Subscribe to Our Youtube Channel
Related Manuals for Belden Hirschmann OWL LTE M12
Summary of Contents for Belden Hirschmann OWL LTE M12
-
Page 1: User Manual
User Manual Configuration Industrial Cellular Router OWL LTE M12 UM Configuration OWL LTE M12 Technical support Rel. 06.1.09 - 07/2019 https://hirschmann-support.belden.com... -
Page 2: Lan Configuration For Example
The naming of copyrighted trademarks in this manual, even when not specially indicated, should not be taken to mean that these names may be considered as free in the sense of the trademark and tradename protection law and hence that they may be freely used by anyone. c 2019 Hirschmann Automation and Control GmbH Manuals and software are protected by copyright. - Page 3 Open Source Information Open Source Software used in the product The product contains, among other things, Open Source Software files, as defined below, de- veloped by third parties and licensed under an Open Source Software license. These Open Source Software files are protected by copyright. Your right to use the Open Source Software is governed by the relevant applicable Open Source Software license conditions.
-
Page 4: Safety Instructions
Used Symbols Danger – Information regarding user safety. Note – Problems that can arise in specific situations. Information – Useful tips or information of special interest. Example – Example of function, command or script. Safety Instructions WARNING UNCONTROLLED MACHINE ACTIONS To avoid uncontrolled machine actions caused by data loss, configure all the data transmis- sion devices individually. -
Page 5: Table Of Contents
Contents Contents About this Manual 1 Basic Information 1.1 Configuration ........12 1.2 Configuration Options . - Page 6 Contents 4.7 Firewall Configuration ....... . . 59 4.7.1 Example of the IPv4 Firewall Configuration .
- Page 7 Contents 6.9 Backup Configuration ....... . . 130 6.10 Restore Configuration .
- Page 8 List of Figures List of Figures Example of the Web Configuration ......14 Mobile WAN status .
- Page 9 List of Figures Example of NTP Configuration ......92 OID Basic Structure ........94 SNMP Configuration Example .
- Page 10 List of Tables List of Tables Mobile Connection ........17 Peripheral Ports .
- Page 11 List of Tables SNMP Configuration (R-SeeNet) ......94 SMTP client configuration ....... 97 SMS Configuration .
-
Page 12: About This Manual
About this Manual About this Manual This "Configuration" user manual contains the information you need to start operating the de- vice. It takes you step by step from the first startup operation through to the basic settings for operation in your environment. UM Configuration OWL LTE M12 Rel. -
Page 13: Basic Information
Basic Information 1 Basic Information 1.1 Configuration Configuring SmartFlex routers is made easy by name and password protected web interface. The interface provides detailed statistics about router activities, signal strength, system logs and more. The router supports both IPv4 IPv6 protocols, the creation of secure VPN tunnels using technologies IPsec, OpenVPN... -
Page 14: This Manual Describes
Basic Information 1.4 This Manual Describes For cellular IPv6 connection see Mobile WAN Configuration in Chapter 4.3.1. For IPv6 LAN configuration see LAN Configuration in Chapter 4.1, DHCPv6 server/client is also supported. IPv4 is the default, but IPv6 can be enabled or used with all features and protocols in the router, except for non-secured tunnels GRE, L2TP and PPTP, and VRRP. -
Page 15: Access To The Web Configuration
Access to the Web Configuration 2 Access to the Web Configuration Wireless transmissions work only when you activate the SIM card for data traffic and insert it into the router. Remove the power source before inserting the SIM card. You may use the web interface to monitor, configure and manage the router. To do so, enter the router’s IP address in your browser. -
Page 16: Certificates And Preventing The Security Message
Access to the Web Configuration 2.1 Certificates and Preventing the Security Message ing subchapter. The default username is "admin". The default password is "private". Change the default pass-word as soon as possible! For increased security of the network connected to the router, change the default router password. - Page 17 Access to the Web Configuration 2.1 Certificates and Preventing the Security Message Access the router via the new domain name address (E.g. https://00-11-22-33-44-55). If you see the security message, add an exception so the next time the message will not pop up (E.g.
-
Page 18: Status
Status 3.1 General Status 3 Status 3.1 General Status Selecting the General item will open a screen displaying a summary of basic information about the router and its activities. This page is also displayed when you login to the web in- terface. -
Page 19: Primary Lan, Secondary Lan
Status 3.1 General Status 3.1.2 Primary LAN, Secondary LAN Items displayed in this part have the same meaning as items in the previous part. Moreover, the MAC Address item shows the MAC address of the corresponding router’s interface (Primary LAN – eth0, Secondary LAN – eth1). Visible information depends on configuration, see chapter 4.1. -
Page 20: Mobile Wan Status
Status 3.2 Mobile WAN Status 3.2 Mobile WAN Status The Mobile WAN menu item contains current information about connections to the mobile network. The first part of this page (Mobile Network Information) displays basic information about mobile network the router operates in. There is also information about the module, which is mounted in the router. -
Page 21: Value Ranges Of Signal Strength For Different Technologies
Status 3.2 Mobile WAN Status The value of signal strength is displayed in different color: in black for good, in orange for fair and in red for poor signal strength. Signal GPRS/EDGE/CDMA UMTS/HSPA strength (RSSI) (RSCP) (RSRP) good > -70 dBm >... -
Page 22: Mobile Wan Status
Status 3.2 Mobile WAN Status Figure 2: Mobile WAN status UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 23: Network Status
Status 3.3 Network Status 3.3 Network Status To view information about the interfaces and the routing table, open the Network item in the Status menu. The upper part of the window displays detailed information about the active interfaces only: Interface Description eth0, eth1 Firs and second network (Ethernet) interfaces... -
Page 24: Description Of Information In Network Status
