ELTEC CYBOX LTE 2 Configuration Manual
  1. Manuals
  2. Brands
  3. ELTEC Manuals
  4. Network Router
  5. CYBOX LTE 2
  6. Configuration manual

ELTEC CYBOX LTE 2 Configuration Manual

Lte router
Hide thumbs Also See for CYBOX LTE 2:
Table of Contents

Advertisement

Quick Links

Download this manual
CYBOX LTE 2
LTE ROUTER
CONFIGURATION MANUAL
Version: 1.0 for firmware V21.38.00 | Date: 23.09.2021

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the CYBOX LTE 2 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ELTEC CYBOX LTE 2

Summary of Contents for ELTEC CYBOX LTE 2

  • Page 1 CYBOX LTE 2 LTE ROUTER CONFIGURATION MANUAL Version: 1.0 for firmware V21.38.00 | Date: 23.09.2021...
  • Page 2 2 ABOUT THIS DOCUMENT 2.1 Information about Formatting 3 ABOUT THE CyBox LTE 2 4 HOW TO ACCESS THE CyBox LTE 2 4.1 IP Addresses of the CyBox LTE 2 4.2 Getting to the Web Interface 5 QUICK START GUIDE 5.1 Change Password...
  • Page 3 CYBOX LTE 2 5.5.2 Restrict Access to Local Ports to Specified Interfaces 6 THE WEB INTERFACE 6.1 Network 6.1.1 Interfaces 6.1.1.1 DHCP Server per Interface 6.1.1.2 Bridges 6.1.1.3 VLAN 6.1.1.4 LTE 6.1.1.4.1 Configuring LTE 6.1.1.4.2 LTE Troubleshooting 6.1.1.5 5G 6.1.2 WLAN 6.1.2.1 Channel, Wireless mode, HT mode, Power settings...
  • Page 4 CYBOX LTE 2 6.1.4.1.1 Create LACP interface 6.1.4.1.2 Setup IP / Netmask 6.1.4.1.3 Setup bonding Policy / add slave Interfaces 6.1.4.1.4 Setup Firewall 6.1.4.1.5 Check interface Status 6.1.4.2 LACP testing example 6.1.4.2.1 Test Setup 6.1.4.2.2 Test bonding bandwidth improvement 6.1.4.2.3 Test bonding reliability improvement 6.1.5 Global DHCP and DNS Settings...
  • Page 5 CYBOX LTE 2 6.3.4 Reboot 6.3.5 Reset Button 6.3.6 Emergency Mode 7 SNMP 7.1 SNMP Protocol Support 7.2 SNMP V3 Protocol Support 7.2.1 SNMP V3 Protocol Examples 7.3 SNMP Basic Functions 7.4 SNMP Read and Write Authorizations 7.5 SNMP Commands 7.6 SNMP Read (snmpwalk and snmpget)
  • Page 6 CYBOX LTE 2 9.2 IPSec default configuration 9.3 IPSec Secret configuration 9.4 IPSec Tunnel / Transport Connection 9.5 IPSec Crypto Proposal configuration 9.6 IPSec Firewall Custom Rules 9.7 IPSec Service Start 10 SSH / SERIAL CONSOLE 10.1 UCI Configuration 10.1.1 UCI configuration files 10.1.2 UCI Example...
  • Page 7 The complete risk inherent in the utilization of this document or in the results of its utilization shall be with the user; to this end, ELTEC Elektronik AG shall not accept any liability.

  • Page 8: Known Issues

    GPL-covered modules. For details and GPL text, see the Software Configuration Manual, available on <https://www.eltec.com>. In case of problems use the mail (street) address below. Request FOSS and sources with a mail to: ELTEC Elektronik AG Galileo-Galilei-Str.

  • Page 9: About This Document

    The CyBox LTE 2 hosts up to two LTE interfaces or one Wi-Fi 5 interface combined with an LTE interface to boost network efficiency and connect to client devices such as mobile phones. Country-specific LTE/Wi-Fi standards are adopted for worldwide use in every type of train.
  • Page 10 11.2 USB Possibilities 4. Using SNMP (see 7 SNMP 4.1 IP Addresses of the CyBox LTE 2 By default, the CyBox LTE 2 is accessible through the following IP addresses (see figure The page Network → Interfaces (default settings)): • 192.168.100.1 (LAN) •...
  • Page 11 Before accessing the web interface, your computer must be connected to the Ethernet port LAN 1, and it must be configured to use the same subnet as the CyBox LTE 2. The web interface is accessible using HTTPS on the IP addresses listed in 4.1 IP Addresses of the CyBox LTE 2...

