Table of contents General..............................9 Release note............................11 Brief description..........................13 Features..............................13 Information about cyber-security...................... 15 Warning signs............................. 16 Security information........................... 16 Maintenance............................19 Disposal of old devices........................19 Legal notice............................20 Technical Data.............................21 Scope of Supply..........................27 Display, controls and connectors..................... 28 13.1 Front view of the device......................28 13.2 View at the top of the device.....................
Page 4
20.3 Finish - Apply settings........................ 46 Quick Start - Cloud Status Page....................... 47 21.1 Quick Start..........................47 21.2 Diagnosis.............................49 21.2.1 Output of device diagnostic information to a USB stick..........50 21.3 IoT............................... 51 Classic router - configuring the mbNET via the web interface............52 22.1 Description of the graphical user interface (configuration interface)..........
Page 5
24.5.2 LAN DHCP static lease server settings............... 147 24.6 Network > DNS-Server......................148 24.7 Network Hosts...........................152 24.8 Network > DynDNS........................154 24.8.1 System DynDNS settings (MB Connect Line DynDNS service)........154 24.8.2 Public DynDNS service....................155 Serial (serial port COM)........................158 25.1 COM settings..........................159 25.2 COM network settings......................
Page 7
30.4 Key Management........................279 30.4.1 Create Backup-Key.......................280 30.5 Firmware........................... 281 30.6 RoKEY............................283 Status (information and analysis)....................285 31.1 Status > Interfaces........................285 31.2 Status > Network........................288 31.2.1 General......................... 288 31.2.2 Firewall..........................289 31.2.3 Network participants..................... 289 31.3 Status > Modem........................291 31.3.1 GSM information......................291 31.3.2 Modem..........................
Page 8
Load factory settings........................321 Device restart (Reset)........................322 Annex..............................323 37.1 Set computer address (IP address) in Windows 10..............323 Page 8 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
The document serves as a reference guide. Please read carefully and keep in a safe place. Validity The document is valid for industrial routers mbNET.rokey RKH 210, RKH 216, RKH 235 und RKH 259 - from firmware version V 6.2.4 and from hardware version HW03* The SIMPLY.connect** function is only available for devices with the Simplify³-Logo*...
Page 10
Related documents Getting started with mbCONNECT24 This document describes the first steps and measures necessary to get a device (mbNET router) connected via the Remote Client (mbDIALUP) to the portal server mbCONNECT24. Current manuals and other information The latest manuals and more information about products related to secure remote maintenance can be found in the download portal at www.mbconnectline.com Page 10 von 324 | V 7.2.0 - en | Aug 25...
Release note Version Date Comments V 6.0.6 Apr 11 , 2019 Start-Version V 6.0.8 Jun 19 , 2019 Add connection and termination examples for serial interfaces in RS 485 2- and 4-wire operation. See Chapter: "Pin assignment serial interfaces COM1/COM2 (front of device)" Note on "Last error message"...
Page 12
Version Date Comments V 7.2.0 Aug 25 , 2022 Devices with GSM modem: The following fields/information have been added under Status > Modem > GSM Information and in the Quickstart: - Mobile number (Own number) - MCC - MNC All SMS received from this device (mbNET) are now listed under Status > Modem >...
Brief description The mbNET industrial router offers you optimum flexibility and security, making remote communication with your systems both easy and secure. Thanks to its compact design, the mbNET router will fit into any switch cabinet, and with its multiple interfaces and drivers, is the perfect solution for integrating different control sys- tems.
Page 14
Requests must, where possible, be sent to the following address with the product's serial number: MB connect line GmbH Fernwartungssysteme · Winnettener Str. 6 · 91550 Dinkelsbühl GERMANY Tel. +49 (0) 98 51/58 25 29 0 · Fax +49 (0) 98 51/58 25 29 99 · info@mbconnectline.com...
Information about cyber-security To prevent unauthorized access to facilities and systems, observe the following security recommendations: General • Periodically ensure that all relevant components meet these recommendations and any additional inter- nal security policies. • Perform a security assessment of the entire system. Use a cell protection concept with suitable prod- ucts.
Warning signs The following information signs and signal words are used in this document: NO T I CE Note - indicates a potentially dangerous situation that can lead to property damage if not avoided. TI P A tip indicates additional information and guidance, for example on cyber security, which facilitates secure use of the system.
Page 17
Technical limits The product is only intended for use within the technical limits specified in the data sheets. EN/F Safety instructions • Assembly, installation and commissioning of the router should be carried out only by qualified person- nel. The respective national safety and accident prevention regulations must be observed. •...
Page 18
(F) Consignes de sécurité: • Le routeur est construit selon l’état actuel de la technique et les règles techniques reconnues en matière de sécurité (voir la déclaration de conformité). • Le routeur doit être monté à un endroit sec. Aucun liquide ne doit pénétrer dans le routeur, car cela pourrait occasionner des chocs électriques ou des courts-circuits.
The final holder is responsible for deleting personal data on the old devices to be disposed of. MB connect line offers the possibility of returning and disposing of old devices. Details can be found at www.mbconnectline.com/disposal.
No claims may be derived from the information, figures and descriptions in this operating manual. MB connect line GmbH assumes no liability for damages due to: • Non-compliance with these instructions •...
Technical Data mbNET.rokey industrial router RKH 210, RKH 216, RKH 235, RKH 259 EU, RKH 259 AT&T - from Hardware version: HW 03 You can find the hardware version on the device rating plate. Housing dimensions and views Image 1: Devices and interfaces vary depending on the device type. Technical Data | Page 21 of 324...
Page 22
Release note Version Date Comment V 6.2 Febr 26 , 2020 Previous version: V 1.0 from Nov. 2 , 2018 Correction of the current consumption: old = 1300 mA => new = 500mA Add the performance data for new LTE module, for devices with hardware version HW04.
Page 23
I/Os and standard interfacesGeneral Data Digital inputs 4 pieces, 1030 V DC (electrically isolated), (low 0 – 3.2 V DC, high 8 – 30 V DC) Digital outputs 2 pieces, 10-30 V DC (electrically isolated), to a maximum of 1.5 A per output WAN interfaces 10/100MBit/s full and half duplex operation, automatic detection patch cable/cross- over cable (auto detection)
Page 25
Devices with hardware version up to HW 04 Countries where used North America GSM/GPRS/EDGE 850, 1900 MHz; max. 236 kbps HSxPA 1900 (B2), 850 (B5) MHz; Downlink max. 21 Mbps, Uplink max. 5.76 Mbps 1900 (B2), AWS 1700 (B4), 850 (B5), 700 (B17) MHz; Downlink max. 100 Mbps, Uplink max.
Page 26
E482663 SIMPLIFIED EU DECLARATION OF CONFORMITY MB connect line GmbH hereby declares that the radio system type RKH 259 EU corresponds to the 2014/53/ EU directive. A copy of the EU declaration of conformity is available at the following Internet address: www.mbconnectline.com...
1 x Device information card (Fig. representative) Item No.: 8.002.704.00.00 If one of these parts is missing or MB connect line GmbH Tel.: +49 (0)9851/58 25 29 0 damaged, contact the following Winnettener Str. 6 Fax: +49 (0)9851/58 25 29 99 address: D-91550 Dinkelsbühl...
Display, controls and connectors 13.1 Front view of the device Function / status LEDs WAN interface LAN interfaces 1 – 4 (4 port switch) USB Host 2.0 Dial Out button Reset button Serial interface COM Coding switch hexadecimal (Function in prepa- ration) 8.a Function / status LEDs for coding switch Key switch...
Page 29
Description colour status orange GSM devices: no reception flashes GSM devices: Blink frequency 1 Hz == 20 % – 50 % reception quality • Together with Fc1 if a firmware has been detected via the USB interface. green GSM devices: Reception quality display depends on Fc4 GSM devices: Fc3 green + Fc4 green: 71 % –...
Page 30
Interfaces Designation Status Description – WAN port on the router (customer network, DSL modem,...) green flashes Network connection available WAN LED orange flashes Network traffic active LAN 1 - 4 – Local network connection (e.g. machine network) LAN-LED green flashes Network connection available 1 –...
13.3 View of underside of device Devices with LTE (4G) modem Type Equipment RKH 259 1 x SD card slot 2 x SIM card slot 2 x SMA socket for GSM antenna (MIMO) Standard devices Type Equipment RKH 210 1 x SD card slot RKH 216 RKH 235 Page 32 von 324 | V 7.2.0 - en | Aug 25...
In RS 485 mode, terminations must be carried out using terminating resistors in accordance with the number of conductors. Below you can see example circuits for 4-wire and 2-wire operation. Image 2: Connection example for the 4-wire operation Image 3: Connection example for the 2-wire operation 14.4 Pin assignment LAN/WAN port on front of device Signal Not assigned...
Router Installation Installation position/minimum clearances The router is designed to be mounted on DIN top hat rails (in accordance with DIN EN 50 022) and for installation in a control cabinet. The installation and assembly must be carried out according to VDE 0100/IEC 364.
Starting the router NO T I CE Before you connect the router to a network or a PC, make sure that the router is properly connected to the power supply. Otherwise, other devices may be damaged. galvanically isolated 1. Connect the equipotential bonding to the grounding screw on the top side of the router. Note that the grounding screw and the device housing with the 0 V potential of the power supply are electrically connected to terminal X1.
Connect router to configuration PC You can access the web interface of the mbNET directly via a PC. Requirement: • PC with network card • Internet browser (HTML5 compatible) • The IP address of the computer must be in the same network as the mbNET - 192.168 in this case.
Calling up the mbNET web Interface Start the Web browser on your PC and type the re- quired IP address of the router in the address bar. Factory setting is: 192.168.0.100 NO T I CE Please note that access to the web interface is possible only via the HTTPS protocol (https://192.168.0.100). Log in to the router - Factory setting is: User name: admin...
