Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for B+B SMARTWORK SmartMotion
Summary of Contents for B+B SMARTWORK SmartMotion
- Page 1 Twin Cellular Module Router SmartMotion CONFIGURATION MANUAL...
-
Page 2: Firmware Version
USED SYMBOLS Used symbols Danger – Information regarding user safety or potential damage to the router. Attention – Problems that can arise in specific situations. Information, notice – Useful tips or information of special interest. Example – example of function, command or script. Firmware version Current version of firmware is 6.0.0 (May 31, 2016). -
Page 3: Table Of Contents
CONTENTS Contents 1 Basic Information 1.1 Standard Equipment ....... . . 1.2 Optional Features . - Page 4 CONTENTS 4.4.5 Data Limit Configuration ......4.4.6 Switch between SIM Cards Configuration ....4.4.7 Examples of SIM Card Switching Configuration .
- Page 5 CONTENTS 6 Administration 6.1 Users ......... 111 6.2 Change Profile .
- Page 6 LIST OF FIGURES List of Figures Example of the Web Configuration ......Mobile WAN status ........WiFi Status .
- Page 7 LIST OF FIGURES NAT Configuration for Example 2 ......OpenVPN Tunnels List ....... . OpenVPN tunnel configuration .
- Page 8 LIST OF FIGURES Access to the Internet from LAN – LAN configuration ....119 Access to the Internet from LAN – Mobile WAN configuration ..119 Backup access to the Internet –...
- Page 9 LIST OF TABLES List of Tables Mobile Connection ........PoE PSE information .
- Page 10 LIST OF TABLES IPsec Tunnels Overview ....... IPsec Tunnel Configuration .
-
Page 11: Basic Information
1. BASIC INFORMATION 1. Basic Information SmartMotion is Twin cellular module LTE router designed for reliable and backed up com- munication across cellular networks using LTE, HSPA+, UMTS, EDGE or GPRS technology. There are applications where mobile communication is used as the main communication line even for important applications requiring a high degree of reliability. -
Page 12: Configuration
Examples would include using SMS or checking the status of the binary input. SmartMotion routers can automatically update their configurations and firmware from a central server, allowing for mass reconfiguration of multiple routers at the same time. -
Page 13: This Configuration Manual Describes
1. BASIC INFORMATION 1.7 This Configuration Manual Describes Configuration of the router item by item according to the web interface (chapters to 6). Configuration in typical situations examples (chapter 7): – Access to the Internet from (Local Area Network) via mobile network, Ch. 7.1. –... -
Page 14: Access To The Web Conf
2. ACCESS TO THE WEB CONF. 2. Access to the Web Configuration Attention! Wireless transmissions work only when you activate the SIM card for data traffic and insert it into the router. Remove the power source before inserting the SIM card. -
Page 15: Certificates And Preventing The Security Message
2. ACCESS TO THE WEB CONF. https://192.168.1.1. When accessing the router for the first time you will need to install a se- curity certificate if you don’t want the browser to show you a domain disagreement message. To avoid receiving domain disagreement messages, follow the procedure described in the following subchapter. -
Page 16: Status
3. STATUS 3. Status 3.1 General Status Selecting the General item will open a screen displaying a summary of basic information about the router and its activities. This page is also displayed when you login to the web interface. Information is divided into several sections, based upon the type of router activity or the properties area: Mobile Connection of 1st Module, Mobile Connection of 2nd Module, Primary LAN, Secondary LAN and System Information. -
Page 17: Primary Lan, Secondary Lan, Wifi
3. STATUS Continued from previous page Item Description Tx Overruns Lost sent packets because of overload. Uptime Indicates how long the connection to the cellular network has been established. Table 1: Mobile Connection 3.1.2 Primary LAN, Secondary LAN, WiFi Items displayed in this part have the same meaning as items in the previous part. More- over, the MAC Address item shows the MAC address of the corresponding router’s interface (Primary LAN –... -
Page 18: System Information
3. STATUS 3.1.3 System Information Item Description Firmware Version Information about the firmware version Serial Number Serial number of the router (in case of N/A is not available) Profile Current profile – standard or alternative profiles (profiles are used for example to switch between different modes of operation) Power Board If the power board is installed in the router, shows the type of power board: PoE PD or PoE PSE. -
Page 19: Mobile Wan Status
3. STATUS 3.2 Mobile WAN Status The Mobile WAN menu item contains current information about connections to the mobile network. On the upper part of the page there are Mobile Network Information for 1st Module and Mobile Network Information for 2nd Module displayed (information about mobile networks the router operates in). -
Page 20: Description Of Periods
3. STATUS If a neighboring cell is highlighted in red, there is a risk that the router may repeatedly switch between the neighboring cell and the primary cell. This can affect the performance of the router. To prevent this, re-orient the antenna or use a directional antenna. The next section of this window displays historical information about the quality of the cel- lular WAN connection during each logging period. -
Page 21: Mobile Wan Status
3. STATUS Figure 2: Mobile WAN status The last part (Mobile Network Connection Log) displays information about the mobile net- work connections and any problems that occurred while establishing them. -
Page 22: Wifi
3. STATUS 3.3 WiFi This item is available only if the router is equipped with a WiFi module. Selecting the WiFi item in the main menu of the web interface will display information about the WiFi access point (AP) and associated stations. Item Description hostapd state dump... -
Page 23: Wifi Scan
3. STATUS 3.4 WiFi Scan This item is available only if the router is equipped with a WiFi module. Selecting the WiFi Scan item scans for neighboring WiFi networks and displays the re- sults. Scanning can only be performed if the access point (WiFi AP) is off. Item Description MAC address of access point (AP) -
