Multitech MultiConnect rCell 100 User Manual
  1. Manuals
  2. Brands
  3. Multitech Manuals
  4. Network Router
  5. MultiConnect rCell 100 Series
  6. User manual

Multitech MultiConnect rCell 100 User Manual

Hide thumbs Also See for MultiConnect rCell 100:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual
®
MultiConnect
rCell 100
MTR-EV3 User Guide

Advertisement

Table of Contents
loading

Related Manuals for Multitech MultiConnect rCell 100

Summary of Contents for Multitech MultiConnect rCell 100

  • Page 1 ® MultiConnect rCell 100 MTR-EV3 User Guide...
  • Page 2 Legal Notices The MultiTech products are not designed, manufactured or intended for use, and should not be used, or sold or re-sold for use, in connection with applications requiring fail-safe performance or in applications where the failure of the products would reasonably be expected to result in personal injury or death, significant property damage, or serious physical or environmental damage.

  • Page 3: Table Of Contents

    CONTENTS Contents Chapter 1 – Product Overview ..........................8 About MultiConnect rCell 100 Series Router........................ 8 Documentation ................................8 Descriptions of LEDs..............................10 Ethernet LED Descriptions ............................10 Side Panel Connectors ..............................12 Specifications ................................14 Dimensions.................................. 16 Labels ..................................16 Power Draw MTR-EV3..............................
  • Page 4 CONTENTS Chapter 6 – Using the Wizard to Configure Your Device..................29 First-Time Setup ................................29 Chapter 7 – Configuring Your Device........................32 Home Page (Dashboard) ............................. 32 Time Configuration ..............................33 Setting the Date and Time ............................33 Configuring SNTP to Update Date and Time ......................33 Unavailable Services in PPP-IP Passthrough and Serial Modem Modes..............
  • Page 5 CONTENTS Advanced Settings..............................50 Prerouting Rule ................................. 50 Postrouting Rule................................ 51 Trusted IP .................................. 51 Setting up Static Routes............................52 Chapter 10 – Setting Up Cellular Features ......................53 Configuring Cellular..............................53 Cellular Configuration Fields ............................53 Activating CDMA ................................. 55 Unavailable Services in PPP-IP Passthrough and Serial Modem Modes..............
  • Page 6 CONTENTS IP Defense ................................. 80 RADIUS Configuration ..............................81 Unavailable Services in PPP-IP Passthrough and Serial Modem Modes..............83 Generating a New Certificate............................83 Importing a Certificate ..............................83 Uploading CA Certificate ............................. 84 Setting up the Remote Management ......................... 84 Managing Your Device Remotely ..........................
  • Page 7 CONTENTS Waste Electrical and Electronic Equipment Statement .................... 102 WEEE Directive................................ 102 Instructions for Disposal of WEEE by Users in the European Union ..............102 Information on HS/TS Substances According to Chinese Standards ............... 103 Information on HS/TS Substances According to Chinese Standards (in Chinese) ............ 104 ®...

  • Page 8: Chapter 1 - Product Overview

    Chapter 1 – Product Overview About MultiConnect rCell 100 Series Router This guide describes the MultiConnect rCell 100 Series Router. Use the rCell family of routers to provide secure data communication between many types of devices that use legacy and the latest communication technologies.
  • Page 9 This document provides an overview, safety and regulatory information, schematics and general device information. API Developer Guide You can use the rCell API to manage configurations, poll statistics, and issue commands. Documentation is available on the MultiTech Developer Resources website at http://www.multitech.net/developer/software/mtr-api-reference/. AT Commands This document describes AT commands that are available for your device.

  • Page 10: Descriptions Of Leds

    PRODUCT OVERVIEW Descriptions of LEDs The top panel contains the following LEDs: Power and Status LEDs—The Power LED indicates that DC power is present and the Status LED blinks when the unit is functioning normally. Wi-Fi—Indicates if the device is serving as a Wi-Fi access point or acting as a Wi-Fi client. Not all models support Wi-Fi.
  • Page 11 PRODUCT OVERVIEW Ethernet Link Right LED on Ethernet connector. Blinks when there is transmit and receive activity on the Ethernet link. It shows a steady light when there is a valid Ethernet connection. Ethernet Speed Left LED on Ethernet connector. Lit when the Ethernet is linked at 100 Mbps. If it is not lit, the Ethernet is linked at 10 Mbps.

  • Page 12: Side Panel Connectors

    PRODUCT OVERVIEW Side Panel Connectors The device has connectors on both sides of the housing. The right side of the device contains a SIM card holder, a reset button, a GPS antenna connector, and a cellular-auxiliary antenna connector pair. Depending on the model of your device, the GPS and WiFi antenna connector may or may not appear.
  • Page 13 PRODUCT OVERVIEW Label Description Power 9-32 VDC power receptacle for provided power cord. The device uses a Globtek GT-41052- 1509 9V 1.7A power supply. ® MultiConnect rCell 100 MTR-EV3 User Guide...