To cancel this operation, simply unsubscribe from the web interface (admin > Logout). Information about the benefits of using mbCONNECT24 can be found on our website www.mbconnectline.com or contact your MB connect line distribution partner. • Classic Router Selecting "classic router" creates a separate router without connecting to the mbCONNECT24 portal.
To cancel this operation, simply logout from the web interface (admin > Logout). Information about the benefits of using mbCONNECT24 can be found on our website www.mbconnectline.com or contact your MB connect line distribution partner. Use the Cloudserver to configure the mbNET for a connection a. to the Internet and b.
20.1 Internet - Configuring the Internet connection Image 4: the selection may vary depending on the device type Here, you can select how to connect to the Internet. And click on "Next". Depending on the device type, the selection is •...
Page 43
Clicking on "Next" will take you to the Portal Server settings. Static If interface type Static is selected, enter your WAN settings for the Ethernet-Internet connection. Designation Description Interface type Selection field for the interface type: - DHCP - Static WAN IP address Enter the WAN IP address.
20.1.2 Modem Connection Settings Designation Description Network (provider) Selection field for the service provider APN (Access Enter the APN of your provider here, if necessary. Point Name) SIM Pin Enter the SIM PIN of the SIM card used. User If necessary, enter your user name and password. Password Clicking on "Next"...
Page 45
Designation Description List of portal servers List of available portal servers: (For more informa- • rsp.mbconnect24.net (EU) tion see the "mbCON- NECT24 Server List” • rsp.mbconnect24.us (US/CAN) table) • rsp.mbCONNECT24.asia (ASIA) • rsp.au.mbCONNECT24.net (AU) • User defined Host address or DNS The matching host address of the portal server selection will be shown here.
20.3 Finish - Apply settings Save changes Save the settings by clicking on "Save Changes". Complete Click"Complete" to complete the process. You will be taken to the "Cloudstatus Page" (Quick start). Here you can find information (including connection errors and their cause) for each connection to the Internet, and the Portal Server. NO T I CE Do not switch off the mbNET until the mbNET has picked up its configuration from the portal.
Quick Start - Cloud Status Page 21.1 Quick Start This display appears a. each time you call up the mbNET web interface, if you have created the mbNET as a portal device b. from the configuration interface via the "admin" Menu Here, you can detect connection errors and determine the cause.
Page 48
In Step 1, you will receive an overview of interfaces and general system information. Step 2 provides information about the status of the connection to the Internet. In Step 3, you will see the result from the DNS and NTP check as well as the port check (port 80/443/1194) for the remote maintenance portal.
21.2 Diagnosis Image 5: Diagnostic example with executed command: Route monitoring Designation Description Ping After entering an internet address or an IP address, you can use the ping command (Click on the "Ping” button) to determine whether the corresponding address is ac- cessible.
Designation Description TCPDUMP In order to closely monitor the network traffic, you can use the "TCPDUMP” com- mand. Some examples of the use of this command are: • -i eth0 not port 80 Displays all TCP/IP connections to the (-i) LAN (eth0) interface, except (not) those using Port 80 (port 80) when incoming or outgoing.
21.3 IoT Here you can see an overview • of the serial number and the license type of the mbEDGE SD card used • of the status of the IoT service (Docker) • of the Docker Management Status • of the status of activation for Flows and Dashboard Click on the "Flows"...
Classic router - configuring the mbNET via the web interface If you use the mbNET as a classic router, the complete configuration and setup is performed via the web interface of the device. 22.1 Description of the graphical user interface (configuration interface) Image 6: Basic structure of the graphical user interface Main Navigation First-level navigation for the operational user interface.
22.2 Description of buttons, icons and fields Here, you will find an overview of the display elements, input/selection fields and buttons. Symbol Description Display element- greyLED example: a link is inactive, a cable or USB device is not connected, Output1 is inactive etc.
System - settings and basic router configuration Here, you will find general system information and settings. Under the System menu the following submenus are listed: Submenu Description Info General system information CTM* Configuring the CTM (Config Transfer Manager). Settings General system configuration (e.g. time and mail settings). Website HTTPS access configuration in the mbNETweb interface.
23.1 System > Info Image 7: Example display, content can vary depending on the type of device. System - settings and basic router configuration | Page 55 of 324...
Page 56
System Here you will find information about • Device type • Serial number • Firmware version • Device name in the network Warnings or/and the most recent error are also displayed here. Network Here you will find information about • Interface LAN and WAN displays which network ports are linked/connected at the moment to the existing net- work via the corresponding sockets.
23.2 System > CTM (Configuration Transfer Manager) The CTM allows the mbNET to transfer the portal configuration via the active Internet connection, i.e. the mbNET picks up its configuration from the mbCONNECT24 portal, as soon as it comes online. In order to ensure the transfer, CTM must be activated on the mbNET.
Page 58
Designation Description Active "Yes / No" selection field to activate/deactivate this function. Host address or DNS Enter the host address or DNS name. Session-Key Enter the session key generated by the portal. Enable connection "Yes/No" selection field - select "Yes" if you want to use an HTTPS proxy server through a HTTP proxy as the outgoing connection.
Page 59
Designation Description HTTP proxy username User name input field If required, the domain name (domain\username), as well as the authentication method are also here (for "NTLM”: User- name#AUTH-NTLM or for "NTLMv2": Enter Username#AUTH-NTLM2). HTTP proxy password Server password input field Clicking on "Save”...
23.3 System > Settings Page 60 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
Page 61
In the Settings submenu you can configure the following functions: Function Description/content System settings • Assign a device name in the network • Configure a device reboot Time Settings • Set the local time (date/time) • Select the time zone NTP Settings •...
23.3.1 System > Settings > System Settings Designation Description Hostname Enter here a name that allows the router to be reached on the network. NO T I C E The mbNET can only be reached under this Hostname, if the DNS server that is registered on your PC knows the device name and the IP address of the mbNET.
23.3.2 System > Settings > Time Settings Designation Description Date/Time (UTC) Displays the current system time in UTC (Coordinated Universal Time). Local Date Time Displays the current system time based on the selected time zone. Set local Date Time Adjustable system time, which is used, if no automatic time adjustment is to take place, or is not possible.
23.3.3 System > Settings > NTP Settings The Network Time Protocol (NTP) is a standard for synchronizing clocks in computer systems via pack- age-based communication networks. When time synchronization, the NTP client gets the current time from an NTP server. The mbNET can act both as an NTP client and as an NTP server.
Page 65
Designation Description Time synchronization Checkbox for enabling/disabling the NTP function. using NTP If this checkbox is activated, the mbNET acts as an NTP client. Server address Enter the IP address or the name of the time server (default address: 0.de.pool.nt- p.org).
In the case of certain events (e.g. from the alarm management) you can send automatically generated mes- sages from the system via email. Here you set whether the mbNET should use the mail server of MB connect line, with fixed specifications, or whether you want to use your own SMTP server.
Page 67
NO T I CE Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently. System - settings and basic router configuration | Page 67 of 324...
23.3.5 System > Settings > Device-API The mbNET can be used as an MQTT broker. Designation Description Enable MQTT access Checkbox zum Aktivieren/Deaktivieren dieser Funktion. to status topcis MQTT Password Mandatory field for entering a password. No default password is specified here. MQTT Username The default username "web"...
Page 69
After activating the "MQTT access to status topics" function, you can query the values from the "MQTT Debug List" under Status > System. System - settings and basic router configuration | Page 69 of 324...
23.3.6 System > Settings > System Service Designation Description Disable network config- Check box for enabling/disabling this function. uration (Conftool) NO T I C E The "Disable Network Configuration (Conftool)" function is only relevant if you operate the router on the portal mbCONNECT24.
23.4 System > WEB In the Web submenu you can configure the following functions: HTTPS device configuration access Function Description/content HTTPS Port Here you can • change the default port (443), through which the HTTPS server is accessed. ° Important! If you change the default ports, you must specify the new port in the browser's address bar (e.g.:192.168.0.100:84).
Page 72
System Services Function Description/content Enable access to This function is only relevant if you operate the router in the mbCONNECT24 portal Quickstart WITHOUT (Cloudserver). credentials You can find a description of this function in the mbCONNECT24 online help. Enable login via GET- Checkbox to activate / deactivate this function.
23.4.1 System > Web > HTTPS access for device configuration Designation Description HTTPS Port Here you can change the default port (443), through which the HTTPS server is ac- cessed. Important! If you change the default ports, you must specify the new port in the browser's address bar (e.g.:192.168.0.100:84).
23.4.2 System > Web > System Services System Services Function Description/content Enable access to This function is only relevant if you operate the router in the mbCONNECT24 portal Quickstart WITHOUT (Cloudserver). credentials You can find a description of this function in the mbCONNECT24 online help. Enable login via GET- Checkbox to activate / deactivate this function.
23.5 System > User Here you can manage the users who have access to the configuration interface of the mbNET. • By default, the user "admin", is created with all rights. • The user "admin" is associated with the device password. •...
23.5.1 Added/Edited User Designation Description User name Mandatory field for entering a user name (for example, User1) Full Name Mandatory field for entering a name (for example, Peter Schmidt) Check boxes to enable/disable the type of access by the user to the web interface of the Administration mbNET.
Page 77
Designation Description NO T I C E The password should consist of at least 8 characters, including uppercase letters, numbers and special characters (example: aZ?34%s8). Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close”...
23.6 System > Certificates The main component for VPN connections using IPSec or OpenVPN is the trust between two or more com- munication partners. An authenticity test is required for secure communications. This is done using PKI (public key infrastructure). Certificates will ensure that the "right"...
