Page 1 TAINY IQ-LTE User Manual...
Page 2 All deliveries and services are provided by Sagemcom Dr. Neuhaus GmbH on the basis of the General Terms and Conditions of Sagemcom Dr. Neuhaus GmbH in the respective valid version. All information is based on manufacturer's specifications.
Page 3: Table Of Contents
Table of Contents INTRODUCTION ..........................5 Product Overview ........................5 Terms ............................6 Possible Applications ....................... 8 Controls ..........................11 Function Overview ......................... 12 INSTRUCTIONS AND SAFETY INFORMATION ................15 Intended Use .......................... 15 Unintended Use ........................15 Qualified Personnel ........................ 15 Classification of safety instructions ..................
Page 4 Introduction Configure the Packet Filter ....................80 Configure Remote Access ..................... 84 Configure the Port Forwarding ....................87 Configure the Traffic Priority ....................89 Configure the MAC Table....................... 90 LAN SETTINGS ..........................91 Configure the LAN Interface/DHCP/VRRP Settings .............. 91 Configure VRRP ........................
Page 5: Introduction
Introduction 1 Introduction 1.1 Product Overview The mobile coumminucation router TAINY IQ-LTE is designed for industrial use and offers a diversity of features and functionalities This manual provides security instructions and describes the installation and operation of TAINY IQ-LTE. Device...
Page 6: Terms
Connectivity provided it is connected to a router with WAN access or a DSL modem. The TAINY IQ-LTE connects via up to 2 Ethernet ports locally connected applications or entire networks to the internet. Therefore it uses wireless or wired IP connections. Direct connection can also be made to an intranet which the external remote stations are connected to.
Page 7 Introduction External network External network the TAINY IQ-LTE is connected to via HSPA+, UMTS, EGPRS or GPRS. External networks are the internet or a private intranet. External remote External remote stations are network components in an external network, stations e.g. web servers in the internet, routers in an intranet, a central server of a company, an admin PC, and many more.
Page 8: Possible Applications
Introduction 1.3 Possible Applications In this chapter possible applications of the TAINY IQ-LTE are listed and described. Scenario 1: Virtual Private Network (VPN) with IPsec Remotes Netzwerk Lokales Netzwerk Admin-Rechner Admin-Rechner TAINY VPN-Gateway LTE, HSPA+, Externe Lokale UMTS INTERNET Gegenstelle...
Page 9 Local applications could be, for example, a programmable controller, a machine with an Ethernet interface for remote monitoring, or a notebook or desktop PC. These applications use the TAINY IQ-LTE to access an external network just as if they had a direct, local connection to the external network.
Page 10 Introduction Scenario 7: Connection via IPsec- to VPN Externes Netzwerk Lokales Netzwerk Lokale Externe Router/ VPN Tunnel Applikation Gegen- Firewall stelle Router/ TAINY Firewall VPN- Lokale INTERNET Benachrichtigung Applikation Router/ VPN- Firewall Service Leuchtmelder VPN- Lokale Gegen- Schalter Applikation stelle Servicetechniker: Wartung / Havarie Service VPN Tunnel (abschaltbar)
Page 11: Controls
Introduction 1.4 Controls 24V Power Input MIMO-Antenna System 3, 8 Signal lamps Service Button RS232-Interface Digital Input / Output Ethernet Ports TAINY iQ Page 11 of 147...
Page 12: Function Overview
Web browser PC with Web browser The following listing contains the main as well as specific features of TAINY IQ-LTE. This listing does not compensate the user manual and does not relieve the user from reading the manual carefully! You need to know the content of the manual in order to install, configure and use the mobile router correctly in any scenario described.
Page 13 Introduction WAN-connection WAN-connection via DSL and/or mobile possible as well as 2 mobile telecom providers (dual SIM) Utmost system stability in combination with VRRP (redundant communication channels + device redundancy) LAN-features Allocation of multiple LAN-IP-Addresses possible (also various networks) Modus: "Automatic", "10M / Half duplex", “10M / Full duplex”, “100M / Half duplex”, “100M / Full duplex”...
Page 14 Introduction Classification of the remote accesses according to service: HTTPS/SNMP/SSH/ICMP Port forwarding Port forwarding of address ranges/individual addresses to destination address Port-implementation oder transfer Classification of Port forwarding according to protocol: TCP/UDP Unknown data traffic can be forwarded to a defined destination addres (Exposed Host) MAC-Tables MAC-Address can be allocated to a defined Ethernet-Port...
Page 15: Instructions And Safety Information
Proper transport, storage, set-up and assembly, as well as careful operation and service are prerequisite for a fault-free and safe operation of the product. 2.2 Unintended Use Do not use TAINY IQ-LTE without a secure backup in any application which malfunctions could lead to property damage, fatal injuries or death. 2.3 Qualified Personnel This device may only be installed, operated, commissioned and decommissioned by an electrically skilled person.
Page 16: Classification Of Safety Instructions
Instructions and Safety Information 2.4 Classification of safety instructions This manual contains instructions which you must follow for your own personal safety and to prevent property damage. A warning triangle is provided to draw your attention to instructions for your personal safety; no warning triangle is provided for instructions for general property damage.
Page 17: Safety Instructions
Instructions and Safety Information 2.5 Safety Instructions The product TAINY IQ-LTE complies with the European standard DIN EN 62368-1, Audio and Video Information and Communication technology equipment – part1: Safety requirement. Read the installation and user instructions carefully before installing and using the device.