Status 3.3 Network Status Continued from previous page Item Description packets – transmit packets errors – number of errors dropped – dropped packets overruns – outgoing packets lost because of overload. carrier – wrong outgoing packets with errors resulting from the physical layer. -
Page 25: Network Status
Status 3.3 Network Status Figure 3: Network Status UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 26: Dhcp Status
Status 3.4 DHCP Status 3.4 DHCP Status Information about the DHCP server activity is accessible via DHCP item. The DHCP server provides automatic configuration of the client devices connected to the router. The DHCP server assigns each device an IP address, subnet mask, default gateway (IP address of router) and DNS server (IP address of router). -
Page 27: Dhcp Status Description For Ipv4 And Ipv6 Leases
Status 3.4 DHCP Status Records in the DHCP Status window are divided into two separate parts according to IPv4 (DHCP) and IPv6 (DHCPv6) protocols – there are Active DHCP Leases (LAN) and Active DHCPv6 Leases (LAN) parts, see Figure 4. The table below explains information from the client list: Item Description... -
Page 28: Ipsec Status
Status 3.5 IPsec Status 3.5 IPsec Status Selecting the IPsec option in the Status menu of the web page will bring up the information for any IPsec Tunnels that have been established. If the tunnel has been built correctly, the screen will display ESTABLISHED and the number of running IPsec connections 1 up (orange highlighted in the figure below.) If there is no such text in log (e.g. -
Page 29: Dyndns Status
Status 3.6 DynDNS Status 3.6 DynDNS Status The router supports DynamicDNS using a DNS server on www.dyndns.org. If Dynamic DNS is configured, the status can be displayed by selecting menu option DynDNS. Refer to www.dyndns.org for more information on how to configure a Dynamic DNS client. You can use the following listed servers for the Dynamic DNS service. -
Page 30: System Log
Status 3.7 System Log 3.7 System Log If there are any connection problems you may view the system log by selecting the System Log menu item. Detailed reports from individual applications running in the router will be dis- played. Use the Save Log button to save the system log to a connected computer. (It will be saved as a text file with the .log extension.) The Save Report button is used for creating detailed reports. -
Page 31: Example Program Syslogd Start With The Parameter -R
Status 3.7 System Log The following example (figure) shows how to send syslog information to a remote server at 192.168.2.115 on startup. Figure 8: Example program syslogd start with the parameter -R UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 32: Configuration
Configuration 4 Configuration 4.1 LAN Configuration To enter the Local Area Network configuration, select the LAN menu item in the Configuration section. The LAN item will expand in the menu on the left, so you can choose the proper Ethernet interface to configure: Primary LAN for the router’s first Ethernet interface (ETH0), Secondary LAN for the router’s second Ethernet interface (ETH1). -
Page 33: Configuration Of The Network Interface - Ipv4 And Ipv6
Configuration 4.1 LAN Configuration Item Description DHCP Client Enables/disables the DHCP client function. If in IPv6 column, the DHCPv6 client is enabled. DHCPv6 client supports all three meth- ods of getting an IPv6 address – SLAAC, stateless DHCPv6 and statefull DHCPv6. disabled –... -
Page 34: Dhcp Server
Configuration 4.1 LAN Configuration Item Description Bridged Activates/deactivates the bridging function on the router. no – The bridging function is inactive (default). yes – The bridging function is active. Media Type Specifies the type of duplex and speed used in the network. Auto-negation –... -
Page 35: Ipv6 Prefix Delegation
Configuration 4.1 LAN Configuration Item Description Enable dynamic DHCP leases Select this option to enable a dynamic DHCP server. IP Pool Start Starting IP addresses allocated to the DHCP clients. Use proper notation in IPv4 and IPv6 column. IP Pool End End of IP addresses allocated to the DHCP clients. -
Page 36: Authentication To Radius Server
Configuration 4.1 LAN Configuration Item Description Enable IPv6 prefix delegation Enables prefix delegation configuration filled-in below. Subnet ID The decimal value of the Subnet ID of the Ethernet inter- face. Maximum value depends on the Subnet ID Width. Subnet ID Width The maximum Subnet ID Width depends on your Site Prefix –... -
Page 37: Lan Configuration Examples
Configuration 4.1 LAN Configuration 4.1.4 LAN Configuration Examples Example 1: IPv4 Dynamic DHCP Server, Default Gateway and DNS Server The range of dynamic allocated IPv4 addresses is from 192.168.1.2 to 192.168.1.4. The address is allocated for 600 second (10 minutes). Default gateway IP address is 192.168.1.20 DNS server IP address is 192.168.1.20 Figure 11: Network Topology for Example 1... -
Page 38: Lan Configuration For Example 1
Configuration 4.1 LAN Configuration Figure 12: LAN Configuration for Example 1 UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 39: Network Topology For Example 2
Configuration 4.1 LAN Configuration Example 2: IPv4 Dynamic and Static DHCP server The range of allocated addresses is from 192.168.1.2 to 192.168.1.4. The address is allocated for 600 seconds (10 minutes). The client with the MAC address 01:23:45:67:89:ab has the IP address 192.168.1.10. The client with the MAC address 01:54:68:18:ba:7e has the IP address 192.168.1.11. -
Page 40: Lan Configuration For Example 2
Configuration 4.1 LAN Configuration Figure 14: LAN Configuration for Example 2 UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 41: Network Topology For Example 3
Configuration 4.1 LAN Configuration Example 3: IPv6 Dynamic DHCP Server The range of dynamic allocated IPv6 addresses is from 2001:db8::1 to 2001:db8::ffff. The address is allocated for 600 second (10 minutes). The router is still accessible via IPv4 (192.168.1.1). Figure 15: Network Topology for Example 3 UM Configuration OWL LTE M12 Rel. -
Page 42: Lan Configuration For Example 3
Configuration 4.1 LAN Configuration Figure 16: LAN Configuration for Example 3 UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 43: Vrrp Configuration
Configuration 4.2 VRRP Configuration 4.2 VRRP Configuration VRRP via IPv6 (VRRPv3) is not supported. Select the VRRP menu item to enter the VRRP configuration. VRRP protocol (Virtual Router Redundancy Protocol) allows you to transfer packet routing from the main router to a backup router in case the main router fails. -
