0 overruns 0 carrier d collisions tuqueuelen 3 PX bytes 7772 7 5 EE TX bytes 8716 8 5 KB Route Table Destination Gateway Cermask Flags Metric Fef Use Iface 10 0 0 1 0 0 0 0 255 255 255 255 UH a 0 O ppp 1232 162 1 0 0 0 0 0 255 255 255 0 U a 0 O ethO 0 0 0 0 10 0 0 1 0 0 0 0 UG a 0 O pppO Figure 5 Network Status 13 Connel um A BSB ELECTRONICS Company 3 ST ATU S 3 6 DHCP Status Information about the DHCP server activity is accessible via DHCP item The DHCP server provides automatic configuration of devices connected to the network managed router DHCP server assigns IP address netmask default gateway IP address of router and DNS server IP address of router
78. firmware from the server itself The configuration and firmware are stores on the server To prevent possible manipulation of the update downloaded file tar gz format is controlled At first format of the downloaded file is checked Then there is controlled type of architecture and each file in the archive tar gz file By Enable automatic update of configuration it is possible to enable automatic configuration update and by Enable automatic update of firmware it is possible to enable firmware update CA Deseription Source In the item source can be set where new firmware download e HTTP FTP server new firmware or configuration look at address in the Base URL item e USB flash drive Router finds current firmware or configuration in the root directory of the connected USB device e Both looking for the current firmware or configuration from both sources Base URL By parameter Base URL it is possible to enter base part of the domain or IP address from which the configuration file will be downloaded Unit ID Name of configuration If the Unit ID is not filled then as the file name used the MAC address of the router The delimiter is a colon is used instead of a dot Update Hour Use this item to set the hour range 1 24 in which automatic update will be performed every day If the time is not specified automatic update is performed five minutes after turning on the router and then every 24 hours In the event of a differe
79. he Internet from LAN Secure networks interconnection or using VPN Virtal Private Network Serial Gateway connection of serial devices to the Internet Cornell um 2 ACCESS TO THE WEB CONFIGURATION 2 Access to the Web Configuration lb Attention If the SIM card with activated data traffic is not inserted in the router wireless transmissions will not work Insert the SIM card when the router is switched off For monitoring configuring and managing the router use the web interface which can be invoked by entering the IP address of the router into your browser The default IP address of the router is 192 168 1 1 and only access via secured HTTPS protocol is available That im plies the adress of the router has to be in https 192 168 1 1 syntax When accessing for the first time it will be necessary to install a security certificate To prevent the domain disagree ment message of your browser follow the procedure described in the following subchapter Configuration may be performed only by the user root with initial password root General Status General Mobile Connection Mobile WAN yas SIM Card Primary WIFI IP Address 10 0 5 218 WiFi Scan Rx Data 70 3 KB Tx Data r A EB Network E Uptime O days 7 hours 26 minutes DHCP IPsec DynDNS Primary LAN System Log More Information IP Address 10 40 28 66 255 255 252 0 Configuration MAC Address 70 66 9D 35 A3 F6 Rx Data 46 7 MB LAN
80. he type of router activ ity or the properties area Mobile Connection Primary LAN Secondary LAN Peripherals Ports and System Information If your router is equipped with WIFI module there is also WIFI section 3 1 1 Mobile Connection KC Description SIM Card Identification of the SIM card Primary or Secondary Interface Defines the interface Flags Displays network interface flags IP Address IP address of the interface MTU Maximum packet size that the equipment is able to transmit Rx Data Total number of received bytes Rx Packets Received packets Rx Errors Erroneous received packets Rx Dropped Dropped received packets Rx Overruns Lost received packets because of overload Tx Data Total number of sent bytes Tx Packets Sent packets Tx Errors Erroneous sent packets Tx Dropped Dropped sent packets Tx Overruns Uptime Lost sent packets because of overload Indicates how long the connection to mob network is established Table 1 Mobile Connection 3 1 2 Primary LAN Secondary LAN WiFi Items displayed in this part have the same meaning as items in the previous part More over the MAC Address item shows the MAC address of the corresponding router s interface Primary LAN eth0 Secondary LAN eth1 Visible information depends on configuration see 4 1 or 4 5 Connel um A BSB ELECTRONICS Company ye 3 STATU S 3 1 3 Peripheral Ports KC Description a Expansion Port 1 Expansion port fitted to
81. ilities 16 PIKSA RC 0x000c HT capabilities Capabilities OxOc HT20 5M Power Save disabled No EX SIBC Max AMSDU length 3839 bytes No DS55 0CK HT40 Maximum RX AMPDO length 65535 bytes exponent 0x003 Minimum EX AMPDO time spacing 2 usec 0x04 HT RX MCS rate indexes supported 0 7 32 TX unequal modulation not supported HT TX Max spatial streams 1 HT TX MCS rate indexes supported may differ HI operation primary channel amp secondary channel offset no secondary STA channel width 20 MAz RIFS 0 HT protection non HI mixed non GF present 1 OBSS non GF present O dual beacon dual CIS protection SIBC beacon 0 L SIG TXOP Prot O PCO active O PCO phase O Parameter version 1 BE CW 15 1023 AIFSN 3 BK CW 15 1023 AIFSN 7 VI CW 7 15 AIFSN 2 TXOP 3008 usec VO CW 3 7 AIFSN 2 TXOP 1504 usec E E E E E E E E Figure 4 WiFi Scan 11 Connel um A B amp B ELECTRONICS Company 3 ST ATU S 3 5 Network Status To view system information about the router operation select the Network item in the Sta tus menu The upper part of the window displays detailed information about active interfaces interface Description etho eth1 Network interfaces ethernet connection wlan0O WiFi interface pppO Interface active connection to GPRS EDGE tunO OpenVPN tunnel interface lpsecO IPSec tunnel interface gre GRE tunnel interface usbO USB interface active UMTS connection Ta
82. ing module The current module configura tion is kept in same state Programming and compiling of modules are described in the programming guide User Modules SERIAL2TCP 1 0 1 2013 11 12 Sierra Wireless Updater 1 0 0 2014 09 16 New Module Proch zet Add or Update Figure 70 Added user module There are for example these user s modules available User modules can be downloaded from web pages www conel cz or can be custom programmed MODBUS TCP2RTU Provides a conversion of MODBUS TCP IP protocol to MDBUS RTU protocol which can be operated on the serial line Easy VPN client Provides secure connection of LAN network behind our router with LAN network behind CISCO router NMAP Allows to do TCP and UDP scan Continued on next page 88 Connel um A B amp B ELECTRONICS Company l y D CUSTOM IZATION Continued from previous page Daily Reboot Allows to perform daily reboot of the router at the specified time HTTP Authentication Adds the process of authentication to a server that doesn t pro vide this service BGP RIP OSPF Add support of dynamic protocols PIM SM Adds support of multicast routing protocol PIM SM WMBUS Concentrator Allows to receive messages from WMBUS meters and saves contents of these messages to XML file pduSMS Sends short messages SMS to specified number GPS Allows router to provide location and time information in all weather anywhere on or near the Earth where there is an
