manualshive.com logo in svg

4RF Aprisa LTE, User Manual

The 4RF Aprisa LTE comes with a comprehensive Quick Start Manual to help you get started effortlessly. This manual is available for free download from our website, ensuring a seamless user experience. Explore the full potential of your device by referring to this detailed manual for easy troubleshooting and setup.

Share
Download
background image

 

Managing the LTE  |  165 

 

Aprisa LTE User Manual 2.1 

 

Security > VPN 

 

Secure VPN to data center and multipoint (peer to peer) VPNs 

Setting up a secure connection to the customer data center or to other multiple Aprisa LTE (peer to peer) 
requires  setting  up  a  VPN  connection  to  the  required  end  point/s.  The  Aprisa  LTE  allows  a  few  VPN 
connection options, non-secure and secure PTP VPNs and Multi-Point (MP) VPNs, which are listed list below: 

1.  Setup unsecure GRE PTP VPN connections. 
2.  Setup secure GRE-over-IPsec connections. 
3.  Setup secure Multipoint (peer to peer) GRE-over-IPsec VPN connections. 
4.  Checking and monitoring the VPN connections. 

The VPN menu allows configuration of the above list of VPN options while monitoring the VPNs is under the 
Maintenance menu. 

 

Setup unsecure GRE PTP VPN connections 

The user can use a regular unsecure IPv4/v6 connection or unsecure GRE VPN tunnel. The Aprisa LTE can 
act  as  a  GRE  tunnel  endpoint.  The  benefit  of  GRE  tunnel  is  that  it  provides  a  tunnelling  connection  to 
multiple protocols between two endpoints (or two private networks) over another network like they were 
locally connected. It allows the user to reconfigure its local device IP addressing without worrying about 
connectivity. It allows transport of L2/L3/L4 unicast and multicast protocols between two endpoints.  

Figure 19 describes the unsecure GRE VPN tunnel connection to the corporate data center. 

 

Figure 19 Setup unsecure GRE PTP VPN connections 

To setup the GRE tunnel VPN connection per the above figure, perform the following steps on Aprisa LTE: 

1.  Navigate to SuperVisor 

Security > VPN

 and on the GRE tab cli

ck the Add button. 

2. 

Set ‘Mode = IP over GRE’ (or ‘IP over GREv6’ in case of IPv6 GRE tunnel).

 

3. 

Set ‘Tunnel Name = GRE_Tunnel_0’. This sets the tunnel ID. This ID is 

recommended to be used on 

both ends of the tunnel configuration. 

4. 

Set  ‘Tunnel  IPv4  ad

dress/Netmask  =  192.168.2.2  / 

255.255.255.252  (/30)’  (or  Tunnel  IPv6 

Address/Prefix in case of IPv6). This is the IP address of the virtual tunnel interface. This is the GRE 

tunnel “glue” IP address to the transport IP address (or per standard notation the

 delivery IP). Note: 

those IP addresses must be unique and without subnet overlapping at both ends of the GRE tunnel.   

5. 

Set ‘

Tunnel Key = 42

’. This is the 

GRE tunnel key number and is required in DMVPN setup.   

6. 

Set ‘Source Public Address (SPA) = 121.90.26.133’. This is the source transport IP address (or the 
outer IP source address of the GRE tunnel across the cellular and wan networks) which is “glue” to 

the  virtual  tunnel  IP  address.  On  the  data 

center  endpoint  set  ‘Source  Public  Address  = 

100.65.3.

118’. The SPA can be public port or local port, and in this example, it is a public port.

 

Alternatively, the SPA can be set to 0.0.0.0 if the source interface is selected. In this example it can 
be wwan. 

7. 

Set ‘Destination Public Address = 100.65.3.118’. 

This is the destination transport IP address (or the 

outer IP destination address of the GRE tunnel across the cellular and wan networks) which is “glue” 

to  the  virtual  tunnel  IP  address.  On  the  data 

center  endpoint  set  ‘Destination  Public  Address  = 

121.90

.26.133’.

 Alternatively, the SPA can be set to 0.0.0.0 if the source interface is selected. In 

this example it can be wwan. 

Summary of Contents for Aprisa LTE

Page 1: ...User Manual February 2021 Version 2 1 released with software build 2 1 00811003 ...

Page 2: ......

Page 3: ... Electrical and Electronic Equipment and WEEE Waste Electrical and Electronic Equipment environmental directives Restriction of hazardous substances RoHS The RoHS Directive prohibits the sale in the European Union of electronic equipment containing these hazardous substances lead cadmium mercury hexavalent chromium polybrominated biphenyls PBBs and polybrominated diphenyl ethers PBDEs 4RF has work...

Page 4: ...could void the user s authority to operate the equipment Equipment authorizations sought by 4RF are based on the Aprisa LTE router being installed at a fixed restricted access location and operated within the environmental profiles defined in Table 1 operation outside these criteria may invalidate the authorizations and or license conditions Table 1 General Compliance Environmental Storage EN 300 ...

Page 5: ...ser is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help WWAN LTE This product may contain...

Page 6: ...6 Aprisa LTE User Manual 2 1 Compliance Canada ISED future compliance ...

Page 7: ...S power supply with a maximum rating of 32V d c 100W is required to power the equipment The following text is printed on the Aprisa LTE WARNING EXPLOSION HAZARD Do not connect or disconnect while circuits are live unless area is known to be non hazardous The following text is printed on the Aprisa LTE where the end user is in Canada AVERTISSEMENT RISQUE D EXPLOSION Ne pas brancher ou débrancher ta...

Page 8: ...er Manual 2 1 Symbols ISO 7000 0434B Exposure Warning Avertissement d exposition IEC 60417 5041 Potential hot surface hazard Risque potentiel de surface chaude ISO 7000 0434B Read the instructions Lis les instructions ...

Page 9: ...te de câble dans une condition d exposition uniquement mobile ne doit pas dépasser les limites stipulées dans le tableau 3 La puissance rayonnée d un émetteur colocalisé ne doit pas dépasser la limite indiquée dans le tableau 3 Table 3 Antenna Compliance Requirements Operating mode Tx Freq Range MHz Max Time Avg Cond Power dBm Maximum Antenna Gain c EIRP Limits dBm Standalone dBi Collocated dBi LT...

Page 10: ......

Page 11: ...32 RS 422 RS 485 Interface 22 USB Interface 22 SFP Module Socket 22 LTE Architecture Overview 23 LTE Applications 25 Smart SCADA Applications 25 Transportation Applications 29 Smart City Applications 31 Network Backhaul Applications 32 Industrial Communication Applications 33 Leased Line Applications 34 DMVPN Service Applications 35 Dynamic Routing Applications 36 MP BGP 36 OSPF 37 LTE Product opt...

Page 12: ...tor Adapters 58 Interface Connection and Cabling 59 Ethernet Interface Connections 59 Fibre Optic Connections 59 Serial RS 232 Interface Connections 60 Serial RS 422 RS 485 Interface Connections 61 USB 61 GPIO 62 Spares 63 Spare Fuses 63 Power Connectors 63 3 Managing the LTE 64 SuperVisor 64 SuperVisor Management Overview 65 Connecting to SuperVisor 65 Login to SuperVisor 66 Logout of SuperVisor ...

Page 13: ...curity Setup 158 Security Users 159 Security RADIUS 162 Security VPN 165 Security SSH 177 Security HTTPS 178 Security SNMPv2 v3 180 Maintenance 184 Maintenance General 184 Maintenance Files 186 Maintenance Cellular 190 Maintenance Networking 192 Events 193 Events Alarm Summary 193 Events History Log 194 Events Setup 195 Events Action Setup 197 Events Trap Setup 199 Events Alarm I O Setup 202 Event...

Page 14: ...1 Protocols 241 Wi Fi 241 Security 242 Interface Specifications 243 Ethernet Interface 243 Ethernet Interface with SFP 243 RS 232 Asynchronous Interface 244 General Purpose I O GPIO Pin Interface 245 Power Specifications 246 Power Supply 246 General Specifications 246 Environmental 246 Mechanical 246 7 Open Source License Statement 247 8 Trademarks and Service 247 Trademarks 247 Service 247 9 Prod...

Page 15: ...ho have an appropriate level of training and experience Only such persons shall install and service the Aprisa LTE Contact Us If you experience any difficulty installing or using Aprisa LTE after reading this manual please contact Customer Support or your local 4RF representative The 4RF New Zealand head office is 4RF Limited 26 Glover Street Ngauranga PO Box 13 506 Wellington 6032 New Zealand E m...

Page 16: ...prisa LTE router One power cable one metre fitted with 4 pin Molex Micro Fit 3 0 female connector and wire ended see Power Supply on page 51 One power connector power retention clip and screw The Aprisa LTE Quick Start Guide is available on the 4RF website at the URL Aprisa LTE Quick Start Guide ...

Page 17: ...ations with redundant carrier connections for public and private networks Mobility and Wi Fi supporting advanced remote visibility in vehicle networks with GNSS location GNSS navigation and 2x2 MIMO Wi Fi access point client for robust workforce mobility and communication Advanced L2 L3 capabilities selectable L2 or L3 modes with VLAN QoS NAT IPv4 and IPv6 Transition support to maximize performanc...

Page 18: ...et switch router using RJ45 connectors Used for Ethernet user traffic and product management See Ethernet Interface Connections on page 59 SERIAL One port of RS 232 RS 422 RS 485 serial using RJ45 connector See Serial RS 232 Interface Connections on page 60 and Serial RS 422 RS 485 Interface Connections on page 61 SFP SFP module socket see SFP Modules on page 41 The LTE router supplied with dust p...

Page 19: ...tion 19 Aprisa LTE User Manual 2 1 Rear Panel Connections The rear panel connections to the LTE are Designator Description SIM cards 1 2 Removable plate for fitting of SIM cards See Installing a SIM on page 44 ...

Page 20: ... the USB host port momentary and GPS position of poor quality hdop 5 when GNSS receiver enabled SFP LOS loss of signal detected LTE TX link in fallback to secondary SIM LTE RX link in fallback to secondary SIM Wi Fi in client mode and connected OK Flashing Orange Troubleshooting maintenance OTA software upgrade Management traffic on the USB port or receive invalid position from GNSS LTE TX traffic...

Page 21: ...32 482 422 RJ45 LED Indicators LED Position front facing LED Name LED Color Explanation Right Link LED Off Port is disabled or not connected or link failed Solid Green Port link detected and connected Left Activity LED Off No data traffic detected on port Flashing Orange Data traffic detected on port ...

Page 22: ...ket for fitting 2 x micro SIM cards Ethernet Interface 2 port 10 100 1000 base T Ethernet layer 2 switch using RJ45 female connector Used for Ethernet user traffic and modem network management RS 232 RS 422 RS 485 Interface 1 port RS 232 RS 422 RS 485 asynchronous port using RJ45 female connector USB Interface 1 x USB port using USB standard type C female connector Used for software upgrade diagno...