Page 24: Wifi Scan
3. STATUS WiFi Scan output may look like this: Figure 4: WiFi Scan... -
Page 25: Network Status
3. STATUS 3.5 Network Status To view information about the interfaces and the routing table, open the Network item in the Status menu. The upper part of the window displays detailed information about the active interfaces only: Interface Description eth0, eth1, eth2 Network interfaces (Ethernet connection) usb0 Active PPP connection to the mobile network –... -
Page 26: Description Of Information In Network Status
3. STATUS Continued from previous page Item Description packets – received packets errors – number of errors dropped – dropped packets overruns – incoming packets lost because of overload. frame – wrong incoming packets because of incorrect packet size. packets – transmit packets errors –... -
Page 27: Network Status
3. STATUS Figure 5: Network Status... -
Page 28: Dhcp Status
3. STATUS 3.6 DHCP Status Information about the DHCP server activity is accessible via DHCP item. The DHCP server provides automatic configuration of the client devices connected to the router. The DHCP server assigns each device an IP address, subnet mask, default gateway (IP address of router) and DNS server (IP address of router). -
Page 29: Ipsec Status
3. STATUS Item Description lease Assigned IPv4 address iaaddr Assigned IPv6 address starts Time that the IP address was assigned ends Time that the IP address lease expires hardware ethernet Unique hardware MAC address Unique ID client-hostname Host computer name Table 13: DHCP Status Description 3.7 IPsec Status Selecting the IPsec option in the status menu of the web page will bring up the information... -
Page 30: System Log
3. STATUS www.dyndns.org www.spdns.de www.dnsdynamic.org www.noip.com Figure 8: DynDNS Status When the router detects a DynDNS record update, the dialog displays one or more of the following messages: DynDNS client is disabled. Invalid username or password. Specified hostname doesn’t exist. Invalid hostname format. -
Page 31: System Log
3. STATUS The Syslogd program will output the system log. It can be started with two options to modify its behavior. Option "-S" followed by decimal number sets the maximal number of lines in one log file. Option "-R" followed by hostname or IP address enables logging to a remote syslog daemon. -
Page 32: Configuration
4. CONFIGURATION 4. Configuration 4.1 LAN Configuration To enter the Local Area Network configuration, select the LAN menu item in the Configura- tion section. The LAN item will expand in the menu on the left, so you can choose the proper Ethernet interface to configure: Primary LAN for the router’s first Ethernet interface (ETH0) and Secondary LAN for the router’s second Ethernet interface (ETH1). -
Page 33: Configuration Of The Network Interface - Ipv4 And Ipv6
4. CONFIGURATION Item Description DHCP Client Enables/disables the DHCP client function. If in IPv6 column, the DHCPv6 client is enabled. disabled – The router does not allow automatic allocation of an IP address from a DHCP server in LAN network. enabled –... -
Page 34: Dhcp Server
4. CONFIGURATION Item Description Bridged Activates/deactivates the bridging function on the router. no – The bridging function is inactive (default). yes – The bridging function is active. Media Type Specifies the type of duplex and speed used in the network. Auto-negation –... -
Page 35: Ipv6 Prefix Delegation
4. CONFIGURATION Item Description Enable dynamic DHCP leases Select this option to enable a dynamic DHCP server. IP Pool Start Starting IP addresses allocated to the DHCP clients. Use proper notation in IPv4 and IPv6 column. IP Pool End End of IP addresses allocated to the DHCP clients. Use proper IP address notation in IPv4 and IPv6 column. -
Page 36: Lan Configuration Examples
4. CONFIGURATION Item Description Enable IPv6 prefix delegation Enables prefix delegation configuration filled-in below. Subnet ID The decimal value of the Subnet ID of the Ethernet inter- face. Maximum value depends on the Subnet ID Width. Subnet ID Width The maximum Subnet ID Width depends on your Site Prefix –... -
Page 37: Lan Configuration For Example
4. CONFIGURATION Figure 14: LAN Configuration for Example 1 Example 2: IPv4 Dynamic and Static DHCP server The range of allocated addresses is from 192.168.1.2 to 192.168.1.4. The address is allocated for 600 seconds (10 minutes). The client with the MAC address 01:23:45:67:89:ab has the IP address 192.168.1.10. The client with the MAC address 01:54:68:18:ba:7e has the IP address 192.168.1.11. -
Page 38: Network Topology For Example
4. CONFIGURATION Figure 15: Network Topology for Example 2 Figure 16: LAN Configuration for Example 2... -
Page 39: Network Topology For Example
4. CONFIGURATION Example 3: IPv6 Dynamic DHCP Server The range of dynamic allocated IPv6 addresses is from 2001:db8::1 to 2001:db8::ffff. The address is allocated for 600 second (10 minutes). The router is still accessible via IPv4 (192.168.1.1). Figure 17: Network Topology for Example 3 Figure 18: LAN Configuration for Example 3... -
Page 40: Vrrp Configuration
4. CONFIGURATION 4.2 VRRP Configuration Select the VRRP menu item to enter the VRRP configuration. VRRP protocol (Virtual Router Redundancy Protocol) allows you to transfer packet routing from the main router to a backup router in case the main router fails. (This can be used to provide a wireless cellular backup to a primary wired router in critical applications.) If the Enable VRRP is checked, you may set the following parameters. -
Page 41: Example Of Vrrpv2 Configuration In Ipv4 Network
4. CONFIGURATION You may set the Check connection flag in the second part of the window to enable au- tomatic test messages for the cellular network. In some cases, the mobile WAN connection could still be active but the router will not be able to send data over the cellular network. This feature is used to verify that data can be sent over the PPP connection and supplements the normal VRRP message handling. -
