Table of Contents
Advertisement
Quick Links
Download this manual
See also:
User Manual
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Etic Telecom RAS Series
Summary of Contents for Etic Telecom RAS Series
- Page 1 RAS / IPL / SIG _________________ SETUP GUIDE _________________ DOC_DEV_Router setup guide_A...
- Page 2 The product family RAS, IPL et SIG are manufactured by ETIC TELECOM 13 Chemin du vieux chêne 38240 MEYLAN FRANCE TEL : + (33) (0)4-76-04-20-05 E-mail : hotline@etictelecom.com web : www.etictelecom.com Page 2 DOC_DEV_Router setup guide_A...
-
Page 3: Table Of Contents
TABLE OF CONTENTS OVERVIEW ............................. 5 Purpose of this manual ............................ 5 Main functions of these Routeurs ........................5 PREPARING THE SETUP ......................9 Connecting a PC for configuration ........................9 Overview ..............................9 First configuration ..........................10 Changing the configuration later ......................10 Access to the administration server through the WAN interface .............. - Page 4 TABLE OF CONTENTS Port forwarding ............................ 41 Advanced NAT ............................. 42 Publish the IP address of the router on the Internet ................. 44 10.1 Overview ............................44 10.2 Set-up ..............................44 Remote access connection ........................45 11.1 Advantages of a remote access connection ................. 45 11.2 Types of remote access connections ....................
-
Page 5: Overview
OVERVIEW OVERVIEW Purpose of this manual This manual describes how to set-up the RAS, IPL and SIG families of IP routers manufactured by ETIC TELECOM. This manual applies in particular to the models listed below : Machine Access Box with Ethernet RAS-E Machine Access Box with Cellular RAS-EC, RAS-C... - Page 6 OVERVIEW OpenVPN will be preferred when VPN traffic is routed through intermediate routers to take advantage of the flexibility of this technique. Remote access server for PCs, tablets and smartphones The Router can also behave like a remote access server. If he is registered in the user list, a remote user can access to particular devices of a machine network depending on his identity.
- Page 7 OVERVIEW Configuration The Router is configured using an HTML browser (HTTP or HTTPS). EticFinder The ETICFinder software can easily detect all ETIC branded products connected to an Ethernet network to display their MAC address and their IP address. Serial gateway Optionally, the Router provides 1 or 2 serial RS232, RS485, RS422 interfaces.
-
Page 9: Preparing The Setup
PREPARING THE SETUP PREPARING THE SETUP Connecting a PC for configuration Overview The Router is configured using a PC with a web browser. No additional software is required. Online help: For most pages of the administration server an help page is available by clicking located at the top right of the page. -
Page 10: First Configuration
PREPARING THE SETUP First configuration Step 1: Create or modify the PC TCP/IP connection Assign to the PC an IP address different but consistent with the factory IP address of the Router. For the first configuration, assign for instance 192.168.0.1 to the PC. Step 2: Connect the PC to the Router Connect the PC directly to the Router with any Ethernet cable (straight or cross-wired);... -
Page 11: Access To The Administration Server Through The Wan Interface
PREPARING THE SETUP Access to the administration server through the WAN interface To allow the access to the administration server through the WAN interface: • In the menu, choose Setup > Security > Administration rights. • Enter the username and the password. •... -
Page 12: Temporary Return To The Factory Settings
PREPARING THE SETUP Temporary return to the factory settings If the IP address of the Router could not be founded, or if it is impossible to access the administration server, for example, following a configuration error, it is possible to restore the factory settings without losing the current configuration. -
Page 13: Protecting The Access To The Administration Server
PREPARING THE SETUP Protecting the access to the administration server • In the menu, choose Setup > Security > Administration rights • Enter a user name and password to protect the administration server. • Tick the Password protect the web site access checkbox If the username and password to access the administration server are lost, you have to temporarily return to... -
Page 15: Setup
SETUP SETUP Ethernet / WAN interface setup This section applies to the below routers: IPL-E, IPL-EW, IPL-DEC, SIG-E, RAS-E, RAS-EC, RAS-EW, RAS-ECW. Il s’applique aussi aux routeurs IPL-A ou IPL-C lorsque l’on souhaite utiliser l’interface RJ5 N°1 comme interface WAN au lieu de l’interface ADSL (IPL-A) ou l’interface cellulaire (IPL-C). •... - Page 16 SETUP Choice Ethernet PPPoE “Priority” parameter ⚫ ⚫ That parameter defines the priority of the path when more than one path is selected (Cellular & Ethernet WAN, for instance). The Router will use as a priority the path to which the highest value is assigned;...