Page 18 Instructions and Safety Information Warning Risk of injury or damaged device  Only use device for its intended purpose.  Operate the device in accordance with the electrical data as stated in the data sheet.  Only assemble and disassemble device as described in the manual. ...
Page 19 Instructions and Safety Information Antenna assembly Attention Risk of diminished transmission and reception  Mind the bending radii when routing the antenna cable.  The minimum bending radius of the cable may not exceed: statically 5 times its diameter dynamically 15 times its diameter HF exposure Warning Risk of interference and damage of other devices due to radio transmitters...
Page 20 The in port and switching output are both galvanic insulated against all other terminals of the TAINY IQ-LTE. If the external installation being connected to the TAINY IQ-LTE connects a signal of the in port and switching output galvanically to a power supply signal of...
Page 21 Instructions and Safety Information Caution: Costs Caution Risk of additional financial costs  Bear in mind that the exchange of data packages is subject to charges whether a connection to a remote station is maintained or re-established.  Unsuccessful attempts to connect to incorrect addresses or switch off remote stations are subject to charges.
Page 22 Firmware with open source GPL/LGPL The firmware for TAINY IQ-LTE contains open source software under GPL/LGPL conditions. We provide you with the source code in accordance with Section 3b of GPL and Section 6b of LGPL. You can find the source code on our webpage, www.neuhaus.de.
Page 23: Installation
3 Installation 3.1 Step by step Please always also refer to the mentioned chapter. This is not to be seen as a brief instruction and replacement for this manual. The TAINY IQ-LTE is set up by the following steps: Step Chapter First familiarise yourself with the preconditions for operating the TAINY IQ-LTE.
Page 24: Preconditions And Information
Installation 3.2 Preconditions and Information To operate the TAINY IQ-LTE, the following information must be on hand and the following preconditions must be fulfilled: Antenna-System One or two antennas as described in chapter 3.5. Power supply A 24 V installation. See chapter 3.3.
Page 25: Connection To 24V/0V Power Supply
TAINY IQ-LTE connects a signal of the In port and switching output galvanically to a power supply signal of the TAINY IQ-LTE, the voltage between each signal of the In port and switching output and each signal of the power supply may not exceed 60V.
Page 26: Ethernet Ports (Eth0 And Eth1)
Ethernet interface for remote monitoring, or a notebook or desktop The TAINY IQ-LTE acts as a switch between the available interfaces. To set up the TAINY IQ-LTE, connect the Admin PC with Web browser here. The Ethernet Ports ETH0 is dedicated to establish wired WAN-DSL/LAN connections, however it can also be used as an additional port to connect the local network with local applications.
Page 27: Digital Input / Output
Installation 3.6 Digital Input / Output Digital Input The TAINY IQ-LTE has an In port. The screw terminals are designated I1+/I1-. = 5 …30V; ON: U > 5 V; OFF: U < 1,2 V This port is the Gate Input for WAN Setup Operation Rules, see chapter 6.3.
Page 28: Serial Rs232 Interface
RS485 interface! This feature is currently not supported Ground Common ground connection 3.8 Signal lamps Signal lamps The TAINY IQ-LTE is equipped with a set of signal lamps for display of the operating status. Power Supply Signal Status Meaning POWER...
Page 29 Installation WAN Status Signals Status Meaning SIM 1 Constantly OFF No SIM active Constantly ON SIM 1 active Flashing SIM 2 active S (Status) Flashing Not registered to mobile net Constantly ON WAN IP connection available (Cellular or Ethernet) Q (Quality) Flashing slowly Logging into the GSM network Flash 1 time with interval...
Page 30: Service Button
Yellow Flashing Data transfer 3.9 Service button There is a small hole on the front side of the TAINY IQ-LTE where a button is located. Use a thin object, such as a straightened paper clip, to press the button. ...
Page 31: Sim Card Holder
Installation 3.10 SIM card holder Attention Before inserting a SIM card, enter the PIN of the SIM card in the TAINY IQ- LTE via the Web user interface. See Chapter 6.4 1. After you have entered the PIN of the SIM card, disconnect the TAINY IQ-LTE completely from the power supply.
Page 32: Mounting
Installation 3.11 Mounting The TAINY IQ-LTE is suitable for mounting on cap rails in accordance with DIN EN 50022 (3.5mm x 7.5mmm). The corresponding mount is located on the rear side of the device. Warning Risk of injury and property loss due to touching voltage-carrying parts ...
Page 33 Installation Unmounting: Use a flat-head screw driver to pull down the cap rail fixation (C) until the TAINY IQ-LTE is detached. Mounting: Position of the cap rail: [mm] TAINY iQ Page 33 of 147...
Page 34: Configuration
4 Configuration 4.1 Overview Screens The settings for TAINY IQ-LTE are configured on various tabs. All tabs consist of a tab bar (1) at the top, a menu (3) on the left and the dialog box (2). For illustration purposes the tab bar as shown in the left text column throughout this manual only reflects the tab in question.
Page 35: Overview
TAINY IQ-LTE via the local network. By default the LAN port ETH1 of TAINY IQ-LTE is part of the local network with the IP address 192.168.1.1 and Subnet mask 255.255.255.0. So you have to do the following settings for your PC:...
Page 36: Valid Characters For User Names, Passwords And Other Inputs
TAINY IQ-LTE Mozilla Firefox version 37 or later, Chrome version x or later). Enter the full TAINY IQ-LTE address in the address line of the browser. The factory setting is: https://192.168.1.1 Result: A security message appears. In Internet Explorer 7, for example,...
