B+B SMARTWORK SPECTRE V3 Configuration Manual Download Page 72 | Manualshive

Page: 72 / 136

background image

4. CONFIGURATION

Continued from previous page

Item

Description

IKE DH Group

Specifies the Diffie-Hellman groups which determine the strength
of the key used in the key exchange process. Higher group num-
bers are more secure, but require additional time to compute the
key.

ESP Algorithm

Specifies the means by which the router selects the algorithm:

•

auto

– The encryption and hash algorithm are selected au-

tomatically.

•

manual

– The encryption and hash algorithm are defined

by the user.

ESP Encryption

Encryption algorithm – DES, 3DES, AES128, AES192, AES256.

ESP Hash

Hash algorithm – MD5, SHA1, SHA256, SHA384 or SHA512.

PFS

Enables/disables the Perfect Forward Secrecy function. The
function ensures that derived session keys are not compromised
if one of the private keys is compromised in the future.

PFS DH Group

Specifies the Diffie-Hellman group number (see

IKE DH Group

).

Key Lifetime

Lifetime key data part of tunnel. The minimum value of this pa-
rameter is 60 s. The maximum value is 86400 s.

IKE Lifetime

Lifetime key service part of tunnel. The minimum value of this
parameter is 60 s. The maximum value is 86400 s.

Rekey Margin

Specifies how long before a connection expires that the router
attempts to negotiate a replacement. Specify a maximum value
that is less than half of IKE and Key Lifetime parameters.

Rekey Fuzz

Percentage of time for the Rekey Margin extension.

DPD Delay

Time after which the IPsec tunnel functionality is tested.

DPD Timeout

The period during which device waits for a response.

Authenticate Mode

Specifies the means by which the router authenticates:

•

Pre-shared key

– Sets the shared key for both sides of the

tunnel.

•

X.509 Certificate

– Allows X.509 authentication in multi-

client mode.

Pre-shared Key

Specifies the shared key for both sides of the tunnel. The prereq-
uisite for entering a key is that you select pre-shared key as the
authentication mode.

Continued on next page

63

«
...
70
71
72
73
74
...
»

Summary of Contents for SPECTRE V3

Page 1: ...Configuration Manual for v3 Routers ...

Page 2: ...tions Information notice Useful tips or information of special interest Firmware version Current version of firmware is 5 3 4 March 10 2016 GPL licence Source codes under GPL licence are available free of charge by sending an email to info conel cz Conel s r o Sokolska 71 562 04 Usti nad Orlici Czech Republic Manual Rev 1 released in CZ March 11 2016 i ...

Page 3: ...em Log 18 4 Configuration 20 4 1 LAN Configuration 20 4 2 VRRP Configuration 26 4 3 Mobile WAN Configuration 29 4 3 1 Connection to Mobile Network 29 4 3 2 DNS Address Configuration 31 4 3 3 Check Connection to Mobile Network Configuration 31 4 3 4 Data Limit Configuration 32 4 3 5 Switch between SIM Cards Configuration 32 4 3 6 PPPoE Bridge Mode Configuration 34 4 4 PPPoE Configuration 37 4 5 WiF...

Page 4: ...ization 101 5 1 User Modules 101 6 Administration 103 6 1 Users 103 6 2 Change Profile 104 6 3 Change Password 105 6 4 Set Real Time Clock 105 6 5 Set SMS Service Center Address 106 6 6 Unlock SIM Card 106 6 7 Send SMS 107 6 8 Backup Configuration 107 6 9 Restore Configuration 107 6 10 Update Firmware 108 6 11 Reboot 109 7 Configuration in Typ Situations 110 7 1 Access to the Internet from LAN 110...

Page 5: ...iguration main router 27 19 Example of VRRP configuration backup router 28 20 Mobile WAN Configuration 35 21 Example 1 Mobile WAN Configuration 36 22 Example 2 Mobile WAN Configuration 36 23 Example 3 Mobile WAN Configuration 36 24 PPPoE configuration 37 25 WiFi Configuration 42 26 WLAN Configuration 44 27 Backup Routes 45 28 Firewall Configuration 49 29 Topology for the Firewall Configuration Exa...

Page 6: ...Configuration 91 59 Example of Ethernet to serial communication 92 60 Example of serial port extension 92 61 USB configuration 95 62 Example 1 USB port configuration 95 63 Example 2 USB port configuration 96 64 Startup script 97 65 Example of a Startup script 97 66 Up Down script 98 67 Example of Up Down script 98 68 Example of Automatic Update 1 100 69 Example of Automatic Update 2 100 70 User mo...

Page 7: ...ackup access to the Internet WiFi configuration 114 89 Backup access to the Internet Mobile WAN configuration 114 90 Backup access to the Internet Backup Routes configuration 115 91 Secure networks interconnection sample topology 116 92 Secure networks interconnection OpenVPN configuration 117 93 Serial Gateway sample topology 118 94 Serial Gateway konfigurace Expansion Port 1 119 vi ...

