1. Manuals
  2. Brands
  3. Vibicom Manuals
  4. Gateway
  5. VB-101
  6. Installation and operation manual

Vibicom VB-101 Installation And Operation Manual

Ruggedized scada-aware router gateway
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Installation and Operation Manual
VB-101
Ruggedized SCADA-
Aware Router Gateway

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the VB-101 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Vibicom VB-101

  • Page 1 Installation and Operation Manual VB-101 Ruggedized SCADA- Aware Router Gateway...
  • Page 3 Manual or the VB-101. You are prohibited from, and shall not, directly or indirectly, develop, market, distribute, license, or sell any product that supports substantially similar functionality as the VB-101, based on or derived in any way from the VB-101. Your undertaking in this paragraph shall survive the termination of this Agreement.
  • Page 4 ATTENTION: The laser beam may be invisible! In some cases, the users may insert their own SFP laser transceivers into the product. Users are alerted that Vibicom cannot be held responsible for any damage that may result if non-compliant transceivers are used. In particular, users are warned to use only agency approved products that comply with the local laser safety regulations for Class 1 laser products.
  • Page 5 Always observe standard safety precautions during installation, operation and maintenance of this product. Only qualified and authorized service personnel should carry out adjustment, maintenance or repairs to this product. No installation, adjustment, maintenance or repairs should be performed by either the operator or the user.
  • Page 6 Before connecting the DC supply wires, ensure that power is removed from the DC circuit. Locate the circuit breaker of the panel board that services the equipment and switch it to the OFF position. When connecting the DC supply wires, first connect the ground wire to the corresponding terminal, then the positive pole and last the negative pole.
  • Page 7 When using shielded or coaxial cables, verify that there is a good ground connection at both ends. The earthing and bonding of the ground connections should comply with the local codes. The telecommunication wiring in the building may be damaged or present a fire hazard in case of contact between exposed external wires and the AC power lines.
  • Page 8 hood, such as flat cables) to sensitive data lines. Before connecting such cables, discharge yourself by touching earth ground or wear an ESD preventive wrist strap. FCC-15 User Information This equipment has been tested and found to comply with the limits of the Class A digital device, pursuant to Part 15 of the FCC rules.
  • Page 9 This section describes the minimum configuration needed to prepare VB-101 for operation. Connecting to Power The VB-101 housing must be grounded before power connection. A good ground connection is essential. Before connecting any cables and before switching on this instrument, the protective ground terminal of this instrument must be connected to the protective ground conductor.
  • Page 10 Installation and Operation Manual Wiring the Power Connector VB-101 power supply can be either 24 VDC (11-36 VDC) or 48 VDC (28-60 VDC). The power connector polarity is shown in Figure 1. To wire the power cable, use the supplied plug connectors and the 18 AWG (1 mm²) wire with insulated ferrules.
  • Page 11 Quick Start Guide 2. Connect the supplied CBL-VB-RJ45-CONSOLE console cable (colored white):  RJ-45 connector to the VB-101 CON port D-SUB (9 pin) connector to your computer serial port  3. Start the PC terminal emulation program and create a new terminal connection.
  • Page 12 IP>. To establish IP management:  • Your computer IP address must be routable with the VB-101 assigned IP address. • Connect your computer to port ETH1 and open your management terminal (PuTTy for example) with SSH port 22.
  • Page 13 Caution Installing or removing a SIM card while the modem is operating can damage the modem. Make sure either VB-101 is turned off or the modem is disabled (cellular disable) before manipulating the SIM card. To install a SIM card into VB-101: ...
  • Page 14 If there is no reply to the ping, check your configuration and make the necessary corrections. Configuring Services Services Traffic Processing Proceed with service configuration (refer to the chapters for details of different scenarios for provisioning supported services). Configuring Services VB-101...
  • Page 15 Power ..........................2-3 Ambient Requirements ...................... 2-3 2.3 Package Contents......................... 2-4 2.4 Required Equipment ......................2-4 2.5 Mounting VB-101 ......................... 2-4 Wall Mounting ........................2-4 Antenna Installation ......................2-6 2.6 Installing a SIM Card ......................2-6 2.7 Connecting to Power ......................2-8 Grounding VB-101 ......................

  • Page 16: Table Of Contents

    VPN Application ......................5-3 SIM Card Status ......................5-3 Factory Defaults ........................ 5-4 Configuring Cellular Interface ..................... 5-5 Examples ........................... 5-8 Retrieving Modem IMEI ....................5-8 Example of SIM Card Status ................... 5-8 Viewing SIM Card Status ..................... 5-9 VB-101...
  • Page 17 Applicability and Scaling ..................... 7-2 Standards Compliance ......................7-2 Benefits ..........................7-2 Functional Description ....................... 7-2 Factory Defaults ........................ 7-3 Configuring VPN Policy Redundancy ................... 7-4 Examples ........................... 7-5 Secondary Cellular Link ....................7-5 Primary Cellular Link ...................... 7-6 Configuration Errors ......................7-6 VB-101...
  • Page 18 Functional Description ..................... 8-33 Configuring Modbus Gateway ..................8-33 Example ........................... 8-34 8.6 Network Address Translation (NAT) ................... 8-36 Functional Description ..................... 8-37 Configuring NAT ....................... 8-37 Example ........................... 8-38 8.7 Open Shortest Path First (OSPF) ..................8-40 Benefits ........................... 8-40 VB-101...
  • Page 19 Files Import ........................10-2 Viewing Files ........................10-3 Resetting with Custom Configurations ................10-3 10.2 Device Information ......................10-3 10.3 Disk Information ........................ 10-4 10.4 License Installation ......................10-4 General License Example ....................10-5 Enhanced License Example ....................10-5 VB-101...
  • Page 20 11.7 Technical Support ......................11-12 Chapter 12. Software Upgrade 12.1 Compatibility Requirements ....................12-1 12.2 Prerequisites ........................12-2 12.3 Upgrading VB-101 Software ....................12-2 12.4 Verifying Upgrade Results ....................12-4 12.5 Upgrading Modem Firmware ....................12-5 12.6 Restoring the Previous Version ................... 12-7 Appendix A.
  • Page 21 IP based variant, enabling the deployment of a mixed network with serial-based and Ethernet-based devices. In this mode, VB-101 operates as a master on the serial bus and as a server in the IP network for the correlating protocol.
  • Page 22 RS-232 (Tunneling) VB-101 VB-101 Figure 1-1. Remote Site Access over the Fiber Link with Cellular Network Redundancy Features The VB-101 offers the L3 dynamic and static routing, SCADA services, stateful firewall, and secure networking. Ethernet • Auto Crossing (MDI/MDIX) •...
  • Page 23 VB-101 can be managed with CLI interface, or with the Realview server. Routing VB-101 incorporates a router for secure and efficient Layer 3 IP connectivity over packet switched networks. VB-101 can be set to perform static or dynamic routing using: •...
  • Page 24 Physical Description Figure 1-2 displays the image of VB-101, with the console port, Ethernet, and serial ports on the front panel, as well as the SIM card compartment. It also shows the bottom panel with the cellular antenna, SFP port, and digital input/output ports, as well as an additional cellular antenna on the top panel.
  • Page 25 Functional Description This section provides a functional description of the VB-101 system. Depending on the ordering option, VB-101 may include the following Ethernet and serial ports: • Two serial RS-232 ports or single RS-232 + RS-485/4W with RJ-45 connectors •...
  • Page 26 106 mm (4.17 in) Width 44.7 mm (1.76 in) Depth 120 mm (4.72 in) Weight 0.6–1.0 kg (1.3 –2.2 lb) Environment Temperature -40 to 70°C (-40 to 158°F) Humidity Up to 95% Rugged enclosure Fanless, IP 30-rated Technical Specifications VB-101...
  • Page 27 Frequency Band North America Europe Air Interface HSPA+ GPRS EDGE EV-DO Rev A Frequency 2100 Bands 1900 1800 2600 1900 WCDMA 2100 1900 CDMA 1xRTT/EV-DO Rev A 1900 Sec 800 BC10 GSM/GPRS/EDGE Quad-Band (850, 900, 1800, 1900) VB-101 Technical Specifications...
  • Page 28 Module 2G GSM - EDGE/GPRS. Quad band 850/900/1800/1900 MHz class 12 HSPA+ Bandwidths HSPA+ UMTS EDGE GPRS UMTS/HSPA+ Uplink 5.76 Mbps 384 kbps 236.8 kbps 85.6 kbps Module Downlink 14.4 Mbps 384 kbps 236 kbps 85.6 kbps Technical Specifications VB-101...
  • Page 29 Band 2 (1900 MHz) Band 3 (1800MHz) Band 3 (1800MHz) Band 5 (850MHz) Band 5 850MHz) Band 4 (1700MHz) Band 8 (900MHz) Band 8 (900MHz) Band 5 (850MHz) Band 7 (2600MHz) Band 8 (900MHz) Band 28 (700MHz) Band 40 (2300MHz) VB-101 Technical Specifications...
  • Page 30 5.76 Mbps 384 kbps 236.8 kbps 85.6 kbps Module Downlink 14.4 Mbps 384 kbps 236 kbps 85.6 kbps Note The maximum data throughput is determined by the cellular service and might be different for downstream and upstream. 1-10 Technical Specifications VB-101...
  • Page 31 Chapter 2 Installation and Setup This chapter provides installation instructions for the VB-101 systems including: • General description of the equipment enclosure and its panels • Mechanical and electrical installation instructions After the system is installed, it must be configured in accordance with the specific user's requirements.
  • Page 32 Installing or removing a SIM card while the modem is operating can damage the Caution modem. Make sure either the modem is disabled (cellular disable) or VB-101 is turned off, before manipulating the SIM card. Laser Safety VB-101 includes Class 1 lasers.
  • Page 33 The ambient operating temperature range of the VB-101 is -40 to 70°C (-40 to 158°F), humidity up to 95%. VB-101 has no fans and is cooled mainly by free air convection. Cooling vents are located in the bottom and upper covers. Do not obstruct these vents. Keep 10 cm distance from top and bottom between VB-101 and any other nearby device for proper cooling using natural air flow.
  • Page 34 Appendix A , or you can order cables from Vibicom. Mounting VB-101 VB-101 is designed as a fixed unit connected in its rear side to an industry-standard DIN rail. The DIN-rail mount is the default VB-101 setup. Wall Mounting The following mounting instructions assume that a standard DIN rail has been previously installed.
  • Page 35 Step 1 Step 2 Figure 2-1. VB-101 DIN Rail Mounting To remove VB-101 from the DIN rail:  1. Loosen the lower clamp with the aid of a screwdriver. 2. Slide the device out and up at the lower edge of the DIN rail.
  • Page 36 1. Screw the antenna on the appropriate connector. Installing a SIM Card VB-101 provides cellular interface that requires an active SIM card. The SIM cards compartment on the front panel can house up to two SIM cards ensuring redundancy and backup of network connectivity.
  • Page 37 Installation and Operation Manual Chapter 2 Installation and Setup To install a SIM card into VB-101:  1. Make sure the device power is turned off. 2. Using a screwdriver, unscrew the screws fastening the SIM compartment. Figure 2-3. SIM Card Compartment Opening 3.
  • Page 38 Grounding VB-101 VB-101 housing contains the power supply module, main processing unit, IO interface modules, and cellular modem. The VB-101 external connectors are located on its front, bottom, and top panels as shown on Figure 2-5 RU N AN T +PWR−...
  • Page 39 Connecting to DC Power VB-101 should be powered from external, separately approved and suitably rated Caution power supply, providing SELV output. VB-101 has the power input, marked as PWR. To wire the voltage, use the Figure 2-5 Figure 2-7 supplied plug connector (see Figure 2-7.

