RL mbNET.rokey RA70K Manual

page of 309

/ 309
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

Manual

V 7.3.0 - en | Apr 4

, 2024

Table of Contents

Need help?

Do you have a question about the mbNET.rokey RA70K and is the answer not in the manual?

Questions and answers

Summary of Contents for RL mbNET.rokey RA70K

Page 1 Manual V 7.3.0 - en | Apr 4 , 2024...
Page 2 By purchasing an mbNET router, you’ve selected a Made in Germany product. Our products are manufactured exclusively in Germany, to guarantee the highest quality and to secure jobs in Europe. This manual describes the functions and operation of the mbNET.rokey / RA70K Router RKH 210, RKH 216, RKH 235 andRKH 259 from hardware version HW 03 up to HW 05 and with firmware version from V 8.0.0.
Page 3: Table Of Contents
Table of contents General..............................9 Release note............................11 Brief description..........................13 Features..............................13 Information on cyber security......................15 Warning signs............................. 15 Security information........................... 16 Maintenance............................18 Decommissioning/Disposal........................18 Legal notice............................20 Technical Data.............................21 Scope of Supply..........................26 Display, controls and connectors..................... 27 13.1 Front view of the device......................27 13.2 View at the top of the device with pin assignment..............31 13.3 View of underside of device.......................
Page 4 20.3 Finish - Apply settings........................ 46 Quick Start - Cloud Status Page....................... 47 21.1 Quick Start..........................47 21.2 Diagnosis.............................49 21.2.1 Output of device diagnostic information to a USB stick..........50 21.3 IoT............................... 51 Classic router - configuring the mbNET via the web interface............52 22.1 Description of the graphical user interface (configuration interface)..........
Page 5 23.9 System > Configuration (backup and restore)................96 23.10 System > Firmware (Firmware update)..................97 Network - connection settings and options..................99 24.1 Network > LAN......................... 101 24.1.1 Interface........................101 24.1.2 Routes...........................106 24.2 Network > WAN........................108 24.2.1 Interface - set WAN interface type................108 24.2.2 Routes...........................110 24.3 Network >...
Page 6 26.4 Security Settings > Forwarding....................169 26.4.1 Edit Forwarding Rule....................171 26.5 Security settings > NAT......................173 26.5.1 SimpleNAT........................173 26.5.1.1 Edit SimpleNAT Rule....................174 26.5.2 1:1 NAT.........................176 26.5.2.1 Edit 1:1 NAT rule.......................177 VPN..............................179 27.1 IPSec............................179 27.1.1 Configure IPSec connections..................179 27.1.2 IPSec settings.......................180 27.2 PPTP............................
Page 7 30.3 Network............................. 264 30.4 Firmware........................... 266 30.5 SFTP............................267 30.6 RoKEY............................268 Status (information and analysis)....................269 31.1 Status > Interfaces........................269 31.2 Status > Network........................272 31.2.1 General......................... 272 31.2.2 Firewall..........................273 31.2.3 Network participants..................... 274 31.3 Status > Modem........................275 31.3.1 GSM information......................275 31.3.2 Modem..........................
Page 8 Load factory settings........................306 Device restart (Reset)........................307 Annex..............................308 37.1 Set computer address (IP address) in Windows 10..............308 Page 8 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 9: General
General Purpose of the documentation This document describes the installation, use and functions of the mbNET.rokey / RA70K industrial router RKH 210, RKH 216, RKH 235 und RKH 259. The document serves as a reference guide. Please read carefully and keep in a safe place. Validity The document is valid for industrial routers mbNET.rokey / RA70K RKH 210, RKH 216, RKH 235 und RKH 259 - with firmware version from V 8.0.0 and hardware version from HW 03* up to HW 05.
Page 10 Related documents Getting started with RLConnect24 This document describes the first steps and measures necessary to get a device (mbNET router) connected via the Remote Client (mbDIALUP) to the portal server mbCONNECT24. Current manuals and other information The latest manuals and more information about products related to secure remote maintenance can be found in the download portal at www.mbconnectline.com Page 10 von 309 | V 7.3.0 - en | Apr 4...
Page 11: Release Note
Release note Version Date Comments V 6.0.6 Apr 11 , 2019 Start-Version V 6.0.8 Jun 19 , 2019 Add connection and termination examples for serial interfaces in RS 485 2- and 4-wire operation. See Chapter: "Pin assignment serial interfaces COM1/COM2 (front of device)" Note on "Last error message"...
Page 12 Version Date Comments V 7.2.0 Aug 25 , 2022 Devices with GSM modem: The following fields/information have been added under Status > Modem > GSM Information and in the Quickstart: - Mobile number (Own number) - MCC - MNC All SMS received from this device (mbNET) are now listed under Status > Modem >...
Page 13: Brief Description
Brief description The mbNET industrial router offers you optimum flexibility and security, making remote communication with your systems both easy and secure. Thanks to its compact design, the mbNET router will fit into any switch cabinet, and with its multiple interfaces and drivers, is the perfect solution for integrating different control sys- tems.
Page 14 Use of open source software General Our products include, among other things, open source software, which is manufactured by a third party and has been published for free use by anyone. The open-source software is available under special open-source software licences and copyright of third parties. In principle, each customer can use open source software free of charge under the licence terms of the respective manufacturers.
Page 15: Information On Cyber Security
Information on cyber security To prevent unauthorized access to facilities and systems, observe the following security recommendations: General • Periodically ensure that all relevant components meet these recommendations and any additional inter- nal security policies. • Perform a security assessment of the entire system. Use a cell protection concept with suitable prod- ucts.
Page 16: Security Information
NO T I CE Note - indicates a potentially dangerous situation that can lead to property damage if not avoided. TI P A tip indicates additional information and guidance, for example on cyber security, which facilitates secure use of the system. Security information General •...
Page 17 EN/F Safety instructions • Assembly, installation and commissioning of the router should be carried out only by qualified person- nel. The respective national safety and accident prevention regulations must be observed. • The router is built in accordance with the latest technology and all recognised safety rules (see declara- tion of conformity).
Page 18: Maintenance
Maintenance Our devices are maintenance-free units. If a device shows signs of damage or malfunctions, the device must be put out of operation immediately and secured against unintentional operation. NO T I CE Regardless of the maintenance-free hardware, there is a need for action in terms of IT security. •...
Page 19 Only for EU countries: Dispose of the device in accordance with the Waste Electrical and Electronic Equipment Directive 2012/19/ EU - WEEE. Decommissioning/Disposal | Page 19 of 309...
Page 20: Legal Notice
Legal notice Qualified personnel The product/system described in this documentation may be operated only by personnel qualified for the spe- cific task in accordance with the relevant documentation, in particular its warning notices and safety instruc- tions. Qualified personnel are persons who, due to their training, experience, instruction in and knowledge of the relevant standards, regulations and accident prevention regulations have been authorized by the person responsible for the safety of the machine to carry out the required activities and who have the ability to recog- nize and avoid potential hazards.
Page 21: Technical Data
Technical Data mbNET.rokey industrial router RKH 210, RKH 216, RKH 235, RKH 259 EU, RKH 259 AT&T, RKH 259 US - from Hardware version: HW 03 - HW 05 You can find the hardware version on the device rating plate. Housing dimensions and views Image 1: Illustration as an example, equipment and interfaces vary depending on the device type.
Page 22 Release note Version Date Comment V 6.2 Febr 26 , 2020 Previous version: V 1.0 from Nov. 2 , 2018 Correction of the current consumption: old = 1300 mA => new = 500mA Add the performance data for new LTE module, for devices with hardware version HW04.
Page 23 I/Os and standard interfacesGeneral Data Digital inputs 4 pieces, 1030 V DC (electrically isolated), (low 0 – 3.2 V DC, high 8 – 30 V DC) Digital outputs 2 pieces, 10-30 V DC (electrically isolated), to a maximum of 1.5 A per output WAN interfaces 10/100MBit/s full and half duplex operation, automatic detection patch cable/cross- over cable (auto detection)
Page 24 Communication Devices with LTE (4G) modem EU (RKH 259 EU) from hardware version: HW 05 Target region EMEA GSM/GPRS/EDGE 900 (B8), 1800 (B3) MHz; max. 236 kbps HSxPA 900 (B8), 1800 (B3), 2100 (B1) MHz; Downlink max. 42 Mbps, Uplink max. 5,76 Mbps 800 (B20), 900 (B8),1800 (B3), 2100 (B1), 2600 (B7), 700 (B28A) MHz;...
Page 25 Devices with hardware version up to HW 04 Countries where used North America GSM/GPRS/EDGE 850, 1900 MHz; max. 236 kbps HSxPA 1900 (B2), 850 (B5) MHz; Downlink max. 21 Mbps, Uplink max. 5.76 Mbps 1900 (B2), AWS 1700 (B4), 850 (B5), 700 (B17) MHz; Downlink max. 100 Mbps, Uplink max.
Page 26: Scope Of Supply
Scope of Supply Check the package contents for completeness: All device types 1 x mbNET.rokey or 1 x RA70K 1 x Quick Start Guide 1 x Device information card includes two keys (1 x red, 1 x black) Item No.: 8.002.704.00.00 (Fig.
Page 27: Display, Controls And Connectors
Display, controls and connectors 13.1 Front view of the device Function / status LEDs WAN interface LAN interfaces 1 – 4 (4 port switch) USB Host 2.0 Dial Out button Reset button Antenna connection (2 pieces SMA socket) Serial interface COM Coding switch hexadecimal (Function in prepa- ration) 9.a Function / status LEDs for coding switch...
Page 28 Function / Status LEDs Description colour status orange flashes • Together with Fc2 if a portal configuration has been detected via the USB in- terface. • Together with Fc3 if a firmware has been detected via the USB interface. orange No data traffic on COM2 - incoming flashes Data traffic on COM2 - incoming...
Page 29 Description colour status Stat flashes Error in memory Error found The error type can be viewed on the WebGUI of the mbNET under System> Info> "Last error message". green In conjunction with the mbCONENCT24 portal: User is connected to the device. Operation green For key switch position: OFF / ONL...
Page 30 Interfaces Designation Status Description – WAN port on the router (customer network, DSL modem,...) green flashes Network connection available WAN LED orange flashes Network traffic active LAN 1 - 4 – Local network connection (e.g. machine network) LAN-LED green flashes Network connection available 1 –...
Page 31: View At The Top Of The Device With Pin Assignment
13.2 View at the top of the device with pin assignment Supply voltage connection 10 - 30 VDC – Connection 0 VDC / device housing Digital input E4 (10 - 30 VDC) galvanically isolated Digital input E3 (10 - 30 VDC) Digital input E2 (10 - 30 VDC) Digital input E1 (10 - 30 VDC) Secure Voltage 10 - 30 VDC...
Page 32: View Of Underside Of Device
13.3 View of underside of device Devices with LTE (4G) modem Type Equipment RKH 259 1 x SD card slot 2 x SIM card slot 2 x SMA socket for GSM antenna (MIMO) Standard devices Type Equipment RKH 210 1 x SD card slot RKH 216 RKH 235 Page 32 von 309 | V 7.3.0 - en | Apr 4...
Page 33: Interface Assignment
Interface assignment 14.1 Pin assignment of terminal blocks X1 and X2 on the top of the device Supply voltage connection 10 - 30 VDC – Connection 0 VDC / device housing Digital input E4 (10 - 30 VDC) galvanically isolated Digital input E3 (10 - 30 VDC) Digital input E2 (10 - 30 VDC) Digital input E1 (10 - 30 VDC)
Page 34: Pin Assignment Lan/Wan Port On Front Of Device