Page 8: ...onfiguration of Static DHCP Server 22 18 VRRP configuration 26 19 Check connection 26 20 Mobile WAN Connection Configuration 30 21 Check Connection to Mobile Network Configuration 31 22 Data Limit Configuration 32 23 Default and Backup SIM Configuration 32 24 Switch between SIM Card Configurations 33 25 Timeout Configuration 34 26 PPPoE configuration 37 27 WiFi Configuration 41 28 WLAN Configurati...

Page 9: ...bject identifier for binary inputs and output 78 55 SMTP client configuration 80 56 SMS Configuration 82 57 Control via SMS 83 58 Control SMS 84 59 Send SMS on the serial Port 1 84 60 Send SMS on the serial Port 2 84 61 Send SMS on ethernet PORT1 configuration 84 62 List of AT Commands 85 63 Expansion Port Configuration 1 90 64 Expansion Port Configuration 2 90 65 CD Signal Description 90 66 DTR S...

Page 10: ...pace by up to 64 GB when using a microSD card or up to 32 GB when using SDHC cards Optional Features If desired the router can be configured with a WiFi module when the router is manufac tured Note that routers cannot be retrofitted with this feature at some point in the future The SPECTRE v3 router can also be configured with a wide variety of expansion port options These can be three switched Et...

Page 11: ...ary input SPECTRE v3 routers can automatically up date their configurations and firmware from a central server allowing for mass reconfiguration of multiple routers at the same time Configuration Options Routers can be configured via web browser or Secure Shell SSH Configuration via Web Browser is described in this Configuration Manual Commands and scripts applicable in con figuration via SSH are ...

Page 12: ...address in your browser The default address is 192 168 1 1 Only ac cess via secured HTTPS protocol is permitted So the syntax for the IP address must be https 192 168 1 1 When accessing the router for the first time you will need to install a se curity certificate if you don t want the browser to show you a domain disagreement message To avoid receiving domain disagreement messages follow the proc...

Page 13: ...n combination with the dynamic DNS service you need to replace the etc certs https_cert and etc certs https_key files in the router If you decide to use the self signed certificate in the router to prevent the security message domain disagreement from pop up every time you log into the router you can take the fol lowing steps Note You will have to use the domain name based on the MAC address of th...

Page 14: ...WiFi section 3 1 1 Mobile Connection Item Description SIM Card Identification of the SIM card Primary or Secondary Interface Defines the interface Flags Displays network interface flags IP Address IP address of the interface MTU Maximum packet size that the equipment is able to transmit Rx Data Total number of received bytes Rx Packets Received packets Rx Errors Erroneous received packets Rx Dropp...

Page 15: ...ge than the nominal operating voltage Overcurrent Overcurrent i e a higher current than the permissible positive difference of the nominal current Idle PoE PSE is enabled but currently not used Class 0 Power level classification unimplemented Class 1 Power level very low power Class 2 Power level low power Class 3 Power level mid power Class 4 Power level high power PoE PSE Power Power of PoE PSE ...

Page 16: ... in case of N A is not available Profile Current profile standard or alternative profiles profiles are used for example to switch between different modes of operation Supply Voltage Supply voltage of the router Temperature Temperature in the router Time Current date and time Uptime Indicates how long the router is used Table 4 System Information 7 ...

Page 17: ...trength of the selected cell Signal Quality Signal quality of the selected cell EC IO for UMTS and CDMA it s the ratio of the signal received from the pilot channel EC to the overall level of the spectral density ie the sum of the signals of other cells IO RSRQ for LTE technology Defined as the ratio N RSRP RSSI The value is not available for the EDGE technology CSQ Cell Signal Quality relative va...

Page 18: ...59 This week This week from Monday 0 00 to Sunday 23 59 Last week Last week from Monday 0 00 to Sunday 23 59 This period This accounting period Last period Last accounting period Table 6 Description of Periods Item Description Signal Min Minimal signal strength Signal Avg Average signal strength Signal Max Maximal signal strength Cells Number of switch between cells Availability Availability of th...

Page 19: ...iption RX data Total volume of received data TX data Total volume of sent data Connections Number of connection to mobile network establishment Table 8 Traffic Statistics The last part Mobile Network Connection Log displays information about the mobile net work connections and any problems that occurred while establishing them Figure 2 Mobile WAN status 10 ...

Page 20: ...ng 802 11b in 802 11g BSS connection num_sta_no_short_slot_time Number of stations not supporting the Short Slot Time num_sta_no_short_preamble Number of stations not supporting the Short Preamble Table 9 Access Point State Information Detailed information is displayed for each connected client Most of them have an internal character Here are two examples Item Description STA MAC address of connec...

