Page 1 Case Communications 6402 Industrial Router Manual Revision 1.5 28.1.2022 Rev 1.5 Firmware Revision 08071200...
Page 2 This page left blank intentionally...
Page 3: Table Of Contents
Connecting DI/DO Devices 1.5.4 Connecting Serial Devices GETTING STARTED Connecting to the network or a host 2.1.1 Setup by Configuring WEB GUI 6402 NETWORK STATUS Network Status 3.1.1 WAN &Uplink 3.1.1.1 IPv4 Network Status 3.1.1.2 WAN interface IPv6 Network Status 3.1.1.3...
Page 4 Auto-reconnect / Dial-on-demand / Manual Scenario: 4-20 4.1.5.2 The 6402 Auto-Reconnect (Always On) 4-21 4.1.5.3 6402 Gateway Dial on Demand 4-21 4.1.5.4 6402 Gateway Dial on Demand steps: 4-21 4.1.5.5 6402 Gateway working in Manual Mode 4-22 4.1.5.6 6402 Manual Connect Scenario 4-22 4.1.4...
Page 5 4.2.2.10 VLAN Group Internet Access 4-38 Tag-based VLAN List – Create/Edit VLAN Rules 4.2.2.11 4-38 4.2.2.12 Tag Based VLAN Configuration 4-38 4.2.3 6402 DHCP Server 4-40 4.2.3.1 Fixed Mapping 4-40 4.2.3.2 DHCP Server List 4-41 4.2.3.3 DHCP Server Configuration 4-41 4.2.3.4...
Page 6 6402 Manual Contents Routing 4- 74 4.6.1 Introduction 4-74 4.6.1.1 Static Routing Example 4-75 4.6.1.2 Static Routing Operation 4-75 4.6.2 Static Routing Setting 4-75 4.6.3 Dynamic Routing 4-77 4.6.4 Dynamic Routing Overview 4-77 4.6.4.1 Enable RIP 4-78 4.6.4.2 OSPF Example 4-78 4.6.4.3...
Page 7 RFC 2217 Mode MODBUS 6.3.1 MODBUS Overview 6- 9 6.3.1.1 MODBUS Receiving from a remote Modbus TCP Master 6-10 6.3.1.2 6402 MODBUS Slave Example 6-10 6.3.2 6402 MODBUS Slave 6-10 6.3.3 Setting MODBUS to Serial Master 6-11 Data Logging 6-12 SECURITY&...
Page 8 6402 Manual Contents 7.1.4.3 Configuring aPPTP Server 7-35 7.1.4.4 PPTP Server Configuration Example 7-36 7.1.4.5 Configuring a PPTP VPN Client 7-37 7.1.4.6 Create/Edit PPTP Client 7-37 7.1.4.7 PPTP VPN Client Configuration Example 7-39 7.1.5 GRE Overview 7-41 7.1.5.1 Configuring GRE 7-42 7.1.5.2...
Page 9 6402 Manual Contents ADMINISTRATION Configure & Manage 8.1.1 Command Script 8.1.1.1 Edit/Backup Plain Text Command Script 8.1.1.2 Plain Text System Configuration with Telnet 8.1.2 TR-069 8.1.2.1 TR 069 Scenario Example 8.1.2.2 TR 069 Scenario Description 8.1.2.3 TR 069 Example Configuration 8.1.2.4...
Page 10 6402 Manual Contents Diagnostics 8-29 8.4.1 Packet Analyser 8-29 8.4.2 Diagnostic Tools 8-31 SERVICE Cellular Toolkit 9.1.1 Data Usage 9.1.1.1 3G / 4G Data Usage Profile 9.1.2 9.1.2.1 Setting up SMS Configuration 9.1.2.2 SMS Summary 9.1.3 SIM PIN 9.1.3.1 SIM PIN Configuration PuK Function –...
Page 11 6402 Manual Contents Date Revision Firmware Notes 28.1.2022 0CB0QO0.IA2_eA6.0CB0_08191000 Updated Field Bus Chapter 6 for new menus Updated Chapter 9 Services Added RADIUS and TACAS Server configuration...
Page 12 6402 Manual This page left blank intentionally...
Page 13: Hardware
6402 Manual - Section One Hardware SECTION ONE HARDWARE...
Page 14 Intranet, and all data is transmitted over a secure (256-bit AES encryption) link. To meet a variety of M2M application requirements the 6402 Industrial Router / Gateway includes VPN, firewall, NAT, port forwarding, DHCP server and many other powerful features for complex and demanding business and M2M (Machine-to-Machine) applications.
Page 15: Packing List
6402 Manual - Section One Hardware 1.1. Packing List Items Description Contents Quantity 6402 Industrial Router 1pcs Modbus Cellular 6402 Cellular Antenna 2pcs Wi-Fi Antenna 2pcs Power Adapter (DC 48V) 1pcs RJ45 Cable 1pcs RJ11 Cable 1pcs Console Cable 1pcs...
Page 16: Hardware Configuration
※Reset Button The RESET button provides users with a quick and easy way to restore the default setting. Press the RESET button continuously for 6 seconds, and then release it. The 6402 will restore to its factory default settings. Bottom View...
Page 17 6402 Manual - Section One Hardware Left View 2.4G Wi-Fi 2.4G Wi-Fi Antenna Antenna Power Terminal Block Right View LED Indicators ADSL Port Section 1 – Page 4 Rev 1.5...
Page 18: Led Indication
LED Icon Indication LED Colour Description Power Source 1 Green Steady ON:6402 is powered on by power source 1 Power Source 2 Green Steady ON:6402 is powered on by power source 2 Steady ON: Wireless radio is enabled WLAN (Wi-Fi)
Page 19: Installation And Maintenance
6402 Manual - Section One Hardware 1.4. Installation and maintenance System Requirements • An Ethernet RJ45cable or DSL Line • 3G/4G cellular service subscription Network Requirements • IEEE 802.11n or 802.11b/g wireless clients • 10/100 Ethernet adapter on PC Computer with the following: •...
Page 20: Hardware Installation
SURE THAT THE 6402 IS NOT POWERED UP. The SIM card slots are located at the bottom of 6402 Router housing. You need to unscrew and remove the outer SIM card cover before installing or removing the SIM card. Please follow the instructions to insert a SIM card.
Page 21: Connecting Di/Do Devices
6402 Manual - Section One Hardware 1.5.3 Connecting DI/DO Devices The Green block contains the Digital Input (DI) and Digital Output (DO) ports together with power terminal block. Please refer to following specification to connect DI and DO devices. Mode...
Page 22: Connecting Serial Devices
Hardware 1.5.4 Connecting Serial Devices The 6402 Industrial Router provides one standard serial port DB-9 male connector. Connect the serial device to the unit DB-9 male port with the right pin assignments of RS-232/485 are shown as below. Pin1 Pin2...
Page 23: Getting Started
CHAPTER 2 GETTING STARTED...
Page 24: Connecting To The Network Or A Host
If you need to configure or troubleshoot the device, you may need to connect the 6402 directly to the host PC. In this way, you can also use the RJ45 Ethernet cable to connect the 6402 to the host PC’s Ethernet port.
Page 25 6402 Manual Getting Started Figure 2.3 Initial Screen after Logging on This manual is laid out in the same manner as the option shown, which are: STATUS – Check the status of the following Basic Network Administration Security Statistics and Reports BASIC NETWORK –...
Page 26 6402 Manual Getting Started This page left blank intentionally Section 2 – Page 3 Rev 1.5...
Page 27: Network Status
6402 Manual Network Status SECTION 3 NETWORK STATUS...
Page 28: Wan &Uplink
6402 Manual Network Status Network Status 3.1.1 WAN &Uplink Go to Status> Basic Network > WAN & Uplink 3.1.1.1 IPv4 Network Status The first section in the Status section is for the basic network settings, with the WAN Interface being the first table.
Page 29: Wan Interface Ipv6 Network Status
LAN interface Network Status LAN Interface Network Status Item Value setting Description Displays the current IPv4 IP Address of the 6402 This is also the IP Address user use to access Router’s Web-based IPv4 Address Utility. IPv4 Subnet Mask Displays the current mask of the subnet.
Page 30: 4G Modem Status
6402 Manual Network Status 3.1.1.4 3G/4G Modem Status 3G/4G Modem Status List Item Value Description Displays the type of WAN physical interface. Depending on the model you purchased, it can be 3G/4G and USB 3G/4G. Interface Note: Some device model may support two 3G/4G modules. Their physical interface name will be 3G/4G-1 and 3G/4G-2.
Page 31: Interface Traffic Statistics
Go to Status> Basic Network > LAN & VLAN 3.1.2.1 LAN Client List The Client List shows you the LAN Interface, IP address, Host Name, MAC Address, and Remaining Lease Time of each device that is connected to this 6402. LAN Client List Item Value...
Page 32: Wi-Fi Status
6402 Manual Network Status 3.1.3 Wi-Fi Status The Wi-Fi Status window shows the overall statistics of Wi-Fi VAP entries. Go to Status> Basic Network > Wi-Fi tab. 3.1.3.1 Wi-Fi Module One Virtual AP List The Wi-Fi Virtual AP List shows all of the virtual AP information. The Edit button allows for quick configuration changes.
Page 33: Wi-Fi Module One Traffic Statistics
6402 Manual Network Status Wi -Fi IDS Status Item Value Description Authentication Frame Displays the receiving Authentication Frame count. Association Request Frame Displays the receiving Association Request Frame count. Re-association Request Frame Displays the receiving Re-association Request Frame count. Probe Request Frame Displays the receiving Probe Request Frame count.
Page 34: Security
6402 Manual Network Status Security 3.2.1. VPN Status The VPN Status window shows the overall VPN tunnel status. From the menu on the left, select Status >Security >VPN Status. 3.2.1.1 IPSec Tunnel Status IPSec Tunnel Status windows show the configuration for establishing IPSec VPN connection and current connection status.
Page 35: Openvpn Client Status
Displays the specified IP address of the 6402 device used to connect to the Default internet to connect to the L2TP server –the default 6402. Or other specified 6402/Remote subnet if the default 6402 is not used to connect to the L2TP server –the Subnet remote subnet. Conn. Time Displays the connection time for the L2TP tunnel.
Page 36: Pptp Server/Client Status
Displays the specified IP address of the 6402 device used to connect to the internet to connect to the PPTP server –the default 6402. Or other specified Default 6402 / subnet if the default 6402 is not used to connect to the PPTP server –the Remote Subnet remote subnet.