Page 44: Topology Of Vrrp Configuration Example
Configuration 4.2 VRRP Configuration interface for any packets different from a ping. If a response to the packet is received within the timeout specified by the Ping Timeout parameter, then the router knows that the connection is still active. If the router does not receive a response within the timeout period, it will attempt to test the mobile WAN connection using standard Ping commands. -
Page 45: Example Of Vrrp Configuration - Backup Router
Configuration 4.2 VRRP Configuration Figure 19: Example of VRRP configuration – backup router UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 46: Mobile Wan Configuration
Configuration 4.3 Mobile WAN Configuration 4.3 Mobile WAN Configuration Select the Mobile WAN item in the Configuration menu section to enter the cellular network configuration page. See Mobile WAN Configuration page in Figure 21. 4.3.1 Connection to Mobile Network If the Create connection to mobile network checkbox is checked, then the router will au- tomatically attempt to establish a connection after booting up. -
Page 47: Dns Address Configuration
Configuration 4.3 Mobile WAN Configuration Continued from previous page Item Description Maximum Receive Unit – maximum size of packet that the router can receive via Mobile WAN. The default value is 1500 B. Other settings may cause the router to receive data incorrectly. Minimal value in IPv4 and IPv4/IPv6 mode: 128 B. -
Page 48: Check Connection To Mobile Network Configuration
Configuration 4.3 Mobile WAN Configuration 4.3.3 Check Connection to Mobile Network Configuration Enabling the Check Connection function for mobile networks is necessary for uninter- rupted and continuous operation of the router. If the Check Connection item is set to enabled or enabled + bind, this activates checking of the connection to the mobile network. -
Page 49: Data Limit Configuration
Configuration 4.3 Mobile WAN Configuration Figure 20: Example of Check Connection Configuration 4.3.5 Data Limit Configuration Item Description Data Limit Specifies the maximum expected amount of data transmitted (sent and received) over GPRS in one billing period (one month). Max- imum value is 2 TB (2097152 MB). -
Page 50: Switch Between Sim Cards Configuration
Configuration 4.3 Mobile WAN Configuration Continued from previous page Item Description Roaming State Configure the use of SIM cards based on roaming. This roaming feature has to be activated for the SIM card on which it is enabled! not applicable – It is possible to use the SIM card every- where. -
Page 51: Parameters For Sim Card Switching
Configuration 4.3 Mobile WAN Configuration Continued from previous page Item Description Initial State Specifies the action of the cellular module after the SIM card has been selected. online – establish connection to the mobile network after the SIM card has been selected (default). offline –... -
Page 52: Mobile Wan Configuration
Configuration 4.3 Mobile WAN Configuration Figure 21: Mobile WAN Configuration UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 53: Examples Of Sim Card Switching Configuration
Configuration 4.3 Mobile WAN Configuration 4.3.7 Examples of SIM Card Switching Configuration Example 1: Timeout Configuration Mark the Switch to default SIM card after timeout check box, and fill-in the following values: Figure 22: Configuration for SIM card switching Example 1 The first attempt to change to the default SIM card is carried out after 60 minutes. -
Page 54: Pppoe Configuration
Configuration 4.4 PPPoE Configuration 4.4 PPPoE Configuration PPPoE (Point-to-Point over Ethernet) is a network protocol which encapsulates PPP frames into Ethernet frames. The router uses the PPPoE client to connect to devices supporting a PPPoE bridge or server. The bridge or server is typically an ADSL router. To open the PPPoE Configuration page, select the PPPoE menu item. -
Page 55: Pppoe Configuration
Configuration 4.4 PPPoE Configuration Continued from previous page Item Description Specifies the Maximum Receiving Unit. The MRU identifies the max- imum packet size, that the router can receive via PPPoE. The default value is 1492 B (bytes). Other settings can cause incorrect data trans- mission. -
Page 56: Backup Routes
Configuration 4.5 Backup Routes 4.5 Backup Routes Using the configuration form on the Backup Routes page, you can back up the primary con- nection with alternative connections to the Internet (mobile network) or enable Multiple WANs mode. It is also possible to prioritize each backup connection option. Switching between con- nections is carried out according to order of priority and the state of the connections. -
Page 57: Backup Routes Configuration
Configuration 4.5 Backup Routes Item Description Enable backup The default route is selected according to the settings below. If dis- routes switching abled (unchecked), the backup routes system operates in the back- ward compatibility mode based on the default priorities of the network interfaces (listed below). -
Page 58: Default Priorities For Backup Routes
Configuration 4.5 Backup Routes Network interfaces belonging to individual backup routes are also checked before use for flags which indicate the state of the interface. (E.g. RUNNING on the Network Status page.) This prevents, for example, the disconnection of an Ethernet cable. You can fill-in one or both Ping IP Addresses (IPv4 and IPv6) –... -
Page 59: Static Routes
Configuration 4.6 Static Routes 4.6 Static Routes Static routes can be specified on the Static Routes configuration page. A static route provide fixed routing path through the network. It is manually configured on the router and must be updated if the network topology was changed recently. Static routes are private routers un- less they are redistributed by a routing protocol. -
Page 60: Firewall Configuration
Configuration 4.7 Firewall Configuration 4.7 Firewall Configuration The first security element for incoming packets is a check of the enabled source IP addresses and destination ports. There is independent IPv4 and IPv6 firewall since there is dual stack IPv4 and IPv6 implemented in the router. If you click the Firewall item in the Configuration menu on the left, it will expand to IPv4 and IPv6 options and you can click IPv6 to enable and configure the IPv6 firewall –... -
Page 61: Filtering Of Incoming Packets