23.6.1 Own certificate Own certificates are used by the certificate holder. These are issued and signed by a higher authority (CA Root Certificate). In order for the mbNET to be able to use its own certificate at a remote terminal so as to show it there, the appropriate PKCS12 file (certificate including private key) must be selected, in order to import this.
Page 80
In the overview, you can see certificates imported thus far. Page 80 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
23.6.2 CA certificate (root certificate) A root certificate verifies that the remote site certificate is signed. Such a stem cell certificate must be imported, if under the VPN settings "by means of a certificate from the same CA" is selected as the authentication method. The entry from the root certificate will be used as a criterion to decide whether the certificate of the in-dialling device is valid.
Page 82
In the overview, you can see certificates imported thus far. Page 82 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
23.6.3 Partner certificate (IPSec) Partner certificates are certificates of the remote terminal. They are only required if the VPN settings "Authen- tication via partner certificate" have been selected. In this case, the criterion for deciding the validity of a certificate is that a copy of this partner certificate exists locally.
Page 84
In the overview, you can see certificates imported thus far. Page 84 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
23.6.4 CRL (revocation list) The recover/revocation list (Certificate Revocation List CRL, for short) checks whether the certificates of in- dialling computers are valid or not. The CRL contains the serial numbers of certificates that should be blocked. So if one wants to deprive people of permission to dial into the mbNET or the underlying PLC, it is only necessary to create a CRL.
Page 86
In the overview, you can see certificates imported thus far. Page 86 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
23.7 System > Memory devices The mbNET has • a USB port (USB Host 2.0) on the front of the device and • an SD card slot on the bottom of the device 23.7.1 USB You can connect a USB device (USB stick or USB hard drive) to the USB port on the Industrial router. The USB storage medium can be accessed via SFTP.
23.7.1.1 USB Settings Within USB Settings you can select USB Mode: • USB memory via SFTP • USB Transparent (USBOverIP) NO TI CE USB mode "USB Transparent (USBOverIP)" is only relevant/functional in conjunction with the mbCON- NECT24 Remote-Service-Portal and the Remote Client mbDIALUP . Related settings can only be made via mbCONNECT24 and mbDIALUP.
23.7.1.2 USB access from the network Designation Description Active Check box for enabling/disabling this function. If the checkbox is activated, a connected USB storage medium is integrated by the mbNET. SFTP User Input field for the SFTP user name SFTP password Input field for the SFTP password SFTP Password Input field for confirmation of the SFTP User Password.
23.7.1.3 USB devices You can connect a USB device (USB stick or USB hard drive) to the USB port on the Industrial router. The USB storage medium can be accessed via SFTP. A LED icon will display if a USB storage medium is connected to the mbNET or has been detected. USB Device connected Green LED symbol = USB storage medium available Gray LED symbol = No USB storage device connected...
23.7.2 SD-Card NO T I CE The "SD access from network" configuration menu is only available when using an mbEDGE card and after activating the card via the menu "IoT > Control > Docker - activate mbEDGE". Other SD cards are not recognized by the mbNET. An LED symbol indicates whether an SD card is inserted in the mbNET.
23.7.2.1 SD Access from network Designation Description Active Check box for enabling/disabling this function. If the checkbox is activated, a connected SD card is integrated by the mbNET. SFTP User Input field for the SFTP user name SFTP Password Input field for the SFTP password SFTP Password Input field for confirmation of the SFTP User Password.
Page 93
Click the Edit icon to edit the corresponding function. System - settings and basic router configuration | Page 93 of 324...
23.8.1 General Settings Designation Description Set debug output to syslog Check box for enabling/disabling this function. If this checkbox is enabled, debug information is output on the logging server. Log also to USB-Device Check box for enabling/disabling this function. If this checkbox is enabled, the logs are also stored on a USB device. Clicking on "Save”...
23.8.2 External logging (server settings) Designation Description Enable external Check box for enabling/disabling this function. logging server When this check box is selected, the system logging of the mbNET is out- sourced to an external computer. Remote IP Address Enter the IP address of the external logging server here. Remote Port Specifies the port number of the extrnal logging server.
23.9 System > Configuration (backup and restore) Here you can download a backup copy of the system configuration (Backup) and, if necessary, restore (Re- store). Click the Edit icon to edit the corresponding function. Page 96 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
23.10System > Firmware (Firmware update) Here you can check the actuality of the installed firmware version and if necessary upgrade to a higher version. Click the Edit icon to edit the corresponding function. System - settings and basic router configuration | Page 97 of 324...
Page 98
Firmware update Designation Description Upgrade Method Selection field with the following options: • Auto Update Server => this requires an internet connection to be established. • USB stick => this requires that a USB stick with the new firmware - in the root directory - is connected to mbNET.
automatic Firmware version check and update After activating this function, the actuality of the installed firmware is checked every 24 hours. If a newer version is available on the Autoupdate server, it will be automatically installed. NO T I CE An automatic update will only take place if "Autoupdate server"...
Page 100
Image 8: Example display, content can vary depending on the type of device. Under the Network menu the following submenus are listed: Submenu Description Here you can set the LAN IP address and the subnet mask of the router (mbNET). This IP address accesses the router in the LAN.
24.1 Network > LAN Here you can set the LAN IP address and the subnet mask of the router (mbNET). This IP address accesses the router in the LAN network. You can also specify / add network routes in CIDR format (x.x.x.0/24). 24.1.1 Interface Here you can set the LAN IP address and the subnet mask of the router (mbNET).
Page 102
Configuring the LAN Interface Here you can set the LAN IP address and the subnet mask of the router (mbNET). This IP address accesses the router in the LAN network. Designation Description LAN IP address Enter the IP address for accessing the router. Subnet mask Enter the subnet mask of the network that the router should be integrated into.
Page 103
Network participants Here you can monitor the Network participants. Designation Description Monitors network Selection box to participants • Disable • Passive Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. NO T I CE Temporary stored settings/changes are saved until a reboot of the router.
Page 104
Wake on LAN LAN participants can be entered here who receive a WoL packet either manually or daily via cron job. Click the plus icon , to add WoL participants.. Bezeichnung Beschreibung MAC address Enter the MAC address of the WOL addressee here. Trigger Here you specify how and/or when the WoL addressee should be woken up.
Page 105
Here you can send a WoL wake-up call manually edit an entry delete an entry add a new entry Network - connection settings and options | Page 105 of 324...
24.1.2 Routes If the local network has additional subnetworks, you can add additional network routes in CIDR format (x.x.x.0 / 24) here. Click the Add button to add a route. Add LAN route Designation Description IP address Enter an IP address with CIDR-Seffix (x.x.x.0 / 24). Gateway The gateway to be entered is usually the IP address of the router (mbNET).
Page 107
Edit / Delete LAN route After you confirm your entry by clicking on the "Save" button, your entries appear in the overview of the LAN- routes. Click the Edit icon , to edit the corresponding entry. Click the Delete icon , to delete the corresponding entry.
24.2 Network > WAN Using the mbNET's WAN interface, you can connect a local network to another local network or a public network, such as the Internet. The WAN interface can be configured depending on the application. Optionally, you can define / add network routes here in CIDR format (x.x.x.0/24). 24.2.1 Interface - set WAN interface type Here you can specify the type of interface and configure the interface.
Page 109
Configuring the WAN Interface When selecting interface type Static, you must configure the interface. Designation Description WAN IP address Enter the WAN IP address of the router (mbNET). NO T I C E The WAN IP address and the LAN IP address must be in different address ranges! Subnet mask Enter the subnet mask of the network that the router should be integrated into.
24.2.2 Routes If further sub-networks are connected to the locally connected network, you can define additional routes here. Here, you can specify network routes in CIDR format (x.x.x.0/24) or define routes to individual network users. Click the Add button to add a route. Click the Edit icon , to edit the corresponding route.
Page 111
Edit/Delete WAN route After you confirm your entry by clicking on the "Save" button, your entries appear in the overview of the WAN- routes. Click the Edit icon , to edit the corresponding entry. Click the Delete icon , to delete the corresponding entry. Clicking on "Save”...
24.3 Network > Modem The built-in mbNET modem (analogue or GSM) is provided for dial-up and/or Internet connections if no corre- sponding DSL or network connection is available. NO T I CE If the modem is used for an outgoing internet connection, no incoming connection can be made. 24.3.1 Analogue modem configuration Page 112 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
Page 113
Network - connection settings and options | Page 113 of 324...
24.3.1.1 Modem Settings Click the Edit icon to edit the corresponding function. Designation Description Modem init Input field for the country code, the default is +GCI=FD (FD for Europe) NO T I C E A list of country codes for devices with analogue modem can be found in the Appendix. Modem init The command X3 (do not wait for dial tone) is the default connection value.
Page 115
Network - connection settings and options | Page 115 of 324...
24.3.1.2 Outgoing (configuration for outgoing connections) Here, you configure the access data and the authentication for outgoing connections. Click the Edit icon to edit the corresponding function. Access data (selection of inputs) Page 116 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
Page 117
Designation Description Selection of in- Selection field no/yes puts Select Yes if you want to call several stations. Three more lines for entering the necessary access data will appear. Each of these ad- ditional lines is selected because of signals to digital inputs I2 to I4. Now enter the numbers and the user data for the PPP dial-up in the additional fields.
Page 118
Authentication Here you can select the authentication protocol for the dial-up connection and set the dial-up timeout. Designation Description Authentication us- Authentication protocol with your login data are transmitted in order to protect this da- ing CHAP ta (Challenge Handshake Authentication Protocol). CHAP is normally the procedure which is performed when logging on to the internet at the Internet Service Provider (ISP) via a modem.
24.3.1.3 Incoming Here you approve the access to the router (mbNET) by a client computer. Click the Edit icon to edit the corresponding function. Network - connection settings and options | Page 119 of 324...