Page 37: Url Blocking Status
6402 Manual Network Status 3.2.2.2 URL Blocking Status URL Blocking Status Item Value setting Description Activated Blocking This is the URL Blocking Rule name. Rule Blocked URL This is the logged packet information. The Source IP (IPv4) of the logged packet.
Page 38: Ips Status (Intrusion Protection Support)
6402 Manual Network Status 3.2.2.6 IPS Status (Intrusion Protection Support) IPS Firewall Status Item Value Description Detected Intrusion This is the type of intrusion packets being blocked. The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format.
Page 39: Administration
6402 Manual Network Status 3. 3 Administration 3.3.1 Configure & Manage Stats From the menu on the left, select Status >Administration > Configure & Manage tab. 3.3.1.1 SNMP Linking Status The SNMP Link Status screen shows the status of current active SNMP connections.
Page 40: Snmp Trap Information
6402 Manual Network Status 3.3.1.2 SNMP Trap Information SNMP Trap Information Item Value Description Trap Level Displays the trap level. Time Displays the timestamp of trap event. Trap Event Displays the IP address of the trap sender and event type.
Page 41: Statistics And Reporting
6402 Manual Network Status 3. 4 Statistics and Reporting 3.4.1 Connection Session Internet Surfing Statistic Item Value Description Previous Click the Previous button; you will see the previous page of track list. Next Click the Next button; you will see the next page of track list.
Page 42: Cellular Usage
6402 Manual Network Status 3.4.3 Cellular Usage Go to Status > Statistics & Reports > Cellular Usage tab. Cellular Usage screen shows data usage statistics for the selected cellular interface. The cellular data usage can be accumulated per hour or per day.
Page 43: Basic Network
6402 Manual Basic Network SECTION 4 BASIC NETWORK...
Page 44: Wan & Uplink - Configuring Wan Ports
For each Ethernet WAN port, plug in an RJ45 cable from your external DSL modem to the port and follow the GUI configure. If the 6402 is behind a firewall, plug in an RJ45 cable from one of the Ethernet ports of firewall.
Page 45 As soon as the primary connection is broken, the 6402 will switch to the failover path, allowing the routing change to be very rapid saving the dial up time, as the link has already been established.
Page 46: Connection Setup
2G / 3G / 4G / LTE Static IP IP Over ATM Dynamic IP PPPoE ADSL PPPoE PPP Over ATM PPTP The 6402 has the following WAN 1 options 4.1.2.2 WAN Port Options Ethernet Over ATM with NAT Section 4 – Page 3 Rev 1.5...
Page 47 1. An optional setting WAN IP I.S.P 2. Box is un-checked Alias WAN IP Alias is used by the 6402 to provide dual WAN IP address by default on your LAN network. Save Click Save to save the settings. Undo Click Undo to cancel the settings.
Page 48: Ip Over Atm
Enable WAN IP Alias then enter the IP address provided by your setting I.S.P WAN IP Alias 2. Box is un- WAN IP Alias is used by the 6402 to provide dual WAN IP checked by default address on your LAN network. Save Click Save to save the settings.
Page 49: Pppoe Atm
1. An optional setting your I.S.P WAN IP Alias 2. Box is un-checked WAN IP Alias is used by the 6402 to provide dual WAN IP by default address on your LAN network. Save Click Save to save the settings.
Page 50: Ppp Over Atm
1. An optional setting WAN IP your I.S.P 2. Box is un-checked by Alias WAN IP Alias is used by the 6402 to provide dual WAN IP default address on your LAN network. Save Click Save to save the settings.
Page 51: Wan 2 - 3G/4G Configuration Options
6402 Manual Basic Network WAN 2 – 3G/4G Configuration options 4.1.2.6 Basic Network > WAN & Uplink >Connection Setup> WAN 2 / Edit The screen shot below shows the WAN 2 configuration options. By default, WAN 2 is a 3G / 4G Cellular port.
Page 52: Connection With Sim Card A
6402 to authenticate with your ISP’s server ation Auto is selected When Auto is selected, it means the 6402 will authenticate with the server either PAP or CHAP. 1. Mandatory When Dynamic IP is selected, it means it will get all IP configurations from IP Mode the carrier’s server and set to the device directly.
Page 53: Create / Edit Sim-A / Sim B Profile List
The box is un- roaming, not in home network. Roaming checked by Note_1: The 6402 may incur additional charges if the connection is set to default roaming. The Connection for SIM B Card options are identical to SIM A card.
Page 54: Setup 3G/4G Connection Common Configuration
6402 Manual Basic Network 3G / 4G Connection Common Configuration 3G/4G Connection Common Configuration Item Value setting Description 1. By default Profile-x Enter the profile name you want to use to describe this profile. Profile Name is listed 2. String...
Page 55 2. By default 0 is filled- configuration. 3. String format: integer When the Enable box is checked, it means the 6402 will assign a WAN IP address to the first local LAN client to connect. However, when an optional Fixed MAC is filled-in a non-zero 1.
Page 56: Wan 3 - Ethernet Wan Configuration Options
The following sections explain how to configure the WAN Ports. Internet Setup– Ethernet WAN Ports This section explains the configuration of the 6402 using the 6402 Ethernet ports. When the 6402 Edit button is selected the Internet Connection Configuration screen will appear. Internet Connection Configuration Item...
Page 57: Dynamic Ip (Ethernet Wan)
1. An optional setting WAN IP I.S.P 2. Box is un-checked Alias WAN IP Alias is used by the 6402 to provide dual WAN IP address by default on your LAN network. Save Click Save to save the settings. Undo Click Undo to cancel the settings.
Page 58 Enable WAN IP Alias then enter the IP address provided by your 1. An optional setting I.S.P WAN IP Alias 2. Box is un-checked WAN IP Alias is used by the 6402 to provide dual WAN IP by default address on your LAN network. Save Click Save to save the settings.
Page 59: Pppoe (Ethernet Wan)
Enable WAN IP Alias then enter the IP address provided by your setting I.S.P WAN IP Alias 2. Box is un- WAN IP Alias is used by the 6402 to provide dual WAN IP checked by default address on your LAN network. Save Click Save to save the settings.
Page 60 WAN Subnet Mask (A mandatory setting): Enter the WAN subnet mask given by your Service Provider. WAN 6402 (A Mandatory setting): Enter the WAN 6402 IP address given by your I.S.P When Dynamic IP is selected, there are no above settings required.
Page 61 Enabling WAN IP Alias then enter the IP address provided by your setting I.S.P WAN IP Alias Box is un- WAN IP Alias is used by the 6402 to provide dual WAN IP address checked by on your LAN network. default Save Click Save to save the settings.
Page 62: L2Tp (Ethernet Wan)
Enable WAN IP Alias then enter the IP address provided by your 1. An optional I.S.P WAN IP setting Alias 2. Unchecked by WAN IP Alias is used by the 6402 to provide dual WAN IP address default on your LAN network. Section 4 – Page 19 Rev 1.5...
Page 63: Connection Control
Dial-on-demand: The 6402 won’t start to establish an Internet connection until local data is ready to be sent to the WAN. After normal data transfer between the LAN and WAN, the 6402 will disconnect the WAN connection if the idle time reaches the value of the Maximum Idle Time.
Page 64: The 6402 Auto-Reconnect (Always On)
S 2: The 6402 starts to establish the WAN connection until it connects successfully. The 6402 will keep the connection alive only when there still is data transfer to the Internet. S 3: If the WAN connection times out, the 6402 will disconnect from the Internet and let it go back to Pre-state.
Page 65: 6402 Gateway Working In Manual Mode
The connection will stay alive only when there is still data to transfer. If there is no data to transfer for a period that is longer than the Maximum Idle Time, the 6402 will disconnect and let the WAN connection go back to its initial state –disconnected. The scenario is shown in following diagram.
Page 66 6402 Manual Basic Network Fail Threshold: Number for failed packet replies. The 6402 WAN connection will be recognised as failed if the number of continuous failed keep-alive checking equals this value. Target 1/Target 2: Set the host that is used for the keep alive checks. It can be DNS1, DNS2 or another host.
Page 67: Load Balancing
[Basic Network]-[WAN & Uplink]-[Physical Interface] section. The 6402 decides further routing ratios based on the connection flow to all the WAN interfaces and based on the current traffic flow (in bytes) on all WAN interfaces. The network manager may use this option as quick way to maximise the bandwidth utilisation of multiple WAN interfaces in the 6402.
Page 68: The Way The Smart Weight Algorithm Works
S 2: Based on the new ratio that is obtained at S1, the 6402 decides how many sessions will be transferred via each WAN interface for another time period. Loop S1 and S2 steps forever until the network administrator changes the load balance strategy.
Page 69 The following is another example diagram to illustrate the scenario. At the beginning, the 6402 has two WAN interfaces and their download line speed are an ADSL link at 22Mbps (m Mbps) for WAN-1 interface and 3G/4G ISP11Mbps (n Mbps) for WAN-2. The network manager needs to configure these data rates.
Page 70: User Policy Load Balancing Strategy
6402 Manual Basic Network Weight Definition Item Value setting Description WAN ID The Identifier for each available WAN interface. 1. Mandatory setting Enter the weight ratio for each WAN interface. 2. Set with bandwidth Initially, the bandwidth ratio of each WAN is set by default.
Page 71: Creating A User Policy
6402 Manual Basic Network Configuration Path [Physical Interface]-[Interface Configuration (WAN-n)] , n=1,2 Interface Name WAN-1 WAN-2 Physical Interface ADSL 3G/4G Operation Mode Always on Always on Line Speed 2Mbps / 22Mbps 1Mbps / 11Mbps Configuration Path [Load Balance]-[Configuration] ■ Enable...
Page 72 6402 Manual Basic Network User Policy Configuration Item Value setting Description There are four options which can be selected: Any: No specific Source IP is provided. The traffic may come from any source 1. Mandatory Source IP Subnet: Specify the Subnet for the traffics come from the subnet.
Page 73: Lan And Vlan
6402 management; however, it’s also possible to change the 6402 IP address. If you change the 6402 IP Address, you need to change your PC’s IP Address to be on the same subnet as the 6402 LAN Port and type new 6402IP address in the browser to logon again.
Page 74: 6402 Vlan (Virtual Local Area Network)
In Port-based VLANs – Where devices are on the same physical interface, all client hosts belonging to the same group are allowed to transfer data and are tagged with same VLAN ID within the 6402. However, they cannot communicate with devices on other ports that are not members of the port based VLAN.