  • Page 12: Change Password

    • Operator workstation and CyBox LTE 2 are connected via Ethernet • Workstation browser is logged-in to the CyBox LTE 2 web interface • Operator is additionally logged in to CyBox LTE 2 via SSH (if available, a serial console terminal would be preferable).
  • Page 13 CYBOX LTE 2 LAN Configuration Example 5.2.1 Disabling IPv6 The custom helper script under System → Custom Commands → Dashboard will modify the network / firewall configuration to disable all IPv6 network traffic. Normally all network interfaces have an automatic IPv6 address applied.

  • Page 14: System Settings

    As a first step, a simple access point is configured. The wired Ethernet and the wireless radios form an isolated local domain where the CyBox LTE 2 provides DHCP services. Finally the example in „LAN IP Address“ shows how to set a new static IP address. In Network > Interfaces → LAN → Protocol you can configure the DHCP client setup to obtain an IP address from a DHCP server in your network.
  • Page 15 CYBOX LTE 2 • Select Network → Wireless: this shows the wireless controllers radio0 and radio1 with some software buttons • Select tab radio0: Unknown “OpenWrt” or click the Edit button of radio0 • In box Device Configuration: • Select tab Advanced Settings •...

  • Page 16: Connecting To Wan

    DHCP service, but there is not yet an uplink to a gateway. 5.3.4 Connecting to WAN As a goal, the CyBox LTE 2 shall integrate its clients via Ethernet in a higher-level network. DHCP, DNS, and gateway services are supposed to be available in that net.
  • Page 17 CYBOX LTE 2 Network Topology with Three VLANs 5.4.1 Create the Management VLAN Create a new Ethernet interface (eth0.100) and give it the name “vlan100”. Make it a full-valued net host by assigning a static address and a gateway. • Select tab Network tab Interfaces •...
  • Page 18 CYBOX LTE 2 The following 3 lines fix a problem with this LuCI page (The drop-down menu for the country code is not updated correctly) • Click button Save & Apply • Logout / Login • Select tab Network –> tab WiFi –> tab radio0 (or click button Edit for radio0) Now we can complete the configuration for radio0: •...

  • Page 19: Check Configuration

    CYBOX LTE 2 • Click button Save & Apply 5.4.6 Check Configuration As a check, you may login to the CyBox LTE 2 through SSH and issue the ifconfig command. The following interfaces should be shown: br-vlan101 Link encap:Ethernet …...
  • Page 20 CYBOX LTE 2 • Select tab Network –> tab WiFi –> tab radio0 (or click button Edit for radio0) • In box Interface configuration • Select tab Advanced settings • Activate checkbox Separate clients • Click button Save & Apply •...