  • Page 40: 2.10 Connecting To Serial Equipment

    To connect the device to a PC using the console port:  1. Connect the RJ45 connector of the console cable to the VB-101 console port designated CON. Note The supplied console cable is colored white. Do not connect the serial grey cables supplied for the user serial port connection to the console port.

  • Page 41: 2.11 Connecting To A Discrete Channel

    Installation and Operation Manual Chapter 2 Installation and Setup 2.11 Connecting to a Discrete Channel VB-101 performs discrete IO tunneling via a terminal block located on the bottom Figure 2-5). Figure 2-8 panel (see Refer to for the terminal block pinout.
  • Page 42 Chapter 2 Installation and Setup Installation and Operation Manual 2-12 Basic Connectivity Tests VB-101...

  • Page 43: Turning On The Unit

    Turning On the Unit When turning on VB-101, it is useful to monitor the power-up sequence. Caution VB-101 does not have a power on/off switch, and will start operating as soon as power is applied. To turn on VB-101: ...
  • Page 44 • SIM2 Blinking: SIM is connected/Data is being transmitted or received • Off: GPRS is disabled The stages of Zero Touch procedure (see Zero Touch Provisioning ) are displayed by the Run LED as in the table below. Indicators VB-101...
  • Page 45 Not present Blink 1 Hz Enabled Failed Blink 1 Hz Enabled PIN lock Blink 1 Hz Enabled PUK lock Blink 1 Hz Enabled Connecting Enabled Connected Enabled Connected - secondary Enabled Connected - alternative Enabled Connected and traffic VB-101 Indicators...

  • Page 46: Startup

    Note To remove user configurations, first delete user-default-config, then delete startup-config. User configuration is stored in text format, so it can be edited after being exported to your PC. Then the edited file can be imported to VB-101. Startup VB-101...

  • Page 47: Loading Sequence

    To save user configuration:  VB-101# commit Building configuration ... [OK] To remove all user configurations and set VB-101 to the factory defaults:  VB-101# delete startup-cfg Completed OK, reboot to activate VB-101# Loading Sequence...

  • Page 48: Standards Compliance

    Installation and Operation Manual The production stage of the off-net Zero Touch includes preparation of the Artifact and other information elements. This stage is provided by Vibicom as a separate service and must be preordered with your device. Before ordering the...

  • Page 49: Factory Defaults

    Bootstrapping phase completed Check if the device enrollment trap was process not successfully, but no response was received by the REALview server confirmed received on the enrollment trap. • Check if the REALview server is reachable VB-101 Zero Touch Provisioning...

  • Page 50: Viewing Status

    HyperTerminal. To start a terminal control session:  1. Connect the RJ-45 connector of the console cable to the VB-101 console port designated CON. Note The supplied console cable is colored white. Do not connect the serial grey cables supplied for the user serial port connection to the console port.

  • Page 51: Default Configuration

    CLI-Based Configuration The CLI (Command Line Interface) is used to configure VB-101 from a console attached to the serial port of the router or from a remote terminal using SSH. The following table lists the CLI environments and modes.

  • Page 52: Battery Maintenance

    Chapter 3 Operation and Maintenance Installation and Operation Manual Battery Maintenance The VB-101 system has an integrated battery used for system parameters backup. Caution Battery replacement should be done by the manufacturer or an authorized party on its behalf. There is a risk of explosion when using the wrong battery type.

  • Page 53: Chapter 4. Service Provisioning

    Chapter 4 Service Provisioning This chapter presents information on services supported by VB-101. Dynamic Multipoint VPN Figure 4-1 illustrates a typical Ethernet service created between VB-101 (Spoke) Table 4-1 Table 4-2 and VB-102 (Hub). detail configuration steps required for service provisioning in Ethernet and cellular setups.
  • Page 54 LAN traffic prefix <aa.bb.cc.dd/xx> physical- be associated with designated to eth1 interface eth1 purpose application- previously created VLAN port host admin-status enable Enable the cellular cellular enable application mode cellular settings update default- route yes Dynamic Multipoint VPN VB-101...

  • Page 55: Dynamic Multipoint Vpn

    IPsec Configuration ipsec isakmp update my-id HUB.vibi.com ipsec preshared create id <HUB.vibi.com> key <secretkey> ipsec preshared create id <RTU1.vibi.com> key <secretkey> ipsec isakmp update id-type fqdn ipsec policy create protocol gre ipsec enable commit VB-101 Dynamic Multipoint VPN...

  • Page 56: Terminal Server

    A router acting as the terminal server can be connected to the serial end device (managed station) via local connection to its RS-232 ports, or via UDP connection to a remote VB-101 connected to the serial device. In this case, the transparent serial tunneling over the IP network (encapsulation of serial data in UDP/TCP packets) is used.
  • Page 57 1 port <1-2> service-id <1-100> Define device application terminal-server parameters Configure the terminal terminal-server admin-status enable server terminal-server settings update low- border-telnet-tcp-port <2001- 65434> buffer-mode byte terminal-server tcp-service create service-id <1-100> remote-address <aa.bb.cc.dd> telnet-port <port- num> commit VB-101 Terminal Server...

  • Page 58: Network Connection Configuration

    <aa.bb.cc.dd/xx> physical- interface eth2 purpose application- host Assign static route for router static the remote router LAN enable Define device subnet configure terminal parameters ip route <dest network IP address/subnet> <gateway IP address> write memory exit exit Terminal Server VB-101...

  • Page 59: Transparent Serial Tunneling

    <aa.bb.cc.dd> telnet-port <port- num> commit Transparent Serial Tunneling This section describes how to provision serial tunneling services. Figure 4-4 illustrates a typical service created between two VB-101 devices. Table 4-5 details the configuration steps needed for service provisioning. VB-101A VB-101B Define Application...
  • Page 60 Service ID: For the local remote end and remote end point the position (master/slave) point service ID must be parameters identical. • Position: For local and remote end point one must be “master” and one must be “slave” Transparent Serial Tunneling VB-101...

  • Page 61: Chapter 5. Ports

    Tagged packets accessing the port are routable to a relevant VLAN IP interface. Untagged packets accessing the port are routable with IP interface set to be in the same subnet as the packets origin (if such is available in VB-101). Configuring Ethernet Ports...

  • Page 62: Cellular Interface

    Functional Description Modems VB-101 supports two models of cellular modems: CSL A and CSL B. The following ordering options are available for both LTE modems: • European type frequencies and bands (LTEEU) •...

  • Page 63: Vpn Application

    BTS/eNB VB-101/ VB-102 BTS/eNB 2G/3G VB-101/ VB-102 Figure 5-1. VB-101 Operation via GPRS/UMTS Modem The cellular connection is typically used with the following services: • DMVPN • The following topologies are supported: • Point-to-Point: single spoke to a single hub •...

  • Page 64: Factory Defaults

    SIM card failure (secondary SIM card status). Caution Installing or removing a SIM card while the modem is operating can damage the modem. Make sure either the modem is disabled (cellular disable) or VB-101 is turned off before manipulating the SIM card. Factory Defaults The default cellular modem status is disabled.

  • Page 65: Configuring Cellular Interface

    {apn-name <name>} [operator-name <name>] [pin <pin>] [user-name <name>] [password <password>] [radio-access- technology {auto |2G |3G |2Gthen3G |3Gthen2G| 4G| 4Gthen3Gthen2G| 4Gthen3G}] [flow-control {enable | disable}] [dialer-number <number>] [auth-type <none | pap | chap>] - show - refresh - network {show} - connection {show} VB-101 Cellular Interface...
  • Page 66 Power-down: retrieve the IMEI identifier of the modem Send command at+cgsn: • The modem must be enabled for these commands to take effect. • get: retrieve the identifiers of the modem. iccid| imei| model| version Cellular Interface VB-101...
  • Page 67 (optional). Allowed characters: 0..9, *,#. uth-type: cellular connection authentication type. • None – no authentication • PAP – password authentication protocol • CHAP – Challenge handshake authentication protocol wan show Show configuration and status of SIM cards VB-101 Cellular Interface...