Configuration 4.7 Firewall Configuration access is permitted only to addresses allowed in the table. It is possible to specify up to eight remote IP addresses for access/denial. You can specify the following parameters: Item Description Source IP address the rule applies to. Use IPv4 address in IPv4 Firewall Configuration and IPv6 address in IPv6 Firewall Configuration. -
Page 62: Forwarding Filtering
Configuration 4.7 Firewall Configuration Continued from previous page Item Description Protocol Specifies the protocol the rule applies to: all – The rule applies to all protocols. TCP – The rule applies to TCP protocol. UDP – The rule applies to UDP protocol. GRE –... -
Page 63: Example Of The Ipv4 Firewall Configuration
Configuration 4.7 Firewall Configuration 4.7.1 Example of the IPv4 Firewall Configuration The router allows the following access: From IP address 171.92.5.45 using any protocol. From IP address 10.0.2.123 using the TCP protocol on port 1000. From IP address 142.2.26.54 using the ICMP protocol. from IP address 142.2.26.54 using the TCMP protocol on target ports from 1020 to 1040 See the network topology and configuration form in the Figures below. -
Page 64: Topology For The Ipv4 Firewall Configuration Example
Configuration 4.7 Firewall Configuration Figure 28: Topology for the IPv4 Firewall Configuration Example Figure 29: IPv4 Firewall Configuration Example UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 65: Nat Configuration
Configuration 4.8 NAT Configuration 4.8 NAT Configuration To configure the address translation function, click on NAT in the Configuration section of the main menu. There is independent IPv4 and IPv6 NAT configuration since there is dual stack IPv4 and IPv6 implemented in the router. The NAT item in the menu on the left will expand to IPv4 and IPv6 options and you can click IPv6 to enable and configure the IPv6 NAT –... -
Page 66: Nat Configuration
Configuration 4.8 NAT Configuration Item Description Public Port(s) The public port numbers range for NAT. Enter the initial and final port numbers separated by the hyphen mark. One static port is allowed as well. Private Port(s) The private port numbers range for NAT. Enter the initial and final port numbers separated by the hyphen mark. -
Page 67: Remote Access Configuration
Configuration 4.8 NAT Configuration Continued from previous page Item Description Masquerade outgoing packets Activates/deactivates the network address tran- slation function. Table 31: Remote Access Configuration Enable remote HTTP access on port activates the redirect from HTTP to HTTPS proto- col only. The router doesn’t allow unsecured HTTP protocol to access the web configura- tion. -
Page 68: Examples Of Nat Configuration
Configuration 4.8 NAT Configuration 4.8.1 Examples of NAT Configuration Example 1: IPv4 NAT Configuration with Single Device Connected It is important to mark the Send all remaining incoming packets to default server check box for this configuration. The IP address in this example is the address of the device behind the router. -
Page 69: Topology For Nat Configuration Example 2
Configuration 4.8 NAT Configuration Example 2: IPv4 NAT Configuration with More Equipment Connected In this example, using the switch you can connect more devices behind the router. Every device connected behind the router has its own IP address. Enter the address in the Server IPv Address field in the NAT dialog. -
Page 70: Nat Configuration For Example 2
Configuration 4.8 NAT Configuration Figure 34: NAT Configuration for Example 2 UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 71: Openvpn Tunnel Configuration
Configuration 4.9 OpenVPN Tunnel Configuration 4.9 OpenVPN Tunnel Configuration Select the OpenVPN item to configure an OpenVPN tunnel. The menu item will expand and you will see four separate configuration pages: 1st Tunnel, 2nd Tunnel, 3rd Tunnel and 4th Tunnel. The OpenVPN tunnel function allows you to create a secure connection between two separate LAN networks. - Page 72 Configuration 4.9 OpenVPN Tunnel Configuration Continued from previous page Item Description Remote Interface Specifies the IPv6 address of the interface of opposite side of the IPv6 Address tunnel. Ping Interval Time interval after which the router sends a message to opposite side of tunnel to verify the existence of the tunnel.
-
Page 73: Openvpn Configuration
Configuration 4.9 OpenVPN Tunnel Configuration Continued from previous page Item Description DH Parameters Specifies the protocol for the DH parameters key exchange which you can use for X.509 Certificate authentication in the server mode. Local Certificate Specifies the certificate used in the local device. You can use this authentication certificate for the X.509 Certificate authentication mode. -
Page 74: Openvpn Tunnel Configuration
Configuration 4.9 OpenVPN Tunnel Configuration Figure 35: OpenVPN tunnel configuration UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 75: Example Of The Openvpn Tunnel Configuration In Ipv4 Network
Configuration 4.9 OpenVPN Tunnel Configuration 4.9.1 Example of the OpenVPN Tunnel Configuration in IPv4 Network Figure 36: Topology of OpenVPN Configuration Example OpenVPN tunnel configuration: Configuration Protocol UDP Port 1194 1194 Remote IP Address 10.0.0.2 10.0.0.1 Remote Subnet 192.168.2.0 192.168.1.0 Remote Subnet Mask 255.255.255.0 255.255.255.0... -
Page 76: Ipsec Tunnel Configuration
Configuration 4.10 IPsec Tunnel Configuration 4.10 IPsec Tunnel Configuration To open the IPsec Tunnel Configuration page, click IPsec in the Configuration section of the main menu. The menu item will expand and you will see four separate configuration pages: 1st Tunnel, 2nd Tunnel, 3rd Tunnel and 4th Tunnel. - Page 77 Configuration 4.10 IPsec Tunnel Configuration Continued from previous page Item Description Remote Protocol/Port Specifies Protocol/Port of remote side of the tunnel. The general form is protocol/port, for example 17/1701 for UDP (protocol 17) and port 1701. It is also possible to enter only the number of protocol, however, the above mentioned format is preferred.
- Page 78 Configuration 4.10 IPsec Tunnel Configuration Continued from previous page Item Description IKE Reauthentication Enable or disable IKE reauthentication (IKEv2 only). XAUTH Enabled Enable extended authentication (for IKEv1 only). XAUTH Mode Select XAUTH mode (client or server). XAUTH Username XAUTH username. XAUTH Password XAUTH password.