83. ion can be called up by option DynDNS item in the menu In the window can be defined a third order domain registered on server www dyndns org ltem Description Hostname Third order domain registered on server www dyndns org Username Username for login to DynDNS server Password Password for login to DynDNS server Server If you want to use another DynDNS service than www dyndns org then enter the update server service to this item If this item is left blank it uses the default server members dyndns org Table 48 DynDNS configuration Example of the DynDNS client configuration with domain conel dyndns org DynDNS Configuration W Enable DynDNS client Hostname conel dyndns org Username conel Password conel Server can be blank Figure 48 Example of DynDNS configuration 64 Connel um A B amp B ELECTRONICS Company gt 4 z CO N F e U RAT O N 4 16 NTP Client Configuration NTP client Configuration can be called up by option NTP item in the menu NTP Network Time Protocol allows set the exact time to the router from the servers which provide the exact time on the network By parameter Enable local NTP service router is set to a mode in which it operates as an NTP server for other devices in the LAN behind the router By parameter Enable local NTP service it is possible to set the router in mode that it can serve as NIP server for other devices CA Description Primary NTP
84. l Min Signal Avg Signal Max Cells Availability Rx Data Tx Data Connections Rx Data Tx Data Connections Mobile Network Statistics Last Week This Period Last Period 121 dBm 121 dBm 121 dBm 69 dBm 70 dBm 5 dBm 63 dBm 63 dBm 58 dBm 206 730 962 99 75 99 75 97 5 Traffic Statistics for Primary SIM card Last Week This Period Last Period 6366 KB 25768 KB 18868 KB 3382 KB 8549 KB 3726 KB 36 56 49 Traffic Statistics for Secondary SIM card Yesterday 0 KB 0 KB 0 Mobile Network Connection Log 2013 07 10 11 52 40 Connection successfully established 2013 07 10 21 17 21 Terminated by signal 2013 07 10 21 18 01 Connection successfully established 2013 07 11 08 39 20 Terminated by signal 2013 07 11 08 40 01 Connection successfully established 2013 07 11 09 22 24 Terminated by signal 2013 07 11 09 23 08 Connection successfully established Figure 2 Mobile WAN status 3 STATUS Connel um A B amp B ELECTRONICS Company 3 STATUS 3 3 WIFI This item is available only if the router is equipped with a WiFi module After selecting the WiFi item in the main menu of the web interface information about WiFi access point AP and associated stations is displayed KAMA AA hostapd state dump Time the statistical data relates to num_sta Number of connected stations num_sta_non_erp Number of connected stations using 802 11b in 802 11g BSS connection num_sta_no_short_slot time Number of station
85. led second attempt made after 30 minutes Third after 50 minutes 30 20 Fourth after 70 minutes 30 20 20 4 3 6 PPPoE Bridge Mode Configuration lf the Enable PPPoE bridge mode option selected it activate the PPPoE bridge protocol PPPoE point to point over ethernet is a network protocol for encapsulating Point to Point Protocol PPP frames inside Ethernet frames Allows you to create a PPPoE connection from the device behind router For example from PC which is connected to ETH port router There will be allot Ip address of SIM card to PC The changes in settings will apply after pressing the Apply button 29 E no Cornell um A B amp B ELECTRONICS Company e 4 CONFIGURATION Mobile WAN Configuration Create connection to mobile network Primary SIM card Secondary SIM card Username Password Authentication IP Address Phone Number Operator MTU Jones DNS Settings get from operator get from operator DNS Server AA A The feature of check connection to mobile network is necessary for uninterrupted operation Check Connection disabled 7 disabled T Ping IP Address 99 98 97 96 Do Enable traffic monitoring Data Limit Warning Threshold Accounting Start Default SIM card Backup SIM card primary Switch to other SIM card when connection fails O Switch to backup SIM card when roaming is detected and switch to default SIM card when home network is detected O Switch t
86. logy of example L2TP tunnel configuration 61 PPTP tunnel configuration a 62 Topology of example PPTP tunnel configuration 63 Example of DynDNS configuration 0 000000 64 Example of NTP configuration 0 00000 cee eee 65 Example of the MIB browser 2 2 2 69 Example of SNMP configuration 0 0 00002 69 SMTP configuration cs ee idaehague wed a a 70 Example 1 SMS configuration o e 75 Example 2 SMS configuration 02 eee eee ee 75 Example 3 SMS configuration eee eee eee 76 Example 4 SMS configuration e 76 Expansion port configuration ee 79 Example 1 expansion port configuration o a a 79 Example 2 expansion port configuration o e e e a 80 USB configuration 82 Example 1 USB port configuration 83 Example 2 USB port configuration 83 AUD ECPI e au Exc Ghee deepens eee eee ee ees wea ee GS 84 Example of Startup SCP s is ressas ee 84 UP DOWN SOND e 4 24 464 4 4 ee Go ee ow ode eee eae See eS wD 85 Example of Up Down script a a o 85 Example of automatic update1 0 000002 eee 87 Example of automatic update 2 a ee ee 87 USCrIMOGUICS 2 844 e
87. ls Configuration window are four rows each row for one configured one IPsec tunnel KC A Create This item enables the individual tunnels Description The name of the tunnel specified in the configuration of the tunnel Edit Configuration IPsec tunnel Table 38 Overview IPsec tunnels IPsec Tunnels Configuration Create Description no no e AS Ho LA o BS E Figure 38 IPsec tunnels configuration KC Description Description Name description of the tunnel Remote IP Address IP address of remote side of the tunnel Domain name possible Remote ID Identifier ID of remote side of the tunnel It consists of two parts hostname and domain name more information under the table Remote Subnet IP address of a network behind remote side of the tunnel Remote Subnet Mask Subnet mask of a network behind remote side of the tunnel Local ID Identifier ID of local side of the tunnel It consists of two parts hostname and domain name more information under the table Local Subnet IP address of a local network Local subnet mask Subnet mask of a local network Encapsulation Mode IPsec mode the method of encapsulation choose tunnel en tire IP datagram is encapsulated or transport only IP header NAT traversal lf address translation is used between two end points of the tun nel it needs to enable NAT Traversal Continued on next page 93
88. lt route only if Create connection to mobile network option is not checked on the Mobile WAN page alternatively if Create PPPoE connection option is not checked on the PPPoE page To select the Primary LAN it is also necessary not to be entered P address for Secondary LAN and must not be enabled DHCP Client for Secondary LAN AC A Priority Priority for the type of connection Ping IP Address Destination IP address of ping queries to check the connection address can not be specified as a domain name Ping Interval The time intervals between sent ping queries Table 29 Backup Routes All changes in settings will be applied after pressing the Apply button 4 8 Firewall Configuration The first security element which incoming packets must pass is check of enabled source IP addresses and destination ports lt can be specified IP addresses from which you can remotely access the router and the internal network connected behind a router If the Enable filtering of incoming packets item is checked located at the beginning of the configuration form Firewall this element is enabled and accessibility is checked against the table with IP addresses This means that access is permitted only addresses specified in the table It is possible to define up to eight remote accesses There are the following parameters 40 Connel um A BSB ELECTRONICS Company KC Description Source IP address from which access to the router is allowed