In RS 485 mode, terminations must be carried out using terminating resistors in accordance with the number of conductors. Below you can see example circuits for 4-wire and 2-wire operation. Image 2: Connection example for the 4-wire operation Image 3: Connection example for the 2-wire operation 14.4 Pin assignment LAN/WAN port on front of device Signal Not assigned...
Page 35: Pin Assignment Usb Port On Front Of Device
14.5 Pin assignment USB port on front of device Signal VCC (+ 5 V) – Data +Data Interface assignment | Page 35 of 309...
Page 36: Router Installation
Router Installation Installation position/minimum clearances The router is designed to be mounted on DIN top hat rails (in accordance with DIN EN 50 022) and for installation in a control cabinet. The router is designed exclusively for use in the control cabinet and with safety extra-low voltage (SELV) in accordance with DIN EN IEC 62368-1 VDE 0868-1:2021-05.
Page 37 NO T I CE Before you connect the router to a network or a PC, make sure that the router is properly connected to the power supply. Otherwise, other devices may be damaged. galvanically isolated 1. Connect the equipotential bonding to the grounding screw on the top side of the router. Note that the grounding screw and the device housing with the 0 V potential of the power supply are electrically connected to terminal X1.
Page 38: Connect Router To Configuration Pc
Connect router to configuration PC You can access the web interface of the mbNET directly via a PC. Requirement: • PC with network card • Internet browser (HTML5 compatible) • The IP address of the computer must be in the same network as the mbNET - 192.168 in this case.
Page 39: Calling Up The Mbnet Web Interface
Calling up the mbNET web Interface Start the Web browser on your PC and type the re- quired IP address of the router in the address bar. Factory setting is: 192.168.0.100 NO T I CE Please note that access to the web interface is possible only via the HTTPS protocol (https://192.168.0.100). Log in to the router - Factory setting is: User name: admin...
Page 40: First Start
First Start When you first start the device web interface, you can choose how you want to use your mbNET in the future: • Cloudserver When selecting "Portal Server" the mbNET is linked to the RLConnect24 portal and configured and operated from there.
Page 41: Portal Server - First Start
Portal server - First start Setting the connection data to the portal server (optional) NO T I CE This step is optional and can be skipped because the mbNET can be configured directly from the RLCon- nect24 portal. To cancel this operation, simply logout from the web interface (admin > Logout). Information about the benefits of using RLConnect24 can be found on our website www.mbconnectline.com or contact your Red Lion distribution partner.
Page 42: Internet - Configuring The Internet Connection
20.1 Internet - Configuring the Internet connection Image 4: the selection may vary depending on the device type Here, you can select how to connect to the Internet. And click on "Next". Depending on the device type, the selection is •...
Page 43 Clicking on "Next" will take you to the Portal Server settings. Static If interface type Static is selected, enter your WAN settings for the Ethernet-Internet connection. Designation Description Interface type Selection field for the interface type: - DHCP - Static WAN IP address Enter the WAN IP address.
Page 44: Modem Connection Settings
20.1.2 Modem Connection Settings Designation Description Network (provider) Selection field for the service provider APN (Access Enter the APN of your provider here, if necessary. Point Name) SIM Pin Enter the SIM PIN of the SIM card used. User If necessary, enter your user name and password. Password Clicking on "Next"...
Page 45 Designation Description List of portal servers List of available portal servers: (For more informa- • rsp.mbconnect24.net (EU) tion see the "mbCON- NECT24 Server List” • rsp.mbconnect24.us (US/CAN) table) • rsp.mbCONNECT24.asia (ASIA) • rsp.au.mbCONNECT24.net (AU) • User defined Host address or DNS The matching host address of the portal server selection will be shown here.
Page 46: Finish - Apply Settings
20.3 Finish - Apply settings Save changes Save the settings by clicking on "Save Changes". Complete Click"Complete" to complete the process. You will be taken to the "Cloudstatus Page" (Quick start). Here you can find information (including connection errors and their cause) for each connection to the Internet, and the Portal Server. NO T I CE Do not switch off the mbNET until the mbNET has picked up its configuration from the portal.
Page 47: Quick Start - Cloud Status Page
Quick Start - Cloud Status Page 21.1 Quick Start This display appears a. each time you call up the mbNET web interface, if you have created the mbNET as a portal device b. from the configuration interface via the "admin" Menu Here, you can detect connection errors and determine the cause.
Page 48 In Step 1, you will receive an overview of interfaces and general system information. Step 2 provides information about the status of the connection to the Internet. In Step 3, you will see the result from the DNS and NTP check as well as the port check (port 80/443/1194) for the remote maintenance portal.
Page 49: Diagnosis
21.2 Diagnosis Image 5: Diagnostic example with executed command: "TCPDUMP" Designation Description Ping After entering an internet address or an IP address, you can use the ping command (Click on the "Ping” button) to determine whether the corresponding address is ac- cessible.
Page 50: Output Of Device Diagnostic Information To A Usb Stick
Designation Description TCPDUMP In order to closely monitor the network traffic, you can use the "TCPDUMP” com- mand. Some examples of the use of this command are: • -i eth0 not port 80 Displays all TCP/IP connections to the (-i) LAN (eth0) interface, except (not) those using Port 80 (port 80) when incoming or outgoing.
Page 51: Iot
21.3 IoT Here you can see an overview • of the serial number and the license type of the mbEDGE SD card used • of the status of the IoT service (Docker) • of the Docker Management Status • of the status of activation for Flows and Dashboard Click on the "Flows"...
Page 52: Classic Router - Configuring The Mbnet Via The Web Interface
Classic router - configuring the mbNET via the web interface If you use the mbNET as a classic router, the complete configuration and setup is performed via the web interface of the device. 22.1 Description of the graphical user interface (configuration interface) Image 6: Basic structure of the graphical user interface Main Navigation First-level navigation for the operational user interface.
Page 53: Description Of Buttons, Icons And Fields
22.2 Description of buttons, icons and fields Here, you will find an overview of the display elements, input/selection fields and buttons. Symbol Description Display element- greyLED example: a link is inactive, a cable or USB device is not connected, Output1 is inactive etc.
Page 54: System - Settings And Basic Router Configuration
System - settings and basic router configuration Here, you will find general system information and settings. Under the System menu the following submenus are listed: Submenu Description Info General system information CTM* Configuring the CTM (Config Transfer Manager). Settings General system configuration (e.g. time and mail settings). Website HTTPS access configuration in the mbNETweb interface.
Page 55: System > Info
23.1 System > Info Image 7: Example display, content can vary depending on the type of device. System - settings and basic router configuration | Page 55 of 309...
Page 56 System Here you will find information about • Device type • Serial number • Firmware version • Device name in the network Warnings or/and the most recent error are also displayed here. Network Here you will find information about • Interface LAN and WAN displays which network ports are linked/connected at the moment to the existing net- work via the corresponding sockets.
Page 57: System > Ctm (Configuration Transfer Manager)
23.2 System > CTM (Configuration Transfer Manager) The CTM allows the mbNET to transfer the portal configuration via the active Internet connection, i.e. the mbNET picks up its configuration from the RLConnect24 portal, as soon as it comes online. In order to ensure the transfer, CTM must be activated on the mbNET.
Page 58 Designation Description Active "Yes / No" selection field to activate/deactivate this function. Host address or DNS Enter the host address or DNS name. Session-Key Enter the session key generated by the portal. Enable connection "Yes/No" selection field - select "Yes" if you want to use an HTTPS proxy server through a HTTP proxy as the outgoing connection.
Page 59 Designation Description HTTP proxy username User name input field If required, the domain name (domain\username), as well as the authentication method are also here (for "NTLM”: User- name#AUTH-NTLM or for "NTLMv2": Enter Username#AUTH-NTLM2). HTTP proxy password Server password input field Clicking on "Save”...
Page 60: System > Settings
23.3 System > Settings Page 60 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 61 In the Settings submenu you can configure the following functions: Function Description/content System settings • Assign a device name in the network • Configure a device reboot Time Settings • Set the local time (date/time) • Select the time zone NTP Settings •...
Page 62: System > Settings > System Settings
23.3.1 System > Settings > System Settings Designation Description Hostname Enter here a name that allows the router to be reached on the network. NO T I C E The mbNET can only be reached under this Hostname, if the DNS server that is registered on your PC knows the device name and the IP address of the mbNET.
Page 63: System > Settings > Time Settings
23.3.2 System > Settings > Time Settings Designation Description Date/Time (UTC) Displays the current system time in UTC (Coordinated Universal Time). Local Date Time Displays the current system time based on the selected time zone. Set local Date Time Adjustable system time, which is used, if no automatic time adjustment is to take place, or is not possible.
Page 64: System > Settings > Ntp Settings
23.3.3 System > Settings > NTP Settings The Network Time Protocol (NTP) is a standard for synchronizing clocks in computer systems via pack- age-based communication networks. When time synchronization, the NTP client gets the current time from an NTP server. The mbNET can act both as an NTP client and as an NTP server.
Page 65 Designation Description Time synchronization Checkbox for enabling/disabling the NTP function. using NTP If this checkbox is activated, the mbNET acts as an NTP client. Server address Enter the IP address or the name of the time server (default address: 0.de.pool.nt- p.org).
Page 66: System > Settings > Mail Settings
23.3.4 System > Settings > Mail Settings In the case of certain events (e.g. from the alarm management) you can send automatically generated mes- sages from the system via email. Here you set whether the mbNET should use the mail server of Red Lion, with fixed specifications, or whether you want to use your own SMTP server.
Page 67 Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. NO T I CE Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently. System - settings and basic router configuration | Page 67 of 309...
Page 68: System > Settings > Device-Api
23.3.5 System > Settings > Device-API The mbNET can be used as an MQTT broker. Designation Description Enable MQTT access Checkbox zum Aktivieren/Deaktivieren dieser Funktion. to status topcis MQTT Password Mandatory field for entering a password. Allowed special characters: _-.:;,#@!%/&*+$)"=? No default password is specified here.
Page 69 The MQTT debug list outputs the system information in tabular form. System - settings and basic router configuration | Page 69 of 309...
Page 70: System > Settings > System Service
Check box for enabling/disabling this function. service enable NO T I C E The "SimplyConnect (SC3) Activate Service" function is only relevant if you operate the router in the RL- Connect24 portal. You can find information about SimplyConnect on our website at www.mbconnectline.com...
Page 71: System > Web
23.4 System > WEB In the Web submenu you can configure the following functions: HTTPS device configuration access Function Description/content HTTPS Port Here you can • change the default port (443), through which the HTTPS server is accessed. ° Important! If you change the default ports, you must specify the new port in the browser's address bar (e.g.:192.168.0.100:84).
Page 72 System Services Function Description/content Enable access to This function is only relevant if you operate the router in the RLConnect24 portal Quickstart WITHOUT (Cloudserver). credentials You can find a description of this function in the RLConnect24 online help. Enable login via GET- Checkbox to activate / deactivate this function.