-
Page 79: Ipsec Tunnel Configuration
Configuration 4.10 IPsec Tunnel Configuration Continued from previous page Item Description Local Certificate Certificate for X.509 authentication or PubKey for public key sig- PubKey nature authentication. Local Private Key Private key for X.509 authentication. Local Passphrase Passphrase used during private key generation. Debug Choose the level of verbosity to System Log. - Page 80 Configuration 4.10 IPsec Tunnel Configuration ******************** server cert ************************************* openssl genrsa -des3 -passout pass:router -out private/server.pem 2048 openssl req -new -key private/server.pem -out tmp/server.req openssl x509 -req -days 7305 -sha1 -extensions v3_req -CA ca.crt -CAkey private/ca.key -in tmp/server.req -CAserial ca.srl -CAcreateserial -out server.crt ******************** client cert ************************************** openssl genrsa -des3 -passout pass:router -out private/client.pem 2048...
-
Page 81: Ipsec Tunnels Configuration
Configuration 4.10 IPsec Tunnel Configuration Figure 37: IPsec Tunnels Configuration UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 82: Example Of The Ipsec Tunnel Configuration In Ipv4 Network
Configuration 4.10 IPsec Tunnel Configuration We recommend that you maintain the default settings. When you set key exchange times higher, the tunnel produces lower operating costs, but the setting also provides less security. Conversely, when you reducing the time, the tunnel produces higher operating costs, but pro- vides for higher security. -
Page 83: Gre Tunnels Configuration
Configuration 4.11 GRE Tunnels Configuration 4.11 GRE Tunnels Configuration GRE is an unencrypted protocol. GRE via IPv6 is not supported. To open the GRE Tunnel Configuration page, click GRE in the Configuration section of the main menu. The menu item will expand and you will see four separate configuration pages: 1st Tunnel, 2nd Tunnel, 3rd Tunnel and 4th Tunnel. -
Page 84: Example Of The Gre Tunnel Configuration
Configuration 4.11 GRE Tunnels Configuration Figure 39: GRE Tunnel Configuration 4.11.1 Example of the GRE Tunnel Configuration Figure 40: Topology of GRE Tunnel Configuration Example UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 85: Gre Tunnel Configuration Example
Configuration 4.11 GRE Tunnels Configuration GRE tunnel configuration: Configuration Remote IP Address 10.0.0.2 10.0.0.1 Remote Subnet 192.168.2.0 192.168.1.0 Remote Subnet Mask 255.255.255.0 255.255.255.0 Table 38: GRE Tunnel Configuration Example Examples of different options for configuration of GRE tunnel can be found in the "GRE Tun- nel"... -
Page 86: L2Tp Tunnel Configuration
Configuration 4.12 L2TP Tunnel Configuration 4.12 L2TP Tunnel Configuration L2TP is an unencrypted protocol. L2TP via IPv6 is not supported. To open the L2TP Tunnel Configuration page, click L2TP in the Configuration section of the main menu. The L2TP tunnel function allows you to create a password protected connection between 2 LAN networks. -
Page 87: Example Of The L2Tp Tunnel Configuration
Configuration 4.12 L2TP Tunnel Configuration 4.12.1 Example of the L2TP Tunnel Configuration Figure 42: Topology of L2TP Tunnel Configuration Example Configuration of the L2TP tunnel: Configuration Mode L2TP Server L2TP Client Server IP Address — 10.0.0.1 Client Start IP Address 192.168.2.5 —... -
Page 88: Pptp Tunnel Configuration
Configuration 4.13 PPTP Tunnel Configuration 4.13 PPTP Tunnel Configuration PPTP is an unencrypted protocol. PPTP via IPv6 is not supported. Select the PPTP item in the menu to configure a PPTP tunnel. PPTP tunnel allows password protected connections between two LANs. It is similar to L2TP. The tunnels are active after selecting Create PPTP tunnel. -
Page 89: Example Of The Pptp Tunnel Configuration
Configuration 4.13 PPTP Tunnel Configuration 4.13.1 Example of the PPTP Tunnel Configuration Figure 44: Topology of PPTP Tunnel Configuration Example Configuration of the PPTP tunnel: Configuration Mode PPTP Server PPTP Client Server IP Address — 10.0.0.1 Local IP Address 192.168.1.1 —... -
Page 90: Services
Configuration 4.14 Services 4.14 Services 4.14.1 DynDNS The DynDNS function allows you to access the router remotely using an easy to remem- ber custom hostname. This DynDNS client monitors the IP address of the router and up- dates the address whenever it changes. In order for DynDNS to function, you require a pub- lic IP address, either static or dynamic, and an active Remote Access service account at www.dyndns.org. -
Page 91: Ftp
Configuration 4.14 Services 4.14.2 FTP FTP protocol (File Transfer Protocol) can be used to transfer files between the router and another device on the computer network. Configuration form of TP server can be done in FTP configuration page under Services menu item. By ticking Enable FTP service item the FTP server on the router is enabled. -
Page 92: Http
Configuration 4.14 Services 4.14.3 HTTP HTTP protocol (Hypertext Transfer Protocol) is internet protocol used for exchange of hyper- text documents in HTML format. This protocol is used for accessing the web server used for user’s configuration of the router. Recommended usage however is of HTTPS protocol, which used encryption for secure exchange of transferred data. -
Page 93: Ntp
Configuration 4.14 Services 4.14.4 NTP The NTP configuration form allows you to configure the NTP client. To open the NTP page, click NTP in the Configuration section of the main menu. NTP (Network Time Protocol) allows you to periodically set the internal clock of the router. The time is set from servers that provide the exact time to network devices. -
Page 94: Snmp
Configuration 4.14 Services 4.14.5 SNMP The SNMP page allows you to configure the SNMP v1/v2 or v3 agent which sends informa- tion about the router (and its expansion ports) to a management station. To open the SNMP page, click SNMP in the Configuration section of the main menu. SNMP (Simple Network Man- agement Protocol) provides status information about the network elements such as routers or endpoint computers. -
Page 95: Oid Basic Structure
Configuration 4.14 Services Activating the Enable I/O extension function allows you monitor the binary I/O inputs on the router. Selecting Enable M-BUS extension and entering the Baudrate, Parity and Stop Bits lets you monitor the meter status connected via MBUS interface. MBUS expansion port is not currently supported, but it is possible to use an external RS232/MBUS converter. -
Page 96: Snmp Configuration Example
Configuration 4.14 Services The list of available and supported OIDs and other details can be found in the "SNMP Object Identifier" application note. You can download the PDF on the Internet at: https://www.doc. hirschmann.com. Figure 50: SNMP Configuration Example UM Configuration OWL LTE M12 Rel. -
Page 97: Mib Browser Example
Configuration 4.14 Services Figure 51: MIB Browser Example In order to access a particular device enter the IP address of the SNMP agent which is the router, in the Remote SNMP agent field. The dialog displayed the internal variables in the MIB tree after entering the IP address. -
Page 98: Smtp
Configuration 4.14 Services 4.14.6 SMTP Use the SMTP form to configure the Simple Mail Transfer Protocol client (SMTP) for sending e-mails. IPv6 e-mail servers are supported. Item Description SMTP Server Address IPv4 address, IPv6 address or domain name of the mail server. SMTP Port Port the SMTP server is listening on. - Page 99 Configuration 4.14 Services Commands and parameters can be entered only in lowercase. Example of sending an e-mail: email –t john@doe.com –s "System Log" -m "Attached" -a /var/log/messages The command above sends an e-mail to address john@doe.com with the subject "System Log", body message "Attached"...