Page 23: ...he technology related to a core network The EPC is based on IP as the transport technology for data and control plane including for instance voice service PCC The PCC Policy and Charging Control framework allows operators to control the service a customer receives over the network and its billing services based on time or data volume or event occurring based on the network state and SDF Service Da...

Page 24: ...ent Tracking Area TAI and handover management EPS bearer management S GW An S GW terminates the interface towards an E UTRAN It serves as the local mobility anchor point of data connections for inter eNB and inter 3GPP handover P GW A P GW provides a UE with access to a PDN by assigning an IP address from the address space of the PDN The P GW serves as the mobility anchor point for handover betwee...

Page 25: ...ter functions The Aprisa LTE supports the following market segments Smart SCADA Transportation Smart City Backhaul Industrial Communication Smart SCADAApplications The Aprisa LTE supports the following smart SCADA applications Smart Grid communication platform for self healing management power outage resiliency for security physical attack supply demand side management SSM DSM and balancing of pow...

Page 26: ... WLAN for local office connectivity or for local secure device management The Aprisa LTE supports Ethernet serial using the embedded terminal server fiber optic SFP Wi Fi connection with RTU PLC supporting all IP serial SCADA protocols The user can disable or create local LAN switch bridge with all or part of the remaining interfaces not used at or toward the WAN side of the network Figure 2 Smart...

Page 27: ...g path metric priority Figure 4 Smart SCADA LTE path and Any Interface Alternate Path Application The Aprisa LTE can be used in harsh environments like electrical substations supporting IEEE 1613 requirements for communications networking devices installed in electric power substations and IEC 61850 3 general requirements for communication networks and systems for power utility automation standard...

Page 28: ...uling Application In a smart SCADA workforce vehicle mobility application the Aprisa LTE provides the field technician onsite Wi Fi WLAN local connectivity and communication path to the HQ control center The control center can track the vehicle on a map for security e g theft auditing including GNSS location speed and heading and read online self diagnostics and reporting alerts state of the vehic...

Page 29: ... a local Wi Fi WLAN communication to connect to the public internet and provide the public management center the ability to track the train bus location on a map view the security cameras and read the bus diagnostic and alerts status as shown in Figure 8 Figure 8 Public Transportation Application The Aprisa LTE in a fleet management application provides the corporate fleet management center the ab...

Page 30: ...ding GNSS location speed and heading read online vehicles self diagnostics and reporting alerts state when ODB II interface is connected via an adapter e g USB Wi Fi to the Aprisa LTE The Aprisa LTE also provides communication to the vehicle built in computer and Wi Fi connectivity to bodycams on ambulance doctors police firefighters as shown in Figure 10 Figure 10 Public Safety Application ...

Page 31: ...applications A communication platform for city service streetlight traffic light and video security The Aprisa LTE in a smart city application provides communication to city security video cameras connected via Ethernet or Wi Fi traffic lights and streetlight for city control center Figure 11 Smart City Application ...

Page 32: ...work backhaul applications SCADA backhauling AMI AMR backhauling DMR backhauling The Aprisa LTE in a network backhauling application provides LTE backhauling communication network to smart SCADA licensed unlicensed radio network and to AMI AMR network as shown in Figure 12 Figure 12 Network Backhauling Application ...

Page 33: ...router communication platform Underground sewerage Wi Fi communication platform The Aprisa LTE in an industrial communication application provides a networking switch router device functionality in a substation or industrial site and or a terminal server device to connect a legacy serial device e g serial RTU to an IP network without the need to use the LTE network as shown in Figure 13 Figure 13 ...

Page 34: ...N leased line Any leased line topology supported point to point PTP point to multipoint PMP and multipoint mesh MPMP Supports any endpoint interface to any endpoint interface e g Ethernet fiber copper Serial The Aprisa LTE in a leased line application provides the required connectivity between endpoints with different interfaces across the LTE network with the ability to control the bandwidth and ...

Page 35: ...point GRE mGRE Tunnel IPSec and NHRP Next Hop Resolution Protocol for a flexible virtual point to multipoint or full mesh secure VPN network Can be used over dynamic routing protocols such as BGP and OSPF or static routes The Aprisa LTE DMVPN service application supports the following benefits Secure full mesh connectivity built for any service s over the internet private network Replace or used a...

Page 36: ...routing protocol OSPF EIGRP etc and thus useful in organization with multiple IGP routing domains or with multiple ISP Cell Operator connections MP BGP introduce the following benefits When BGP is running inside routing domain AS Autonomous System used as internal iBGP and between AS used as external eBGP Interworks with all IGP protocols OSPF EIGRP etc and IPv4 v6 multicast unicast MP BGP Support...

Page 37: ...route injection into extension of stub area and ABRs Area Border Routers route aggregation to reduce route info OSPF providing fast convergence time since routing changes are propagated instantaneously in short time and not periodically OSPF allows load balancing OSPF allows the concept of logical area division of networks where routers can be divided into areas in an Autonomous System AS to limit...

Page 38: ...26 B29 B30 B32 B41 B42 B43 B46 B48 B66 M003 EM7455 Cat 6 2CA 300 Cat 6 2CA 50 B1 B2 B3 B4 B5 B7 B12 B13 B20 B25 B26 B29 B30 B41 M004 EM7430 Cat 6 2CA 300 Cat 6 2CA 50 B1 B3 B5 B7 B8 B18 B19 B21 B28 B38 B39 B40 B41 Downlink only Carrier Aggregation Network Modules The Aprisa LTE provides the following Network Module options Network Module Function Part Number Option N00 No network module fitted to ...

Page 39: ...f a tamper is detected this device will immediately erase the encryption key in the battery backed tamper protected memory Factory default settings are immediately loaded and a tamper event is added at the next boot It uses a pluggable 3V lithium battery to power the tamper circuits while the router is not powered CAUTION There is a risk of fire or explosion if the lithium battery is replaced by a...

Page 40: ...carrier APLT M001 N01 P0 V0 T0A0 T1 Tethered to AT T APLT M001 N01 P0 V0 T1A0 T2 Tethered to Verizon APLT M001 N01 P0 V0 T2A0 Wi Fi Region The Aprisa LTE region options Option Function Part Number Option A0 No Region APLT M001 N01 P0 V0 T0A0 A1 FCC APLT M001 N01 P0 V0 T0A1 A2 ICES APLT M001 N01 P0 V0 T0A2 A3 ETSI APLT M001 N01 P0 V0 T0A3 ...

Page 41: ...tance up to 2 0 km on multi mode fibre Operating temperature range 0 to 70C APLB MSFP 131 SM SW 10ST Aprisa LTE SFP Module Up to 1 Gbit s bi directional data links Fibre Optic 1310nm single mode single wavelength Connector LC Duplex Distance up to 10 km on 9 125µm single mode fibre Operating temperature range 0 to 70C APLB MSFP 131 SM SW 40ST Aprisa LTE SFP Module Up to 1 Gbit s bi directional dat...

Page 42: ...t Cables 5 2m black WiFi LTE cable LMR 195 GNSS cable LMR 100 APLB AONI CBR NF Aprisa LTE omnidirectional low PIM collinear antenna operates over the CBRS band 3550 3700 MHz Dimensions diameter x height mm inches 25 4 x 257 1 0 x 10 0 Polarization Vertical Linear Connectors N type Female Gain 6 8 dBi APLB APNL 3GH DP NF Aprisa LTE 3 3 4 01 GHz dual polarization dual slant panel antenna Dimensions ...

Page 43: ...Micro Fit 3 0 female connector and wire ended Cable length 1m Pin 1 Red ve Power Input Pin 2 Black ve Power Input Pin 3 Green Digital Input Pin 4 White Digital Output APLB PPWR X10 Aprisa LTE power cable fitted with 4 pin Molex Micro Fit 3 0 female connector and wire ended Cable length 10m Pin 1 Red ve Power Input Pin 2 Black ve Power Input Pin 3 Green Digital Input Pin 4 White Digital Output ...

Page 44: ...crews 5 Turn the LTE power on 6 Go to SuperVisor Cellular SIM 1 2 to view the SIM status 7 Go to SuperVisor Cellular General to enable assign the SIM to a PDN Profile see Cellular General on page 83 Attach the Cellular LTE GNSS and Wi Fi Antennas Attach either separate antennas for LTE GNSS and for Wi Fi or a single combo antenna to the appropriate QMA connectors See Antennas on page 42 for antenn...

Page 45: ...uperVisor Interfaces Networking SFP for SFP settings Hardware Restoring of Factory Defaults The Aprisa LTE factory defaults can be restored via a 2 pin header on the board assembly To restore the Aprisa LTE factory default configuration 1 Power off the LTE 2 Open the LTE enclosure by unscrewing the securing screws posi 2 see enclosure picture on page 237 3 Short the two pins of the RESET header as...

Page 46: ... APN navigate to Cellular General and set the active backup APNs per your installed SIM s Wi Fi Network Name and password if router was ordered with Wi Fi navigate to Interfaces Networking WiFi click the Edit button and set under Interface Configuration the ESSID WiFi network name and the password If you are currently using the router s Wi Fi network you will need to reconnect your devices to the ...

Page 47: ...ctivate Aprisa LTE software 1 Download the software file 4nu into your computer 2 Login to SuperVisor and go to Software File Transfer The method is set to HTTPS 3 Click Start Transfer 4 Browse to the 4nu software file stored on your computer The software release file will be transferred to the LTE Available Software Pack location and the file integrity verified If the file transfer fails check th...

Page 48: ...rom a USB flash drive in to the Aprisa LTE and activated rebooted automatically Load Only New software will be uploaded from a USB flash drive in to the Aprisa LTE The software will need to be manually activated later see Software Manager on page 212 3 Insert the USB flash drive into the LTE host port The AUX LED will light green indicating the presence of a USB flash drive It does not indicate th...

Page 49: ...ash active firmware To load and activate later Aprisa LTE software from a remote FTP server 1 Open the CLI interface see Command Line Interface on page 226 2 Type copy ftp username password server ip or name file path and name flash available firmware To activate already loaded Aprisa LTE software 1 Open the CLI interface see Command Line Interface on page 226 2 Type copy flash available firmware ...

Page 50: ...ate antennas for LTE GNSS and for Wi Fi or a single combo antenna to the appropriate QMA connectors on the LTE Turn the power source on Connect your PC to one of the Ethernet ports and login to SuperVisor with admin admin Setup the correct SIM slot and APN name to use in SuperVisor Cellular settings Test the setup by verifying internet connectivity Check the SuperVisor Monitoring page that the LTE...

Page 51: ...ded is supplied in the box with each LTE Additional power cables of the same type can be ordered from 4RF as accessories Part Number Part Description APLB PPWR X01 4RF LTE Acc Cable Power 1m APLB PPWR X10 4RF LTE Acc Cable Power 10m Wire your power source to the power cable and plug the connector into the LTE Spare Molex Micro Fit 3 0 connectors can be ordered from 4RF Part Number Part Description...

