InHand VG814 User Manual
  1. Manuals
  2. Brands
  3. InHand Manuals
  4. Gateway
  5. VG814
  6. User manual

InHand VG814 User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

InHand VG814 User's Manual V1.2
Declaration
Thank you for choosing our product. Before using the product, read this manual
carefully.
The contents of this manual cannot be copied or reproduced in any form without the
written permission of InHand.
Due to continuous updating, InHand cannot promise that the contents are consistent
with the actual product information and does not assume any disputes caused by the
inconsistency of technical parameters. The information in this document is subject
to change without notice. InHand reserves the right of final change and
interpretation.
© 2020 InHand Networks. All rights reserved.
Conventions
Symbol
>
""
>>
Indication
Indicates a button name, for example,
the OK button.
Indicates a window name or menu name,
for example, the pop-up window "New
User".
Separates a multi-level menu. For
example, the multi-level menu File >>
New >> Folder indicates the menu item
"Folder" under the sub-menu "New", which
is under the menu "File".

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the VG814 and is the answer not in the manual?

Questions and answers

Related Manuals for InHand VG814

Summary of Contents for InHand VG814

  • Page 1 The contents of this manual cannot be copied or reproduced in any form without the written permission of InHand. Due to continuous updating, InHand cannot promise that the contents are consistent with the actual product information and does not assume any disputes caused by the inconsistency of technical parameters.
  • Page 2 Reminds readers to be careful. Improper action may result in loss of data or device damage. Notes contain detailed descriptions and helpful suggestions. Technical support: Support: support@inhandnetworks.com Inquiry: info@inhandnetworks.com T: +1 (703) 348-2988 43671 Trade Center Place, Suite 100, Dulles, VA 20166...

  • Page 3: Table Of Contents

    2.1 Indicator Description 2 2.2 Restoring Default Settings via the Reset Button 3 2.3 Panel interface introduction 4 2.3.1 VG814 railway version 4 3 Default Settings 7 4 Login and Network Access 9 4.1 Network Access via the Dialup Card 9 4.2 Network Access via Wi-Fi 12...
  • Page 4 5.3 VPN Application 23 5.3.1 IPsec 23 5.3.2 GRE 27 5.3.3 L2TP 28 5.3.4 OpenVPN 30 5.3.5 Certificate Management 31 5.4 Services 33 5.4.1 DHCP (Automatic IP Address Allocation) 33 5.4.2 DNS 35 5.4.3 DDNS 36 5.4.4 SMS 37 5.4.5 GPS 38 5.4.6 QoS 41 5.4.7 Traffic Control 42 5.5 Firewall 43...
  • Page 5 5.7 Link Backup 52 5.7.1 SLA 52 5.7.2 Track 52 5.7.3 VRRP 54 5.7.4 Interface Backup 56 5.8 Wizards 59 5.8.1 New Cellular 59 5.8.2 New IPsec Tunnel 59 5.8.3 IPsec Experts' Configuration 60 5.8.4 New L2TPv2 Tunnel 60 5.8.5 New Port Mapping 61 6 APP Management 63 6.1.1 APP Status 63 6.1.2 APP Management 63...

  • Page 6: Overview

    9.9 System Logs 87 9.10 System Upgrade 89 9.11 System Reboot 89 10 Diagnostic Tools 91 1 Overview InHand VG814 is a new-generation 4G in-vehicle gateway oriented at the Internet of Vehicles (IoV). It provides fast and safe networks for automobiles and transport...
  • Page 7 service vehicles, meeting the requirements of police vehicles, emergency command vehicles, engineering vehicles, medical vehicles, and logistics vehicles for fast mobile networks. It is used with a cloud-based remote vehicle management platform to provide ubiquitous accessible networks and uninterrupted operation supervision for logistics management, asset tracking, mobile office, and government security.

  • Page 8: Hardware

    2 Hardware 2.1 Indicator Description VG814 Indicator Status and Definition Steady off --- The device is powered off. Steady red --- The system is starting. Steady blue --- IGT is not correctly installed. System Blinking green --- The system operates properly.
  • Page 9 Steady red --- The current dialup card has weak signals (signal strength: ≤ 9 asu). Steady blue --- The current dialup card has moderate signals (signal strength: 10–19 asu). Steady green --- The current dialup card has strong signals (signal strength: ≥ 20 asu).
  • Page 10 Blinking green --- An AP is associated. Used as an AP: Steady off --- The AP is disabled. Blinking blue --- The AP operates properly. Used as a STA: Wi-Fi 5G Steady off --- The STA is disabled, or no AP is associated. Steady blue --- Connection fails due to a wrong password after an AP is associated.

  • Page 11: Restoring Default Settings Via The Reset Button

    2.2 Restoring Default Settings via the Reset Button To restore default settings via the Reset button, perform the following steps: 1. Power on the device and immediately press and hold the Reset button. After about 15s, only the System indicator is steady red. 2.

