Allied Telesis AlliedWare Plus AR Series Technical Manual
  1. Manuals
  2. Brands
  3. Allied Telesis Manuals
  4. Firewall
  5. AlliedWare Plus AR Series
  6. Technical manual
Allied Telesis AlliedWare Plus AR Series Technical Manual

Allied Telesis AlliedWare Plus AR Series Technical Manual

5g mobile broadband utm firewall
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Technical Guide
5G Mobile Broadband UTM Firewall
Feature Overview and Configuration Guide

Introduction

This guide describes the AlliedWare Plus™ AR4050S-5G mobile broadband UTM firewall and how
to configure it.
This model has the same features as the AR4050S with the addition of 5G. 5G is a 5th generation
mobile communication system which offers high speed, large capacity and low latency. 5G allows
you to connect multiple devices that you can use to link from remote offices to your local corporate
network. You can also back up a wired Ethernet Internet connection on a corporate WAN.
The 5G feature uses an internal cellular modem that supports 5th generation mobile communication.
This modem supports configuration of carrier information used to connect to mobile carrier
networks. This modem connects automatically to 3G and 4G wireless networks giving you the best
available connection. The router connects to the fastest available wireless technology. Dual SIM
card slots support resilient mobile connectivity, with the ability to use SIM cards from two different
carriers.
5G refers to the internal Sierra Wireless EM9191 modem. It features a higher speed wireless
connection that creates two WWAN interfaces. The interface 'wwan0' is used for the internal
EM9191 modem. The interface 'wwan1' is available for external USB 3G and 4G cellular
modems.
For more information about using USB cellular modems to connect to 3G and 4G,
see
USB Cellular Modem Feature Overview and Configuration

Products and software version that apply to this guide

This guide applies to AlliedWare Plus™ products that support 5G modems.
AR-Series Mobile Broadband UTM Firewall model AT-AR4050S-5G - from version 5.5.2-0.2
onwards.
For further information regarding product support for this feature, see the following documents:
The
product's Datasheet
The product's
These documents are available from the above links on our website at
alliedtelesis.com.
C613-22132-00 REV A
Command Reference
Guide.
alliedtelesis.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the AlliedWare Plus AR Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Allied Telesis AlliedWare Plus AR Series

Summary of Contents for Allied Telesis AlliedWare Plus AR Series

  • Page 1: Introduction

    Technical Guide 5G Mobile Broadband UTM Firewall Feature Overview and Configuration Guide Introduction This guide describes the AlliedWare Plus™ AR4050S-5G mobile broadband UTM firewall and how to configure it. This model has the same features as the AR4050S with the addition of 5G. 5G is a 5th generation mobile communication system which offers high speed, large capacity and low latency.
  • Page 2 Feature support may change in later software versions. For the latest information, see the above documents. For information and support about 5G, firmware and PRI files available, contact:  Allied Telesis at this email: 5g-support@alliedtelesis.co.nz. C613-22132-00 REV A Introduction Page 2...

  • Page 3: Table Of Contents

    5G Mobile Broadband UTM Firewall Contents Introduction ............................1 Products and software version that apply to this guide ...............1 What does a 5G cellular modem do?....................4 5G Internal modem features ......................4 Available radio frequencies ......................4 How does this feature work? ......................5 Limitations.............................6 How to use the 5G cellular modem.....................7 A simple connection ........................7...

  • Page 4: What Does A 5G Cellular Modem Do

    Two WWAN interfaces are available. ‘wwan0’ is reserved for the internal EM9191 modem and ‘wwan1’ is available for an external USB cellular modem.  The router can be an Allied Telesis Autonomous Management Framework (AMF) master. AMF backups are written to USB. Available radio frequencies The following radio frequency bands are available for the AR4050S-5G router’s internal Sierra...

  • Page 5: How Does This Feature Work

    5G Mobile Broadband UTM Firewall How does this feature work? When you use the 5G modem for mobile communication the following applies: 1. Only Micro SIMS are supported (15mm x 12mm). We do not recommend using Mini or Nano SIM cards because the SIM adapter that they require can cause problems if the SIM card detaches inside a slot.