Page 37 12 on how to change the password. Open the start page by clicking on “Log In”. Note To register successfully on the TAINY IQ-LTE activate the cookies in your browser. Note The registration screen will open a selection menu, in which the registration can be made via TACACS+/RADIUS or the normal, local registration.
Page 38: Terminating A Configuration Connection (Logging Out)
Click the Log Out button at the top right of the screen to Log Out sign out manually. This will terminate the configuration connection to TAINY IQ-LTE. The webserver will return to the start screen. In order to re-establish the configuration connection, you have to enter your user name and password again.
Page 39: Status Overview
Click on the Status tab and select “Overview” to open the screen. Overview After a successful log-in to the TAINY IQ-LTE’s web user interface select “Status” from the menu bar at the top left. An overview of the current operating status of TAINY IQ-LTE appears. It displays the status of the: ...
Page 40 Status overview Signal strength: Indicates the strength of the received signal of cellular network as a CSQ value (see Glossary) and a RSSI value. Bytes Received / Bytes Sent: Indicates the number of received or sent bytes since the connection has been established. They will be reset when the connection is re-established.
Page 41: Get The Cellular Network Status
Cellular Module Type / Cellular Module Firmware Version: The TAINY IQ-LTE is equipped with a cellular module which acts as the radio interface. It handles all the communication over the radio network.
Page 42 Status overview Example presentation of the mobile status IP information Network IPv4 addresses and network IPv6 addresses: The IPv4 address provided by the provider and, if assigned, the IPv6 address with the associated name servers for IPv4 and IPv6 are displayed.
Page 43: Get The Dsl/Cable Status
Status overview The provider must support the assignment of IPv6 addresses! 5.3 Get the DSL/Cable Status Click on the Status tab and select “DSL/Cable Status” to open the DSL/Cable Status screen. Indicates the status and settings of the WAN connection, if it is established over a wired DSL/Cable connection.
Page 44 Status overview The illustration shows the relation of an IPv4 and an IPv6 address on the DSL / cable interface It should be noted that the operating mode setting of the WAN interface has been activated as an additional LAN interface. Under the WAN setup settings, the operating mode of the WAN setup must be set to both interfaces or at least the DSL / cable interface.
Page 45: Get The Vpn Status
SA Type: Defines the convention (connection) two communicating entities use within a secure network. Static: Indicates a connection that is configured and established by TAINY IQ-LTE. Dynamic: Indicates a connection that is established externally by the other entity. Connected Since: Displays the timestamp of the connection.
Page 46: Get The Lan Status
DHCP Clients Indicates LAN devices, which have retrieved an IP address from the TAINY IQ-LTE DHCP server, if this server is activated (see Chapter Fehler! Verweisquelle konnte nicht gefunden werden.). For each device the assigned IP address, the MAC address, the Hostname and the status is indicated.
Page 47: Wan Settings
Default WAN Setup”. The selected WAN Setup will be used once you Settings start-up the TAINY IQ-LTE. To change the current WAN Setup you select the desired setup from the list of “Current Default WAN Setups” and click the “Save” button below.
Page 48: List, Add, Delete Wan Setups
WAN Settings 6.2 List, Add, Delete WAN Setups Click on the WAN tab and select “WAN Settings” to open the screen WAN Setup Setup 1 WAN Setups (or created Setups) All existing WAN Setups are listed in this column. You can add or delete WAN Setups. To add a new WAN Setup: Enter a name in the “Setup”...
Page 49 WAN Connection. Or you select both interfaces in parallel. Having selected both however you need to priorities either Cellular or DSL Cable. TAINY IQ-LTE will then always try the prioritised interface first to establish the WAN Connection. In case it fails it will use the second one as an alternative.
Page 50: Configure Rules For Wan Setup Operations
6.3 Configure Rules for WAN Setup Operations Rules for WAN Setup Operation You can define TAINY IQ-LTE’s reaction in case of an incident on the WAN connection, e.g. in case of connection loss or general incident like a transition at the In Port.
Page 51 Rule Settings: Periodically, as long as the condition is fulfilled within a waiting time of 300 seconds If the WAN connection is inactive for 3600 seconds, the TAINY IQ-LTE resets the WAN interface. This will be done periodically each 300 seconds, until the WAN connection is no longer inactive.
Page 52 WAN Settings Selectable Conditions Action is triggered … Condition Parameter General … whenever the Timeout expires. Without Condition Timeout …in case the connection to WAN is active or Connection to WAN Operator/ Value/ inactive for the period (Timeout) defined. Timeout …in case the Input Gate is active or inactive Gate Input Operator/...
Page 53 …in case the Reliable Time Base of the Reliable Time Base Operator/ Value/ TAINY IQ-LTE is active or inactive for the Timeout period (Timeout) defined. The Reliable Time Base is active as long as the latest successful NTP Synchronization is...
Page 54 WAN Settings Action Parameter Description Send Email Recieveraddress/ An Email is sent Subject/Text Send Snapshot Subject/Text A snapshot is sent by email. Note: The receiver address is configured on the System tab, submenu Device Information Switching Output Output State The Switching Output will be set to the state as configured by the parameter.
Page 55: Configure The Wan Cellular Network Interface
SIM SIM PIN: Enter the PIN of the SIM in the selected SIM-Slot. Network Select if the TAINY IQ-LTE shall automatically register Selection: to the most advanced network type being supported and available: Preferred...