89. mum value of this pa rameter is 60s The maximum value is 86400 s Lifetime key service part of tunnel The minimum value of this parameter is 60s The maximum value is 86400 s Specifies how long before connection expiry should attempt to negotiate a replacement begin Maximum value must be less than half of IKE and Key Lifetime parameters Percentage extension of Rekay Margin time Time after which the IPsec tunnel functionality is tested The period during which device waits for a response Continued on next page 94 Connel um A B amp B ELECTRONICS Company n 4 TON FIG U RATION Continued from previous page A Description Authenticate Mode Using this parameter can be set authentication e Pre shared key sets the shared key for both sides of the tunnel e X 509 Certificate allows X 509 authentication in multi client mode Pre shared Key Shared key for both sides for Pre shared key authentication CA Certificate Certificate for X 509 authentication Remote Certificate Certificate for X 509 authentication Local Certificate Certificate for X 509 authentication Local Private Key Private key for X 509 authentication Local Passphrase Passphrase for X 509 authentication Extra Options Use this parameter to define additional parameters of the IPsec tunnel for example secure parameters etc Table 39 IPsec tunnel configuration IPsec supports the following types of identifiers ID of both tunnel sides Remo
90. n Network aa a DHCP Remote IP Address 10 0 6 239 IPsec Remote Subnet 110 40 28 0 ae Remote Subnet Mask 255 255 252 0 System Log Redirect Gateway no o T Configuration Local Interface IP Address 100 100 100 2 LAN Remote Interface IP Address 100 100 100 1 VRRP Ping Interval 10 sec Mobile WAN Ping Timeout 30 SEC PPPOE WiFi Renegotiate Interval sec WLAN Max Fragment Size bytes Backup Routes Compression LZO Firewall NAT Rules not applied v ALA M OpenVPN Authenticate Mode pre shared secret a Pre shared Secret 2048 bit OpenVPN static key ll Figure 91 Secure networks interconnection OpenVPN configuration In the Status section Network item you can verify the activated network interface tunO for the tunnel with the IP addresses of the tunnel s ends set Successful connection can be verified in the System Log where Initialization Sequence Completed should be written out Networks are now interconnected it can be verified by the ping program also ping between tunnel s endpoints IP addresses from one of the routers console is accessible via SSH 102 Cornell um 7 CONFIGURATION IN TYPICAL SITUATIONS 7 4 Serial Gateway Mobile Conel router network Router 9 usbO 10 0 6 238 RS232 RS485 amp Router Wireless connection PLC ETH SCADA a LAN Cable connection Figure 92 Serial Gateway
91. n Update Hour can be blank Figure 67 Example of automatic update 1 The following examples find if there is a new firmware or configuration each day at 1 00 in the morning An example is given on the type of router SPECTRE v3 LTE with MAC address 00 11 22 33 44 55 e Firmware http router cz spectre v3 lte bin e Configuration file http router cz 00 11 22 33 44 55 cfg Automatic Update Enable automatic update of configuration Enable automatic update of firmware Source HTTPS FTP server hos Base URL can be blank Figure 68 Example of automatic update 2 87 Connel um A BSB ELECTRONICS Company 5 a C U STOM IZATION 5 Customization 5 1 User Modules Configuration of user modules can be accessed by selecting the User Modules item lt is possible to add new modules delete them or switch to their configuration Use the Browse button to select the user module compiled module has tgz extension The module is added using the Add button User Modules No user modules installed New Module Proch zet Add or Update Figure 69 User modules Added module appears in the list of modules on the same page If the module contains index html or index cgi page module name serves as a link to this page The module can be deleted using the Delete button Updating of the module can be done in the same way like adding a new module Module with a higher newer version will replace the exist
92. nel configuration aoao e a 61 PPTP tunnel configuration a o oo a a a 62 Example PPTP tunel configuration aooaa a e 63 DynDNS configuration aooaa 64 NTP configuration 65 SNMP agent configuration a 66 SNMPv3 configuration 66 SNMP configuration MBUS extension 67 SNMP configuration R SeeNet 67 Object identifier for binary input and output 67 Object identifier for M BUS port 2 2 2 0 2 2 ee ee ee ee 68 SMTP client configuration 70 Send SMS configuration e e 71 Control via SMS configuration ee 72 CONMOLOMS aser 44 ORS Ee ee eee EE eee ES He bees 72 Send SMS on serial PORT1 configuration 004 73 Send SMS on serial PORT2 configuration 0004 73 Send SMS on ethernet PORT1 configuration 0 73 List of AT COMMANGS cisco ases LEG E A 74 Expansion Port configuration serial interface 77 Expansion Port configuration Check TCP connection 78 CD signal description 2 a a a a 78 DTR signaldescription 2 78 USB portconfiguration1 2 0 00 eee ee ee ee 81 USB PORT configuration2 0 000 e 81 CD signal description 2 a a a a a 82 DTR signal description o 82 Automatic update configuration ao ao o
93. ng SMS are processed and deleted In the default settings this parameter is turned on Phone Number 3 This control can be configured for up to three numbers If is set Enable remote control via SMS all incoming SMS are processed and deleted In the default settings this parameter is turned on Table 58 Control via SMS configuration e If no phone number is filled in then it is possible to restart the router with the help of SMS in the form of reboot from any phone number While filling up one two or three numbers it is possible to control the router with the help of an SMS sent only from these numbers While filling up sign x it is possible to control the router with the help of an SMS sent from any number Control SMS message doesn t change the router s configuration If the router is switched to offline mode by the SMS message the router will be in this mode up to next restart This behavior is the same for all control SMS messages It is possible to send controls SMS in the form EXA AA go online sim 1 Switch to SIM1 card go online sim 2 Switch to SIM2 card go online Switch router in online mode go offline connection termination set out0 0 Set output I O connector on 0 set out0 1 Set output I O connector on 1 set profile std Set standard profile set profile alt1 Set alternative profile 1 set profile alt2 Set alternative profile 2 set profile alt3 Set alternative profile 3 reboot Router reboot get ip Router send answer with