Page 52: ...C the Aprisa LTE must be installed within a restricted access location to prevent human contact with the enclosure heat sink ATTENTION Si l Aprisa LTE fonctionne dans un environnement où la température ambiante dépasse 50 C l Aprisa LTE doit être installé dans un endroit à accès restreint de manière à éviter tout contact humain avec le dissipateur de chaleur du boîtier WARNING The Aprisa LTE can b...

Page 53: ...th connection point on the top left of the enclosure A M4 8mm pan pozi machine screw and M4 lock washer is supplied fitted to the router This screw is used to earth the enclosure to a protection earth A minimum of 0 8 mm2 18 AWG wire shall be used and it shall not contain switches or protective devices ...

Page 54: ...s The Aprisa LTE has four threaded holes M4 in the enclosure base and two holes 5 2 mm through the enclosure for mounting Mounting options include DIN rail mounting with the Aprisa LTE DIN Rail Mounting Bracket Rack shelf mounting Wall mounting Outdoor enclosure mounting ...

Page 55: ...to enable the mounting on a standard DIN rail Part Number Part Description APLB MBRK DIN 4RF LTE Acc Mounting Bracket DIN Rail The Aprisa LTE is mounted into the DIN rail mounting bracket using the four M4 threaded holes in the Aprisa LTE enclosure base Four 8 mm M4 pan pozi machine screws are supplied with the bracket ...

Page 56: ...ommended 3 1 worst case On all bands including band edges Total radiated efficiency 50 on all bands Measured at RF connector Includes mismatch antenna loss but excludes coaxial loss Radiation pattern Nominally Omni directional radiation pattern in azimuth plane Envelope correlation coefficient between Main and Diversity 0 5 on Rx bands below 960 MHz 0 2 on Rx bands above 1 4 GHz Mean Effective Gai...

Page 57: ... Gain Maximum gain and uniform coverage in the high elevation angle and zenith Gain in azimuth plane is not desired Average 3D gain 5 dBi Isolation between GNSS and Ant1 10 dB in all uplink bands Typical VSWR 2 5 1 Polarization Any other than LHCP left hand circular polarized is acceptable Active GNSS Antenna Where an active GNSS antenna is used a 3 15 V d c supply at up to 100 mA is available at ...

Page 58: ...E Router Installation Aprisa LTE User Manual 2 1 RF Connector Adapters Part Number Description APLB AQMM SMF QMA Male to SMA Female Adapter APLB AQMM SMP QMA Male to SMA Male Adapter reverse outer conductor ...

Page 59: ...TX _D1 Transmit Output Green Orange 3 RX _D2 Receive Input Orange white Green white 4 BI _D3 Bi directional Bi directional Blue Blue 5 BI _D3 Bi directional Bi directional Blue white Blue white 6 RX _D2 Receive Input Orange Green 7 BI _D4 Bi directional Bi directional Brown white Brown white 8 BI _D4 Bi directional Bi directional Brown Brown Fibre Optic Connections SFP modules available as accesso...

Page 60: ... Blue white 6 RXD Output Orange Green 7 DSR Output Brown white Brown white 8 CTS Output Brown Brown Note The TIA 568B wiring is the most commonly used and matches the cables we supply RS 232 Customer Cable Wiring Aprisa LTE RS 232 Interface DCE DTE Customer Interface DCE Customer Interface RJ45 Pin Number Pin Function Direction Pin Function DB9 Male Pinout Pin Function DB9 Female Pinout 1 RTS Inpu...

Page 61: ...ns RS 422 Serial Interface pinout RJ45 Pin Number Pin Function 1 TX 2 3 TX 4 Ground 5 6 RX 7 8 RX RS 485 Serial Interface pinout RJ45 Pin Number Pin Function Full Duplex Half Duplex 1 TX TX RX 2 3 TX TX RX 4 Ground Ground 5 6 RX 7 8 RX USB The LTE USB connector is a standard USB type C connector ...

Page 62: ...use e g door open close or operating a camera remotely See General Purpose I O GPIO Pin Interface on page 245 for the interface specification GPIO Digital Input Pin3 of the Molex Micro Fit connector used for the following functions Programmable ignition turn on and turn off delays Programmable sleep modes Input sensing for protection systems GPIO Digital Output Pin 4 of the Molex Micro Fit ...

Page 63: ...iption APLS FNAN 454 05 02 4RF LTE Spare Fuse Nano SMF 454 Series 5A 2 Items APLS FNAN 454 05 10 4RF LTE Spare Fuse Nano SMF 454 Series 5A 10 Items APLS FNAN 454 05 50 4RF LTE Spare Fuse Nano SMF 454 Series 5A 50 items Power Connectors Part Number Part Description APLS CML4 FEM 01 4RF LTE Spare Connector Molex 4 Pin Micro Fit 3 0 Female 1 item ...

Page 64: ...soft Edge SuperVisor enables operators to configure and manage the Aprisa LTE The key features of SuperVisor are Full element management configuration and diagnostics Performance and alarm monitoring alarm states time stamped events etc View and set standard configuration parameters including Cellular settings see Cellular General on page 83 Set and view security parameters User management Operate...

Page 65: ...th a subnet mask of 255 255 255 0 To change the Aprisa LTE IP address 1 Set up your PC for a compatible IP address e g 192 168 4 100 with a subnet mask of 255 255 255 0 2 Connect your PC network port to one of the Aprisa LTE Ethernet ports 3 Open a browser and enter 192 168 4 1 4 Login to the LTE router with the default username admin and password admin 5 Go to Interfaces Networking Logical Interf...

Page 66: ...sa LTE has a randomly generated unique self signed ECC256 security certificate which may cause the browser to prompt a certificate warning The valid certificate is Issued By 4RF APRISA which can be viewed in the browser When connecting to a remote device for first time you should manually load the certificate before connecting Once you have added the exception to your browser if a warning is shown...

Page 67: ...see Security Users Accounts on page 160 Logout of SuperVisor As the maximum number of concurrent users that can be logged into an LTE router is 6 not logging out correctly can restrict access to the LTE router until after the timeout period 30 minutes If the SuperVisor window is closed without logging out the LTE router will automatically log the user out after a timeout period of 3 minutes To log...

Page 68: ... Branding Bar The branding bar at the top of the SuperVisor frame shows the branding of SuperVisor on the left and the product branding on the right SuperVisor Alarm Bar The alarm bar shows the name of the LTE router that SuperVisor is logged into on the left The LED alarm indicators reflect the status of the front panel LEDs on the LTE router ...

Page 69: ...ead Write Interfaces Networking USB No Access No Access Read Write Read Write Interfaces Networking WiFi No Access No Access Read Write Read Write Interfaces Networking Logical Interfaces No Access No Access Read Write Read Write Interfaces Networking Static Routes No Access No Access Read Write Read Write Interfaces Networking DHCP and DNS No Access No Access Read Write Read Write Interfaces Netw...

Page 70: ...ummary Read Only Read Only Read Only Read Only Software Setup No Access No Access Read Write Read Write Software File Transfer No Access No Access Read Write Read Write Software Manager No Access No Access Read Write Read Write Monitoring Terminal Read Only Read Only Read Only Read Only Monitoring Cellular Read Only Read Only Read Only Read Only Monitoring Ethernet Read Only Read Only Read Only Re...

Page 71: ...r Settings Changes to parameters settings have no effect until the Save button is clicked Click the Save button to apply the changes or Cancel button to restore the current value Terminal Terminal Summary TERMINAL SUMMARY This page displays the current settings for the Terminal parameters Terminal Details on page 72 and Terminal Device on page 74 for setting details ...

Page 72: ...etails This page displays the current device hardware details MANUFACTURING DETAILS Serial Number This parameter displays the Serial Number of the device shown on the enclosure label Part Number This parameter displays the LTE part number ...

Page 73: ...splays the SFP port MAC Address Active Software Version This parameter displays the version of the software currently operating the device Previous Software Version This parameter displays the software version that was running on the device prior to the current software being activated A new device from the factory will display None for the Previous SW Version WiFi MAC Address This parameter displ...

Page 74: ...racters but cannot contain invalid characters A popup warns of the invalid characters 1 Enter the device Terminal Name 2 Enter the device Host Name 3 Enter the device Location of the router 4 Enter a Contact Name 5 Enter the Contact Details 6 Enter the Group Id This is the Aprisa LTE router virtual group for NMS visual purpose or group operational purpose The default value is 0 ...

Page 75: ...e not sure use the Select All to select all bands or select only the supported bands to minimize band search and connection time or restoration time 2 On the same page set the cellular operator APN name that identifies the PDN Gateway P GW to create the connection to the PDN WAN network Setup the required active SIM IP version and roaming and enable the service connection Enabling roaming allows t...

Page 76: ...76 Aprisa LTE User Manual switch to the next lower priority enabled PDN under the PDN Profile Settings see Cellular General ...

Page 77: ... connects to another available cellular network operator high charges might apply 3 In case of APN backup connection requirements setup a second APN name identifier a backup APN connection per each cellular operator i e a total of four 4 APNs two per each SIM operator Note The order of the APN settings is important since the first APN is the highest priority followed by lower priority APNs and in ...

Page 78: ...Manufacturer Displays the modem manufacturer Model Displays the modem model number IMEI Displays the International Mobile Equipment Identifier IMEI a unique 15 or 17 digit code used to identify an individual mobile station to a GSM UMTS or LTE network This number is stored in the cellular modem ...

Page 79: ...nds supported by the installed LTE module and the carrier see LTE Modules on page 38 Enabled Bands Displays the list of bands enabled in this LTE see Cellular General on page 83 Carrier Aggregation When enabled allows carrier aggregation to take place Modem State Displays the cellular modem state The values can be Failed Unknown Initializing Locked Disabled Disabling Enabling Enabled Searching Reg...

Page 80: ...number to the SIM card in a mobile cellular phone SIM Slot Indicates whether SIM is present or removed from the socket and its current status It can take values 1 or 2 SIM PIN Displays if this SIM requires a PIN or not Enabled indicates a PIN is required for this SIM Disabled indicates that no PIN is required for this SIM SIM Status Displays the SIM status Not locked Locked PIN Locked PUK Present ...

Page 81: ... Not Connected Registration State Displays the Registration state Unknown Registered Home Current Band Displays the band to which the modem is currently attached APN in Use Displays the current Access Point Name APN in use The APN is an identifier that lives in the LTE core network Cellular IPv4 Address Displays the current Cellular IPv4 Address Cellular IPv6 Address Displays the current Cellular ...

Page 82: ...tallation phase to validate it is connected to the appropriate eNB ID and cell sector per the RF path planning eNB ID Evolved NodeB Identifier eNB is a decimal number used to identify an eNB uniquely within an operator mobile network or Public Land Mobile Network PLMN The eNB ID can have either 20 bits or 28 bits It is also comprised within the Global eNB ID which uniquely identifies an eNB global...

Page 83: ...t to connect to the highest priority PDN and switching between PDN due to connection failure is controlled by the Redundancy Settings configuration parameters see Cellular Carrier Redundancy on page 85 For example the user may set four different PDN connections on a single cellular operator i e using a single SIM1 card slot where the first PDN will serve as the highest priority followed by lower p...