Page 42: Example Of Vrrp Configuration - Main Router
4. CONFIGURATION Figure 21: Example of VRRP Configuration – Main router Figure 22: Example of VRRP Configuration – Backup router... -
Page 43: Mobile Wan Configuration
4. CONFIGURATION 4.3 Mobile WAN Configuration Select the Mobile WAN item in the Configuration menu section to enter the cellular network configuration pages. The menu item will expand and you will see three configuration pages: 1st module, 2nd module and Module Switching. This last one page – Module Switching – is the most important in the hierarchy of decision making politics when connecting to mobile network. -
Page 44: 1St Mobile Wan Configuration
4. CONFIGURATION Figure 24: 1st Mobile WAN Configuration... -
Page 45: Connection To Mobile Network
4. CONFIGURATION 4.4.1 Connection to Mobile Network If you mark the Create connection to mobile network checkbox, then the router automati- cally attempts to establish a connection after booting up. You can specify the following param- eters for each SIM card separately. Item Description Network identifier (Access Point Name). -
Page 46: Dns Address Configuration
4. CONFIGURATION Continued from previous page Item Description Specifies the Maximum Receive Unit which is the maximum size of a packet that the router can receive in a given environment. The default value is 1500 B. Other settings can cause the router to incorrectly trans- mit data. -
Page 47: Check Connection To Mobile Network Configuration
4. CONFIGURATION from the primary and secondary DNS server of the mobile network carrier. To specify the IP addresses of the Primary DNS servers manually, from the DNS Server pull down list, select the value set manually. You can fill-in the IPv4 or IPv6 address of the DNS server (or both) based on the IP Mode option. -
Page 48: Example Of Check Connection Configuration
4. CONFIGURATION 4.4.4 Example of Check Connection Configuration The figure below displays the following scenario: the connection to the mobile network in IPv4 IP Mode is controlled on the address 8.8.8.8 with the time interval of 60 seconds for the first SIM card and on the address www.google.com with the time interval 80 seconds for the second SIM card. -
Page 49: Switch Between Sim Cards Configuration
4. CONFIGURATION 4.4.6 Switch between SIM Cards Configuration In the bottom part of the 1st (2nd) Mobile WAN Configuration page you can specify the rules for toggling between the two SIM cards. The router will automatically toggle between the SIM cards and their setups depending on the configuration here (manual permission, roaming, data limit, binary inputs state). -
Page 50: Switch Between Sim Cards Configuration
4. CONFIGURATION Continued from previous page Item Description BIN1 Configure usage of SIM cards based on binary input 1 state: don’t care – It is possible to use the SIM regardless to BIN1 state. 1 – Only use the SIM card if the BIN1 state is logical 1 – no voltage. -
Page 51: Examples Of Sim Card Switching Configuration
4. CONFIGURATION Continued from previous page Item Description Switch to default SIM If enabled, the items below are applied – the router will try to card after timeout switch back to the default SIM card. It applies only when there is default SIM card defined and the other one was selected beacuse of fail of the default one or roaming caused switch. -
Page 52: Configuration For Sim Card Switching Example
4. CONFIGURATION Example 2: Data Limit Switching The following configuration illustrates a scenario in which the router changes to a second SIM card after exceeding the data limits of 800 MB on the first (default) SIM card. The router sends a warning SMS upon reaching 400 MB (it has to be enabled on SMS Configuration page). -
Page 53: Module Switching Configuration
4. CONFIGURATION 4.5 Module Switching Configuration On this page you can configure the overall politics of cellular modules switching. Tick the Create connection to mobile network to activate the connecting of modules to the cellular network. The cellular module selected is the result of the logical product (AND) of the config- uration on this page. - Page 54 4. CONFIGURATION Continued from previous page Item Description BIN0 Cellular module usage based on binary input 0 state: don’t care – Use the cellular module regardless to BIN0 state. 1 – Only use the cellular module if the BIN0 is logical 1 – no voltage.
-
Page 55: Pppoe Bridge Mode Configuration
ETH port of the router. You assign the IP address of the SIM card to the PC. For SmartMotion ST355 routers only: If you enable PPPoE bridge mode, it is not pos- sible to use SMS Configuration features – the router will not send SMS and you can not control the router via SMS! Send SMS feature in Administartion section will not work. -
Page 56: Pppoe Configuration
4. CONFIGURATION 4.6 PPPoE Configuration PPPoE (Point-to-Point over Ethernet) is a network protocol which encapsulates PPPoE frames into Ethernet frames. The router uses the PPPoE client to connect to devices support- ing a PPPoE bridge or server. The bridge or server is typically an ADSL router. To open the PPPoE Configuration page, select the PPPoE menu item. -
Page 57: Pppoe Configuration
4. CONFIGURATION Continued from previous page Item Description Specifies the Maximum Receiving Unit. The MRU identifies the max- imum packet size, that the router can receive in a given environ- ment. The default value is 1492 bytes. Other settings can cause in- correct data transmission. -
Page 58: Wifi Configuration
4. CONFIGURATION 4.7 WiFi Configuration This item is available only if the router is equipped with a WiFi module. Configure the WiFi network by selecting the WiFi item in the main menu of the router web interface. Activate WiFi by selecting Enable WiFi at the top of the form. You may also set the following properties: Item Description... - Page 59 4. CONFIGURATION Continued from previous page Item Description Country Code Code of the country where the router is installed. This code must be entered in ISO 3166-1 alpha-2 format. If a country code isn’t specified and the router has not implemented a system to determine this code, it will use "US"...