  • Page 6: Limitations

    5G Mobile Broadband UTM Firewall Limitations The following limitations apply to the 5G modem feature: PIN numbers for SIM cards are not supported. eSIMs (embedded SIM card) are not supported. If the SIM slots failover from one carrier to another you may need to update the PRI carrier information.

  • Page 7: How To Use The 5G Cellular Modem

    5G Mobile Broadband UTM Firewall How to use the 5G cellular modem A simple connection This section describes some of the scenarios you can use the 5G cellular modem for. For step-by- step instructions, see "Configuring a 5G modem using a the ‘wwan0’ interface" on page 10".

  • Page 8: Integrated Security With 5G Wan Backup

    5G Mobile Broadband UTM Firewall Figure 2: Example of resilient 5G WAN connectivity with the dual SIM Members Remote office Members 5G mobile carrier 1 Company office Master Members Remote office Active 5G VPNs 5G mobile Backup 5G VPNs carrier 2 Integrated security with 5G WAN backup This solution in the diagram below shows a UTM Firewall providing a wired site-to-site IPSec VPN connectivity between corporate offices, with 5G mobile network backup available if the wired VPN...
  • Page 9 5G Mobile Broadband UTM Firewall Figure 3: Example of integrated security with 5G WAN backup Members Full application and web control, with advanced threat protection. Company office Master Internet Members Branch office SSL VPN Wired IPSec VPN 5G mobile backup Remote worker Other configuration solutions...

  • Page 10: Configuring A 5G Modem Using A The 'Wwan0' Interface

    Each cellular carrier provides its own APN settings which need to be configured for individual SIM cards. Allied Telesis provides these optional settings for an APN profile: Use the command username (config-apn) to configure a username for an APN profile. The user...
  • Page 11 5G Mobile Broadband UTM Firewall Use the command password (config-apn) to configure a password for an APN profile. The password is provided by the mobile carrier: Syntax password <password> no password <password> Use the command auth (config-apn) to configure authentication used to connect to the mobile carrier.

  • Page 12: Show Commands To Monitor What Is Happening

    5G Mobile Broadband UTM Firewall Show commands to monitor what is happening The show 5g sim command displays details about the SIM card, the state of the network and APN configuration attached to the SIM card. For the SIM card slot to be active the administration state must be up, a valid APN profile must be configured and attached to the ‘wwan0’...
  • Page 13 5G Mobile Broadband UTM Firewall The show 5g apn-profiles command displays the profiles that have been configured and if they are accepted by the Sierra EM9191 internal modem. awplus#show 5g apn-profiles APN Profiles Profile Parameter Configuration -------------------------------------------------------------------------------- carrier1 APN Name test1.com carrier1 User Name...
  • Page 14 5G Mobile Broadband UTM Firewall The show 5g status command displays the state of the network connection and information from the 5G modem. This includes what cell tower you are connected to and the signal strength. It also displays if the radio is enabled. The system mode lets you know if you are connected to a 3G (WCDMA), 4G (LTE) or 5G (ENDC) network.
  • Page 15 5G Mobile Broadband UTM Firewall The show 5g tech command displays technical details about your 5G modem configuration and connection: awplus#show 5g tech +CGREG: 0,0 0.0: not registered, MT is not currently searching a new operator to register to 0.1: Registered, home network 0.2: Searching 0.3: Registration denied 0.4: Registered, non-home network...
  • Page 16 5G Mobile Broadband UTM Firewall The show 5g tech (con’t): [/dev/cdc-wdm0] Registration status: Network error: 'unknown' Register state: 'home' Register mode: 'automatic' Available data classes: 'lte' Current cellular class: 'gsm' Provider ID: '53001' Provider name: 'vodafone NZ' Roaming text: 'unknown' Registration flags: 'packet-service-automatic-attach' [/dev/cdc-wdm0] Successfully got status: Common Info:...
  • Page 17 5G Mobile Broadband UTM Firewall The show 5g tech config command displays the active SIM configuration currently configured on your modem: awplus#show 5g tech config APN=vodafone APN_USER= APN_AUTH= IP_TYPE=ipv4v6 PROXY=yes The show 5g tech firmware command displays current firmware active on your modem: awplus#show 5g tech firmware AT!PRIID PRI Part Number: 9909484...
  • Page 18 5G Mobile Broadband UTM Firewall The command show 5g carriers displays information about carrier PRI files that are on the 5G router: master#show 5g carriers Slot Build ID State ------------------------------------------------ Good 03.04.03.00_? Active Empty Not Set Empty Not Set Carrier Unique Name Build...