  • Page 68: Examples

    CELL Retrieving Modem IMEI The example below shows the retrieval of the IMEI identifier of the modem. To show the IMEI in the CLI:  VB-101# cellular disable cellular modem power-up Completed OK cellular modem send command at+cgsn...

  • Page 69: Viewing Sim Card Status

    1 has been enabled, while the SIM card in slot 2 has been disabled. To view the SIM card status in the CLI:  1. Use cellular wan show command to verify the status of the SIM cards. VB-101 Cellular Interface...

  • Page 70: Serial Ports

    Each of the serial ports can be configured to work in one of the following operation modes: • Transparent Tunneling • Terminal Server • Protocol Gateway Two serial interfaces are available in VB-101. Table 5-1 specifies the relevant configuration areas according to the application type. 5-10 Serial Ports VB-101...

  • Page 71: Functional Description

    Table 5-3. Application Mode Configurations Parameter Transparent Tunneling Terminal Server 101/104 Gateway baudrate databits stopbits allowed-latency bus-idle-time parity dtr-dsr rts-cts local-dsr-delay local-cts-delay Functional Description RS-232 Port The VB-101 RS-232 ports are terminated with RJ-45 connectors. VB-101 Serial Ports 5-11...

  • Page 72: Port

    Factory Defaults The serial ports default state is non-configurable. VB-101# serial port show +-----+------+------+-----+------+------+------+--------+------+---------+----------+----------- | idx | slot | port | bus | mode | baud | data | parity | stop | latency | max-data |...
  • Page 73 Show : display the version and the provision state of the serial processor port slot 1 port <> Create/update the serial port clear counters Clear counters create | update Slot 1 (constant) Port port number 1-2 VB-101 Serial Ports 5-13...
  • Page 74 Service id: numeric value of serial service. Position: N/A - Slave – point to multipoint Master – point to multipoint Primary-master - Application: Serial-tunnel (default) Terminal-server iec101-gw modbus-gw buffer mode: byte (default) frame protocol: any (default) modbus_rtu 5-14 Serial Ports VB-101...
  • Page 75 Defines the remote end points in a transparent serial tunneling service. create remote-address: IPv4 address A.B.C.D Service id: numeric value of serial service. <1- 100. Position: Slave Master Primary-masterConnection mode: udp – default Buffer mode: byte – default VB-101 Serial Ports 5-15...

  • Page 76: Example

    1 port 1 port create slot 1 port 2 commit Viewing Serial Port Status Indicators VB-101 serial port has a LED indicator to display its current status. See in Chapter 3 for the serial port LED state description. 5-16 Serial Ports VB-101...

  • Page 77: Chapter 6. Management And Security

    Chapter 6 Management and Security This chapter provides general operating instructions and preliminary configuration instructions for VB-101 units. Access Control List (ACL) Access control lists are used to flexibly filter and mark incoming and management traffic. The router verifies each packet to determine whether to forward it or drop, based on the criteria specified in the access lists.

  • Page 78: Access Groups

    There is no need to reassign the ACL to ACG. • To delete a rule relating to ACL, the entire ACL should be deleted. Configuring ACL The ACL configuration tasks are performed at the ip access-list level. Access Control List (ACL) VB-101...
  • Page 79 {acl-num that the packet is destined for and <1001-65535>} [rule-name <>] [priority <1- the network mask to use with the 128>] {src-ip [any| <a.b.c.d>]| <a.b.c.d/e>} destination IP address. {dst-ip [any| <a.b.c.d>]| <a.b.c.d/e>} VB-101 Access Control List (ACL)

  • Page 80: Examples

    Flushing the ACL ip access-group flush interface [all| eth1| eth2| assignment from a cellular] specific interface or from all interfaces. Examples Figure 6-1 illustrates the VB-101 ACL functionality. Access Control List (ACL) VB-101...
  • Page 81 VB-1011# ip access-list extended deny icmp acl-num 1010 priority 20 src-ip 192.168.1.250 dst-ip 192.168.2.101 VB-101# ip access-list extended permit tcp acl-num 1010 priority 40 src-ip any dst-ip 192.168.2.101 VB-101# ip access-list extended deny tcp acl-num 1010 priority 30 src-ip any dst-ip 192.168.1.101...

  • Page 82: Authentication Via Tacacs+ Server

    VB-101# ip access-list extended create acl-num 1010 VB-101# ip access-list extended permit icmp acl-num 1010 priority 10 src-ip 192.168.1.250 dst-ip 192.168.1.101 VB-101# ip access-list extended deny icmp acl-num 1010 priority 255 src-ip any dst-ip 192.168.1.101 VB-101# ip access-list extended create acl-num 1020...

  • Page 83: Factory Defaults

    TACACS+ is commonly used for embedded network devices such as routers, modem servers, and switches. Note VB-101 supports up to five authorized users. The list of CLI commands for the configuration of TACACS is as follows: • tacacs-server add host •...

  • Page 84: Viewing Tacacs Status

    1. Set the authentication mode to TACACS. VB-101# login authentication tacacs-local 2. Configure the server list. VB-101# tacacs-server add host 192.168.1.250 key Ab11#59 retries 5 timeout 50 port 49 VB-101# tacacs-server add host 172.18.212.230 key Ab11#RF 3. Configure a default server.

  • Page 85: Snmp Management

    Simple Network Management Protocol (SNMP) is an application layer protocol that provides a message format for communication between managers and agents. VB-101 supports SNMPv3, the latest SNMP version to date. SNMPv3 provides secure access to devices in the network by using authentication and data encryption.

  • Page 86: Snmp Security Level

    With authentication and with privacy – the best protection level SNMPv3 Administrative Features The administrative features of SNMPv3 enable definition of the entities that are allowed to manage an entity; for example, VB-101. There are two administrative elements: • User management. During SNMPv3 configuration, it is necessary to define allowed users and their security attributes.

  • Page 87: Configuring Snmpv3 Parameters

    5. Add notification entries with assigned traps and tags. 6. Configure target parameter sets to be used for targets. 7. Configure targets (SNMPv3 network management stations to which VB-101 should send trap notifications), specifying target parameter sets, notification tags, and trap synchronization groups if applicable.
  • Page 88 <name> connect security name [admin-status {disabled | enabled}] Displaying active alarms show active-alarms [minimum- severity {critical | major | minor}] Displaying the alarms show alarm-list [source-type list <name>] [severity {critical | major | minor}] 6-12 SNMP Management VB-101...
  • Page 89 [privacy-protocol {des | aes128 | none}] • Privacy cannot be set for a non- [{authentication-password authorized (none-auth) user <password> | authentication- key-change <key-change>}] [{privacy-password <password> | privacy-key-change <key- change>}] [admin-status {disabled | enabled}] VB-101 SNMP Management 6-13...

  • Page 90: Examples

    VB-101# snmp user create security-name MD5_priv authentication-protocol md5-auth privacy-protocol des authentication-password 1234567891 privacy-password 1234567891 admin-status enabled VB-101# snmp access-group create name MD5Group security-level auth-priv notify-view view-all read-view view-all write-view view-all admin-status enabled VB-101# snmp security-to-group create security-model usm security-name MD5_priv group-name MD5Group admin-status enable To display SNMPv3 information: ...
  • Page 91 Installation and Operation Manual Chapter 6 Management and Security EngineID : 800000a403222222222222 To display the alarm list:  VB-101# snmp show alarm-list Source Name Severity ------------------------------------------------- Alarm-input alarm_input Minor Cellular-if interface_down Major linkDown Critical To display the event list: ...
  • Page 92 Chapter 6 Management and Security Installation and Operation Manual 6-16 VB-101...

  • Page 93: Chapter 7. Resiliency

    The typical flow is as follows: 1. SIM card CONNECTING status results in FAILED status instead of CONNECTED (connection attempt may take approximately two minutes and is non- configurable). 2. A counter summarizes the connection attempts for both SIM cards. VB-101 Cellular Backup...

  • Page 94: Policy-Based Ipsec Vpn Redundancy

    To prevent VB-101 continuous switching back and forth between the policies, you can define a period of time (wait-to-restore) that VB-101 should wait before an attempt to connect via the main policy. Policy-based IPsec VPN Redundancy...

  • Page 95: Factory Defaults

    The decision to switch to the secondary tunnel is taken upon IPsec policy closing by the DPD mechanism (you can change DPD parameters if needed). If such closing occurs, VB-101 immediately switches to the secondary policy. In case the secondary policy is closed by the DPD mechanism, the device switches immediately to the primary policy.

  • Page 96: Configuring Vpn Policy Redundancy

    To configure a backup tunnel with the web interface:  1. Navigate to Configuration > Services > VPN > IPsec > Policy. 2. Click the <+> button to add a new policy. The IPsec Policy Creation page is opened. Policy-based IPsec VPN Redundancy VB-101...

  • Page 97: Examples

    Secondary Cellular Link Tunnel External Address IP: 11.11.11.11 IP: 211.2.2.44 ETH1.4 Primary IP: 210.4.4.25/24 ppp0 VB-101 Secondary 3G/LTE Wireless Network Figure 7-3. IPsec Policy Redundancy #*********Configure router interface router interface create address-prefix 210.4.4.25/24 vlan 4 #*********Configure IPsec policy in tunnel mode ipsec policy create mode tunnel protocol any src-address-prefix 10.10.10.10/24 src-port 222...