Page 84: ...witching from the home network i e the SIM operator network to the roaming network when the Aprisa LTE is being used outside the range of its home network and connects to another available cellular network the roaming network When on the roaming network charges may be applied per customer contract Note This option is useful if the Aprisa LTE frequently crosses between network operator or between b...

Page 85: ...n a roaming network before it automatically switches to a secondary next lower priority PDN If after switching the secondary PDN network is not available for the initial scan timeout duration then the connection return to the roaming service network for another roaming timeout time The roaming timeout value is unlimited but the recommended range is between 600 15 000 seconds The default value is 6...

Page 86: ...ction then next lower priority PDN profile is used If there are no lower priority PDNs then first highest priority PDN profile is used The idle scan timeout value is unlimited The default value is 120 seconds 2 minutes Revert Mode This parameter controls which PDN profile to select when attempting to revert to a PDN network profile First PDN or Previous PDN Controls Start button starts the heath c...

Page 87: ... address type to IPv4 or IPv6 Ping Destination IP Address This parameter sets the destination IP address for the pings Inter ping Interval s This parameter sets the time in seconds between pings Ping Timeout s This parameter sets the maximum amount of time in seconds to wait for a ping result Link Failure Ping Threshold s This parameter sets the number of failed ping attempts to the destination ad...

Page 88: ...s parameter enables disables SIM PIN SIM PIN This parameter sets the SIM PIN The pin must be between 4 and 8 characters Preferred Provider This parameter sets the Preferred Provider e g None AT T Verizon Wireless etc SIM Status This parameter displays the SIM status e g Not Locked Locked SIM PIN Retries Remaining This parameter displays the number of SIM PIN retries remaining when entering the SIM...

Page 89: ...he Short Message Service control command SMS Control Command Password This parameter sets the Short Message Service control command password The password is used to verify commands sent to the Aprisa LTE over SMS SMS messages must be sent in the format of password space command e g if password is passabc then the command to reboot the Aprisa LTE using SMS will be passabc reboot ...

Page 90: ...lays the current GNSS values LOCATION SUMMARY Position Coordinates The current GNSS latitude longitude and altitude Heading degrees The current direction in degrees Speed kph The current speed in kilometers per hour Last Updated The last time the GNSS data was updated ...

Page 91: ...for calculations but the fix quality could still be improved A more open view of the sky is recommended 10 20 Fair Represents a low confidence level Positional measurements should be discarded or used only to indicate a very rough estimate of the current location 20 Poor At this level measurements are inaccurate by as much as 300 meters with a 6 meter accurate device 50 DOP 6 meters and should be ...

Page 92: ... disables GNSS Active Antenna This parameter enables disables the GNSS antenna power 3 3V Log Interval min This parameter sets the interval in seconds between GNSS log entries 0 disables GNSS logging The default is 600 seconds Position Coordinates This parameter manually sets the position latitude and longitude Status The last know GNSS status ...

Page 93: ... 93 Aprisa LTE User Manual 2 1 Interfaces Networking Interfaces Networking Summary This page displays the current settings for all interfaces and the status of the ports See the Interfaces Networking pages for settings ...

Page 94: ...or display Mode This parameter controls the enable disable of the Ethernet port The default setting is Standard Option Function Standard Ethernet Port is in standard operation Disabled Ethernet port is disabled Useful when the port is unused or when user would like to save in power consumption Speed Mbit s This parameter controls the traffic rate of the Ethernet port The default setting is Auto Op...

Page 95: ... LTE 95 Aprisa LTE User Manual 2 1 Duplex This parameter controls the transmission mode of the Ethernet port The default setting is Auto Option Function Auto Provides auto selection of Ethernet Port duplex setting ...

Page 96: ...on Standard SFP Port is in standard operation Disabled SFP port is disabled Useful when the port is unused or when user would like to save in power consumption Speed Mbit s This parameter controls the traffic rate of the Ethernet port The default setting is Auto Option Function Auto Provides auto selection of SFP Port Speed 10 100 1000 Mbit s Duplex This parameter controls the transmission mode of...

Page 97: ...arameters SERIAL PORTS SETTINGS Name This parameter sets the port name which can be up to 32 characters Mode This parameter defines the mode of operation of the serial port The default setting is Standard Option Function Disabled The serial port is not required Terminal Server Serial traffic is encapsulated in IP packets ...

Page 98: ...ired at the end of the bus pair RS 485 Full Duplex RS 485 full duplex provides multi drop two way communication between a master device and up to 32 slave devices on a 4 wire bus With Full Duplex data can pass simultaneously both to and from the devices A 120 ohm termination is required at the end of each pair of the bus MTU Size bytes This parameter sets the size of the packet in bytes received b...

Page 99: ...ode this parameter sets the period the between the CTS being set and data being transmitted The default setting is 0 ms CTS Hold ms In CTS Keying mode this parameter sets the period the between the end of the data and CTS being cleared The default setting is 0 ms Inter Frame Gap chars This parameter defines the gap between successive serial data frames It is used to delimit the serial data to defi...

Page 100: ...nnector The default setting is Auto Option Function Auto For RS232 mode only the link LED is on if either CTS or DSR is asserted by peer device or if data has been received in last 10 seconds If using RS422 HD RS232 FD or RS485 the link LED is always on Always On The link LED is always on regardless of link status ...

Page 101: ...isten for a TCP connection on the specified local port and if necessary establish a TCP connection with the specified remote unit Data received from any client shall be forwarded to the associated serial port while data received from that serial port shall be forwarded to every client with an open TCP connection Inactivity Timeout seconds This specifies the duration in seconds to automatically ter...

Page 102: ...d 162 snmp The default setting is 20000 The user is responsible for ensuring that there is no conflict on the network Remote Address This parameter sets the IP address of the server connected to the LTE Ethernet port When the remote address port is configured as 0 0 0 0 0 each outgoing UDP packet will be sent to the source address of the last received UDP packet Remote Port This parameter sets the...

Page 103: ...his page provides setup of the USB host port parameters USB DETAILS Mode This parameter defines the mode of operation of the USB port The default setting is USB Host Option Function Disabled The USB port is not required USB Host The USB port is active for software upgrades etc ...

Page 104: ...E User Manual Interfaces Networking WiFi This section provides setup of the WiFi port parameters Scan Button The Scan Button scans for Wi Fi networks Edit Button The Edit Button edits the Wi Fi device configuration ...

Page 105: ...int s MAC address The SSID keeps the packets from client device within the correct WLAN even when overlapping WLANs are present However there are usually multiple APs and their associated clients within each WLAN and BSSID is the AP identifier which makes the bound between AP and its clients and included in all wireless packets User client device are aware to the network SSID but usually unaware t...

Page 106: ...ctions with them Client In Client mode the wireless client is assigned an IP from the associated AP and is able to access to wired network through associated AP ESSID This parameter sets the WiFi ESSID The Extended Service Set Identifier ESSID consists of all the BSSIDs in the network For practical purposes the ESSID identifies the same network as the SSID The default setting is AprisaLTE Network ...

Page 107: ...WEP Shared key Wired Equivalent Privacy WEP is an older Wi Fi security standard It is not secure and should only be used for compatibility with older equipment WPA PSK Wi Fi Protected Access WPA is an older Wi Fi security standard that is still in common use WPA2 PSK WPA2 is an enhanced version of WPA which provides improved security WPA2 PSK Pre Shared Key is commonly used in home and small offic...

Page 108: ...CL Allow all Except Listed MACs Allow access to all MAC addresses except those in the Wi Fi MAC access control list ACL WiFi Interface Configuration MAC Advanced Settings This page provides setup of the WiFi Advanced Settings Isolate Clients This parameter confines and restricts clients connected to the Wi Fi network When enabled clients cannot communicate with each other or with wired network whe...

Page 109: ...8 This is normally a 48 prefix within the fd00 8 range defined in RFC4192 The default value is randomly generated and different on each Aprisa LTE If your organization uses ULA addressing this should be modified to the appropriate prefix Controls Restart This restarts the interface which causes the interface to be disabled with link status down then restarted This will clear address tables learnt ...

Page 110: ...110 Aprisa LTE User Manual ...

Page 111: ...ows assignment of one or more IPv4 and or IPv6 static addresses along with manual configuration of default gateway DHCP Client Allows automatic configuration of IPv4 address netmask gateway and DNS servers through the DHCP protocol DHCPv6 Client Allows automatic configuration of IPv6 from any combination of stateless DHCPv6 stateful DHCPv6 DHCPv6 PD and SLAAC Create a bridge over multiple interfac...

Page 112: ... Custom VLAN interface This allows creation of virtual 802 1q VLAN tag interfaces For example entering eth1 100 creates an interface that uses 802 1q packets with VLAN id 100 on ETH1 Custom VLAN bridge To pass for example VLAN id 100 between ETH1 and ETH2 enter eth1 100 and eth2 100 To create a VLAN bridge with ETH1 having id 100 ETH2 having id 200 and SFP being a trunk port First create a new log...

Page 113: ...n of default gateway DHCP Client Allows automatic configuration of IPv4 address netmask gateway and DNS servers through the DHCP protocol DHCPv6 Client Allows automatic configuration of IPv6 from any combination of stateless DHCPv6 stateful DHCPv6 DHCPv6 PD and SLAAC IPv4 Address When the Protocol is set to Static Address this sets the static IP Address of the radio Management and Ethernet ports a...

Page 114: ...ny DNS servers available on this interface This is the same as the settings in windows networking IPv6 assignment length This parameter is only present for a static interface configuration Specifies the delegated prefix length for this interface IPv6 assignment hint This parameter is only present for a static interface configuration Specifies a sub prefix to use e g if assignment length is 64 and ...

Page 115: ...eam facing interfaces Usually relevant to ports using DHCPv6 protocol although can sometimes apply in other unusual topologies Override MTU This parameter sets the MTU Maximum Transmission Unit largest possible size of a data packet between 0 and 1500 The default setting is 1500 Use gateway metric Any gateways on this interface either statically assigned or automatically discovered e g through DHC...

Page 116: ...n logical interfaces By default the LAN is a bridge of ETH1 and ETH2 ports If the user wishes to include the SFP1 port default as WAN interface in the LAN bridge the WAN interface must be deleted first and then add the SFP1 port to the LAN bridge If the user wishes to change the ETH1 and ETH2 default LAN bridge interface to Router port each with its own IP subnet the LAN is changed to not bridged ...

Page 117: ...naging the LTE 117 Aprisa LTE User Manual 2 1 Interface Select the physical interface e g ETH1 ETH2 or SFP that this logical interface covers If Bridge interfaces is selected then you may select multiple ...

Page 118: ... firewall settings of a static address interface Create Assign firewall zone Choose the firewall zone you want to assign to the interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it ...