  • Page 14: Specifications

    PRODUCT OVERVIEW Specifications MTR-EV3 Category Description General Performance CDMA2000 1xRTT v. EV-DO Rev. A (backward compatible to EV-DO Rev. 0 and CDMA 1x networks) Frequency Bands Dual-Band 800/1900 MHz Radio Cellular Telit DE910-DUAL Speed Packet Data Up to 3.1 Mbps downlink Up to 1.8 Mbps uplink Point-to-Point Messaging Mobile-Terminated SMS Mobile-Originated SMS...
  • Page 15 Certification does not apply or extend to voltages outside certified range, and has not been evaluated by UL for operating voltages beyond tested range. For information regarding extended range, please contact MultiTech. Installation in outdoor locations has not been evaluated by UL. UL Certification does not apply or extend to outdoor applications.

  • Page 16: Dimensions

    PRODUCT OVERVIEW Dimensions Labels The images that follow show regulatory information for your device. ® MultiConnect rCell 100 MTR-EV3 User Guide...
  • Page 17 PRODUCT OVERVIEW ® MultiConnect rCell 100 MTR-EV3 User Guide...

  • Page 18: Power Draw Mtr-Ev3

    PRODUCT OVERVIEW Power Draw MTR-EV3 Cellular call box Average measured Peak TX amplitude Total inrush charge connection no data current (amps) at current (amps) measured in (amps) maximum power MilliCoulombs (mC) 7 volts US Cellular 800 MHz 0.255 0.818 0.900 1.71 US PCS 1900 MHz 0.255...

  • Page 19: Chapter 2 - Safety Warnings

    This battery has an estimated life expectancy of ten years. When this battery starts to weaken, the date and time may be incorrect. Battery is not user replaceable. If the battery fails, the device must be sent back to MultiTech Systems for battery replacement.

  • Page 20: Interference With Pacemakers And Other Medical Devices

    SAFETY WARNINGS Interference with Pacemakers and Other Medical Devices Potential interference Radio frequency energy (RF) from cellular devices can interact with some electronic devices. This is electromagnetic interference (EMI). The FDA helped develop a detailed test method to measure EMI of implanted cardiac pacemakers and defibrillators from cellular devices.

  • Page 21: Chapter 3 - Cellular Information

    50 ohms. EV-DO and CDMA Antenna Information EV-DO and CDMA Authorized Antennas These devices were approved with the following antenna: Manufacturer: Exceltek Electronics Ltd. Manufacturer's Model Number: C0081-ANG0002 MultiTech Part Number 45009713L Multi-Tech ordering information: Model Quantity ANQB-1HRA ANQB-10HRA ANQB-50HRA...

  • Page 22: Chapter 4 - Carrier Specific Information

    Sprint HFA process or OMA-DM processes outlined in section labeled Telit OMA DM Notifications. If the MultiTech device will be co-located with any other transmitters you will be required to submit your device to an FCC approved lab for additional FCC testing.

  • Page 23: Sprint #9Xx Oma Unsolicited Indications

    CARRIER SPECIFIC INFORMATION again, or reset device in an attempt to regain control. Application should wait for a #9xx indication the process has completed before proceeding. Be aware after the HFA process is successfully completed the radio will be reset. The radio may also reset after other OMA functions.

  • Page 24: Oma-Dm Commands

    CARRIER SPECIFIC INFORMATION #913 PRL - Error - network error #915 PRL - Error - update failed for other reasons #DREL Data session release Sprint Network Initiated (NI) or Client Initiated (CI) Firmware Update Management Object (FUMO) Notifications #907 FUMO - Firmware DM session started or started again until no more updates are available #911 FUMO - credential error #912...

  • Page 25: Sprint Successful Indications

    CARRIER SPECIFIC INFORMATION AT#OMADMSVPORT? Read OMA-DM server AT#OMADMPROXY=<port#>,<URL> Set OMA-DM proxy server port/URL (default http://oma.ssprov.sprint.com:80) AT#OMADLPROXY=<port#>,<URL> Set OMA-DL Proxy DL Server Port URL (default http://oma.ssprov.sprint.com:80) AT#OMADMCEN=<onoff> Set OMA-DM Client feature; Disable=0, Enable=1 Important: Never deploy devices with AT#OMADMCEN=0. Many OMA commands result in error if OMADMCEN is set to 0. AT#OMADMCEN? Query the current OMA-DM client status AT#OMADMCEN=?
  • Page 26 CARRIER SPECIFIC INFORMATION Typical Successful HFA Session Alternate Successful HFA Session Typical Successful FUMO Session Indications Indications Indications With firmware update #916 #900 #900 #930 #907 #929:200 Typical Successful FUMO Typical Successful PRL Sessions Typical Successful DC Session Indications Session Indications without Indications Firmware Update #907...