  • Page 98: Primary Cellular Link

    First, delete the configured policy-redundancy is configured. it had a configured policy redundancy. policy redundancy, then Remove first policy-redundancy. deleted the IPsec policy. Viewing Policy Redundancy Status The reported status depends on specifying the redundancy-group-id parameter. Policy-based IPsec VPN Redundancy VB-101...
  • Page 99 ==========================+==============+============+============+=======+ [D] 100.71.239.19,[ppp0] | 5.5.5.5 primary --------------------------+--------------+------------+------------+-------+ Total: 1 VB-101# VB-101# ipsec show policy redundancy-group-id 1 IPSec policy redundancy database +-----+-----------------+----------------+-------+--------+ | VRF | from | proto | mode +=====+=================+================+=======+========+ | N/A | 2.2.2.2/24[any] | 0.0.0.0/0[any] | | tunnel | +-----+-----------------+----------------+-------+--------+ | N/A | 2.2.2.2/24[any] | 0.0.0.0/0[any] |...
  • Page 100 Chapter 7 Resiliency Installation and Operation Manual VB-101# Policy-based IPsec VPN Redundancy VB-101...

  • Page 101: Chapter 8. Traffic Processing

    Chapter 8 Traffic Processing This chapter explains how to configure networking entities in VB-101. Border Gateway Protocol (BGP) BGP is a path-vector protocol for dynamic routing, used for route distribution between Autonomous Systems (AS) across the internet and other large networks.

  • Page 102: Show Me Demo

    Each BGP router recognizes a limited list of BGP neighbors from which it receives route updates and to which it advertises route updates. A BGP neighbor relationship needs to be manually defined on both BGP routers. BGP routers identify neighbors by their IP addresses and AS numbers. Border Gateway Protocol (BGP) VB-101...

  • Page 103: As-Internal Destination Injection

    By default, BGP is not configured on VB-101 router. Configuring BGP You can configure BGP on a VB-101 router that is at the boundary of an AS, after the router itself has been properly configured. To configure BGP properly, you need to know your network BGP design, including the router’s IP address and...

  • Page 104: Viewing Bgp Status

    DNP3 (Distributed Network Protocol) is a set of communications protocols used in SCADA applications. The VB-101 features gateway functionality between a DNP3 TCP client (master) and a DNP3 Serial RTU. A DNP3 gateway is configured with a terminal server using the TCP port 20000 protocol.

  • Page 105: Iec 101 To Iec 104 Protocol Gateway

    IEC 101 to IEC 104 Protocol Gateway The VB-101 application module features the IEC 101 to EIC 104 gateway. The IEC 101 and IEC 104 protocols are fully integrated in the application module allowing the IEC 101 slave devices to be represented in the IP network as an IEC 104 server and to be addressed by the IEC 104 clients located in this network.

  • Page 106: Applicability And Scaling

    IEC 101 device parameters - the physical link properties (baud-rate, parity, stop bits) should be configured for the serial interfaces. Besides this, the IEC 101 addressing information should be provided, and the devices have to be assigned to the IEC 104/101 gateway. IEC 101 to IEC 104 Protocol Gateway VB-101...

  • Page 107: Modes Of Operation

    The IEC 101/104 gateway supports two IEC 101 devices operation modes defined by the standard. Figure 8-3 Balanced Mode is illustrated on . Up to 24 unique IEC-101 servers can be supported by each single gateway. Figure 8-3. IEC 101 Balanced Operation mode VB-101 IEC 101 to IEC 104 Protocol Gateway...

  • Page 108: Iec 101 Properties

    Link address field • Not present (balanced transmission only) • One octet • Two octets • Structured values translation • Unstructured Application layer ASDU common address • One octet • Two octets IEC 101 to IEC 104 Protocol Gateway VB-101...

  • Page 109: Iec 101/104 Gateway Configuration Flow

    Set static or dynamic routing if needed to reach the IEC 104 Client. d. Verify by the following methods: • Ping between the IEC 104 client (SCADA) and the VB-101 designated IP interface. • Verify VB-101 connection using the iec101-gw show all command.

  • Page 110: Configuring Iec 101/104 Gateway

    [up| down] show - remove - remove all local-end-point create create {slot <1>} {port <1-2>} {application <iec101-gw>}{service-id <1-100>} [position <slave>] - remove {slot <1>} {port <1-2>} {service-id <1-100>} - show iec101-gw 8-10 IEC 101 to IEC 104 Protocol Gateway VB-101...
  • Page 111 In the latter case, should be configured as the address which is set at the 104 Client for the server. A decimal value of 1-255 or 1-65534 is allowed depending if VB-101 IEC 101 to IEC 104 Protocol Gateway 8-11...
  • Page 112 IO object length. Permissible ioa_len – values are 1|2|3 bytes. Should be identical to the configuration at the 101 slave. physical interface where the [add_ioa_trans>| Slot, Port: remove_ioa_trans] 101 slave is connected at. 8-12 IEC 101 to IEC 104 Protocol Gateway VB-101...

  • Page 113: Example

    Time-out for sending test frames in case of a long idle state Example Figure 8-5 illustrates IEC 101/104 connection setup using VB-101 as a gateway. Figure 8-5. IEC 101/104 Gateway Setup 1. Configure the gateway IP interface. VB-101 IEC 101 to IEC 104 Protocol Gateway...
  • Page 114 2. Configure the serial port properties. The mode-of-operation field must be set to transparent. The port properties (baud rate, parity, stop bits, data bits etc.) must be identical to the IEC 101 server port, connected to VB-101. serial port create slot 1 port 1 mode-of-operation transparent baudrate 9600 parity even 3.

  • Page 115: Ipsec

    COT LEN | IOA LEN | CMN (UB) | LINK (UB) | +======+======+===========+======+=========+=========+=========+==========+=== ======+=========+==========+===========+ AUTO +------+------+-----------+------+---------+---------+---------+----------+--- ------+---------+----------+-----------+ VB-101# IPsec Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet of a communication session. Functional Description IPsec is mandatory for configuration when the following VPNs are used: •...

  • Page 116: Isakmp

    (X.509). Note The use of IPsec with x.509 is only possible when the ike-phase1-mode is set to aggressive. Diffie-Hellman Key Exchange Diffie–Hellman key exchange is a specific method of securely exchanging cryptographic keys over a public channel. 8-16 IPsec VB-101...
  • Page 117 In RSA, this asymmetry is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem. The algorithm uses a digital certificate authenticated by an RSA signature. VB-101 IPsec 8-17...
  • Page 118 The user generates certificates from a trusted source and imports these to the VPN parties (Hubs, Spokes). Note The certificate file is not saved when VB-101 has been upgraded. After the upgrade, generate the certificates again. Two files are required, one is the certificate itself and the other is the key. The files should have extensions of .crt and .key.
  • Page 119 128 and 256 key size options  symmetric algorithm   Triple Data Encryption Algorithm (3DES) comprises of three DES keys, K1, K2 and K3, each of 56 bits  • Authentication s HASH algorithms Secure Hash Algorithm SHA-1 (160 bit)  VB-101 IPsec 8-19...
  • Page 120 ISAKMP Phase 2 This phase includes the SA negotiation to secure the VPN GRE data using IPsec. Modes VB-101 supports the Transport mode between end-stations running IPsec (the VPN parties). Perfect Forward Secrecy (PFS) The PFS is a part of the key agreement session and assigned to ensure that a session key derived from the long-term public and private keys are not compromised if one of the private keys (long-term) is compromised.

  • Page 121: Factory Defaults

    | phase1 lifetime 86400 +--------------------------------+----------------+ | Diffie Hellman group modp1024 +--------------------------------+----------------+ | phase2 encryption algo 3des +--------------------------------+----------------+ | phase2 auth algo hmac_md5 +--------------------------------+----------------+ | phase2 lifetime 86400 +--------------------------------+----------------+ | PFS group modp1024 +--------------------------------+----------------+ | Soft lifetime +--------------------------------+----------------+ VB-101 IPsec 8-21...

  • Page 122: Configuring Certificates

    SCEP server. For example http://vibicom.com scep-password-string: authentication password at server. key-size: 1024| 1536| 2048. Default 2048. Large key size enhances security but is slower to generate. enrollment-method: file-based| online-scep. Default online- scep. file-based is not supported in this version. 8-22 IPsec VB-101...
  • Page 123 (no automatic message). remove name: the name of the certificate with which it was saved when generated/ imported. show name: the name of the certificate with which it was saved when generated/ imported. VB-101 IPsec 8-23...
  • Page 124 To import the certificate files in the CLI:  1. Import the key file. VB-101# rsA-signature import tftp://172.17.203.31/IPsec.key RSA signature file (IPsec.key) imported successfully 2. Import the certificate file. VB-101# rsA-signature import tftp://172.17.203.31/IPsec.crt RSA signature file (IPsec.crt) imported successfully 3.
  • Page 125 Chapter 8 Traffic Processing VB-101# show rsA-signature list IPsec.crt IPsec.key 4. Activate the certificate. VB-101# ipsec rsa-signature activate crt-file IPsec.crt key-file IPsec.key rsa-sig-name test_1 5. Update the IPsec ISAKMP to use the certificate instead of the PSK. ipsec isakmp update authentication-method rsasig Note The IPsec ISAKMP parameter my id is not of importance when using certificates as the authentication method.