94. nnel 1 BW 40 MHz WMM Authentication open Encryption none WEP Key Type ASCIL WEP Default Key E WEP Key 1 WEP Key 2 WEP Key 3 WEP Key 4 WPA PSK Type 256 bit secret WPA PSK Access List disabled Accept Deny List Syslog Level informational Extra options can be blank Figure 25 WiFi configuration 36 Connel um A B amp B ELECTRONICS Company 4 CONFIGURATION 4 6 WLAN Configuration This item is available only if the router is equipped with a WiFi module The form for configuration of WiFi network and DHCP server functioning on this network can be invoked by pressing the WLAN item in the main menu of the router web interface Enable WLAN interface check box at the top of this form is used to activate WIFi LAN interface lt is also possible to set the following properties CA AA Operating Mode DHCP Client IP Address Subnet Mask Bridged Default Gateway DNS Server WiFi operating mode e access point AP router becomes an access point to which other devices in station STA mode can be connected e station STA router becomes a client station it means that receives data packets from the available access point AP and sends data from cable connection via wifi network Activates deactivates DHCP client Fixed set IP address of WiFi network interface Subnet mask of WiFi network interface Activates bridge mode e no Bridged mode is not allowed it s default
95. nt configuration at the specified URL router downloads this configuration and restarts itself Table 72 Automatic update configuration The configuration file name is from parameter Base URL hardware MAC address of ETHO interface and cfg extension Hardware MAC address and cfg extension is connected automat ically and it isn t needed to enter this By parameter Unit ID enabled it defines the concrete configuration name which will be download to the router When using parameter Unit ID hardware MAC address in configuration name will not be used The firmware file name is from parameter Base URL type of router and bin extension 86 Connel um A BSB ELECTRONICS Company FR 4 CONFIGURATION aD It is necessary to load two files bin and ver to the HTTP FTP server If there is uploaded only the bin file and the HTTP server send wrong answer 200 OK instead of expected 404 Not Found when the device try to download the nonexistent ver file then there is a high risk that the router will download the bin file over and over again The following examples find if there is a new firmware or configuration each day at 1 00 in the morning An example is given on the type of router SPECTRE v3 LTE e Firmware http router cz spectre v3 lte bin e Configuration file http router cz temelin cfg Automatic Update Enable automatic update of configuration Enable automatic update of firmware Base URL router cz Unit ID temeli
96. o backup SIM card when data limit is exceeded and switch to default SIM card when data limit isn t exceeded O Switch to backup SIM card when binary input is active and switch to default SIM card when binary input isn t active Switch to default SIM card after timeout Subsequent Timeout mir O Enable PPPoE bridge mode can be blank Figure 20 Mobile WAN configuration 30 Connel um A B amp B ELECTRONICS Company i a 4 TON F U RATION Example 1 The figure below describes the situation when the connection to mobile network is controlled on the address 8 8 8 8 in the time interval of 60 s for primary SIM card and on the address www google com in the time interval 80 s for secondary SIM card In the case of traffic on the router the control pings are not sent but the traffic is monitored The feature of check connection to mobile network is necessary for uninterrupted operation Check Connection enabled enabled v Ping IP Address 8 6 9 8 www google com Enable traffic monitoring Figure 21 Example 1 Mobile WAN configuration Example 2 The following configuration illustrates the situation in which the router switches to a backup SIM card after exceeding the data limits of 800 MB Warning SMS is sent upon reaching 400 MB The start of accounting period is set to the 18th day of the month Data Limit Warning Threshold Accounting Start Default SIM card primary Backup SIM card secondar
97. oming packets to this IP addresses Table 33 Configuration of send all incoming packets 44 Connel um A BSB ELECTRONICS Company FR 4 CONFIGURATION Enable the following options and enter the port number is allowed remote access to the rou ter from PPP interface EA Desoription Enable remote HTTPS access on port Ifthis item field and port number is filled in then configuration of the router over web interface is possible disabled in default configuration Enable remote FTP access on port Choice this item and port number makes it pos sible to access over FTP disabled in default configuration Enable remote SSH access on port Choice this item and port number makes it pos sible to access over SSH disabled in default configuration Enable remote SNMP access on port Choice this item and port number makes it pos sible to access to SNMP agent disabled in de fault configuration Masquerade outgoing packets Choice Masquerade alternative name for the NAT system item option turns the system ad dress translation NAT Table 34 Remote access configuration Example 1 Configuration with one connection equipment on the router a 162 209 13 222 pppO 10 0 0 1 ethO 192 168 1 1 IP 192 168 1 2 Default gateway 192 168 1 1 Figure 31 Example 1 Topology of NAT configuration 45 Connel um A B amp B ELECTRONICS Company 4 z CO N F U RATIO N NAT Configuration Publi
98. on iv Enable VRRP Virtual Server IP Address 192 168 1 1 Virtual Server ID 5 Host Priority 1100 Check connection Ping IP Address 10 013 Ping Interval 10 sec Ping Timout 5 sec Ping Probes 1 0 O Enable traffic monitoring Apply Figure 19 Example VRRP configuration backup router 24 Connel um A B amp B ELECTRONICS Company l 4 CO N E G U RAT O N 4 3 Mobile WAN Configuration Configuration of a connection to the mobile network can be invoked by selecting the Mobile WAN item in the Configuration menu section 4 3 1 Connection to Mobile Network If the Create connection to mobile network item is selected the router automatically tries to establish connection after switching on Following items can be set up for every SIM card separately or as two separate APNs to switch one SIM card between CA Description APN Network identifier Access Point Name Username User name to log into the GSM network Password Password to log into the GSM network Authentication Authentication protocol in GSM network e PAP or CHAP authentication method is chosen by router e PAP it is used PAP authentication method e CHAP it is used CHAP authentication method IP Address IP address of SIM card The user sets the IP address only in the case IP address was assigned of the operator Phone Number Telephone number to dial GPRS or CSD connection Router as a de
99. on to enabled bind and fillin an IP adress of e g operator s DNS server or any other surely available server and time interval of the check For detailed configuration see chapter 4 3 1 98 Cornell um A BSB ELECTRONICS Company 7 CONFIGURATION IN TYPICAL SITUATIONS Status General li Enable WiFi Mobile WAN Operating Mode station STA ma SSID WiFiNetwork WIFI Scan E E Broadcast SSID enabled 7 Network E DHCP Probe Hidden SSID LJ DynDNS HW Mode IEEE 802 11b Configuration BW 40 MHz WMM ran Authentication WPA2 PSK J WRRP E Enc on AES T Mobile WAN Les ae WEP Key Type ASCII WEP Default Key 1 7 e wekea DT NAT OpenVPN WEP Key 4 ss IPsec WPA PSK Type ASCII passphrase GRE mir Password A WPA PSK Figure 87 Backed up access to the Internet WiFi configuration General W Create connection to mobile network Mobile WAN Primary SIM card Secondary SIM card sen o ES o WIFI Scan Username E INE Network DHCP Password f IPsec DynDNS System Log Configuration Authentication IP Address Phone Number Operator Network Type automatic selection r automatic selection r PIN PEC MRU oo e Tome MTU o e mes DNS Settings get from operator T get from operator T Backup Routes SSD PBpspss DNS Server NAT OpenVPN IPsec GRE L2TP META Figure 88 Backed up access to the Internet The feature of check connection