  • Page 27: Chapter 5 - Installing The Router

    INSTALLING THE ROUTER Chapter 5 – Installing the Router Installing the Router To use the router’s cellular features, connect a suitable antenna to the antenna connector. If your device is capable of supporting antenna diversity, see the section about diversity. Using an Ethernet cable, connect one end of the cable to the E-NET connector on the back of the router and the other end to your computer, either directly or through a switch or hub.
  • Page 28 INSTALLING THE ROUTER The following is the default condition for the RESET button on the device. You can program a change to the behavior of the button if needed. To reset the device: Find the hole labeled RESET. The reset button is recessed into the case. Use the pin to press and release the RESET button as follows: Reset options: To reboot, press RESET for less than 3 seconds.

  • Page 29: Chapter 6 - Using The Wizard To Configure Your Device

    USING THE WIZARD TO CONFIGURE YOUR DEVICE Chapter 6 – Using the Wizard to Configure Your Device First-Time Setup If you need to change the mode of your device, this is the only way to do so. This section is not available through the device management software.
  • Page 30 USING THE WIZARD TO CONFIGURE YOUR DEVICE In the Protocol Support field, choose IPv4 only as the cell radios for C2 and EV3 do not support IPv6. In the Mask field, enter the IP mask (default: 255.255.255.255 for mask 32, 255.255.255.0 for mask 24).
  • Page 31 USING THE WIZARD TO CONFIGURE YOUR DEVICE In the Flow Control field, select the flow control option from the drop down list provided. Choose from NONE or RTS-CTS. In the Parity field, select the parity option from the drop down list. Choose from NONE, ODD, or EVEN.

  • Page 32: Chapter 7 - Configuring Your Device

    Click Home to display the following information: Router: Model Number: The MultiConnect rCell model ID. Serial Number: The MultiTech device ID. Firmware: MultiConnect rCell MTR firmware version. Current Time: Current date and time of the router. For information on setting the date and time, go to Setup >...

  • Page 33: Time Configuration

    CONFIGURING YOUR DEVICE Wi-Fi: Mode: Indicates the current Wi-Fi mode. Options include None, Wi-Fi as WAN, or Wi-Fi Access Point. For configuration go to Wireless > Wi-Fi. MAC Address: Media Access Control Address used to uniquely identify the Wi-Fi interface. This MAC will be the same as the Ethernet MAC when in Access Point mode.

  • Page 34: Unavailable Services In Ppp-Ip Passthrough And Serial Modem Modes

    CONFIGURING YOUR DEVICE Click Submit. To save your changes, click Save and Restart. Unavailable Services in PPP-IP Passthrough and Serial Modem Modes In both PPP-IP Passthrough and Serial Modem modes, many rCell services described in this document are non- configurable and therefore do not appear in the device configuration menu. If you choose one of these modes, all sections between this and the next note on this subject are not available.

  • Page 35: Editing Failover Configuration

    CONFIGURING YOUR DEVICE Click Save and Restart to save the change. For field descriptions see Failover Configuration Fields For information on editing WAN Failover see Editing Failover Configuration Editing Failover Configuration The device can use the active or passive mode to monitor the Internet availability in WAN. The default condition is active mode.

  • Page 36: Entering Authentication Information

    CONFIGURING YOUR DEVICE In the Service drop-down list, select a DDNS service. To define a service that isn't listed choose Custom. For custom DDNS service, in the Service field, type the DDNS server's URL. For custom DDNS service, in the Port field, type the DDNS server's port. In the Domain field, type the registered Domain name.

  • Page 37: Assigning Fixed Addresses

    CONFIGURING YOUR DEVICE In the Domain field, type your network domain, if any. In the Lease Range Start field and in the Lease Range End field, type the range of IP addresses to be assigned by DHCP. In the Lease Time field, type the DHCP lease time. Lease time is set in days, hours, and minutes. Click Submit.

  • Page 38: Configuring Nmea Sentences

    CONFIGURING YOUR DEVICE To allow the device to connect, go to Setup > GPS Configuration > Client Configuration. Check TCP/UDP Client. From the Protocol drop-down list, select the protocol of the client (TCP or UDP). In the Remote Host field, type the IP address of the remote host. In the Port, field type the port number of the remote host.

  • Page 39: Configuring Device To Act As Client

    CONFIGURING YOUR DEVICE Configuring Device to Act as Client You can set up the router to act as a client. The TCP, UDP, SSL/TLS client feature enables the router to act as a proxy TCP, UDP, or SSL/TLS client to the serial terminal connected to the RS-232 port on the router.

  • Page 40: Configuring Device To Act As Server

    CONFIGURING YOUR DEVICE Select the TLS version. Check either TLSv1.2 or TLSv1.1. Check your preferred Cipher Suite from the following list: ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA- AES256-SHA, DHE-RSA-AES256-GCM-SHA384, AES256-SHA, ECDHE-RSA-AES128-GCM-SHA256, ECDHE- RSA-AES128-SHA, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA, and/or AES128-SHA Click Submit. To save your settings, click Save and Restart. Configuring Device to Act as Server You can set up the router to act as a server.