  • Page 126: Configuring Ipsec

    | aes-256> phase1-hash-algo <md5 |sha1 |sha256 |sha512> - phase2-auth-algo < hmac_md5 | hmac_sha1 | hmac_sha256 | hmac_sha512> phase2-encryption-algo <3des |aes-128 |aes-256> - phase1-lifetime <86400,(180-946080000)> phase2-lifetime <86400,(180- 946080000)> - rsa-sig-name <name> + policy {create | remove | show} 8-26 IPsec VB-101...
  • Page 127 (default) (DH group 2) • modp1536 (DH group 3 and 5) • modp2048 (DH group 14) • modp3072 (DH group 15) • modp4096 (DH group 16) • modp6144 (DH group 17) • modp8192 (DH group 18) VB-101 IPsec 8-27...
  • Page 128 No need to set value in “my-id” as it will automatically use a valid IP address. If “id-type” is set to “fqdn”: “my-id” should be set with a domain name format. for example : * Spoke.vibicom.com Set the type of form used for the IPsec local id-type 8-28 IPsec...
  • Page 129 IP interface. Address : this option is not supported in current version. fqdn : the units own preshared ID is in a domain name format. For example spoke.vibicom.com none default : Internet Key Exchange mode type use for ike-phase1-mode Phase 1.
  • Page 130 : name of the policy Show IPsec show Show all available IPsec tunnel status: tunnel-status UP/DOWN Applicable for global router and VRF if exists Note Configuring IPsec tunnel can be performed only after configuring NTP. 8-30 IPsec VB-101...

  • Page 131: Configuring Vpn Ipsec Policy

    +--------------------------------+-----------------------+ | DPD delay +--------------------------------+-----------------------+ | DPD retry +--------------------------------+-----------------------+ | DPD max fail +--------------------------------+-----------------------+ | phase1 IKE mode aggressive +--------------------------------+-----------------------+ | phase1 encryption algo aes 128 +--------------------------------+-----------------------+ | phase1 hash algo sha1 +--------------------------------+-----------------------+ | phase1 lifetime 86400 VB-101 IPsec 8-31...

  • Page 132: Configuration Errors

    Corrective Action Error: can’t remove policy while You tried to delete an IPsec policy while it First, delete the configured policy-redundancy is configured. had a configured policy redundancy. policy redundancy, then Remove first policy-redundancy. deleted the IPsec policy. 8-32 IPsec VB-101...

  • Page 133: Modbus Gateway

    Installation and Operation Manual Chapter 8 Traffic Processing Modbus Gateway VB-101 can serve as an Ethernet gateway between RS232 Modbus RTU and Modbus TCP client (SCADA). Modbus TCP to Modbus ASCII gateway is not available. The Modbus RTU slave is connected to the router RS-232 serial port via an RS-232 link.
  • Page 134 TCP session before dropping it <500- 100,000> msec. Add a gateway instance. add-gw Add a Modbus RTU station id to a serial port add-id and a gateway instance Remove a gateway instance. Remove-gw 8-34 Modbus Gateway VB-101...

  • Page 135: Example

    ETH1: 1– 192.168.40.10 192.168.40.11 MB RTU ETH1 MB Slave MB Client Id = 3 VB-101 Gateway Figure 8-7. Modbus Gateway Setup To configure the Modbus gateway:  1. Assign IP interface. router interface create address-prefix 192.168.40.10/24 physical-interface eth1 description client admin-status enable purpose application-host 2.
  • Page 136 | 192.168.40.10/24 | | RS232 | +----------+------------------+---------+------+------+-------+ [modbus-gw/] debug show-serial-points Serial points: slot:1, port:1, pointer:0x1007c408 [modbus-gw/] debug show-server-points Server points: IP addr:192.168.40.10, GwId:4, Subnet mask:255.255.255.0, pointer:0x10081580, [modbus-gw/] debug map-units-on-bus-show List of units for slot[1] port[1]: Port mapping ended 8-36 Modbus Gateway VB-101...

  • Page 137: Network Address Translation (Nat)

    The NAT router serves both a routing function and security layer, providing WAN traffic access to the LAN. Functional Description Figure 8-8. NAT Networking PC communication towards the server depends on the VB-101 router NAT configuration: • Static NAT only: the PC is not able to initiate a session towards the server.

  • Page 138: Example

    NAT configuration that allows the PC located out of the LAN to connect to the LAN. The PC can manage VB-101 using the switch private interface, and Telnet session with the server located in the LAN.
  • Page 139 3. Configure static NAT to direct WAN traffic targeted to 192.168.10.11 with port Telnet (23) towards 10.10.10.10. This configuration allows the PC to manage VB-101. router nat static create original-ip 192.168.10.11 modified-ip 10.10.10.10 original-port 23 modified-port 23 protocol tcp 4.

  • Page 140: Open Shortest Path First (Ospf)

    Installation and Operation Manual [router/]nat dynamic show +---------+---------+-------------+ | Rule-Id | If-Name | Description | +=========+=========+=============+ | eth2:2 +---------+---------+-------------+ VB-101#router nat static show +---------+-----------------+-------------------+----------+----------------- +-------------------+ | Rule-Id | Original-Dst-IP | Original-Dst-Port | Protocol | Modified-Dst-IP | Modified-Dst-Port | +=========+=================+===================+==========+=================+ ===================+ 192.168.10.11...

  • Page 141: Configuring Ospf

    IP interface The interface will be named eth1.<vlan id> Note: To remove a router interface, perform the following: 1. Set commit. 2. Reboot VB-101. 3. Type router interface remove interface-id <num>. enable router ospf Enter configuration mode configure terminal router ospf –...

  • Page 142: Examples

    1 no ports fa 0/1-2 untagged fa 0/1-2 exit 2. Assign VLANs and corresponding IP interfaces. vlan 101 ports fastethernet 0/1 exit vlan 102 ports fastethernet 0/2 exit interface vlan 101 8-42 Open Shortest Path First (OSPF) VB-101...
  • Page 143 102 shutdown ip address 172.18.102.202 255.255.255.0 no shutdown exit interface vlan 103 shutdown ip address 172.18.103.202 255.255.255.0 no shutdown exit 3. Configure OSPF. router ospf router-id 10.10.10.102 network 172.18.102.202 255.255.255.0 area 0.0.0.0 VB-101 Open Shortest Path First (OSPF) 8-43...
  • Page 144 Configuring S4 1. Remove the network ports from default VLAN 1. config vlan 1 no ports fa 0/4,0/1 untagged fa 0/1,0/4 exit 2. Assign VLANs and the corresponding IP interfaces. vlan 101 8-44 Open Shortest Path First (OSPF) VB-101...

  • Page 145: Configuring Ospf With The Web Interface

    10. Click the Areas button to display the OSPF Areas page. 11. Set the areas parameters. 12. Click the General button to display the front page. 13. Set the router parameters and click <Apply>. 14. Click <Enable> to enable the OSPF router. VB-101 Open Shortest Path First (OSPF) 8-45...

  • Page 146: Setting Ospf Cost

    QoS allows setting priority for serial services. Configuring QOS - mark-rule create {[src-ip <A.B.C.D/E>]| [dest-ip <A.B.C.D/E>]} [{protocol {tcp| udp}} [src-port <1-65535>] [dest-port <1-65535>]] {dscp <0-63>} - mark-rule remove {src-ip <A.B.C.D/E>} [dest-ip <A.B.C.D/E>} - mark-rule show - show 8-46 Quality of Service (QoS) VB-101...

  • Page 147: Ripv2

    Create| update| show src-ip: IPv4 source IP of the packet. Should be one of the VB-101 IP interfaces. A.B.C.D/E dest-ip: IPv4 destination IP of the packet. Protocol: tcp|udp protocol used at the packet. src-port: protocol source port used at the packet...
  • Page 148 RIP on the specified interface ip rip authentication Specify Keyed MD5 chain. Key-chain : Set the interface with Mode authentication method. md5- Set the interface with RIPv2 MD5 authentication. text - Set the interface with RIPv2 simple password authentication. 8-48 RIPv2 VB-101...

  • Page 149: 8.10 Terminal Server

    If you do not perform split- horizon on the interface, please specify no IP split-horizon. 8.10 Terminal Server VB-101 allows a special service to convert a TCP session to serial session. Functional Description Figure 8-11, the management station (PC) is a Telnet client assigned to manage the remote RTUs with a text based shell method.

  • Page 150: Configuring Terminal Server With Cli

    + serial + port - clear counters - create slot <1> port <1-2> [baudrate <9600,(50-368400)>] databits {8,<5-8>} [parity {no,no| odd| even}] [stopbits <1,1|2>] [bus-idle-time <bits (30-1000>] [mode-of-operation <transparent>] admin-status [up| down] - remove slot <1> port <1-2> 8-50 Terminal Server VB-101...
  • Page 151 : 1 (constant) create Slot : port number .1-4 Port Baud rate 50,75,100,110,134,150,200,300, 600,1200,2400,4800,9600,19200, 38400,57600,115200,230400, 460800,921600 : no, odd, even Parity : 1,2 Stopbits : transparent Mode of operation : 1 (constant) remove Slot VB-101 Terminal Server 8-51...
  • Page 152 – the terminal server will hold from egress the tcp packet until receiving validation from the serial local end that a message is completed. This mode avoids fragmentation of serial messages to different tcp packets. 8-52 Terminal Server VB-101...
  • Page 153 CR bit differently. When set to On the switch drops <NULL> character only if it arrives immediately after the <CR> (^M, 0x0d). For all other modes of operation, NULL_CR is ignored. Default - off VB-101 Terminal Server 8-53...

  • Page 154: Configuring Terminal Server With The Web Interface

    Slot : port number .1-4 Port Show port mapping show Configuring Terminal Server with the Web Interface To configure the terminal server:  1. Navigate to Configuration > Router > Interfaces to set a router interface. 8-54 Terminal Server VB-101...

  • Page 155: Examples

    7. Click <Apply>. Examples Local Service Configuration The below example demonstrates terminal service with local connection: both telnet client and the serial slave are connected directly to the router. VB-101 operates as a terminal server. ETH2: 172.18.212.230 [2000] 172.18.212.240 RS 232 Ethernet...
  • Page 156 Chapter 8 Traffic Processing Installation and Operation Manual Use the proper serial cable to connect VB-101 serial port and the customer Note equipment. The VB-101 serial port pinout is specified in Appendix A Configuration Testing 1. Verify the configuration using the show commands.