-
Page 100: Sms
Configuration 4.14 Services 4.14.7 SMS Open the SMS page in the Services submenu of the Configuration section of the main menu. The router can automatically send SMS messages to a cell phone or SMS message server when certain events occur. The form allows you to select which events generate an SMS message. -
Page 101: Control Via Sms
Configuration 4.14 Services Remote Control via SMS After you enter a phone number in the Phone Number 1 field, the router allows you to config- ure the control of the device using an SMS message. You can configure up to three numbers for incoming SMS messages. -
Page 102: Control Sms
Configuration 4.14 Services Continued from previous page Description reboot The router reboots get ip The router responds with the IP address of the SIM card Table 52: Control SMS Note: Every received control SMS is processed and then deleted from the router! This may cause a confusion when you want to use AT-SMS protocol for reading received SMS (see section below). -
Page 103: Send Sms On The Serial Port 2
Configuration 4.14 Services Choosing Enable AT-SMS protocol on expansion port 2 and Baudrate makes it possible to use AT-SMS protocol on the serial Port 2. Item Description Baudrate Communication speed on the expansion port 2 Table 54: Send SMS on the serial Port 2 Setting the parameters in the Enable AT-SMS protocol over TCP frame, you can enable the router to use AT-SMS protocol on a TCP port. -
Page 104: List Of At Commands
Configuration 4.14 Services Continued from previous page AT Command Description AT+CSCS Selects the character set AT+CSQ Returns the signal strength of the registered network AT+GMI Returns the manufacturer specific identity AT+GMM Returns the manufacturer specific model identity AT+GMR Returns the manufacturer specific model revision identity AT+GSN Returns the product serial number Determines whether or not the device echoes characters... -
Page 105: Sms Configuration For Example 1
Configuration 4.14 Services Examples of SMS Configuration Example 1 Sending SMS Configuration After powering up the router, the phone with the number entered in the dialog receives an SMS in the following form: Router (Unit ID) has been powered up. Signal strength –xx dBm. After connecting to mobile network, the phone with the number entered in the dialog receives an SMS in the following form: Router (Unit ID) has established connection to mobile network. -
Page 106: Sms Configuration For Example 2
Configuration 4.14 Services Example 2 Sending SMS via Serial Interface on the Port 1 Figure 54: SMS Configuration for Example 2 Example 3 Control the Router Sending SMS from any Phone Number Figure 55: SMS Configuration for Example 3 UM Configuration OWL LTE M12 Rel. -
Page 107: Sms Configuration For Example 4
Configuration 4.14 Services Example 4 Control the Router Sending SMS from Two Phone Numbers Figure 56: SMS Configuration for Example 4 UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 108: Ssh
Configuration 4.14 Services 4.14.8 SSH SSH protocol (Secure Shell) allows to carry out a secure remote login to the router. Configu- ration form of SSH service can be done in SSH configuration page under Services menu item. By ticking Enable SSH service item the SSH server on the router is enabled. Item Description Enable SSH service... -
Page 109: Syslog
Configuration 4.14 Services 4.14.9 Syslog Configuration of system log, called syslog, can be done on this configuration page. Size of this log can be restricted by maximal number of its rows. Optionally, the IP address and UDP port can be configured for the real-time log distribution. Položka Popis Log Size... -
Page 110: 10Telnet
Configuration 4.14 Services 4.14.10 Telnet Telnet is a protocol used to provide a bidirectional interactive text-oriented communication facility with the router. Configuration form of Telnet service can be done in Telnet configuration page under Services menu item. By ticking Enable Telnet service item the Telnet server on the router is enabled. -
Page 111: Expansion Port (Rs232)
Configuration 4.15 Expansion Port (RS232) 4.15 Expansion Port (RS232) Configuration of RS232 interface is accessible on Expansion Port page. In the upper part of the configuration window, the port can be enabled and the type of the connected port is shown in the Port Type item. -
Page 112: Expansion Port Configuration
Configuration 4.15 Expansion Port (RS232) Figure 60: Expansion Port Configuration If you mark the Reject new connections check box, then the router rejects any other connec- tion attempt. This means that the router no longer supports multiple connections. If you mark the Check TCP connection check box, the router verifies the TCP connection. Item Description Keepalive Time... -
Page 113: Dtr Signal Description
Configuration 4.15 Expansion Port (RS232) When you mark the Use DTR as control of TCP connection check box, the router uses the data terminal ready (DTR) single to control the TCP connection. The remote device sends a DTR single to the router indicating that the remote device is ready for communications. Description server Description client Active... -
Page 114: Examples Of The Serial Interface Configuration
Configuration 4.15 Expansion Port (RS232) 4.15.1 Examples of the Serial Interface Configuration Figure 61: Example of Ethernet to serial communication Figure 62: Example of serial interface extension UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 115: Usb Port
Configuration 4.16 USB Port 4.16 USB Port You can use a USB to RS232 converter to send data out of the serial port from the Ethernet network in the same manner as the RS232 expansion port function. To specify the values for the USB port parameters, click USB Port in the Configuration section of the main menu. -
Page 116: Usb Port Configuration 2
Configuration 4.16 USB Port If you mark the Reject new connections check box, then the router rejects any other connec- tion attempt. This means that the router no longer supports multiple connections. If you mark the Check TCP connection check box, the router verifies the TCP connection. Item Description Keepalive Time... -
Page 117: Examples Of Usb Port Configuration
Configuration 4.16 USB Port Figure 63: USB configuration 4.16.1 Examples of USB Port Configuration Figure 64: Example 1 – USB port configuration UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 118: Example 2 - Usb Port Configuration