Page 73: System > Web > Https Access For Device Configuration
23.4.1 System > Web > HTTPS access for device configuration Designation Description HTTPS Port Here you can change the default port (443), through which the HTTPS server is ac- cessed. Important! If you change the default ports, you must specify the new port in the browser's address bar (e.g.:192.168.0.100:84).
Page 74: System > Web > System Services
23.4.2 System > Web > System Services System Services Function Description/content Enable access to This function is only relevant if you operate the router in the RLConnect24 portal Quickstart WITHOUT (Cloudserver). credentials You can find a description of this function in the RLConnect24 online help. Enable login via GET- Checkbox to activate / deactivate this function.
Page 75: System > User
23.5 System > User Here you can manage the users who have access to the configuration interface of the mbNET. • By default, the user "admin", is created with all rights. • The user "admin" is associated with the device password. •...
Page 76: Added/Edited User
23.5.1 Added/Edited User Designation Description User name Mandatory field for entering a user name (for example, User1) Full Name Mandatory field for entering a name (for example, Peter Schmidt) Check boxes to enable/disable the type of access by the user to the web interface of the Administration mbNET.
Page 77 Designation Description NO T I C E The password should consist of at least 8 characters, including uppercase letters, numbers and special characters (example: aZ?34%s8). Allowed special characters: _-.:;,#@!%/&*+$)"=? NO T I CE The admin user cannot be deleted! NO T I CE The admin user cannot be deleted! If you change your password, you must enter the current password.
Page 78: System > Certificates
23.6 System > Certificates The main component for VPN connections using IPSec or OpenVPN is the trust between two or more com- munication partners. An authenticity test is required for secure communications. This is done using PKI (public key infrastructure). Certificates will ensure that the "right"...
Page 79: Own Certificate
23.6.1 Own certificate Own certificates are used by the certificate holder. These are issued and signed by a higher authority (CA Root Certificate). In order for the mbNET to be able to use its own certificate at a remote terminal so as to show it there, the appropriate PKCS12 file (certificate including private key) must be selected, in order to import this.
Page 80 In the overview, you can see certificates imported thus far. Page 80 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 81: Ca Certificate (Root Certificate)
23.6.2 CA certificate (root certificate) A root certificate verifies that the remote site certificate is signed. Such a stem cell certificate must be imported, if under the VPN settings "by means of a certificate from the same CA" is selected as the authentication method. The entry from the root certificate will be used as a criterion to decide whether the certificate of the in-dialling device is valid.
Page 82 In the overview, you can see certificates imported thus far. Page 82 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 83: Partner Certificate (Ipsec)
23.6.3 Partner certificate (IPSec) Partner certificates are certificates of the remote terminal. They are only required if the VPN settings "Authen- tication via partner certificate" have been selected. In this case, the criterion for deciding the validity of a certificate is that a copy of this partner certificate exists locally.
Page 84 In the overview, you can see certificates imported thus far. Page 84 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 85: Crl (Revocation List)
23.6.4 CRL (revocation list) The recover/revocation list (Certificate Revocation List CRL, for short) checks whether the certificates of in- dialling computers are valid or not. The CRL contains the serial numbers of certificates that should be blocked. So if one wants to deprive people of permission to dial into the mbNET or the underlying PLC, it is only necessary to create a CRL.
Page 86 In the overview, you can see certificates imported thus far. Page 86 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 87: System > Memory Devices
23.7 System > Memory devices The mbNET has • a USB port (USB Host 2.0) on the front of the device and • an SD card slot on the bottom of the device 23.7.1 USB You can connect a USB device (USB stick or USB hard drive) to the USB port on the Industrial router. The USB storage medium can be accessed via SFTP.
Page 88: Usb Settings
23.7.1.1 USB Settings Within USB Settings you can select USB Mode: • USB memory via SFTP • USB Transparent (USBOverIP) NO TI CE USB mode "USB Transparent (USBOverIP)" is only relevant/functional in conjunction with the RLCon- nect24 Remote-Service-Portal and the Remote Client mbDIALUP . Related settings can only be made via RLConnect24 and mbDIALUP.
Page 89: Usb Access From The Network
23.7.1.2 USB access from the network Designation Description Active Check box for enabling/disabling this function. If the checkbox is activated, a connected USB storage medium is integrated by the mbNET. SFTP User Input field for the SFTP user name SFTP password Input field for the SFTP password SFTP Password Input field for confirmation of the SFTP User Password.
Page 90: Usb Devices
23.7.1.3 USB devices You can connect a USB device (USB stick or USB hard drive) to the USB port on the Industrial router. The USB storage medium can be accessed via SFTP. A LED icon will display if a USB storage medium is connected to the mbNET or has been detected. USB Device connected Green LED symbol = USB storage medium available Gray LED symbol = No USB storage device connected...
Page 91: Sd-Card
23.7.2 SD-Card NO T I CE The "SD access from network" configuration menu is only available when using an mbEDGE card and after activating the card via the menu "IoT > Control > Docker - activate mbEDGE". Other SD cards are not recognized by the mbNET. An LED symbol indicates whether an SD card is inserted in the mbNET.
Page 92: Sd Access From Network
23.7.2.1 SD Access from network Designation Description Active Check box for enabling/disabling this function. If the checkbox is activated, a connected SD card is integrated by the mbNET. SFTP User Input field for the SFTP user name SFTP Password Input field for the SFTP password SFTP Password Input field for confirmation of the SFTP User Password.
Page 93 Click the Edit icon to edit the corresponding function. System - settings and basic router configuration | Page 93 of 309...
Page 94: General Settings
23.8.1 General Settings Designation Description Set debug output to syslog Check box for enabling/disabling this function. If this checkbox is enabled, debug information is output on the logging server. Log also to USB-Device Check box for enabling/disabling this function. If this checkbox is enabled, the logs are also stored on a USB device. Clicking on "Save”...
Page 95: External Logging (Server Settings)
23.8.2 External logging (server settings) Designation Description Enable external Check box for enabling/disabling this function. logging server When this check box is selected, the system logging of the mbNET is out- sourced to an external computer. Remote IP Address Enter the IP address of the external logging server here. Remote Port Specifies the port number of the extrnal logging server.
Page 96: System > Configuration (Backup And Restore)
23.9 System > Configuration (backup and restore) Here you can download a backup copy of the system configuration (Backup) and, if necessary, restore (Re- store). Click the Edit icon to edit the corresponding function. Page 96 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 97: System > Firmware (Firmware Update)
23.10System > Firmware (Firmware update) Here you can check the actuality of the installed firmware version and if necessary upgrade to a higher version. Click the Edit icon to edit the corresponding function. System - settings and basic router configuration | Page 97 of 309...
Page 98 Firmware update Designation Description Upgrade Method Selection field with the following options: • Auto Update Server => this requires an internet connection to be established. • USB stick => this requires that a USB stick with the new firmware - in the root directory - is connected to mbNET.
Page 99: Network - Connection Settings And Options
automatic Firmware version check and update After activating this function, the actuality of the installed firmware is checked every 24 hours. If a newer version is available on the Autoupdate server, it will be automatically installed. NO T I CE An automatic update will only take place if "Autoupdate server"...
Page 100 Image 8: Example display, content can vary depending on the type of device. Under the Network menu the following submenus are listed: Submenu Description Here you can set the LAN IP address and the subnet mask of the router (mbNET). This IP address accesses the router in the LAN.
Page 101: Network > Lan
24.1 Network > LAN Here you can set the LAN IP address and the subnet mask of the router (mbNET). This IP address accesses the router in the LAN network. You can also specify / add network routes in CIDR format (x.x.x.0/24). 24.1.1 Interface Here you can set the LAN IP address and the subnet mask of the router (mbNET).
Page 102 Configuring the LAN Interface Here you can set the LAN IP address and the subnet mask of the router (mbNET). This IP address accesses the router in the LAN network. Designation Description LAN IP address Enter the IP address for accessing the router. Subnet mask Enter the subnet mask of the network that the router should be integrated into.
Page 103 Network participants Here you can monitor the Network participants. Designation Description Monitors network Selection box to participants • Disable • Passive Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. NO T I CE Temporary stored settings/changes are saved until a reboot of the router.
Page 104 Wake on LAN LAN participants can be entered here who receive a WoL packet either manually or daily via cron job. Click the plus icon , to add WoL participants.. Bezeichnung Beschreibung MAC address Enter the MAC address of the WOL addressee here. Trigger Here you specify how and/or when the WoL addressee should be woken up.
Page 105 Here you can send a WoL wake-up call manually edit an entry delete an entry add a new entry Network - connection settings and options | Page 105 of 309...
Page 106: Routes
24.1.2 Routes If the local network has additional subnetworks, you can add additional network routes in CIDR format (x.x.x.0 / 24) here. Click the Add button to add a route. Add LAN route Designation Description IP address Enter an IP address with CIDR-Suffix (x.x.x.0 / 24). Gateway The gateway to be entered is usually the IP address of the router (mbNET).
Page 107 Edit / Delete LAN route After you confirm your entry by clicking on the "Save" button, your entries appear in the overview of the LAN- routes. Click the Edit icon , to edit the corresponding entry. Click the Delete icon , to delete the corresponding entry.
Page 108: Network > Wan
24.2 Network > WAN Using the mbNET's WAN interface, you can connect a local network to another local network or a public network, such as the Internet. The WAN interface can be configured depending on the application. Optionally, you can define / add network routes here in CIDR format (x.x.x.0/24). 24.2.1 Interface - set WAN interface type Here you can specify the type of interface and configure the interface.
Page 109 Configuring the WAN Interface When selecting interface type Static, you must configure the interface. Designation Description WAN IP address Enter the WAN IP address of the router (mbNET). NO T I C E The WAN IP address and the LAN IP address must be in different address ranges! Subnet mask Enter the subnet mask of the network that the router should be integrated into.
Page 110: Routes
24.2.2 Routes If further sub-networks are connected to the locally connected network, you can define additional routes here. Here, you can specify network routes in CIDR format (x.x.x.0/24) or define routes to individual network users. Click the Add button to add a route. Click the Edit icon , to edit the corresponding route.
Page 111 Edit/Delete WAN route After you confirm your entry by clicking on the "Save" button, your entries appear in the overview of the WAN- routes. Click the Edit icon , to edit the corresponding entry. Click the Delete icon , to delete the corresponding entry. Clicking on "Save”...
Page 112: Network > Modem