100. ote Subnet Mask The mask of the network behind the remote side of the tunnel Username Username for login to PPTP tunnel Password Password for login to PPTP tunnel Table 46 PPTP tunnel configuration The changes in settings will apply after pressing the Apply button PPTP Tunnel Configuration E Create PPTP tunnel Mode PPTP client Server IP Address Local IP Address Remote IP Address Remote Subnet Remote Subnet Mask Username Password can be blank Figure 46 PPTP tunnel configuration D Firmware also supports PPTP passthrough which means that it is possible to create a tunnel through router 62 Connel um A B amp B ELECTRONICS Company am 4 CONFIGURATION Example of the PPTP Tunnel configuration Router A pppO 10 0 0 1 192 168 1 1 Router B pppO 10 0 0 2 192 168 2 1 o Default Gateway 192 168 1 1 Default Gateway 192 168 2 1 soe Figure 47 Topology of example PPTP tunnel configuration Configuration of the PPTP tunnel Configuration E CO Mode PPTP Server PPTP Client Server IP Address 10 0 0 1 Local IP Address 192 168 1 1 Remote IP Address Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Username username username Password password password Table 47 Example PPTP tunel configuration 63 Connel um A B amp B ELECTRONICS Company Eaa 4 CONFIGURATION 4 15 DynDNS Client Configuration DynDNS client Configurat
101. pany 3 4 s CO N F U RAT O N GRE Tunnel Configuration C Create ist GRE tunnel Description Remote IP Address Remote Subnet Remote Subnet Mask Local Interface IP Address E Remote Interface IP Address Multicasts disabled Pre shared Key can be blank Figure 42 GRE tunnel configuration Example of the GRE Tunnel configuration Router A pppO 10 0 0 1 ethO 192 168 1 1 Router B pppO 10 0 0 2 ethO 192 168 2 1 192 168 2 4 192 168 1 4 Default Gateway 192 168 1 1 Default Gateway 192 168 2 1 Figure 43 Topology of GRE tunnel configuration GRE tunnel configuration Configuration EN B Remote IP Address 10 0 0 2 10 0 0 1 Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Table 43 Example GRE tunnel configuration O Examples of different options for configuration of GRE tunnel can be found in the applica tion note GRE Tunnel 7 59 Connel um A BSB ELECTRONICS Company 4 CONFIGURATION e 4 13 L2TP Tunnel Configuration O L2TP is an unencrypted protocol To enter the L2TP tunnels configuration select the L2TP menu item L2TP tunnel allows protected connection by password of two networks LAN to the one which it looks like one homogenous The tunnels are active after selecting Create L2TP tunnel CL E Mode L2TP tunnel mode on the router
102. password must be changed If the router s default password is set the Change password item is highlighted in red After green LED starts to blink it is possible to restore initial settings of the router by press ing button RST on back panel If RST button pressed configuration would restore to default and the router would reboot green LED would be on 2 1 Preventing the domain disagreement message Since the domain name in the certificate is the given MAC address of the router it is necessary to access the router via this domain name use dash separators instead of colons To enable this add a DNS record in your DNS system e Edit etc hosts Linux Unix OS e Edit C WINDOWS system32 drivers etc hosts Windows OS e Configure your own DNS server To access the router with MAC address 00 11 22 33 44 55 securely type the address https 00 11 22 33 44 55 in the web browser When accessing for the first time it will be necessary to install a security certificate If using self signed certificate the files https cert and https key has to be uploaded into etc certs directory of the router Connel um A BSB ELECTRONICS Company 3 STATUS E 3 Status 3 1 General Status A summary of basic information about the router and its activities can be invoked by se lecting the General item This page is also displayed when you login to the web interface Information is divided into a several of separate blocks according to t
103. protocol Target Port The port number on which access to the router is allowed Continued on next page 41 Connel um A BSB ELECTRONICS Company 4 CONFIGURATION Continued from previous page CA EA Action Type of action e allow access is allowed e deny access is denied Table 31 Forwarding filtering There is also the possibility to drop a packet whenever request for service which is not in the router comes check box named Enable filtering of locally destinated packets The packet is dropped automatically without any information As a protection against DoS attacks this means attacks during which the target system is flooded with plenty of meaningless requirements is used option named Enable protection against DoS attacks which limits the number of connections per second for five Firewall Configuration _ Enable filtering of incoming packets Source Protocol Target Port Action alo Y allow w IP RE CS all allow all 7 allow Y Tr 7 all allow FE i tz 7 all allow all allow 71 Tex E y E all allow
104. r WPA PSK authentication This key must be entered accord ing to the selected WPA PSK type as follows e 256 bit secret 64 hexadecimal digits e ASCII passphrase from 8 to 63 characterswhich are subse quently converted into PSK e PSK File absolute path to the file containing the list of pairs PSK key MAC address Access List Determines a manner of Access Deny list application e Disabled Access Deny list is not used e Accept Only items mentioned in the Access Deny list have access to the network e Deny Items mentioned in the Access Deny list do not have access to the network Accept Deny List Accept or Denny list of client MAC addresses that set network ac cess Each MAC address is separated by new line Continued on next page 35 Connel um A B amp B ELECTRONICS Company 4 CONFIGURATION Continued from previous page CA Deseription Syslog Level Communicativeness level when system writes to the system log e Verbose debugging the highest level of communicativeness Debugging Informational default level of communicativeness which is used for writing standard events Notification Warning the lowest level of communicativeness Extra options Allows user to define additional parameters Table 26 WiFi configuration WiFi Configuration J Enable WiFi Operating Mode access point AP SSID Broadcast SSID enabled Country Code HW Mode IEEE 802 11b Cha
105. requests after which the route is considered to be impassable Table 18 Check connection As a ping IP address it is possible to use for example a DNS server of mobile operator as a test message ping IP address There s an additional way for evaluating the state of the active line lt is activated by select ing Enable traffic monitoring parameter If this parameter is set and any packet different from ping is sent to the monitored line then any answer to this packet is expected for Ping Timeout lf Ping Timeout expires with no answer received then process of testing the active line contin 23 Connel um A B amp B ELECTRONICS Company am 4 CONFIGURATION ues the same way like in the case of standard testing process after first test message answer drops out Example Configuration of the VRRP protocol Main router Virtual server ID 5 Host priority 255 o eee uy a Em tal 192 168 1 2 Backup router Y Virtual server ID 5 192 168 1 3 Host priority 100 Figure 17 Topology of example VRRP configuration YRRP Configuration Enable VRRP Virtual Server IP Address 192 168 1 1 Virtual Server ID 5 a ae o Host Priority 255 Check connection Ping IP Address 10 0 1 3 Ping Interval 10 sec Ping Timout 5 sec Ping Probes 10 O Enable traffic monitoring Figure 18 Example VRRP configuration main router RRP Configurati