Page 75 Port-1 with NAT mode to WAN interface as shown in following diagram. The example above is for 3 Ethernet LAN ports on the 6402. If we were just using one Ethernet port on the 6402 there will be only one VLAN group for the 6402. In this configuration, the 6402 still supports both NAT and Bridge mode for the Port-based VLAN configuration.
Page 76: Port-Based Vlan List
The port-based VLAN list allows you to customize each LAN port. There is a default rule that shows the configuration of all the 6402 LAN ports. If your device has a DMZ port, you will see the DMZ configuration as well. The maximum rule numbers are based on LAN port numbers.
Page 77 DHCP Server IP If you select Relay for the DHCP Server, assign a DHCP Address Mandatory Server IP Address that the 6402 will relay the DHCP (for DHCP Relay only) requests to the assigned DHCP server. DHCP Server Name Mandatory Define name of the DHCP Server.
Page 78: Ip Fixed Mapping Rule
6402 Manual Basic Network 4.2.2.5 IP Fixed Mapping Rule It’s also possible to add IP rules in the IP Fixed Mapping Rule List if a DHCP Server for the VLAN groups is required. When the Add button is applied, the Mapping Rule Configuration screen will appear.
Page 79: Port-Based Vlan - Inter Vlan Group Routing
6402 Manual Basic Network Port-based VLAN – Inter VLAN Group Routing 4.2.2.8 Click VLAN Group Routing button, the VLAN Group Internet Access Definition and Inter VLAN Group Routing screen will appear. When the Edit button is applied, a screen similar to this will appear: Section 4 –...
Page 80: Tag-Based Vlan's
Tag-based VLAN’s are also called VLAN Trunks. A VLAN Trunk collects all packet flows with different VLAN IDs from the 6402 and delivers them over the local Intranet. VLAN membership in a tagged VLAN is determined by the VLAN ID information within the packets that are received on a port.
Page 81: Vlan Group Internet Access
There is a default rule which shows the configuration of all LAN ports and all VAPs. If your 6402 has a DMZ port, you will see the DMZ configuration. The 6402 router supports up to a maximum of 128 tag-based VLAN rule sets. 4.2.2.12 Tag Based VLAN Configuration When the Add button is applied, the Tag-based VLAN configuration screen will appear.
Page 82 6402 Manual Basic Network Tag-based VLAN Configuration Item Value setting Description VLAN ID A Mandatory setting Define the VLAN ID number, range is 6~4094. Internet The box is checked by Click the Enable box to allow the members in the VLAN group to Access default.
Page 83: 6402Dhcp Server
6402DHCP Server Introduction The 6402 supports up to 4 DHCP servers to support DHCP requests from different VLAN groups (please refer to VLAN section for getting more usage details). There is one default setting for those LAN IP Address on the same subnet as the6402 LAN interface.
Page 84: Dhcp Server List
The DHCP Server list allows user to create and customise DHCP Server policies to assign IP Addresses to the devices on the local area network (LAN) Basic Network >LAN & VLAN> DHCP Server List The 6402 allows you to customize your DHCP Server Policy. It supports up to a maximum of 4 policy sets. 4.2.3.3.
Page 85: Create/Edit Mapping Rule List On Dhcp Server
Basic Network > LAN + VLAN > DHCP Server > DHCP Server List > Fixed Mapping The 6402 allows you to custom your Mapping Rule List on the DHCP Server. It supports up to a maximum of 64 rule sets. When the Fix Mapping button is applied, the Mapping Rule List screen will appear.
Page 86: View/Copy Dhcp Client List
6402 Manual Basic Network 4.2.3.5. View/Copy DHCP Client List Basic Network > LAN + VLAN > DHCP Server > DHCP Server List > DHCP Client List When the DHCP Client List button is applied, the following DHCP Client List screen will appear.
Page 87 6402 Manual Basic Network DHCP Option meanings (DHCP Option 66 gives the IP address or the hostname of a single TFTP server) (DHCP Option 72gives the IP address of WEB Servers) (DHCP Option 114 can be used to configure the URL of the provisioning server in Gigaset IP...
Page 88: Wi-Fi
Access Point (AP)Router Mode This mode allows you to connect your wired and wireless devices to create a subnet via the 6402 and provide access to the Internet using the 6402 NAT mechanism. In this mode the 6402 is working as a Wi-Fi AP, but also a Wi-Fi hotspot.
Page 89: Wds Only Mode & Wds Hybrid Mode
Intranet. In WDS Hybrid mode the 6402 acts as an access point for its Wi-Fi Intranet and a Wi-Fi repeater for its Wi-Fi Intranets at the same time. Users can thus use the features to build up a large wireless network in large spaces like airports, hotels and schools …etc.
Page 90: Aponly Mode
Wi-Fi links for linking them all together. It also uses an Ethernet link to connect to an external 6402 that executes IP assigning and NAT/routing function for Internet accessing.
Page 91: Wi-Fi Module One Configuration
6402 Manual Basic Network 4.3.2. Wi-Fi Module One Configuration Go to Basic Network >Wi-Fi>Wi-Fi Module One Tab. If the 6402 is equipped with two Wi-Fi modules, it’s possible to undertake similar configurations on both modules. 4.3.2.1 Basic Configuration Basic Configuration...
Page 92 With the current version of software, the option to select WPS Setup has been disabled and greyed out. VAP Configuration On the 6402 Wi-Fi allows configuration of up to 8 Virtual Access Points. Each VAP can provide different SSID, Authentication, Encryption and even Access rights. Once configured each of these can be edited.
Page 93 6402 Manual Basic Network authenticated by RADIUS server. RADIUS Server IP(The default IP is 0.0.0.0) RADIUS Server Port(The default value is 1812) RADIUS Shared Key When WPA or WPA2 is selected They are implementation of IEEE 802.11i. WPA only had implemented part of IEEE 802.11i but owns the better compatibility.
Page 94 For the WDS Only mode, the 6402 only bridges the connected wired clients to another WDS-enabled Wi-Fi device which the 6402 is associated with. It also means the no wireless clients can connect to this 6402 while WDS Only Mode is selected.
Page 95: Wireless Client List
Object Definition >Scheduling > Configuration tab. 4.3.3. Wireless Client List The Wireless Client List page shows the information of wireless clients which are associated with this 6402.Go to Basic Network >WiFi>Wireless Client List Tab. 4.3.3.1 Target Wi-Fi Target Configuration Item...
Page 96: Advanced Configuration
4.3.4. Advanced Configuration The 6402 provides an advanced wireless configuration option for advanced users to optimise the wireless performance under the specific installation environment. NB. if you are not familiar with Wi- Fi technology, leave the advanced configuration with its default values, or the connectivity and performance may get worse with improper settings.
Page 97 6402 Manual Basic Network Advanced Configuration Item Value setting Description The default setting Regulatory is according to It limits the available radio channel of this device. Domain where the product The permissible channels depend on the Regulatory Domain. sale to It shows the time interval between each beacon packet broadcasted.
Page 98: Ipv6
(stateless address auto-configuration), network re-numbering and router announcements when changing Internet connectivity providers. The 6402 supports various types of IPv6 connection (Static IPv6/DHCPv6 / PPPoEv6/6 to 4/6 in 4). Please contact your ISP to determine type of IPv6 supported before you proceed with IPv6 setup.
Page 99: Address Auto-Configuration - (Same For All Ipv6 Options)
Subnet Prefix Mandatory Setting Enter the WAN Subnet Prefix Length for the router. Length Default 6402 Mandatory Setting Enter the WAN Default 6402 IPv6 address. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server.
Page 100: Dhcpv6
6402 Manual Basic Network Address Auto-configuration Item Value setting Description The box is Auto- unchecked by Check to enable the Auto configuration feature. configuration default Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity. Select Stateless to manage the Local Area Network to be SLAAC + RDNSS 1.
Page 101: Pppoev6
6402 Manual Basic Network The above diagram depicts DHCP IPv6 IP addressing, the DHCPv6 server on the ISP side assigns IPv6 address, IPv6 default address, and IPv6 DNS to client host’s automatically. DHCPv6 WAN Type Configuration DHCPv6 WAN Type Configuration...
Page 102 6402 Manual Basic Network The diagram above depicts the IPv6 addressing through PPPoE, the PPPoE v6 server (DSLAM) on the ISP side provides an IPv6 configuration upon receiving the PPPoE v6 client request. When the PPPoE v6 server gets a client request and successfully authenticates it, the server sends an IP address, DNS server addresses and other parameters to automatically configure the client.
Page 103 In the above diagram, the 6 to 4 means there is no need to set the 6402 address to "automatic". The Automatic setting means the 6402 will use the relay server, as defined in RFC 3068 which includes segments on 192.88.99.0/24 used as 6 to 4 relay of any-cast address to complete the 6 in4 setting.
Page 104 6402 Manual Basic Network 6 to 4 WAN Type Configuration 6to4 WAN Type Configuration Item Value setting Description 6to4 Address Value auto-created IPv6 address for access the IPv6 network. Primary DNS An optional setting Enter the WAN primary DNS Server.
Page 105 6402 Manual Basic Network In the diagram above, the 6 in 4 usually needs to register to a 6 in 4 tunnel service, known as Tunnel Broker, in order to function. It also needs to know the end point global IPv4 addresses such as 114.39.16.49 to complete the 6 in 4 setting.
Page 106: Port Forwarding
NAT Local Area Network. It is useful when you run a server inside your network. For example, if you set a mail server on your local LAN, your local devices can access this mail server through the 6402’s global IP address when the NAT Loopback feature is enabled.
Page 107: Nat Configuration Setting
However, a virtual computer is a host on the Intranet whose IP address is global and visible to the outside world. Since it is in the Intranet, it is protected by the 6402 firewall acts like a node on the Internet.
Page 108: Virtual Server
WAN side. For example, if you set an E-mail server on the LAN side with IP address 10.0.75.101, a remote user can access the 6402 for the E-mail service if you define a virtual E-mail server on the 6402 by using the real E-mail server on the LAN side, as shown in scenario ② in following diagram.
Page 109: Virtual Computer
25 and POP3 service port 110. This will allow the remote user to access the E-mail server in the 6402 Gateway that has the global IP 118.18.81.33 on its WAN side. But the real E-mail server is located on the LAN side and the 6402 Gateway acts as the port forwarder for E-mail service.
Page 110 Configure a virtual computer in the 6402 for mapping between the global IP address 118.18.81.44 and the local IP address 10.0.75.102. The 6402 will take care of all connectivity to the FTP file server by using the server's global IP address, and it acts as a gateway between the LAN host and the outside world by using its "Virtual Computer"...