Page 56 Only applicable, if the Operator Configuration Mode is set to Automatic Configuration Selection (for Automatic The TAINY IQ-LTE reads from the active SIM card the Operator-ID and Selection) selects the corresponding Operator Configuration that has been predefined for the Operator-ID.
Page 57 HSPA+). Operator-ID: This ID is used to assign the right Operator Configuration to the used SIM Card. The TAINY IQ-LTE reads the Operator-ID from the SIM Card (part of the IMSI) and searches the List of Operator Configuration for a matching entry.
Page 58 WAN Settings Some mobile radio network operators do not use access control with user names and/or passwords. In this case enter guest in the corresponding entry field. To register with the wireless data service (HSPA+, UMTS, EGPRS or GPRS), two different Authentication Methods (PAP and CHAP) are used.
Page 59 WAN Settings Note The allocation of an IPv6 address depends on whether the Internet provider used supports the assignment of IPv6 addresses in the mobile data network. Accessibility with IPv6 from the Internet depends on the mobile operator and the contract with the operator. Mobile operators may require private access point name (APN) for the use of outgoing and incoming IPv6 connections.
Page 60: Configure The Wan Dsl/Cable Interface
Select DHCP to connect the TAINY IQ-LTE to routers.  Select PPPoE > DHCP or DHCP > PPPoE if the TAINY IQ-LTE shall automatically select the right logical interface. With PPPoE > DHCP will first try to connect with PPPoE, if this fails it will try DHCP.
Page 61 ”, which IPv6 address (es) has been set. Address(es) DHCP Settings DHCP Operation TAINY IQ-LTE provides a DHCP server function or a DHCP relay function. If the DHCP server function is activated, the TAINY IQ-LTE itself assigns IP addresses to applications connected to the LAN interface.
Page 62 VRRP Priority Defines, which TAINY acts as master and which as the backup. The TAINY IQ-LTE which has the highest priority acts as the master. Enter values between 1 (lowest prio) and 254 (highest prio). The VRRP priority can be adjusted automatically to a new value...
Page 63 PPPoE logical interface, select PPPoE. To connect the TAINY IQ-LTE to routers, select DHCP. If the TAINY IQ-LTE shall automatically select the right logical interface, select PPPoE > DHCP or DHCP > PPPoE. With PPPoE > DHCP will first try to connect with PPPoE, if this fails it will try DHCP. With DHCP >...
Page 64 WAN Settings IPv4 Adress Enter an IPv4 address for the WAN interface IPv4 Subnet Mask Enter an IPv4 subnet mask for the WAN interface IPv4 Default Enter here the IPv4 gateway address via the TAINY IQ forwards the IPv4 Gateway data packets Here, changes to the maximum transmission unit (MAC layer) can be made if necessary.
Page 65 WAN Settings IPv6 Name Server Enter an IPv6 name server for the resolution of hostnames to IPv6 addresses Here, changes to the maximum transmission unit (MAC layer) can be made if necessary. TAINY iQ Page 65 of 147...
Page 66: Configure Dynamic Multipoint Vpn (Dm Vpn)
Possible of Possible Default Gateways”. Default Gateways Select “Yes” if the TAINY IQ-LTE shall monitor the availability of the Default Gateway by ICMP pings and switch to the next gateway in case the used one is not reachable. Click the “Add” button to define a new DM VPN Network. Define the DM VPN Networks network characteristics for the new network.
Page 67 WAN Settings GRE Settings Local IP Enter the IP address of the TAINY IQ-LTE within the Address DM VPN. The IP address is provided by the operator of the DM VPN. Subnet Mask Enter the Subnet Mark of the DM VPN. The Subnet Mask is provided by the operator of the DM VPN.
Page 68 Enable Authenticati at the remote NHRP station. In this case enter an authentication key. If “No” is selected the TAINY IQ-LTE in Spoke mode Disable NHRP Purge sends after a (re-) registration a request to the hub to clean-up formerly stored routing data of the TAINY (standard implementation).
Page 69: Configure Ipsec For Dynamic Multipoint Vpn
DM VPN. The settings shall be the same for all possible communication partners of the TAINY IQ-LTE in this DM VPN. TAINY iQ Page 69 of 147...
Page 70: Configure Ipsec Tunnels
WAN Settings 6.8 Configure IPsec Tunnels Click on the WAN tab and select “IPsec Tunnels” to open the screen. IPsec Tunnels All configured IPsec Hosts are listed in this view. You can see the Name, Remote Host and Tunnel Count. To edit an IPsec Tunnel click the “Edit” button.
Page 71 WAN Settings If you set the parameter Wait for Connections by Remote Host to “Yes” make sure the remote station is available continuously and must answer pings. Enter the name of the host station in the Remote Hostname entry field. Tunnel Settings View, add or delete tunnels settings.
Page 72 Authentication Method To be able to select the desired settings in this section you have to make sure, that the required certificates are already available on TAINY IQ-LTE, see chapter 13 for further information. Select the preferred Authentication Method from the three options:...
Page 73 WAN Settings DH/PFS Group Select the DH (Dynamic Host)/PFS (Perfect Forward Secrecy) - group that has been agreed on with the administrator of the opposite network for the exchange of keys. NAT-Traversal Select: “Yes” – The use of NAT-Traversal could be arranged when the connecting is established “No”...
Page 74 5 MB or more per month. This could lead to additional costs. Enable Dead Peer Detection Select “Yes” to use the function. TAINY IQ-LTE will now identify the validity of the connection irrespectively data transmission. Select “No” to switch the function off.
Page 75: Configure User Defined Wan Routes And Ripv2
Networks Costs. This router will be prioritised. Select Yes if only RIP neighbours behind the active default gateway shall be used. The TAINY IQ-LTE will transmit the routing tables only via the default gateway. RIPv2 Neighbour IP...
Page 76: Configure The Ntp Time Synchronization