  • Page 21: The Web Interface

    CYBOX LTE 2 6 THE WEB INTERFACE Most pages of the web interface are concerned with the configuration of the CyBox LTE 2. Many of these pages show some of the following buttons: • Reset: clicking on this button reverts the unsaved input fields of the current page to the values as they were before you modified them.
  • Page 22 CYBOX LTE 2 Bridge Interface Create Bridge Interface Configure The configuration specifies the wired ports to attach to this bridge. In order to attach wireless networks, choose the associated interface as network in the wireless settings. Check Bridge interfaces and include all Interfaces that should belong to the new bridge interface.
  • Page 23 VLAN tag to be able to access the AP. 6.1.1.4 LTE This chapter shows how to connect the CyBox LTE 2 to a mobile LTE network.
  • Page 24 Internet. 6.1.1.4.1 Configuring LTE The CyBox LTE 2 provides 4 SIM slots per LTE modem. Only one slot per modem can be active at any time. The slots can be selected via an SNMP command or using the web interface.
  • Page 25 CYBOX LTE 2 The SIM slot configuration page • Enter The PIN of the SIM card. Take care to enter the PIN on the correct tab, as a wrong configured PIN may lead to SIM card locking. • Enter the APN, Username and Password as supplied by the LTE provider.
  • Page 26 CYBOX LTE 2 setup with a gateway which is not part of this MWAN configuration. You may setup a new IP for the LAN interface using a private address pool (192.168.x.y). 6.1.1.4.2 LTE Troubleshooting Problem Possible cause and solution No LTE Missing configuration parameters.
  • Page 27 CYBOX LTE 2 Wireless Device Overview The example shows a CyBox LTE 2 with two radios installed. Depending on the hardware, other configurations may be shown. After enabling the radio, you can configure physical settings. Clicking Network → Wireless → Edit redirects you to the ‘Device Configuration’...
  • Page 28 CYBOX LTE 2 Wireless Device Configuration After the device has been enabled, the radio status should be checked if the selected channel / mode combination is working. 6.1.2.2 Radio Band Configuration for Models with Antenna Combiner If the system is equipped with an antenna combiner, (e.g. having two radio modules (WLE-900) but only three antennas) the frequency bands 2.4 GHz and 5 GHz cannot be freely configured for each wireless module.
  • Page 29 CYBOX LTE 2 JJPlus Wave-2 Frequency Band Toggle 6.1.2.4 ESSID, WDS Mode, Client separation The ESSID is used for WLAN clients to select the wireless LAN by name. Set up a ESSID name for the wireless network in the General Setup of the Interface configuration and use mode Access Point.
  • Page 30 When configuring the CyBox LTE 2 as client with a “mixed mode”, it will try both modes when connecting to an access point (normally, only the configured mode is used). The following modes can be combined: •...
  • Page 31 Access Point is attached to the same cable backbone, and the wifi clients use the same subnet, client isolation must also be enabled between APs. This is also true if the CyBox LTE 2 operates multiple APs on different WLAN modules which are connected (e.g. by using a bridge). Isolation is also done for clients on...
  • Page 32 CYBOX LTE 2 In order to use Multi-AP client isolation, all APs must use the same Server and use the same interface name. (Network traffic can be restricted with a configuration for ‘ebtables’ on FORWARD rules, managed by the ‘client isolation’...
  • Page 33 CYBOX LTE 2 Deactivate SSIDs when the server is not reachable 6.1.2.10 Access Point Scanning Service (Wireless Monitoring) Reporting nearby APs to interested parties Important A must precondition to use this service is to have at least one available radio device running AP (AccessPoint) mode.
  • Page 34 CYBOX LTE 2 Scanning results can be obtained by a SNMP request. Request configuration can also be done by using of UI page (Services->SNMPD Edit). Getting queue entry from remote host ~# snmpget -c public -v 2c <device_ip> 1.3.6.1.4.1.2021.8.1.2.159.101.1; iso.3.6.1.4.1.2021.8.1.2.159.101.1 = STRING: "00:15:61:20:AC:8A;CyBoxGW-P-radio1;04:F0:21:3F:2E:AA;36;-27;2020-05-06 13:20:17"...
  • Page 35 CYBOX LTE 2 Scanning results are stored in CSV format: • S_BSSID (MAC of scanner radio) • SSID (the name) • BSSID (the MAC) • channel • signal level • “last seen” timestamp Current queue status (entries) can be also discovered on the UI page (Status->AP Scanner).
  • Page 36 CYBOX LTE 2 The sniffing service is configurable over UCI resp. LUCI. A separate page (Services -> WLAN Sniffer) can be used to configure radio devices which are used for sniffing. Also the maximum queue length, additional string and hash cycle count values can be configured.
  • Page 37 CYBOX LTE 2 Important As soon queue has reached the configured maximum length, every time there is a new entry added to queue the “oldest” one will be dropped! How to avoid data lost? 1. increase maximum queue length 2. collect sampled data more often e.g. once a second (snmp request) Sniffed results are stored in CSV format: •...
  • Page 38 CYBOX LTE 2 Important The rogue AP detection algorithm relies on the 8 THE FLYING CONTROLLER MECHANISM . The detection algorithm is only active on devices running in controller mode. As the controller mode selection is done automatically between devices running in the same network (LAN), all potentially candidates for Rogue AP detection have to be configured identically.
  • Page 39 CYBOX LTE 2 SNMP notifications are defined within the ELTEC MIB and have following format: ELTEC-CYAP-MIB::rogueAPdetected ELTEC-CYAP-MIB::rogueDataSSID ELTEC-CYAP-MIB::rogueDataBSSID ELTEC-CYAP-MIB::rogueDataChannel ELTEC-CYAP-MIB::rogueDataSignal ELTEC-CYAP-MIB::rogueDataLastseen ELTEC-CYAP-MIB::rogueDataSBSSID Status messages can be discovered on the UI page (Status->RogueAP). 6.1.3 Multi-WAN Manager (MWAN3) The multi-WAN manager (MWAN3) can be used to control which network connection is to be used for traffic. This section uses LTE uplink connections as example, but other connections - like WLAN or Ethernet - can also be used.
  • Page 40 (using load-balancing among them). Load-balancing requires no remote station on the ground, it is handled entirely by the CyBox LTE 2. As such, it is no link aggregation. It distributes traffic by streams, not by packets, i.e. a single stream cannot benefit from multiple LTE connections.
  • Page 41 After complete Modem setup the modem interfaces are up and tracking via ping is active. To check the hotplug MWAN mechanism open a second web interface to CyBox LTE 2 and go to Network → Interfaces. In this example MODEM_S1 has the lowest metric and will be first standard gateway. The test is started with Stop action on interface MODEM_S1.
  • Page 42 CYBOX LTE 2 MWAN detailed status page 6.1.3.4 MWAN Modem Interface Configuration The MWAN interface configuration has a default setup for every modem card.
  • Page 43 CYBOX LTE 2 MWAN Interface configuration The tracking parameters can handle target host IPs, ping interval and timeout.