Page 111 Click Undo to cancel the settings. Create/Edit Virtual Server The 6402 allows you to customise your Virtual Server rules. The router supports up to a maximum of 20 rule-based Virtual Server sets. When the Add button is applied, the Virtual Server Rule Configuration screen will appear.
Page 112 6402 Manual Basic Network Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can be set a Single Port number. Public Port is selected Port Range and specify a port range, and Private Port can be selected Single Port or Port Range.
Page 113: Create/Edit Virtual Computer
4.5.3 IP Translation IP Translation is similar to One-to-One NAT. It is a feature where you can configure the 6402 with multiple IP addresses issued by your ISP and map them to individual intranet devices with specific IP addresses. That is, configuring the IP Translation feature creates a one-to-one mapping between a public IP address and a private IP address of a local host.
Page 114: Ip Translation Setting
Users in the Control Centre can access application server via 1.1.1.1 or the NAS device via 1.1.1.100. Example Configuration The following table lists the parameter configuration as an example for the 6402 in above diagram. Use default value for those parameters that are not mentioned in the table.
Page 115: Dmz & Pass Through
In the "DMZ" page, there is only one configuration window for the "DMZ" feature. The window lets you activate the DMZ function and specify the IP address on the 6402 local Intranet to be a DMZ host so that the host under the DMZ function can run applications freely that would, otherwise, blocked by the NAT mechanism.
Page 116 The DMZ host is behind a 6402 NAT and receives all normal and active packets from the Internet. Remote users can access the DMZ host by using the IP address of the 6402, and the 6402 will skip the NAT checking on the DMZ host. The DMZ host is still protected by the 6402 firewall.
Page 117: Enable Dmz And Pass Through
Basic Network 4.5.5 DMZ & Pass Through The DMZ host is a host that is exposed to the Internet but still within the protection of the 6402 Gateway firewall Go to Basic Network >Port Forwarding> DMZ& Pass through tab. 4.5.5.1.
Page 118: Static Routing Example
In diagram above, the 6402 is the router in Network-A and its subnet is 10.0.75.0/24. The 6402 has the IP address of 10.0.75.2 for its LAN interface, and 118.18.81.33 for its WAN-1 interface and IP Address of 203.95.80.22 for its WAN-2 interface. It serves as a NAT router.
Page 119 The "Configuration" - window lets you activate the global static routing feature only. Even if you have defined many static routing rules for the 6402, you can disable them temporarily, by unchecking the Enable box. Go to Basic Network >Routing>Static Routing Tab.
Page 120: Dynamic Routing
• BGP (Border Gateway Protocol), The use of dynamic routing allows the 6402 to establish routing tables automatically. Dynamic routing will be very useful when there are lots of subnets in your network. Generally speaking, RIP is suitable for small network. OSPF is more suitable for medium network. BGP is more used for big network infrastructure.
Page 121: Enable Rip
Open Shortest Path First (OSPF) is a routing protocol for (IP) networks and uses a link state routing algorithm and falls in nario Application Where a 6402 manager wao deploy a 6402 in a large network the router will learn its Configuration Path [Dynamic Routing]-[OSPF Configuration] ■...
Page 122 ID and Key in these fields on OSPF protocol. 1. Classless Inter Domain Routing (CIDR) Subnet Backbone Mask Notation. (Ex: The Backbone Subnet of this 6402 using the OSPF protocol. Subnet 192.168.1.0/24) 2. A Must filled setting Create/Edit OSPF Area Rules The router allows you to custom your OSPF Area List rules.
Page 123: Bgp Example
6402 Manual Basic Network 4.6.4.3. BGP Example BGP may be used for routing within an AS. In this application it is referred to as a Gateway Interior Border Protocol, Internal BGP, or iBGP. Scenario Application Timing Most ISPs must use BGP to establish routing between one another (especially if they are multi-homed).
Page 124: Routing Information
Click the Save button to save the configuration Create/Edit BGP Neighbour Rules The 6402 allows you to custom your BGP Neighbour rules. It supports up to 32 rule sets. When the Add button is applied, the BGP Neighbour Rule Configuration screen will appear.
Page 125: Dns & Ddns
The user has to register a domain name to a third-party DDNS service provider to use DDNS function. Once the IP address of a WAN interface in the 6402 has changed, the dynamic DNS agent in the 6402 will inform the DDNS server of the new IP address. The server automatically re-maps your domain name with the changed IP address.
Page 126 Diagram Dynamic DNS Scenario Application Example When the IP address of the 6402 is dynamically changed by ISP, and other hosts in the Internet want to link to the 6402 by using its corresponding domain name, the 6402 must provide the dynamic DNS function to carry out the requirement.
Page 127: Setup Dynamic Dns
6402 Manual Basic Network 4.7.2. Setup Dynamic DNS The router allows you to custom your Dynamic DNS settings. DDNS (Dynamic DNS) Configuration Item Value setting Description DDNS The box is unchecked by default Select the Enable box to activate this function.
Page 128: Qos
The 6402 Security provides a Rule-based QoS to carry out these requirements. 4.8.2. QoS Configuration This 6402 provides a large number of flexible rules for the network manager to set QoS policies. It’s necessary to know three important pieces of information before you create your own policies. •...
Page 129 6402 Manual Basic Network In the above diagram, a QoS rule is organised by the premise part and the conclusion part. In the premise part, you must specify the WAN interface, host group, service type in the packets, packet flow direction to be watched and the sharing method of group control or individual control.
Page 130 "DSCP" Type of QoS Rule Example Scenario Application Timing When the 6402 Manager wants to convert the code point value, "IP Precedence 4(CS4)", in the packets from a client hosts (IP 10.0.75.196~199) to the code value, "AF Class2 (High Drop)", they can use the "Rule-based QoS"...
Page 131 "Connection Sessions" Type of QoS Rule Example Scenario Application When the 6402 manager wants to limit the connection sessions from some client hosts for example(IP 10.0.75.16~31) to 20000 sessions in total for access to the Internet, they can use the "Rule-based QoS"...
Page 132: Qos Configuration Setting
Click the Save button to save the settings. Check the "Enable" box to activate the "Rule-based QoS" function. Also enable the FBM feature when needed. When FBM is enabled, the 6402 adjusts the bandwidth dynamically based on current bandwidth usage situation to reach maximum network performance while remaining transparent to all users.
Page 133: Setup System Resource
After enabling the QoS function and configuring the system resources, the network manager has to further specify some QoS rules to provide a better service for traffic. The 6402 supports up to a maximum of 128 rule-based QoS rule sets.
Page 134 6402 Manual Basic Network QoS Rule Configuration Item Value setting Description Interface 1. Mandatory Specify the WAN interface to apply the QoS rule. 2. All WANs Select All WANs or a certain WAN-n to filter the packets entering to or leaving from are selected by the interface(s).
Page 135: Redundancy
6402. The 6402 with a VRRP function can join one group of redundant 6402s to serve as the backup unit for the master 6402. Fill in the same values of the virtual server ID’s and IP addresses for these 6402s, and each 6402 owns its own priority as the sequence in the backup list.
Page 136 Internet connections will take over the connection and become the master. If the original 6402 recovers its link to the Internet and its priority if higher than the unit which has just become the master, then the link will return to the original 6402 and that will once again become the master.
Page 137: Vrrp Setting
Specify the ID of VRRP virtual server to be "253" and its IP address to be "10.0.75.200". The priority of the master 6402 is 254 and it is larger than 253 which is what’s set for the backup 6402. Initially, all data from the local subnet will go through the master 6402 with the highest priority.
Page 138 6402 Manual This page left blank intentionally...
Page 139: Object Definition
6402 Manual Object Definition SECTION 5 OBJECT DEFINITION...
Page 140: Object Definition
6402 Manual Object Definition Object Definition 5.1.1. Scheduling 5.1.1.1. Time Schedule List Scheduling provides the ability to add or delete time scheduled rules, which can be applied to other functionality. Go to Object Definition > Scheduling > Configuration tab. Button description...
Page 141: Grouping
6402 Manual Object Definition GROUPING 5.2.1. Host Grouping Go to Object Definition >Grouping >Host Grouping tab. The Host Grouping function allows user to make host group for some services, such as QoS, Firewall, and When Add button is applied, Host Group Configuration screen will appear.
Page 142: External Server
Create external server When Add button is applied, External Server Configuration screen will appear. The 6402 allows configuration of a remote RADIUS Server for VPN authentication and also management authentication of the 6402. Note. The RADIUS Server serves to authenticate network managers wanting to access the 6402 management.
Page 143 6402 Manual Object Definition Idle Timeout: (By default 1) The values must be between 1 and 26. Secondary: Shared Key (String format: any text) Authentication Protocol (By default CHAP is selected) Session Timeout (By default 1) The values must be between 1 and 60.
Page 144: Adding An Authentication Server
This user access will be logged by the external server when the server is available to the 6402, so it is recommended that this user is configured on the RADIUS server to provide accurate user logs.
Page 145: Configure An External Tacacs+ Server
Enable Tick to enable this External server configuration 5.3.1.3. Configuring the Authentication Server Once the External Server has been configured the 6402 requires the external authentication to be enabled and the server selected. Section 5 – Page 6 Rev 1.5...
Page 146 6402 Manual Object Definition Go to Administration > System Operation > Password & MMI tab > MMI > External Authentication External Authentication Configuration Item Value setting Description Enable Tick to enable External Authentication Type RADIUS or TACACS+ Select the required external server...
Page 147: Certificates
6402 Manual Object Definition Certificates 5.4.1. Generating a Root CA is the top-most certificate of the tree, the private key of which is used to "sign" other certificates. Go to Object Definition > Certificate > Configuration tab > Create root CA When the Generate button is applied, the Root CA Certificate Configuration screen will appear.
Page 148: Setup Scep
My Certificate includes a Local Certificate List, which shows all generated certificates by the root CA for the 6402. It also stores the generated Certificate Signing Requests (CSR) which will be signed by other external CA’s. The signed certificates can be imported as local certificates belonging to the 6402.
Page 149 6402 Manual Object Definition Configuration Path [My Certificate]-[Local Certificate Configuration] Name HQCRTSelf-signed:■ Key Type: RSA Key Length: 1024-bits Subject Name Country(C): GB State(ST): EnglandLocation(L): High Wycombe Organization(O): CASEHQ Organization Unit(OU): HQRD Common Name(CN): HQCRT E-mail: admin@casecomms.com Configuration Path [IPSec]-[Configuration] ■ Enable...