To activate this function select Yes. The NTP time server in the TAINY IQ-LTE can be reached via the local IP address set for the TAINY IQ-LTE. Page 76 of 147...
Page 77: Configure The Connection Check
With the function Connection Check the TAINY IQ-LTE checks its connection to UMTS/GPRS and to the connected external networks, such as the internet or an intranet. To do this, the TAINY IQ-LTE sends ping packets (ICMP) to up to four remote stations at regular intervals.
Page 78: Assign Hostnames To Remote Ip Addresses
Using this function, applications connected to TAINY IQ- LTE’s LAN interfaces can address these remote stations by the entered hostnames. TAINY IQ-LTE functions (e.g. NTP) can also use this feature. Hostnames configured here are valid only for the selected WAN setup.
Page 79: Dyndns Service (Ddns)
6.13 DynDNS Service (DDNS) Click on the WAN tab and select “Hostnames” to open the screen. DDNS The TAINY IQ-LTE can use DynDNS services to be addressable via a DynDNS hostname. You can enable/disable this function. Dynamic DNS Chose one of the three supported function:...
Page 80: Firewall Settings
IPv6 networks. The firewall prohibits all data traffic through the TAINY IQ-LTE, e.g. from LAN to WAN or LAN to LAN if no rules for the Packet Filter are set. Only the internal traffic of data traffic which is terminated inside the TAINY IQ- LTE, e.g.
Page 81 Firewall Settings Set the Log Unknown Packets to “Yes” to display them in the log files for Packet Filter Settings (IPv4) received unidentified data packets. Define a Rule IPv4 Data Source Enter the IP address and the netmask of the application that shall send the data.
Page 82 Firewall Settings Define a Rule IPv6 Rules for IPv6 filtering data This is the setting for IPv6-based traffic. packets (IPv6) To set up a packet filter just type in a name for the new rule in the box in this area and press "Add" As an example we created the rule "IPv6-Rulel-1": Filling the Rule: Data Source...
Page 83 Firewall Settings If you set this to "Yes", an entry is made in the firewall log each time the conditions of this rule are met. These entries can be retrieved via snapshot (see chapter 14.6). To log each action, select “Yes”. Rule Sortation Designates the sort level of the firewall rules.
Page 84: Configure Remote Access
Firewall Settings 7.2 Configure Remote Access Click on the Firewall tab and select “Remote Access” to open the Remote Access screen. Remote Access It is possible to activate such services as HTTP, SSH, ICMP or SNMP for WAN settings via the firewall settings. Define Rules for To define rules for a new remote access or change the rules for an existing remote access click the “Add”...
Page 85 Firewall Settings  ICMP  SNMP  RS232  Action Define whether data from this Data Source shall be Accepted, Dropped or Rejected. Action If Log is enabled (Yes) each time the conditions for the rule are fulfilled, an entry will be made to a firewall log, retrievable via the Snapshot (see chapter 14.6) To log all action select “Yes”.
Page 86 Firewall Settings  HTTPS   ICMP  SNMP  RS 232 Action Determine how to handle the data from this data source: Accept, Drop, or Reject. If you set this to "Yes", an entry is made in the firewall log each time the conditions of this rule are met.
Page 87: Configure The Port Forwarding
Port Forwarding can be defined to forward data traffic received by the TAINY IQ-LTE's WAN interface on a certain IP port to a defined IP address/port. To define a packet filter chose a Rule Name and click the “Add” or “Edit”...
Page 88 Following rules are not applied. The rule sequence can be influenced by the sortation rank. Rank 1 will be processed first, rank 2 second, etc. Rule Sortation is not applied for IP ports used by TAINY IQ-LTE itself, like 443, 500, 4500. Exposed Host...
Page 89: Configure The Traffic Priority
Firewall Settings 7.4 Configure the Traffic Priority Click on the Firewall tab and select “Traffic Priority” to open the Traffic Priority screen. Use this function to prioritize the communication of selected data paths (from LAN to WAN only). If there are data in a path of high priority, they will be transmitted first.
Page 90: Configure The Mac Table
MAC Table If the Static MAC Table function is enabled, only devices may communicate with or via the TAINY IQ-LTE, which MAC addresses are entered in the Static MAC Table. You can enable a MAC address to All ports or to a certain Physical Network Interface (ETH0… ETH5) only.
Page 91: Lan Settings
LAN Settings 8 LAN Settings 8.1 Configure the LAN Interface/DHCP/VRRP Settings Click on the LAN tab and select “LAN Interface” to open the screen. LAN Interface TAINY iQ Page 91 of 147...
Page 92 Set the required mode to select the required data transmission rate (10Mbit/s or 100Mbit/s) and the transmission method (half duplex or full duplex). If the mode is set to “Automatic”, the TAINY IQ-LTE and the device connected to this LAN Interface determines the settings automatically Enable 802.1Q VLAN Set to “Yes”...
Page 93 ID for the group of utilised TAINY IQ-LTEs. VRRP Priority Defines, which TAINY IQ-LTE acts as master and which as the backup. The TAINY IQ-LTE which has the highest priority acts as the master. Enter values between 1 (lowest prio) and 254 (highest prio). The VRRP priority can be adjusted automatically to a new value.
Page 94: Configure Vrrp
(VRRP). Enable/disable this function in the submenu the LAN tab for Logical Network Interfaces. Two TAINY IQ-LTE routers perform as one virtual router. If one TAINY IQ-LTE loses the WAN connection (or the VPN connection) the second TAINY IQ-LTE takes over/supports the connection.
Page 95 LAN Settings IP Address/ Hostname, IP Address: The TAINY IQ-LTE allows assigning IP Hostname addresses of remote stations to hostnames. Using this function, applications connected to TAINY IQ-LTE’s LAN interfaces address these remote stations by the entered hostnames. TAINY IQ-LTE functions (e.g.
Page 96: Using Eth0 As A Lan Port