  • Page 44 CYBOX LTE 2 Tracking parameters 6.1.3.5 MWAN Members Configuration Members are profiles attaching a metric and weight to an MWAN interface. Names may contain characters A-Z, a-z, 0-9, _ and no spaces. Members may not share the same name as configured interfaces, policies or rules.
  • Page 45 CYBOX LTE 2 MWAN members 6.1.3.6 MWAN Policies Configuration Policies are profiles grouping one or more members controlling how MWAN distributes traffic. Member interfaces with lower metrics are used first. Interfaces with the same metric use load-balancing. Load-balanced member interfaces distribute more traffic out through those interfaces with higher weights.
  • Page 46 CYBOX LTE 2 6.1.3.7 MWAN Rules Configuration Rules specify which traffic will use a particular MWAN policy based on IP address, port, or protocol. Rules are matched from top to bottom. Rules below a matching rule are ignored. Traffic not matching any rule is routed using the main routing table.
  • Page 47 CYBOX LTE 2 MWAN notification configuration 6.1.4 LACP / Bonding Getting better overall bandwidth and failsave connections by using of Link Aggregation Control Protocol (LACP). Combining multiple Gigabit Ethernet interfaces into a single logical bonding interface results in increased overall bandwidth between connected devices.
  • Page 48 CYBOX LTE 2 First of all a logical bonding interface should be created. This can be done by using of UI page (Network → Interfaces → Add new interface). 6.1.4.1.2 Setup IP / Netmask Next step is setting an ip address and a netmask for new created bonding interface (see tab -> General Settings).
  • Page 49 CYBOX LTE 2 6.1.4.1.4 Setup Firewall If needed, firewall configuration can be done with tab Firewall Settings.
  • Page 50 CYBOX LTE 2 6.1.4.1.5 Check interface Status After applying new configuration settings, bonding interface bonding-b1 should be up and running. Interface status can also be verified by using of debug console. root@LACP_TEST:~# cat /proc/net/bonding/bonding-b1 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: IEEE 802.3ad Dynamic link aggregation...
  • Page 51 CYBOX LTE 2 port key: 9 port priority: 255 port number: 1 port state: 61 details partner lacp pdu: system priority: 32768 system mac address: 44:a5:6e:43:5d:70 oper key: 1 port priority: 128 port number: 2 port state: 63 Slave Interface: eth1...
  • Page 52 The CyBox LTE 2 uses a DNS, TFTP and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. This service accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive DNS server.
  • Page 53 Be sure you understand zone-based firewalls before changing the firewall configurations. The CyBox LTE 2 has a built-in stateful firewall mapping interfaces into Zones that are used to describe default rules for a given interface, forwarding rules between interfaces, and extra rules that are not covered by the first two.
  • Page 54 The server administrator should create a valid client configuration package, including certificates, client keys and preferably a myclient.ovpn config file. The VPN connection is built on this configuration file (myclient.ovpn). This example uses four files that have to be static stored on the CyBox LTE 2 to allow the...
  • Page 55 CYBOX LTE 2 openvpn program to build up a connection without user interaction. If the ‘auth-user-pass’ option is given to openvpn without a parameter, the connection setup is interrupted and will ask for a username and password. To make this run automatically a two-line file with username (in first line) and password (in second line) has to be provided.
  • Page 56 After the VPN client part configuration has been done, it’s time to configure the rest of the system and start a first connection. This configuration can be done at console (via SSH) with ‘uci’ commands. The openvpn program execution on the CyBox LTE 2 is managed with the ‘/etc/init.d/openvpn’ script. The following configuration is done at the command prompt: Create the VPN interface: (if not running server-bridge) uci set network.vpn0=interface...
  • Page 57 CYBOX LTE 2 uci set firewall.@forwarding[-1].src='lan' uci set firewall.@forwarding[-1].dest='vpn' Commit the changes: uci commit network /etc/init.d/network reload uci commit firewall /etc/init.d/firewall reload Enable the start flag and setup configuration file: echo > /etc/config/openvpn uci set openvpn.vpn=openvpn uci set openvpn.vpn.enabled=1 uci set openvpn.vpn.config='/etc/openvpn/myclient.ovpn'...
  • Page 58 (tun0 6.1.8 ICCP The Inter Carriage Connection Protocol is a bridging algorithm developed by ELTEC to automatically establish and maintain a wireless LAN backbone for trains. It can be used in retrofit applications, where it is too expensive to install backbone Ethernet cables in throughout the train.
  • Page 59 CYBOX LTE 2 CONNECT The own ID and the ID of the best neighbor found are coded into the new own SSID; the device waits for an SSID broadcast of the neighbor device with the same combination of IDs. This state has a time limit to establish the connection. If the time limit is exceeded, the state falls back to BIND.
  • Page 60 CYBOX LTE 2 Before configuring the ICCP parameters, make sure that the following actions have been done: • Delete all unnecessary interfaces with the web interface tab Network → Interfaces (e.g. lan_alias) • Configure your ICCP management interface as desired in Network → Interfaces (e.g. configure the lan interface as a bridge composed of eth0, wlan0 and wlan1, then set the IP address to 192.168.100.2)
  • Page 61 CYBOX LTE 2 ICCP Parameters: Parameter Description Unit Range Default USED_VLAN_N Using standard ICCP: empty - ICCP sets Comma custom empty ETWORKS up a bridge between native eth0 and separated wlan0/1. list Using VLAN ICCP: List of all configured VLAN networks/ssid. Case sensitive...
  • Page 62 CYBOX LTE 2 ICCP Status Indication on Web Server 6.1.8.6 VLAN over Wireless ICCP The latest ICCP implementation has been enhanced to be used in a VLAN network environment. This may increase network security by splitting the traffic into different virtual channels, i.e. a dedicated channel for the configuration and for service purposes as well as other channels, e.g.
  • Page 63 CYBOX LTE 2 ICCP illustration for VLAN Usage *Case 1: Dynamic ICCP* The configuration has to be performed on both ICCP partners. a. Interfaces configuration In addition to the steps described in Configurable Parameters, each VLAN (vlan007 and vlan123) must be configured as follows: •...
  • Page 64 CYBOX LTE 2 Dynamic ICCP VLAN configuration Note: Make sure that the VLAN tunnel checkbox is on. *Case 2: Static ICCP* Static ICCP can be used when you have no train carriage reconfigurations and the endpoints of VLAN tunnels are already known at time of configuration.
  • Page 65 CYBOX LTE 2 • When ask to specify a physical interface, create the custom interface eth0.007 then click on ‘Save & Apply’ Further steps are also required regarding the configuration of the ICCP management interface: • The WLAN modules from both ICCP partners have to be connected to each other. This means that on one radio the “Access Point (WDS)”...