106. rnet from LAN Mobile Conel router network Router usbO IP from operator 5 O e etho EM ps 192 168 1 1 A N ETH q Cable connection Wireless connection Figure 81 Access to the Internet from LAN topology of the example There is topology of this easy example shown on the fig 81 To connect to the Internet via mobile network the SIM card with the data tariff has to be available from the operator This basic router s function does not need any configuration in this case lt is sufficient to put the SIM card into the SIM1 slot Primary SIM card attach the antenna to the ANT connector and connect the computer or switch and computers to the router s ETHO interface LAN Wait a moment after turning on the router lt will connect to the mobile network and the Internet signalized by LEDs on the front panel of the router WAN and DAT Additional configuration can be done in the LAN and Mobile WAN items in the Configuration section of the web interface LAN configuration The factory default IP adress of the ethO router s interface is 192 168 1 1 This can be changed after login to the router in the LAN item in the Configuration section see fig 82 In this case there is no need of any additional configuration DHCP server is also enabled by factory default so the first connected computer will get the 192 168 1 2 IP address etc Other configuration possibilities are described in the chapter 4 1
107. s at 100Mbps in the full duplex mode e 100 Mbps Half Duplex The router communicates at 100Mbps in the half duplex mode e 10 Mbps Full Duplex The router communicates at 10Mbps in the full duplex mode e 10 Mbps Half Duplex The router communicates at 10Mbps in the half duplex mode Default Gateway IP address of router default gateway If filled in all packets not fitting the route table rules would have been sent to this adress DNS server IP address of DNS server of the router All the DNS queries are for warded to this address Table 14 Configuration of the Network Interface 18 Connel um A B amp B ELECTRONICS Company a 4 TON FIG U RATION Default Gateway and DNS Server items are used only if the DHCP Client item is set to disabled and if the Primary or Secondary LAN is selected by Backup routes system as a default route selection algorithm is described in section 4 7 Backup Routes There can be only one active bridge on the router at the moment Only DHCP Client IP Address and Subnet Mask parameters are used to configure the bridge Primary LAN has got higher priority in this respect when both interfaces ethO eth1 are added to the bridge Other interfaces wlan0 wifi can be added or deleted to from existing bridge at any moment Moreover the bridge can be created on demand of such interfaces but not configured by their respective parameters DHCP server assigns IP address gateway IP ad
108. s not supporting the Short Slot Time num sta no short preamble Number of stations not supporting the Short Preamble Table 8 State Information about Access Point More detailed information is displayed for each connected client Most of them has an internal character let us mention only the following CA EE STA MAC address of connected device station AID Identifier of connected device 1 2007 If O is displayed the station is not currently connected Table 9 State Information about Connected Clients WiFi Status WiFi AP Status hostapd state dump Mon Apr 7 12 49 50 2014 num sta 1 num sta non erp 0 num sta no short slot time 1 num sta no short preamble 0 SIA 20 02 af 2a 8f b1 AID 1 flags 0xa3 AUTH ASS0C AUTHORIZED SHORT PREAMBLE capability 0x21 listen interval 10 supported rates 82 84 Ob 16 timeout_next NULLFUNC POLL Figure 3 WiFi Status pzz Connel um A BSB ELECTRONICS Company 3 STATUS 3 4 WiFi Scan db This item is available only if the router is equipped with a WiFi module After selecting the WiFi Scan item in the menu of the web interface scanning of neigh bouring WiFi networks and subsequent printing of results are invoked Scanning can be per formed only if the access point WiFi AP is off tem AA BSS MAC address of access point AP TSF A Timing Synchronization Function TSF keeps the timers for all stations in the same Basic Service Set BSS synchronized All
109. slot and 101 Cornell um A BSB ELECTRONICS Company 7 CONFIGURATION IN TYPICAL SITUATIONS attaching the antenna to the ANT connector configuration is accessible in the Configuration section the Mobile WAN item see chapter 4 3 1 where mobile connection has to be enabled OpenVPN configuration is accessible in the Configuration section in the OpenVPN item Choose one of two possible tunnels and enable it checking the Create 1st OpenVPN tunnel see fig 91 It s necessary to fill in the protocol and port according to the data about opposite side of the tunnel or Open VPN server Fill in the public IP address of the opposite side of the tunnel including the remote subnet and mask not necessary Important items are Local and Remote Interface IP Address where the interfaces of the tunnel s ends has to be filled in In this situation the pre shared secret was know so choose this option in the Authentication Mode item and insert the secret key into the field Confirm the configuration clicking the Apply button For detailed configuration see chapter 4 10 or Application Note 5 General Create ist OpenVPN tunnel Mobile WAN Description imyTunnel isto Protocol UDF WIFI Sca
110. ssible via Ex pansion Port 1 item and configuration of RS485 422 via Expansion Port 2 item The SWITCH expansion port 3x Ethernet can be configured in the LAN item Tertiary LAN column see chapter 4 1 In the upper part of the configuration window the port can be enabled and type of the connected port is shown in the Port Type item Other items are described in the following table item Description Baudrate Applied communication speed Data Bits Number of data bits Parity Control parity bit e none will be sent without parity e even will be sent with even parity e odd will be sent with odd parity Stop Bits Number of stop bit Split Timeout Time to rupture reports If you receive will identify the gap between two characters which is longer than the parameter value in milliseconds Then all of the received data compiled and sent the message Protocol Protocol e TCP communication using a linked protocol TCP e UDP communication using a unlinked protocol UDP Mode Mode of connection e TCP server router will listen to incoming requests about TCP connection e TCP client router will connect to a TCP server on the specified IP address and TCP port Server Address In mode TCP client it is necessary to enter the Server IP address TCP Port In both modes of connection it is necessary to specify the TCP port the router will communicate on Table 64 Expansion Port configuration serial interface 1