  • Page 19: Carrier Support

    5G Mobile Broadband UTM Firewall Carrier support The EM9191 modem relies on firmware and production release information (PRI) files from Sierra Wireless. For information and support about 5G, firmware and PRI files available, contact Allied Telesis at this email 5g-support@alliedtelesis.co.nz. PRI file support The PRI file you need depends on your carrier.
  • Page 20 To support your chosen 5G carrier, you may need to swap your device's PRI file. The device may version 2 have shipped with the appropriate file. If not, contact Allied Telesis at this email: 5g-support@alliedtelesis.co.nz. If the modem is running firmware version 2 (e.g. 02.08.01.00), you cannot directly swap between different PRI files.

  • Page 21: Upgrading Firmware And Pri Files

    Get the new firmware and/or PRI files Step 3: Get the new files from Allied Telesis at this email: 5g-support@alliedtelesis.co.nz. Copy the new files onto the device Step 4: Copy the files into the desired directory.
  • Page 22 5G Mobile Broadband UTM Firewall The PRI files need to be for the same software version as the firmware file. For example:  The firmware file SWIX55C_03.04.03.00-001.cwe is for the software version 03.04.03.  The PRI file SWIX55C_03.04.03.00-001_DOCOMO_030.012_001.nvu is for the same software version.