Page 120
Designation Description Dialin enable Check box for enabling/disabling this function. If the checkbox is enabled, access to the router (mbNET) is approved by a client computer. PPP Server IP-Address Enter the address of the router (mbNET) here. (here) You can use the same network domain as the local network. However, you should avoid using an existing address, as this can lead to an address conflict.
Page 121
Network - connection settings and options | Page 121 of 324...
24.3.1.4 Call Back When this capability is activated, the mbNET is ready to connect to the Internet when a call is made. Click the Edit icon to edit the corresponding function. Designation Description Call Back enable Check box for enabling/disabling this function. When this checkbox is activated, the mbNET is ready to connect to the Internet when a call is made.
24.3.2.1 Modem Settings Here, you can perform the basic modem settings. Click the Edit icon to edit the corresponding function. NO T I CE For a GSM connection, none of the two initializations is necessary to guarantee error-free connection. Page 124 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
24.3.2.2 Outgoing SIM 1/SIM 2 (configuration for outgoing connections) Here you can configure the SIM settings, the access data and the authentication for outgoing connections. Click the Edit icon to edit the corresponding function. Network - connection settings and options | Page 125 of 324...
Page 126
SIM Settings Here you enter the SIM PIN of the respective SIM card and select your wireless service provider. Designation Description SIM PIN Enter your personal identification number (PIN) of the respective SIM card to provide access. You need a mobile phone to switch the PIN on or off. Provider Selection field with a list of the most common wireless service providers.
Page 127
Access data (selection of inputs) Designation Description Selection of in- Selection field no/yes puts Select Yes if you want to call several stations. Three more lines for entering the necessary access data will appear. Each of these ad- ditional lines is selected based on signals to digital inputs I2 to I4. Now enter the numbers and the user data for the PPP dial-up in the additional fields.
Page 128
Authentication Here you can select the authentication protocol for the dial-up connection and set the time limit for dial attempts. Designation Description Authentication via Authentication protocol with your login data transmitted in order to protect this da- CHAP ta (Challenge Handshake Authentication Protocol). CHAP is normally the procedure which is performed when logging on to the internet at the Internet Service Provider (ISP) via a modem.
24.3.2.3 General SIM Settings Here you can specify which SIM card or which of the two SIM card slots is to be used primarily. Click the Edit icon to edit the corresponding function. Designation Description Select Selection field for the SIM card slot, that should be addressed/ used first. Primary SIM Card Switch to the secondary Check box for enabling/disabling this function.
Page 130
Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. NO T I CE Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently. Page 130 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
Page 131
Network - connection settings and options | Page 131 of 324...
24.3.2.4 SMS (Remotely control services via SMS Send SMS if,...) Click the Edit icon to edit the corresponding function. Remotely control services via SMS Designation Description Enable Service Control Check box for enabling/disabling this function. via SMS Check the Phone Number Check box for enabling/disabling this function.
Page 133
Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. NO T I CE Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently. Command set for remote control of the mbNET via SMS Command Note...
Page 134
Send an SMS if... (the Internet connection was established) Designation Description Internet connection es- Check box for enabling/disabling this function. tablished When the function is enabled, the mbNET sends an SMS notification once the mbNET has established a connection to the Internet. Recipient phone number Recipient’s phone number to whom the notification should be sent.
Page 135
Network - connection settings and options | Page 135 of 324...
24.4 Network > Internet (Internet connection and Internet settings) 24.4.1 Configure Internet connectivity Click the Edit icon to edit the corresponding function. Page 136 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
Page 137
Failover Designation Description Failover "Yes / No" selection field to activate/deactivate this function. The reliability function allows switching between different Internet connections. If this function is enabled, the Internet interfaces in the desired priority can be entered ac- cording to the device type. Network - connection settings and options | Page 137 of 324...
Page 138
Internet connection - Failover = No - Click the Edit icon to edit the corresponding function. Image 9: The choice of available Internet interfaces depends on the device type and can vary. Designation Description Internet connection Here you select the Internet interface, with which the mbNET should connect to the Internet.
Page 139
Internet connection - Failover = Yes - (Failover of Internet interfaces) Click the Edit icon to edit the corresponding function. Image 10: The choice of available Internet interfaces depends on the device type and can vary. Designation Description The number of attempts Enter the number of connection attempts here.
Page 140
Designation Description Add Internet interface to 1. Here you can select an Internet interface/action from the selection field. priority list Click the green plus sign to add the selected interface/action to the pri- ority list. 3. Repeat this process as necessary until no interface/action is available. Internet Interface Priority The selected interfaces/actions are listed in order of priority here.
Page 141
Check the Internet connection (ping IP) Here you can also check the availability of the internet connection by pinging an IP address. You can enter up to three different IP addresses with different intervals. The entries are executed one after the other.
NO T I CE You can see the ping result on the quick start page under step 2. 24.4.2 Internet settings (Connection settings) Here you specify • when the mbNET should connect to the Internet. Click the Edit icon to edit the corresponding function. Connection settings •...
Page 143
Designation Description Connection Mode Selection field for the type of connection when the mbNET should connect to the Internet – Key switch(ONL) When the key switch is in the ONL position, an internet connection is estab- lished as soon as the device is ready for operation, after being switched on or after a device restart.
Page 144
Page 144 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
24.5 Network > DHCP The mbNET can be configured as a DHCP server on the LAN or WAN network. If this service is active, the router will assign IP addresses to clients from the network independently. In addition, you can configure the service for the LAN and/or WAN interface. For example, you can supply several devices with it.
24.5.1 LAN DHCP server settings Designation Description DHCP Server active Check box for enabling/disabling this function. By enabling the function the mbNET can be set up as a DHCP server to the cor- responding interface. Start Enter the start address of the address range managed by the DHCP server. End address of the range managed by the DHCP server.
24.5.2 LAN DHCP static lease server settings Here you can create fixed mappings between IP addresses and MAC addresses. i.e. a device with a specific MAC address always receives the same IP address. Click on the green plus , in order to create and add an assignment. Designation Description MAC address...
24.6 Network > DNS-Server Using DNS, IP addresses are converted into names. At the factory, the mbNET is configured in such a way that the DNS server is assigned by the Internet service provider (IPS). For permanent connection of the industrial router, a dedicated DNS server can be added here. This is then used before the server assigned by the internet service provider.
Page 149
Add server Designation Description DNS Server IP Address Enter the IP address of your DNS server. Confirm your entries by clicking on the Save button and repeat the process for further DNS server entries. NO T I C E A total of up to five DNS servers can be entered. Network - connection settings and options | Page 149 of 324...
Page 150
Settings Here, you specify the basic settings for the DNS server. Click the Edit icon to edit the corresponding function. Page 150 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
Page 151
Designation Description No Hosts Check box for enabling/disabling this function. If this checkbox is activated, the computer names entered under network hosts are not taken into account. Strict arrangement Check box for enabling/disabling this function. If this checkbox is activated, the sequence of the entries is exactly as described un- der "Server".
24.7 Network Hosts This setting allows you to always assign a specific name to exactly one IP address. DNS queries can therefore be answered directly. Click on the green plus to add an assignment. Host Settings This setting allows you to always assign a specific name to exactly one IP address. DNS queries can therefore be answered directly.
Page 153
Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. NO T I CE Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently. Image 13: Example entries in the Host Settings Click the Edit icon , to edit the corresponding entry.
The DynDNS service means that the mbNET is always available under the same name. It is used for converting addresses into names and vice versa. 24.8.1 System DynDNS settings (MB Connect Line DynDNS service) By enabling the function "Enable System Dynamic DNS", you use the automatic DynDNS service of MB connect line.
24.8.2 Public DynDNS service In order to be able to use a public DynDNS service, you must register/have registered for one of the services that are supported by the mbNET. Registration is normally free. Click the Edit icon to edit the corresponding function. Network - connection settings and options | Page 155 of 324...
Page 156
Designation Description Active Enable this checkbox if you are registered with a DynDNS service, from the selection list from the drop down list in the provider field and the mbNET should use this service. The mbNET reports the next time it dials into the Internet the current IP address that it has received from the Internet service provider to the DynDNS service.
Serial (serial port COM) General If the IP address of the mbNET is known, the serial interface of the device can be accessed via a dial-up connection or via the Internet. The COM serial port can be configured directly via the web interface to RS232, RS485 and RS422 and the corresponding control commands redirected, e.g.
25.1 COM settings Driver type: System driver Designation Description Interface type Use this selection field to set the interface type. The options are: RS232, RS485 2-wire, RS485 4-wire, RS422 Driver type When choosing a System Driver, a range of product- and company-specific device drivers are available to control your serial devices.
Page 160
Driver type: User settings Designation Description Interface Type Use this selection field to set the interface type. The options are: RS232, RS485 2-wire, RS485 4-wire, RS422 Driver Type Select the driver type User Preferences, if no matching driver is available in the drop-down list or if you want to make your own settings.
25.2 COM network settings Designation Description Protocol Select the appropriate driver for your connected devices. Port Enter the port for the network or Internet communications. The port can be chosen freely, but it must match the settings in the VCOMLAN2. Enable ports in The checkbox must be enabled so that you can communicate via the specified port.
• VCOM LAN2 (PC adapter in the SIMATIC Manager) • RFC1006 • mbNETS7 driver (installable directly in the SIMATIC Manager) 25.3.1 COM2 Settings Protocol: MPI/PROFIBUS Network Driver NO T I CE The Protocol Choice MPI/PROFIBUS network driver requires the installation of a network driver on the client PC beforehand! Only in conjunction with the option RFC1006 can a separate driver installation be dispensed with and the "TCP/IP (Auto)"...