111. te ID and Local ID items e IP address e g 192 168 1 1 e DN e g C CZ O Conel OU TP CN A e FQDN e g director conel cz in front of FQDN must always be e User FQDN e g director conel cz D The certificates and private keys have to be in PEM format As certificate it is possible to use only certificate which has start and stop tag certificate Random time the new keys are re exchanged after is defined this way Lifetime Rekey margin random value in range from 0 to Rekey margin Rekey Fuzz 100 By default the repeated exchange of keys held in the time range e Minimal time 1h 9m 9m 42m e Maximal time 1h 9m Om 51m When setting the times for key exchange is recommended to leave the default setting in which tunnel has guaranteed security When set higher time tunnel has smaller operating costs and smaller the safety Conversely reducing the time tunnel has higher operating costs and higher safety of the tunnel The changes in settings will apply after pressing the Apply button 55 Create 1st IPsec tunnel Description Remote IP Address Remote ID Remote Subnet Remote Subnet Mask Local ID Local Subnet Local Subnet Mask Encapsulation Mode NAT Traversal IKE Mode IKE Algorithm IKE Encryption IKE Hash IKE DH Group ESP Algorithm ESP Encryption ESP Hash PFS PFS DH Group Key Lifetime IKE Lifetime Rekey Margin Rekey Fuzz DPD Delay DPD Timeout A
112. tion on the fig 84 its necessary to configure all the connections to the Internet in items LAN for Ethernet WLAN and WiFi for WiFi connection and Mobile WAN for mobile connection Then itis possible to configure the priorities of backup routes in the Backup Routes item Status Primary LAN DHCP Client disabled IP Address Subnet Mask General Mobile WAN WiFi WiFi Scan Network DHCP IPsec DynDNS System Log Bridged no Media Type auto negotiation Default Gateway DNS Server 192 168 2 27 W Enable dynamic DHCP leases Configuration T IP Pool Start 192 168 1 2 Mobile WAN IP Pool End 192 168 1 254 PPPoE ae 600 di Lease Time sec Figure 85 Backed up access to the Internet LAN configuration 97 Cornell um 7 CONFIGURATION IN TYPICAL SITUATIONS LAN configuration In the LAN item Primary LAN you can leave the factory default configuration as in the previous situation The ETH1 interface on the front panel of the router is used for connection to the Internet It can be configured in Secondary LAN Connect the cable to the router and set appropriate values as in the fig 85 here static IP address default gateway and DNS server are configured Changes will take effect clicking on the Apply button Detailed configuration of LAN is described in the 4 1 chapter WLAN and WiFi configuration Its necessary to enable wlan0 network interface in the WLAN item see fig 86 Check the Enable WLA
113. tion selected indication of the TCP connection state using signal CD DTR on the router would be activated Active TCP connection is on Nonactive TCP connection is off Table 70 CD signal description When item Use DTR as control of TCP connection selected control of the TCP connection using signal CD DTR on the router would be activated DTR Description client Active The router allows a TCP connection Router starts TCP connection Nonactive The router doesn t allow a TCP conn Router stops TCP connection Table 71 DTR signal description Supported USB RS232 converters e FTDI e Prolific PL2303 e Silicon Laboratories CP210x The changes in settings will apply after pressing the Apply button USB Port Configuration Enable USB serial converter access over TCP UDP Baudrate 9600 v Data Bits v Parity 7 Stop Bits Y Split Timeout Protocol Mode Server Address TCP Port Check TCP connection Keepalive Time 3600 Keepalive Interval 10 Keepalive Probes 5 Use CD as indicator of TCP connection Use DTR as control of TCP connection Apply Figure 60 USB configuration 82 CONFIGURATION Examples of USB port configuration Equipment PC USB RS232 ppp0 10 0 0 1 EM 192 168 1 1 SY ppp0 10 0 0 2 Sa 192 168 1 100 Settings in application on PC Settings in the router TCP connection on 10 0 0 2 2000 Mode TCP Server Default Gateway 192 168 1 1 Server Addres TCP Port
114. to each device The DHCP status window displays the following information for each configuration KC AA lease Assigned IP address starts Time of assignation of IP address ends Time of termination IP address validity hardware ethernet Hardware MAC unique address uid Unique ID client hostname Computer name Table 13 DHCP status description In the extreme case the DHCP status can display two records for one IP address That could have been caused by resetting of network cards DHCP Status Active DHCP Leases Primary LAN lease 192 166 1 2 starts 1 2011 01 17 08 08 37 ends 1 2011 01 17 08 16 37 hardware ethernet OO 1ld 92 25 72 53 uid 01 00 1d4 92 25 72 332 client hostname felgr Active DHCP Leases WLAN No active dynamic DHCP leases Figure 6 DHCP status Note Records in the DHCP status window are divided into two separate parts Active DHCP Leases Primary LAN and Active DHCP Leases WLAN 14 Connel um A B amp B ELECTRONICS Company q an 3 ST ATU S 3 7 IPsec Status Information on actual IPsec tunnel state can be called up in option Psec in the menu After correct build the IPsec tunnel status display Psec SA established highlighted in red in IPsec status information Other information has only internal character IPsec Status IPsec Tunnels Information interface eth seth 192 1628 2 2 50 interface pppOs pppO 10 0 0 132 myid none debug none ipse
115. ude SSID Requests for sending beacon frame are ignored e Clear Each SSID character in beacon frame is replaced by 0 However original length is kept Requests for sending beacon frame are ignored Probe Hidden Probes hidden SSID only for station STA mode SSID Country Code Code of the country where the router is used with WiFi This code must be entered in format ISO 3166 1 alpha 2 lf country code isn t specified and the router has implemented no system to determine this code it is used US as default country code If no country code is specified or is entered the wrong country code then it may come a pass a breach of regulatory rules for the using of frequency bands in the particular country Continued on next page 33 Connel um A B amp B ELECTRONICS Company l 4 CO N E G U RAT O N Continued from previous page CA Deseription HW Mode HW mode of WiFi standard that will be supported by WiFi access point AP e IEE 802 11b e IEE 802 11b g e IEE 802 11b g n Channel Channel where the WiFi AP is transmitting BW 40 MHz Option for HW mode 802 11n that allows using of two standard 20 MHz channels simultaneously WMM Enables basic QoS for WiFi networks This version doesn t guaran tee network throughput It is suitable for simple applications requiring QoS Authentication Provides access control of authorized users in WiFi network e Open authentication is not required free access point e Sh