8.3 Using ETH0 as a LAN Port WAN Setup Settings To use the ETH0 port as an additional LAN port for TAINY IQ-LTE, follow the configuration described below. Select the WAN tab and click “Setup 1” to open the screen.
Page 97 Configure LAN interface Configure 2 different networks for the ETH0 interface and for the ETH1 interface. The TAINY IQ-LTE will route data packets between these two networks. Click on the Firewall tab and select “Packet Filter” to open the Firewall Packet Filter screen.
Page 98 LAN Settings LAN Interface Open the LAN tab and select "LAN interface" in the menu. Assign IP an IPv4 address or more for the LAN interface. By assigning the IPv4 address and the subnet mask, you simultaneously define the network on the LAN interface (ETH1). IP data packets can be routed between the ETH0 interface and the mobile interface.
Page 99: Uart
Activate or Deactivate RS232 via IP Activate or deactivate the RS23 and by selecting “Yes” or “No”. Server TCP‐Port Enter the local TCP-Port opened by TAINY IQ-LTE. Interface Speed Set the required speed (in Baud) of the interface by selecting a value from the dropdown list.
Page 100: Network Tools
Network Tools 10 Network Tools 10.1 Network Tool Ping Click on the Network Tools tab and select “Ping” to open the screen. Ping Use this tool to establish whether a certain host within the network is available as well as the time span for a RTT (Round trip time). Execute Ping- To execute a Pin command enter he host-address oft eh host in question.
Page 101: Network Tool Nslookup
Network Tools 10.3 Network Tool NSlookup Click on the Network Tools tab and select “NSlookup” to open the NSlookup screen. This tool identifies the domain name of an IP-address and vs. Execute NSlookup- To execute a NSlookup‐command enter he address of the host in command question.
Page 102: Logbook
Click on the Logbook tab and select “Logbook” to open the screen. Logbook Important incidents of the TAINY IQ-LTE are saved and displayed in this view. The entries are refreshed automatically. Also Log entries created by rules for the WAN setup operations are written into this logbook (see chapter 6).
Page 103: Export The Logbook
Logbook The logbook is cut in five sections (Unit): Security, WAN, System, Supervision and Maintenance. The number of stored log entries can be selected for each section separately. If the maximum number of log entries is reached, the oldest log entries of this section will be overwritten. All log entries are characterized by a log level.
Page 104: System Logs
Logbook 11.4 System Logs Click on the Logbook tab and select “Logbook Export” to open the Export System Logs screen. Export Firewall Log Click “Export” button to export the firewall log file in a zip file to an external pc. accept log Data packages that are accepted by the firewall drop log...
Page 105: Manage Users, Enable/Disable Snmp Access
Manage Users, Enable/Disable SNMP Access 12 Manage Users, Enable/Disable SNMP Access Click on: the Users tab and select “Current User” to open the screen. Current User Change Password In this screens information about the current user are displayed. Click on the “Change” button to change the password of the current user.
Page 106 Manage Users, Enable/Disable SNMP Access Add User User Group Select the “User Group”, the new user belongs to. The user’s access rights are defined by the User Group. An Admin has got unlimited rights, whereas the rights of Guest or Operator “User Groups” can be limited (see Access Rights below).
Page 107: Configure Operator And Guests Access Rights
Manage Users, Enable/Disable SNMP Access 12.1 Configure Operator and Guests Access Rights Click on the Users tab and select “Access Rights” to open the screen. Access Rights Access Rights While an Admin always has got full access rights, the access rights of the members of the Guest user group and the Operator user group are limited.
Page 108: Configure Tacacs
In the event of a registration request, the TAINY IQ-LTE forwards the registration data to the TACACS+ server. The server checks the validity of the data and reports the result back to the TAINY IQ-LTE, which then either rejects or accepts the registration.
Page 109: Configure Radius
In the event of a registration request, the TAINY IQ-LTE forwards the registration data to the TACACS+ server. The server checks the validity of the data and reports the result back to the TAINY IQ-LTE, which then either rejects or accepts the registration.
Page 110 Manage Users, Enable/Disable SNMP Access Primary /Secondary TACACS+ Server A primary and a secondary (backup) TACACS+ server can be used. Enter the Hostname (or IP address), port number, shared secret and authentication protocol to reach and access the TACACS+ server. Page 110 of 147 TAINY iQ...
Page 111: Certificates
Click on the Certificates tab and select “Device Certificates” to Device Certificates open the screen. Device Certificates are all certificates of TAINY IQ-LTE. The opposite entity certificates are the Remote Certificates as described in the next chapter. See also Glossary for further information. In this view information on the device certificates, the request templates and the currently used RSA Key Pair are displayed.
Page 112 Certificates Add/Import Device Certificate Click the “Add” button in the List of Device Certificates and click “Submit” to import the file of the new certificate from the administration pc. The imported certificate requires the file ending “.pem” The new certificate will now appear in the List of Certificates. List of Signing Request Templates All requests templates appear in the List of Signing Request...
Page 113 Certificates Certificate Request Settings Enter the following parameters: Subject Name Type/Subject Name (CN) Select Free Text + Serial number. The serial number will be automatically attached to the subject name at export. Signature Algorithm Select either SHA-1 or SHA-256. The latter being more recent and saver. Organisation Name/Unit/Address/Email Address Enter the name and contact details into the respective entry fields.