24.3 Network > Modem The built-in mbNET modem (analogue or GSM) is provided for dial-up and/or Internet connections if no corre- sponding DSL or network connection is available. NO T I CE If the modem is used for an outgoing internet connection, no incoming connection can be made. 24.3.1 Analogue modem configuration Page 112 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 113: Modem Settings
24.3.1.1 Modem Settings Click the Edit icon to edit the corresponding function. Designation Description Modem init Input field for the country code, the default is +GCI=FD (FD for Europe) NO T I C E A list of country codes for devices with analogue modem can be found in the Appendix. Modem init The command X3 (do not wait for dial tone) is the default connection value.
Page 114: Outgoing (Configuration For Outgoing Connections)
24.3.1.2 Outgoing (configuration for outgoing connections) Here, you configure the access data and the authentication for outgoing connections. Click the Edit icon to edit the corresponding function. Access data (selection of inputs) Page 114 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 115 Designation Description Selection of in- Selection field no/yes puts Select Yes if you want to call several stations. Three more lines for entering the necessary access data will appear. Each of these ad- ditional lines is selected because of signals to digital inputs I2 to I4. Now enter the numbers and the user data for the PPP dial-up in the additional fields.
Page 116 Authentication Here you can select the authentication protocol for the dial-up connection and set the dial-up timeout. Designation Description Authentication us- Authentication protocol with your login data are transmitted in order to protect this da- ing CHAP ta (Challenge Handshake Authentication Protocol). CHAP is normally the procedure which is performed when logging on to the internet at the Internet Service Provider (ISP) via a modem.
Page 117: Incoming
24.3.1.3 Incoming Here you approve the access to the router (mbNET) by a client computer. Click the Edit icon to edit the corresponding function. Network - connection settings and options | Page 117 of 309...
Page 118 Designation Description Dialin enable Check box for enabling/disabling this function. If the checkbox is enabled, access to the router (mbNET) is approved by a client computer. PPP Server IP-Address Enter the address of the router (mbNET) here. (here) You can use the same network domain as the local network. However, you should avoid using an existing address, as this can lead to an address conflict.
Page 119: Call Back
24.3.1.4 Call Back When this capability is activated, the mbNET is ready to connect to the Internet when a call is made. Click the Edit icon to edit the corresponding function. Designation Description Call Back enable Check box for enabling/disabling this function. When this checkbox is activated, the mbNET is ready to connect to the Internet when a call is made.
Page 120: Gsm Modem Configuration
24.3.2 GSM modem configuration Page 120 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 121: Modem Settings (Modem Init)
24.3.2.1 Modem Settings (Modem Init) Here, you can perform the basic modem settings. Click the Edit icon to edit the corresponding function. NO T I CE For a GSM connection, none of the two initializations is necessary to guarantee error-free connection. Network - connection settings and options | Page 121 of 309...
Page 122: Sim 1/Sim 2 Settings (Configuration For Outgoing Connections)
24.3.2.2 SIM 1/SIM 2 Settings (configuration for outgoing connections) Here you can configure the SIM settings, the access data and the authentication for outgoing connections. Click the Edit icon to edit the corresponding function. SIM Settings Here you enter the SIM PIN of the respective SIM card and select your wireless service provider. Page 122 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 123 Designation Description SIM PIN Enter your personal identification number (PIN) of the respective SIM card to provide access. You need a mobile phone to switch the PIN on or off. Provider Selection field with a list of the most common wireless service providers. If your wireless service provider does not appear in the selection, choose “Other provider".
Page 124: General Sim Settings
24.3.2.3 General SIM Settings Here you can specify which SIM card or which of the two SIM card slots is to be used primarily. Click the Edit icon to edit the corresponding function. Designation Description Primary SIM Card Selection field for the SIM card slot, that should be addressed/ used first.
Page 125: Sms (Remotely Control Services Via Sms Send Sms If
24.3.2.4 SMS (Remotely control services via SMS Send SMS if,...) Click the Edit icon to edit the corresponding function. Remotely control services via SMS Designation Description Enable Service Control Check box for enabling/disabling this function. via SMS Check the Phone Number Check box for enabling/disabling this function.
Page 126 Clicking on "Close” discards the current input/changes. NO T I CE Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently. Command set for remote control of the mbNET via SMS Command Note INET START...
Page 127 Send an SMS if... (the Internet connection was established) Designation Description Internet connection es- Check box for enabling/disabling this function. tablished When the function is enabled, the mbNET sends an SMS notification once the mbNET has established a connection to the Internet. Recipient phone number Recipient’s phone number to whom the notification should be sent.
Page 128: Network > Internet (Internet Connection And Internet Settings)
24.4 Network > Internet (Internet connection and Internet settings) 24.4.1 Configure Internet connectivity Click the Edit icon to edit the corresponding function. Page 128 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 129 Failover Designation Description Failover "Yes / No" selection field to activate/deactivate this function. The reliability function allows switching between different Internet connections. If this function is enabled, the Internet interfaces in the desired priority can be entered ac- cording to the device type. Network - connection settings and options | Page 129 of 309...
Page 130 Internet connection - Failover = No - Click the Edit icon to edit the corresponding function. Image 9: The choice of available Internet interfaces depends on the device type and can vary. Designation Description Internet connection Here you select the Internet interface, with which the mbNET should connect to the Internet.
Page 131 Internet connection - Failover = Yes - (Failover of Internet interfaces) Click the Edit icon to edit the corresponding function. Image 10: The choice of available Internet interfaces depends on the device type and can vary. Designation Description The number of attempts Enter the number of connection attempts here.
Page 132 Designation Description Add Internet interface to 1. Here you can select an Internet interface/action from the selection field. priority list Click the green plus sign to add the selected interface/action to the pri- ority list. 3. Repeat this process as necessary until no interface/action is available. Internet Interface Priority The selected interfaces/actions are listed in order of priority here.
Page 133 Check the Internet connection (ping IP) Here you can also check the availability of the internet connection by pinging an IP address. You can enter up to three different IP addresses with different intervals. The entries are executed one after the other.
Page 134: Internet Settings (Connection Settings)
NO T I CE You can see the ping result on the quick start page under step 2. 24.4.2 Internet settings (Connection settings) Here you specify • when the mbNET should connect to the Internet. Click the Edit icon to edit the corresponding function. Connection settings •...
Page 135 Designation Description Connection Mode Selection field for the type of connection when the mbNET should connect to the Internet – Key switch(ONL) When the key switch is in the ONL position, an internet connection is estab- lished as soon as the device is ready for operation, after being switched on or after a device restart.
Page 136: Network > Dhcp
24.5 Network > DHCP The mbNET can be configured as a DHCP server on the LAN or WAN network. If this service is active, the router will assign IP addresses to clients from the network independently. In addition, you can configure the service for the LAN and/or WAN interface. For example, you can supply several devices with it.
Page 137: Lan Dhcp Server Settings
24.5.1 LAN DHCP server settings Designation Description DHCP Server active Check box for enabling/disabling this function. By enabling the function the mbNET can be set up as a DHCP server to the cor- responding interface. Start Enter the start address of the address range managed by the DHCP server. End address of the range managed by the DHCP server.
Page 138: Lan Dhcp Static Lease Server Settings
24.5.2 LAN DHCP static lease server settings Here you can create fixed mappings between IP addresses and MAC addresses. i.e. a device with a specific MAC address always receives the same IP address. Click on the green plus , in order to create and add an assignment. Designation Description MAC address...
Page 139: Network > Dns-Server
24.6 Network > DNS-Server Using DNS, IP addresses are converted into names. At the factory, the mbNET is configured in such a way that the DNS server is assigned by the Internet service provider (IPS). For permanent connection of the industrial router, a dedicated DNS server can be added here. This is then used before the server assigned by the internet service provider.
Page 140 Add server Designation Description DNS Server IP Address Enter the IP address of your DNS server. Confirm your entries by clicking on the Save button and repeat the process for further DNS server entries. NO T I C E A total of up to five DNS servers can be entered. Page 140 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 141 Settings Here, you specify the basic settings for the DNS server. Click the Edit icon to edit the corresponding function. Network - connection settings and options | Page 141 of 309...
Page 142 Designation Description No Hosts Check box for enabling/disabling this function. If this checkbox is activated, the computer names entered under network hosts are not taken into account. Strict arrangement Check box for enabling/disabling this function. If this checkbox is activated, the sequence of the entries is exactly as described un- der "Server".
Page 143: Network Hosts
24.7 Network Hosts This setting allows you to always assign a specific name to exactly one IP address. DNS queries can therefore be answered directly. Click on the green plus to add an assignment. Host Settings This setting allows you to always assign a specific name to exactly one IP address. DNS queries can therefore be answered directly.
Page 144 Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. NO T I CE Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently. Image 13: Example entries in the Host Settings Click the Edit icon , to edit the corresponding entry.
Page 145: Network > Dyndns
24.8 Network > DynDNS General Because the mbNET is assigned a unique IP when dialling to the Internet, it can be found from a client PC using this IP. Once the mbNET interrupts the connection to the Internet and dials in again, it also receives a new IP address. The DynDNS service means that the mbNET is always available under the same name.
Page 146: Public Dyndns Service
24.8.2 Public DynDNS service In order to be able to use a public DynDNS service, you must register/have registered for one of the services that are supported by the mbNET. Registration is normally free. Click the Edit icon to edit the corresponding function. Page 146 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 147 Designation Description Active Enable this checkbox if you are registered with a DynDNS service, from the selection list from the drop down list in the provider field and the mbNET should use this service. The mbNET reports the next time it dials into the Internet the current IP address that it has received from the Internet service provider to the DynDNS service.
Page 148: Serial (Serial Port Com)
Serial (serial port COM) General If the IP address of the mbNET is known, the serial interface of the device can be accessed via a dial-up connection or via the Internet. The COM serial port can be configured directly via the web interface to RS232, RS485 and RS422 and the corresponding control commands redirected, e.g.
Page 149: Com Settings
25.1 COM settings Driver type: System driver Designation Description Interface type Use this selection field to set the interface type. The options are: RS232, RS485 2-wire, RS485 4-wire, RS422 Driver type When choosing a System Driver, a range of product- and company-specific device drivers are available to control your serial devices.