Configuration 4.16 USB Port Figure 65: Example 2 – USB port configuration UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 119: Scripts
Configuration 4.17 Scripts 4.17 Scripts There is possibility to create your own shell scripts executed in the specific situations. Go to the Scripts page in the Configuration section in the menu. The menu item will expand and there are Startup Script, Up/Down IPv4 and Up/Down IPv6 scripts you can use – there is IPv4 and IPv6 independent dual stack. -
Page 120: Up/Down Scripts
Configuration 4.17 Scripts 4.17.3 Up/Down Scripts Use the Up/Down IPv4 and Up/Down IPv6 page to create scripts executed when the Mobile WAN connection is established (up) or lost (down). There is independent IPv4 and IPv6 dual stack implemented in the router, so there is independent IPv4 and IPv6 Up/Down script. IPv4 Up/Down Script runs only on the IPv4 WAN connection established/lost, IPv6 Up/Down Script runs only on the IPv6 WAN connection established/lost. -
Page 121: Automatic Update Configuration
Configuration 4.18 Automatic Update Configuration 4.18 Automatic Update Configuration Use the Automatic Update menu to configure the automatic update settings. The router can be configured to automatically check for firmware and configuration updates from a HTTP(S) or FTP(S) server. IPv6 sites/servers are supported. Used protocol is specified by an address in Base URL field: HTTP, HTTPS, FTP or FTPS. - Page 122 Configuration 4.18 Automatic Update Configuration The configuration file name consists of Base URL, hardware MAC address of ETH0 inter- face and cfg extension. Hardware MAC address and cfg extension are added to the file name automatically and it isn’t necessary to enter them. When the parameter Unit ID is enabled, it de- fines the concrete configuration name which will be downloaded to the router, and the hardware MAC address in the configuration name will not be used.
-
Page 123: Example Of Automatic Update
Configuration 4.18 Automatic Update Configuration 4.18.1 Example of Automatic Update The following example the router checks for new firmware or configuration file each day at 1:00 a.m. This example is given for the Hirschmann router. Firmware file: https://example.com/OWL-4G-EUANZ.bin Configuration file: https://example.com/test.cfg Figure 68: Example of Automatic Update 1 UM Configuration OWL LTE M12... -
Page 124: Example Of Automatic Update Based On Mac
Configuration 4.18 Automatic Update Configuration 4.18.2 Example of Automatic Update Based on MAC The following example checks for new firmware or configurations each day between 1:00 a.m. and 3:00 a.m. The configuratin file is encrypted, therefore the decryption password was config- ured. -
Page 125: Customization
Programming and compiling of modules is described in the "Programming of User Modules" application note. You can get the PDF at: https://hirschmann-support.belden.com. Figure 71: Added user module User modules can be custom-programmed. Some typical user modules are prepared by Hirchmann and are available on the web site for the download. -
Page 126: Administration
Administration 6 Administration 6.1 Users This configuration function is only available for users assigned the admin role! To assign roles and manage user accounts open the Users form in the Administration section of the main menu. The first frame of this configuration form contains an overview of available users. -
Page 127: Change Profile
Administration 6.2 Change Profile Ordinary users are not able to access router via Telnet, or SFTP. Read only FTP access is allowed for these users. Figure 72: Users 6.2 Change Profile In addition to the standard profile, up to three alternate router configurations or profiles can be stored in router’s non-volatile memory. -
Page 128: Change Password
Administration 6.3 Change Password 6.3 Change Password Use the Change Password configuration form in the Administration section of the main menu for changing your password used to log on the device. Enter the new password in the New Password field, confirm the password using the Confirm Password field, and press the Apply button. -
Page 129: Set Sms Service Center Address
Administration 6.5 Set SMS Service Center Address 6.5 Set SMS Service Center Address The function requires you to enter the phone number of the SMS service center to send SMS messages. To specify the SMS service center phone number use the Set SMS Service Center configuration form in the Administration section of the main menu. -
Page 130: Unblock Sim Card
Administration 6.7 Unblock SIM Card 6.7 Unblock SIM Card On this page you can unblock the SIM card after 3 wrong PIN attempts or change the PIN code of the SIM card. To unblock the SIM card, go to Unblock SIM Card administration page. In both cases enter the PUK code into SIM PUK field and new SIM PIN code into New SIM PIN field. -
Page 131: Backup Configuration
Administration 6.9 Backup Configuration 6.9 Backup Configuration Keep in mind potential security issues when creating backup, especially for user accounts. Encrypted configuration or secured connection to the router should be used. You can save actual configuration of the router using the Backup Configuration item in the Administration menu section. -
Page 132: Restore Configuration
Administration 6.10 Restore Configuration 6.10 Restore Configuration Due to the different format it is not possible to import user accounts backed up on a router of v1 product line (and older) to a router of v2 product line (and newer). The same limmi- tation is for opposite direction. -
Page 133: Update Firmware
Administration 6.11 Update Firmware 6.11 Update Firmware Select the Update Firmware menu item to view the current router firmware version and load new firmware into the router. There is current firmware version and firmware filename written out. When loading the new firmware, it has to have this name. To load new firmware, browse to the new firmware file and press the Update button to begin the update. -
Page 134: Reboot
Administration 6.12 Reboot After the firmware update, the router will automatically reboot: A mechanism to prevent multiple startups of the firmware update is included. Firmware up- date can cause incompatibility with the user modules. It is recommended to update user mod- ules to the most recent version. -
Page 135: Typical Situations