  • Page 41: Adding Saved Networks

    CONFIGURING YOUR DEVICE Check your preferred Cipher Suite from the following list: ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA- AES256-SHA, DHE-RSA-AES256-GCM-SHA384, AES256-SHA, ECDHE-RSA-AES128-GCM-SHA256, ECDHE- RSA-AES128-SHA, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA, and/or AES128-SHA Click Submit. To save your settings, click Save and Restart. Adding Saved Networks You can define, edit, and delete networks that your router supports. These networks can appear in your list of choices when configuring other items, such as tunnels.
  • Page 42 CONFIGURING YOUR DEVICE To configure SNMP: Go to Setup > SNMP Configuration, check the Enabled box for each of the SNMP versions that apply (either SNMP V1/V2C and/or SNMP V3). Under SNMP Server Configuration, check Enabled to activate the SNMP server. Click Submit. If needed, click Add under Allowed IP Addresses for SNMP v1/v2c.

  • Page 43: Unavailable Services In Ppp-Ip Passthrough And Serial Modem Modes

    CONFIGURING YOUR DEVICE Enter the Destination IP Address. Enter the Community String. Click Submit. Click Save and Restart. For SNMPv3: Enter the Destination IP Address. Enter Security Name. Enter the Authentication Protocol from the drop-down, including NONE, MD5, or SHA1. If you selected MD5 or SHA1 for Authentication Protocol: Enter the Authentication Password, which is a password used to authenticate incoming SNMPv3 requests.

  • Page 44: Chapter 8 - Setting Up Wireless Features

    SETTING UP WIRELESS FEATURES Chapter 8 – Setting Up Wireless Features Setting Up Wi-Fi Access Point If you ordered a device with Wi-Fi capability, your router can be configured as a wireless access point (AP). This allows Wi-Fi enabled devices to connect to the router using Wi-Fi. The Wi-Fi access point can have up to 8 clients at a time.

  • Page 45: Viewing Information About Wi-Fi Clients Using Your Wireless Network

    SETTING UP WIRELESS FEATURES To select WEP mode: From the Encryption drop-down list, select the encryption to be used. Choose from 64 bit 10 hex digits or 128 bit 26 hex digits. To generate a key from a phrase, in the Passphrase field, type a phrase. Click Generate. To manually enter keys, type the keys in the Key 1, Key 2, Key 3 or Key 4 fields.

  • Page 46: Setting Up Bluetooth

    SETTING UP WIRELESS FEATURES If desired, add additional access points to the list of Saved Networks. The router tries to connect to Saved Networks in the order they are listed. You can change the order by clicking the up or down arrows shown under Options.
  • Page 47 SETTING UP WIRELESS FEATURES On-Demand CR: Three carriage returns must be received from the Bluetooth side before TCP/UDP connection is established to the remote server. From the Connection Termination drop-down list select a disconnect method for the IP pipe. Options are: Always On: Sequence: A sequence of characters received from the Bluetooth side used to disconnect the IP pipe...

  • Page 48: Chapter 9 - Setting Up The Firewall

    SETTING UP THE FIREWALL Chapter 9 – Setting Up the Firewall Defining firewall rules The router's firewall enforces a set of rules that determine how incoming and outgoing packets are handled. By default, all outbound traffic originating from the LAN is allowed to pass through the firewall, and all inbound traffic originating from external networks is dropped.

  • Page 49: Output Filter Rules

    SETTING UP THE FIREWALL In the FilterRule dialog box, enter a name for the rule and optionally, a description. In the Destination IP field, enter the destination IP address that applies to this rule. In the Destination Port field, enter the destination port that applies to this rule. If there is a range of ports, the ending port is automatically set.

  • Page 50: Advanced Settings

    SETTING UP THE FIREWALL From the Protocol drop-down list, select the protocol of the messages that apply to this rule. Choose from TCP/UDP, TCP, UDP, or ANY. In the Chain field, select the grouping based on the type of traffic affected by the rule from the drop- down menu.

  • Page 51: Postrouting Rule

    SETTING UP THE FIREWALL Click Submit. To save your changes, click Save and Restart. Postrouting Rule Add a SNAT rule To add postrouting or SNAT rule to your firewall: Go to Firewall > Settings to display the Firewall window. In the Postrouting Rules group, click Add SNAT Rule. In the Postrouting Rule dialog box, enter a name for the rule and optionally, a description.

  • Page 52: Setting Up Static Routes

    SETTING UP THE FIREWALL To add IP addresses, click Add IP Range in the upper right corner. Under the Add IP Range, enter or select the following parameters: Name Mode from drop-down, either Subnet or IP Range. For Subnet: IP Address Subnet Mask For IP Range: IP Address Start...

  • Page 53: Chapter 10 - Setting Up Cellular Features

    SETTING UP CELLULAR FEATURES Chapter 10 – Setting Up Cellular Features Configuring Cellular To configure how cellular is used on your device: On the Web Management interface, go to Cellular > Cellular Configuration to display the Cellular Configuration window. If you choose IPv6 Passthrough mode, you must select Administration > Initial Setup.
  • Page 54 SETTING UP CELLULAR FEATURES Field Description SIM Pin The pin used to unlock the SIM for use (only required if the SIM is locked). This does not apply to CDMA radios. The Access Point Name assigned by the wireless service provider (carrier specific).