Page 163
Designation Description Station address of If routing function is enabled via RFC1006, you must enter the address of the rout- the Routing Gateway ing gateway here. (Address 14 in the example below). NO T I CE If a bus participants (slave) is to be accessed on a subordinate station that is not directly connected to the network, the station address of the PLC must be registered as a routing gateway in the router with the gateway (master).
25.3.2 COM2 Network settings Designation Description Protocol Select the appropriate driver for your connected devices. Port Enter the port via which the communication should take place here. Enable ports in If this checkbox is enabled, the port indicated above is enabled for direct access from the firewall the Internet in the firewall.
Security settings The mbNET has a built-in firewall to protect against strange or/and unauthorized access/connection attempts. Incoming and outgoing data traffic is monitored, logged and enabled/disabled via this firewall. The following submenus are listed under the Security settings menu: Submenu Description Firewall General Here you can specify the basic firewall settings.
26.1 Security Settings > Firewall General The firewall can generally be configured in one of the following four variants: • Maximum security level all incoming packets (data from the Internet) will be rejected all outgoing packets from the LAN (data) will be rejected except: DNS, FTP, IMAP, POP3, SMTP, HTTP, HTTPS, Telnet, NTP Enable signals for the data traffic must be configured accordingly.
Page 167
NO TI CE The "Minimum security level" and "Firewall off" variants should only be selected for a short period of time and for test purposes or at initial start-up, if you want to ensure that a configured rule should not apply. ATTENTION! Any data traffic from inside to outside and external access are possible! The integrity of your mbNET and the connected devices is threatened when you select one of these two variants! Click the Edit icon...
26.2 Security Settings > WAN LAN (configuration of the firewall rules) This setting controls the incoming traffic, i.e. the following settings only apply to incoming traffic from the outside. From the point of view of the mbNET Firewall is "WAN" always the currently active interface to the Internet. Depending on the setting under "Network >...
Page 169
Designation Description Active Checkbox for enabling/disabling this firewall rule. Action Selection field for the applicable action. The options are: • Drop When you select this action, no data packets can pass and the pack- ets will be deleted immediately. The sender receives no information about the whereabouts of the data packets.
Page 170
Designation Description WAN Interfaces You can use this selection field to determine which WAN interface* should normally be used. The options are: • Internet • WAN Ethernet • OpenVPN • IPsecVPN • PPTPVPN • All * The selection field for the WAN interface can vary depending on the type of router. Source IP Enter the source IP addresses of incoming data packets for which the firewall rule ap- plies.
Page 171
NO T I CE The input of IP and port is not mandatory. If neither an IP nor a port is specified, a rule applies only to the selected interfaces. Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close”...
26.2.1 Edit firewall rule Change the entered rule order Click on the Edit icon in the header of the overview to change the sequence of the entered change rules. Here you can move up and down (drag and drop) to change the sequence of the firewall rules. Change/delete firewall rule Page 172 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
Page 173
Click on the Edit icon at the end of the line of the registered rule to edit it. Click the Delete icon , to delete the corresponding entry. Security settings | Page 173 of 324...
26.3 Security Settings > LAN-WAN (configuration of the firewall rules) This setting controls the outgoing traffic, i.e. the following settings only apply to outgoing traffic. From the point of view of the mbNET Firewall is "WAN" always the currently active interface to the Internet. Click on the green plus , to add a rule.
Page 175
Designation Description Active Checkbox for enabling/disabling this firewall rule. Action Selection field for the applicable action. The options are: • Drop When you select this action, no data packets can pass and the pack- ets will be deleted immediately. The sender receives no information about the whereabouts of the data packets.
Page 176
Designation Description Destination Port Enter the ports to which the data packets are to be forwarded. Acceptable input: Integer or List of ports (between 0 and 65535) separated with com- mas or Port range [e.g. 32240-32245] or empty NO T I CE Ranges must be separated by a hyphen (-) and enumerated by comma (,).
26.3.1 Edit firewall rule Change the entered rule order Click on the Edit icon in the header of the overview to change the sequence of the entered change rules. Here you can move up and down (drag and drop) to change the sequence of the firewall rules. Security settings | Page 177 of 324...
Page 178
Change/delete firewall rule Click on the Edit icon at the end of the line of the registered rule to edit it. Click the Delete icon , to delete the corresponding entry. Page 178 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
26.4 Security Settings > Forwarding Forwarding is used to forward requests from specific IP addresses and ports to IP addresses and ports defined in turn. Click on the green plus , to add a rule. Designation Description Active Check box for enabling/disabling this function. Origin IP Here you can enter the IP addresses from which data packets are received.
Page 180
Designation Description Protocol The following protocols are available: • All - the set rule applies to all protocols. • Tcp - the set rule applies only to the TCP protocol. • Udp - the set rule applies only to the UDP protocol. •...
Page 181
Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. NO T I CE Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently. Image 17: Forwarding Entry Example Security settings | Page 181 of 324...
26.4.1 Edit Forwarding Rule Change the entered rule order Click on the Edit icon in the header of the overview to change the sequence of the entered change rules. Here you can move up and down (drag and drop) to change the sequence of the firewall rules. Change/delete firewall rule Page 182 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
Page 183
Click on the Edit icon at the end of the line of the registered rule to edit it. Click the Delete icon , to delete the corresponding entry. Security settings | Page 183 of 324...
26.5 Security settings > NAT 26.5.1 SimpleNAT "SimpleNAT” allows you to grant access to an IP address from the LAN Network 1:1 in the WAN Ethernet network. To do this, a free WAN Ethernet address from the WAN network is registered as WAN IP. This IP address is then added to the WAN interface and directly “natted”...
Image 18: Example entry 26.5.1.1 Edit SimpleNAT Rule Change the entered rule order Click on the Edit icon in the header of the overview to change the sequence of the entered change rules. Here you can move up and down (drag and drop) to change the sequence of the entered rules. Security settings | Page 185 of 324...
Page 186
Change/delete SimpleNAT Rule Click on the Edit icon at the end of the line of the registered rule to edit it. Click the Delete icon , to delete the corresponding entry. Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close”...
26.5.2 1:1 NAT Using "1:1 NAT" it is possible to connect two networks that are in the same address range with each other. For example, if a network with the address 192.168.0.0/24 is to be connected to a network with the same address, this is only possible if one of the two networks is assigned a different address.
Image 19: Example entry 26.5.2.1 Edit 1:1 NAT rule Change the entered rule order Click on the Edit icon in the header of the overview to change the sequence of the entered change rules. Page 188 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
Page 189
Here you can move up and down (drag and drop) to change the sequence of the entered rules. Change/delete 1:1 NAT rule Click on the Edit icon at the end of the line of the registered rule to edit it. Click the Delete icon , to delete the corresponding entry.
Here you can configure the communication via a VPN tunnel. You can choose from the following protocols: IPSec | PPTP | OpenVPN 27.1 IPSec NO T I CE As a rule, to enable communication via a VPN tunnel with IPSec, you need to enable the 500 UDP and 4500 UDP ports for your network.
27.1.2 IPSec settings Click the Edit icon to edit the corresponding function. VPN | Page 191 of 324...
Page 192
L2TP server -configuration You can use the L2TP server for VPN-IPSec communication between the mbNET and a Windows client. Designation Description Local IP address Enter the name or IP address that the server should have while communicating with the Windows Client (example: 192.168.0.103). You can also use an address from the IP range of the LAN interface.
Page 193
IPsec Debug settings klipsdebug One of the following debug information can be selected using the klipsdibug selection field: • no debug • Tunnel - Messages of the tunnel code. • Tunnel-xmit - Messages of the packets sent in the tunnel. •...
Page 194
• lifecycle - temporary option, records the lifespan of the Security Associations (SA). • parsing - shows the structure of the incoming messages (useful for troubleshooting). • private - also logs the private keys in the log. • raw - shows all transmitted bytes (raw bytes). Page 194 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
27.2 PPTP 27.2.1 PPTP configuration Click the Edit icon to edit the corresponding function. VPN | Page 195 of 324...
Page 196
PPTP Server configuration Designation Description Active Check box for enabling/disabling this function. automatic configu- "Yes / No" selection field to activate/deactivate this function. ration If this option is set to "YES", the PPTP server is configured automatically. (Suitable addresses for the remote PCs are used in a similar way to the LAN address of the router).
Page 197
Encryption configuration Designation Description Encryption Selection field for the type of encryption: • None • MPPEV2/40 • MPPEV2/128 • MPPEV2/all NO T I C E IMPORTANT: You should always enable encryption of your VPN connections, otherwise unauthorized access to networks, machines, etc. is possible! VPN | Page 197 of 324...
Page 198
Authentication configuration You can use the following checkboxes to select the authentication protocols (PAP,CHAP,MSCHAP,MSCHAP V2). Designation Description Authentication via Here the Client User Name/Password combination is sent to the host for the neces- sary time to accept or reject the client authentication. Authentication us- Here, the authentication is controlled by the host.
27.2.2 PPTP client configuration Click on the green plus to add a client. VPN | Page 199 of 324...
Page 200
Designation Description Active Check box for enabling/disabling this function. Enable this feature if you want to use as the mbNET as a VPN client. Name Enter a name for the client here. Host name or IP Enter the name or IP address used by the client to access the server. Example 123456789@mbNET.mymbnet.biz or 80.187.33.55 Local IP Option input field...
Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. NO T I CE Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently. 27.3 OpenVPN OpenVPN Basics •...
27.3.1 Configure OpenVPN connections Click on the green plus to add a connection. To establish a VPN connection, follow the Configuration Wizard. 27.3.1.1 Connection type: Client router connection Select the connection type if you want to connect one single PC to the router (mbNET). NO T I CE Only one "client to network"...
Page 203
1 Connection settings Designation Description Active Check box for enabling/disabling this function. Connection Name In the text box, enter a name for the connection. Connection Type Selection field for the connection type • Router - Router connection select this connection type to connect two complete networks together. •...