  • Page 12: Panel Interface Introduction

    2.3 Panel interface introduction 2.3.1 VG814 Road / Bus version Antenna Panel Antenna and SIM GNSS Connector FAKRA C-coded male Wi-Fi Connector FAKRA I-coded male 4G version 2* FAKRA D-coded male Cellular Connector 5G version 4* FAKRA D-coded male 2* Mini SIM 2FF...
  • Page 13 Interface Panel Interface Info Gigabit Ethernet M12 X-Coded female M12 A-Coded female Power M12 A-Coded male 20 Pin industrial segment 18 Pin industrial segment...
  • Page 14 Signal WHEELTICK RS232_RX1 L- Channel CAN1_L RS485_A Signal RS232_TX1 R- Channel Mic In CAN1_H RS485_B Signal Signal DI10 DI11...

  • Page 15: Vg814 Railway Version

    2.3.2 VG814 railway version Antenna Panel Antenna and SIM GNSS Connector TNC Female Wi-Fi Connector TNC Female Cellular Connector TNC Female 2* Mini SIM 2FF...
  • Page 16 Interface Panel Interface Info Gigabit Ethernet M12 X-Coded female M12 A-Coded female Power M12 A-Coded male 20 Pin industrial segment 18 Pin industrial segment Signal RS232_RX1 RS232_RX2 CAN_L RS485_A...
  • Page 17 Signal RS232_TX1 RS232_TX2 CAN_H RS485_B Signal Signal DI10 DI11 2.3.3 Power and FMS VG814 Road / Bus version and Railway verion Power connector and FMS are same. Power Connector Signal VIN+ VIN-...
  • Page 18 FMS Connector Signal CAN_H CAN_L...

  • Page 19: Default Settings

    − The CANbus baud rate is automatically detected. On-board diagnostics (OBD) − The OBD protocol is automatically detected. − OBD data is automatically scanned. − The Wi-Fi 2.4G AP is enabled. The SSID starts with Default settings of Wi-Fi VG814-, followed by six digits.
  • Page 20 − The Wi-Fi 5G AP is enabled. The SSID starts with VG814-5G- , followed by six digits. − WPA2-PSK is used for authentication. − The password contains the last eight digits of the SN. − Four LAN ports are enabled.
  • Page 21 HTTPS. − adm/123456 (super Username and password administrator) − shutdown-delay 30: The power-off delay is 30s. − standby-mode 1: The power- off function is enabled. − standby-check-interval 20 indicates the power check interval in standby mode. Power management − standby-voltage 90: The standby threshold voltage is 9 −...
  • Page 22 Baud rate: 9600 Data bits: 8 bits Parity bit: none Stop bit: 1 bit − RS485 Baud rate: 9600 Data bits: 8 bits Parity bit: none Stop bit: 1 bit...

  • Page 23: Login And Network Access

    PC. Insert the diversity dialup antenna when the dialup card has poor signals. VG814 railway version, appearance drawing of single cellular network module Note: Before inserting or removing the SIM card, unplug the power cable; otherwise, the...
  • Page 24 2. Assign an IP address to the PC, which is on the same network segment as the IP address of the gateway. Method 1: Enable the PC to obtain an IP address automatically (recommended). Method 2: Configure a fixed IP address on the same network segment as the gateway address for the PC.
  • Page 26 Obtain an IP address automatically Use a fixed IP address 3. Open the browser, enter the default IP address 192.168.2.1 of the gateway in the address bar, and press Enter. 4. Log in (if a blocking prompt is displayed, click "Advanced >> Continue"). Default Username adm Password 123456 5.
  • Page 28 6. Ping a common website in China with a ping detection tool. If there is data transmission, the device has been successfully connected to the network.

  • Page 29: Network Access Via Wi-Fi

    7. Enable the dual-SIM function when two SIM cards are used. 4.2 Network Access via Wi-Fi 1. Complete the connection shown in the following figure. Please connect the Wi-Fi antenna before logging in to the device.
  • Page 30 2. Assign an IP address to the PC, which is on the same network segment as the IP address of the gateway. Log in to the web page. For details, see 4.1 Network Access via the Dialup Card. 3. Click " Network >> Wi-Fi" and select Wi-Fi 2.4G or Wi-Fi 5G as a client. Enter the name, authentication method, and key of an available wireless access point (AP).
  • Page 31 4. Click "Status". The current network status is "Connected", and an IP address is obtained successfully, indicating that the device has been successfully connected to the network via Wi-Fi.

  • Page 32: Network Management

    5 Network Management In parameter settings, a green text box indicates a mandatory item, and a pure white text box indicates an optional item. 5.1 Network 5.1.1 Bridge Port A bridge port is intended to connect two different physical LANs over a bridge, to enable storage and forwarding across LANs at the link layer.