  • Page 157: Network Connection Configuration

    Connect the serial device to port S1. The serial device should be accessible from the Telnet client (PC). 6. Verify the serial connection by the port counters. VB-101#serial port show briefly port 1 +-----+------+------+-----+-------------+------+------+--------+------+ | idx | slot | port | svc |...

  • Page 158: Configuration Errors

    1 remote-address 172.18.212.200 telnet-port 20000 commit Configuring VB-101 (2) 1. Assign the IP interface for the LAN connection. router interface create address-prefix 172.17.203.200/24 physical-interface eth1 purpose general 2. Assign the IP interface for the WAN connection.

  • Page 159: Virtual Private Network (Vpn)

    When a distributed operational network uses public transport links for the inter-site connectivity, the traffic must be encrypted to ensure its confidentiality and its integrity. VB-101 supports VPN connection using GRE tunnels (RFC2 2784) over an IPsec encrypted link. The IPsec tunnel can use 3DES or AES encryption according to the user configuration.

  • Page 160: Layer 3 Ipsec Vpn

    {tunnel-source <A.B.C.D> } [cisco-authentication <>] - remove {name<>} - show [name<>] + nhrp + map - {create | update} {multipoint-gre-name<>} {nbma-address<A.B.C.D>} {protocol-address-prefix< A.B.C.D/M>} [initial-register <no|yes>] [is-cisco <no|yes>] [protection-group<>] [position <master|slave>] - remove {multipoint-gre-name<>} {nbma-address<A.B.C.D>} {protocol-address-prefix< A.B.C.D/M>} 8-60 Virtual Private Network (VPN) VB-101...
  • Page 161 Optional. Values: point-to-point/multipoint. default=multipoint. Multipoint option requires NHRP configuration, as specified below. mtu: Optional. Sets MTU for the tunnel. Values: 128-9600 bytes. Default 1418. ttl: Optional. Sets TTL for the tunnel’s IP headers. 0-255. Default 64. VB-101 Virtual Private Network (VPN) 8-61...
  • Page 162 Optional. < A.B.C.D/M>: protocol-address-prefix Optional. show Shows configured static peer mapping of protocol-address to NBMA-address. show-status Shows dynamic status of static peer mapping of protocol-address to NBMA- address. cache-flush Clear all non-permanent entries. 8-62 Virtual Private Network (VPN) VB-101...

  • Page 163: Example

    ETH2 Gi 0/1 GCE: 192.168.10.101 [10] ACE: 192.168.10.201 [10] VB-102 VB-101 Figure 8-16. DMVPN Setup over a Fixed Connection For details on Hub (VB-102) configuration, refer to Installation and Operation manual of VB-102. Configuration with CLI To configure the spoke using the CLI: ...
  • Page 164 10.10.10.10/24 nbma-address 172.18.20.10 vpn gre nhrp disable vpn gre nhrp enable Assign routes for the remote user network. router static enable configure terminal ip route 192.168.10.0/24 10.10.10.10 write exit exit 8-64 Virtual Private Network (VPN) VB-101...
  • Page 165 4. Click <Apply>. To configure static route:  1. Navigate to Configuration > Router > Static Routes. 2. Click the + icon to add a new interface. Configuration 3. Set the parameters according to Step 4 VB-101 Virtual Private Network (VPN) 8-65...

  • Page 166: Virtual Routing And Forwarding (Vrf)

    Applicability and Scaling VRF supports only DMVPN. Benefits VB-101 provides a virtual router for each subnet thus allowing to separate different subnets at the IP level. 8-66 Virtual Routing and Forwarding (VRF)

  • Page 167: Functional Description

    Installation and Operation Manual Chapter 8 Traffic Processing Functional Description VB-101 Spoke Figure 8-17. VRF Diagram Configuring VRF + router + vrf - create vrf-num <num> vrf-name <name> - remove vrf-num <num> vrf-name <name> - modify vrf-num <num> vrf-name <name>...
  • Page 168 0.0.0.0/0 34.1.1.2 write exit 6. Create a GRE tunnel for each connection. vpn gre tunnel create name mgre1 address-prefix 8.1.1.1/24 lower-layer-dev vrf1conn1 key 0.0.0.1 admin-status enable vrf-name vrf1 8-68 Virtual Routing and Forwarding (VRF) VB-101...
  • Page 169 10. Enable NHRP. vpn gre nhrp enable vrf-name vrf1 vpn gre nhrp enable vrf-name vrf2 vpn gre nhrp enable vrf-name vrf3 vpn gre nhrp enable vrf-name vrf4 11. Run RIP. router rip vrf1 VB-101 Virtual Routing and Forwarding (VRF) 8-69...
  • Page 170 8.1.2.0/24 network 16.16.16.0/24 write exit router rip vrf3 configure terminal router rip network 8.1.3.0/24 network 17.17.17.0/24 write exit router rip vrf4 configure terminal router rip network 8.1.4.0/24 network 18.18.18.0/24 write exit commit 8-70 Virtual Routing and Forwarding (VRF) VB-101...

  • Page 171: Chapter 9. Timing And Synchronization

    Chapter 9 Timing and Synchronization You can set the date and time for the VB-101 internal real-time clock or receive the SNTP server clock signal. Date and Time Local time set and update is available in VB-101. Configuring Date and Time + date {[YYYY.]MM.DD-hh:mm[:ss] | hh:mm[:ss]}...

  • Page 172: Simple Network Time Protocol (Sntp)

    The SNTP (Simple Network Time Protocol) is a simplified version or subnet of the NTP protocol. It is used to synchronize the time and date in VB-101 by contacting the SNTP Server. The administrator can choose whether to set the system clock manually or to enable SNTP.
  • Page 173 This command enables the DST (Daylight Saving Time). DST set client clock-summer-time is a system of setting clocks ahead so that both sunrise and sunset occur at a later hour. The effect is additional VB-101 Simple Network Time Protocol (SNTP)
  • Page 174 The value ranges between 1 and 30 in seconds. Default: 5 This command configures SNTP client maximum retry poll set unicast max-poll-retry count, which is the maximum number of unanswered polls Simple Network Time Protocol (SNTP) VB-101...
  • Page 175 This command displays the status of SNTP in unicast show unicast-mode-status mode. This command displays the status of SNTP in broadcast show broadcast-mode-status mode. This command displays the SNTP statistics. show statistics VB-101 Simple Network Time Protocol (SNTP)

  • Page 176: Example

    6 14:34:09 ISS SNTP Old Time:Wed Feb 06 2013 12:34:02 (UTC +00:00 ) , New Time:Wed Feb 06 2013 14:34:09 (UTC +02:00 ) , ServerIpAddress:96.47.67.105 VB-101# sntp show clock Wed Feb 06 14:35:58 2013 To remove the configuration:  sntp no unicast-server ipv4 96.47.67.105 Note It is mandatory to set the clock source to NTP as shown above.

  • Page 177: Chapter 10. Administration

    You can use the db export or db import commands to download/upload files to VB-101 via SFTP/TFTP. Upon database export, the filename is the destination file name and it is optional. If no filename is specified, the following names are used: •...

  • Page 178: Files Import

    For SFTP, type: user-default-config export sftp://<username>:<password>@<A.B.C.D>/filename To export system logs:  VB-101# trace export remote-address 172.17.170.200 Completed OK The format of the log file name is the following: log_MM_DD_HH_MM_SS.tar.gz, for example: log_01_09_08_41_23.tar.gz. To export the configuration database in the web interface: ...

  • Page 179: Viewing Files

    To view the configuration file (user-defined):  VB-101# show running-config To view the full configuration file (user-defined and defaults):  VB-101# show running-config detailed yes To view the user default configuration file:  VB-101# user-default-config show Resetting with Custom Configurations You can copy the user-default-config file into startup-config, following which the system is reset.

  • Page 180: 10.3 Disk Information

    Version:#1 PREEMPT Mon Aug 15 17:47:30 IDT 2016 Machine:ppc VB-101# To check the device uptime:  VB-101# show system uptime Current time: 13:34:22 , uptime: 5 min Completed OK 10.3 Disk Information You can check the disk information by displaying the details on the mounted flash storage.

  • Page 181: General License Example

    License Type Enhanced Valid Restart Required Completed OK 10.5 System Reboot You can set up an immediate reboot of VB-101 or schedule the system reload in a particular time period. Rebooting with CLI + root + reload - now - schedule...

  • Page 182: Rebooting By An Sms Command

    3. Set the time parameters. 4. Click <Apply>. Rebooting by an SMS command VB-101 can be rebooted from a phone using an SMS message. For this purpose, VB-101 must have one SIM card and establish an active connection to the cellular network.
  • Page 183 0. To reboot by an SMS:  1. From the phone whose number has been included in the VB-101 white list, send an SMS message containing Sf=reboot or sf=reboot to the cellular number of VB-101. VB-101 performs hardware reboot, if double verification is disabled.
  • Page 184 Chapter 10 Administration Installation and Operation Manual 10-8 System Reboot VB-101...

  • Page 185: Chapter 11. Monitoring And Diagnostics

    Monitoring and Diagnostics 11.1 Capturing Ethernet Service Traffic The VB-101 system supports the selected service IP interface Ethernet traffic sniffing and capturing. This feature enables network traffic diagnostics and debugging. Traffic capturing is available to the IP interfaces specified in the Access Control Entry (ACE) list.

  • Page 186: Example

    16:55:08.605016 IP 172.18.212.40.17500 > 172.18.212.255.17500: UDP, length 112 16:55:08.680664 CDPv2, ttl: 180s, Device-ID 'Router'[|cdp] 11.2 Dry Contacts VB-101 can display system and feature alarms as relay output. For setting the alarms, 4 I/O relay contacts marked “DRY CONTACT” are used. Benefits Alarm relay allows to control a circuit by a separate low-power signal.
  • Page 187 When the administrative status of the dry contacts is enabled, on the state change (SET/CLEAR) of any defined input or output alarm, the following reports are sent: • Syslog event • Device log event • SNMP trap The following connection diagram illustrates the wiring of two alarm outputs. VB-101 Dry Contacts 11-3...