  • Page 66: Gps Status

    In the following example, a networking interface LAN or WLAN is prepared to use the Quality of Service function (QoS). The CyBox LTE 2 implements a QoS function with scripts to configure traffic control (‘tc’ command), which reduces throughput at a selected interface. To see the effect, a performance test can be started with the built-in ‘iperf’...
  • Page 67 CYBOX LTE 2 GPS Info immediately after startup Reliable GPS Info after Hardware Calibration GPS Status Data: Data Item Value Description Integrity Active Void Quality Invalid GPS fix (SPS)
  • Page 68 CYBOX LTE 2 DGPS fix PPS fix Real Time Kinematic Float RTK Estimated Manual input mode Simulation mode 6.2.3 SNMP for GPS See chapter SNMP Support for GPS...

  • Page 69: System Properties

    CYBOX LTE 2 6.3 System 6.3.1 System Properties The System Properties are managed in the tab System → System. These menus handle logging options, NTP time synchronisation and the appearance, language of the web interface. In the General Settings tab the operating system time, that is always stored as UTC time can be synchronized with current browser time.

  • Page 70: Firmware Upgrade

    CYBOX LTE 2 Perform reset restores factory settings and performs a reboot. b. Export configuration Use the Generate archive button to export a configuration backup. The generated configuration tar archive is not hardware-specific and may be distributed to other access points, as long as they share the same model and the same firmware version.

  • Page 71: Reset Button

    While booting no user configuration settings are applied. The CyBox LTE 2 comes up with network default address 192.168.100.1 (user=root, password=root) and Wifi disabled. The Fail LED blinks orange (red and green on) and the web interface background is orange, as Figure indicates.
  • Page 72 CYBOX LTE 2 Note: Normally, the blue background indicates the standard mode and the orange background indicates emergency mode. But many web browsers keep the colours in cache, which means that the wrong colour can be displayed. To ensure that the correct one is shown, open a new window in private or incognito mode before...
  • Page 73 CYBOX LTE 2 7 SNMP 7.1 SNMP Protocol Support Firmware implementations before 2020 only have protocol support for version v1 and v2c. Since 2020 the SNMP protocol v3 is also included in every CyBox firmware. The v1, v2c protocol variants are present with factory default setup.
  • Page 74 CYBOX LTE 2 Demo user account settings The default protocols v1 and v2c should be disabled, when using SNMP-V3 protocol. Activate only SNMP-V3 protocol After all new settings are entered press the Save & Apply. Then the SNMPD service will restarted automatically.
  • Page 75 7.3 SNMP Basic Functions The SNMP service is included in CyBox LTE 2 Starting with firmware Version 2.6. The service is enabled, if a valid configuration file ‘/etc/config/snmpd’ is present and service startup is not disabled. On system start this configuration file is parsed and translated into a ‘snmpd.conf’...