Page 114 Certificates Country Code Enter the respective abbreviation: US United States of CA Canada AX Åland Islands AD Andorra America AE United Arab AF Afghanistan AG Antigua and AI Anguilla Emirates Barbuda AL Albania AM Armenia AN Netherlands AO Angola Antilles AQ Antarctica AR Argentina AS American Samoa...
Page 115 Certificates MU Mauritius MV Maldives MW Malawi MX Mexico MY Malaysia MZ Mozambique NA Namibia NC New Caledonia NE Niger NF Norfolk Island NG Nigeria NI Nicaragua NL Netherlands NO Norway NP Nepal NR Nauru NT Neutral Zone NU Niue NZ New Zealand OM Oman (Aotearoa)
Page 116 Certificates Device RSA Key Pair Information This section displays information on the currently used RSA Key Pair such as the Key Length, Time of Key Generation and the Public Key Fingerprint. The pair consists of a private and a public key, which guarantee a secure data transmission.
Page 117: Remote Certificates
Certificates 13.2 Remote Certificates Click on the Certificates tab and select “Device Certificates” to Remote Certificates open the screen. Remote certificates are all certificates that are used to authenticate the opposite entities. The List of CA certificates contains the certificates of the accepted Certificate Authorities List of Remote Certificates...
Page 118 Certificates The following screen opens: Click on “Submit” to upload the file of the additional remote certificate from the administration pc. The new certificate will appear in the List of Remote Certificates. List of CA Certificates d CA Certificate/Add Remote Certificate To upload a certificate from CA: Enter a name in the Name entry field.
Page 119: System
System 14 System 14.1 Select the System Language Click on the System tab and select “Web Interface” to open the screen. Web Interface Select the “Language” of the Web Interface in the General Web Language Settings. Web Server Port Enter in the section general Web Settings the for the connection web interface required TCP-port.
Page 120: Enter Manually Date And Time
Click on the System tab and select “Date and Time” to open the screen. Date and Time System Time Set the System Time of the TAINY IQ-LTE. Enter the local time. In case Configuration the time synchronisation by NTP is active the entered date and time will be overwritten after the next NTP synchronisation.
Page 121 System Click the “Export” button to write the current configuration of the TAINY IQ-LTE into a configuration file. Select a valid configuration file and click the “Import” button to load a new configuration from a file. Chose if the new configuration shall be kept without further confirmation or if the TAINY IQ- LTE should fall back to the...
Page 122: Device Management
System 14.4 Device Management Click on the System tab and select “Update” to open the screen. Device Management Email Settings Configure an Email account Set the function to “Yes” to be able to send emails from this device. SMTP Server Address/ SMTP TCP Port Enter the SMTP Server Address and the SMTP TC Port Username/ Password Enter a username and password for this email account.
Page 123: Perform Software Updates
System SSH Settings Enable SSH Access Set to “Yes”. Set SSH Password Enter a valid password for authentication. For further information on how to configure conditions and rules on when to send emails see chapter 6.3 14.5 Perform Software Updates Click on the System tab and select “Update”...
Page 124: Retrieve Device Information
It stores the information in a downloadable “tgz-file”. Sensitive information such as usernames and passwords are not included. The snapshot also contains the log files of the TAINY IQ-LTE. Click “Create” to take a snapshot. Set the Configure Snapshot transfer to “Yes”. Mind that the function...
Page 125: Force A Reboot
System 14.7 Force a Reboot Click on the System tab and select “Device Reboot” to open the screen. Device Reboot Click the “Reboot” button to force a new system start of the TAINY IQ- LTE. TAINY iQ Page 125 of 147...
Page 126: Maintenance
Maintenance 15 Maintenance 15.1 Maintenance TAINY IQ-LTE is maintenance free. 15.2 Troubleshooting In case you encounter any problems please refer to the table below for advice: Problem Cause Solution Control lamps are Power supply is cut off Check the connection to the...
Page 127 Maintenance Problem Cause Solution GRE tunnel does Not all devices and modems are Check for example the settings not configure configured correctly for the firewall an port forwarding-rules The IPsec encryption is not consistently Check the settings for IPsec on activated or deactivated the WAN tab The encryption- and hash methods of the...
Page 128: Transport, Storage And Disposal
Relative Humidity (transport) : max. 95% The TAINY IQ-LTE must be stored either in its individual box or mounted on a top rail inside a cabinet. The cabinet must be packed inside a layer of material (e.g. Styrofoam), which absorbs shocks and vibrations.
Page 129: Glossary
Glossary 17 Glossary 1-to-1 NAT With 1-to-1 NAT, a network component (e.g. router) maps the address range of one network to the address range of another network. Example Network 1: Example Network 2: Address range: 123.123.123.xyz Address range: 234.234.234.xyz Target address: 123.123.123.101 Target address: 234.234.234.101 1-to-1-NAT Network 1...
Page 130 This method is described in RFC 1518. In order to specify a range of IP addresses to the TAINY IQ-LTE, or when configuring the firewall, it may be necessary to specify the address space in the CIDR notation.
Page 131 Glossary CIDR (Table) IP netmask binary CIDR 255.255.255.255 11111111 11111111 11111111 11111111 32 255.255.255.254 11111111 11111111 11111111 11111110 31 255.255.255.252 11111111 11111111 11111111 11111100 30 255.255.255.248 11111111 11111111 11111111 11111000 29 255.255.255.240 11111111 11111111 11111111 11110000 28 255.255.255.224 11111111 11111111 11111111 11100000 27 255.255.255.192 11111111 11111111 11111111 11000000 26 255.255.255.128 11111111 11111111 11111111 10000000 25 255.255.255.0...