  • Page 23: Upgrading Firmware Versions: Examples

    5G Mobile Broadband UTM Firewall Upgrading firmware versions: examples This section contains examples of upgrades from various firmware versions to other versions. Firmware version 3 From release 5.5.2-0.1 onwards, you can install multiple PRIs with firmware version 3, for example: awplus#platform 5g update firmware SWIX55C_03.09.03.00-001.cwe pri SWIX55C_03.09.03.00-001_SOFTBANK_030.023_000.nvu location usb:030903 awplus#platform 5g update firmware SWIX55C_03.09.06.00-001.cwe pri...
  • Page 24 5G Mobile Broadband UTM Firewall Firmware version 2 to version 3 The following example shows upgrading from version 2 to version 3: awplus#platform 5g update firmware SWIX55C_03.04.03.00-001.cwe pri SWIX55C_03.04 .03.00-001_DOCOMO_030.012_001.nvu location usb:0304 Backing up settings, please wait Updating firmware SWIX55C_03.04.03.00-001.cwe SWIX55C_03.04.03.00- 001_DOCOMO_030.012_001.nvu Application version: 1.0.2103.0 INFO: QDL Port...
  • Page 25 5G Mobile Broadband UTM Firewall Firmware version 1.07 to version 2.08 If modems have SWIX55C_01.07.08.00 or SWIX55C_01.07.13.00 versions installed, you must go to version SWIX55C_01.07.19.00 before going to SWIX55C_02.08.01.00. For example: awplus#show 5g tech firmware AT!PRIID PRI Part Number: 9909484 Revision: 001.021 Customer: Generic Carrier PRI: 9999999_9909619_SWIX55C_01.07.13.00_00_ATT_012.007_000...
  • Page 26 5G Mobile Broadband UTM Firewall Use the command platform 5g update firmware to upgrade to version 01.07.19.00: awplus#platform 5g update firmware SWIX55C_01.07.19.00.cwe pri SWIX55C_01.0 7.19.00_DOCOMO_004.007_000.nvu location usb:0119 Backing up settings, please wait Updating firmware SWIX55C_01.07.19.00.cwe SWIX55C_01.07.19.00_DOCOMO_004.007_000.nvu Application version: 1.0.2103.0 INFO: QDL Port /dev/wwan0p1SAHARA INFO: Device Path: /dev/wwan0p2MBIM INFO: FW...
  • Page 27 5G Mobile Broadband UTM Firewall Use the command show 5g tech firmware to verify: awplus#show 5g tech firmware AT!PRIID PRI Part Number: 9909484 Revision: 001.021 Customer: Generic Carrier PRI: 9999999_9909619_SWIX55C_01.07.13.00_00_ATT_012.007_000 Carrier PRI: 9999999_9909622_SWIX55C_01.07.19.00_00_DOCOMO_004.007_000 Carrier PRI: 9999999_9909621_SWIX55C_01.07.19.00_00_GENERIC_016.010_000 Carrier PRI: 9999999_9910308_SWIX55C_01.07.13.00_00_TMO_001.005_000 AT!IMPREF !IMPREF: preferred fw version: 01.07.19.00...
  • Page 28 5G Mobile Broadband UTM Firewall Use the command platform 5g update firmware to upgrade to version 02.08.01.00: awplus#platform 5g update firmware SWIX55C_02.08.01.00.cwe pri SWIX55C_02.08 .01.00_DOCOMO_020.006_000.nvu location usb:0208a Backing up settings, please wait Updating firmware SWIX55C_02.08.01.00.cwe SWIX55C_02.08.01.00_DOCOMO_020.006_000.nvu Application version: 1.0.2103.0 INFO: QDL Port /dev/wwan0p1SAHARA INFO: Device Path: /dev/wwan0p2MBIM INFO: FW...
  • Page 29 5G Mobile Broadband UTM Firewall Use the command show 5g tech firmware to verify: awplus#show 5g tech firmware AT!PRIID PRI Part Number: 9909484 Revision: 001.021 Customer: Generic Carrier PRI: 9999999_9909619_SWIX55C_01.07.13.00_00_ATT_012.007_000 Carrier PRI: 9999999_9909622_SWIX55C_02.08.01.00_00_DOCOMO_020.006_000 Carrier PRI: 9999999_9909621_SWIX55C_02.08.01.00_00_GENERIC_020.007_000 Carrier PRI: 9999999_9910308_SWIX55C_01.07.13.00_00_TMO_001.005_000 AT!IMPREF !IMPREF: preferred fw version: 02.08.01.00...
  • Page 30 5G Mobile Broadband UTM Firewall Firmware version 3 to version 1 If you need to downgrade firmware, see the example below. For example downgrading from version 03.04.03.00 to an earlier version 01.07.19.00: awplus#show 5g carriers Slot Build ID State ------------------------------------------------ Good 03.04.03.00_? Active...
  • Page 31 5G Mobile Broadband UTM Firewall Use the platform 5g update command to downgrade to an earlier version 01.07.19.00: awplus#platform 5g update firmware SWIX55C_01.07.19.00.cwe pri SWIX55C_01.07. 19.00_VERIZON_012.012_000.nvu location usb:0107 Backing up settings, please wait Updating firmware SWIX55C_01.07.19.00.cwe SWIX55C_01.07.19.00_VERIZON_012.012_000.nvu Application version: 1.0.2111.0 INFO: QDL Port /dev/wwan0p1SAHARA INFO: Device Path: /dev/wwan0p2MBIM...
  • Page 32 5G Mobile Broadband UTM Firewall Use the show 5g carriers command to verify the downgrade to version 01.07.19.00: awplus#show 5g carriers Slot Build ID State ------------------------------------------------ Good 03.04.03.00_? Active Carrier Unique Name Build State ----------------------------------------------------------------- 012.007_00 01.07.13.00_ATT Orphan DOCOMO 030.012_00 03.04.03.00_DOCOMO Usable 020.006_00...
  • Page 33 5G Mobile Broadband UTM Firewall Use the show 5g tech firmware command to verify the firmware information to version 01.07.19.00: awplus#show 5g tech firmware AT!PRIID PRI Part Number: 9909484 Revision: 001.021 Customer: Generic Carrier PRI: 9999999_9909619_SWIX55C_01.07.13.00_00_ATT_012.007_000 Carrier PRI: 9999999_9909622_SWIX55C_03.04.03.00_01_DOCOMO_030.012_001 Carrier PRI: 9999999_9910330_SWIX55C_02.08.01.00_00_DT_020.006_000 Carrier PRI: 9999999_9909621_SWIX55C_03.04.03.00_01_GENERIC_030.012_000 Carrier PRI: 9999999_9910398_SWIX55C_03.04.03.00_01_TELSTRA_030.016_000 Carrier PRI: 9999999_9910308_SWIX55C_01.07.13.00_00_TMO_001.005_000...