Page 150: My Certificate Configuration
"My Certificate" function. The "Local Certificate List" window shows the stored certificates or CSRs representing the 6402. The "Local Certificate Configuration" window can let you fill required information necessary for corresponding certificate to be generated by itself, or corresponding CSR to be signed by other CAs.
Page 151 6402 Manual Object Definition Local Certificate Configuration Item Value setting Description Name 1. String format Enter a certificate name. It will be a certificate file name can be any text If Self-signed is checked, it will be signed by root CA. If Self-signed is 2.
Page 152: Trusted Certificate
6402 Manual Object Definition identify which certificate could be accepted by SCEP server for encryption data information. It could be generated in Trusted Certificates. Fill in optional CA Identifier to identify which CA could be used for signing certificates. When Import button is applied, an Import screen will appear. You can import a certificate...
Page 153: Ipsec Operation Description
(BranchCRT) –a BranchCSR certificate of Gateway 2 signed by the root CA of Gateway 1. 6402 Gateway 2 -creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be the BranchCRT certificate. Import the certificate into the Gateway 2 as a local certificate. In addition, also imports the certificates of the root CA of Gateway 1 into the Gateway 2 as the trusted ones.
Page 154: Trusted Certificate Setting
6402 Manual Object Definition Gateway 2-imports the BranchCRT certificate (the derived BranchCSR certificate after Gateway 1’s root CA signature) into the "Trusted Client Certificate List" of Gateway 1 and the "Local Certificate List" of the Gateway 2. For more details, refer to the Network-B operation procedure in "My Certificate" section of this manual.
Page 155: Import Trusted Client Certificate
6402 Manual Object Definition Refer to Object Definition>External Server>External Server. You may click Add Object button to generate. 1. String format can Fill in optional CA Identifier to identify which CA could be used Identifier be any text for signing certificates.
Page 156: Signing Request To Import From A File
When you have a Certificate Signing Request (CSR) that needs to be certificated by the root CA of the 6402, you can issue the request here and let the Root CA sign it. There are two approaches to issuing a certificate.
Page 157: Issue Certificate Setting
6402 Manual Object Definition Gateway 2 can establish an IPSec VPN tunnel using the "Site to Site" scenario and IKE and X.509 protocols to 6402 Gateway 1. 5.4.3.9. Issue Certificate Setting The Issue Certificate setting allows user to import Certificate Signing Request (CSR) to be signed by root CA.
Page 158 This page left blank intentionally...
Page 159: Field Communications (Modbus)
SECTION 6 FIELD COMMUNICATIONS & MODBUS...
Page 160: Bus & Protocol
6.1.1 Serial Port The 6402 is equipped with a DB‐9 male port for serial communication use through an RS‐232 or RS‐485 serial device to an IP‐based Ethernet LAN These communication protocols allow serial users access to devices anywhere on the LAN or LAN devices access to serial devices.
Page 161: Virtual Com Port Introduction
When the Network administrator wants the 6402 to actively establish a TCP connection to a pre- defined host computer the 6402 "Virtual COM" should be set to “TCP Client” and the remote end of the link set to TCP Server. The TCP Client makes a connection to the TCP Server, either set to ‘Always On’...
Page 162: Tcp Server Mode
‘Virtual Com’ function is activated and this becomes a ‘TCP Server’ In this mode, the 6402 provides a unique "IP: Port" address on a TCP/IP network. It supports up to 4 simultaneous connections, so that multiple hosts can collect data from the same serial device at the same time.
Page 163 If required enable and enter Hex Value Data Timeout Transmit (0-1000ms) NB. Default to 0. This is the delay after the 6402 receives data in its buffer that it starts to send that data. E.g. 20ms before sending Trusted IP definition for TCP server...
Page 164: Async To Async Data Transfer Using Tcp Example
Async to Async Data Transfer Using TCP Example To run Async data using TCP its necessary to set one end to a TCP Client and the other end to a TCP Server as shown below. 6402 Async to Async Transport Site B Site A 172.16.52.2...
Page 165: Udp Mode
The Internet host computer can directly send UDP data to the serial device via the 6402, and also receive UDP data from the serial device via the 6402 at the same time. The 6402 supports up to 4 Internet host computers.
Page 166 If required enable and enter Hex Value Data Timeout Transmit (0-1000ms) NB. Default to 0. This is the delay after the 6402 receives data in its buffer that it starts to send that data. E.g. 20ms before sending Option to only allow specific IP Addresses.
Page 167: Rfc 2217 Mode
Any 3rd party driver supporting RFC2217 can be installed in the host computer, the driver establishes a transparent connection between host and serial device by mapping the IP:Port of the 6402’s serial port to a virtual local COM port on the host computer. The 6402 can support up to 4 remote devices. 6.2.1.
Page 168: Modbus
However, the Ethernet-based MODBUS protocol is very different from the original serial-based protocols. In order to integrate MODBUS networks, the 6402, includes a serial port that supports an RS-232 and RS-485 communication interface, and can automatically and intelligently translate between MODBUS TCP (Ethernet) and MODBUS RTU/ASCII (serial) protocols, allowing Ethernet- based PLCs to control instruments over RS-485 without additional programming or effort.
Page 169: Modbus Receiving From A Remote Modbus Tcp Master
6.3.1.1. MODBUS Receiving from a remote Modbus TCP Master The example is for a 6402 Router to be a MODBUS Slave allowing it to receive requests from a remote MODBUS TCP Master. The MODBUS TCP Master requests information from or sends control commands to various MODBUS devices that are attached to the MODBUS 6402 Gateway.
Page 170: Setting Modbus To Serial Master
Enable Sport-0 Serial as Slave Slave Mode-Disable Modbus Gateway Definition Options Serial Port 6402 Serial port Sport-0 Gateway Mode Set to Serial as Slave Device Slave Mode Disabled by default if enabled set Slave ID 1 to 247 Listening Port...
Page 171: Data Logging
6402 Manual Field Bus Communications Gateway Mode Configuration for Sport 0 Gateway Mode Configuration for Sport-0 1000 (ms – 1 ~ 65535) Response Timeout Timeout Retries 0 Times (0 ~5) 0Bh Exceptions Enable Tx Delay Enable TCP Connection Idle Time...
Page 172 6402 Manual This page left blank intentionally...
Page 173 6402 Manual Security and Tunnelling CHAPTER 7 SECURITY & TUNNELLING...
Page 174: Virtual Private Network (Vpn)
The IKE Phase negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers. After both phases are complete, data can be transferred between IPSec peers. Both the initiator and responder 6402’s establishing the IPSec Tunnel must have a “Static IP” Address or use FQDN (Fully Qualified Domain Name) for “Site to Site” operation.
Page 175: 7.1.1.1 Ipsec Configuration
6402 Manual Security and Tunnelling IPSec Site to Site Example Diagram 7.1.1.1 IPSec Configuration IPSec allows users to create and configure IPSec tunnels. Before you proceed ensure that the VPN is enabled and saved. To enable VPN, go to Security> VPN > Configuration tab.
Page 176: Create/Edit Ipsec Tunnel
6402 Manual Security and Tunnelling 7.1.1.2 Create/Edit IPSec tunnel Go to Security >IPSec (enable) >IPSec Server List Ensure that the IPSec enable box is checked before further configuring any IPSec tunnel settings. When the Add/Edit button is applied, a series of configuration screens will appear. They are Tunnel Configuration, Local &...
Page 177 6402 Manual Security and Tunnelling a primary IPSec tunnel from which to failover to. Load Balance Define whether the IPSec tunnel connection will take part in load balance function of the gateway. You will not need to select with WAN interface as the system will automatically utilize the available WAN interfaces to balance traffic loads.
Page 178 6402 Manual Security and Tunnelling Authentication Configuration Window Item Value setting Description Select Key Management from the dropdown box for this IPSec tunnel. IKE+Pre-shared Key:user needs to set a key (8 ~ 32characters). A Mandatory IKE+X.509: user needs Certificate to authenticate. IKE+X.509 will be setting available only when Certificate has been configured properly.
Page 179 6402 Manual Security and Tunnelling account. Selected Client this gateway will be a X-Auth client. Enter User name and Password to be authenticated by the X-Auth server gateway. Note: X-Auth Client will not be available for Dynamic VPN option selected in Tunnel Scenario.
Page 180: Dynamic Ipsec
6402 Manual Security and Tunnelling IPSec Proposal Definition Window Item Value setting Description Specify the Encryption method None/AES-auto/AES128/AES192/AES256/DES/3DES Specify Authentication method IPSec Proposal A Mandatory None/MD5/SHA1/SHA2-256/SHA2-512 Definition setting Specify the PFS Group None/Group1/ Group2/ Group5/ Group14/ Group15/ Group16/ Group17/ Group18/...
Page 181: Manual Key Management
6402 Manual Security and Tunnelling 7.1.1.4 Manual Key Management Under Authentication and ‘Key Management’ if ‘Manually’ is selected a series of windows to configure IPSec Manually is presented. The configuration windows are the Local & Remote Configuration, the Authentication, and the Manual Proposal.
Page 182 6402 Manual Security and Tunnelling Local & Remote Configuration Window Item Value setting Description Local Subnet A Mandatory setting Specify the Local Subnet IP address and Subnet Mask. Local Netmask A Mandatory setting Specify the Local Subnet Mask. Remote Subnet...
Page 183: Ipsec Configuration Example
10.0.76.2 for its LAN interface and 203.95.80.22 for its WAN interface. Network-B - is in the branch office and has a subnet of 10.0.75.0/24. The 6402 at Network-B has the IP address of 10.0.75.2 for its LAN interface and 118.18.81.33 for its WAN interface. Either side can initiate the IPSec VPN tunnel, allowing the Subnets of 10.0.75.0/24 and 10.0.76.0/24 to communicate...
Page 184: 7.1.1.6 Ipsec Example Dynamic Vpn Using Fqdn
The remote dynamic address site has information within its packet which is recognised and accepted by the 6402 at central site which has a fixed IP Address. The packets carry an ID for the remote site including the ID of the remote 6402 subnet. Note- that the remote peer has to initiate the tunnel establishing process first in this application scenario.
Page 185 WAN interface. Network-B - is the mobile office and has a subnet of 10.0.75.0/24. The 6402 at Network-B has a dynamic IP address of 118.18.81.33 for its WAN interface or private IP address of 10.253.253.1 on the Cellular Network The ‘Dynamic VPN IPSec tunnel’...