Page 150 Driver type: User settings Designation Description Interface Type Use this selection field to set the interface type. The options are: RS232, RS485 2-wire, RS485 4-wire, RS422 Driver Type Select the driver type User Preferences, if no matching driver is available in the drop-down list or if you want to make your own settings.
Page 151: Com Network Settings
25.2 COM network settings Designation Description Protocol Select the appropriate driver for your connected devices. Port Enter the port for the network or Internet communications. The port can be chosen freely, but it must match the settings in the VCOMLAN2 or mbDIALUP. Enable ports in The checkbox must be enabled so that you can communicate via the specified port.
Page 152: Com2 Settings
• VCOM LAN2 (PC adapter in the SIMATIC Manager) or mbDIALUP • RFC1006 • mbNETS7 driver (installable directly in the SIMATIC Manager) 25.3.1 COM2 Settings Protocol: MPI/PROFIBUS Network Driver NO T I CE The Protocol Choice MPI/PROFIBUS network driver requires the installation of a network driver on the client PC beforehand! Only in conjunction with the option RFC1006 can a separate driver installation be dispensed with and the "TCP/IP (Auto)"...
Page 153 Designation Description Station address of If routing function is enabled via RFC1006, you must enter the address of the rout- the Routing Gateway ing gateway here. (Address 14 in the example below). NO T I CE If a bus participants (slave) is to be accessed on a subordinate station that is not directly connected to the network, the station address of the PLC must be registered as a routing gateway in the router with the gateway (master).
Page 154: Com2 Network Settings
25.3.2 COM2 Network settings Designation Description Protocol Select the appropriate driver for your connected devices. Port Enter the port via which the communication should take place here. Enable ports in If this checkbox is enabled, the port indicated above is enabled for direct access from the firewall the Internet in the firewall.
Page 155 The following submenus are listed under the Security settings menu: Submenu Description Firewall General Here you can specify the basic firewall settings. WAN - LAN This setting is used to regulate the incoming traffic. LAN - WAN This setting is used to regulate the outgoing traffic. Forwarding Here you can forward requests from specific IP addresses and ports to redefined IP addresses and ports.
Page 156: Security Settings > Firewall General
26.1 Security Settings > Firewall General The firewall can generally be configured in one of the following four variants: • Maximum security level all incoming packets (data from the Internet) will be rejected all outgoing packets from the LAN (data) will be rejected except: DNS, FTP, IMAP, POP3, SMTP, HTTP, HTTPS, Telnet, NTP Enable signals for the data traffic must be configured accordingly.
Page 157 NO TI CE The "Minimum security level" and "Firewall off" variants should only be selected for a short period of time and for test purposes or at initial start-up, if you want to ensure that a configured rule should not apply. ATTENTION! Any data traffic from inside to outside and external access are possible! The integrity of your mbNET and the connected devices is threatened when you select one of these two variants! Click the Edit icon...
Page 158: Security Settings > Wan Lan (Configuration Of The Firewall Rules)
26.2 Security Settings > WAN LAN (configuration of the firewall rules) This setting controls the incoming traffic, i.e. the following settings only apply to incoming traffic from the outside. From the point of view of the mbNET Firewall is "WAN" always the currently active interface to the Internet. Depending on the setting under "Network >...
Page 159 Designation Description Active Checkbox for enabling/disabling this firewall rule. Action Selection field for the applicable action. The options are: • Drop When you select this action, no data packets can pass and the pack- ets will be deleted immediately. The sender receives no information about the whereabouts of the data packets.
Page 160 Designation Description WAN Interfaces You can use this selection field to determine which WAN interface* should normally be used. The options are: • Internet • WAN Ethernet • OpenVPN • IPsecVPN • PPTPVPN • All * The selection field for the WAN interface can vary depending on the type of router. Source IP Enter the source IP addresses of incoming data packets for which the firewall rule ap- plies.
Page 161 NO T I CE The input of IP and port is not mandatory. If neither an IP nor a port is specified, a rule applies only to the selected interfaces. Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close”...
Page 162: Edit Firewall Rule
26.2.1 Edit firewall rule Change the entered rule order Click on the Edit icon in the header of the overview to change the sequence of the entered change rules. Here you can move up and down (drag and drop) to change the sequence of the firewall rules. Page 162 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 163 Change/delete firewall rule Click on the Edit icon at the end of the line of the registered rule to edit it. Click the Delete icon , to delete the corresponding entry. Security settings | Page 163 of 309...
Page 164: Security Settings > Lan-Wan (Configuration Of The Firewall Rules)
26.3 Security Settings > LAN-WAN (configuration of the firewall rules) This setting controls the outgoing traffic, i.e. the following settings only apply to outgoing traffic. From the point of view of the mbNET Firewall is "WAN" always the currently active interface to the Internet. Click on the green plus , to add a rule.
Page 165 Designation Description Active Checkbox for enabling/disabling this firewall rule. Action Selection field for the applicable action. The options are: • Drop When you select this action, no data packets can pass and the pack- ets will be deleted immediately. The sender receives no information about the whereabouts of the data packets.
Page 166 Designation Description Destination Port Enter the ports to which the data packets are to be forwarded. Acceptable input: Integer or List of ports (between 0 and 65535) separated with com- mas or Port range [e.g. 32240-32245] or empty NO T I CE Ranges must be separated by a hyphen (-) and enumerated by comma (,).
Page 167: Edit Firewall Rule
26.3.1 Edit firewall rule Change the entered rule order Click on the Edit icon in the header of the overview to change the sequence of the entered change rules. Here you can move up and down (drag and drop) to change the sequence of the firewall rules. Security settings | Page 167 of 309...
Page 168 Change/delete firewall rule Click on the Edit icon at the end of the line of the registered rule to edit it. Click the Delete icon , to delete the corresponding entry. Page 168 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 169: Security Settings > Forwarding
26.4 Security Settings > Forwarding Forwarding is used to forward requests from specific IP addresses and ports to IP addresses and ports defined in turn. Click on the green plus , to add a rule. Designation Description Active Check box for enabling/disabling this function. Origin IP Here you can enter the IP addresses from which data packets are received.
Page 170 Designation Description Protocol The following protocols are available: • All - the set rule applies to all protocols. • Tcp - the set rule applies only to the TCP protocol. • Udp - the set rule applies only to the UDP protocol. •...
Page 171: Edit Forwarding Rule
Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. NO T I CE Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently. Image 17: Forwarding Entry Example 26.4.1 Edit Forwarding Rule Change the entered rule order...
Page 172 Here you can move up and down (drag and drop) to change the sequence of the firewall rules. Change/delete firewall rule Click on the Edit icon at the end of the line of the registered rule to edit it. Click the Delete icon , to delete the corresponding entry.
Page 173: Security Settings > Nat
26.5 Security settings > NAT 26.5.1 SimpleNAT "SimpleNAT” allows you to grant access to an IP address from the LAN Network 1:1 in the WAN Ethernet network. To do this, a free WAN Ethernet address from the WAN network is registered as WAN IP. This IP address is then added to the WAN interface and directly “natted”...
Page 174: Edit Simplenat Rule
Image 18: Example entry 26.5.1.1 Edit SimpleNAT Rule Change the entered rule order Click on the Edit icon in the header of the overview to change the sequence of the entered change rules. Here you can move up and down (drag and drop) to change the sequence of the entered rules. Page 174 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 175 Change/delete SimpleNAT Rule Click on the Edit icon at the end of the line of the registered rule to edit it. Click the Delete icon , to delete the corresponding entry. Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close”...
Page 176: 1:1 Nat
26.5.2 1:1 NAT Using "1:1 NAT" it is possible to connect two networks that are in the same address range with each other. For example, if a network with the address 192.168.0.0/24 is to be connected to a network with the same address, this is only possible if one of the two networks is assigned a different address.
Page 177: Edit 1:1 Nat Rule
Image 19: Example entry 26.5.2.1 Edit 1:1 NAT rule Change the entered rule order Click on the Edit icon in the header of the overview to change the sequence of the entered change rules. Security settings | Page 177 of 309...
Page 178 Here you can move up and down (drag and drop) to change the sequence of the entered rules. Change/delete 1:1 NAT rule Click on the Edit icon at the end of the line of the registered rule to edit it. Click the Delete icon , to delete the corresponding entry.
Page 179: Vpn
Here you can configure the communication via a VPN tunnel. You can choose from the following protocols: IPSec | PPTP | OpenVPN 27.1 IPSec NO T I CE As a rule, to enable communication via a VPN tunnel with IPSec, you need to enable the 500 UDP and 4500 UDP ports for your network.
Page 180: Ipsec Settings
27.1.2 IPSec settings Click the Edit icon to edit the corresponding function. Page 180 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 181 L2TP server -configuration You can use the L2TP server for VPN-IPSec communication between the mbNET and a Windows client. Designation Description Local IP address Enter the name or IP address that the server should have while communicating with the Windows Client (example: 192.168.0.103). You can also use an address from the IP range of the LAN interface.
Page 182 IPsec Debug settings klipsdebug One of the following debug information can be selected using the klipsdibug selection field: • no debug • Tunnel - Messages of the tunnel code. • Tunnel-xmit - Messages of the packets sent in the tunnel. •...
Page 183 plutodebug One of the following debug information can be selected via the plutodibug selection field: • no debug • control - logs the decisions made by Pluto (useful for troubleshooting). • crypt - logs the encryption and decryption of the messages. •...
Page 184: Pptp
27.2 PPTP 27.2.1 PPTP configuration Click the Edit icon to edit the corresponding function. Page 184 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 185 PPTP Server configuration Designation Description Active Check box for enabling/disabling this function. automatic configu- "Yes / No" selection field to activate/deactivate this function. ration If this option is set to "YES", the PPTP server is configured automatically. (Suitable addresses for the remote PCs are used in a similar way to the LAN address of the router).
Page 186 Encryption configuration Designation Description Encryption Selection field for the type of encryption: • None • MPPEV2/40 • MPPEV2/128 • MPPEV2/all NO T I C E IMPORTANT: You should always enable encryption of your VPN connections, otherwise unauthorized access to networks, machines, etc. is possible! Page 186 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 187 Authentication configuration You can use the following checkboxes to select the authentication protocols (PAP,CHAP,MSCHAP,MSCHAP V2). Designation Description Authentication via Here the Client User Name/Password combination is sent to the host for the neces- sary time to accept or reject the client authentication. Authentication us- Here, the authentication is controlled by the host.
Page 188: Pptp Client Configuration
27.2.2 PPTP client configuration Click on the green plus to add a client. Page 188 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 189 Designation Description Active Check box for enabling/disabling this function. Enable this feature if you want to use as the mbNET as a VPN client. Name Enter a name for the client here. Host name or IP Enter the name or IP address used by the client to access the server. Example 123456789@mbNET.mymbnet.biz or 80.187.33.55 Local IP Option input field...