- Page 60 4. CONFIGURATION Continued from previous page Item Description Encryption Type of data encryption in the WiFi network: None – No data encryption. WEP – Encryption using static WEP keys. This encryption can be used for Shared authentication. TKIP – Dynamic encryption key management that can be used for WPA-PSK and WPA2-PSK authentication.
-
Page 61: Wifi Configuration
4. CONFIGURATION Continued from previous page Item Description WPA PSK Key for WPA-PSK authentication. This key must be entered accord- ing to the selected WPA PSK type as follows. 256-bit secret – 64 hexadecimal digits ASCII passphrase – 8 to 63 characters PSK File –... -
Page 62: Wifi Configuration
4. CONFIGURATION Figure 31: WiFi Configuration... -
Page 63: Wlan Configuration
4. CONFIGURATION 4.8 WLAN Configuration This item is available only if the router is equipped with a WiFi module. The WiFi LAN and DHCP server page is displayed by selecting WLAN in the configuration section. You will then be able to set the following properties (see table below). Use the Enable WLAN interface check box at the top of this form to enable WiFi LAN interface. -
Page 64: Configuration Of Dhcp Server
4. CONFIGURATION Continued from previous page Item Description DHCP Client Activates/deactivates DHCP client. If in IPv6 column, the DHCPv6 client is enabled. IP Address A fixed IP address of the WiFi interface. Use IPv4 notation in IPv4 column and IPv6 notation in IPv6 column. Shortened IPv6 notation is supported. -
Page 65: Backup Routes
4. CONFIGURATION 4.9 Backup Routes Using the configuration form on the Backup Routes page, you can back up the primary con- nection with alternative connections to the Internet (mobile network) or enable Multiple WANs mode. It is also possible to prioritize each backup connection option. Switching between connections is carried out according to order of priority and the state of the connections. -
Page 66: Backup Routes Configuration
4. CONFIGURATION Item Description Enable backup The default route is selected according to the settings below. If dis- routes switching abled (unchecked), the backup routes system operates in the back- ward compatibility mode based on the default priorities of the network interfaces (listed below). -
Page 67: Default Priorities For Backup Routes
4. CONFIGURATION Network interfaces belonging to individual backup routes are also checked before use for flags which indicate the state of the interface. (E.g. RUNNING on the Network Status page.) This prevents, for example, the disconnection of an Ethernet cable. You can fill-in one or both Ping IP Addresses (IPv4 and IPv6) –... -
Page 68: Firewall Configuration
4. CONFIGURATION 4.10 Firewall Configuration The first security element for incoming packets is a check of the enabled source IP ad- dresses and destination ports. There is independent IPv4 and IPv6 firewall since there is dual stack IPv4 and IPv6 implemented in the router. If you click the Firewall item in the Configura- tion menu on the left, it will expand to IPv4 and IPv6 options and you can click IPv6 to enable and configure the IPv6 firewall –... -
Page 69: Filtering Of Incoming Packets
4. CONFIGURATION Item Description Source IP address the rule applies to. Use IPv4 address in IPv4 Firewall Configuration and IPv6 address in IPv6 Firewall Configuration. Protocol Specifies the protocol the rule applies to: all – The rule applies to all protocols. TCP –... -
Page 70: Example Of The Ipv4 Firewall Configuration
4. CONFIGURATION Continued from previous page Item Description Protocol Specifies the protocol the rule applies to: all – The rule applies to all protocols. TCP – The rule applies to TCP protocol. UDP – The rule applies to UDP protocol. ICMP/ICMPv6 –... -
Page 71: Topology For The Ipv4 Firewall Configuration Example
4. CONFIGURATION Figure 35: Topology for the IPv4 Firewall Configuration Example Figure 36: IPv4 Firewall Configuration Example... -
Page 72: Nat Configuration
4. CONFIGURATION 4.11 NAT Configuration To configure the address translation function, click on NAT in the Configuration section of the main menu. There is independent IPv4 and IPv6 NAT configuration since there is dual stack IPv4 and IPv6 implemented in the router. The NAT item in the menu on the left will expand to IPv4 and IPv6 options and you can click IPv6 to enable and configure the IPv6 NAT –... -
Page 73: Nat Configuration
4. CONFIGURATION Item Description Public Port Public port for the translation rule. Private Port Private port for the translation rule. Type Protocol type – TCP or UDP. Server IPv4 address In IPv4 NAT Configuration only. IPv4 address where the router forwards incoming data. -
Page 74: Examples Of Nat Configuration
4. CONFIGURATION Continued from previous page Item Description Enable remote SNMP access on port Select this option to allow access to the router using SNMP (disabled in default configuration). Masquerade outgoing packets Activates/deactivates the network address translation function. Table 36: Remote Access Configuration Use the following parameters to set the routing of incoming data from the WAN (Mobile WAN) to a connected computer. -
Page 75: Nat Configuration For Example
4. CONFIGURATION same IP address as displayed in the Default Server IPv4 Address field. The connected device replies if a PING is sent to the IP address of the SIM card. Figure 39: NAT Configuration for Example 1 Example 2: IPv4 NAT Configuration with More Equipment Connected In this example, using the switch you can connect more devices behind the router. -
Page 76: Topology For Nat Configuration Example
4. CONFIGURATION Figure 40: Topology for NAT Configuration Example 2 Figure 41: NAT Configuration for Example 2... -
Page 77: Openvpn Tunnel Configuration
4. CONFIGURATION 4.12 OpenVPN Tunnel Configuration Select the OpenVPN item to configure an OpenVPN tunnel. The OpenVPN tunnel function allows you to create a secure connection between two separate LAN networks. The router allows you to create up to four OpenVPN tunnels. IPv4 and IPv6 dual stack is supported. Item Description Create... - Page 78 4. CONFIGURATION Continued from previous page Item Description Remote Subnet IPv4 address of a network behind opposite side of the tunnel. Remote Subnet Mask IPv4 subnet mask of a network behind opposite tunnel’s side. Redirect Gateway Activates/deactivates redirection of data on Layer 2. Local Interface IP Specifies the IPv4 address of a local interface.