Page 204
2 Network settings Designation Description Local IP Address of Enter the IP address of the local VPN tunnel endpoint. e.g. 10.1.0.5 the VPN tunnel Partner IP address of Enter the IP address of the partner VPN tunnel endpoint. e.g. 10.1.0.6 the VPN tunnel Replace the sender IP Check box for enabling/disabling this function.
Page 205
3 Authentication (Authentication process = no authentication) NO T I CE Select this method only to test the connection, as all the data is transmitted in clear text! Always enable encryption of your VPN connections, otherwise unauthorized access to networks, machines, etc.
Page 206
(Authentication process = static key) NO T I CE For symmetric encryption with a static key, you first need to generate a key (VPN OpenVPN static key) or import a previously created one. Note, however, that each participant needs to receive the key in a secure manner.
Page 207
(Authentication process = x.509) NO T I CE For this authentication method, you must first create/import your certificates (see: System > Certificates) Designation Description Authentication Selection field for the authentication process process • no authentication • Static key • x.509 CA certificate Selection field with all certificates imported to date.
Page 208
Designation Description Use only CA and Check box for enabling/disabling this function. User/password for In this case only the CA certificate and the user login are used for authentication. client verification NO T I C E Note that you still need to have your own certificate and it must be selected! Click the "Next"...
Page 209
Protocol Protocol Designation Description Coding algorithm Selection field for the method used by the mbNET to encrypt OpenVPN data: - DES with CBC (64 bit) - RC2 with CBC (128 bit) - DES-EDE with CBC (128 bit) - DES-EDE3 with CBC (192 bit) - DESX with CBC (192 bit) - Blowfish with CBC (128 bit) - RC2 with CBC (40 bit)
Page 210
Miscellaneous Miscellaneous Designation Description Bind the local IP- Check box for enabling/disabling this function. address and port This corresponds to the "bind" setting of OpenVPN. OpenVPN cannot dynamically change the ports during the connection. Allow the peer to Check box for enabling/disabling this function. change the IP-ad- This corresponds to the OpenVPN setting "float"...
Page 211
Miscellaneous Designation Description Fragment the All UDP packets that are larger than ... [bytes] are divided into several packages UDP packets in... (fragment). [bytes] This corresponds to the setting "fragment". The default setting is that the packages are not split (" "). Regenerate a new Renew the security key after ...
Page 212
Miscellaneous Miscellaneous Designation Description Enable connection Check box for enabling/disabling this function. through a HTTP If this function is activated, the outgoing connection attempts to pass through a proxy proxy server. The following fields must be completed for this purpose. HTTP proxy name Input field for the DNS names or the IP address of your proxy server.
Page 213
Click on "Save", after completing all settings. Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. N O T I C E Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently.
27.3.1.2 Connection type: Router-router connection - server mode Select this connection type to connect two complete networks together. Here you can create a "network to network" connection. Depending on the authentication method, the dialing party receives an IP from a defined area or each participant specifies his required address. Example: mbNET Client mbNET Server...
Page 215
1 Connection settings Designation Description Active Check box for enabling/disabling this function. Connection name In the text box, enter a name for the connection. Connection type Selection field for the connection type • Router - Router connection • Client router connection Link connection Selection field for when or under which conditions the connection should be started.
Page 216
2 Network settings Designation Description Local IP Address of Enter the IP address of the local VPN tunnel endpoint. e.g. 10.1.0.5 the VPN endpoint Peer IP Address of the Enter the IP address of the partner VPN tunnel endpoint. e.g. 10.1.0.6 VPN endpoint Local network Enter your own network address in CIDR notation (as standard for the router:...
Page 217
3 Authentication (Authentication process = no authentication) NO T I CE Select this method only to test the connection, as all the data is transmitted in clear text! Always enable encryption of your VPN connections, otherwise unauthorized access to networks, machines, etc.
Page 218
(Authentication process = static key) NO T I CE For symmetric encryption with a static key, you first need to generate a key (VPN OpenVPN static key) or import a previously created one. Note, however, that each participant needs to receive the key in a secure manner.
Page 219
(Authentication process = x.509) NO T I CE For this authentication method, you must first create/import your certificates (see: System > Certificates) Designation Description Authentication Selection field for the authentication process process • no authentication • Static key • x.509 CA certificate Selection field with all certificates imported to date.
Page 220
Designation Description Use only CA and Check box for enabling/disabling this function. User/password for In this case only the CA certificate and the user login are used for authentication. client verification NO T I C E Note that you still need to have your own certificate and it must be selected! Click the "Next"...
Page 221
Protocol Protocol Designation Description Coding algorithm Selection field for the method used by the mbNET to encrypt OpenVPN data: - DES with CBC (64 bit) - RC2 with CBC (128 bit) - DES-EDE with CBC (128 bit) - DES-EDE3 with CBC (192 bit) - DESX with CBC (192 bit) - Blowfish with CBC (128 bit) - RC2 with CBC (40 bit)
Page 222
Miscellaneous Miscellaneous Designation Description Bind the local IP- Check box for enabling/disabling this function. address and port This corresponds to the "bind" setting of OpenVPN. OpenVPN cannot dynamically change the ports during the connection. Allow the peer to Check box for enabling/disabling this function. change the IP-ad- This corresponds to the OpenVPN setting "float"...
Page 223
Miscellaneous Designation Description Fragment the All UDP packets that are larger than ... [bytes] are divided into several packages UDP packets in... (fragment). [bytes] This corresponds to the setting "fragment". The default setting is that the packages are not split (" "). Regenerate a new Renew the security key after ...
Page 224
Miscellaneous Miscellaneous Designation Description Enable connection Check box for enabling/disabling this function. through a HTTP If this function is activated, the outgoing connection attempts to pass through a proxy proxy server. The following fields must be completed for this purpose. HTTP proxy name Input field for the DNS names or the IP address of your proxy server.
Page 225
Click on "Save", after completing all settings. Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. N O T I C E Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently.
27.3.1.3 Connection type: Router-router connection - client mode With the "router-router connection" you create a "network to network" connection. Depending on the authentication method, the dialing party receives an IP from a defined area or each participant specifies his required address. Example: mbNET Client mbNET Server...
Page 227
Designation Description Active Check box for enabling/disabling this function. Connection name In the text box, enter a name for the connection. Connection type Selection field for the connection type • Router - Router connection • Client router connection Link connection Selection field for when or under which conditions the connection should be started.
Page 228
2-level security You use the control mechanism of the 2-level access control to control or regulate remote access to a device and the components connected to it. NO T I CE To prevent remote access locally is a recommendation from cybersecurity authorities such as the German BSI, the French ANSSI or the European ENISA.
Page 229
2 Network settings Designation Description Local IP Address of Enter the IP address of the local VPN tunnel endpoint. e.g. 10.1.0.5. the VPN tunnel Peer IP Address of the Enter the IP address of the partner VPN tunnel endpoint. e.g. 10.1.0.6. VPN tunnel Local network Enter your own network address in CIDR notation (as standard for the router:...
Page 230
3 Authentication (Authentication method = no authentication) NO T I CE This type should only be selected to test the connection, as all the data is transmitted in clear text! Always enable encryption of your VPN connections, otherwise unauthorized access to networks, machines, etc.
Page 231
(Authentication procedure = static key) NO T I CE For symmetric encryption with a static key, you first need to generate a key (VPN OpenVPN static key) or import a previously created one. Note, however, that each participant needs to receive the key in a secure manner.
Page 232
(Authentication procedure = X.509 - client mode) If one of the following options was selected for "Link connection", this mbNET is in client mode and is referred to as "Client". - Connection immediately - Start with an active internet connection - Connect when input 1 has High-signal - Connect when input 2 has High-signal - Connect when input 3 has High-signal...
Page 234
Designation Description Authentication Selection field for the authentication procedure procedure • no authentication • Static key • X.509 If you do not have any certificates, then you first need to create your own certifi- cates using the XCA program. ° CA certificate: This shows the selected root cell certificate.
Page 235
4 Protocol settings Network Interface Networkadapter Interface Designation Description Interface Type Selection field for the virtual kernel driver: - TUN - TAP VPN | Page 235 of 324...
Page 236
Protocol Protocol Designation Description Coding algorithm Selection field for the method used by the mbNET to encrypt OpenVPN data: - DES with CBC (64 bit) - RC2 with CBC (128 bit) - DES-EDE with CBC (128 bit) - DES-EDE3 with CBC (192 bit) - DESX with CBC (192 bit) - Blowfish with CBC (128 bit) - RC2 with CBC (40 bit)
Page 237
Miscellaneous Miscellaneous Designation Description Bind the local IP- Check box for enabling/disabling this function. address and port This corresponds to the "bind" setting of OpenVPN. OpenVPN cannot dynamically change the ports during the connection. Allow the peer to Check box for enabling/disabling this function. change the IP-ad- This corresponds to the OpenVPN setting "float"...
Page 238
Miscellaneous Designation Description Fragment the All UDP packets that are larger than ... [bytes] are divided into several packages UDP packets in... (fragment). [bytes] This corresponds to the setting "fragment". The default setting is that the packages are not split (" "). Regenerate a new Renew the security key after ...
Page 239
Miscellaneous Miscellaneous Designation Description Enable connection Check box for enabling/disabling this function. through a HTTP If this function is activated, the outgoing connection attempts to pass through a proxy proxy server. The following fields must be completed for this purpose. HTTP proxy name Input field for the DNS names or the IP address of your proxy server.
Page 240
Click on "Save", after completing all settings. Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. N O T I C E Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently.
27.4 Static key (key management) Here you can import or even generate static keys. All keys contained can be downloaded as a copy under "Download". Click on the green plus to add a key. Generate static key Name Enter a name for the key here Generate To generate the key, click the "Generate"...