Page 190: Openvpn
Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. NO T I CE Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently. 27.3 OpenVPN OpenVPN Basics •...
Page 191: Configure Openvpn Connections
27.3.1 Configure OpenVPN connections Click on the green plus to add a connection. To establish a VPN connection, follow the Configuration Wizard. 27.3.1.1 Connection type: Client router connection Select the connection type if you want to connect one single PC to the router (mbNET). NO T I CE Only one "client to network"...
Page 192 1 Connection settings Designation Description Active Check box for enabling/disabling this function. Connection Name In the text box, enter a name for the connection. Connection Type Selection field for the connection type • Router - Router connection select this connection type to connect two complete networks together. •...
Page 193 2 Network settings Designation Description Local IP Address of Enter the IP address of the local VPN tunnel endpoint. e.g. 10.1.0.5 the VPN tunnel Partner IP address of Enter the IP address of the partner VPN tunnel endpoint. e.g. 10.1.0.6 the VPN tunnel Replace the sender IP Check box for enabling/disabling this function.
Page 194 3 Authentication (Authentication process = no authentication) NO T I CE Select this method only to test the connection, as all the data is transmitted in clear text! Always enable encryption of your VPN connections, otherwise unauthorized access to networks, machines, etc.
Page 195 (Authentication process = static key) NO T I CE For symmetric encryption with a static key, you first need to generate a key (VPN OpenVPN static key) or import a previously created one. Note, however, that each participant needs to receive the key in a secure manner.
Page 196 (Authentication process = x.509) NO T I CE For this authentication method, you must first create/import your certificates (see: System > Certificates) Designation Description Authentication Selection field for the authentication process process • no authentication • Static key • x.509 CA certificate Selection field with all certificates imported to date.
Page 197 Designation Description Use only CA and Check box for enabling/disabling this function. User/password for In this case only the CA certificate and the user login are used for authentication. client verification NO T I C E Note that you still need to have your own certificate and it must be selected! Click the "Next"...
Page 198 Protocol Protocol Designation Description Coding algorithm Selection field for the method used by the mbNET to encrypt OpenVPN data: - DES with CBC (64 bit) - RC2 with CBC (128 bit) - DES-EDE with CBC (128 bit) - DES-EDE3 with CBC (192 bit) - DESX with CBC (192 bit) - Blowfish with CBC (128 bit) - RC2 with CBC (40 bit)
Page 199 Miscellaneous Miscellaneous Designation Description Bind the local IP- Check box for enabling/disabling this function. address and port This corresponds to the "bind" setting of OpenVPN. OpenVPN cannot dynamically change the ports during the connection. Allow the peer to Check box for enabling/disabling this function. change the IP-ad- This corresponds to the OpenVPN setting "float"...
Page 200 Miscellaneous Designation Description Fragment the All UDP packets that are larger than ... [bytes] are divided into several packages UDP packets in... (fragment). [bytes] This corresponds to the setting "fragment". The default setting is that the packages are not split (" "). Regenerate a new Renew the security key after ...
Page 201 Miscellaneous Miscellaneous Designation Description Enable connection Check box for enabling/disabling this function. through a HTTP If this function is activated, the outgoing connection attempts to pass through a proxy proxy server. The following fields must be completed for this purpose. HTTP proxy name Input field for the DNS names or the IP address of your proxy server.
Page 202 Click on "Save", after completing all settings. Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. N O T I C E Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently.
Page 203: Connection Type: Router-Router Connection - Server Mode
27.3.1.2 Connection type: Router-router connection - server mode Select this connection type to connect two complete networks together. Here you can create a "network to network" connection. Depending on the authentication method, the dialing party receives an IP from a defined area or each participant specifies his required address. Example: mbNET Client mbNET Server...
Page 204 1 Connection settings Designation Description Active Check box for enabling/disabling this function. Connection name In the text box, enter a name for the connection. Connection type Selection field for the connection type • Router - Router connection • Client router connection Link connection Selection field for when or under which conditions the connection should be started.
Page 205 2 Network settings Designation Description Local IP Address of Enter the IP address of the local VPN tunnel endpoint. e.g. 10.1.0.5 the VPN endpoint Peer IP Address of the Enter the IP address of the partner VPN tunnel endpoint. e.g. 10.1.0.6 VPN endpoint Local network Enter your own network address in CIDR notation (as standard for the router:...
Page 206 3 Authentication (Authentication process = no authentication) NO T I CE Select this method only to test the connection, as all the data is transmitted in clear text! Always enable encryption of your VPN connections, otherwise unauthorized access to networks, machines, etc.
Page 207 (Authentication process = static key) NO T I CE For symmetric encryption with a static key, you first need to generate a key (VPN OpenVPN static key) or import a previously created one. Note, however, that each participant needs to receive the key in a secure manner.
Page 208 (Authentication process = x.509) NO T I CE For this authentication method, you must first create/import your certificates (see: System > Certificates) Designation Description Authentication Selection field for the authentication process process • no authentication • Static key • x.509 CA certificate Selection field with all certificates imported to date.
Page 209 Designation Description Use only CA and Check box for enabling/disabling this function. User/password for In this case only the CA certificate and the user login are used for authentication. client verification NO T I C E Note that you still need to have your own certificate and it must be selected! Click the "Next"...
Page 210 Protocol Protocol Designation Description Coding algorithm Selection field for the method used by the mbNET to encrypt OpenVPN data: - DES with CBC (64 bit) - RC2 with CBC (128 bit) - DES-EDE with CBC (128 bit) - DES-EDE3 with CBC (192 bit) - DESX with CBC (192 bit) - Blowfish with CBC (128 bit) - RC2 with CBC (40 bit)
Page 211 Miscellaneous Miscellaneous Designation Description Bind the local IP- Check box for enabling/disabling this function. address and port This corresponds to the "bind" setting of OpenVPN. OpenVPN cannot dynamically change the ports during the connection. Allow the peer to Check box for enabling/disabling this function. change the IP-ad- This corresponds to the OpenVPN setting "float"...
Page 212 Miscellaneous Designation Description Fragment the All UDP packets that are larger than ... [bytes] are divided into several packages UDP packets in... (fragment). [bytes] This corresponds to the setting "fragment". The default setting is that the packages are not split (" "). Regenerate a new Renew the security key after ...
Page 213 Miscellaneous Miscellaneous Designation Description Enable connection Check box for enabling/disabling this function. through a HTTP If this function is activated, the outgoing connection attempts to pass through a proxy proxy server. The following fields must be completed for this purpose. HTTP proxy name Input field for the DNS names or the IP address of your proxy server.
Page 214 Click on "Save", after completing all settings. Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. N O T I C E Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently.
Page 215: Connection Type: Router-Router Connection - Client Mode
27.3.1.3 Connection type: Router-router connection - client mode With the "router-router connection" you create a "network to network" connection. Depending on the authentication method, the dialing party receives an IP from a defined area or each participant specifies his required address. Example: mbNET Client mbNET Server...
Page 216 Designation Description Active Check box for enabling/disabling this function. Connection name In the text box, enter a name for the connection. Connection type Selection field for the connection type • Router - Router connection • Client router connection Link connection Selection field for when or under which conditions the connection should be started.
Page 217 2-level security You use the control mechanism of the 2-level access control to control or regulate remote access to a device and the components connected to it. NO T I CE To prevent remote access locally is a recommendation from cybersecurity authorities such as the German BSI, the French ANSSI or the European ENISA.
Page 218 2 Network settings Designation Description Local IP Address of Enter the IP address of the local VPN tunnel endpoint. e.g. 10.1.0.5. the VPN tunnel Peer IP Address of the Enter the IP address of the partner VPN tunnel endpoint. e.g. 10.1.0.6. VPN tunnel Local network Enter your own network address in CIDR notation (as standard for the router:...
Page 219 3 Authentication (Authentication method = no authentication) NO T I CE This type should only be selected to test the connection, as all the data is transmitted in clear text! Always enable encryption of your VPN connections, otherwise unauthorized access to networks, machines, etc.
Page 220 (Authentication procedure = static key) NO T I CE For symmetric encryption with a static key, you first need to generate a key (VPN OpenVPN static key) or import a previously created one. Note, however, that each participant needs to receive the key in a secure manner.
Page 221 (Authentication procedure = X.509 - client mode) If one of the following options was selected for "Link connection", this mbNET is in client mode and is referred to as "Client". - Connection immediately - Start with an active internet connection - Connect when input 1 has High-signal - Connect when input 2 has High-signal - Connect when input 3 has High-signal...
Page 222 Page 222 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 223 Designation Description Authentication Selection field for the authentication procedure procedure • no authentication • Static key • X.509 If you do not have any certificates, then you first need to create your own certifi- cates using the XCA program. ° CA certificate: This shows the selected root cell certificate.
Page 224 4 Protocol settings Network Interface Networkadapter Interface Designation Description Interface Type Selection field for the virtual kernel driver: - TUN - TAP Page 224 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 225 Protocol Protocol Designation Description Coding algorithm Selection field for the method used by the mbNET to encrypt OpenVPN data: - DES with CBC (64 bit) - RC2 with CBC (128 bit) - DES-EDE with CBC (128 bit) - DES-EDE3 with CBC (192 bit) - DESX with CBC (192 bit) - Blowfish with CBC (128 bit) - RC2 with CBC (40 bit)
Page 226 Miscellaneous Miscellaneous Designation Description Bind the local IP- Check box for enabling/disabling this function. address and port This corresponds to the "bind" setting of OpenVPN. OpenVPN cannot dynamically change the ports during the connection. Allow the peer to Check box for enabling/disabling this function. change the IP-ad- This corresponds to the OpenVPN setting "float"...
Page 227 Miscellaneous Designation Description Fragment the All UDP packets that are larger than ... [bytes] are divided into several packages UDP packets in... (fragment). [bytes] This corresponds to the setting "fragment". The default setting is that the packages are not split (" "). Regenerate a new Renew the security key after ...
Page 228 Miscellaneous Miscellaneous Designation Description Enable connection Check box for enabling/disabling this function. through a HTTP If this function is activated, the outgoing connection attempts to pass through a proxy proxy server. The following fields must be completed for this purpose. HTTP proxy name Input field for the DNS names or the IP address of your proxy server.
Page 229 Click on "Save", after completing all settings. Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. N O T I C E Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently.
Page 230: Static Key (Key Management)