-
Page 79: Openvpn Configuration
4. CONFIGURATION Continued from previous page Item Description Authenticate Mode Specifies the authentication mode: none – No authentication is set. Pre-shared secret – Specifies the shared key function for both sides of the tunnel. Username/password – Specifies authentication using a CA Certificate, Username and Password. -
Page 80: Openvpn Tunnel Configuration
4. CONFIGURATION The changes in settings will apply after pressing the Apply button. Figure 43: OpenVPN tunnel configuration... -
Page 81: Example Of The Openvpn Tunnel Configuration In Ipv4 Network
4. CONFIGURATION 4.12.1 Example of the OpenVPN Tunnel Configuration in IPv4 Network Figure 44: Topology of OpenVPN Configuration Example OpenVPN tunnel configuration: Configuration Protocol UDP Port 1194 1194 Remote IP Address 10.0.0.2 10.0.0.1 Remote Subnet 192.168.2.0 192.168.1.0 Remote Subnet Mask 255.255.255.0 255.255.255.0 Local Interface IP Address... -
Page 82: Ipsec Tunnel Configuration
4. CONFIGURATION 4.13 IPsec Tunnel Configuration To open the IPsec Tunnel Configuration page, click IPsec in the Configuration section of the main menu. The IPsec tunnel function allows you to create a secured connection between two separate LAN networks. The router allows you to create up to four IPsec tunnels. IPv4 and IPv6 tunnels are supported (dual stack), you can transport IPv6 traffic through IPv4 tunnel and vice versa. - Page 83 4. CONFIGURATION Continued from previous page Item Description Remote ID Identifier (ID) of remote side of the tunnel. It consists of two parts: a hostname and a domain-name. Tunnel IP Mode IPv4 – The IPv4 communication runs inside the tunnel. IPv6 –...
- Page 84 4. CONFIGURATION Continued from previous page Item Description IKE Algorithm Specifies the means by which the router selects the algorithm: auto – The encryption and hash algorithm are selected au- tomatically. manual – The encryption and hash algorithm are defined by the user.
-
Page 85: Ipsec Tunnel Configuration
4. CONFIGURATION Continued from previous page Item Description Authenticate Mode Specifies the means by which the router authenticates: Pre-shared key – Sets the shared key for both sides of the tunnel. X.509 Certificate – Allows X.509 authentication in multi- client mode. Pre-shared Key Specifies the shared key for both sides of the tunnel. -
Page 86: Ipsec Tunnels Configuration
4. CONFIGURATION Figure 46: IPsec Tunnels Configuration... -
Page 87: Example Of The Ipsec Tunnel Configuration In Ipv4 Network
4. CONFIGURATION We recommend that you maintain the default settings. When you set key exchange times higher, the tunnel produces lower operating costs, but the setting also provides less security. Conversely, when you reducing the time, the tunnel produces higher operating costs, but provides for higher security. -
Page 88: Gre Tunnels Configuration
4. CONFIGURATION 4.14 GRE Tunnels Configuration GRE is an unencrypted protocol. GRE via IPv6 is not supported. To open the GRE Tunnel Configuration page, click GRE in the Configuration section of the main menu. The GRE tunnel function allows you to create an unencrypted connection between two separate LAN networks. -
Page 89: Gre Tunnel Configuration
4. CONFIGURATION Continued from previous page Item Description Pre-shared Key Specifies an optional value for the 32 bit shared key in numeric format, with this key the router sends the filtered data through the tunnel. Specify the same key on both routers, otherwise the router drops received packets. -
Page 90: Example Of The Gre Tunnel Configuration
4. CONFIGURATION 4.14.1 Example of the GRE Tunnel Configuration Figure 50: Topology of GRE Tunnel Configuration Example GRE tunnel configuration: Configuration Remote IP Address 10.0.0.2 10.0.0.1 Remote Subnet 192.168.2.0 192.168.1.0 Remote Subnet Mask 255.255.255.0 255.255.255.0 Table 46: GRE Tunnel Configuration Example Examples of different options for configuration of GRE tunnel can be found in the application note GRE Tunnel [7]. -
Page 91: L2Tp Tunnel Configuration
4. CONFIGURATION 4.15 L2TP Tunnel Configuration L2TP is an unencrypted protocol. L2TP via IPv6 is not supported. To open the L2TP Tunnel Configuration page, click L2TP in the Configuration section of the main menu. The L2TP tunnel function allows you to create a password protected connection between 2 LAN networks. -