  • Page 188: Factory Defaults

    The alarm is cleared when the specified port is up. Cellular-down The alarm is set when the state (operational status) of a cellular interface is down. The alarm is cleared when the cellular interface is up. Factory Defaults By default, the alarms are disabled. 11-4 Dry Contacts VB-101...

  • Page 189: Configuring Alarms

    Command is rejected if the condition is already assigned to any other interface Removing an output remove-out-alarm condition { cpu-usage alarm interface | cellular-down | { port-down {{gigabitethernet <1>} | {fastethernet <1>}} [interface {d-out1 | d-out2}] VB-101 Dry Contacts 11-5...

  • Page 190: Viewing Alarms Status

    | 2015-12-04 17:30:10 | +-----------+-------------------+-------------+---------------------+ d-in2 CLEAR +-----------+-------------------+-------------+---------------------+ d-out1 | cpu-usage | 2015-12-05 11:25:43 | +-----------+-------------------+-------------+---------------------+ d-out2 | fa 0/1 down | 2015-12-05 11:04:03 | +-----------+-------------------+-------------+---------------------+ You can display conditions of all alarms, both set and cleared. 11-6 Dry Contacts VB-101...

  • Page 191: Alarm Conditions Example

    To view the events table:  • Double-click the paper clip image on the following line. 11.4 Running a Ping Test You can ping a remote IPv4 host to check the VB-101 IP connectivity with that host. VB-101 Running a Ping Test 11-7...

  • Page 192: Applicability And Scaling

    -V N Do ping from VRF N Quiet, only displays output at start and when finished If the remote host answers, VB-101 displays the ping results including the round trip delay. Example VB-101# ping 10.10.10.10 PING 10.10.10.10 (10.10.10.10): 56 data bytes 64 bytes from 10.10.10.10: seq=0 ttl:254 time=1.034 ms...

  • Page 193: 11.5 Remote Monitoring Counters

    RMON provides network administrators with comprehensive network-fault diagnosis, planning, and performance-tuning information. RMON counters present the statistics for a given port. To display the RMON counters:  VB-101# port show rmon-etherstat-table port eth1 Interface ETH1 +---------------+---------+----------------+-------+ | Counter Name Value...

  • Page 194: 11.6 Syslog

    Table 11-2. Priority Indicator Facility coefficient Facility Priority Local0 16x8 + level Local1 17x8 + level Local2 18x8 + level Local3 19x8 + level Local4 20x8 + level Local5 21x8 + level Local6 22x8 + level Local7 23x8 + level 11-10 Syslog VB-101...

  • Page 195: Factory Defaults

    May 18 19:27:48 SmartSwitch user.info kernel: PHY: mdio@ff724000:01 - Link is Down May 18 19:27:50 SmartSwitch user.warn kernel: adjust_link Addr 1 link 1 speed 100 o 0 dup 1 o -1 May 18 19:27:50 SmartSwitch user.info kernel: PHY: mdio@ff724000:01 - Link is Up - 100/Full VB-101 Syslog 11-11...

  • Page 196: 11.7 Technical Support

    For further information, please contact the Vibicom partner nearest you or one of Vibicom offices worldwide (for example, Vibicom communication APAC).

  • Page 197: Chapter 12. Software Upgrade

    The device can store up to two software images, referred to as OS versions, that cannot be overwritten. Note Before downloading a new OS file, make sure that VB-101 has only one (the active) file. If needed, delete the unused file before attempting to download a new one.

  • Page 198: 12.2 Prerequisites

    Software image stored on the PC. The image file (and exact name) can be  obtained from the local Vibicom business partner from whom the device was purchased Note The image file name is case-sensitive, so make sure that the downloading software does not alter the letters case in the file name.
  • Page 199 Figure 12-1. VB-101 System Upgrade To upgrade the VB-101 OS file using the CLI:  1. Connect your PC via the serial console cable to the VB-101 console port. 2. Create an IP interface over the eth1 port. VB-101#router interface create address-prefix 192.168.2.101/24 physical-interface eth1 purpose application-host Check connectivity with the TFTP server.

  • Page 200: 12.4 Verifying Upgrade Results

    VB-101# os-image activate version-name SF_0290_4.1.01.70.tar To upgrade VB-101 in the web interface:  1. Connect your PC via the serial console cable to the VB-101 console port. 2. Navigate to Configuration > Router > Interfaces and create an IP interface over the eth1 port.

  • Page 201: 12.5 Upgrading Modem Firmware

    2. Type fw show. The current modem information is displayed. The last two digits in the name SWI9X15C_05.05.58.00 show that the current firmware is generic. VB-101# cellular modem fw show Info Model ID: MC7354 Boot version: SWI9X15C_05.05.58.00 r27038 carmd-fwbuild1 2015/03/04 18:38:46 Application version: SWI9X15C_05.05.58.00 r27038 carmd-fwbuild1...
  • Page 202 Block size: 0 FW UPDATE PROCESS STARTED. PLEASE, WAIT FOR THE COMPLETION MESSAGE! VB-101# Waiting for modem to disconnect from the host after reset command is issued ... Modem disconnected from host. Waiting for modem to come up in BOOT and HOLD mode ...

  • Page 203: 12.6 Restoring The Previous Version

    3. Upgrade to the relevant firmware as described above. 12.6 Restoring the Previous Version VB-101 can be rolled back to the previous version. Install the version according to the procedure described above, as if it were a new version. Note User configuration file is lost when the previous version is restored.
  • Page 204 Chapter 12 Software Upgrade Installation and Operation Manual 12-8 Restoring the Previous Version VB-101...

  • Page 205: Appendix A Connection Data

    Serial port at the router DB-9 female connector for end device Figure A-1. CBL-RJ45/DB9/NULL Cable Connectors To avoid the serial port damage, do not use the VB-101 console cable (colored Caution white) for user serial ports connection. Table A-1. CBL-RJ45/DB9/NULL Cable Pinout...
  • Page 206 B (+) A (-) B (+) A (-) Console Port VB-101 is connected to an ASCII terminal via an 8-pin RJ45 female connector located on the front panel. Figure A-2. VB-101 Console Port Console port pinout is specified in Table A-4...
  • Page 207 DB-9 Pinout TOD RX (Input) CLI RX (Input CLI TX (Output) CLI RX (Input) N.C. TOD TX (Output) The table below displays the console cable pinout. Table A-5. Console Cable Pinout RJ45 Male Connector DB9 Female Connector VB-101 Console Port...
  • Page 208 Appendix A Connection Data Installation and Operation Manual Console Port VB-101...