-
Page 17: Adsl Interface Setup
SETUP ADSL interface setup This section applies to the below routers: IPL-A, IPL-DAC, SIG-A • Select the Set-up > WAN menu « WAN type » list : Select the “ADSL” value. ADSL modem configuration ”Modulation” parameter : The default value is multi; the modem will adapt to the modulation of the FAI modem. Otherwise, ask your provider the modulation which as to be used. - Page 18 SETUP IP configuration of the ADSL line depending on the PPPoE PPPoA IPoA “Priority” parameter ⚫ ⚫ ⚫ ⚫ Enter a medium value « PPP login» & «PPP pasword»: ⚫ ⚫ Enter the ADSL account values «PPPoE service name » parameter : ⚫...
-
Page 19: Cellular Interface Setup
SETUP Cellular interface setup This section applies to the below routers: IPL-C, IPL-DAC, SIG-C, RAS-C, RAS-EC, RAS-ECW For some models, two SIM cards can be inserted in the router to allow the use of two different cellular networks. The network corresponding o the SIM card Nr1 is the main network, while the other one is the backup network. -
Page 20: Using The Sim Cards 1 And 2
SETUP « Cellular network » parameter : The Router is supposed to connect to the best cellular relay available. However, in particular situations, it may be useful to force the Router to use a particular service. That parameter gives the choice to select either the LTE 4G service, or the UMTS 3G service or the GPRS- EDGE service. -
Page 21: Cellular Connection Control
SETUP Example : T1 Network 1 failure confirmation time = 20 mn T1 Network 2 failure confirmation time = 20 mn T3 Minimum connection time on network 2 = 12 hours «Network 1 failure confirmation time » parameter See above. Value : 5, 10, 20, 30, 60 mn «Network 2 failure confirmation time »... -
Page 22: Wi-Fi / Wan Interface Setup
SETUP Wi-Fi / WAN interface setup This section applies to the below routers: IPL-EW, IPL-AW, IPL-CW, RAS-EW, RAS-ECW Remark : The Wi-Fi scanner makes possible to detect the Wi-Fi networks around the Router. To use the Wi-Fi scanner, select the Diagnostic > Tools > Wi-Fi scanner menu. To set-up the Wi-Fi interface as a client to reach the Internet, •... -
Page 23: Lan Interface Setup
SETUP LAN interface setup Overview Ethernet switch or hub The LAN interface consists of 1 to 4 switched Ethernet 10/100 BT RJ45 connectors. An option enables to shape a hub instead of a switch for test purposes for instance. IP address of the Router on the LAN interface A fixed IP address must be assigned to the LAN interface of the Router. -
Page 24: Ethernet & Ip Menu
SETUP IP adresses allocation Case 1 : Remote users connection Case 2 : VPN set between 2 routers Ethernet & IP menu • Select Set-up > LAN Interface > Ethernet & IP Ethernet ports « hub mode enable» checkbox : If the checkbox is selected, the LAN ports behaves like a hub. -
Page 25: Wi-Fi Access Point Set-Up
SETUP Remote access menu «Automatic management of the remote users» checkbox : If that checkbox is selected, the Router allocates automatically an unused IP address of the LAN network to a remote user when he connects. Unselect that checkbox to set-up the pool of fixed IP addresses which can be allocated to the remote users. That IP addresses must belong to the LAN domain. -
Page 26: Device List Set-Up
SETUP Remark : It is preferable to select an unused channel at the location where the Router is installed. Use the Wi-Fi scanner to display the channels used by the Wi-Fi networks active at the same location. Device list set-up To set-up the device list, •... -
Page 27: Dhcp Server Menu
SETUP DHCP server menu The Router can behave like a DHCP server over the LAN interface. In that case, a pool of addresses must be reserved ; the addresses of the pool are automatically distributed to the devices of the LAN acting as DHCP clients. The addresses of the LAN domain which do not belong to that pool can be allocated as fixed IP addresses to particular devices. -
Page 28: Ipsec Vpns Setup
The authentication of the two participants to the VPN connection can also be carried-out with certificates. Coming from factory , a certificate produced by ETIC TELECOM is registered in the Router. Other kinds of X509 certificates can be added. (see the Set-up>Security>X509 certificate). -
Page 29: Ipsec Vpn Connection Set-Up
SETUP IPSec VPN connection set-up • Select the Set-up> Network > IPSec VPN menu The IPSec VPN home page is displayed. To add an IPSec VPN connection, click « Add». The set-up page of the new VPN connection is displayed. page 29 DOC_DEV_Router setup guide_A... - Page 30 « My SubjectAlt name » parameter: Enter the 'SubjectAltName' value of the active certificate of the current router. If the active certificate is an ETIC TELECOM certificate, that field is the email field. Remote « SubjectAlt name » parameter : Enter the 'SubjectAltName' value of the active certificate of the remote router.