  • Page 33: Vlan Port

    5.1.2 VLAN Port A virtual LAN (VLAN) comprises a group of logical devices and users. These devices and users are not limited by physical locations, but can be organized based on functions, departments, applications, and other factors. They communicate with each other as if they are on the same network segment, which contributes to the name of VLAN.
  • Page 34 2. Return to the VLAN list. The port of VLAN 2 has been successfully added. Currently, VLAN ports of the device support two link types: access and trunk. An access port belongs to only one VLAN and is generally connected to a computer. A trunk port can be used for multiple VLANs and can receive messages from or send messages to multiple VLANs.

  • Page 35: Adsl Dialup (Pppoe)

    5.1.3 ADSL Dialup (PPPoE) Method for connecting the gateway to the PPPoE server: 1. Click "Network > > ADSL Dialup (PPPoE)", select the VG814 interface for connecting to the PPPoE server in the "Dial Pool" bar, and click Add. 2. Enter the user name, password, and pool ID of the PPPoE server in the "PPPoE List"...

  • Page 36: Wi-Fi

    5.1.4 Wi-Fi The gateway can be used as an AP or a client. When it is used as an AP, other users can access the Internet through the gateway via Wi-Fi. When it is used as a client, the gateway connects to an AP for Internet access. The status bar shows the current Wi-Fi connection status of the gateway.

  • Page 37: Loopback Port

    Method for connecting to an AP for Internet access when VG814 is used as a client: Select "Client", enter the Wi-Fi SSID and key, and click Apply & Save. 5.1.5 Loopback Port Method for adding multiple loopback ports:...

  • Page 38: Layer 2 Switch

    Click "Network >> Loopback >> Multi-IP Settings", configure any IP address for the gateway, click Add, and then click Apply & Save. 5.1.6 Layer 2 Switch Check the network connection status of GE 1 to GE 4. LINK UP indicates that the network is connected.
  • Page 39 I/O port of the gateway over the OBD-II or J1939 cable. The cable accessories can be selected or customized during purchasing. For details about the access method, see Section 4.4 in the VG814 Quick Start Guide. After the gateway starts, the OBD service is automatically enabled to collect key vehicle condition data and fault code information.
  • Page 40 Scan OBD Data and Export OBD Report: Click the Scan OBD Data button to generate a OBD data report containing detailed vehicle condition data and diagnostic information. Click the Export OBD Report button to save the generated OBD data report to the local storage. OBD Data Stream: The real-time vehicle condition data is displayed.

  • Page 41: Vpn Application

    Vehicle identification number (VIN); Valid variables and reference values that can be collected by the gateway. 5.3 VPN Application The VPN is intended to establish a private network on the public network for encrypted communication. A VPN gateway enables remote access by encrypting data packets and converting the destination address of data packets.

  • Page 42: Ipsec

    regarded as being transmitted on a dedicated data network. This ensures data security. 5.3.1 IPsec IPsec is a group of open network security protocols developed by IETF. At the IP layer, the data source authentication, data encryption, data integrity, and anti- replay functions are used to ensure the security of data transmission between communication parties on the Internet.
  • Page 43 Custom Custom Encryption Encryption AES128 algorithm algorithm Hash algorithm SHA1 Hash algorithm Same as that of gateway A Diffie-Hellman key Diffie-Hellman key Group2 exchange exchange Lifecycle 86400 Lifecycle IPsec policy IPsec policy Name Custom Name Custom Encapsulation Encapsulation Encryption Encryption AES128 algorithm algorithm...
  • Page 44 establishing the establishing the IPsec service IPsec service IKE version IKE version used IKE version Same as that of Authentication Authentication gateway A Shared key method method IP address of the IP address of the Local subnet subnet of gateway Local subnet subnet of gateway IP address of the...
  • Page 45 2. Access the IPsec status page. The IPsec VPN is established successfully if the page is shown as below.

  • Page 46: Gre

    Note: The IPsec profile does not need to be configured for establishing an IPsec VPN, but needs to be configured for establishing a DM VPN. 5.3.2 GRE The Generic Routing Encapsulation (GRE) protocol can be used to encapsulate datagrams of some network layer protocols, so that these encapsulated datagrams can be transmitted on the IPv4 network.

  • Page 47: L2Tp

    3. Set VG814_B in the same way. The virtual and peer IP addresses of VG814_B must correspond to those of VG814_A, and the key must be the same as that of VG814_A. 5.3.3 L2TP The Layer 2 Tunneling Protocol (L2TP) is an industrial-standard Internet tunneling protocol used to encrypt network data streams.
  • Page 48 2. Configure the pseudowire class: Enter a name of any pseudowire class. "L2TP Class" is the same as that on the "L2TP Class" page. Set "Source Interface" to the interface connecting to the server. Select L2TPV2 for "Protocol" and click Add. 3.