Page 119: ...protocol The default setting is DHCP Client Option Function Static Address Allows assignment of one or more IPv4 and or IPv6 static addresses along with manual configuration of default gateway DHCP Client Allows automatic configuration of IPv4 address netmask gateway and DNS servers through the DHCP protocol DHCPv6 Client Allows automatic configuration of IPv6 from any combination of stateless DHC...

Page 120: ... default gateway When selected the default route provided by the DHCP server will be added to the routing table Use DNS servers advertised by peer If this parameter is selected the DNS server advertised by the DHCP server is used Use gateway metric Any gateways on this interface either statically assigned or automatically discovered e g through DHCP will be assigned this metric when added to the r...

Page 121: ...ETH1 ETH2 or SFP that this logical interface covers If Bridge interfaces is selected then you may select multiple Enable STP Only for bridged interfaces using Spanning Tree Protocol This is designed to prevent loops in L2 networks Enable this protocol if there is any chance of a loop If connecting to narrow band links such as Aprisa SR it is often advisable to disable the STP protocol Enable IGMP ...

Page 122: ... firewall settings of a DHCP Client interface Create Assign firewall zone Choose the firewall zone you want to assign to the interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it ...

Page 123: ...gh the DHCP protocol DHCPv6 Client Allows automatic configuration of IPv6 from any combination of stateless DHCPv6 stateful DHCPv6 DHCPv6 PD and SLAAC Request IPv6 Address This parameter specifies how prefix allocation is requested Option Function Try Ask server for prefix but accept whatever is given Force Keep requesting if server gives smaller prefix Disabled Don t specify prefix length in requ...

Page 124: ...relevant to ports using DHCPv6 protocol although can sometimes apply in other unusual topologies Use default gateway If this parameter is active a default gateway discovered with RA protocol will be added to the routing table Use DNS servers advertised by peer If this parameter is active the DNS server advertised by the DHCPv6 server is used Override MTU This parameter sets the MTU Maximum Transmi...

Page 125: ...g ETH1 ETH2 or SFP that this logical interface covers If Bridge interfaces is selected then you may select multiple Enable STP Only for bridged interfaces using Spanning Tree Protocol This is designed to prevent loops in L2 networks Enable this protocol if there is any chance of a loop If connecting to narrow band links such as Aprisa SR it is often advisable to disable the STP protocol Enable IGM...

Page 126: ... firewall settings of a DHCPv6 Client interface Create Assign firewall zone Choose the firewall zone you want to assign to the interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it ...

Page 127: ...ult value is 100 Limit This parameter sets the number of addresses the DHCP server can lease out Continuing from the above example if the start address is 192 168 4 100 and the server can lease out 150 default limit value available addresses will be from 192 168 4 100 to 192 168 4 249 The default value is 150 Lease time This parameter sets duration of an IP lease Leased out addresses will expire a...

Page 128: ...ngs IPv4 Netmask This parameter overrides the LAN netmask sent to DHCP clients The default value is 255 255 255 0 DHCP Options This parameter allows additional options to be sent by the DHCP server to clients For example with 26 1470 or option mtu 1470 you can inform clients of the specified MTU value ...

Page 129: ...Advertisement packets NDP Proxy This parameter when in relay mode acts as a proxy for Neighbour Discovery ND packets This is generally required when DHCPv6 or Router Advertisement acting as a relay When in hybrid mode chooses when to proxy automatically Always announce default router This parameter selects this device is advertised as a default route through Router Advertisement packets even if th...

Page 130: ...130 Aprisa LTE User Manual ...

Page 131: ...each the route destination Target This parameter specifies the single IP such as 192 168 100 100 or a network such as 192 168 100 0 that this route can reach Netmask For a network this parameter specifies the netmask For example specify 255 255 255 0 if the network is 192 168 100 0 24 Gateway This parameter sets the gateway IP address where packets will be forwarded to a router with this IP addres...

Page 132: ...nother value that help the router choose the best route among multiple feasible routes to a destination The metric value based on information such as path length bandwidth load hop count path cost delay that may be used by the different routing protocols The lowest Metric value has the highest priority route Metric value range is 0 to 16 777 215 Example if packet destination address is 10 10 10 10...

Page 133: ...STATIC IPv6 ROUTES Interface Same as for IPv4 Target If the target is a single address specify it directly eg 2402 2380 305 3100 834 If it is a network specify in CIDR notation eg 2402 2380 305 3100 64 Gateway Same as for IPv4 Metric Same as for IPv4 ...

Page 134: ...nd DNS DHCP and DNS General Settings This page provides setup of the DHCP and DNS servers Authoritative When enabled this parameter relaxes strict RFC behaviour to speed up clients obtaining leases but should only be enabled if there is no other DHCP server ...

Page 135: ...4 4 server Note that any DNS servers obtained through DHCP DHCPv6 and IPv6 RA will automatically be used Static leases Hostname sets the hostname to give to the static entry MAC address This parameter specifies the MAC address of the device to statically allocate an IP address A list of detected MAC addresses is provided for convenience but any valid 48 bit MAC address can be specified IPv4 addres...

Page 136: ...ual DHCP and DNS Advanced Settings This page provides setup of DHCP advanced settings Maximum active leases Specifies the number of leases the DHCP server will allocate to clients simultaneously The default value is unlimited ...

Page 137: ... on a defined set of security rules Firewall General Settings This page provides setup of the firewall main policies and zones policies over your network interfaces to control network traffic flow This section defines the main policies of the firewall function It matches packet against all defined firewall chain rules If no rule matches an Action Accept Drop and Reject is performed Drop invalid pa...

Page 138: ...Output Accept Perform Action on packets pass output firewall chain Forward Reject Perform Action on packets pass forwarding firewall chain The Action parameters define the operation related to the firewall chain Action Function Accept The packet gets to continue to the next firewall chain Drop The packet is dropped Reject The packet is dropped and an ICMP packet containing a message of rejection i...

Page 139: ...n defines network port zones and their exposer to other zones Network port zones entities are defined in Interfaces Networking Logical Interfaces per port network or group of ports Zone Forwarding Inter Zone Forwarding Control the forwarding policies between the specified source and destination zones The forwarding rule is unidirectional ...

Page 140: ...his zone Rules for the VPN zone itself will instead apply to the received packet Is VPN Indicates that the firewall zone is to apply to inner traffic going through an IPSec tunnel as opposed to the traffic directly on and interface When set the covered networks option is replaced with a covered subnets option Covered Networks This allows selections of which interfaces this firewall zones rules are...

Page 141: ... rules which allows remote computers on the Internet to connect to a specific computer or service within the private LAN Rule is Enabled Toggles the rule ON or OFF If unchecked the rule will not be deleted but it also will not be loaded into the firewall Name Name of the rule used purely for easier management purposes ...

Page 142: ...ted at the given IP address only External port Matches incoming traffic directed at the given port only May be specified as a start end range e g 10000 10010 Internal zone Specifies the internal zone where the incoming connection will be redirected to Internal IP address Specifies the internal IP address to which the incoming connection will be redirected to Internal port Specifies the internal po...

Page 143: ...ser Manual 2 1 Firewall Traffic Rules This page provides setup of traffic rules which define policies for packets traveling between different zones for example to reject traffic between certain hosts or to open WAN ports on the router ...

Page 144: ...ing packet Source zone Packets arriving from the specified source zone will match this rule The special device zone matches packets that originate from the Aprisa LTE Any Zone may also be specified Default value is wan ppp Source Address The source zone from which data packets will redirected from Destination Address Port Redirect matched traffic to the given IP address and destination port Action...

Page 145: ... network bottlenecks to prevent packet drops QoS Classifier This page adds packet classifiers which select packets for QoS management Classifier Name The name of this classifier profile Ingress Interface This parameter sets any interface using or interface or group of interfaces configured at Interfaces Networking Logical Interfaces on page 109 in the selected profile classification rules For exam...

Page 146: ...d to set an IP packet with Diffserv priority Valid DSCP values are 0 63 Example of commonly used DSCP values DSCP decimal Value Meaning Drop Precedence 46 EF Expedited Forwarding High Priority 0 Best Effort 10 AF11 Assured Forwarding Low 12 AF12 Medium 14 AF13 High 18 AF21 Low 20 AF22 Medium 22 AF23 High 26 AF31 Low 28 AF32 Medium 30 AF33 High 34 AF41 Low 36 AF42 Medium 38 AF43 High 8 CS1 Class Se...

Page 147: ...tocol TCP UDP Port decimal Modbus 502 IEC 60870 5 104 2 404 DNP 3 20 000 SNMP 161 SNMP TRAP 162 Protocol Number This parameter is IPv4 IPv6 packet header Protocol Next Header field respectively in the selected profile classification rule Use value 1 to ignore this field or the IP protocol next header number to match with the following common values able to be set by name TCP UDP ICMP IGMP GRE ESP ...

Page 148: ...ssigned to a policy rule which is related to an egress port Default DSCP This parameter assigns the default DSCP to a packet on an egress port when packet does not match any of the classifier s rules associated with selected profile policy rules i e when a packet matches a classifier rule it will assign to a packet the assigned DSCP value define in the classifier tab and in the policy profile the ...

Page 149: ...Managing the LTE 149 Aprisa LTE User Manual 2 1 Services Services Summary ...

Page 150: ...f SuperVisor GENERAL SuperVisor Polling Period s This parameter sets the rate at which SuperVisor refreshes page information and LED states SuperVisor Inactivity Timeout min This parameter sets the period of user inactivity before SuperVisor automatically logs out of the LTE ...

Page 151: ...he end user has a dynamic IP address and wants to bind it to a static hostname The router is compatible with many different third party DNS services that provide the possibility to create a custom hostname and bind it to an IP address The DDNS service periodically updates the IP address information of the hostname making sure that the device remains reachable via the same hostname even in cases wh...

Page 152: ...through supervisor NTP Time is configured using remote NTP servers Time Zone Offset The Time Zone Offset is the number of hours minutes offset from UTC time The default setting is enabled but set to 0 hours Clicking the Time Zone Offset field brings up a pop up to enter the offset Option Function Manual Manual entry of Date and Time East Sets 0 to 23 Hours and 00 to 59 Minutes offset from NTP West...

Page 153: ... Server 1 to 4 Address This parameter sets the address of the four possible NTP servers Address may be specified as DNS name IPv4 or IPv6 address Synchronization is attempted from all configured servers and the NTP service intelligently uses offsets from all of them to accurately set the time Synchronization Status This field shows the status of the current synchronization or the result of the las...

Page 154: ...154 Aprisa LTE User Manual Controls Synchronize Now This Synchronize Now button provides manual Synchronization ...

Page 155: ...is setting this pin 3 is acting as GPIO input for any other purpose not related to power on off Enabled The Aprisa LTE will turn on after the configured Minimum Turn On Input Voltage time only when Ignition sense GPIO input pin see GPIO on page 62 is active and turn off after the configured Minimum Turn Off Input Voltage time only when ignition sense GPIO input pin is inactive The active state of ...