Page 92: Example Of The L2Tp Tunnel Configuration
4. CONFIGURATION 4.15.1 Example of the L2TP Tunnel Configuration Figure 52: Topology of L2TP Tunnel Configuration Example Configuration of the L2TP tunnel: Configuration Mode L2TP Server L2TP Client Server IP Address — 10.0.0.1 Client Start IP Address 192.168.2.5 — Client End IP Address 192.168.2.254 —... -
Page 93: Pptp Tunnel Configuration
4. CONFIGURATION 4.16 PPTP Tunnel Configuration PPTP is an unencrypted protocol. PPTP via IPv6 is not supported. Select the PPTP item in the menu to configure a PPTP tunnel. PPTP tunnel allows pass- word protected connections between two LANs. It is similar to L2TP. The tunnels are active after selecting Create PPTP tunnel. -
Page 94: Example Of The Pptp Tunnel Configuration
4. CONFIGURATION 4.16.1 Example of the PPTP Tunnel Configuration Figure 54: Topology of PPTP Tunnel Configuration Example Configuration of the PPTP tunnel: Configuration Mode PPTP Server PPTP Client Server IP Address — 10.0.0.1 Local IP Address 192.168.1.1 — Remote IP Address 192.168.2.1 —... -
Page 95: Dyndns Configuration
4. CONFIGURATION 4.17 DynDNS Configuration The DynDNS function allows you to access the router remotely using an easy to remem- ber custom hostname. This DynDNS client monitors the IP address of the router and up- dates the address whenever it changes. In order for DynDNS to function, you require a pub- lic IP address, either static or dynamic, and an active Remote Access service account at www.dyndns.org. -
Page 96: Ntp Configuration
4. CONFIGURATION 4.18 NTP Configuration The NTP configuration form allows you to configure the NTP client. To open the NTP page, click NTP in the Configuration section of the main menu. NTP (Network Time Protocol) allows you to periodically set the internal clock of the router. The time is set from servers that provide the exact time to network devices. -
Page 97: Snmp Configuration
4. CONFIGURATION 4.19 SNMP Configuration The SNMP page allows you to configure the SNMP v1/v2 or v3 agent which sends in- formation about the router (and its expansion ports) to a management station. To open the SNMP page, click SNMP in the Configuration section of the main menu. SNMP (Simple Net- work Management Protocol) provides status information about the network elements such as routers or endpoint computers. -
Page 98: Oid Basic Structure
4. CONFIGURATION Activating the Enable I/O extension function allows you monitor the binary I/O inputs on the router. Selecting Enable M-BUS extension and entering the Baudrate, Parity and Stop Bits lets you monitor the meter status connected to the expansion port MBUS status. Selecting Enable reporting to supervisory system and entering the IP Address and Period lets you send statistical information to the monitoring system, R-SeeNet. -
Page 99: Snmp Configuration Example
4. CONFIGURATION This means that the router provides for example, information about the internal temperature (OID 1.3.6.1.4.1.248.40.1.3.3) or about the power voltage (OID 1.3.6.1.4.1.248.40.1.3.4). For binary inputs and output, the following range of OID is used: Description .1.3.6.1.4.1.30140.2.3.1.0 Binary input BIN0 (values 0,1) .1.3.6.1.4.1.30140.2.3.2.0 Binary output OUT0 (values 0,1) .1.3.6.1.4.1.30140.2.3.3.0... -
Page 100: Mib Browser Example
4. CONFIGURATION Figure 59: MIB Browser Example In order to access a particular device enter the IP address of the SNMP agent which is the router, in the Remote SNMP agent field. The dialog displayed the internal variables in the MIB tree after entering the IP address. -
Page 101: Smtp Configuration
4. CONFIGURATION 4.20 SMTP Configuration Use the SMTP form to configure the Simple Mail Transfer Protocol client (SMTP) for send- ing e-mails. IPv6 e-mail servers are supported. Item Description SMTP Server Address IPv4 address, IPv6 address or domain name of the mail server. SMTP Port Port the SMTP server is listening on. - Page 102 4. CONFIGURATION Commands and parameters can be entered only in lowercase. Example of sending an e-mail: email –t john@doe.com –s "System Log" -m "Attached" -a /var/log/messages The command above sends an e-mail to address john@doe.com with the subject "System Log", body message "Attached" and attachment messages file with System Log of the router directly from the directory /var/log/.