  • Page 49: Openvpn

    4. After gateway A and gateway B are configured, access the L2TP status page to view the L2TP connection status. 5.3.4 OpenVPN OpenVPN is realized based on the application-layer VPN of the OpenSSL library. It supports multiple authentication methods such as the certificate, key, and user name/password.
  • Page 50 "VPN >> Certificate Management", and import the CA certificate, public key, and private key for authentication. Enter the pre-shared key created on the OpenVPN server, click "VPN >> Digital certificate/TLS authentication Certificate Management", and import the CA certificate, public key, and private key for authentication.

  • Page 51: Certificate Management

    2. Select a digital certificate for "Authentication Type", click "VPN >> Certificate Management", and import the CA certificate, public key, and private key. 3. Click Apply & Save. Return to the "Status" page and view the tunnel status. 5.3.5 Certificate Management Certificates can be imported or exported on this page.
  • Page 52 Click "VPN >> Certificate Management >> Browse", select the certificate obtained from the certificate server, click Import XX Certificate, and then click Apply & Save. If no local certificate is available, check "Enable SCEP (Simple Certificate Enrollment Protocol)" to apply for a certificate online. Method for applying for a certificate for the gateway online: 1.

  • Page 53: Services

    2. After the server issues the certificate, check the application status. If the application status is "Completion", the certificate application succeeds. 5.4 Services 5.4.1 DHCP (Automatic IP Address Allocation) DHCP uses the client/server communication mode. The client submits a configuration application to the server, and the server returns the IP address assigned to the client to realize the dynamic configuration of the IP address.
  • Page 54 Click "Services >> DHCP >> DHCP Server". In the "DHCP Server" bar, check "Enable", select an interface, set the start and end IP addresses, click Add, and then click Apply & Save. Method for settings when the gateway is used as a DHCP client: Click "Services >>...

  • Page 55: Dns

    5.4.2 DNS The domain name service (DNS) is a distributed network directory service mainly used for mutual conversion between a domain name and an IP address. Method for enabling the DNS server for the gateway: Click "Services >> DNS >> DNS Server", enter the address of the DNS server, and click Apply &...

  • Page 56: Ddns

    Click "Services >> DNS >> DNS Relay", check "Enable DNS Relay", set the mapping between the domain name and the IP address, click Add, and then click Apply & Save. After the settings are completed, when a DNS client on the LAN requests a host domain name in the list, the DNS agent server returns the corresponding IP address to the client.
  • Page 57 If a common domain name server other than the Custom service is used, set "Method Name" and "Service Type" as required, enter the user name, password, and host name obtained from the server, and click Add. If "Disable" is selected, the DDNS service is not used. 2.

  • Page 58: Sms

    5.4.4 SMS The short message service (SMS) is enabled for gateway restart and manual dialup via SMS messages. Some gateways can receive alarm information in the SMS whitelist. Method for controlling gateway restart and manual dialup via SMS messages Click "Services >> SMS" and check "Enable". In the "SMS Access Control" bar, set "ID"...

  • Page 59: Gps

    5.4.5 GPS Position: You can view the current positioning information. Method for enabling GPS for the gateway: Click "Services >> Enable GPS", check "Enable", and click Apply & Save. By default, GPS is enabled for the gateway.
  • Page 60 Method for forwarding GPS data to the server over IP when VG814 is used as a client: Click "Services >> GPS IP Forwarding", check "Enable", select "Client" for "Type", enter the server address and port in the "Destination IP Address" bar, click Add, and then click Apply &...
  • Page 61 Click "Services >> GPS IP Forwarding", check "Enable", select "Server" for "Type", and click Apply & Save. Method for forwarding GPS data by VG814 through a serial port: Click "Services >> GPS Serial Forwarding", check "Enable", and select a serial port type based on the data transmission port used.

  • Page 62: Qos

    5.4.6 QoS Quality of service (QoS) is a network security mechanism that enables a network to provide better services for designated network communication by using various basic technologies. It is a technology for solving problems such as network delays and blocking. Method for setting the egress maximum bandwidth for the gateway through QoS control: Click "QoS >>...

  • Page 63: Traffic Control

    1. Add a network link classifier. Click "QoS >> Traffic Control >> Classifier", check "Any Packets", set the source and destination addresses of the link, select transmit protocols for QoS control, and click Add. 2. Set transmission policies. Click "QoS >> Traffic Control >> Policy", enter a custom policy name for "Name", enter the classifier name for "Classifier", set the guaranteed bandwidth, maximum bandwidth, and policy priority, and click Add.

  • Page 64: Firewall

    Common scenario: By default, all devices on the LAN (bridge 1) can access the Internet, except the device with the IP address of 192.168.2.100. Method for setting VG814: 1. Click "Firewall >> ACL >> Add". Enter the ID and sequence number. A smaller sequence number indicates a higher priority.
  • Page 65 2. Return to the ACL page, add the rule with the ID of 101 to the management rule of bridge 1, and click Add. Click Apply & Save.