  • Page 55: Activating Cdma

    SETTING UP CELLULAR FEATURES Activating CDMA If your device is to operate on a CDMA network, you need to associate the radio in your device with you cellular service account so that the radio can connect to the service provider's cellular network. Before activating your account, you need to contact your carrier to setup an account, check the signal strength LEDs on the device, as well as the signal strength meter on the web management interface.

  • Page 56: Wake Up On Call Method Settings

    SETTING UP CELLULAR FEATURES Check the Wake Up On Call box. Select a Wake Up setting. For wakeup methods, see Wake Up On Call Method Settings. Click Submit. To save your changes, click Save and Restart. Note: This feature only defines when the device brings up its cellular link, not when the device takes it down. See the Dial on Demand option on the Cellular Configuration page at Cellular >...

  • Page 57: Using Telnet To Communicate With The Cellular Radio

    SETTING UP CELLULAR FEATURES Field Description Init String Number Router initialization strings specific to the integrated cellular modem required for the Wake Up On Call feature. Using Telnet to Communicate with the Cellular Radio Your router comes with an integrated cellular radio. You can use this cellular radio directly without using any router functions.

  • Page 58: Radio Status

    SETTING UP CELLULAR FEATURES Radio Status Field Description Module Information IMSI International Mobile Subscriber Identifier Manufacturer Company that developed the cellular module Model Cellular module model number Hardware Revision Module's hardware revision MDN (Phone Number) Mobile Directory Number. In some SIM/carriers, the value may not be present and therefore not displayed.

  • Page 59: Chapter 11 - Configuring Sms

    CONFIGURING SMS Chapter 11 – Configuring SMS Configuring SMS This function is not available if you enable SMS through Cellular > Wake Up On Call. To enable short message service (SMS) via the Web Management interface or API: From the Web Management interface, go to SMS > SMS Configuration > General. Check Enabled.

  • Page 60: Sms Command Descriptions

    CONFIGURING SMS Whitelist: If enabled, SMS commands can only be received from a number in the whitelist (you must enter a phone number). Enter the phone number and click Add Number. Note: Due to differences between service providers, for every US number you add to the Whitelist, create two separate entries: 1) one using the phone number and 2) the other using 1 + phone number.

  • Page 61: Sending An Sms Message

    CONFIGURING SMS SMS Command Description #apn get APN string #cellular PPP status #radio radio status #ethernet Ethernet LAN configuration details #wan WAN transport type and WAN priority configuration #serial get serial details: Mode (Server or Client), RX bytes, TX bytes, DCD Status, Protocol, Port (Server mode only), Server IP Address (Client mode only), and Server Port (Client Mode only) #wifi...
  • Page 62 CONFIGURING SMS Go to SMS > Sent to display the Sent SMS window. The messages are sorted by date with the most recent messages on top. The table shows up to 30 characters for each message. To view a full message, click the eye icon to the right of the message entry. To delete a sent SMS message, click the trash can icon to the right of the message entry.

  • Page 63: Chapter 12 - Defining Tunnels

    DEFINING TUNNELS Chapter 12 – Defining Tunnels Setting Up GRE Tunnels Tunneling allows the use of a public network to convey data on behalf of two remote private networks. It is also a way to transform data frames to allow them to pass networks with incompatible address spaces or even incompatible protocols.
  • Page 64 DEFINING TUNNELS The default set of Hash Algorithms is: SHA-1, SHA-2, and MD5. The default set of DH Group Algorithms is: DH2(1024-bit), DH5(1536-bit), DH14(2048-bit), DH15(3072-bit), DH16(4096-bit), DH17(6144-bit), DH18(8192-bit), DH22(1024-bit), DH23(2048-bit), and DH24(2048-bit). To set up a Network-to-Network VPN tunnel on your router: From the Web Management interface, go to Tunnels >...

  • Page 65: Ipsec Tunnel Configuration Field Descriptions

    DEFINING TUNNELS IPsec Tunnel Configuration Field Descriptions Field Description IPSec Tunnel Name Name used to identify the IPsec tunnel in configurations and logs. Description Optional text to describe the IPsec tunnel. This description shows up in the UI while hovering over the summary of an IPsec tunnel. IPSec Remote Tunnel Endpoint Remote WAN IP External IP address of the remote tunnel endpoint.
  • Page 66 DEFINING TUNNELS Field Description Encryption Method Choose an Encryption Method from the following list: 3DES, AES-128, AES-192, AES-256, or ADVANCED. IKE encryption algorithm is used for the connection (phase 1 - ISAKMP SA). Based off of phase 1, a secure set of defaults are used for phase 2, unless the Advanced option is used, in which case, all components of both phases 1 and 2 are specified by the user.