Page 186 6402 Manual Security and Tunnelling IPSec FQDN Example - Network-B Mobile Office The following table lists the configuration for Site B in the FQDN IPSec VPN Example. Note that the authentication parameters of both peers must match to complete the authentication process successfully.
Page 187: Full Tunnel Site To Site Example
Both Networks have their own subnets. • Clients at the remote site (Network B) go over the VPN Tunnel to the 6402 at Network A (HQ) to access the internet. The 6402 at Network A controls Internet Access for users at site B •...
Page 188 6402 Manual Security and Tunnelling Full Tunnel Example Configuration -Network-A at HQ The following tables list the configuration for Network A in the above example diagram. Use default value for those parameters that are not shown below. Configuration Path [IPSec]-[Configuration] ■...
Page 189: Create/Edit Dynamic Vpn Server List
6402 Manual Security and Tunnelling 7.1.1.8 Create/Edit Dynamic VPN Server List Similar to creating an IPSec VPN Tunnel fora site/host scenario, when the Edit button is applied a series of configuration screens will appear. They are Tunnel Configuration, Local & Remote Configuration, Authentication, IKE Phase, IKE Proposal Definition, IPSec Phase, and IPSec Proposal Definition.
Page 190: Openvpn Introduction
The OpenVPN Client may be a mobile user or mobile site with a public IP or private IP and requesting the OpenVPN tunnel connection. • The 6402 supports both OpenVPN Server and OpenVPN Client features to meet different application requirements. Two Open VPN connection scenarios – TAP& TUN 7.1.2.1...
Page 191: Open Vpn Tun- (Routed Mode) - Example
• If you want to offer remote access to a VPN server from client(s) and inhibit the access to remote LAN resources under VPN server, the Open VPN TUN mode is the simplest solution. • In the diagram above, the 6402 Gateway is configured as an Open VPN TUN Client and connects to an Open VPN TUN Server.
Page 192: Openvpn Tap (Bridged Mode)Scenario
If you want to offer remote access to the entire remote LAN for VPN client(s), you have to setup OpenVPN in “TAP” bridge mode. As shown in the diagram above, the 6402 Gateway is configured as an Open VPN TAP Client and connects to an OpenVPN TAP Server. Once the OpenVPN TAP connection is established, the connected TAP client will be assigned a virtual IP address of (192.168.100.210) which is the same...
Page 193: As An Open Vpn Server
6402 Manual Security and Tunnelling Configuration Item Value setting Description OpenVPN The box is unchecked Check the Enable box to activate the Open VPN function. by default Server/ When Server is selected, as the name indicated, server configuration Client Server Configuration will be displayed below for further setup.
Page 194 6402 Manual Security and Tunnelling Scenario By default, TUN is OpenVPN Server. It can be TUN for TUN tunnel scenario or selected. TAP for TAP tunnel scenario. Specify the authorization mode for the OpenVPN Server. • TLS ->The OpenVPN will use TLS authorization mode, and the following items CA Cert., Server Cert.
Page 195 6402 Manual Security and Tunnelling Cipher By default, Blowfish is It can be Blowfish/AES-256/AES-192/AES-128/None. selected. Hash By default, SHA-1 is Specify the Hash Algorithm from the dropdown list. Algorithm selected. It can beSHA-1/MD5/MD4/SHA2-256/SHA2- 512/None/Disable. By default, Adaptive is Specify the LZO Compression scheme.
Page 196: 7.1.2.7 As An Open Vpn Client
6402 Manual Security and Tunnelling Mandatory Setting Specify the Tunnel UDP Fragment. By default, it is Tunnel UDP equal to Tunnel MTU. Fragment The value is 1500 by Value Range: 0 ~ 1500. default Note: Tunnel UDP Fragment will be available only when UDP is chosen in Protocol.
Page 197 6402 Manual Security and Tunnelling OpenVPN Client Configuration Item Value setting Description OpenVPN The OpenVPN Client Name will be used to identify the client in Client Name Mandatory Setting the tunnel list. Value Range: 1 ~ 32 characters. Interface Mandatory Setting...
Page 198 6402 Manual Security and Tunnelling By default, Adaptive Specify the LZO Compression scheme. Compression is selected. It can be Adaptive/YES/NO/Default. Persist Key An Optional setting. Check the Enable box to activate the Persist Key function. The box is checked by default.
Page 199 6402 Manual Security and Tunnelling setting. server required it. Note: User Name will be available only when TLS is chosen in Authorization Mode. Password An Optional Enter the Password for connecting to an OpenVPN server, if the setting. server required it.
Page 200: L2Tp Overview
• A 6402 in HQ supporting the L2TP VPN allows users to dial into the HQ 6402 gateway and access the HQ resources by establishing an L2TP VPN tunnel. 7.1.3.1 Configuring L2TP The L2TP setting allows user to create and configure L2TP tunnels.
Page 201 6402 Manual Security and Tunnelling L2TP Server Configuration Item Value setting Description The box is unchecked When click the Enable L2TP Server by default It will active L2TP server When click the Enable box. L2TP over The box is unchecked...
Page 202: L2Tpserver Mode Configuration Example
In the diagram above the 6402 at headquarters is the L2TP Server. The L2TP Tunnel is established by the 6402 Gateway 2 at Network B. All devices on network B and the mobile users can access the resources on subnet A. The packets that are going to the Internet, go out directly from the 6402 WAN Interface, only the packets destined for Network A, go via the L2TP Tunnel.
Page 203: 7.1.3.4 Configuring L2Tp Client Mode
6402 Manual Security and Tunnelling L2TP Server Mode Setup Example - Network-A at HQ Network-A - is in the headquarters, and has a subnet of 10.0.76.0/24, has an IP address of 10.0.76.2 for its LAN interface and 203.95.80.22 for its WAN interface. It serves as an L2TP server.
Page 204 Load Balance Define whether the L2TP tunnel connection will selected by default take part in load balancing for the 6402. You will not need to select which WAN interface as the system will automatically utilise the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual.
Page 205: L2Tpclient Mode Configuration Example
Once the L2TP Tunnel has been established all the clients at Network B can access Networks A’s subnet via the L2TP Tunnel. Any packets destined to go to the Internet will go out of the 6402 via its WAN Interface, unless the ‘Default Gateway’ has been set in which case all packets will go via L2TP.
Page 206 L2TP tunnel. • If the 6402 Client at network B is set to ‘Default Gateway’ then all packets from the 6402 will go down the L2TP Tunnel, including all the packets destined for the Internet, giving the 6402 Server at Network A, control of the Internet.
Page 207: Pptp Overview
The intended use of this protocol is to provide security levels and remote access levels comparable with typical VPN products. • The 6402 can act as either a "PPTP Server" or "PPTP Client" for a PPTP VPN tunnel, or both at the same time for different tunnels.
Page 208: Configuring Pptp
Click Save button to save the settings 7.1.4.3 Configuring aPPTP Server The 6402 supports up to a maximum of 10 PPTP user accounts. When Server in the Client/Server field is selected, the PPTP server configuration window will appear. PPTP Server Configuration Window...
Page 209 Example Network-A - at HQ, the following 3 tables list the configuration for the example above in the diagram for the 6402 server at Network-A. Use default value for those parameters that are not shown in these tables. Configuration Path [PPTP]-[Configuration] ■...
Page 210: Configuring A Pptp Vpn Client
PPTP Client Configuration Item Value setting Description PPTP Client Unchecked by default Check the Enable box to enable PPTP client role of the 6402 Save Click Save button to save the settings. Undo Click Undo button to cancel the settings. 7.1.4.6 Create/Edit PPTP Client The 6402 supports up to a maximum of 32 simultaneous PPTP tunnels.
Page 211 6402 Manual Security and Tunnelling PPTP Client Configuration Window Item Value setting Description Mandatory Enter a tunnel name. Enter a name that is easy for you to Tunnel Name identify. Mandatory Select WAN interface on which PPTP tunnelling is to be...
Page 212: Pptp Vpn Client Configuration Example
LAN interface and 118.18.81.33 for its WAN interface. It serves as a PPTP client. The 6402 PPTP client at Network B uses a "User-1" user account to dial in to the PPTP server at HQ to establish a PPTP VPN tunnel, allowing subnets of 10.0.75.0/24 and 10.0.76.0/24 to communicate securely.
Page 213 LAN interface and 118.18.81.33 for its WAN interface. It serves as a PPTP client. The 6402 PPTP client at Network B uses a "User-1" user account to dial in to the PPTP server at HQ to establish a PPTP VPN tunnel, allowing subnets of 10.0.75.0/24 and 10.0.76.0/24 to communicate securely.
Page 214: Gre Overview
6402 all client hosts behind the local 6402 can communicate with other sites via the 6402. A typical scenario is for a 6402 Gateway to be installed at a branch office (Network B) for the users to access the host computers on Network A’s subnet, where a 6402 Gateway supports GRE Tunnelling.
Page 215: Configuring Gre
6402 Manual Security and Tunnelling 7.1.5.1 Configuring GRE The GRE setting allows user to create and configure GRE tunnels. Before you proceed, ensure that the VPN is enabled and saved. To enable VPN, go to Security> VPN > Configuration tab.
Page 216 6402 Manual Security and Tunnelling GRE Rule Configuration Window Item Value setting Description Tunnel Mandatory setting Enter a tunnel name. Enter a name that is easy for you to identify. Name Mandatory Select WAN interface on which GRE tunnel is to be established.
Page 217: Gre Configuration Example For Network-A
6402 Manual Security and Tunnelling The OpenVPN Client Configuration window let you specify the required parameters for one of the OpenVPN VPN clients, such as "OpenVPN Client Name", "Interface", "Protocol", "Tunnel Scenario", "Remote IP/FQDN", "Remote Subnet", "Authorisation Mode", "Encryption Cipher", "Hash Algorithm"...
Page 218: 7.1.5.4 Gre Configuration Example For Network - B
6402 Manual Security and Tunnelling Configuration Path [GRE]-[Configuration] ■ Enable Configuration Path [GRE]-[GRE Rule Configuration] Tunnel Name GRE HQ Interface WAN 1 Operation Mode Always on Tunnel IP 203.95.80.22 Remote IP 118.18.81.33 1234 Default Gateway/Remote Subnet Remote Subnet 10.0.75.0/24 ■ Enable Tunnel 7.1.5.4 GRE Configuration Example For Network - B...
Page 219: Firewall
Packet Filter The "Packet Filter" function allows a network manager to define filtering rules for incoming and outgoing packets. The 6402 can control which packets are allowed to pass or blocked. A packet filter rule should indicate the following •...