  • Page 66: Nat

    5.5.2 NAT Network address translation (NAT) can be used when some hosts on a private network have been assigned with local IP addresses (that is, private IP addresses used only on the private network), but expect to communicate with hosts on the Internet (without encryption).

  • Page 67: Mac-Ip Binding

    5.5.3 MAC-IP Binding After MAC-IP binding, the PC can access the public network through the gateway only by using the IP address bound to the MAC address of the PC. Method for binding the MAC address and IP address of a connected device: 1.

  • Page 68: Routing

    2. Click "Firewall >> MAC-IP Binding", check "Enable", enter the MAC address and IP address of the connected device, click Add, and click Apply & Save. 5.6 Routing 5.6.1 Static Routing Set the destination network, subnet mask, and interface or gateway as required.

  • Page 69: Dynamic Routing

    5.6.2 Dynamic Routing Scenario: Enable dynamic routing between two LANs for mutual communication between them. The topology is shown below. 5.6.2.1 RIP The Routing Information Protocol (RIP) is a simple internal dynamic routing protocol mainly used on small-scale networks. Method for enabling dynamic routing between VG814_A and VG814_B over RIP in the scenario: 1.
  • Page 70 2. Configure VG814_B.
  • Page 71 3. After the configuration is completed, check whether PC 1 can communicate with PC 2. If yes, the dynamic route is added successfully. The RIP route learned by VG814_B is shown in the figure below. 5.6.2.2 OSPF The Open Shortest Path First (OSPF) protocol is a link-status-based internal gateway protocol mainly used on large-scale networks.
  • Page 72 2. Set parameters for VG814_B. 3. After the configuration is completed, check whether PC 1 can communicate with PC 2. If yes, the dynamic route is added successfully. The OSPF route learned by VG814_B is shown in the figure below.
  • Page 73 5.6.2.3 BGP Method for enabling dynamic routing between VG814_A and VG814_B over BGP in the scenario: 1. Configure VG814_A. Click "Routing >> Dynamic Routing >> BGP", check "Enable", and set "AS number" as required. 2. In the "Neighbor" bar, click Add, enter the IP address 192.168.1.2 of VG814_B, set "AS number"...
  • Page 74 4. Set parameters for VG814_B. The parameters are the same as or corresponding to those of VG814_A. 5. After the configuration is completed, check whether PC 1 can communicate with PC 2. If yes, the dynamic route is added successfully. The BGP route learned by VG814_B is shown in the figure below.

  • Page 75: Link Backup

    5.7 Link Backup 5.7.1 SLA The service level agreement (SLA) is used to detect whether the link between the gateway and the ISP fails. Method for adding an SLA entry for the gateway: Click "Link Backup >> SLA >> Add", enter the detected IP address for "Destination Address", set other parameters as required, click Add, and then click Apply &...

  • Page 76: Track

    Negative Delay (s): In case of an abnormal state, switching can be delayed based on the delay setting (0 indicates immediate switching). Positive Delay (s): When a failure is recovered, switching can be delayed based on the delay setting (0 indicates immediate switching). Method for adding an IPsec track entry for VG814:...

  • Page 77: Vrrp

    Click "Link Backup >> Track >> Track" and set "Index" as required. "positive- start/negative-stop" means starting the IPsec service when the track detection state is Positive and stopping the IPsec service when the track detection state is Negative. 5.7.3 VRRP Scenario: Multiple gateways are connected to a network at the same time.
  • Page 78 ● Gateway A acts as a backup gateway that can be preempted. 2. Networking diagram IP address of Ethernet port the port Gateway connected to Priority Work mode connected to host A host A VG814_A bridge 1 10.5.16.80 Preemption VG814_B bridge 1 10.5.16.81 Preemption...
  • Page 79 Click "Link Backup >> VRRP", set "Virtual Route ID" as required, select the gateway interface of VG814_A, enter the virtual IP address, set the interface priority to 110, and click Add. In the navigation tree, click "Link Backup >> VRRP >> Status" and view the VRRP status.

  • Page 80: Interface Backup

    5.7.4 Interface Backup Scenario: VG814 accesses the Internet via Wi-Fi, and an interface backup is created to enable VG814 to access the Internet through dial-up upon Wi-Fi failure. The topology is shown below. Method for creating an interface backup for the gateway:...
  • Page 81 1. Enable VG814 to access the Internet via Wi-Fi. 2. Click "Link Backup >> SLA >> SLA >> Add" to add an ICMP detection entry. Set the IP address to the host address that can be detected over ICMP on the public or private network, for example, the public IP address 118.122.120.22.
  • Page 82 4. Click "Link Backup >> Interface Backup >> Add", select "dot11radio1" for "Main Interface" and "cellular1" for "Backup Interface", and click Apply & Save. 5. Click "Routing >> Static Routing >> Add" and add two routes for network access through the "dot11radio1" and "cellular1" interfaces. A smaller value of "Distance"...