Page 156: ... While voltage is lower than this threshold but higher than minimum operating voltage of the LTE the OK led will flash once every 5 seconds The valid values are from 10 0 V and 27 0 V but the value must always be higher than Minimum Turn Off Input Voltage The default value is 10 V Minimum Turn Off Input Voltage The LTE will turn off when the input supply voltage is lower than this threshold The va...

Page 157: ...Managing the LTE 157 Aprisa LTE User Manual 2 1 Security Security Summary This page displays the current security settings ...

Page 158: ...if the Security Level is set to Strong config files generated in Maintenance will be encrypted and cannot be opened without the appropriate key set in the following Encryption Key settings Encryption Key This parameter sets the password for Severity Level Strong It uses AES 256 CBC encryption The password is converted to AES key using the PBKDF2 Password Based Key Derivation Function 2 key derivat...

Page 159: ...one upper case letter and contains at least one lower case letter and contains at least one digit and is not a term in a familiar language or jargon and is not identical to or derived from the accompanying account name from personal characteristics or from information from one s family social circle and is easy to remember for instance by means of a key sentence ...

Page 160: ...splaying 8 user accounts SuperVisor shall automatically display the last user account page when a new user is added However if there are unsaved changes on the current page the user shall be prompted to save the changes first before adding a new user 2 Enter the Username A username can be up to 32 characters but cannot contain tabs Usernames are case sensitive 3 Enter the Password The password mus...

Page 161: ...n privileges cannot be deleted User Privilege Default Username Default Password User Privileges View Users in this group can only view the summary pages Technician Users in this group can view and edit parameters except Security Users and Security Setup Engineer Users in this group can view and edit parameters except Security Users Admin admin admin Users in this group can view and edit all parame...

Page 162: ...erver for authentication of the user Transactions between the RADIUS client and RADIUS server are authenticated through the use of a shared secret which is never sent over the network For a RADIUS server to respond to the LTE it must be configured with the following Management Privilege level attributes Admin Level 4 Technician Level 2 Viewer Level 1 Alternatively for Admin level only for a RADIUS...

Page 163: ...adius Server Settings Secondary Server This parameter sets which radius server is used as the secondary server for authentication Select one of the possible authentication servers setup in Radius Server Settings RADIUS ACCOUNTING SETTINGS Primary Server This parameter sets which radius server is used as the primary server for accounting log of user activity Select one of the possible accounting se...

Page 164: ... server Reject and Deny Reject the authentication received from the radius server RADIUS SERVER SETTINGS Server Name You can enter up to four radius servers 1 4 IP Address The IP address of the Radius server Port Number The Port Number of the Radius server RADIUS uses UDP as the transport protocol UDP port 1812 is used for authentication authorization UDP port 1813 is used for accounting Old RADIU...

Page 165: ...bove figure perform the following steps on Aprisa LTE 1 Navigate to SuperVisor Security VPN and on the GRE tab click the Add button 2 Set Mode IP over GRE or IP over GREv6 in case of IPv6 GRE tunnel 3 Set Tunnel Name GRE_Tunnel_0 This sets the tunnel ID This ID is recommended to be used on both ends of the tunnel configuration 4 Set Tunnel IPv4 address Netmask 192 168 2 2 255 255 255 252 30 or Tun...

Page 166: ...han the operator Cellular MTU shown in Cellular Summary page 9 Set Source Interface wwan If all traffic is directed via this interface and public IP address might change it is recommended to set the source interface only and leave the source destination public address with default value 0 0 0 0 to eliminate the tunnel disconnection on public IP change ...

Page 167: ...el settings This field is greyed out when Mode Transport d Set Remote Subnet 100 65 3 118 when Mode Tunnel This is the destination transport IP address and subnet i e the remote endpoint interface of the IPsec tunnel This is the same IP address of Destination Public Address in GRE tunnel settings This field is greyed out when Mode Transport e Set the Local subnet and Remote subnet at the data cent...

Page 168: ...ual Note after GRE over IPsec VPN setup the Aprisa LTE is connected directly to the data center and in terms of routing the hop count is considered as a single hop count event though there are multiple routers across the path ...

Page 169: ... for L2 tunnels Data in a GRE tunnel is NOT encrypted IPSec can be used to encrypt GRE tunnels Mode IP over GRE is a L3 tunnel for IP packets both IPv4 and IPv6 over IPv4 networks IP over GREv6 is a L3 tunnel for IP packets both IPv4 and IPv6 over IPv6 networks Ethernet over GRE GREv6 options transport L2 packets of any type over networks of IPv4 or IPv6 respectively Tunnel Name Name of the tunnel...

Page 170: ... GRE this should be an IPv4 address and for IP Ethernet over GREv6 this should be an IPv6 address Destination public address The address of the remote device that will terminate the tunnel TTL The TTL to set on outgoing GRE packets The default is 0 which means the TTL of encapsulated packets is inherited MTU The MTU to set on the virtual interface When GRE is setup over the cellular interface this...

Page 171: ...f this tunnel Mode Option Function Tunnel This encapsulates the IP header and the payload and introduces a new outer header Can be used to create site site VPNs Transport This encapsulates only the IP payload and not the header It provides a secure connection between two endpoints Often combined with other tunneling protocol e g GRE to create site site VPNs Local Subnet An IPv4 or IPv6 address pre...

Page 172: ... IPSec GRE tunneling so other traffic like pings are unencrypted ESP Proposal Encryption Algorithm Encryption algorithm for IKE SA exchange for this tunnel ESP Proposal Authentication Algorithm Authentication algorithm for IKE SA exchange for this tunnel transport Only applicable for CBC and CTR based encryption algorithms ESP Proposal DhGroup Diffie Hellman algorithm for IKE SA exchange for this ...

Page 173: ...l 2 1 VPN IPSec Connection This page provides VPN IPSec connection configuration of the remote gateway address and the algorithms used for authentication between gateways IPSEC CONNECTION SETTINGS IKE Connection Name Name of the IKE connection ...

Page 174: ...one of the subjectAltName extensions contained in the certificate Make sure the Local Identity specified on this IPsec gateway is configured as Remote Identify on remote IPsec gateway IKE Authentication Method How the two gateways should authenticate each other Either Pre Shared Key PSK or Certificate If certificate is chosen ensure that a ROOT_CA certificate is uploaded that will verify the remot...

Page 175: ...onds DPD Timeout Defines the timeout after which all connections to a peer are deleted Applies only to IKEv1 Must be greater than DPD Delay Default value is 300 seconds Exchange mode Main or Aggressive Aggressive is faster as less messages to establish connection but is not recommended due to known security flaws Only valid for IKEv1 or mixed connections Initiator mode Always on Immediately start ...

Page 176: ...Type Option Function ROOT CA This is a public key that identifies a root certificate authority and is used to verify the identity of a remote device Device Certificate This is a public certificate that can be used as the identity of this device when communicating with a remote device Requires a matching private key Device Private Key This is a private key used for proving that this device identity...

Page 177: ...he given interface or if unspecified on all interfaces Port Specifies the listening port of the SSH interface Generate ECDSA RSA Key Generates a new random private key for SSH server identity ECDSA RSA Public key This is the server identity For extra security users may configure their SSH client to only connect to servers with this identity ...

Page 178: ...TPS This page provides HTTPS configuration HTTPS Enables HTTPS operation HTTP Port Number This parameter sets the HTTP Port Number The default value is 80 HTTPS Port Number This parameter sets the HTTPS Port Number The default value is 443 ...

Page 179: ...e HTTP web server The zip file must contain two files 1 certificate_name crt This must be a PEM format certificate 2 certificate_name key A private key that was used to sign the crt file Any file name may be used only the extension crt and key of the two files is important Allowed certificate algorithms are RSA 1024 2048 or 4096 bit or ECDSA 256 bit with hashes of SHA 1 SHA 256 SHA 384 or SHA 512 ...

Page 180: ... Versions Option Function All Version Allows all SNMP protocol versions SNMPv3 Only Only SNMPv3 transactions will be accepted SNMPv3 With Authentication Only Only SNMPv3 transactions using authentication protocol define in SNMPv3 users TAB will be accepted SNMPv3 With Authentication and Privacy Only SNMPv3 transactions using authentication and encryption protocol define in SNMPv3 users TAB will be...

Page 181: ...he SNMP protocol version selected Read Only This parameter sets the Community String when SNMPv1 v2c is used and Context Name when SNMPv3 is used for read only objects The default value is public Read Write This parameter sets the Community String when SNMPv1 v2c is used and Context Name when SNMPv3 is used for read write objects The default value is private ...

Page 182: ...rotocols Auth Protocol Option Function None No SNMPv3 authentication protocol selected to be used MD5 MD5 authentication protocol is used with SNMPv3 transaction SHA SHA authentication protocol is used with SNMPv3 transaction SHA 224 SHA 224 authentication protocol is used with SNMPv3 transaction SHA 256 SHA 256 authentication protocol is used with SNMPv3 transaction SHA 384 SHA 384 authentication...

Page 183: ...l selected to be used DES DES privacy encryption protocol is used with SNMPv3 transaction AES 128 AES 128 privacy encryption protocol is used with SNMPv3 transaction AES 192 AES 192 privacy encryption protocol is used with SNMPv3 transaction AES 256 AES 256 privacy encryption protocol is used with SNMPv3 transaction Priv Password This parameter sets the Privacy encryption protocol password which c...

Page 184: ...t is traffic affecting To reboot the radio 1 Tick the Reboot checkbox 2 Click Apply to continue or Cancel to abort 3 Click OK to reboot the router or Cancel to abort All the LTE LEDs will turn off except the OK LED The LTE will be operational again in about 10 seconds The LTE LEDs will light appropriately when the router is ready to operate 4 Login to SuperVisor ...

Page 185: ...File When activated the alarm history will be deleted Restore Factory Defaults When activated all router parameters will be set to the factory default values This includes resetting the router LAN IP address to the default of 192 168 4 1 Note Take care using this command ...

Page 186: ...nd restored from PC Note If the security level is set to Strong in Security Setup the config file will be encrypted and cannot be opened with regular compression applications Event Log History Saved to a PC GNSS Log Saved to a PC Support Information Saved to a PC Note If the security level is set to Strong in Security Setup the support file will be encrypted and cannot be opened with regular compr...

Page 187: ...E operating on software version 1 0 0 Action Action Option Save to PC This saves the Configuration Settings with a filename of AprisaLTE serialnumber config tar gz for standard security or AprisaLTE serialnumber config tar gz enc for strong security to your PC downloads directory If you wish to open the config file check the security level is set to Standard in Security Setup on page 158 To open t...

Page 188: ...stem file opened with Notepad Restore from PC This restores all user configuration settings from a previously saved LTE Configuration Settings file A reboot warning message will warn of a pending reboot after the PC file is selected Clicking OK will open a browser file selection window to select the file Note If you are using Explorer it must be IE10 or above for this feature to work correctly ...

Page 189: ...C This saves the GNSS Log with a filename of AprisaLTE serialnumber gnsslogs tar gz to your PC downloads directory File Support Information Action Action Option Save to PC This saves the Support Information with a filename of AprisaLTE serialnumber support for Standard security or AprisaLTE serialnumber support enc for Strong security to your PC downloads directory If you wish to open the support ...