  • Page 67: Openvpn Tunnels

    DEFINING TUNNELS Field Description Aggressive Mode Whether to allow a less secure mode that exchanges identification in plain text. This may be used for establishing tunnels where one or more endpoints have a dynamic public IP address. Although this mode is faster to negotiate phase 1, the authentication hash is transmitted unencrypted.
  • Page 68 DEFINING TUNNELS Hash Algorithm as DEFAULT. Encryption Cipher as DEFAULT. Min. TLS Version as 1.2. TLS Cipher Suite as DEFAULT as 1.2. Enter the contents of the following files generated from the easy-rsa tool. You can copy and paste this content from the certificate files after opening from a text editor like Notepad. (all required): CA PEM (.crt) Diffie Hellman PEM (.pem) iii.
  • Page 69 DEFINING TUNNELS Click Save and Restart to save your changes To add an OpenVPN Client using TLS: Go to Tunnels > OpenVPN Tunnels > OpenVPN Tunnel Configuration. Click Add Tunnel. Enter the Name of the tunnel. Select the Type as CLIENT from the drop-down. You can also enter an optional Description.
  • Page 70 DEFINING TUNNELS Configure the device server as shown under how to add an OpenVPN Server using TLS (steps 1-14). Open device console, go to /var/config/ovpnccd/openVPNServerName. Create the folder if not present in the device. Create a file that has the client certificate name with the following information: iroute [Client_Subnet] [Mask] example -- echo “iroute 192.168.3.0 255.255.255.0”...
  • Page 71 DEFINING TUNNELS d214482b8547ec9dca8910f514d9f4270ccaeff1a79852ae27c1c307c9dc3c836d1c380bece3c70fd2104 e1968ed29b6c3388719226f959f69f9be43688ed27bc3a4dbc83f640370524b47bb871816af79586d07 08781fad384480d0609b11c31d27baa6e902d29277a474e3e2785a8410d595c0f9c75312375b4bd098 76e1a47a598e114749a09c35f098e9123015c2795c702e4a346a8bccd00305c7cb30beef66ad33f43dac c2e662128 -----END OpenVPN Static key V1----- Click Next. Remote Network Routes create a route from the server network to the client network. This allows the server to get access to the client’s network. In the OpenVPN Tunnel dialog box, under Remote Network Routes: Choose an available Saved Network as your remote network route from the drop-down if desired (optional).
  • Page 72 DEFINING TUNNELS Min. TLS Version as 1.2. TLS Cipher Suite as DEFAULT. Enter the Static Key PEM (required). Both server and client must use the same static key. See example below: -----BEGIN OpenVPN Static key V1----- 3f4c9113b2ec15a421cfe21a5af015bb967059021c1fd6f66ecfd00533d967237875215e20e80a2d59efd 79148d6acdea9358dcafe0efdbb54003ff376c71432dd9d16f55e7d8917a32bfe07d61591b7bbb43c7ba d214482b8547ec9dca8910f514d9f4270ccaeff1a79852ae27c1c307c9dc3c836d1c380bece3c70fd2104 e1968ed29b6c3388719226f959f69f9be43688ed27bc3a4dbc83f640370524b47bb871816af79586d07 08781fad384480d0609b11c31d27baa6e902d29277a474e3e2785a8410d595c0f9c75312375b4bd098 76e1a47a598e114749a09c35f098e9123015c2795c702e4a346a8bccd00305c7cb30beef66ad33f43dac c2e662128...
  • Page 73 DEFINING TUNNELS Enter the following fields (using STATIC KEY as Authorization Mode): Interface Type as TUN from the drop-down. Authorization Mode as STATIC KEY from the drop-down. Protocol as TCP. Local Address as DEFAULT. Port number. Remote Address as DEFAULT. Hash Algorithm as ECDSA-WITH-SHA1.
  • Page 74 DEFINING TUNNELS Go to Tunnels > OpenVPN Tunnels > OpenVPN Tunnel Configuration. Click Add Tunnel. Enter the Name. Select the Type as CLIENT from the drop-down. You can also enter an optional Description. Click Next. Enter the following fields (using STATIC KEY as Authorization Mode): Interface Type as TUN from the drop-down.

  • Page 75: Unavailable Services In Ppp-Ip Passthrough And Serial Modem Modes

    DEFINING TUNNELS Note: Push Routes are not required with Static Key as Authorization Mode. Click Next. The system displays the Configuration Preview window (read-only). Click Finish. Click Save and Restart to save your changes. Unavailable Services in PPP-IP Passthrough and Serial Modem Modes In both PPP-IP Passthrough and Serial Modem modes, many rCell services described in this document are non- configurable and therefore do not appear in the device configuration menu.

  • Page 76: Chapter 13 - Device Administration

    DEVICE ADMINISTRATION Chapter 13 – Device Administration User Accounts Use this feature to add user accounts or change the password. The system offers three roles or user types: administrator, engineer, and monitor. Administrators have full rights and permissions including change settings on the device. Engineers have read/write privileges and some access to controls on the device.