- Page 31 SETUP « Remote WAN IP address » & « Remote WAN Netmask” parameters (initiator only): Enter the WAN IP address of the remote router Remark : This address is the address of the router towards which the VPN must be set. IKE phase 1 section IKE phase 1 performs mutual authentication between the two parties with the end result of having shared secret keys.
- Page 32 SETUP «DH group» parameter (only if the PFS option is enabled) : Recommended value: Group 2. «Life-time» parameter (only if the PFS option is enabled) : Enter the phase 2 key life-time. DPD section DPD Keep-alive period” parameter : A DPD is a message sent periodically by each end-point to the other one to make sure that the VPN must be left active.
-
Page 33: Openvpn Type Vpn Connection
The authentication of the two participants to the VPN connection can also be carried-out using certificates in addition to a Login and password. Coming from factory , a certificate produced by ETIC TELECOM is registered in the ETIC Router. Other kinds of X509 certificates can be added. (see the Set-up>Security>X509 certificate). -
Page 34: Set-Up Principles
SETUP Set-up principles • VPN server set-up If the Router behaves like a VPN server, it means that the Router has to receive at least one ingoing connection, the set-up has to be carried-out in two steps : Step 1 : Configuration of the parameters of the OpenVPN server. Only one server can be set-up. -
Page 35: Openvpn Server Set-Up
SETUP Current router Remote router OpenVPN server set-up • Select the « Add » button located just below the VPN server table “Port number” & “protocol” parameters : Select the port Nr and the type of level 3 protocol used to transport OpenVPN. Attention : The port number value must be different from the one used by remote users. - Page 36 SETUP That VPN IP address must not be confused with the WAN interface IP address. Leave the default values 172.16.0.0 and 255.255.0.0 “Connection death time-out” parameter : A control message (also called Keep-alive message) is sent periodically by the VPN server Router to make sure that the VPN must be left active.
-
Page 37: Setting Up An Outgoing Connection
SETUP Setting up an outgoing connection An outgoing connection is a connection initiated by the current Router. Select the « Add » button located just below the Outgoing connection table. • • Select the « Enable » option and assign a name to the connection. “Login &... -
Page 38: Setting Up An Ingoing Vpn Connection
« Common name» parameter : Enter the value of the field 'SubjectAltName' of the active certificate of the remote Router. If the active certificate of the remote Router is delivered by ETIC TELECOM, that field is the email field. Page 38... -
Page 39: Ip Routing
SETUP IP routing Basic routing function Once an iP address has been assigned to the R2 router on the LAN interface and another one on the WAN interface (see drawing hereafter), the Router is ready to route frames … … between devices connected to the remote LAN network like RL1, and devices connected to the LAN network like L1 through a VPN;... -
Page 40: Rip Protocol
SETUP Router Nr2 static routes : Active Route name Destination Netmask Gateway Network 6 192.168.6.0 255.255.255.0 192.168.5.1 Network 1 192.168.1.0 255.255.255.0 192.168.2.1 Network 192.168.4.0 255.255.255.0 192.168.5.128 Remote WAN Remark : It is not necessary to enter in the router R2 the static route to the WAN network nor to the remote LAN network, that routes have been automatically created by the router respectively when the WAN IP address has been entered and when the VPN has been configured. -
Page 41: Substitution Of Addresses (Nat, Port Forwarding, Advance Nat)
SETUP Substitution of addresses (NAT, Port forwarding, Advance NAT) Network address translation (NAT) That function applies to the IP frames issued by devices belonging to the LAN network and transmitted to the WAN network. The NAT function consist in replacing the source IP address of that frames by the source IP address of the Router on the WAN interface. -
Page 42: Advanced Nat
SETUP Service in Device out Service out 192.168.0.15 192.168.0.16 192.168.0.17 9.2.2 Set-up To set-up a portforwarding rule, • Select > Network> Routing > Port forwarding menu, • Click the Add button, • Enter the characteristics of the frames which must be forwarded : Source IP address, Port number (destination) •... - Page 43 SETUP 9.3.2 Set-up To set the advanced address translation functions, select the setup >Network>Advanced NAT menu. • To create a new DNAT rule, • click “Add a DNAT” rule. • Select “Yes” to enable the rule. • Enter the characteristics of the IP frames which must be modified by the DNAT rule. Source IP address &...