  • Page 76: Snmp Commands

    CYBOX LTE 2 This address can be changed by means of an UCI command. Assuming to be logged-in on a CyBox LTE 2 via SSH as administrative user, the following command would allow re-specifying the IP address of the “private” group: root@CyBoxAP:~# uci set snmpd.private.source=<ccu>...

  • Page 77: Reading System Information

    = STRING: "CYAP.-V-W8IRQWWEUPX" iso.3.6.1.4.1.2021.8.1.2.100.102.1 = INTEGER: 0 iso.3.6.1.4.1.2021.8.1.2.100.103.1 = "" MIB name: iso.3.6.1.4.1.2021.8.1.2.100.2.1 = STRING: "boardname" Function executed on CyBox LTE 2: iso.3.6.1.4.1.2021.8.1.2.100.3.1 = STRING: "/bin/cat /var/BOARDNAME" Error code from function call: iso.3.6.1.4.1.2021.8.1.2.100.100.1 = INTEGER: 0 Return value from function call: iso.3.6.1.4.1.2021.8.1.2.100.101.1 = STRING: "CYAP.-V-W8IRQWWEUPX"...
  • Page 78 • wireless0, wireless1 … wireless19 Note: A normal CyBox LTE 2 configuration consists of six wireless interfaces, but there are up to twenty interfaces possible, so snmpwalk will result in up to 80 percent of undefined (Empty UCI entry) values.
  • Page 79 CYBOX LTE 2 iso.3.6.1.4.1.2021.8.1.2.151.102.1 = INTEGER: 0 iso.3.6.1.4.1.2021.8.1.2.151.103.1 = "" 7.6.2.3 Readout Network Device to SSID Assignment The following command shows the order of the Wifi interfaces. snmpwalk -c public -v 2c 192.168.100.1 1.3.6.1.4.1.2021.8.1.2.152 iso.3.6.1.4.1.2021.8.1.2.152.1.1 = INTEGER: 1 iso.3.6.1.4.1.2021.8.1.2.152.2.1 = STRING: "wlan_ssid"...
  • Page 80 By default all SNMP write control is restricted to localhost. Refer to chapter 8.1 to enable write access. A write command to the CyBox LTE 2 is always done on the same UCD MIB OID ‘1.3.6.1.4.1.2021.8.1’. The write operation requires a string parameter, which is parsed with ‘/etc/snmp/set_cyboxap’ and translated into a system internal call on the CyBox LTE 2.
  • Page 81 CYBOX LTE 2 snmpwalk -c public -v 2c 192.168.100.1 1.3.6.1.4.1.2021.8.1.2.151 iso.3.6.1.4.1.2021.8.1.2.151.1.1 = INTEGER: 1 iso.3.6.1.4.1.2021.8.1.2.151.2.1 = STRING: "ssid_order" iso.3.6.1.4.1.2021.8.1.2.151.3.1 = STRING: "/etc/snmp/get_cyboxap ssid_order" iso.3.6.1.4.1.2021.8.1.2.151.100.1 = INTEGER: 0 iso.3.6.1.4.1.2021.8.1.2.151.101.1 = STRING: "CyAP0_00486889_00486886_EST0" iso.3.6.1.4.1.2021.8.1.2.151.101.2 = STRING: "Guest_007" iso.3.6.1.4.1.2021.8.1.2.151.101.3 = STRING: "CyAP0_00486889_00486886_vlan007" iso.3.6.1.4.1.2021.8.1.2.151.101.4 = STRING: "CyAP0_00486889_00486886_vlan123"...
  • Page 82 CYBOX LTE 2 part “=new-value” only the config-item marker is set. This can be used to readout an item (no OID) without modifying it. Note: Remember to commit changes in order to save then with the command ‘uci commit’. 7.7.3.1 Set new Hostname Hostname is configured in ‘/etc/config/system’...