  • Page 77: Self-Diagnostic

    DEVICE ADMINISTRATION Username (required) Role (required). Select the user role from the drop-down menu including administrator, engineer, or monitor. First Name Last Name Title Division Employee Identification Under Contact Information, enter the following fields: Email Address City State Country Postal Code Work Phone Mobile Phone Click Submit.

  • Page 78: Configuring Device Access

    DEVICE ADMINISTRATION To turn on the Flash Memory Violation diagnostic that performs a flash memory checksum check to protect the integrity of device firmware: Check Enabled under Flash Memory Violation. Enter the Flash Memory Check Interval (ranging between 4-24 hours). Default is 24. If you want the system to disable WAN interfaces after a Flash Memory Violation is detected, check Disable WAN Interfaces under Actions.

  • Page 79: Https Security

    DEVICE ADMINISTRATION Field Description Via WAN/Cellular If checked, the device will listen and respond to HTTPS requests from the WAN. This increases susceptibility to malicious activity. Timeout Minutes Amount of time a user's session can remain dormant before automatically being logged out. HTTPS Security Configure the HTTPS security settings (like version and cipher suite).

  • Page 80: Icmp

    Port number configured for Modbus. For Modbus query information, refer to the MTR Modbus Information page on our Developer Resources website (on .net) for details: http://www.multitech.net/developer/software/mtr-software/mtr-modbus-information/ After making all your desired changes, click Submit, then click Save and Restart. IP Defense A set of rules that decreases susceptibility to malicious activity.

  • Page 81: Radius Configuration

    DEVICE ADMINISTRATION DoS Prevention This area of the Access Configuration window engages a set of rules at the firewall that prevents Denial-of-Service attacks by limiting the amount of new connection requests to the device. Field Description Enabled Enables DoS prevention. Per Minute Allowed number of new connections per minute until burst points are consumed.
  • Page 82 DEVICE ADMINISTRATION RADIUS user details: Access to device if role is one of those in the provided list (Administrator, Engineer, or Monitor). All RADIUS users do not have SSH access to the device. RADIUS creates a temporary session instead of a local account like local users. RADIUS uses shared key encryption.

  • Page 83: Unavailable Services In Ppp-Ip Passthrough And Serial Modem Modes

    DEVICE ADMINISTRATION Check Check Server Certificate Hostname to allow the server certificate CN (common name) to be validated by the device. Click Submit. To save your changes, click Save and Restart Unavailable Services in PPP-IP Passthrough and Serial Modem Modes In both PPP-IP Passthrough and Serial Modem modes, many rCell services described in this document are non- configurable and therefore do not appear in the device configuration menu.

  • Page 84: Uploading Ca Certificate

    DEVICE ADMINISTRATION To save your changes, click Save and Restart. Uploading CA Certificate This page allows a user to upload an X.509 CA (Certifying Authority) Certificate. To upload a CA certificate: Go to Administration > X.509 CA Certificates. Click Choose File and browse for your CA certificate file. Click Open.

  • Page 85: Unavailable Services In Ppp-Ip Passthrough And Serial Modem Modes

    DEVICE ADMINISTRATION To define how often the device connects to DeviceHQ to send GPS data, set the GPS Data Interval field to the desired number of minutes, between 240-10080 (240 minutes to 1 week). Note: Some MTR models do not have GPS. In this case, the system does not display this field. If you want the device to connect to DeviceHQ only when the device's cellular link is up, check Sync with Dial-On-Demand.
  • Page 86 DEVICE ADMINISTRATION Ping Failure Security Violation Flash Memory Violation Resource Overuse Wi-Fi Interface Failure* Wi-Fi Data Traffic* *Only available on non-LTE devices Click on the pencil icon under the Edit column for the alert you want to use and configure. The Edit dialog box appears for your chosen alert.
  • Page 87 DEVICE ADMINISTRATION Check Enabled. Enter the Duration in seconds. Under Notification Options, select the recipients from the drop-down in Recipient Group. In Notify, enter the frequency of notification (in hours). Default is 24. Select how you want to send alerts by clicking Email, SMS or SNMP. Click Finish.
  • Page 88 DEVICE ADMINISTRATION Click Finish. To save your changes, click Save and Restart. For Ping Failure: Check Enabled. Under Ping Details, select the Network Interface from the drop-down. Enter the IP Address or URL that you want to ping. Enter the Count. Enter the Failure Threshold.

  • Page 89: Customizing The User Interface

    DEVICE ADMINISTRATION In Notify, enter the frequency of notification (in hours). Default is 24. Select how you want to send alerts by clicking Email, SMS or SNMP. Click Finish. To save your changes, click Save and Restart. For Wi-Fi Data Traffic: Check Enabled.

  • Page 90: Specifying Device Settings

    For added security, you have the option to use Signed Firmware Validation when upgrading from version 4.1 and higher. This authentication method prevents attempts to load invalid or damaged firmware files in order to defeat possible tampering. If you check this option, the module does not load any firmware that Multitech did not digitally sign.