Page 220: Packet Filter Configuration Example
Enable the packet filter function and specify the "Packet Filter Rule List" is a white list and configure two packet filtering rules for the 6402. Create one rule to allow HTTP packets and the other rule to allow HTTPS packets to pass through the gateway.
Page 221: Create / Edit Packet Filter Rules
Note: Packet Filter function is only available when Firewall feature is enabled. Refer to section Firewall 7.2.2.5. Create / Edit Packet Filter Rules The 6402 allows you to customize your packet filtering rules. It supports up to a maximum of 20 filter rule sets. Packet Filter Rule Configuration Item Name...
Page 222 6402 Manual Security and Tunnelling This field is to specify the Destination IP address. Select Any to filter packets that are entering to any IP addresses. Select Specific IP Address to filter packets entering to an IP address entered in this field.
Page 223: Url Blocking
A specific time schedule can be applied to activate the URL Blocking rules The 6402 will log and display the disallowed web access requests that match the defined URL blocking rule in the black-list or in the exclusion of the white-list.
Page 224: Black List Blocking Example Configuration
Create the first rule to deny Web requests with "sex" or "porn" patterns and the other to deny Web requests with the pattern matching the text "playboy" from going through the 6402 The 6402 will block Web requests with "sex", "porn" or "playboy" from passing through the 6402. 7.2.3.4.
Page 225: Enabling Url Blocking
6402 Manual Security and Tunnelling 7.2.3.5. Enabling URL Blocking Configuration Item Value setting Description The box is unchecked Check the Enable box to activate URL Blocking function. Blocking by default Specify the URL Blocking Policy, either Black List or White List.
Page 226 6402 Manual Security and Tunnelling URL Blocking Rules Configuration Item Value setting Description String format can be Specify an URL Blocking rule name. Enter a name that is easy for you to Rule any text understand. Name A Mandatory setting This field is to specify the Source IP address.
Page 227: Mac Control
When the 6402 Network Manager wants to reject client hosts with specific MAC addresses in the from the Internet that wants to connect to the 6402, they can use the "MAC Control" function to create a black list as shown in above diagram.
Page 228: Create/Edit Mac Control Rules
6402 Manual Security and Tunnelling Enabling MAC Control Item Value setting Description The box is MAC Control unchecked by Check the Enable box to activate the MAC filter function default When Deny MAC Address Below is selected, as the name suggest, Deny MAC packets specified in the rules will be blocked –black listed.
Page 229: Ips Overview
In order to avoid such attacks, we need enable IPS functions. On the 6402 we have an E-mail server, Web Server and open TCP-Port 8080 allowing user to access web-based utilities connected to the 6402, allowing remote users or unknown users to request those services from the gateway.
Page 230: Intrusion Prevention Rules
6402 Manual Security and Tunnelling 7.2.5.3. Intrusion Prevention Rules The router allows you to select intrusion prevention rules you may want to enable. Ensure that the IPS is enabled before we can enable the defence function. Intrusion Prevention Item Value setting...
Page 231: Ips Setup Example
Scenario Procedure In above diagram, the 6402 detects incoming packets whose TCP ports are 25, 80,110,443 and 8080. The 6402 then forwards the E-mail service requests to the LAN servers and sends the replies from LAN servers back to the requester.
Page 232: Spi Application Scenario
In above diagram, 6402 at Network-A has a subnet of 10.0.75.0/24, and LAN Interface of 10.0.75.2 and WAN Interface of118.18.81.200. It serves as a NAT router. With this feature enabled on the 6402 remote users can’t get responses to Pings but can access the web-based utility of Gateway via port 8080 of TCP.
Page 233: Define Remote Administrator Host
7.2.7.1. Define Remote Administrator Host The 6402 allows the network manager to connect to the 6402 remotely to manage the unit. The network administrator can assign specific IP address and service port to allow accessing the router. Remote Administrator Host Definition...
Page 234 6402 Manual Security and Tunnelling This page left intentionally blank. Section 7 – Page 61 Rev 1.5...
Page 235: Administration
6402 Manual - Administration CHAPTER 8 ADMINISTRATION...
Page 236: Configure & Manage
Network Management can be invaluable to not only configure but monitor and diagnose problems. The Case Communications 6402 has management protocols, such as a Command Script, TR-069 and Telnet with a CLI. These are described in the ‘Configure &...
Page 237: Edit/Backup Plain Text Command Script
6402 Manual Administration 8.1.1.1. Edit/Backup Plain Text Command Script You can edit the plain text configuration settings in the configuration screen as above. Plain Text Configuration Item Value setting Description Clean Clean text area. (You should click Save button to further clean the configuration already saved in the system.)
Page 238: Plain Text System Configuration With Telnet
8.1.1.2. Plain Text System Configuration with Telnet In addition to the web-style plain text configuration as mentioned above, the 6402 also allow configuration via a Telnet CLI. An administrator can use the proprietary telnet command “txtConfig” and related action items to perform the plain system configuration.
Page 239: Tr 069 Scenario Example
8.1.2.4 TR069 Example Operation Procedure In above diagram, the ACS server can manage multiple 6402s in the Internet. The "6402 (1)" has an IP Address of118.18.81.33 for its WAN-1 interface. When all remote 6402s have booted up, they will try to connect to the ACS server.
Page 240: Configuring Tr 069
On the "TR-069" page, there is only one configuration window for TR-069 function. In that window, you must specify the information for your security 6402 to connect to the ACS. For the Drive function to work its necessary to specify the URL of the ACS server, the account information to login the ACS server, the service port and the account information for connection requesting from the ACS server, and the time interval for job inquiry.
Page 241: Snmp
• ConnectionRequest Username • ConnectionRequest Password, The ACS Server can ask the 6402 (CPE) to send information to the ACS Server. 8.1.2.6 STUN Settings The 6402 allows configuration of a STUN (Session Traversal Utilities for NAT) connection for security on the TR-069 connection.
Page 242: Snmp Application Example
An NMS can monitor and configure managed devices by using the SNMP protocol, and any devices which use UDP packets to reach the NMS. Devices such as the 6402 which support SNMP can send urgent trap events to the NMS servers. For example, a cable being unplugged or link failing.
Page 243: Scenario Operation Procedure
In above diagram, the NMS server can manage multiple devices on the subnet or devices available via the UDP-reachable network. "6402 1" is one of the managed devices, and it has the IP address of 10.0.75.2 for its LAN interface and 118.18.81.33 for WAN-1 interface. It serves as a NAT router.
Page 244: Create/Edit Multiple Community
Create/Edit Multiple Community SNMP allows you to custom your access control for version 1 and version 2 user. The 6402 supports up to a maximum of 10 community sets. When the Add button is applied, Multiple Community Rule Configuration screen will appear.
Page 245 6402 Manual Administration User Privacy Rule Configuration Item Value setting Description User Name 1. A Mandatory Setting Specify the User Name for this version 3 user. 2. String format: any text The maximum length of the user name is 32.
Page 246: Create/Edit Trap Event Receiver
8.1.3.8 Create/Edit Trap Event Receiver SNMP allows you to custom your trap event receiver. The 6402 supports up to a maximum of 4 Trap Event Receiver sets. When the Add button is applied, the Trap Event Receiver Rule Configuration screen will appear.
Page 247 6402 Manual Administration Trap Event Receiver Rule Configuration Item Value setting Description 1. A Mandatory Setting Specify the trap Server IP. Server IP 2. String format: any The DUT will send trap to the server IP. Ipv4 address 1. String format: any port number Specify the trap Server Port.
Page 248: Edit Snmp Options
Programs with command-line interfaces are generally easier to automate via scripting. The 6402 supports both Telnet and SSH (Secure Shell) CLI with default service port 23 and 22, respectively.
Page 249: Example Explanation
The data packets between the Local or Remote Administrator and the 6402 can be plain text or encrypted text. Typically, we would use plain text (Telnet) for the local admin manager coming in from the subnet and encrypted text (Using SSH) for an admin manager accessing via the Internet.
Page 250 Click Save to save the settings Undo Click Undo to cancel the settings Access via Telnet, SSH or even the 6402’s Console port will give access to the 6402’s Linux Note: operating system. So ensure that care is taken when access is granted.
Page 251: System Operation
Enter the host name for the gateway. This can be used to interact with external network servers for identifying the name of requesting device. 8.2.1.2 Username Allows configuration of the username used to access management of the 6402 through a web browser. Username Item Value Setting...
Page 252: Change Mmi Setting For Accessing
The 6402 web-based MMI will automatically logout when the idle time has elapsed. This setting allows the 6402 administrator to enable automatic logout and set the logout idle time. If the login timeout is disabled, the system won’t logout the administrator automatically.
Page 253: System Information
0 day, 5hr, 12 min 53 sec 8.2.3. System Time The 6402 provides manual and auto-synchronized methods for the administrator to setup the system time for the 6402 Go to Administration> System Operation> System Time tab. This allows selection and configuration of how the router sets and corrects its internal time setting.
Page 254: Manual Time Configuration
Value Setting Description Manual – the use can set the time in the GUI. Synchronization PC– the 6402 collects the time from the logged in computer. Time Server by default Method Cellular Module– the 6402 collects the time from the 3G network.
Page 255: Synchronize To Cellular Module Configuration
System Time – Manual Item Value Setting Description Synchronization Time Server by default PC– the 6402 collects the time from the logged in computer. Method When checked the router can acts as an NTP server for local NTP Service Checked by default equipment.
Page 256: View & Email Log History
6402 Manual Administration 8.2.4.1. View & Email Log History View button is provided for network administrator to view log history on the gateway. Email Now button enables administrator to send instant Email for analysis. View & Email Log History Item...
Page 257: Email Alert
6402 Manual Administration 8.2.4.3. Email Alert The Email Alert screen allows network administrator to select the type of event to log and be sent to the destined Email account. Email Alert Setting Window Item Value Setting Description Unchecked by Check...
Page 258 6402 Manual Administration Log to Storage Setting Window Item Value Setting Description Enable Unchecked by default Check to enable sending log to storage. Internal is selected by Select Device Select internal or external storage. default Log file name Unchecked by default Enter log file name to save logs in designated storage.
Page 259: Backup & Restore
8.2.6. Reboot & Reset For some special situations, you may need to reboot the 6402 or reset the device 6402 to its default settings. This can be achieved using the Power ON/OFF, or pressing the reset button on the 6402 panel, but it can also be done through the web GUI.