Page 242
To download a key, click on the Download button To delete a key, click on the Delete button Page 242 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
IO-Manager The I / O Manager integrated in the router fulfills the following tasks: • Display of PLC variables • Read PLC variables and, within a preset interval, save them on a USB stick (logging). • Store the logged archives (GZIP) on an external FTP server. The following variable types can currently be read from an S7 controller via RFC1006: •...
Page 244
NO T I CE If communication is to take place via the MPI / PROFIBUS interface, the RFC1006 protocol must be activated in the settings for COM2 (Serial> COM2> COM2 Settings). Page 244 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
28.1 Configuring the PLC connection Click the Add button to add a PLC connection.. Designation Description Active Checkbox to enable / disable this connection. Driver Selected driver (only S7 ISOTCP is available here). Name Enter a unique name for this connection. This field can not contain any spaces or special characters.
Page 246
Designation Description SPS slot address • For MPI/PROFIBUS communication, the PLC slot address is the same as the bus address. • For Ethernet communication, this is the slot space of the PLC on the rack (usually 2). 3. Click on Save to accept the input / changes. To add a PLC connection, click the add button To edit a PLC connection, click on the edit button To delete a PLC connection, click the delete button...
28.2 Logging - configuration Click on the respective edit button to configure the logging settings and the settings for the FTP upload. NO T I CE The logging settings apply to all PLC connections. For logging, it is necessary that a storage medium (USB stick) is connected to the USB socket of the mbNET. Settings Logging IO-Manager | Page 247 of 324...
Page 248
Designation Description Interval [s] Enter here the interval (in seconds) after which the tags are to be written to the stor- age medium. Maximum time until After this period of time (in hours), the log file is archived and a new log file is started. archiving the log file Settings FTP upload The logged tags can additionally be archived on an FTP server.
28.3 Create tags NO T I CE Before you can create one or more tags, a PLC connection must be created. To create a tag, click on the add button IO-Manager | Page 249 of 324...
Page 250
Designation Description Active Checkbox for activating / deactivating the created datapoint. Server Selection box with all previously created PLC connections. Address Enter the tag address for this PLC connection here. For the address syntax of the dri- ver, see table below. Display format Selection box for the desired display format (BIN, DEZ, HEX, FLOAT).
28.4 Status Here, the status of each tag is displayed for all created PLC connections. Designation Description Description Display of the description given under "Tags". Address The address of a tag Value Displays the tag value in the display format chosen when the tag was created (BIN, DEZ, HEX, FLOAT).
Alarm Management The mbNET Alarm Management provides the following functions: • Status query (1/0) of the four digital inputs (I1 - I4) with subsequent action: ° Send an Email ° Perform a device Restart ° Send an SMS ° Send an Internet-SMS •...
29.1 Digital inputs - Configuration NO T I CE The configuration of input 1 is representative for inputs 2, 3, 4. Input 1 settings displays the settings of the selected input. Current status displays the current status (1 or 0) of the individual inputs, as well as an LED symbol for the Dial-out button.
Page 255
Designation Description Active Check box for enabling/disabling this function. When this feature is enabled, the input is activated ("armed"). Query on Selection field "Low (0)/High (1)/No" to query the status of the relevant input. status Campaign Selection field for the action to be performed when the selected status of the relevant input occurs: •...
29.2 Multiplex Inputs An action specification (number) can be determined by the user via the inputs (2 - 4). I.e. one input is STROBE, one input is CYCLE_x1 and one is CYCLE_1x. The pulse at PULSE_x1 (one digit) and PULSE_1x (tens digit) can be counted with a rising edge at STROBE.
Page 257
To be able to use and configure Multiplex inputs, you must activate this function using the "Enable" checkbox. Input 2 is used for the STROBE signal, input 3 for the pulse of the unit position and input 4 for the decadic position.
Page 258
Multiplex Inputs Number Choose a Multiplex Input between 01 and 99 Action Select an action for the input • Send E-Mail • System Reboot • SMS • Internet SMS Text Enter the text for the alarm message here. N O T I CE When sending an alarm text message, observe the maximum number of characters (160).
Page 259
Image 21: Example overview of 2 defined multiplex inputs Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. N O T I C E Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently.
29.3 Digital outputs - Configuration NO T I CE The configuration of output 1 is representative for output 2. The settings of the selected output are under Output 1 settings. By clicking on the button “Switch output", the status of the selected output mode is switched (from 0 to 1 or from 1 to 0).
Page 261
Designation Description Function Selection field for the condition for switching the selected output: • Off Select these settings, if the selected output should not be switched. • On by malfunction Select this setting in the event of a device fault if the selected output should be set to signal level 1.
Extras Image 22: The display can vary depending on the device type. You will find the following submenus in the Extras menu: • Lua • IoT • RoKEY 30.1 LUA LUA (programming language) Via Extras > LUA LUA scripts can be imported and run. Page 262 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
Page 263
LUA Controller Use the LUA Control • to enable LUA • import LUA scripts • see whether LUA is currently running (LUA running) grey LED symbol = LUA is not running green LED symbol LUA running Click the Edit icon to edit the corresponding function.
Page 264
Designation Description Active Check box for enabling/disabling this function. If this checkbox is activated, the LUA script runs after each router reboot. Import Choose a LUA-script via the file browser (* .lua) and confirm the action by clicking on the "Import" button. NO T I C E There can only be uploaded and executed one LUA script at a time.
Page 265
LUA output All readouts of the script are displayed here. For example, readouts with "print". LUA logging All error messages are shown here. Extras | Page 265 of 324...
30.2 IoT > Control (mbEDGE) In the submenu IoT you configure and manage the mbEDGE functionality. NO T I CE mbEDGE is a software kit that extends the router mbNET and mbNET.rokey to an edge gateway. The basis for this is the container platform Docker, in which several user applications are executed separately. With Node-RED there is a graphic development tool with whose function blocks the user can create individual IOT applications.
Page 267
1. Click the edit icon to enable the Docker service. 2. Enable the Docker settings. Click on "Save" to save the change. Confirm the activation by clicking on "Apply changes". NO T I CE The mbEDGE service is now started. This may take a few minutes at the first activation. In the now expanded menu, you can activate additional services and make settings.
Page 268
Page 268 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
30.2.2 IoT > Control - after activating mbEDGE After activating mbEDGE, you will see the full scope of the IoT menu with all submenus. Extras | Page 269 of 324...
Page 270
Information • Serial number of the mbEDGE card • License Type Here you can see the license type of your mbEDGE card: mbEDGE.start or mbEDGE.advanced. Docker • Service Activate your mbEDGE license here. • Daemon LED symbol indicates whether the Docker daemon is active (green symbol). Docker Management •...
30.2.3 IoT > Control - activate Docker Management NO T I CE You can only activate Docker Management if you have activated "Docker Management Admin" under System > Users. NO T I CE Activate Docker Management only if you have purchased an mbEDGE.advance license. 1.
30.2.3.1 Link to User Interface Click on the "Management" button to get to the container management. A new browser window, with a login, will open. The access data for this are: a. User name and password for the user you created in the user management for accessing Node-Red b.
30.2.4 Flows and Dashboard 30.2.4.1 Activate flows and dashboard 1. Click on the edit icon to activate the Flows and Dashboard Service. 2. Activate the flows and dashboard settings. Click on "Save" to save the change. Confirm the activation by clicking on "Apply changes". After activation, the links to "Flows(Node-Red)"...
30.2.4.1.1 Link to Flows (Node-RED) By clicking on the "Flows" button you will be redirected to Node-Red-Flows. A new browser window, with a login, will open. The access data for this are: a. User name and password for the user you created in the user management for accessing Node-Red b.
30.2.4.1.2 Link to Dashboard (Node-RED) By clicking on the "Dashboard" button you will be redirected to Node-Red-Flows. A new browser window, with a login, will open. The access data for this are: a. User name and password for the user you created in the user management for accessing Node-Red b.
30.2.5 Backup and Delete flows Here you can save and / or delete the flows you have created. Saved flows can be read in again via Node-Red. 1. Click the edit icon. 2. Choose an option (Download or Delete) Page 276 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
30.3 Network • Docker Interface Adjust the IP address of the Docker Daemon (runtimer for the IoT services and Nod-Red) if an address conflict with other network settings exists / is to be expected. The default setting is 172.16.0.1/24 Extras | Page 277 of 324...
Page 278
• Firewall Settings for Node-Red Here, you add firewall rules to open ports for Node-RED. By default, a network socket node in Node-RED has access only from the inside out. Therefore, any "listener socket" created in Node- RED is not accessible via LAN / WAN. For example, an OPC UA server can not be reached via LAN / WAN.
30.4 Key Management Only the mbNET with which an mbEDGE card is paired can open the encrypted container. So that you can access your data at any time - even if the mbNET is no longer available - a Backup-Key is required. If the mbNET is no longer reachable before you have generated the Backup-Key (eg in the event of total failure due to damage), there is no way to access the card.
30.4.1 Create Backup-Key 1. Click on the edit icon in Settings. 2. Fill in the input fields under Key Settings. ° The Backup-Key must consist of at least 8 characters. ° You can find the License Code on the back of the mbEDGE packaging. 3.
After you have saved your entries, you can change or delete the backup key at any time. To do this, click on the edit icon. 30.5 Firmware Under "Current Firmware Version" you can see • the current firmware versions of °...
Page 282
Requirement: The mbNET must be connected to the Internet. 1. Click the "Upgrade" button to upgrade the firmware versions. Page 282 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
30.6 RoKEY Key Switch position Here, the current position of the mbNET.rokey key switch is displayed. Switch position Function RST Loading the factory settings OFF It is not possible to establish a VPN connection. Modem devices can not connect to the Internet.