Page 21: ...Hz beacon interval Period of time synchronization capability List of access point AP properties signal Signal level of access point AP last seen Last response time of access point AP SSID Identifier of access point AP Supported rates Supported rates of access point AP DS Parameter set The channel on which access point AP broadcasts ERP Extended Rate PHY information element providing backward compa...

Page 22: ...3 STATUS Figure 4 WiFi Scan 13 ...

Page 23: ...nnel interface gre1 GRE tunnel interface lo Local loopback interface Table 12 Description of Interfaces in Network Status Each of the interfaces displays the following information Item Description HWaddr Hardware unique address of networks interface inet IP address of interface P t P IP address second ends connection Bcast Broadcast address Mask Mask of network MTU Maximum packet size that the equ...

Page 24: ...of collisions on physical layer txqueuelen Length of front network device RX bytes Total number of received bytes TX bytes Total number of transmitted bytes Table 13 Description of Information in Network Status You may view the status of the mobile network connection on the network status screen If the connection to the mobile network is active it will appear in the system information as an usb0 i...

Page 25: ...plays the following information Item Description lease Assigned IP address starts Time that the IP address was assigned ends Time that the IP address lease expires hardware ethernet Unique hardware MAC address uid Unique ID client hostname Host computer name Table 14 DHCP Status Description The DHCP status may occasionally display two records for one IP address This may be caused by resetting the ...

Page 26: ...ted in red in the figure below Figure 7 IPsec Status 3 8 DynDNS Status The router supports DynamicDNS using a DNS server on www dyndns org If Dynamic DNS is configured the status can be displayed by selecting menu option DynDNS Refer to www dyndns org for more information on how to configure a Dynamic DNS client You can use the following servers for the Dynamic DNS service www dyndns org www spdns...

Page 27: ...s used for creating de tailed reports It will be saved as a text file with the txt extension The file will include statistical data routing and process tables system log and configuration The default length of the system log is 1000 lines After reaching 1000 lines a new file is created for storing the system log After completion of 1000 lines in the second file the first file is overwritten with a...

Page 28: ...STATUS Figure 9 System Log The following example figure shows how to send syslog information to a remote server at 192 168 2 115 on startup Figure 10 Example program syslogd start with the parameter R 19 ...

Page 29: ...P address from a DHCP server in LAN network IP address Specifies a fixed set of IP addresses for the network interfaces ETH Subnet Mask Specifies a Subnet Mask for the IP address Bridged Activates deactivates the bridging function on the router no The bridging function is inactive default yes The bridging function is active Media type Specifies the type of duplex and speed used in the network Auto...

Page 30: ...e Only DHCP Client IP Address and Subnet Mask parameters are used to configure the bridge Primary LAN has higher priority when both interfaces eth0 eth1 are added to the bridge Other interfaces wlan0 wifi can be added to or deleted from an existing bridge at any time The bridge can be created on demand for such interfaces but not if it is configured by their respective parameters The DHCP server a...

Page 31: ... ranges of static allocated IP addresses with addresses allocated by the dynamic DHCP server IP address conflicts and incorrect network function can occur if you overlap the ranges Example 1 Configure the network interface to connect to a dynamic DHCP server The range of dynamic allocated addresses is from 192 168 1 2 to 192 168 1 4 The address is allocated 600 second 10 minutes Figure 11 Example ...

Page 32: ...4 CONFIGURATION Figure 12 Example 1 LAN Configuration Page 23 ...

Page 33: ...2 to 192 168 1 4 The address is allocated for 600 seconds 10 minutes The client with the MAC address 01 23 45 67 89 ab has the IP address 192 168 1 10 The client with the MAC address 01 54 68 18 ba 7e has the IP address 192 168 1 11 Figure 13 Example 2 Network Topology with both Static and Dynamic DHCP Servers Figure 14 Example 2 LAN Configuration Page 24 ...

Page 34: ...re the network interface to connect to a default gateway and DNS server Default gateway IP address is 192 168 1 20 DNS server IP address is 192 168 1 20 Figure 15 Example 3 Network Topology Figure 16 Example 3 LAN Configuration Page 25 ...

Page 35: ...0 A priority value of 0 is not allowed Table 18 VRRP configuration You may set the Check connection flag in the second part of the window to enable au tomatic test messages for the cellular network In some cases the mobile WAN connection could still be active but the router will not be able to send data over the cellular network This feature is used to verify that data can be sent over the PPP con...

Page 36: ...ing If a response to the packet is received within the timeout specified by the Ping Timeout parameter then the router knows that the connection is still active If the router does not receive a response within the timeout period it will attempt to test the mobile WAN connection using standard Ping commands Example of the VRRP protocol Figure 17 Topology of VRRP configuration example Figure 18 Exam...

Page 37: ...4 CONFIGURATION Figure 19 Example of VRRP configuration backup router 28 ...