Page 260 6402 Manual Administration System Operation Window Item Value Setting Description Chick the Reboot button to reboot the gateway immediately or on a pre- defined time schedule. Now is selected Now: Reboot immediately Reboot by default Time Schedule: Select a pre-defined auto-reboot time schedule rule to reboot the auto device on a designated time.
Page 261: Ftp
SSH File Transfer Protocol (SFTP) is sometimes also used instead but is technologically different. The 6402 has an embedded FTP / SFTP server for the network administrator to download the log files to their computer or database. In the following two sections, you can configure the FTP server and create the user accounts to allow users to login to the server.
Page 262: Enable Sftp Server
6402 Manual Administration Configuration Item Value setting Description Check Enable box to activate the embedded FTP Server function. With the FTP Server enabled, you can retrieve or delete the stored The box is log files via FTP connection. unchecked by Note: The embedded FTP Server is only for log downloading, so default.
Page 263: User Account
6402 Manual Administration Configuration Item Value setting Description SFTP Check Enable box to activate the embedded SFTP Server function. The box is unchecked With the SFTP Server enabled, you can retrieve or delete the stored by default. log files via secure SFTP connection.
Page 264: Diagnostics
6402 Manual Administration Diagnostics This 6402 supports simple network diagnosis tools for the network administrator to troubleshoot and find the root cause of any abnormal behaviour passing through the 6402. The following chapter outlines the various diagnostic tools. 8.4.1. Packet Analyser The Packet Analyser can capture packets depend on user settings.
Page 265 6402 Manual Administration Capture Fitters Item Value setting Description Filter Optional Check Enable box to activate the Capture Filter function. setting Source MACs Optional Define the filter rule with Source MACs, which means the source MAC setting address of packets. Packets which match the rule will be captured.
Page 266: Diagnostic Tools
6402 Manual Administration 8.4.2. Diagnostic Tools The Diagnostic Tools provide some frequently used network connectivity diagnostic tools for the network administrator to check the 6402‘s connectivity. Go to Administration > Diagnostic > Diagnostic Tools tab. Diagnostic Tools Item Value setting...
Page 267: Service
CHAPTER 9 SERVICE Cellular Tool Kit SMS and Event Handling Section 9 – Page 32 Rev 1.5...
Page 268: Data Usage
When the ‘Add’ button is applied, the 3G/4G Data Usage Profile Configuration screen will appear. You can create up to four data usage profiles, one profile for each SIM card used in the 6402 rugged router Section 9 – Page 1...
Page 269: Sms
6402 Manual – Chapter 9 Service 3G/4G Data Usage Profile Configuration Item Setting Value setting Description SIM Select 3G/4G-1 and SIM A Choose a cellular interface (3G/4G-1 or 3G/4G-2), and a SIM card bound to the by default. selected cellular interface to configure its data usage profile.
Page 270: Sms Summary
Write the SMS content to be sent as an SMS. The router supports up to a maximum of Message 1023 character for SMS message length. If sent SMS has been sent successfully the 6402 will receive a Send OK, message Result otherwise Send Failed will be displayed.
Page 271: Sim Pin
SIM card to prevent any unauthorised access. If a PIN code is activated on your 6402 SIM card, you will see a similar message (as shown below) when the 6402 is powered on. This requires you have the correct PIN code to unlock the SIM card. Otherwise, there is no way to use cellular-related functions, such as GSM voice service, SMS text, 3G or LTE Internet surfing …etc.
Page 272: Sim Pin Configuration
The 6402 cellular gateway is similar to a mobile phone, meaning users need to insert SIM cards into 6402’s SIM slot to get cellular-related functions. The 6402 has a metal SIM cover with screws fastened to protect SIM cards.
Page 273 Choose a cellular interface (3G/4G-1 or 3G/4G-2) to change the SIM PIN setting for Interface 3G/4G-1 by the selected SIM Card. The 6402 supports 2 SIM Cards. default SIM Status Indication for the selected SIM card and the SIM card status.
Page 274: Puk Function - Unlocking A Pin Code
6402 Manual – Chapter 9 Service Configuration Item Setting Value setting Description Current PIN Code A Mandatory setting Fill in the current (old) PIN code of the SIM card. New PIN Code A Mandatory setting Fill in the new PIN Code you want to change.
Page 275 6402 Manual – Chapter 9 Service PUK Function Window Item Value setting Description PUK status PUK Unlock Indication for the PUK status. / PUK Lock The status could be PUK Lock or PUK Unlock. As already written the SIM card will be locked by a PUK code after too many failed attempts to enter a PIN code.
Page 276: Ussd
9.1.4. USSD Note this menu option can only be seen if the 6402 has a SIM card and has connected to the network Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to communicate with the service provider's computers. USSD can be used for WAP browsing, a prepaid call back service, mobile- money services, location-based content services, menu-based information services, and as part of configuring the phone on the network.
Page 277: Application Scenario
An USSD Session Scenario 9.1.4.1. Application Scenario The following is example of the 6402 asking for ISP Services through a USSD Session via a roaming subscription with Vodafone. Scenario Description An USSD session can be established from the voice Vo3G Gateway to ask for services that are provided by ISP.
Page 278: Scenario Operation Procedure
In the "USSD Request" window, from the USSD Profile dropdown box select the "roaming setting" profile and the "USSD Command" field shows "*135#". Click on the "Send" button to send out the USSD request via the 6402 gateway, and the received response will appear at "USSD Response" line.
Page 279: Send Ussd Request
6402 Manual – Chapter 9 Service When the Add button is applied the Profile List Configuration screen will appear. USSD Profile List Item Value setting Description Profile Name Enter a name for the USSD profile. Enter the USSD command defined for the profile.
Page 280: Network Scan
The first "Configuration" window allows you select which 3G/4G module (physical interface) is used to perform a Network Scan. The 6402 will show the current SIM card used in the module. You can configure each 3G/4G WAN interface by using the network scan one after other. You can also specify the connection sequence of the targeted generation of mobile system, 2G/3G/LTE.
Page 281 6402 Manual – Chapter 9 Service Click on the "Apply" button to force the 6402 to connect to that mobile network for the dedicated 3G/4G interface. Configuration Item Value setting Description Physical The box is 3G/4G-1 by Choose a cellular interface (3G/4G-1 or 3G/4G-2) for the network scan...
Page 282: Event Handling
Managing events - are the events that are used to manage the gateway or change the setting / status of the specific functions of the 6402. On receiving the event, the 6402 will take action to change the function, collect the required status for administration, and also change the status of a certain connected field bus device simultaneously.
Page 283 6402 Manual – Chapter 9 Service For example, sending/receiving remote managing SMS for the 6402 ‘s routine maintaining, the field bus device status monitoring, digital sensors detection controlling, and so on. All management and notification function can be realised effectively via the Event Handling feature.
Page 284: Configuration
6402 Manual – Chapter 9 Service 9.2.1. Configuration 9.2.1.1. Configuring event Handling Event handling is the service that allows the network administrator to setup pre-defined events, handlers, or response behavior with individual profiles. Go to Service > Event Handling > Configuration Tab.
Page 285: Sms Account List
9.2.1.3. SMS Account List Setup the SMS Account for managing the 6402 through the SMS. It supports up to a maximum of 5 accounts. You can click the Add / Edit button to configure the SMS account. SMS Account Configuration...
Page 286 6402 Manual – Chapter 9 Service Email Service Configuration Item Value setting Description Email Server --- Option --- Select an Email Server profile from External Server setting for the email account setting. Email 1. Internet E-mail address format Specify the Destination Email Addresses.
Page 287: Digital Output (Do) Profile List
9.2.1.5. Digital Output (DO) Profile List Setup the Digital Output (DO) Profile rules, the 6402 supports up to a maximum of 10 profiles. When the Add button is applied, the Digital Output (DO) Profile Configuration screen will appear. Digital Output (DO) Profile Configuration...
Page 288: Modbus Notifying Events Profile List
6402 Manual – Chapter 9 Service 9.2.1.6. Modbus Notifying Events Profile List. Setup the Modbus Notifying Events Profile, the 6402supports up to a maximum of 10 profiles. You can click the Add / Edit button to configure the profile. Modbus Notifying Events Profile...
Page 289: Modbus Managing Events Profile
9.2.1.7. Modbus Managing Events Profile Setup the Modbus Managing Events Profile. The 6402 supports up to a maximum of 10 profiles. You can click the Add / Edit button to configure the profile. Modbus Managing Events Profile...
Page 290: Managing Events
6402 Manual – Chapter 9 Service 2. A Mandatory setting for TCP in Modbus Mode. 65535. Device ID 1. Numeric String format Specify the Device ID of the Modbus device. 1 to 2. A Mandatory setting 247. Register 1. Numeric String format Specify the Register number of the Modbus device.
Page 291 6402 Manual – Chapter 9 Service Managing Event Configuration Item Value setting Description Event SMS (or Specify the Event type (SMS, SNMP Trap, or DI) and an event identifier / profile. SNMP Trap) SMS: Select SMS and fill the message in the textbox to as the trigger condition for the by default event;...
Page 292: Notifying Events
6402 Manual – Chapter 9 Service 9.2.3 Notifying Events The Notifying Events Setting allows the 6402 network administrator to define the relationship (rule) between event triggers and handlers. 9.2.3.1 Configuration Go to Service > Event Handling > Notifying Events Tab. - Enable Notifying Events...
Page 293 6402 Manual – Chapter 9 Service Notifying Event Configuration Item Value setting Description Event Digital Input (or Specify the Event type and corresponding event configuration. The supported Event WAN) by default Type could be: Digital Input: Select Digital Input and a DI profile you defined to specify a certain Digital Input Event;...
Page 294 6402 Manual This page left blank Intentionally Rev 1.5...
Page 295: Appendices
6402 Manual – Appendices APPENDICES Section 10 Rev 1.5...
Page 296: Linux Access
Note: Take care when using Linux commands on the 6402. 10.1.1 Accessing the Console Port To access the Console Port connect the 6402 Console Cable to the port on the 6402 and a PC with a Terminal Emulator program. Set the Terminal Emulator to: Baud Rate: 57600 bps, 8 Data Bits, 1 Stop Bit and no Parity.
Page 297: External Server Management Authentication
This will allow management in the even if the server being unavailable. The 6402 will store details of all management access made since the last time it was powered up or rebooted. Management access will also be logged in the 6402’s Syslog.
Page 298 6402 Manual Appendices This page left blank intentionally Section 10 Page 3 Rev 1.5...
Page 299 This page left blank intentionally...
Page 300 Technical Publications - 2022 www.casecomms.com...