Page 284
Page 284 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
Status (information and analysis) When errors/faults occur, these can be analysed on the basis of specific status information. Thus, for example, when the LED Stat (Status) is flashing, this indicates that a system error has occurred on the mbNET. For this purpose, e.g.
Page 286
Designation Description MAC address IP address Display of the settings on the WAN connection (external connection) of the mbNET. Subnet mask As soon as the mbNET has a physical connection to the network, or the mbNET is assigned a static IP address, the IP address is displayed. DNS Server 1 Gateway Bytes Received...
Page 287
LAN interfaces Designation Description MAC address Display of the settings on the LAN connection (local connection) of the mbNET. The IP address is then displayed if the mbNET has a physical connection. IP address Subnet mask Bytes Received Display the volume of data in received and sent data packets. Sent Bytes Status (information and analysis) | Page 287 of 324...
31.2 Status > Network 31.2.1 General Physical connections: Ethernet connections Displays the physical connections used to connect the router to other computers. Route table Displays all routes used. Router monitored ports Displays all monitored ports. Router connections: Connections to the router Displays all IP addresses of ports, such as of computers that are connected to the router.
31.2.2 Firewall IN/OUT/FORWARD Displays incoming and outgoing data traffic as well as forwarding. Displays natted data traffic. 31.2.3 Network participants Status (information and analysis) | Page 289 of 324...
Page 290
The LAN network participants that have been recognized via ARP reconnaissance are listed here. Page 290 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
31.3 Status > Modem 31.3.1 GSM information Manual control of the GSM modem Reboot Here you can click on the "Execute" button to restart the GSM modem. Information Status (information and analysis) | Page 291 of 324...
Page 292
Designation Description Signal Quality Signal strength display (in %) GSM Service Display of the transfer procedure, depending on the type of modem, signal strength etc. SIM card slot Display of the active SIM card slot SIM status Status of detected SIM Card Provider Displays the wireless service provider Mobile number...
Received Bytes time. Modem command NO T I C E Use this function only as instructed by the MB connect line support staff! Modem Command Enter here the modem command and click on the "Execute” button. (without AT) Status (information and analysis) | Page 293 of 324...
31.4 WiFi Information Designation Description Connected Display of the connection status via an LED symbol SSID Display Wi-Fi Network Names Signal strength Signal strength display (in %) Operating fre- Operating frequency display quency IP address Displays the settings on the Wi-FiL connection (local connection) of the router. The IP Subnet mask address is displayed if the router has a physical connection.
Page 295
Available WiFi networks Available networks are listed here. Click on the magnifying glass symbol to see the details of the respective WiFi network. Status (information and analysis) | Page 295 of 324...
NO T I C E Use this function only as instructed by the MB connect line support staff! Internet access This displays outgoing connections to the Internet. This can be both outgoing connections via the modem as well as connections over WAN.
31.6 DHCP DHCP Server LAN Displays the IP addresses that the DHCP server assigns to connected clients. DHCP Server WAN Displays the IP addresses that the DHCP server assigns to connected clients. Logging Displays the IP addresses that the DHCP assigns and which IP addresses are not allowed. DHCP Client WAN Information about clients connected via the WAN connection.
31.7 DNS Server DNS_Server Designation Description Name Displays the name of the DNS server (if not assigned by the Internet Service Provider). IP address Displays the IP address of the DNS server (if not assigned by the Internet Service Provider). Logging Designation Description...
31.8 DynDNS DynDNS Designation Description Updated Displays the current IP address that is assigned to the mbNET via the Internet. IP-address Logging Designation Description System Here all events and errors relating to the DynDNS service are displayed. Logging Status (information and analysis) | Page 299 of 324...
31.9 NTP Date and time Designation Description Date/Time (UTC) Displays the current system time in Universal Time Coordinates (UTC). Local date/time Time Clicking on the "Execute” button, synchronises the time with the NTP server stored and update activated under System > Settings > Time Settings. Logging Designation Description...
By clicking on the "Start" or "Stop” button, you can manually start or stop a connection. NO T I CE Use this function only as instructed by the MB connect line support staff! System logging: Connection The connection protocol is displayed here.
31.11VPN-PPTP 31.11.1 VPN PPTP server Connections Inbound Outbound The incoming VPN connections of the mbNET are listed here. An active connection is indicated by a green LED icon The connection time, users dialled-in, local and remote IP address is displayed. After disconnection, you can see the time during which the corresponding connection was active.
By clicking on the "Start" or "Stop” button, you can manually start or stop a connection. NO T I CE Use this function only as instructed by the MB connect line support staff! System PPTP Client user logs All notifications and error messages of the PPTP service are displayed here.
By clicking on the "Start" or "Stop” button, you can manually start or stop a connection. NO T I CE Use this function only as instructed by the MB connect line support staff! System OpenVPN user logs The connection protocol is displayed here.
31.13IoT 31.13.1 IoT > Docker Here you can see: • the Status of your mbEDGE installation green LED icon = mbEDGE is active Click the "stop" button to deaktivate / stop mbEDGE gray LED icon = mbEDGE is not active Click on the "start"...
31.13.2 IoT > Docker Management Here you can see the Status of the Docker Management green LED icon = Docker Management is activated Click the "stop" button to deaktivate / stop the Docker Management gray LED icon = Docker Management is not active Click on the "start"...
31.13.3 IoT > Flows and Dashboard Here you can see: • the Status of accessing Flows and Dashboard. green LED icon = access to Flows and Dashboard is enabled. Click the "stop" button to deaktivate / stop the access gray LED icon = access to Flows and Dashboard is disabled.
31.14Runtime NO T I CE This function is only relevant if you operate the mbNET in the mbCONNECT24 portal. Here you can see: • theRuntime Status: green LED icon = Runtime is enabled. gray LED icon = Runtime is disabled. •...
31.15Diagnostics - Network Resources Designation Description Ping After entering an internet address or an IP address, you can use the ping command (Click on the "Ping” button) to determine whether the corresponding address is ac- cessible. Among other things, for example, you can easily determine whether an In- ternet connection exists.
Designation Description TCPDUMP In order to closely monitor the network traffic, you can use the "TCPDUMP” com- mand. Some examples of the use of this command are: • -i eth0 not port 80 Displays all TCP/IP connections to the (-i) LAN (eth0) interface, except (not) those using Port 80 (port 80) when incoming or outgoing.
Page 311
The live log of the system can be seen under Log Analyzer. The display can be filtered by "Priority" and/or "Application". Status (information and analysis) | Page 311 of 324...
Page 312
Filters for "Priority" and/or "Application" can be set independently for a clear, detailed display. Page 312 von 324 | V 7.2.0 - en | Aug 25 , 2022 |...
31.17Storage media Status display showing whether a storage medium (USB stick or/and SC card) is connected to the mbNET. green LED symbol = storage medium connected Grey LED symbol = storage medium is not connected Status (information and analysis) | Page 313 of 324...
31.18Alarm Manager Designation Description Inputs The statuses of the digital inputs are displayed here. The status query is performed and updated approximately every three seconds. Outputs The statuses of the digital outputs are displayed here. The status query is performed and updated approximately every three seconds.
31.19System 31.19.1 System-Usage CPU Information Display of the current utilization of the CPU. RAM in use Displays the currently required /used RAM of the router. Flash in use Displays the capacity of the configuration memory and temporary memory. Status (information and analysis) | Page 315 of 324...
31.19.2 System Information Device uptime The operating time of the device since the last device restart is displayed here. The same information can also be found on the Quickstart page. System Kernel Logging Possible reasons for errors in the router can be found in the system information. System error log For example, if the Stat-LED on the front of the device is flashing, it may be possible to use the logging to discover the cause of the error.
31.19.3 MQTT Debug List The MQTT debug list outputs the system information in tabular form. The mbNET can be used as an MQTT broker. After activating the "MQTT access to status topics" function under "System > Settings > Device API", you can query the values from the "MQTT debug list".
Firmware update via the USB interface You can update the mbNET directly via the USB interface. The device then automatically recognizes the firmware saved to a connected USB stick. Pressing the Dial Out button starts the firmware update. Preparation: • Go to www.mbconnectline.com (downloads) and download the latest firmware version (e.g. "mb- NET_FW_V624.zip").
Programming the mbCONNECT24 portal configuration via the USB interface If you created the mbNET device configuration in the mbCONNECT24 service portal, you can scan this portal configuration directly via the USB interface into the mbNET. The device automatically detects the portal con- figuration stored on a connected USB Stick ("mbconnect24.mbn/-.mbnx”).
Factory settings when delivered 34.1 User name and password - for access to the mbNET Web Interface The mbNET is delivered with the following user data: User name admin Password The default password can be found on the back of the device NO T I CE Make sure you change the default access data immediately! 34.2 IP address of the mbNET...
Load factory settings NO T I CE Before you configure the device to its factory settings, you should note the following: • Save your configuration first. After restoring the factory settings, all of your settings/changes will be deleted. • The IP address of the device is reset to the original IP address (192.168.0.100). You may also need to modify the network settings of the configuration PC accordingly.
Device restart (Reset) Directly on the device (mbNET) using the reset button For example, use a paper clip and press the Reset button on the mbNET. The device will now restart. The restart is complete once both the "Rdy" and "Pwr" LEDs light up. Via the mbNET web interface 1.
Annex 37.1 Set computer address (IP address) in Windows 10 NO T I CE If you want to access the web interface of the mbNET via a configuration PC, the following conditions must be met: • The mbNET must be connected to the PC via one of its LAN interfaces. •...
Page 324
• Click on properties in the next window (Status of LAN connection). • Here, under Properties of the LAN-connec- tion, select the entry Internet Protocol Ver- sion 4 (TCP/IPv4), and click on Properties. • Here, ° the IP address of the computer must be in the same network range as the mbNET, °...