  • Page 83: Wizards

    6. Trigger a Wi-Fi failure. According to the preset link detection policy, VG814 accesses the Internet through dial-up via the cellular port, and when Wi-Fi recovers, immediately switches to Wi-Fi for Internet access. 5.8 Wizards The "Wizards" module incorporates some common communication parameters, simplifying the operations.

  • Page 84: New Ipsec Tunnel

    5.8.2 New IPsec Tunnel A dedicated virtual tunnel is established between the gateway and other devices or cloud platforms on the network. Method for establishing an IPsec tunnel for the gateway: Click "Wizards >> New IPsec Tunnel", set "Map Interface" to an interface ("bridge": bridge interface;...

  • Page 85: Ipsec Experts' Configuration

    5.8.3 IPsec Experts' Configuration This function is available only for specific users. To activate this function, contact the technical support personnel. 5.8.4 New L2TPv2 Tunnel Method for creating an L2TPv2 tunnel for the gateway: Set the parameters of the L2TP server and the local/remote addresses. Click Apply &...

  • Page 86: New Port Mapping

    5.8.5 New Port Mapping Port mapping is to map a port of a host on the intranet to a port of a host on the extranet to provide corresponding services. When a user accesses the port on the extranet, the server automatically maps the request to the internal machine on the corresponding LAN.
  • Page 87 Method for creating a port mapping for the gateway: Click Wizards >> New Port Mapping". Enter the gateway interface for "Outside Interface", gateway port for "Service Port", IP address of the internal host for "Internal Address", and port ID of the internal host for "Internal Port". Click Apply &...

  • Page 88: App Management

    6 Edge computing and app functions App function is an important part of the gateway to realize edge computing. The prerequisite for using this feature is to install the python SDK. 6.1 APP Status This page is to upgrade the SDK of Python to view the edge computing environment. 6.1.2 APP Management This page opens app management to manage Python apps.
  • Page 89 Open the imported app, check it in the app list, and then click button Apply & Save button For more guidance on app development, please refer to the development documentation. https://www.inhandnetworks.com/downlist/cid-114...

  • Page 90: App Docker Function

    6.2 APP Docker function Enable the docker function of the gateway. Click the “Go to the docker management page” default username admin password 12345678 Enter the docker management page.
  • Page 92 For container management tools, visit: https://www.portainer.io/ 6.3 Third party cloud platform The gateway device connects to the cloud platform as a client to realize communication, and obtains data in real time according to the corresponding configuration of the gateway device to achieve the purpose of data interaction. 6.3.1 MQTT protocol connection to cloud platform Step 1: click "APP>>...
  • Page 93 Step 2: click status. If the connection status is connected, the connection is successful. Note: if the server needs authentication and encryption, it needs to be enabled correspondingly. Click "app>> third party cloud platform > >mqtt>> enable", select the address and port of the cloud platform server, and enable mqtt authentication and TLS encryption.
  • Page 94 6.3.2 TCP protocol connection to cloud platform Step 1: click "app>> third party cloud platform > >tcp>> enable", select the address and port of the cloud platform server, click apply and save Step 2: click status. If the connection status is connected, the connection is successful.
  • Page 95 6.4 Local MQTT Agent The gateway device acts as an mqtt server to proxy messages. When users need messages, they use the mqtt client to subscribe to information. Python App or Doker program use gateway info, Subscribe to messages from the local mqtt agent. Step 1: click "app>>...
  • Page 96 Step 2: use mqtt client information: server address, port, authentication and other information This document uses mqtt Take FX test tool as an example. Step 3: click Connect. If the icon turns green, it means the connection is successful. Then subscribe to the information according to the topic document. The gateway will return data in JSON format.
  • Page 97 6.5 REST API In addition to using mqtt and TCP to obtain data, users can also use rest APIs to call data according to interface documents Step 1: click "app>>rest api>> enable", select the address and port of the cloud platform server, click apply and save Step 2: use tools such as postman according to the interface document to call the interface to obtain data.
  • Page 98 Azure IoT Edge Click "APP>>Azure IOT edge>> enable", click apply and save Note: this function item depends on docker. The docker function should be opened before opening...
  • Page 99 6.7 User Data Step 1: click "APP>> User Data> > User Data Management", then enter the name and corresponding value, click add, and finally click apply and save. Step 2: click "status". If the data exists in the status bar, it means that the addition is successful.

  • Page 100: Connecting The Gateway To A Cloud Platform

    7 Connecting the Gateway to a Cloud Platform 1. Click "Administration >> Device Manager >> Device Manager", check "Device Manager Enable", select the server address of the cloud platform, enter the registered account and license plate number of the cloud platform, and click Apply &...