Page 190: ...Function On Enables the PDN Profile Lock Off Disables the PDN Profile Lock Timer Enables the PDN profile lock for a specified duration PDN Profile Lock Selection Selects which PDN profile to lock PDN Profile Lock Duration Locks the PDN for a specified duration if PDN Profile Lock Enable is set to Timer Active Profile Shows which PDN profile is currently active Lock Status Shows if lock is enabled ...

Page 191: ...ual 2 1 Lock Remaining Duration How much time is left for active PDN to go back to unlock state Carrier Search Max Timeout s When Carrier search is started using the start button then this time specifies the maximum time to scan for networks ...

Page 192: ... Traceroute Sends packets with gradually increasing TTL values to discover the route that a packet takes to reach a destination Note that many routers disable ICMP time exceeded messages so not all intermediary hops will be discovered Nslookup Attempts to resolve the given domain name to an IP address using the configured and or discovered DNS servers ...

Page 193: ...Informational Events Informational Events are generated to provide information on key activities that are occurring on the LTE These events do not indicate an alarm on the LTE and are used to provide information only See Alarm Events on page 239 for a complete list of events ALARM SUMMARY The Alarm Summary is a display tree that displays the current states of all LTE alarms The alarm states refres...

Page 194: ...are stored in the LTE The complete event history list can be downloaded to your PC see File Event Log History on page 189 The Event History can display the last 50 events stored in the LTE in blocks of 8 events Auto Refresh The Event History page selected will refresh automatically every 12 seconds if the Auto Refresh is ticked ...

Page 195: ... Events Setup This page allows alarm event parameters to be configured for all alarm events see Alarm Events on page 239 EVENTS SETUP All active alarms for configured alarm events will be displayed on the Monitoring pages see Monitoring on page 214 ...

Page 196: ...aged object Warning The Warning severity level indicates the detection of a potential or impending service affecting fault before any significant effects have been felt Action should be taken to further diagnose if necessary and correct the problem in order to prevent it from becoming a more serious service affecting fault Information No problem indicated purely information Suppress This parameter...

Page 197: ...tup to trigger outputs EVENT ACTION SETUP Action Type This parameter sets the action type that will be activated on the LTE for the condition defined in Action Threshold Criteria Option Function None This action setup does not activate any alarm output Activate Alarm Output 1 This action setup activates alarm output 1 Hardware Reset This action resets the LTE hardware ...

Page 198: ...arm is a warning alarm Equal Cleared Activates the action output when an LTE alarm is cleared Equal or Worse than Major Activates the action output when an LTE alarm is a major alarm or a critical alarm Equal or Worse than Minor Activates the action output when an LTE alarm is a minor alarm a major alarm or a critical alarm Equal or Worse than Warning Activates the action output when an LTE alarm ...

Page 199: ...LTE User Manual 2 1 Events Trap Setup This page enables the setup of SNMP traps to capture LTE alarm events TRAPS SETUP All events can generate SNMP traps The types of traps that are supported are defined in the Notification Mode ...

Page 200: ...ode This parameter sets when an event related trap is sent Option Function Event Recorded When an event is recorded in the event history log a trap is sent Event Updated When an event is updated in the event history log a trap is sent All Events When an event is recorded or updated in the event history log a trap is sent Notification Type This parameter sets the type of event notification Option F...

Page 201: ...rameter sets the time interval to wait for an acknowledgement before sending another retry Maximum Retries This parameter sets the maximum number of retries to send the event without acknowledgement before it gives up Enabled This parameter determines if the entry is used ...

Page 202: ...lowing functions Programmable ignition turn on and turn off Input sensing for externally triggered alarms The alarm outputs can be used to interconnect to Aprisa SR and SR radio alarm inputs ALARM PORTS Name The alarm IO number Type The Type shows if the alarm is an input or output Active State The Active State parameter sets the alarm state when the alarm or ignition input if that is enabled is a...

Page 203: ... alarm is active high i e voltage higher than 10 VDC on the port will cause an active alarm state Alarm Output Option Function Low The alarm is active low i e the active alarm state will generate a ground contact output High The alarm is active high i e the active alarm state will drive the output with the same voltage as the LTE supply input Current State The Current State shows the current state...

Page 204: ...field contains json formatted fields that match the fields seen in the Events History Log screen logId Integer identifier timestamp The time the event occurred in RFC3339 format eventid Integer identifier of the type of event Identifiers are defined in the 4RF EVENT MIB auth 1 for authorization login logout messages 0 otherwise eventName String name of the event maps to the eventid alarmStatus Sta...

Page 205: ... 1 SYSLOG REMOTE SERVER SETTINGS Destination Address Address of the remote syslog server May be IPv4 or IPv6 address Destination Port The port to send to on the remote server Defaults to 514 Enabled Syslog messages are only sent to enabled servers ...

Page 206: ...is page enables the restoring of setup events back to factory defaults EVENT DEFAULTS Restore Defaults This parameter when activated restores all previously configured event parameters using Events Setup on page 195 to the factory default settings ...

Page 207: ... of the File Transfer SOFTWARE VERSIONS Current Version This parameter displays the software version running on the router Previous Version This parameter displays the software version that was running on the router prior to the current software being activated Software Pack Version This parameter displays the software that has been uploaded to the router and is ready for activation ...

Page 208: ...y This parameter shows the status of the transfer Idle In Progress or Completed Method This parameter shows the file transfer method e g HTTPS File This parameter shows the software file source Transfer Result This parameter shows the progress of the transfer ...

Page 209: ...Host port either at power on or when inserted at any time The default setting is Load Only Option Function Load and Activate New software will be loaded from a USB flash drive in to the Aprisa LTE and activated automatically Load Only New software will be loaded from a USB flash drive in to the Aprisa LTE The software will need to be manually activated see Software Manager on page 212 None Softwar...

Page 210: ...o transfer new software from a file source into the router SETUP FILE TRANSFER Method This parameter sets the method of file transfer Option Function HTTP HTTPS Transfers the software directly from a PC software pack file to the router File This parameter shows the software file source ...

Page 211: ... of the data Successful The transfer has finished successfully File Error The transfer has failed Verification Failed The transfer completed but the file was not valid Check that the file uploaded was an Aprisa LTE software upgrade file Note To check that the Aprisa LTE software upgrade file 4nu is valid obtain the checksum sha1 file for that software release contained in the Software Release zip ...

Page 212: ...ly used to activate new software on the LTE Both the previous software if available and Software Pack versions can be activated on the device from this page CURRENT SOFTWARE Version This parameter displays the software version running on the device Status This parameter displays the status of the software version running on the device always active ...

Page 213: ...ftware pack version available Status This parameter displays the status of the software pack version Option Function Available The software pack is available for use Activating The software pack is activating in the device Unavailable There is no software pack loaded into the device Activate This parameter activates the software pack The device will automatically reboot after activation To activat...

Page 214: ...Voltage V Parameter to show the current power supply input voltage 10 to 30 VDC CPU Utilization Parameter to show the current CPU utilization 0 to 100 Memory Used bytes Parameter to show the current system memory used Memory Available bytes Parameter to show the current system memory available Storage Used bytes Parameter to show the current storage memory that has been used Storage Available byte...

Page 215: ...eived Quality RSRQ of the MAIN input 10 to 20 dBm Current SNR dB Parameter to show the current Signal to Noise Ratio SNR of the MAIN input Current SINR dB Parameter to show the current Signal to Interference Noise Ratio SINR of the MAIN input 0 to 20 dB TX Packets Parameter to show the total number of packets transmitted by modem includes multicast broadcast packets TX Bytes Parameter to show the ...

Page 216: ...Function Normal Operating Limits RX Multicast Packets Parameter to show the number of received packets that are multicast RX Dropped Packets Parameter to show the total number of receive packets dropped by modem includes multicast broadcast packets ...

Page 217: ...S All Ethernet Ports TX Monitored Parameter Function Normal Operating Limits Maximum Capacity Parameter to show the maximum Ethernet data rate of the Ethernet port Equal to the Ethernet port speed setting TX Packets Parameter to show the number of packets transmitted to the customer from the Ethernet port TX Bytes Parameter to show the number of bytes transmitted to the customer from the Ethernet ...

Page 218: ...abber oversize and fragments and excluding IFG framing bytes bits Multicast Packets Parameter to show the number of multicast packets received from the customer into the Ethernet port Multicast packets are packets that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Packets in Error Parameter to show the number of errored packet...

Page 219: ...e port TX Packets Parameter to show the number of packets transmitted on the serial port TX Bytes Parameter to show the number of characters transmitted on the serial port TX Dropped Bytes Parameter to show the number of bytes that were not transmitted because buffer was full or timed out RX Packets Parameter to show the number of packets received on the serial port RX Bytes Parameter to show the ...

Page 220: ...with the encryption mode and SSID and BSSID of the connection The bar icon will also vary depending on the signal strength of the connection The Associated Stations list shows a list of other WiFi devices in this network When operating in Client mode this will only show one entry the WiFi Access Point When operating in Access Point mode this will show a list of all the active clients ...

Page 221: ...time till a re authentication will be performed Age The time since the previous re authentication Each entry in the Child Connections list shows an IPSec Tunnel configuration that is active ID ID for this tunnel Name The configured Tunnel Name for the IPSec tunnel Connection The configured Connection Name for the IPSec connection that this tunnel is using Local The local subnet in packets sent ove...

Page 222: ...in the table for this amount of time The device should send another DHCP request before this expires to remain active Active DHCPv6 Leases list shows the addresses that the DHCPv6 server in the Aprisa LTE has assigned to other devices Host This is the DNS hostname for the device the lease is assigned to FQDN Fully qualified domain name is in brackets IPv6 Address The address that Aprisa LTE has as...

Page 223: ...23 Aprisa LTE User Manual 2 1 Monitoring Firewall This page displays the router firewall performance monitoring parameters This page shows the status and traffic counters for all firewall rules including NAT translation ...

Page 224: ...ng Routes This page displays the router routing table The routes displayed here will include configured static routes routes to directly attached networks along with routes discovered through discovery protocols such as DHCP and IPv6 RA ...

Page 225: ...s mappings between IPv4 address and MAC address and on which interface that mapping is present These mappings are discovered using the ARP Address Resolution Protocol The IPv6 Neighbours list shows mappings between IPv6 address and MAC address and on which interface that mapping is present These mappings are discovered using the ND Neighbour Discovery protocol ...

Page 226: ...SSHv2 vs SSHv1 uses a more enhanced security encryption algorithm The SSHv2 protocol consists of three major components The Transport Layer Protocol provides server authentication confidentiality and integrity with perfect forward secrecy The User Authentication Protocol which authenticates the client to the server The Connection Protocol which multiplexes the encrypted tunnel into several logical...