-
Page 44: Publish The Ip Address Of The Router On The Internet
SETUP Publish the IP address of the router on the Internet 10.1 Overview The DynDNS or the NoIP services make possible to connect remotely to a device over the Internet even if the IP address of that device is dynamic. The IP address of the device has to be a public IP address. -
Page 45: Remote Access Connection
When he connects, the login and password of the remote user, and optionally the certificate of his PC are checked. The certificate can be delivered by ETIC TELECOM or by another authority. • Selective access rights Individual access rights can be assigned to each remote user according to his identity. -
Page 46: Types Of Remote Access Connections
SETUP 11.2 Types of remote access connections Four types of remote access connections can be set-up : OpenVPN., PPTP, L2TP/IPSec, HTTPS. Remote user Authentication Encryption Identification OpenVPN Login Optionally a certificate PPTP Login L2TP/IPSec Login PWD and Preshared Key or certificate HTTPS Login That four types of connection can be implemented in PCs, tablets or smartphones. -
Page 47: Openvpn Remote User Connection
SETUP 11.3 OpenVPN remote user connection The remote user can be authenticated with a password or with a password and a certificate. The data is encrypted. On the remote PC side, one can use a standard OpenVPN client or, if the PC is running Windows, the M2Me_Secure software which is simple to install, set-up and use. -
Page 48: Pptp Connection
SETUP « Encryption Algorithm» & « Message digest algorithm» : Leave the default values Blowfish & MD5. 11.5 PPTP connection Select the PPTP checkbox. • If the remote are PC running Windows, select only the MS-CHAP V2 checkbox. 11.6 L2TP / IPSec connection Select the L2TP/ IPSec checkbox. -
Page 49: Https Connection And Portal For Smartphone, Tablets Or Pcs
SETUP HTTPS connection and portal for smartphone, tablets or PCs 12.1 Overview The Router can behave like a HTTPS server for remote users. In addition, the HTTPS server can behave like a HTTPS to HTTP gateway to give a secure remote access to HTML / HHTP pages embedded in devices. -
Page 50: Set-Up
SETUP 12.2 Set-up To enable the HTTPS portal through the LAN interface, • Select Set-up > Remote access > Remote access server • Select the «Enable the HTTPS proxy » menu To give access to the HTTPS portal through the Internet (WAN), •... -
Page 51: M2Me_Connect Connection Setup
SETUP M2Me_Connect connection setup That paragraph applies to all the models of RAS Routers. It also applies to all other Routers, only if the M2Me option has been enabled. Preliminary remark : To provide access to a machine for remote users through the M2Me_Connect service, it is necessary to carry-out three steps : step : carry-out the M2Me connection set-up described in this paragraph. -
Page 52: Users List
SETUP Users list It is necessary to register at least one remote use in the user list. The users list is able to register 25 authorised remote users forms. Each user form stores the identity of the user (Login and password), his email address to send alarm emails and his mobile telephone number to send alarm SMS to him. - Page 53 SETUP To register a remote user in the user list, • Click the « ADD » button located under the user list. Enter the identity of the user (Login and password), his email address to send alarm emails. page 53 DOC_DEV_Router setup guide_A...
-
Page 54: Assigning Rights To Remote Users
SETUP Assigning rights to remote users Individual access rights to the network can be assigned to each user. The list of devices of the LAN network must have been registered previously (LAN interface menu). To grant access rights to a remote user, •... -
Page 55: Firewall Setup
SETUP Firewall setup 16.1 Overview The firewall filters IP frames between the LAN interface on one hand and • the WAN interface, or transmitted inside a VPN, • or transmitted inside a remote user connection, • on the other hand. It consists of three parts : •... -
Page 56: Main Filter
SETUP 16.2 Main filter 16.2.1 Main filter organisation • Main filter structure For a better organisation, the main filter is divided in two tables; both having the same structure. The “VPN” filter : It filters the packets transmitted inside the VPNs. The “WAN”... - Page 57 SETUP • Main filter table The main filter is a table, each line being a rule. Each rule of the filter is composed a several fields which defines a particular data flow and another field which is called the action field. The fields which define the data flow are : Direction («...