  • Page 83: Snmp Applications

    CYBOX LTE 2 iso.3.6.1.4.1.2021.8.1.2.108.100.1 = INTEGER: 0 iso.3.6.1.4.1.2021.8.1.2.108.101.1 = STRING: "system.@system[0].config_description=Version 1.1 Beta ABC" iso.3.6.1.4.1.2021.8.1.2.108.102.1 = INTEGER: 0 iso.3.6.1.4.1.2021.8.1.2.108.103.1 = "" Commit this change from UCI temporary storage to permanent overlay file system. snmpset -c private -v 2c 192.168.100.1 1.3.6.1.4.1.2021.8.1 s "uci commit system"...
  • Page 84 CYBOX LTE 2 user@host:~$ snmpwalk -c public -v2c 192.168.100.1 1.3.6.1.4.1.2021.8.1.2.155 delivers iso.3.6.1.4.1.2021.8.1.2.155.1.1 = INTEGER: 1 iso.3.6.1.4.1.2021.8.1.2.155.2.1 = STRING: "gps_info" iso.3.6.1.4.1.2021.8.1.2.155.3.1 = STRING: "/bin/cat /var/run/gps/gps.info" iso.3.6.1.4.1.2021.8.1.2.155.100.1 = INTEGER: 0 iso.3.6.1.4.1.2021.8.1.2.155.101.1 = STRING: "Status: A" iso.3.6.1.4.1.2021.8.1.2.155.101.2 = STRING: "Quality: 1" iso.3.6.1.4.1.2021.8.1.2.155.101.3 = STRING: "Sat: 9"...
  • Page 85 CYBOX LTE 2 The command user@host:~$ snmpwalk -c public -v2c 192.168.100.1 1.3.6.1.4.1.2021.8.1.2.156 will return iso.3.6.1.4.1.2021.8.1.2.156.1.1 = INTEGER: 1 iso.3.6.1.4.1.2021.8.1.2.156.2.1 = STRING: "gps_raw" iso.3.6.1.4.1.2021.8.1.2.156.3.1 = STRING: "/bin/cat /var/run/gps/gps.raw" iso.3.6.1.4.1.2021.8.1.2.156.100.1 = INTEGER: 0 iso.3.6.1.4.1.2021.8.1.2.156.101.1 = STRING: "$GPRMC,094908.000,A,4957.5942,N,00815.4955,E,0.2,194.2,050717,,,A\*6E" iso.3.6.1.4.1.2021.8.1.2.156.101.2 = STRING: "$GPGGA,094908.000,4957.5942,N,00815.4955,E,1,07,1.3,149.90,M,47.9,M,,\*6E" iso.3.6.1.4.1.2021.8.1.2.156.101.3 = STRING: "$GNGSA,A,3,24,25,32,29,31,02,,,,,,,2.2,1.3,1.8\*2C"...
  • Page 86 CYBOX LTE 2 7.8.3 SNMP Support for LTE A number of LTE connection and control parameters can be read and written using SNMP commands. It is also possible to start or stop the LTE modem card and to select a predefined SIM card slot.
  • Page 87 CYBOX LTE 2 modem0_signal" iso.3.6.1.4.1.2021.8.1.2.3010.100.1 = INTEGER: 0 iso.3.6.1.4.1.2021.8.1.2.3010.101.1 = STRING: "[/dev/cdc-wdm1] Successfully got signal info" iso.3.6.1.4.1.2021.8.1.2.3010.101.2 = STRING: "HDR:" iso.3.6.1.4.1.2021.8.1.2.3010.101.3 = STRING: " RSSI: '-125 dBm'" iso.3.6.1.4.1.2021.8.1.2.3010.101.4 = STRING: " ECIO: '-2.5 dBm'" iso.3.6.1.4.1.2021.8.1.2.3010.101.5 = STRING: " IO: '-106 dBm'"...
  • Page 88 “flying”. This way, a central controller is established without creating a single point of failure. The CyBox LTE 2 automatically takes part on the mechanism and could be elected as controller, or otherwise will be a worker.
  • Page 89 CYBOX LTE 2 strongSwan is a multiplatform IPsec implementation. The focus of the project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys and certificates on smartcards through a standardized PKCS#11 interface and on TPM 2.0.
  • Page 90 CYBOX LTE 2 The service is disabled in default factory configuration. First step is to decide if configuration files should be automatically generated or are provided and edit by operator. The next chapters supposes that configuration is generated by IPSec start script (init.d/ipsec).
  • Page 91 CYBOX LTE 2 PSK Secret configuration 9.4 IPSec Tunnel / Transport Connection The parameters in this menu are named analogue to the standard parameters in offical configuration documentation. Please refer to: https://wiki.strongswan.org/projects/strongswan/wiki/ConfigurationFiles...
  • Page 92 CYBOX LTE 2 Tunnel Connection configuration The Transport Connection is similar to the Tunnel Connection setup. Transport Connection configuration 9.5 IPSec Crypto Proposal configuration In default factory configuration some Crypto Proposal are already defined. With the Add button new proposals...
  • Page 93 CYBOX LTE 2 Crypto Proposals, some are predefined 9.6 IPSec Firewall Custom Rules The standard firewall setup (factory default) may require new custom rules to handle IPSec ESP package forwarding. The firewall obtained some additional custom rules Cut and Paste buffer for IPSec Firewall - Custom Rules edit:...
  • Page 94 CYBOX LTE 2 9.7 IPSec Service Start If the Enable service box is activated and new settings are applied, the service will restart. IPSec service is automatically restarted The IPSec service connection status can ob observed in the Connection Status menu tab.
  • Page 95 CYBOX LTE 2 10 SSH / SERIAL CONSOLE On a Windows PC, you can use the program PuTTY (http://www.putty.org). a. Ethernet cable (SSH) Ensure that an Ethernet cable is connected between your PC and the access point. The following instruction assumes that the default settings are used.
  • Page 96 CYBOX LTE 2 Windows device manager showing COM ports Once the connection is established, a login should be requested on serial console window. If this is not the case, press Enter on the keyboard and/or disconnect and reconnect the USB serial adapter on the CyBox side.