116. un obstructed line of sight to four or more GPS satellites Pinger Allows to manually or automatically verify the functionallity of the connection between two network interfaces ping IS IS Add support of IS IS protocol Table 73 User modules Attention in the case of modules which are dependent on the version of linux kernel these are SmsBE and PoS Configuration it is necessary to distinguish for which kernel firewall are intended 89 Connel um A B amp B ELECTRONICS Company Eaa 6 ADMINISTRATION 6 Administration 6 1 Remote Access In the Remote Access item in the Administration section the remote access via Secure Shell SSH can be controlled Checking the Enable SSH item the SSH remote access is enabled If the password is still default the remote access will be disabled even if Enable SSH checked until the password will be changed Fill up the SSH idle timeout field to automatically logout the SSH client when idle for time defined in minutes This increases the safety SSH Configuration Enable SSH SSH idle timeout 60 Minutes Figure 71 SSH remote access configuration 6 2 Change Profile To open the dialog box for changing the profile select the Change Profile menu item Profile switch is making by press the button Apply Change take effect after restarting router by the help of button Reboot in web administration or by SMS message It is possible to select the standard profile or up to thr
117. ures switch to secondary SIM card or sec ondary APN of the SIM card Failure of the connection to mobile network can occur in two ways When start the router when three fails to establish a connection to mobile network Or if it is checked Check the con nection to mobile network and is indicated by the loss of a connection to mobile network Switch to backup SIM card when In case that the roaming is detected this parameter en roaming is detected and switch ables switching to secondary SIM card or secondary to default SIM card when home APN of the SIM If home network is detected this pa network is detected rameter enables switching back to default SIM card For proper operation it is necessary to have en abled roaming on your SIM card Switch to backup SIM card when This parameter enables switching to secondary SIM data limit is exceeded and switch card or secondary APN of the SIM card when the data to default SIM card when data limit of default APN is exceeded This parameter also limit isn t exceeded enables switching back to default SIM card when data limit is not exceeded Continued on next page 28 Connel um A B amp B ELECTRONICS Company l 4 CO N G U RAT O N Continued from previous page CMA eesscription Switch to backup SIM card when This parameter enables switching to secondary SIM binary input is active switch to card or secondary APN of the SIM card when binary default SIM card when binary in input
118. uthenticate Mode Pre shared Key CA Certificate Remote Certificate Local Certificate Local Private Key Local Passphrase Extra Options can be blank 4 CONFIGURATION IPsec Tunnel Configuration Figure 39 IPsec tunnels configuration 96 Cornell um A BaB ELECTRONICS Company E 4 TON FIG U RATION 60 Router A pppO 10 0 0 1 192 168 1 0 Router B ppp0 10 0 0 2 192 168 2 0 2 168 2 s Vo 192 168 2 4 esos Default Gateway 192 168 1 1 Default Gateway 192 168 2 1 Figure 40 Topology of example IPsec configuration IPsec tunnel configuration Configuration E Ce Remote IP Address 10 0 0 2 10 0 0 1 Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 299 299 299 0 Local Subnet 192 168 1 0 192 168 2 0 Local Subnet Mas 259 255 299 0 239 255 299 0 Authenticate mode pre shared key pre shared key Pre shared key test test Table 40 Example IPsec configuration Examples of different options for configuration and authentication of IPsec tunnel can be found in the application note IPsec Tunnel 6 4 12 GRE Tunnels Configuration GRE is an unencrypted protocol To enter the GRE tunnels configuration select the GRE menu item The GRE tunnel is used for connection of two networks to one that appears as one homogenous lt is possible to configure up to four GRE tunnels In the GRE Tunnels Configuration window are four rows each row for one configured GRE tunn
119. v2 and v3 Routers Application Note SmartCluster Application Note R SeeNet Application Note R SeeNet Admin Application Note OpenVPN Tunnel Application Note IPsec Tunnel Application Note GRE Tunnel Application Note 105
120. value WLAN network is not connected with LAN network of the router e yes Bridged mode is allowed WLAN network is connected with one or more LAN network of the router In this case the setting of most items in this table is ignored Instead it takes setting of selected network interface LAN IP address of default gateway When entering IP address of de fault gateway all packets for which the record was not found in the routing table are sent to this address Address to which all DNS queries are forwarded Table 27 WLAN configuration 3 Connel um A BSB ELECTRONICS Company FR 4 CONFIGURATION Use Enable dynamic DHCP leases item at the bottom of this form to enable dynamic allocation of IP addresses using DHCP server lt is also possible to specify these values ltem Description IP Pool Start Beginning of the range of IP addresses which will be assigned to DHCP clients IP Pool End End of the range of IP addresses which will be assigned to DHCP clients Lease Time Time in seconds for which the client may use the IP address Table 28 Configuration of DHCP server All changes in settings will apply after pressing the Apply button WLAN Configuration Enable WLAN interface Operating Mode access point AP DHCP Client disabled IP Address Subnet Mask Bridged Default Gateway
121. y 103 8 Recommended Literature 105 Connel um A BSB ELECTRONICS Company E meras ST 0 F F e U RES List of Figures ONO CO BON E 000O O OS OSOONNNNNNNNNNAs a O O OOo Cd EONAOO ONO BONA AOOONO 0 E O NO Example of the web configuration a a e 2 Mobile WAN status e 8 WWIFESIQUS nacer rotas Cao 9 MIS nora AAA 11 Network Status a 13 DHCP status escusa asa a 14 IPSEC OUS esoo espese asar AA 15 DynDNS status a a 15 OVSICNMLOG scores dE ACEDA DES 444 17 Example program syslogd start with the parameter r 17 Example 1 Topology of LAN Configuration 20 Example 1 LAN Configuration eee ee ee 20 Example 2 Topology of LAN Configuration 21 Example 2 LAN Configuration a e ee ee 21 Example 3 Topology of LAN Configuration 22 Example 3 LAN Configuration e ee ee 22 Topology of example VRRP configuration 24 Example VRRP configuration main router 24 Example VRRP configuration backup router 24 Mobile WAN configuration 2 o 30 Example 1 Mobile WAN configuration 20028 31 Example 2 Mobile WAN configuration 20028 31 Example 3 Mobile WAN configuration 2 00028 31 PPr
122. y o E Switch to other SIM card when connection fails Switch to backup SIM card when roaming is detected and switch to default SIM card when home network is detected Switch to backup SIM card when data limit is exceeded and switch to default SIM card when data limit isn t exceeded Switch to backup SIM card when binary input is active and switch to default SIM card when binary input isn t active E Switch to default SIM card after timeout Initial Timeout 60 min Subsequent Timeout min Additive Constant min Figure 22 Example 2 Mobile WAN configuration Example 3 Primary SIM card is switched to the offline mode after the router detects roam ing The first attempt to switch back to the default SIM card is executed after 60 minutes the second after 40 minutes the third after 50 minutes 40 10 etc Default SIM card primary lx Backup SIM card none x Switch to other SIM card when connection fails Switch to backup SIM card when roaming is detected and switch to default SIM card when home network is detected Switch to backup SIM card when data limit is exceeded and switch to default SIM card when data limit isn t exceeded Switch to backup SIM card when binary input is active and switch to default SIM card when binary input isn t active Switch to default SIM card after timeout Initial Timeout 60 min Subsequent Timeout ao min Additive Constant 10 min
Download Pdf Manuals
Related Search