-
Page 58: Adding A Certificate
SETUP Adding a certificate Coming from the factory, the Router includes a certificate delivered by ETIC TELECOM acting as a certification authority. That certificate can be used to set a VPN between two routers. An Router can set a VPN with another one only if the certificates of both routers have been provided by the same authority. -
Page 59: Alarm Email Or Sms
SMTP client section « Use the M2Mail service » parameter (email choice) : ETIC TELECOM provides a SMTP service which can be used to send the alarm mail without additional set-up. Select that option to send the alarm mail through this service. -
Page 60: Serial To Ip Gateways
SETUP Serial to Ip gateways 19.1 Overview Depending on the model, the Router provides 2 serial ports : 2 RS232, or 1 RS232 and 1 RS485, or 1 RS422 isolated or 1 RS485 isolated. A gateway can be assigned to each serial port. A serial gateway makes possible to use the IP network to transport serial data between two or several serial devices or directly with devices connected to the Ethernet network. -
Page 61: Modbus Gateway
SETUP 19.2 Modbus gateway The Modbus gateway allows to connect serial RS232-RS485 master or slaves devices to one or several Modbus TCP devices connected to the IP network 19.2.1 Glossary A Modbus TCP client is a device connected to the Ethernet network and able to transmit Modbus requests to a Modbus TCP server device which will reply. - Page 62 SETUP 19.2.4 Modbus client gateway This gateway allows to connect a serial modbus master to the serial interface of the product. The gateway can be connected to several Modbus TCP servers on the IP network Other slaves can be connected to the serial link. How the Modbus Client Gateway works : In order to access a Modbus TCP server on the IP network, a mapping table between a Modbus slave address and an IP address is set ;...
- Page 63 SETUP TCP idle Timeout Set the time the gateway will wait before disconnecting the TCP link if no characters are detected. TCP port Set the port number the gateway has to use. The default Modbus TCP port is 502. Modbus slaves The table allow the mapping of a Modbus slave address to an IP address.
- Page 64 SETUP Warning : Several TCP Modbus client can send requests to the slaves on the serial link. Nevertheless, care must be taken not to saturate the serial link since its flow rate is much lower than the Ethernet one. To configure the gateway : In the menu, choose Setup >...
- Page 65 SETUP TCP port Set the port number the gateway has to use. The default Modbus TCP port is 502. Local reiteration count Set up the number of times the gateway will repeat a request in case of no response from the slave. page 65 DOC_DEV_Router setup guide_A...
-
Page 66: Raw Tcp Gateway
SETUP 19.3 Raw TCP gateway 19.3.1 Raw TCP client The Raw client gateway can be used if a serial “master” device has to send requests to one slave device (also called server) located on the IP network. The server can be either an ETIC gateway or a PC including a software TCP server. To configure the gateway : •... - Page 67 SETUP 19.3.2 Raw server gateway That gateway can be used if a serial slave device has to answer requests coming from devices located on the IP network and acting like a master (also called TCP client). To configure the gateway : In the menu, choose Setup >...
-
Page 68: Raw Udp Gateway
SETUP 19.4 Raw UDP gateway The RAW UDP gateway allows to connect together a group of serial or IP devices through an IP network. The group can include IP devices if they have the software pieces able to receive or transmit serial data inside UDP. -
Page 69: Raw Multicast Gateway
SETUP 19.5 Raw multicast gateway This gateway is designed to connect a serial device to several devices on an IP network. It uses the "multicast" protocol that can simultaneously deliver an IP frame to many devices without increasing the traffic: The RS232 data are transmitted in an IP frame with a particular IP address called multicast address; all subscribers to this address can receive the frame. -
Page 70: Unitelway Gateway
SETUP 19.6 Unitelway gateway The Unitelway gateway is used to connect a Unitelway master PLC to an IP network. In particular it is used to perform the remote maintenance of a Schneider Electric RS485 PLCs via an IP network. To configure the gateway : In the menu, choose Setup >... -
Page 71: Telnet Gateway
SETUP 19.7 Telnet gateway This gateway allows a PC running a Telnet client software to connect to an equipment connected to the serial link of the Router. The data rate and the format of the characters on the serial link can be controlled according to the RFC2217 standard. -
Page 72: Usb Gateway
SETUP 19.8 USB gateway 19.8.1 Overview The USB to IP gateway is able to forward IP traffic from devices connected to the Ethernet network to a USB device. On the USB interface, the Router behaves like a USB host and a PPP client. The USB device connected to the Router USB interface must behave like a PPP server. -
Page 73: Diagnostics And Maintenance
DIAGNOSTICS AND MAINTENANCE DIAGNOSTICS AND MAINTENANCE Visual diagnostic At power up, the RUN LED is red for about 20 seconds during the initialization of the product. Then the LED turns green and blinks for 30 seconds then becomes steady green when the product is ready. If the LED remains red after that delay, the product is probably faulty ;... - Page 74 13, Chemin du Vieux Chêne 38240 Meylan - France Tel : +33 (0)4 76 04 20 00 contact@etictelecom.com www.etictelecom.com...
Need help?
Do you have a question about the RAS Series and is the answer not in the manual?
Questions and answers