  • Page 209: Appendix B Test Plan

    Appendix B Test Plan Introduction This appendix describes basic verification tests for VB-101. The aim is to perform a series of short tests that check the following: • IP connectivity and management • DHCP client • VLAN tagging, IP interfaces, static routing •...
  • Page 210 The estimated duration of this test is 10 minutes. Test Procedure Table B-1 details the IP connectivity and management test procedure. Table B-1. IP Connectivity and Management Test Procedure Action Expected Result Result Establish management via the terminal IP Connectivity and Management Test VB-101...
  • Page 211 | eth2 | DOWN | enabled | half +-----+------+------+------+---------+-------------+-------+--------+---------+------+ 3. Verify SSH from the PC to the router. 4. Verify counters progressing in eth1 port. VB-101# port show interface-table port eth1 Interface ETH1 +------------------------+--------+-------------------------+-------+ | Counter Name | Value Counter Name...
  • Page 212 The objective of this test is DHCP client functionality. Preparing the Test Layout Figure B-2. DHCP Client Test Estimated Duration The estimated duration of this test is 20 minutes. Test Procedure Table B-2 details the DHCP client test procedure. DHCP Client VB-101...
  • Page 213 1 network 172.17.203.0 255.255.255.0 excluded-address 172.17.203.1 172.17.203.10 default-router 172.17.203.100 host hardware-type 1 port-identifier interface fast 0/1 ip 172.17.203.110 DHCP Client Configuration (VB-101) VB-101# router dhcp enable physical-interface eth1 Completed OK VB-101 DHCP Client...
  • Page 214 Client Identifier IP address 54:53:ed:2b:19:86 172.17.203.110 Port Identifier IP address Fa0/1 172.17.203.110 ---- Client View (VB-101) VB-101# router interface show +-----+------+------+------------------+-----+---------+--------------+-------------+ | Id | VLAN | Name | IP/Subnet | Mtu | Purpose | Admin status | Description | +=====+======+======+==================+=====+=========+==============+=============+ | N/A | N/A | eth1 | 172.17.203.11/24 | N/A |...
  • Page 215 The estimated duration of this test is 30 minutes. Test Procedure Table B-3 details the VLAN, IP interfaces, and static routing test procedure. Table B-3. VLAN, IP Interfaces, and Static Routing Test Procedure Action Expected Result Result Configure VB-102 Configure VB-101 VB-101 VLAN Tagging, IP Interfaces, Static Routing...
  • Page 216 Configure IP interfaces with VLAN 2, VLAN 3 for eth2 • Configure static route for 192.168.4.x via 192.168.2.101 Set the VB-101 interface 192.168.1.102 as a PC1 default gateway. Set the VB-102 interface 192.168.4.101 as a PC2 default gateway. Verify ping connectivity between: •...
  • Page 217 192.168.4.0/24 192.168.2.101 router/static(config)# write memory router/static(config)# exit router/static# exit commit Viewing Static Routing VB-101# router interface show +----+------+--------+------------------+------+------------------+--------------+-------------+ | Id | VLAN | Name IP/Subnet | Mtu | Purpose | Admin status | Description |...
  • Page 218 Action Expected Result Result Configure VB-101 Configure the NAT server (VB-102) Verify VB-101 IP connectivity VB-101 receives the correct IP addresses Verify Static Routes Proper ping and SSH connectivity from the PC Configuring Devices VB-101 configuration steps: • Set the WAN port IP interface •...
  • Page 219 Configure Static NAT to direct WAN traffic with TCP port 22 towards the LAN connected server. Assign the VB-101 LAN interface as the LAN server device default gateway. The WAN client does not have a route to the private LAN subnet.
  • Page 220 [router/]nat dynamic show +---------+---------+-------------+ | Rule-Id | If-Name | Description | +=========+=========+=============+ | 1 | eth2:2 | wan | +---------+---------+-------------+ VB-101#router nat static show +---------+-----------------+-------------------+----------+----------------- +-------------------+ | Rule-Id | Original-Dst-IP | Original-Dst-Port | Protocol | Modified-Dst-IP | Modified-Dst-Port | +=========+=================+===================+==========+================= +===================+ | 1 | 192.168.10.11 | 2500 | tcp | 10.10.10.10 | 23 |...
  • Page 221 DMVPN test procedure. Table B-5. DM VPN Test Procedure Action Expected Result Result Configure the HUB (VB-102) Configure the SPOKE (VB-101) Verify connectivity over DMVPN User and management traffic from the both PCs is transferred properly. Configuring Devices VB-102 (Hub) configuration steps: •...
  • Page 222 Option 2: enable OSPF and set OSPF interfaces for the mGRE and eth1.10 • Set IPSec parameters VB-101 (Spoke) configuration steps: • Set the access and network IP interfaces • Set the VPN mGRE interface using eth2.20 as its lower layer •...
  • Page 223 192.168.10.1 255.255.255.0 no shut exit 5. Assign static route to make VB-101 management routable over the VPN. ip route 0.0.0.0 0.0.0.0 192.168.10.10 1 6. Assign the ACE IP interface which to route user traffic. application connect router interface create address-prefix 192.168.10.10/24 vlan 10 purpose application-host 7.
  • Page 224 Appendix B Test Plan Installation and Operation Manual 11. Configure IPSec. ipsec isakmp update my-id HUB.vibicom.com ipsec preshared create id HUB.vibicom.com key secretkey ipsec preshared create id RTU1.vibicom.com key secretkey ipsec isakmp update id-type fqdn ipsec policy create protocol gre...
  • Page 225 Viewing the Hub 1. Verify connectivity to the VB-101 over the network. [/] ping 172.18.20.20 PING 172.18.20.20 (172.18.20.20): 56 data bytes 64 bytes from 172.18.20.20: seq=0 ttl=64 time=0.522 ms 64 bytes from 172.18.20.20: seq=1 ttl=64 time=0.472 ms 64 bytes from 172.18.20.20: seq=2 ttl=64 time=0.374 ms...
  • Page 226 64 bytes from 192.168.40.10: seq=0 ttl=64 time=1.935 ms 64 bytes from 192.168.40.10: seq=1 ttl=64 time=1.805 ms 64 bytes from 192.168.40.10: seq=2 ttl=64 time=1.791 ms --- 192.168.40.10 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss B-18 DMVPN VB-101...
  • Page 227 --- 192.168.40.10 Ping Statistics --- 3 Packets Transmitted, 3 Packets Received, 0% Packets Loss Viewing the Spoke 1. Verify connectivity to the VB-101 over the network. VB-101# ping 172.18.20.10 PING 172.18.20.10 (172.18.20.10): 56 data bytes 64 bytes from 172.18.20.10: seq=0 ttl=64 time=0.837 ms 64 bytes from 172.18.20.10: seq=1 ttl=64 time=0.557 ms...
  • Page 228 1 hard: 0 soft: 0 sadb_seq=0 pid=9758 refcnt=0 3. Verify that the VPN is UP. VB-101# vpn gre nhrp map show-status +--------+----------------+---------+--------+-----------+ | Tunnel | Protocol | Changes | Oper | Last | | Name | address/prefix | | Status | change | | | | | | (sec.ago) |...
  • Page 229 N 192.168.40.0/24 [10] area: 0.0.0.0 directly attached to eth1 router/ospf# exit 6. Verify connectivity to the remote subnet 192.168.40.x. VB-101# ping 192.168.10.10 PING 192.168.10.10 (192.168.10.10): 56 data bytes 64 bytes from 192.168.10.10: seq=0 ttl=64 time=8.343 ms 64 bytes from 192.168.10.10: seq=1 ttl=64 time=1.910 ms 64 bytes from 192.168.10.10: seq=2 ttl=64 time=1.887 ms...
  • Page 230 1 remote-address 192.168.40.10 telnet-port 20000 commit Viewing VB-101 Connectivity 1. Verify connectivity between the PC 192.168.10.250 and the VB-101 terminal server 192.168.40.10. 2. Open TCP connection with port 20000. Figure B-8. TCP Connection 3. Verify connection established.
  • Page 231 Completed OK VB-101# Adding QoS to Terminal Server Traffic There are two options to use QOS in the terminal server (VB-101): • Option 1: Set the DSCP value 16 to traffic assigned for the Telnet client 192.168.10.250 and keep the VPN tunnel at the inherit mode.
  • Page 232 10.10.10.20/24 lower- layer-dev eth2.20 name mgre1 key 10.0.0.0 admin-status enable tos 30 vpn gre nhrp map create multipoint-gre-name mgre1 protocol- address-prefix 10.10.10.10/24 nbma-address 172.18.20.10 vpn gre nhrp enable ipsec enable commit B-24 DMVPN VB-101...
  • Page 233 Figure B-11. Backbone Traffic with Tunnel TOS Assignment Adding Cellular Link To add the cellular link, perform the following steps: 1. Configure VB-101 with the requested VLANs and interfaces. 2. In the HUB (VB-102):  Set the network VLAN 20 and assign the network ports, and the application port gi 0/3 ...
  • Page 234 Set IPSec parameters 4. Define the corresponding router interface as the PCs default gateway. Verify the following: • Ping connectivity between the VB-101 cellular modem and the Hub public IP • IPSec SA is established • DM-VPN NHRP status is UP •...
  • Page 235 0.0.0.0/0 172.18.212.100 write exit exit ipsec isakmp update my-id HUB.vibicom.com ipsec preshared create id HUB.vibicom.com key secretkey ipsec preshared create id RTU1.vibicom.com key secretkey ipsec isakmp update id-type fqdn ipsec policy create protocol gre ipsec enable Serial tunneling:...
  • Page 236 The objective of this test is IEC 101/104 gateway functionality. Preparing the Test Layout Figure B-13. IEC 101/104 Gateway Test Estimated Duration The estimated duration of this test is 20 minutes. Test Procedure Table B-6 details the IEC 101/104 gateway test procedure. B-28 IEC 101/104 Gateway VB-101...
  • Page 237 Telnet client and IEC 101 device are connected the serial link over the serial link Configuring Devices Configuration steps: • Set the IP interface for IEC 104 server and VB-101 management • Configure the serial ports parameters • Configure the serial local end-point, service-ID and position •...
  • Page 238 2 orig_addr_participate y commit Viewing the Results 1. Verify connectivity between 192.168.1.250 Telnet client and the VB-101 gateway server 192.168.1.101. 2. Open connection from the Telnet client to the IEC 104 device. 3. Verify that the connection over the serial port operates properly.
  • Page 239 IEC 101/104 gateway test procedure. Table B-7. OSPF Test Procedure Action Expected Result Result Configure VB-102 Configure VB-101 Verify connectivity over OSPF Proper connectivity between PC1 and PC2, VB- 101, VB-102 Verify OSPF neighborship and OSPF neighborship and the routing table...
  • Page 240 Installation and Operation Manual  Assign eth2 IP interfaces to VLAN 2  Configure OSPF • Set VB-101 interface 192.168.1.102 as the PC1 default gateway • Set VB-102 interface 192.168.4.101 as the PC2 default gateway VB-102 Configuration VB-102# config vlan 2...
  • Page 241 Installation and Operation Manual Appendix B Test Plan Viewing the Results Verify the following: • Ping connectivity between VB-101 and VB-102 over the shared subnet interface 192.168.2.x • OSPF neighborship and routing table • Ping connectivity between PC1 and: ...
  • Page 242 Appendix B Test Plan Installation and Operation Manual Viewing VB-101 VB-101# router interface show +----+------+--------+------------------+------+------------------+--------------+-------------+ | Id | VLAN | Name | IP/Subnet | Mtu | Purpose | Admin status | Description | +====+======+========+==================+======+==================+==============+=============+ | 1 | N/A | eth1:1 | 192.168.1.102/24 | 1500 | application host | enable | | +----+------+--------+------------------+------+------------------+--------------+-------------+ | 2 | 2 | eth2.2 | 192.168.2.102/24 | 1500 | general | enable | |...

  • Page 243: Appendix C Zero Touch Technical Form

    SNTP primary server IP address: _______________________________________________________ SNTP secondary server IP address (optional): ___________________________________________________________________________________________ 4. Is there a need for a specific CA certificate to be loaded to each VB-101 device during Vibicom production phase? _____________________________________________ This CA certificate is required in case the local certificate of the bootstrap server or of the IPsec gateway at the NOC is signed by this CA.
  • Page 244 7. Which interface will be used for the Internet access? (Cellular-ppp0 / Ethernet-SFP/ Ethernet-RJ45)  If cellular, please specify: operator-name: _____________________________ apn-name: ____________________________________ user-name: __________________________________ password: ____________________________________ If Ethernet, please specify:  Default Gateway: __________________________ When using Ethernet interface, the device acquires its IP address from DHCP server. VB-101...
  • Page 246 Pub. Num. V611-200-01/20...

Table of Contents