  • Page 101: Industrial Ports (Serial Ports)

    8 Industrial Ports (Serial Ports) The industrial ports of VG814 include RS232 serial ports, RS485 serial ports, and IO ports. Signal RS232_RX1 RS232_RX2 CAN_L RS485_A Signal RS232_TX1 RS232_TX2 CAN_H RS485_B 8.1 DTU 1. Method for setting web pages when the gateway is used as a DTU: Enable DTU 1 (RS232-1) DTU 2 (RS232-2) or DTU 3 (RS-485).
  • Page 102 3. Set the IP address and transmit protocol (TCP or UDP) of the server.
  • Page 103 4. Check that the gateway-connected PC and the server exchange data through DTU.

  • Page 104: Io Ports

    8.2 IO Ports The AUX port has 11 digital inputs,ETX port has 7 digital inputs. The digital parameters correspond to two states: HIGH (1) and LOW (0).
  • Page 105 VG814 railway version: Power input range: DC 9V ~ 36V. DI: at present, this version takes the power supply voltage limit as the maximum voltage, that is, the input voltage range is DC 0V ~ 36V; It is determined as low...
  • Page 106 1.The above DIis the voltage range given for the external wet contact. At this time, the internal pull-up of VG814 cannot be used. 2. When the di external is connected to the dry contact, the vg814 can provide 12V pull-up level internally, and the pull-up resistance is 20K Ω.
  • Page 107 2. When Di external dry contact is connected, vg814 can provide the same pull-up level as the power supply voltage internally, and the pull-up resistance is 20K Ω. 3. When do is used as open drain output, the typical perfusion current can reach 450mA.
  • Page 108 Dry node link mode, need config : DI1 pull up use CLI. On is 1, Off is 0.

  • Page 109: System Management

    9 System Management 9.1 System Click "Administration >> System >> Status" and view the current system and network status of the device. Click "Basic Setup" and modify the system language and device name.

  • Page 110: System Time

    9.2 System Time To ensure the coordination between the device and other devices, set the system time accurately. Manual time synchronization: Click "Administration >> System Time >> System Time >> Sync Time" to ensure consistency between the gateway time and host time. Alternatively, click "Administration >>...
  • Page 111 Automatic time synchronization: Click "Administration >> System Time >> SNTP Client or NTP Server" and check "Enable" to synchronize the time between the gateway and the SNTP or NTP server. After NTP is enabled, the gateway can synchronize time for all devices on the network.

  • Page 112: Management Services

    9.3 Management Services When the gateway requires the HTTP, HTTPS, TELNET, and SSH functions, click "Administration >> Management Services", enable the services, and click Apply & Save.

  • Page 113: User Management

    9.4 User Management Click "Administration >> User Management" and create users, modify passwords, or delete users on the user management page. Superuser and common user: ● Superuser: By default, only one superuser is automatically created by the system, with the username of adm and the default password of 123456. It has full access rights for the gateway.

  • Page 114: Radius

    ● Authentication: Verify whether a user has the right for network access. ● Authorization: Authorize a user to use specific services. ● Accounting: Record network resource usage of a user. You can use only one or two of the security services provided by AAA. For example, if a company only expects to authenticate employees when they access specific resources, the network administrator only needs to configure the authentication server.

  • Page 115: Tacacs

    Method for enabling the Radius server for the gateway: Click "Administration >> AAA >> Radius". In "Server List", enter the server address (domain name/IP address), port ID, and authentication key, click Add, and then click Apply & Save. 9.5.2 Tacacs+ The Terminal Access Controller Access Control System + (Tacacs+) protocol is similar to the Radius protocol.

  • Page 116: Ldap

    9.5.3 LDAP The main advantage of the Lightweight Directory Access Protocol (LDAP) lies in its quick response to users' search operations. For example, massive user authentication operations may be performed concurrently. If a database is used, because the database is divided into various tables, to meet this simple authentication requirement, the database must be searched each time, along with synthesis and filtering.

  • Page 117: Aaa Authentication

    9.5.4 AAA Authentication AAA authentication methods: ● No authentication (none): No validity check is performed. Generally, this method is not used. ● Local authentication (local): User information is configured on the NAS. Local authentication is fast, which can reduce the operational costs, but the information storage amount is limited by hardware.