-
Page 103: Sms Configuration
4. CONFIGURATION 4.21 SMS Configuration Open the SMS Configuration page, click SMS in the Configuration section of the main menu. The router can automatically send SMS messages to a cell phone or SMS message server when certain events occur. The form allows you to select which events generate an SMS message. -
Page 104: Control Via Sms And At-Sms Over Tcp
4. CONFIGURATION Continued from previous page Item Description Send SMS when binary input on Automatic sending SMS message after binary input I/O port (BIN0) is active on I/O port (BIN0) is active. Text of message is in- tended parameter BIN0. Add timestamp to SMS Activates/deactivates the adding a time stamp to the SMS messages. -
Page 105: Reboot
4. CONFIGURATION If you leave the phone number field blank, then you can restart the router using an SMS Reboot message from any phone number. If you enter one or more phone numbers, then you can control the router using SMS messages sent only from the specified phone numbers. -
Page 106: Sending Sms
4. CONFIGURATION 4.21.1 Sending SMS If you establish a connection to the router via Ethernet, then you can use AT commands to manage SMS messages. The following table lists only the commands that the router supports. For other AT commands the router sends an OK response. The router sends an ERROR response for complex AT commands. -
Page 107: Examples Of Sms Configuration
4. CONFIGURATION A detailed description and examples of these AT commands can be found in the application note AT commands [9]. 4.21.2 Examples of SMS Configuration Example 1: Sending SMS Configuration After powering up the router, the phone with the number entered in the dialog receives an SMS in the following form: Router (Unit ID) has been powered up. -
Page 108: Sms Configuration For Example
4. CONFIGURATION Example 2: Control the Router Sending SMS from any Phone Number Figure 63: SMS Configuration for Example 2 Example 3: Control the Router Sending SMS from Two Phone Numbers Figure 64: SMS Configuration for Example 3... -
Page 109: Usb Port Configuration
4. CONFIGURATION 4.22 USB Port Configuration You can use a USB to RS232 converter to send data out of the serial port from the Ethernet network in the same manner as the RS232 expansion port function. To specify the values for the USB port parameters, click USB Port in the Configuration section of the main menu. -
Page 110: Usb Port Configuration
4. CONFIGURATION If you mark the Reject new connections check box, then the router rejects any other con- nection attempt. This means that the router no longer supports multiple connections. If you mark the Check TCP connection check box, the router verifies the TCP connection. Item Description Keepalive Time... -
Page 111: Examples Of Usb Port Configuration
4. CONFIGURATION Figure 65: USB configuration 4.22.1 Examples of USB Port Configuration Figure 66: Example 1 – USB port configuration... -
Page 112: Example 2 - Usb Port Configuration
4. CONFIGURATION Figure 67: Example 2 – USB port configuration... -
Page 113: Scripts
4. CONFIGURATION 4.23 Scripts There is possibility to create your own shell scripts executed in the specific situations. Go to the Scripts page in the Configuration section in the menu. The menu item will expand and there are Startup Script, Up/Down IPv4 and Up/Down IPv6 scripts you can use – there is IPv4 and IPv6 independent dual stack. -
Page 114: Up/Down Scripts
4. CONFIGURATION When the router starts up, stop syslogd program and start syslogd with remote logging on address 192.168.2.115 and limited to 100 entries. Add these lines to the Startup Script: killall syslogd syslogd -R 192.168.2.115 -S 100 4.23.3 Up/Down Scripts Use the Up/Down IPv4 and Up/Down IPv6 page to create scripts executed when the Mobile WAN connection is established (up) or lost (down). - Page 115 4. CONFIGURATION After establishing or losing an IPv6 WAN connection (connection to mobile network), the router sends an email with information about the connection state. It is necessary to configure SMTP before. Add this line to the Up Script field: email -t name@domain.com -s "Router"...
-
Page 116: Automatic Update Configuration
4. CONFIGURATION 4.24 Automatic Update Configuration The router can be configured to automatically check for firmware updates from an FTP site or a web server and update its firmware or configuration information. IPv6 sites/servers are supported. Use the Automatic update menu to configure the automatic update settings. It is also possible to update the configuration and firmware through the USB host connector of the router. -
Page 117: Example Of Automatic Update
4. CONFIGURATION The configuration file name consists of Base URL, hardware MAC address of ETH0 inter- face and cfg extension. Hardware MAC address and cfg extension are added to the file name automatically and it isn’t necessary to enter them. When the parameter Unit ID is enabled, it defines the concrete configuration name which will be downloaded to the router, and the hardware MAC address in the configuration name will not be used. -
Page 118: Example Of Automatic Update Based On Mac
4. CONFIGURATION 4.24.2 Example of Automatic Update Based on MAC In the following example the router checks for new firmware or configuration each day at 1:00 a.m. An example is given for the SmartFlex router with MAC address 00:11:22:33:44:55. Firmware file: http://example.com/BIVIAS-v3LL.bin Configuration file: http://example.com/00.11.22.33.44.55.cfg... -
Page 119: Customization
5. CUSTOMIZATION 5. Customization 5.1 User Modules You may run custom software programs in the router to enhance the features of the router. Use the User Modules menu item to add new software modules to the router, to remove them, or to change their configuration. - Page 120 5. CUSTOMIZATION Module name Description MODBUS TCP2RTU Provides a conversion of MODBUS TCP/IP protocol to MDBUS RTU protocol, which can be operated on the serial line. Easy VPN client Provides secure connection of LAN network behind our router with LAN network behind CISCO router. NMAP Enables TCP and UDP scan.
-
Page 121: Administration
6. ADMINISTRATION 6. Administration 6.1 Users This configuration function is only available for users assigned the admin role! To assign roles and manage user accounts open the Users form in the Administration section of the main menu. The first frame of this configuration form contains an overview of available users. -
Page 122: Change Profile
6. ADMINISTRATION Ordinary users are not able to access router via Telnet, or SFTP. Read only FTP access is allowed for these users. Figure 74: Users 6.2 Change Profile In addition to the standard profile, up to three alternate router configurations or profiles can be stored in router’s non-volatile memory. -
Page 123: Change Password
6. ADMINISTRATION 6.3 Change Password Use the Change Password configuration form in the Administration section of the main menu for changing your password used to log on the device. Enter the new password in the New Password field, confirm the password using the Confirm Password field, and press the Apply button. -