27.4 Static key (key management) Here you can import or even generate static keys. All keys contained can be downloaded as a copy under "Download". Click on the green plus to add a key. Generate static key Name Enter a name for the key here Generate To generate the key, click the "Generate"...
Page 231 To download a key, click on the Download button To delete a key, click on the Delete button VPN | Page 231 of 309...
Page 232: Io-Manager
IO-Manager The I / O Manager integrated in the router fulfills the following tasks: • Display of PLC variables • Read PLC variables and, within a preset interval, save them on a USB stick (logging). • Store the logged archives (GZIP) on an external FTP server. The following variable types can currently be read from an S7 controller via RFC1006: •...
Page 233 NO T I CE If communication is to take place via the MPI / PROFIBUS interface, the RFC1006 protocol must be activated in the settings for COM2 (Serial> COM2> COM2 Settings). IO-Manager | Page 233 of 309...
Page 234: Configuring The Plc Connection
28.1 Configuring the PLC connection Click the Add button to add a PLC connection.. Designation Description Active Checkbox to enable / disable this connection. Driver Selected driver (only S7 ISOTCP is available here). Name Enter a unique name for this connection. This field can not contain any spaces or special characters.
Page 235 Designation Description SPS slot address • For MPI/PROFIBUS communication, the PLC slot address is the same as the bus address. • For Ethernet communication, this is the slot space of the PLC on the rack (usually 2). 3. Click on Save to accept the input / changes. To add a PLC connection, click the add button To edit a PLC connection, click on the edit button To delete a PLC connection, click the delete button...
Page 236: Logging - Configuration
28.2 Logging - configuration Click on the respective edit button to configure the logging settings and the settings for the FTP upload. NO T I CE The logging settings apply to all PLC connections. For logging, it is necessary that a storage medium (USB stick) is connected to the USB socket of the mbNET. Settings Logging Page 236 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 237 Designation Description Interval [s] Enter here the interval (in seconds) after which the tags are to be written to the stor- age medium. Maximum time until After this period of time (in hours), the log file is archived and a new log file is started. archiving the log file Settings FTP upload The logged tags can additionally be archived on an FTP server.
Page 238: Create Tags
28.3 Create tags NO T I CE Before you can create one or more tags, a PLC connection must be created. To create a tag, click on the add button Page 238 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 239 Designation Description Active Checkbox for activating / deactivating the created datapoint. Server Selection box with all previously created PLC connections. Address Enter the tag address for this PLC connection here. For the address syntax of the dri- ver, see table below. Display format Selection box for the desired display format (BIN, DEZ, HEX, FLOAT).
Page 240: Status
28.4 Status Here, the status of each tag is displayed for all created PLC connections. Designation Description Description Display of the description given under "Tags". Address The address of a tag Value Displays the tag value in the display format chosen when the tag was created (BIN, DEZ, HEX, FLOAT).
Page 241: Alarm Management
Alarm Management The mbNET Alarm Management provides the following functions: • Status query (1/0) of the four digital inputs (I1 - I4) with subsequent action: ° Send an Email ° Perform a device Restart ° Send an SMS ° Send an Internet-SMS •...
Page 242: Digital Inputs - Configuration
29.1 Digital inputs - Configuration NO T I CE The configuration of input 1 is representative for inputs 2, 3, 4. Input 1 settings displays the settings of the selected input. Current status displays the current status (1 or 0) of the individual inputs, as well as an LED symbol for the Dial-out button.
Page 243 Designation Description Active Check box for enabling/disabling this function. When this feature is enabled, the input is activated ("armed"). Query on Selection field "Low (0)/High (1)/No" to query the status of the relevant input. status Campaign Selection field for the action to be performed when the selected status of the relevant input occurs: •...
Page 244: Multiplex Inputs
29.2 Multiplex Inputs An action specification (number) can be determined by the user via the inputs (2 - 4). I.e. one input is STROBE, one input is CYCLE_x1 and one is CYCLE_1x. The pulse at PULSE_x1 (one digit) and PULSE_1x (tens digit) can be counted with a rising edge at STROBE.
Page 245 To be able to use and configure Multiplex inputs, you must activate this function using the "Enable" checkbox. Input 2 is used for the STROBE signal, input 3 for the pulse of the unit position and input 4 for the decadic position.
Page 246 Multiplex Inputs Number Choose a Multiplex Input between 01 and 99 Action Select an action for the input • Send E-Mail • System Reboot • SMS • Internet SMS Text Enter the text for the alarm message here. N O T I CE When sending an alarm text message, observe the maximum number of characters (160).
Page 247 Image 21: Example overview of 2 defined multiplex inputs Clicking on "Save” temporarily saves the current entries/changes. But the changes are not yet enabled. Clicking on "Close” discards the current input/changes. N O T I C E Temporary stored settings/changes are saved until a reboot of the router. Only after you confirm via “Apply Changes", will the changes be applied (activated) and stored permanently.
Page 248: Digital Outputs - Configuration
29.3 Digital outputs - Configuration NO T I CE The configuration of output 1 is representative for output 2. The settings of the selected output are under Output 1 settings. By clicking on the button “Switch output", the status of the selected output mode is switched (from 0 to 1 or from 1 to 0).
Page 249 Designation Description Function Selection field for the condition for switching the selected output: • Off Select these settings, if the selected output should not be switched. • On by malfunction Select this setting in the event of a device fault if the selected output should be set to signal level 1.
Page 250: Extras
Extras Image 22: The display can vary depending on the device type. You will find the following submenus in the Extras menu: • IoT - here you configure and manage the mbEDGE functionality. • RoKEY - the current position of the key switch on the mbNET.rokey is displayed here and the individ- ual key switch positions are explained.
Page 251: Iot > Control > Docker - Activate Mbedge
NO T I CE Further information such as application examples, FAQs, videos and product information about mbEDGE can be found in our Helpdesk at www.mbconnectline.com 30.1.1 IoT > Control > Docker - activate mbEDGE NO T I CE If you have not already done so, insert the mbEDGE SD card into the SD card slot of the mbNET. 1.
Page 252 Page 252 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 253: Iot > Control - After Activating Mbedge
30.1.2 IoT > Control - after activating mbEDGE After activating mbEDGE, you will see the full scope of the IoT menu with all submenus. Extras | Page 253 of 309...
Page 254 Information • Serial number of the mbEDGE card • License Type Here you can see the license type of your mbEDGE card: mbEDGE.start or mbEDGE.advanced. Docker • Service Activate your mbEDGE license here. • Daemon LED symbol indicates whether the Docker daemon is active (green symbol). Docker Management •...
Page 255: Iot > Control - Activate Docker Management
30.1.3 IoT > Control - activate Docker Management NO T I CE You can only activate Docker Management if you have activated "Docker Management Admin" under System > Users. NO T I CE Activate Docker Management only if you have purchased an mbEDGE.advance license. 1.
Page 256: Link To User Interface
30.1.3.1 Link to User Interface Click on the "Management" button to get to the container management. A new browser window, with a login, will open. The access data for this are: a. User name and password for the user you created in the user management for accessing Node-Red b.
Page 257: Flows And Dashboard
30.1.4 Flows and Dashboard 30.1.4.1 Activate flows and dashboard 1. Click on the edit icon to activate the Flows and Dashboard Service. 2. Activate the flows and dashboard settings. Click on "Save" to save the change. Confirm the activation by clicking on "Apply changes". After activation, the links to "Flows(Node-Red)"...
Page 258: Link To Flows (Node-Red)
30.1.4.1.1 Link to Flows (Node-RED) By clicking on the "Flows" button you will be redirected to Node-Red-Flows. A new browser window, with a login, will open. The access data for this are: a. User name and password for the user you created in the user management for accessing Node-Red b.
Page 259: Link To Dashboard (Node-Red)
30.1.4.1.2 Link to Dashboard (Node-RED) By clicking on the "Dashboard" button you will be redirected to Node-Red-Flows. A new browser window, with a login, will open. The access data for this are: a. User name and password for the user you created in the user management for accessing Node-Red b.
Page 260: Backup And Delete Flows
30.1.5 Backup and Delete flows Here you can save and / or delete the flows you have created. Saved flows can be read in again via Node-Red. 1. Click the edit icon. 2. Choose an option (Download or Delete) Page 260 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 261: Key Management
30.2 Key Management Only the mbNET with which an mbEDGE card is paired can open the encrypted container. So that you can access your data at any time - even if the mbNET is no longer available - a Backup-Key is required. If the mbNET is no longer reachable before you have generated the Backup-Key (eg in the event of total failure due to damage), there is no way to access the card.
Page 262: Create Backup-Key
30.2.1 Create Backup-Key 1. Click on the edit icon in Settings. 2. Fill in the input fields under Key Settings. ° The Backup-Key must consist of at least 8 characters. ° You can find the License Code on the back of the mbEDGE packaging. 3.
Page 263 After you have saved your entries, you can change or delete the backup key at any time. To do this, click on the edit icon. Extras | Page 263 of 309...
Page 264: Network
30.3 Network Click the Edit icon to edit the corresponding function. • Docker Interface Adjust the IP address of the Docker Daemon (runtimer for the IoT services and Nod-Red) if an address conflict with other network settings exists / is to be expected. The default setting is 172.16.0.1/24 Page 264 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 265 • Firewall Settings for Node-Red Here, you add firewall rules to open ports for Node-RED. By default, a network socket node in Node-RED has access only from the inside out. Therefore, any "listener socket" created in Node- RED is not accessible via LAN / WAN. For example, an OPC UA server can not be reached via LAN / WAN.
Page 266: Firmware
30.4 Firmware Under "Current Firmware Version" you can see • the current firmware versions of ° mbEDGE-NodeRED ° mbEDGE-Portainer.io The available firmware version is displayed under "Latest Available Firmware Version". Requirement: The mbNET must be connected to the Internet. 1. Click the "Upgrade" button to upgrade the firmware versions. Page 266 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 267: Sftp
30.5 SFTP Here you can - only via an SFTP client (e.g. "FileZilla") - access the SD card in the device. Click the Edit icon to edit the corresponding function. NO T I CE To access the SD card via SFTP, enter the IP address of the mbNET as the server, preceded by sftp://…. Example: sftp://192.168.0.100 The default username is: nodered The default password is: ftp...
Page 268: Rokey
30.6 RoKEY Key Switch position Here, the current position of the mbNET.rokey key switch is displayed. Switch position Function RST Loading the factory settings OFF It is not possible to establish a VPN connection. Modem devices can not connect to the Internet.
Page 269: Status (Information And Analysis)
Status (information and analysis) When errors/faults occur, these can be analysed on the basis of specific status information. Thus, for example, when the LED Stat (Status) is flashing, this indicates that a system error has occurred on the mbNET. For this purpose, e.g.
Page 270 Designation Description MAC address IP address Display of the settings on the WAN connection (external connection) of the mbNET. Subnet mask As soon as the mbNET has a physical connection to the network, or the mbNET is assigned a static IP address, the IP address is displayed. DNS Server 1 Gateway Bytes Received...