Page 132 Glossary Datagram With the transfer protocol TCP/IP, data is sent as data packages, so-called IP datagrams. An IP datagram has the following structure: 1. IP header 2. TCP/UDP header 3. Data (payload) The IP address contains:  the IP address of the sender (source IP address) ...
Page 133 Glossary The Dead Peer Detection (DPD) identifies whether the IPsec connection between two networks is still valid or if the connection has to be re- established. This function presumes though that it is supported on both sides. Without DPD depending on the configuration the connection has to be manually re-established or the lifetime of the SA has to elapse.
Page 134 (IP) is used. GPRS provides data rates of up to 115.2 KBit/s. Via the TAINY IQ-LTE independent (sub-) networks can be connected. For that purpose the TAINY IQ-LTE uses the GRE (=Generic Routing Encapsulation) protocol (RFC 1701; RFC 1702; RFC 2784).
Page 135 Glossary HSPDA, HSUPA HSDPA (=High Speed Downlink Packet Access) and HSUPA (=High Speed Upload Packet Access) are extensions of the UMTS network, which (HSPA+) provides higher data rates from the base station to the mobile station (HSDPA) or from the mobile station to the base station (HSUPA). HTTPS HTTPS (=Hyper Text Transfer Protocol Secure) is a variant of the familiar HTTP, which is used by any web browser for navigation and data exchange...
Page 136 Glossary The first byte of the IP address indicates whether an IP address refers to a device in a network of the category Class A, B or C. The following are defined: Value of the 1st Bytes for the Bytes for the host byte network address...
Page 137 Glossary Long Term Evolution LTE is the 4 generation of mobile radio network, which allows a significant (LTE) higher data transmission rate, than the 3 generation UMTS. It is possible to download up to 300 MB per second. The frequency range used by LTE- providers is solely on UHF-frequency band.
Page 138 Glossary Packet Filter Packet filtering is a method of a stateful inspection firewall. Packet filters only let IP packets pass through if this has been defined previously by firewall rules. The following are defined in the firewall rules: which protocol (TCP, UDP, ICMP) can go through, the permitted source of the IP packets (From IP / From port) the permitted destination of the IP packets (To IP / To port) It is likewise defined here how IP packets are handled that are not allowed to...
Page 139 Glossary Private key, public key; Two keys are used with asymmetric encryption algorithms: one private certification (X.509) (private key) and one public (public key). The public key is used for the encryption of data and the private key is used for the decryption. The public key is provided by the future recipient of data to those who encrypt and send data to the recipient.
Page 140 (billing). Like the TAINY IQ-LTE, a TACACS+ server can be set up, for example, which manages the access data for all end devices in the network centrally and carries out the authorization for the relevant interested party on behalf of the end devices when registration requests are received.
Page 141 VLAN. Depending on the configuration, the tags will be removed. Accordingly the data packets leaves the TAINY IQ-LTE with or without tags. If the tags are not removed, a connected external application which supports VLAN protocol (802.1Q) can be included in the VLAN.
Page 142 Glossary X.509 certificate A type of "seal" which verifies the authenticity of the public key ( asymmetric encryption) and corresponding data. The possibility of certification exists so that the user of the public key (used for encryption) can be certain that the public key really originates from its actual originator and thus from the party who was intended to receive the data to be sent.
Page 143 Netmask: 255.255.255.0 Additional internal routes Network A is connected to the TAINY IQ-LTE and via it to a remote network. Additional internal routes show the path to additional networks (networks B, C), which are connected to each other via gateways (routers).
Page 144: Technical Data
Class 3 (+23dBm +-2dB) für LTE 1800, LTE FDD Bd3 Class 3 (+23dBm +-2dB) für LTE 900, LTE FDD Bd8 Class 3 (+23dBm +-2dB) für LTE 800, LTE FDD Bd20 * Not for use in the EU. TAINY IQ-LTE Page 144 of 147 TAINY iQ...
Page 145 Technical data Class 4 (+33dBm ±2dB) for EGSM850 Class 4 (+33dBm ±2dB) for EGSM900 Class 1 (+30dBm ±2dB) for GSM1800 Class 1 (+30dBm ±2dB) for GSM1900 Class E2 (+27dBm ± 3dB) for GSM 850 8-PSK Class E2 (+27dBm ± 3dB) for GSM 900 8-PSK Class E2 (+26dBm +3 /-4dB) for GSM 1800 8-PSK Class E2 (+26dBm +3 /-4dB) for GSM 1900 8-PSK Class 3 (+24dBm +1/-3dB) for UMTS 2100, FDD BdI...
Page 146 Technical data Dimensions 114,5 mm x 45 mm x 99 mm (d x w xh) Weight ca. 250g Electrical Safety Standard EN 62368-1 Classification Protection class 2, Pollution degree 2, Overvoltage Category 2 Compliance CE mark The devices meet when used as intended the directive 2014/53/EU (RED).
Page 147: Simplified Eu Declaration Of Conformity
19 Simplified EU Declaration of Conformity Simplified EU Declaration of Conformity Hereby, Sagemcom Dr. Neuhaus GmbH, that the radio system type TAINY IQ-LTE complies with Directive 2014/53 / EU. The full text of the EU Declaration of Conformity is available at the following Internet addresses: www.neuhaus.de or www.sagemcom.com...

Dr. Neuhaus TAINY IQ-LTE User Manual

1 Introduction

2 Instructions and Safety Information

3 Installation

4 Configuration

5 Status Overview

6 Wan Settings

7 Firewall Settings

8 Lan Settings

9 Uart

10 Network Tools

11 Logbook

12 Manage Users, Enable/Disable Snmp Access

13 Certificates

14 System

15 Maintenance

16 Transport, Storage and Disposal

17 Glossary

18 Technical Data

19 Simplified Eu Declaration of Conformity

Quick Links

Need help?

Questions and answers

Related Manuals for Dr. Neuhaus TAINY IQ-LTE

Summary of Contents for Dr. Neuhaus TAINY IQ-LTE

Table of Contents