  • Page 34: Upgrading Or Adding Pri Files: Example

    5G Mobile Broadband UTM Firewall Upgrading or adding PRI files: example The following command and output examples show the GENERIC PRI version 020.007.001 being updated for firmware and PRI files to version 03.04.03.00. First use the show 5g tech firmware command to see the PRI and build ID for the GENERIC PRI: awplus#show 5g tech firmware AT!PRIID...
  • Page 35 5G Mobile Broadband UTM Firewall Use the command platform 5g update to upgrade the firmware and PRI files to version 03.04.03.00: awplus#platform 5g update pri SWIX55C_03.04.03.00-001_GENERIC_030.012_000.nvu location usb:pri3 Backing up settings, please wait Updating PRI SWIX55C_03.04.03.00-001_GENERIC_030.012_000.nvu Application version: 1.0.2103.0 INFO: QDL Port /dev/wwan0p1SAHARA INFO: Device Path: /dev/wwan0p2MBIM INFO: FW...
  • Page 36 5G Mobile Broadband UTM Firewall Use the command show 5g tech firmware to verify the upgrade for firmware and PRI files to version 03.04.03.00: awplus#show 5g tech firmware AT!PRIID PRI Part Number: 9909738 Revision: 001.007 Customer: Generic Carrier PRI: 9999999_9909622_SWIX55C_03.04.03.00_01_DOCOMO_030.012_001 Carrier PRI: 9999999_9909621_SWIX55C_03.04.03.00_01_GENERIC_030.012_000 Carrier PRI: 9999999_9910398_SWIX55C_03.04.03.00_01_TELSTRA_030.016_000 AT!IMPREF...

  • Page 37: Troubleshooting

    5G Mobile Broadband UTM Firewall Troubleshooting The following issues may occur when swapping, upgrading or deleting PRI and firmware files.  Your modem does not come on-line after an upgrade: Reboot your router using the reboot command or, Shutdown the ‘wwan0’ interface using the shutdown command and no shutdown command to bring it up again.
  • Page 38  Modem stops working Try rebooting your router first. If this does not work, then capture a show tech-support display and contact Allied Telesis at this email: 5g-support@alliedtelesis.co.nz.  Firmware image is at slot 255 See the output below which is an extract from the show 5g tech firmware command. See that the active firmware image is at slot 255.

  • Page 39: Sim Card Detection Test

    5G Mobile Broadband UTM Firewall SIM card detection test The following procedure is used to test SIM cards in both SIM 1 and SIM 2 card slots. Boot your router with no configuration and no SIM cards inserted Step 1: Check that both SIM 1 and SIM 2 LEDs are off Step 2: Configure your router...
  • Page 40 5G Mobile Broadband UTM Firewall Display SIM status Step 5: Use the show 5g sim command. Observe that both SIM 1 and SIM 2 slots are empty: awplus#show 5g sim SIM Status: Slot 1 is : Empty Slot 1 administrative state : Up Slot 1 present, up and configured : No...
  • Page 41 5G Mobile Broadband UTM Firewall Add a SIM card to both SIM 1 and SIM 2 card slots Step 6: Wait for 10 seconds and then enter the command show 5g sim to check that both SIM slots report that the cards are present. SIM 1 is detected first: awplus#show 5g sim SIM Status: Slot 1 is...
  • Page 42 5G Mobile Broadband UTM Firewall Disable SIM 1 Step 9: Use the command no sim enable to disable SIM 1. SIM 2 automatically becomes the active SIM. awplus(config)# no sim enable sim1 awplus(config)# Display the SIM status Step 10: Use the command show 5g sim. Observe that the administrative state for slot 1 is down and is invalid, while slot 2 is up and is the backup: awplus#show 5g sim SIM Status:...
  • Page 43 F: +31 20 7950021 alliedtelesis.com © 2022 Allied Telesis, Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners.

This manual is also suitable for:

Alliedware plus at-ar4050s-5g

Table of Contents