Page 271 LAN interfaces Designation Description MAC address Display of the settings on the LAN connection (local connection) of the mbNET. The IP address is then displayed if the mbNET has a physical connection. IP address Subnet mask Bytes Received Display the volume of data in received and sent data packets. Sent Bytes Status (information and analysis) | Page 271 of 309...
Page 272: Status > Network
31.2 Status > Network 31.2.1 General Physical connections: Ethernet connections Displays the physical connections used to connect the router to other computers. Route table Displays all routes used. Router monitored ports Displays all monitored ports. Router connections: Connections to the router Displays all IP addresses of ports, such as of computers that are connected to the router.
Page 273: Firewall
31.2.2 Firewall IN/OUT/FORWARD Displays incoming and outgoing data traffic as well as forwarding. Displays natted data traffic. Status (information and analysis) | Page 273 of 309...
Page 274: Network Participants
31.2.3 Network participants The LAN network participants that have been recognized via ARP reconnaissance are listed here. Page 274 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 275: Status > Modem
31.3 Status > Modem 31.3.1 GSM information Manual control of the GSM modem Reboot Here you can click on the "Execute" button to restart the GSM modem. Information Status (information and analysis) | Page 275 of 309...
Page 276 Designation Description Signal Quality Signal strength display (in %) GSM Service Display of the transfer procedure, depending on the type of modem, signal strength etc. SIM card slot Display of the active SIM card slot SIM status Status of detected SIM Card Provider Displays the wireless service provider Mobile number...
Page 277: Modem
31.3.2 Modem Modem Connection Here, you can see which user has dialled in to the router via a modem. When the dial-up connection is suc- cessful, the IP address of the PPP server and the PPP client (remote) are displayed. This is always incom- ing connections.
Page 278: Wifi
31.4 WiFi Information Designation Description Connected Display of the connection status via an LED symbol SSID Display Wi-Fi Network Names Signal strength Signal strength display (in %) Operating fre- Operating frequency display quency IP address Displays the settings on the Wi-FiL connection (local connection) of the router. The IP Subnet mask address is displayed if the router has a physical connection.
Page 279 Available WiFi networks Available networks are listed here. Click on the magnifying glass symbol to see the details of the respective WiFi network. Status (information and analysis) | Page 279 of 309...
Page 280: Internet
31.5 Internet Manual control of the dial-up Internet service Here you can click on the "Execute” button to manually restart the Internet dial-up service and thus discon- nect to enforce a new dial. NO T I C E Use this function only as instructed by the MB connect line support staff! Internet access This displays outgoing connections to the Internet.
Page 281: Dhcp
31.6 DHCP DHCP Server LAN Displays the IP addresses that the DHCP server assigns to connected clients. DHCP Server WAN Displays the IP addresses that the DHCP server assigns to connected clients. Logging Displays the IP addresses that the DHCP assigns and which IP addresses are not allowed. DHCP Client WAN Information about clients connected via the WAN connection.
Page 282: Dns Server
31.7 DNS Server DNS_Server Designation Description Name Displays the name of the DNS server (if not assigned by the Internet Service Provider). IP address Displays the IP address of the DNS server (if not assigned by the Internet Service Provider). Logging Designation Description...
Page 283: Dyndns
31.8 DynDNS DynDNS Designation Description Updated Displays the current IP address that is assigned to the mbNET via the Internet. IP-address Logging Designation Description System Here all events and errors relating to the DynDNS service are displayed. Logging Status (information and analysis) | Page 283 of 309...
Page 284: Ntp
31.9 NTP Date and time Designation Description Date/Time (UTC) Displays the current system time in Universal Time Coordinates (UTC). Local date/time Time Clicking on the "Execute” button, synchronises the time with the NTP server stored and update activated under System > Settings > Time Settings. Logging Designation Description...
Page 285: Vpn-Ipsec
31.10VPN-IPSec Incoming/outgoing connections Both the incoming and the outgoing VPN connections of the router are displayed here. An active connection is indicated by a green LED icon The duration of the connection and the dialled-in user are displayed. After disconnection, the time during which the corresponding connection was active is displayed. By clicking on the "Start"...
Page 286: Vpn-Pptp
31.11VPN-PPTP 31.11.1 VPN PPTP server Connections Inbound Outbound The incoming VPN connections of the mbNET are listed here. An active connection is indicated by a green LED icon The connection time, users dialled-in, local and remote IP address is displayed. After disconnection, you can see the time during which the corresponding connection was active.
Page 287: 2Vpn Pptp Clients
31.11.2 VPN PPTP clients Connections Inbound Outbound Outgoing VPN connections from the mbNET are displayed here. An active connection is indicated by a green LED icon The connection time, users dialled-in, local and remote IP address is displayed. After disconnection, you can see the time during which the corresponding connection was active. By clicking on the "Start"...
Page 288: Vpn-Openvpn
31.12VPN-OpenVPN Connections Inbound Outbound Both the incoming and the outgoing VPN connections of the mbNET are displayed here. An active connection is indicated by a green LED icon Name, local addresses and partner addresses are displayed here. By clicking on the "Start" or "Stop” button, you can manually start or stop a connection. NO T I CE Use this function only as instructed by the Red Lion support staff! System OpenVPN user logs...
Page 289: Iot
31.13IoT 31.13.1 IoT > Docker Here you can see: • the Status of your mbEDGE installation green LED icon = mbEDGE is active Click the "stop" button to deaktivate / stop mbEDGE gray LED icon = mbEDGE is not active Click on the "start"...
Page 290: 2Iot > Docker Management
31.13.2 IoT > Docker Management Here you can see the Status of the Docker Management green LED icon = Docker Management is activated Click the "stop" button to deaktivate / stop the Docker Management gray LED icon = Docker Management is not active Click on the "start"...
Page 291: 3Iot > Flows And Dashboard
31.13.3 IoT > Flows and Dashboard Here you can see: • the Status of accessing Flows and Dashboard. green LED icon = access to Flows and Dashboard is enabled. Click the "stop" button to deaktivate / stop the access gray LED icon = access to Flows and Dashboard is disabled.
Page 292: Runtime
31.14Runtime NO T I CE This function is only relevant if you operate the mbNET in the RLConnect24 portal. Here you can see: • theRuntime Status: green LED icon = Runtime is enabled. gray LED icon = Runtime is disabled. •...
Page 293: Diagnostics - Network Resources
31.15Diagnostics - Network Resources Designation Description Ping After entering an internet address or an IP address, you can use the ping command (Click on the "Ping” button) to determine whether the corresponding address is ac- cessible. Among other things, for example, you can easily determine whether an In- ternet connection exists.
Page 294 Designation Description TCPDUMP In order to closely monitor the network traffic, you can use the "TCPDUMP” com- mand. Some examples of the use of this command are: • -i eth0 not port 80 Displays all TCP/IP connections to the (-i) LAN (eth0) interface, except (not) those using Port 80 (port 80) when incoming or outgoing.
Page 295: Log-Analyzer
31.16Log-Analyzer The live log of the system can be seen under Log Analyzer. The display can be filtered by "Priority" and/or "Application". Status (information and analysis) | Page 295 of 309...
Page 296 Filters for "Priority" and/or "Application" can be set independently for a clear, detailed display. Page 296 von 309 | V 7.3.0 - en | Apr 4 , 2024 |...
Page 297: Storage Media
31.17Storage media Status display showing whether a storage medium (USB stick or/and SC card) is connected to the mbNET. green LED symbol = storage medium connected Grey LED symbol = storage medium is not connected Status (information and analysis) | Page 297 of 309...
Page 298: Alarm Manager
31.18Alarm Manager Designation Description Inputs The statuses of the digital inputs are displayed here. The status query is performed and updated approximately every three seconds. Outputs The statuses of the digital outputs are displayed here. The status query is performed and updated approximately every three seconds.
Page 299: System
31.19System 31.19.1 System-Usage CPU Information Display of the current utilization of the CPU. RAM in use Displays the currently required /used RAM of the router. Flash in use Displays the capacity of the configuration memory and temporary memory. Status (information and analysis) | Page 299 of 309...
Page 300: 2System Information
31.19.2 System Information Device uptime The operating time of the device since the last device restart is displayed here. The same information can also be found on the Quickstart page. System Kernel Logging Possible reasons for errors in the router can be found in the system information. System error log For example, if the Stat-LED on the front of the device is flashing, it may be possible to use the logging to discover the cause of the error.
Page 301: 3Mqtt Debug List
31.19.3 MQTT Debug List The MQTT debug list outputs the system information in tabular form. The mbNET can be used as an MQTT broker. After activating the "MQTT access to status topics" function under "System > Settings > Device API", you can query the values from the "MQTT debug list".
Page 302: Firmware Update Via The Usb Interface
Firmware update via the USB interface You can update the mbNET directly via the USB interface. The device then automatically recognizes the firmware saved to a connected USB stick. Pressing the Dial Out button starts the firmware update. Preparation: • Go to www.mbconnectline.com (downloads) and download the latest firmware version (e.g. "mb- NET_FW_V624.zip").
Page 303: Programming The Mbconnect24 Portal Configuration Via The Usb Interface
Programming the mbCONNECT24 portal configuration via the USB interface If you created the mbNET device configuration in the mbCONNECT24 service portal, you can scan this portal configuration directly via the USB interface into the mbNET. The device automatically detects the portal con- figuration stored on a connected USB Stick ("mbconnect24.mbn/-.mbnx”).
Page 304: Factory Settings When Delivered
Factory settings when delivered 34.1 User name and password - for access to the mbNET Web Interface The mbNET is delivered with the following user data: User name admin Password The default password can be found on the back of the device NO T I CE Make sure you change the default access data immediately! Page 304 von 309 | V 7.3.0 - en | Apr 4...
Page 305: Ip Address Of The Mbnet
34.2 IP address of the mbNET The mbNET is set to the following IP address in the factory: IP address 192.168.0.100 Subnet mask 255.255.255.0 Factory settings when delivered | Page 305 of 309...
Page 306: Load Factory Settings
Load factory settings NO T I CE Before you configure the device to its factory settings, you should note the following: • Save your configuration first. After restoring the factory settings, all of your settings/changes will be deleted. • The IP address of the device is reset to the original IP address (192.168.0.100). You may also need to modify the network settings of the configuration PC accordingly.
Page 307: Device Restart (Reset)
Device restart (Reset) Directly on the device (mbNET) using the reset button For example, use a paper clip and press the Reset button on the mbNET. The device will now restart. The restart is complete once both the "Rdy" and "Pwr" LEDs light up. Via the mbNET web interface 1.
Page 308: Annex
Annex 37.1 Set computer address (IP address) in Windows 10 NO T I CE If you want to access the web interface of the mbNET via a configuration PC, the following conditions must be met: • The mbNET must be connected to the PC via one of its LAN interfaces. •...
Page 309 • Click on properties in the next window (Status of LAN connection). • Here, under Properties of the LAN-connec- tion, select the entry Internet Protocol Ver- sion 4 (TCP/IPv4), and click on Properties. • Here, ° the IP address of the computer must be in the same network range as the mbNET, °...

This manual is also suitable for:

Mbnet.rokey rkh 210 Mbnet.rokey rkh 216 Mbnet.rokey rkh 235 Mbnet.rokey rkh 259 eu Mbnet.rokey rkh 259 at&t Mbnet.rokey rkh 259 us

RL mbNET.rokey RA70K Manual

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for RL mbNET.rokey RA70K