  • Page 97: Other Commands

    CYBOX LTE 2 Next, commit the settings by running: /etc/init.d/network restart Remember to login again to the new IP address. 10.2 Other commands a. Restore factory settings The factory settings can be restored with the command factory_reset b. Export configuration The current configuration can be saved in the CyBox folder ‘/tmp/’...
  • Page 98 CYBOX LTE 2 In most cases an adapted or new configuration archive must also be installed, to match the new firmware version. The overlay partition is used to keep the configuration settings made by user to be present after power cycle.
  • Page 99 CYBOX LTE 2 11.2 USB Possibilities Via USB stick it is possible to update configuration and firmware. A USB stick can be connected to the device, it needs a dedicated USB adapter. a. Export configuration Archived configurations can be exported from the command line to an empty USB stick by copying the configuration to ‘/mnt/sda1’.

  • Page 100: Status Led Blink Codes

    CYBOX LTE 2 #!/bin/sh sysupgrade -t V20.36.3-cyap2-lzma.itb sysupgrade -r backup-cyap2-20.36.3.tar.gz exit 0 11.3 Status LED Blink Codes While the upgrade process is running or has finished the ‘Fail LED’ (red/green) is used as status indicator. Blink codes in upgrades: Blink Code repeated Description RED 0.2sec on - GREEN 0.2sec on...

  • Page 101: Gnu General Public License

    CYBOX LTE 2 12 APPENDIX: GPL LICENSE GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright © 2007 Free Software Foundation, Inc. <https://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

  • Page 102: Terms And Conditions

    CYBOX LTE 2 States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free.
  • Page 103 CYBOX LTE 2 implementation is available to the public in source code form. A “Major Component”, in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it.
  • Page 104 CYBOX LTE 2 You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code;...
  • Page 105 CYBOX LTE 2 received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge.
  • Page 106 CYBOX LTE 2 reading or copying. 7. Additional Terms. “Additional permissions” are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law.
  • Page 107 CYBOX LTE 2 However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation.
  • Page 108 CYBOX LTE 2 not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, “control” includes the right to grant patent sublicenses in a manner consistent with the requirements of this License.
  • Page 109 CYBOX LTE 2 all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program.

  • Page 110: End Of Terms And Conditions

    CYBOX LTE 2 If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee.
  • Page 111 CYBOX LTE 2 This license document may be reproduced and distributed unchanged, but no modifications are permitted. Translation: <www-en>, 2011-2014, 2016. 13 APPENDIX: SNMP OID OVERVIEW This overview is also available with factory settings via the web interface using the URL: http://192.168.100.1/snmpd.txt.
  • Page 112 CYBOX LTE 2 # wireless<index>.<entry> <value> # uci <command> <config>.<section>[.<option>]=<value> # service <name> <action> # reboot # SNMPSET system call: # snmpset -c private -v 2c <IPv4> 1.3.6.1.4.1.2021.8.1 s <command string or set entry string> # SNMPGET/SNMPWALK objects: # see list below # SNMPGET system call: # snmpget -c public -v 2c <IPv4>...
  • Page 113 IPv4 address 192.168.100.1/24 lan_alias static IPv4 address Calculated based on serial See chapter 4.1 IP Addresses of number the CyBox LTE 2 lan_dhcp IPv4 DHCP client lan_mac static IPv4 address Calculated based on eth0 MAC See chapter 4.1 IP Addresses of...
  • Page 114 CYBOX LTE 2 Default Network Configuration...

This manual is also suitable for:

Cybox lte 2-w

Table of Contents