Page 227: ...SH Linux Terminal Ubuntu Kitty portal DameWare smartTTY Terminals https terminals codeplex com mRemoteng Multi Remote Next Generation 2 Open the SSH client 3 Install the server public key using the method appropriate for your SSH client This key is available in supervisor on the Security SSH page This step is optional but provides a guarantee that you are correcting directly and there is no man in...

Page 228: ...s see Copy Commands below exit Exit from the CLI ping ping ip ipv6 arp host source src the network interface to send the packet from repeat cnt number of repeats resolve Attempt to resolve host names broadcast Perform broadcast ping size bytes Size of ping packet interval seconds Interval between pings flood Flood interface with pings duplicate detect reboot Reboots the LTE router see Router Comma...

Page 229: ...own iface xxx this selects which interface to dump This could be physical interfaces like eth1 eth2 sfp1 wwan0 wlan0 or can be virtual interfaces like the lan bridge br lan or a gre tunnel filter xxx allows you to display only packets matching the filter See here for information on filter syntax https www tcpdump org manpages pcap filter 7 html Example command to capture icmp packets on eth1 tcpdu...

Page 230: ...evel exit hostname name Sets hostname to specified value hostname name supervisor httpport xx httpsport xx redirect on off Configures supervisor listen ports for http https Each parameter is optional and if omitted the value does not change no supervisor httpport no supervisor httpsport Disables supervisor on http or https cellular modem carrier preferred xxx Set the preferred carrier Engineer and...

Page 231: ...ble Turn on privileged mode command end End current mode and change to enable mode exit Exit current mode and down to previous mode find Find CLI command matching a regular expression list Print command list mtrace Multicast trace route to multicast source no Negate a command or set its defaults output Direct vtysh output to file ping Send echo messages quit Exit current mode and down to previous ...

Page 232: ...s 1 2 3 4 xyz test log Any ftps url Example ftps user pass 1 2 3 4 xyz test log Any flash active firmware Destination only If source is standby firmware active partition is swapped If the source is available firmware then it is first installed to standby before activating If the source is remote url it is loaded to available installed to standby then activated Admin only flash standby firmware Can...

Page 233: ...ent alarm input status show device output Display current alarm output status show device netdev ifacename all Displays detailed port statistics for the specified physical network port show device netdev list Shows a list of available physical network ports show device sensors all Shows readings from internal sensors temperature voltage and accelerometer show device sfp Shows detail diagnostics ab...

Page 234: ... Table Examples inet4 show IPv4 routing table inet6 show IPv6 routing table log Show contents of log file software Show software versions active Show Active software all Show all software versions available Show available software running Show running software standby Show standby software startup config Show the contents of startup configuration syslog Show syslog output ful Show complete syslog ...

Page 235: ...d In general a standard SNMP TRAP agent supports SNMP engine ID This is supported by using the standard method of negotiation between the NMS and Aprisa LTE where the Aprisa LTE provides this engine ID to the NMS thus it is not a configurable parameter in Aprisa LTE The engine ID must be unique per each device in the network and thus it is composed by a hash function of the Aprisa LTE MAC address ...

Page 236: ...t of the MIB files comply with ITU T ASN 1 Abstract Syntax Notation One standard notation The following are the list of the proprietary MIBs supported by Aprisa LTE 4RF MIB txt Top level 4RF products MIB 4RF EVENTHISTORY MIB txt 4RF MIB for Aprisa LTE events history logging 4RF EVENTS MIB txt 4RF MIB for Aprisa LTE events alarms 4RF MFGDETAILS MIB txt 4RF MIB for Aprisa LTE manufacturing informati...

Page 237: ... Both the positive and negative power connections are fused The fuse type is a Littlefuse 0453005 0MRSN with a rating of 5 A To replace the fuses 1 Remove the input power and antenna cables 2 Unscrew the enclosure securing screws posi 2 2 Separate the enclosure halves CAUTION Antistatic precautions must be taken as the internal components are static sensitive ...

Page 238: ...losure and tighten the screws Note Is it critical that the screws are re tightened to 0 8 Nm The regulatory compliance of the LTE router may be affected if the screws are not tightened correctly Additional spare fuses can be ordered from 4RF see Spare Fuses on page 63 ...

Page 239: ...rm Warning SNR Alarm When SNR is lower or higher than configured thresholds Alarm Warning SINR Alarm When SINR is lower or higher than configured thresholds Alarm Warning Daily Usage Exceeded SIMx When combined TX RX byte count is exceeded for SIMx in current day rolling over at 0 00 each day Alarm Warning Weekly Usage Exceeded SIMx When combined TX RX byte count is exceeded for SIMx in current we...

Page 240: ...ng geofenced area Informational gnssPositionAccuracy Alarm active if GNSS signal HDOP is 5 Alarm Warning gnssLOS Alarm active if GNSS signal is lost Alarm will not show for first 60 seconds after GNSS is enabled When alarm is cleared additional info should indicate the newly discovered position Alarm Minor gnssOutsideGeofence Alarm generated if user is outside the geofence radius specified by the ...

Page 241: ...32 B38 B39 B40 B41 B42 B43 B46 B48 and B66 SIMs Dual Micro SIM 15 mm x 12 mm x 0 76 mm GNSS Positioning and Timing GPS GLONASS Beidou Galileo and QZSS option Protocols Ethernet IEEE 802 3 802 1d q p Ethernet 10 100 1000BASE T and 100 1000Base X Serial RS 232 RS 422 RS 485 Wi Fi IEEE 802 11 b g n ac VPN IPsec and GRE Wi Fi Frequency Range 2 4 to 2 495 GHz 5 15 to 5 825 GHz Performance 802 11ac Wave...

Page 242: ...Authentication MD5 SHA 1 SHA 256 SHA 384 SHA 512 DH Group DH 1 DH 2 DH 5 DH 14 DH 15 DH 19 DH 20 DH 21 IKE IKEv1 and IKEv2 Key Wrap AES Key Wrap Algorithm to RFC 3394 FIPS FIPS 197 AES and FIPS 140 2 Security Requirements Hardening NIST SCAP processes monitoring Tamper MEMS high performance 3 axis accelerometer ...

Page 243: ... LTE router link capacity Maximum transmission unit Option setting up to 9216 bytes Jumbo packet Address table size Unlimited Ethernet mode 10Base T 100Base TX 1000Base TX Full duplex or half duplex Auto negotiating and auto sensing Diagnostics Left Green LED Off no Ethernet signal received On Ethernet signal received Right Orange LED Off no data present on the interface Flashing data present on t...

Page 244: ...ce ITU T V 24 EIA TIA RS 232E Interface direction DCE only Maximum line length 10 metres dependent on baud rate Async parameters Standard mode data bits 7 or 8 bits Standard mode parity Configurable for None Even or Odd Standard mode stop bits 1 or 2 bits Interface baud rates 300 600 1200 2400 4800 9600 19200 38400 57600 and 115200 bit s Control signals DCE to DTE CTS RTS DSR DTR Diagnostics Left ...

Page 245: ...nnector Detector type Non isolated ground referenced voltage detector Detection voltage on 9 VDC Detection voltage off 4 VDC Maximum applied input voltage 36 VDC Maximum input current limit 2 7mA Output Interface Pin 4 of Molex Micro Fit 3 0 Connector Output type Non isolated ground referenced open collector output Output voltage VDC power input voltage Maximum drive current 200 mA Overload protec...

Page 246: ...Operating temperature range 30 to 70 C 22 to 158 F Storage temperature range 40 to 85 C 40 to 185 F Max thermal loading 26 6 BTU hr Operating humidity Maximum 95 non condensing Acoustic noise emission No audible noise emission Mechanical Dimensions Width 177 mm 6 97 Depth 110 mm 4 33 and 136 mm 5 35 with QMA connectors Height 41 5 mm 1 63 Weight 740 g 1 67 lbs Colour Matt black Mounting Wall 2 x M...

Page 247: ...mark of AT T Intellectual Property II L P Verizon Wireless is a trademark of Verizon Trademark Services LLC The use of the trademarks OpenVPN AT T and Verizon indicates compatibility and does not indication endorsement or approval USB C is a trademark of the USB Implementers Forum Service All hardware maintenance must be completed by 4RF or an authorized service centre Do not attempt to carry out ...

Page 248: ...ely You must not dispose of electrical and electronic waste with municipal and other waste You must separate it from other waste and recycling so that it can be easily collected by the proper regional WEEE collection system in your area YOUR ROLE in the Recovery of WEEE By separately collecting and properly disposing of WEEE you are helping to reduce the amount of WEEE that enters the waste stream...

Reviews:

No comments

Related manuals for Aprisa LTE

Dahua DHI-NVR5224-24P-4KS2 Quick Start Manual preview
DHI-NVR5224-24P-4KS2
Brand: Dahua Pages: 24
Draytek VigorIPPBX 2820 Series Quick Start Manual preview
VigorIPPBX 2820 Series
Brand: Draytek Pages: 29
Avid Technology MediaStream ConnectPlus 1000 Installation And Operation Manual preview
MediaStream ConnectPlus 1000
Brand: Avid Technology Pages: 74
NETGEAR RP334 Installation Manual preview
RP334
Brand: NETGEAR Pages: 2
Compaq StorageWorks AIT 35GB AutoLoader Overview And Installation preview
StorageWorks AIT 35GB AutoLoader
Brand: Compaq Pages: 4
pivotal COMMWARE ECHO 5G How To Set Up preview
COMMWARE ECHO 5G
Brand: pivotal Pages: 2
Zigen IP-Logic ZIG-IPPRO-RX Quick Start Manual preview
IP-Logic ZIG-IPPRO-RX
Brand: Zigen Pages: 4
ADTRAN NetVanta Analog Modem Dial Backup Interface Module Quick Start Manual preview
NetVanta Analog Modem Dial Backup Interface Module
Brand: ADTRAN Pages: 2
Paradyne iMarc SLV 9820-2M Installation Instructions Manual preview
iMarc SLV 9820-2M
Brand: Paradyne Pages: 24
Amit CDD531AM-U02 User Manual preview
CDD531AM-U02
Brand: Amit Pages: 75
SONIX MP5S Plus Writer Quick Manual preview
MP5S Plus Writer
Brand: SONIX Pages: 23
SmartBridges airPoint Nexus sB3210 User Manual preview
airPoint Nexus sB3210
Brand: SmartBridges Pages: 55
Netequalizer NE3000-10 Quick Start Manual preview
NE3000-10
Brand: Netequalizer Pages: 14
Eneo PNR-5332/3TB Quick Installation Manual preview
PNR-5332/3TB
Brand: Eneo Pages: 49
Paradyne MIM-4T1 Installation Instructions Manual preview
MIM-4T1
Brand: Paradyne Pages: 10
Bdcom GP3600-16 Hardware Installation Manual preview
GP3600-16
Brand: Bdcom Pages: 25
Open House H634 Manual preview
H634
Brand: Open House Pages: 2
D-Link DSL-125 Quick Installation Manual preview
DSL-125
Brand: D-Link Pages: 12

Brands by name

Popular brands

Load more brands