Page 124: Set Sms Service Center Address
6. ADMINISTRATION 6.5 Set SMS Service Center Address This feature works on the 1st cellular module only! (1st or 2nd SIM card.) It is not possible to set the SMS Service Center on the 2nd cellular module this way. The function requires you to enter the phone number of the SMS service center to send SMS messages. -
Page 125: Send Sms
6. ADMINISTRATION 6.7 Send SMS This feature works on the 1st cellular module only! (1st or 2nd SIM card.) It is not possible to send SMS from 2nd cellular module this way. You can send an SMS message from the router to test the cellular network. Use the Send SMS dialog in the Administration section of the main menu to send SMS messages. -
Page 126: Update Firmware
6. ADMINISTRATION 6.10 Update Firmware Select the Update Firmware menu item to view the current router firmware version and load new firmware into the router. There is current firmware version and firmware filename written out. When loading the new firmware, it has to have this name. To load new firmware, browse to the new firmware file and press the Update button to begin the update. -
Page 127: Reboot
6. ADMINISTRATION 6.11 Reboot To reboot the router select the Reboot menu item and then press the Reboot button. Figure 83: Reboot... -
Page 128: Typical Situations
7. TYPICAL SITUATIONS 7. Configuration in Typical Situations Although Advantech B+B SmartWorx routers have wide variety of uses, they are commonly used in the following ways. All the examples below are for IPv4 networks. 7.1 Access to the Internet from LAN Figure 84: Access to the Internet from LAN –... -
Page 129: Access To The Internet From Lan - Lan Configuration
7. TYPICAL SITUATIONS Figure 85: Access to the Internet from LAN – LAN configuration Mobile WAN Configuration Use the Mobile WAN item in the Configuration section to con- figure the connection to the mobile network. (Fig. 86.) In this case (depending on the SIM card) the configuration form can be blank. -
Page 130: Backup Access To The Internet From Lan
7. TYPICAL SITUATIONS 7.2 Backup Access to the Internet from LAN Figure 87: Backup access to the Internet – sample topology The configuration form on the Backup Routes page lets you back up the primary connection with alternative connections to the Internet/mobile network. Each backup connection can be assigned a priority. -
Page 131: Backup Access To The Internet - Wifi Configuration
7. TYPICAL SITUATIONS LAN configuration In the LAN item, Primary LAN, you can use the factory default configu- ration as in the previous situation. The ETH1 interface on the front panel of the router is used for connection to the Internet. It can be configured in Secondary LAN. Connect the cable to the router and set the appropriate values as in Fig. -
Page 132: Backup Access To The Internet - Wlan Configuration
7. TYPICAL SITUATIONS Figure 90: Backup access to the Internet – WLAN configuration Mobile WAN configuration To configure the mobile connection it should be sufficient to in- sert the SIM card into the SIM1 slot and attach the antenna to the ANT connector. (Depending on the SIM card you are using). -
Page 133: Backup Access To The Internet - Backup Routes Configuration
7. TYPICAL SITUATIONS Backup Routes configuration After setting up the backup routes you will need to set their priorities. In Figure the eth1 wired connection has the highest priority. If that connection fails, the second choice will be the WiFi wlan0 network interface. The third choice will be the mobile connection –... -
Page 134: Secure Networks Interconnection Or Using Vpn
7. TYPICAL SITUATIONS 7.3 Secure Networks Interconnection or Using VPN Figure 93: Secure networks interconnection – sample topology VPN (Virtual Private Network) is a protocol used to create a secure connection between two LANs, allowing them to function as a single network. The connection is secured (encrypted) and authenticated (verified). -
Page 135: Secure Networks Interconnection - Openvpn Configuration
7. TYPICAL SITUATIONS Mobile WAN configuration The mobile connection can be configured as described in the previous situations. (The router connects itself after a SIM card is inserted into SIM1 slot and an antenna is attached to the ANT connector.) Configuration is accessible via the Mobile WAN item the Configuration section. -
Page 136: Glossary And Acronyms
8. GLOSSARY AND ACRONYMS 8. Glossary and Acronyms Backup Routes Allows user to back up the pri- GRE Generic Routing Encapsulation (GRE) is mary connection with alternative connections to a tunneling protocol that can encapsulate a wide the Internet/mobile network. Each backup con- variety of network layer protocols inside virtual nection can have assigned a priority. - Page 137 8. GLOSSARY AND ACRONYMS growth of the Internet and the predicted deple- (2001:0db8:85a3:0042:1000:8a2e:0370:7334), tion of available addresses, a new version of IP but methods of abbreviation of this full notation (IPv6), using 128 bits for the address, was de- exist. veloped in 1995.
- Page 138 8. GLOSSARY AND ACRONYMS tween computer systems over packet-switched, an overlay internetwork. A router is connected variable-latency data networks. to two or more data lines from different net- works. When a data packet comes in one of the OpenVPN OpenVPN implements virtual pri- lines, the router reads the address information vate network (VPN) techniques for creating se- in the packet to determine its ultimate destina-...
- Page 139 8. GLOSSARY AND ACRONYMS sists of a set of standards for network manage- URL of a web page is displayed on top in- ment, including an application layer protocol, a side an address bar. An example of a typi- database schema, and a set of data objects. cal URL would be http://www.example.com/ index.html, which indicates a protocol (http), a...
- Page 140 8. GLOSSARY AND ACRONYMS mode of telecommunication allows a business X.509 In cryptography, X.509 is an ITU-T to effectively carry out its daily function regard- standard for a public key infrastructure (PKI) less of location. The Internet can be considered and Privilege Management Infrastructure (PMI).
-
Page 141: Index
9. INDEX 9. Index DNS server ......23, 36, DNS64 ........Domain Name System . - Page 142 PoE PSE......Restore Configuration ....Primary LAN .
- Page 143 USB Port ........User Datagram Protocol ... . . see UDP User Module .
-
Page 144: Recommended Literature
10. RECOMMENDED LITERATURE 10. Recommended Literature Advantech B+B SmartWorx: Commands and Scripts for v2 and v3 Routers, Application Note Advantech B+B SmartWorx: SmartCluster, Application Note Advantech B+B SmartWorx: R-SeeNet, Application Note Advantech B+B SmartWorx: R-SeeNet Admin, Application Note Advantech B+B SmartWorx: OpenVPN Tunnel, Application Note Advantech B+B SmartWorx: IPsec Tunnel, Application Note...