  • Page 118: Configuration Management

    Click "Administration >> AAA >> AAA Settings". 1, 2, and 3 are corresponding to Radius, Tacacs, ad LDAP respectively. Authentication entries 1, 2, and 3 must be corresponding to authorization entries 1, 2, and 3 respectively. When all of radius, tacacs+, and local are set, the priority sequence is as follows: 1 > 2 > 9.6 Configuration Management Method for importing configurations: Click "Administration >>...
  • Page 119 Device ManagerWith a visualization user interface and simple operation steps, the Device Manager platform enables you to manage and monitor InHand’s hardware devices, such as routers and gateways with convenience. It can quickly integrate devices and manage them with just a few clicks. The cloud deployment delivers easy-to-use experience, allowing you to focus on your core business and empowering your growth.
  • Page 120 Step2: • Config Service Type "Device Manager" • Server Address "iot.inhandnetworks.com" If you have already privatized the deployed Device Manager Cloud, fill in the private deployment server IP or domain name. Server Typy select "Coustomer". • Secure Channel , After checking, it will be transmitted with SSL encryption. •...
  • Page 121 • Make sure the VG710 is connected to the Internet. Step3: • Login Device Manager cloud. • Check Gateways, VG710 will auto login server. • For more usage reference manuals: • For more usage reference manual.
  • Page 122 9.7.1 InConnect Service The InConnect is a simple “plug & play” service which builds secure remote networks for your machines (IPCs, servers, IP cameras, PLCs, HMIs, RTUs, controllers, etc.). Featuring user-friendly interfaces and simple operation, the SaaS (Software as a Service) based solution enables you to access your devices anytime from anywhere, and stay connected with your business and with the world –...
  • Page 123 Step3: • Login InConnect service. • Check Gateways, VG710 will auto login server. • Add VG710 SN to Server:...
  • Page 124 For more usage reference manuals: 9.7.1 Smart Fleet Service InHand Smart Fleet Cloud Platform, referred to as Smart Fleet, is a business platform that provides enterprise-level vehicle monitoring and management services for enterprise customers. Smart Fleet can help you manage vehicles intelligently...
  • Page 125 operation and maintenance, help the informatization construction and digital transformation of engineering vehicles. Smart Fleet can connect multiple vehicles to the same network. You can centrally monitor and manage vehicles, issue configurations, and upgrade firmware in a unified manner. Smart Fleet helps users to quickly build an IoT network and master vehicle operation data in real time, allowing you to easily implement centralized monitoring and management of vehicles and gateways through the cloud platform.
  • Page 126 Step3: • Login InConnect service. • Check Gateways, VG710 will auto login server.

  • Page 127: Snmp

    9.8 SNMP 9.8.1 SNMP Currently, the SNMP Agent of VG814 supports SNMPv1, SNMPv2c, and SNMPv3. ● SNMPv1 and SNMPv2c use community names for authentication. ● SNMPv3 uses user names and passwords for authentication. Method for enabling SNMP for VG814: Click "Administration >> SNMP >> SNMP", check "Enable", select "v1c" for "v2c" for "SNMP Version", and click Apply &...

  • Page 128: Snmptrap (Alarm)

    9.8.2 SnmpTrap (Alarm) The SNMP trap is a type of entrance. When this entrance is reached, the SNMP managed devices actively notify the NMS, instead of waiting for the polling of NMS. On an SNMP-enabled network, the agents on managed devices can report errors to the NMS anytime, without the need of waiting for the polling of NMS.

  • Page 129: Snmpmibs

    9.8.3 SnmpMibs In SNMP messages, management variables are used to describe the managed objects on the device. To uniquely identify the managed objects on the device, SNMP uses a hierarchical naming scheme to identify the managed objects The entire hierarchical structure is like a tree.

  • Page 130: Alarm

    9.10 Alarm The alarm function enables users to identify gateway abnormalities in time. When an abnormality occurs, the gateway reports an alarm. You can select system-defined abnormalities and choose an appropriate notification way to obtain the abnormality information. All alarms are recorded in alarm logs so that users can identify abnormalities and perform troubleshooting in time.
  • Page 131 ● NOTICE: The device undergoes an error that affects system performance. ● INFO: A normal event occurs. (1) Status: Click "Administration >> Alarm >> Status" and view all alarms generated in the system since power-on. (2) Alarm Input: Select an alarm type as required. When this item is abnormal, an alarm is generated.

  • Page 132: System Logs

    The diagnose data file is encrypted, because the gateway configuration information is downloaded together with the diagnose data. You need to decrypt the file with the decryption tool provided by InHand. The storage capacity of the gateway is limited (512 KB by default). To save all...

  • Page 133: System Upgrade

    9.12 System Upgrade Click "Administration >> Upgrade >> Browse", select an upgrade file, and click Upgrade. Restart the system after the upgrade is completed. Note: During the software upgrade, do not perform any operation on the web page; otherwise, the software upgrade may be interrupted. 9.13 System Reboot Click "Administration >>...

  • Page 135: Diagnostic Tools

    10 Diagnostic Tools Diagnostic tools are used to detect the network connection of the gateway: Ping, Traceroute, Tcpdump, and Link Speed Test. Ping: It is used to detect the external network connection of the device. Enter any common website in China for "Host" and click "Ping". If data transmission occurs, the network is connected properly.
  • Page 136 Tcpdump: Select an interface ("any" or "bridge1"), set "Capture Number", and click Start Capture >> Stop Capture >> Download Capture File. Download wireshark from the browser to open the downloaded file and analyze the messages to understand the network connection of the interface.
  • Page 137 Link Speed Test: Upload and download files to test the link speed.
  • Page 138 11. Hardware installation The installation position is recommended to be installed in the air conditioning duct of the vehicle:...

Table of Contents