  • Page 91: Saving And Restoring Settings

    Before you upgrade your firmware, save your present configuration as a backup. Otherwise, see DeviceHQ. Go to the MultiTech website, locate the firmware upgrade file you want for your device, and download this file to a known location. Select Administration > Firmware Upgrade. The Administration: Firmware Upgrade pane opens.

  • Page 92: Using The Debugging Options

    DEVICE ADMINISTRATION Navigate to the location where you wish to save the file and select location. This option is only available if you had reset to user-defined configuration. (Also, holding the reset button on the device for 30 seconds overrides user-defined settings and resets to factory default.) To reset the device's configuration to the factory settings, go to Reset to Factory Default Configuration: Click Reset.

  • Page 93: Setting Up Telnet

    DEVICE ADMINISTRATION In the Auto Reboot Timer field, select the Hour of the Day (0-23) and then enter Hour of the Day to Restart (0-23). If you do NOT want the device to automatically reboot, set the time to 0. The default setting is 0. Setting up Telnet To enable and configure Telnet on your device: Go to Administration >...

  • Page 94: Ping And Reset Options

    DEVICE ADMINISTRATION Ping and Reset Options Perform a Ping Test Ping allows you to test the IP address or URL to ensure it is operational. To perform a ping test: Go to Administration > Debug Options > Ping. Enter the IP address or URL of the site you wish to ping. Under Network Interface, choose from the available drop-down list options including: ANY, LAN, CELLULAR, and ETHERNET.
  • Page 95 DEVICE ADMINISTRATION Field Description Port Enter the port number that the SMTP server uses. Email Enter the sender email address. This address will be added as the sender email address to the sent emails. Username Enter the name that can access the SMTP server. Password Enter the password that can access the SMTP server.

  • Page 96: Chapter 14 - Device Status

    DEVICE STATUS Chapter 14 – Device Status Viewing Device Statistics The device collects sent/received traffic data for WAN, Cellular, and Ethernet networks. The daily statistical data is stored on the device for a 365-day period. All data that is older than 365 days is automatically deleted. From Status &...

  • Page 97: Mail Log

    DEVICE STATUS Change the time frame for the chart by clicking Start Date or End Date using calendar to set a different date. Show Log The associated run-time logs for this section. Mail Log Mail Log shows the recent email delivery attempts and the mail log details. Mail log entries are sorted by date with the most recent on top.

  • Page 98: Notifications Sent

    DEVICE STATUS Field Description Save Timeout The device saves the statistical data when the desired timeout period has elapsed. Default is 300 seconds (5 minutes). Save Data Limit The device saves the statistical data if the data limit is reached. Default is 5 MB.

  • Page 99: Chapter 15 - Regulatory Information

    REGULATORY INFORMATION Chapter 15 – Regulatory Information 47 CFR Part 15 Regulation Class B Devices This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.

  • Page 100: Fcc And Ic Antenna Requirements Toward License Exempt Radio Transmitters (Bluetooth/Wlan)

    REGULATORY INFORMATION FCC and IC Antenna Requirements Toward License Exempt Radio Transmitters (Bluetooth/WLAN) The license-exempt Bluetooth/WLAN radio transmitter contained in this equipment may only be operated with an antenna of a type, a maximum gain and the required antenna impedance as approved and specified below. To reduce potential radio interference to other users, choose the antenna type and it's gain so that the equivalent isotropically radiated power (EIRP) is not more than that necessary for successful communication.

  • Page 101: Reach Statement

    2011/65/EU of the European Parliament (Restriction of the use of certain Hazardous Substances in electrical and electronic equipment - RoHS). These MultiTech products do not contain the following banned chemicals Lead, [Pb] < 1000 PPM Mercury, [Hg] <...

  • Page 102: Waste Electrical And Electronic Equipment Statement

    Substances) complements the WEEE Directive by banning the presence of specific hazardous substances in the products at the design phase. The WEEE Directive covers all MultiTech products imported into the EU as of August 13, 2005. EU-based manufacturers, distributors, retailers and importers are obliged to finance the costs of recovery from municipal collection points, reuse, and recycling of specified percentages per the WEEE requirements.

  • Page 103: Information On Hs/Ts Substances According To Chinese Standards

    REGULATORY INFORMATION Information on HS/TS Substances According to Chinese Standards In accordance with China's Administrative Measures on the Control of Pollution Caused by Electronic Information Products (EIP) # 39, also known as China RoHS, the following information is provided regarding the names and concentration levels of Toxic Substances (TS) or Hazardous Substances (HS) which may be contained in Multi-Tech Systems Inc.

  • Page 104: Information On Hs/Ts Substances According To Chinese Standards (In Chinese)

    REGULATORY INFORMATION Information on HS/TS Substances According to Chinese Standards (in Chinese) 依 依 照 照 中 中 国 国 标 标 准 准 的 的 有 有 毒 毒 有 有 害 害 物 物 质 质 信 信 息 息 根据中华人民共和国信息产业部...

Table of Contents