Typical Situations 7 Configuration in Typical Situations Although routers have wide variety of uses, they are commonly used in the following ways. All the examples below are for IPv4 networks. 7.1 Access to the Internet from LAN Figure 84: Access to the Internet from LAN – sample topology In this example, a LAN connecting to the Internet via a mobile network, the SIM card with a data tariff has to be provided by the mobile network operator. -
Page 136: Access To The Internet From Lan - Lan Configuration
Typical Situations 7.1 Access to the Internet from LAN Figure 85: Access to the Internet from LAN – LAN configuration Figure 86: Access to the Internet from LAN – Mobile WAN configuration display information about the newly created network interface, usb0 (mobile connection). You should also see the IP address provided by the network operator, as well as the route table etc. -
Page 137: Backup Access To The Internet From Lan
Typical Situations 7.2 Backup Access to the Internet from LAN 7.2 Backup Access to the Internet from LAN Figure 87: Backup access to the Internet – sample topology The configuration form on the Backup Routes page lets you back up the primary connection with alternative connections to the Internet/mobile network. -
Page 138: Backup Access To The Internet - Mobile Wan Configuration
Typical Situations 7.2 Backup Access to the Internet from LAN Mobile WAN configuration To configure the mobile connection it should be sufficient to in- sert the SIM card into the SIM1 slot and attach the antenna to the ANT connector. (Depending on the SIM card you are using). -
Page 139: Backup Access To The Internet - Backup Routes Configuration
Typical Situations 7.2 Backup Access to the Internet from LAN Figure 90: Backup access to the Internet – Backup Routes configuration You can verify the configured network interfaces in the Status section in the Network item. You will see the active network interfaces: eth0 (connection to LAN), eth1 (wired connection to the Internet) and usb0 (mobile connection to the Internet). -
Page 140: Secure Networks Interconnection Or Using Vpn
Typical Situations 7.3 Secure Networks Interconnection or Using VPN 7.3 Secure Networks Interconnection or Using VPN Figure 91: Secure networks interconnection – sample topology VPN (Virtual Private Network) is a protocol used to create a secure connection between two LANs, allowing them to function as a single network. The connection is secured (encrypted) and authenticated (verified). -
Page 141: Secure Networks Interconnection - Openvpn Configuration
Typical Situations 7.3 Secure Networks Interconnection or Using VPN Mobile WAN configuration The mobile connection can be configured as described in the previous situations. (The router connects itself after a SIM card is inserted into SIM1 slot and an antenna is attached to the ANT connector.) Configuration is accessible via the Mobile WAN item the Configuration section. -
Page 142: Serial Gateway
Typical Situations 7.4 Serial Gateway 7.4 Serial Gateway Figure 93: Serial Gateway – sample topology The router’s serial gateway function lets you establish serial connectivity across the Internet or with another network. Serial devices (meters, PLC, etc.) can then upload and download data. -
Page 143: Serial Gateway - Konfigurace Expansion Port 1
Typical Situations 7.4 Serial Gateway Figure 94: Serial Gateway – konfigurace Expansion Port 1 To communicate with the serial device (PLC), connect from the PC (Labeled as SCADA in Fig. 93) as a TCP client to the IP address 10.0.6.238, port 2345 (the public IP address of the SIM card used in the router, corresponding to the usb0 network interface). -
Page 144: A Maintenance
Maintenance Maintenance Hirschmann is continually working on improving and developing their software. Check regularly whether there is an updated version of the software that provides you with additional benefits. You find information and software downloads on the Hirschmann product pages on the Internet (http://www.hirschmann.com). -
Page 145: B Glossary And Acronyms
Glossary and Acronyms Glossary and Acronyms Backup Routes Allows user to back up the pri- HTTP The Hypertext Transfer Protocol (HTTP) mary connection with alternative connections to is an application protocol for distributed, collab- the Internet/mobile network. Each backup con- orative, hypermedia information systems. - Page 146 Glossary and Acronyms tion, ESP Algorithm, ESP Encryption and much address information in IPv4 headers while in tran- more. It is possible to create four different tun- sit across a traffic routing device. nels. The simplest type of NAT provides a one-to-one translation of IP addresses.
- Page 147 Glossary and Acronyms end and server-to-server. fault uses TCP port 25. The protocol for mail sub- mission is the same, but uses port 587. SMTP RADIUS Remote Authentication Dial-In User connections secured by SSL, known as SMTPS, Service (RADIUS) is a networking protocol that default to port 465.
- Page 148 Glossary and Acronyms of the core members of the Internet protocol suite to a wide area network (WAN) link between the (the set of network protocols used for the Inter- sites. From a user perspective, the extended net- net). With UDP, computer applications can send work resources are accessed in the same way as messages, in this case referred to as datagrams, resources available from the private network.
-
Page 149: Index
Index Index Accessing the router ..... . . Expansion Port Add User ....... . . RS232 . - Page 150 Index Serial line RS232 ....... Serial number ......Mobile network .
-
Page 151: D Recommended Literature
Recommended Literature Recommended Literature Application Notes, the “Installation” user manual, and documentation of several OWL user modules can be found as PDF files for downloading on the Internet at: https://www.doc. hirschmann.com/. UM Configuration OWL LTE M12 Rel. 06.1.09 - 07/2019... -
Page 152: E Further Support
You find the addresses of our partners on the Internet at http://www.hirschmann.com. A list of local telephone numbers and email addresses for technical support directly from Hirschmann is available at https://hirschmann-support.belden.com. This site also includes a free of charge knowledge base and a software download section.
Need help?
Do you have a question about the Hirschmann OWL LTE M12 and is the answer not in the manual?
Questions and answers