Page 38: ...PAP The router uses the PAP authentication method CHAP The router uses the CHAP authentication method IP Address Specifies the IP address of SIM card You manually enter the IP ad dress only when mobile network carrier assigned the IP address Phone Number Specifies the telephone number the router dials for a GPRS or CSD connection The router uses a default telephone number 99 1 Operator Specifies t...

Page 39: ...trary a higher MTU value can cause the network to drop the packet If the IP address field is left blank when the router establishes a connection then the mobile network carrier automatically assigns an IP address If you assign an IP address then the router accesses the network quicker If the APN field is left blank then the router automatically selects the APN using the IMSI code of the SIM card I...

Page 40: ...d tries to establish new ones Checking can be set separately for two SIM cards or two APNs Send an IMCP to an IP address that you know is still functional The operator s DNS server for example If the Check Connection item is set to the enabled option ping requests are sent on the basis of routing table Thus the requests may be sent through any available interface If you require each ping request t...

Page 41: ... data limit isn t exceeded see next subsection or Send SMS when data limit is exceeded see SMS configuration are not selected the data limit will be ignored 4 3 5 Switch between SIM Cards Configuration At the bottom of this configuration form you can specify the rules for toggling between the two APNs a single SIM card or between the two SIM cards if you have inserted two SIM cards The router can ...

Page 42: ...er to switch to the secondary SIM card or secondary APN of the SIM card If the home network is detected this option enables switching back to the default SIM card For proper operation it is necessary to enable roaming on your SIM card Switch to backup SIM card when data limit is exceeded and switch to default SIM card when data limit isn t exceeded This option enables the router to switch to the s...

Page 43: ...10000 minutes Table 25 Timeout Configuration Example If you mark the Switch to default SIM card after timeout check box and you enter the following values Initial Timeout 60 min Subsequent Timeout 30 min Additional Timeout 20 min The first attempt to change to the primary SIM card or APN is carried out after 60 minutes When the first attempt fails a second attempt is made after 30 minutes A third ...

Page 44: ...4 CONFIGURATION Figure 20 Mobile WAN Configuration 35 ...

Page 45: ...onfiguration Example 2 The following configuration illustrates a scenario in which the router changes to a backup SIM card after exceeding the data limits of 800MB The router sends a warning SMS upon reaching 400MB The accounting period starts on the 18th day of the month Figure 22 Example 2 Mobile WAN Configuration Example 3 The Primary SIM card changes to the off line mode after the router detec...

Page 46: ...Username for secure access to PPPoE Password Password for secure access to PPPoE Authentication Authentication protocol in GSM network PAP or CHAP The router selects the authentication method PAP The router uses the PAP authentication method CHAP The router uses the CHAP authentication method MRU Specifies the Maximum Receiving Unit The MRU identifies the max imum packet size that the router can r...

Page 47: ...casting the unique identifier of SSID network in bea con frame and type of response to a request for sending the beacon frame Enabled SSID is broadcasted in beacon frame Zero length Beacon frame does not include SSID Requests for sending beacon frame are ignored Clear All SSID characters in beacon frames are replaced by 0 Original length is kept Requests for sending beacon frames are ignored Probe...

Page 48: ... checking this item This version doesn t guarantee network throughput It is suitable for sim ple applications that require QoS Authentication Access control and authorization of users in the WiFi network Open Authentication is not required free access point Shared Base authentication using WEP key WPA PSK Authentication using better authentication meth ods PSK PSK WPA2 PSK WPA PSK using new encryp...

Page 49: ... WEP key 16 ASCII characters 128b WEP key WEP key must be entered in hexadecimal digits This key can be specified in the following lengths 10 hexadecimal digits 40b WEP key 26 hexadecimal digits 104b WEP key 32 hexadecimal digits 128b WEP key WPA PSK Type Type of key for WPA PSK authentication 256 bit secret ASCII passphrase PSK File WPA PSK Key for WPA PSK authentication This key must be entered ...

Page 50: ...network Accept Deny List Accept or Denny list of client MAC addresses that set network ac cess Each MAC address is separated by new line Syslog Level Logging level when system writes to the system log Verbose debugging The highest level of logging Debugging Informational Default level of logging Notification Warning The lowest level of communicativeness Extra options Allows the user to define addi...

Page 51: ...4 CONFIGURATION Figure 25 WiFi Configuration 42 ...

Page 52: ...from cable connection via the WiFi network DHCP Client Activates deactivates DHCP client IP Address Fixed set IP address of WiFi network interface Subnet Mask Subnet mask of WiFi network interface Bridged Activates bridge mode no Bridged mode is not allowed default value WLAN network is not connected with LAN network of the router yes Bridged mode is allowed WLAN network is connected with one or m...

Page 53: ...ription IP Pool Start Beginning of the range of IP addresses which will be assigned to DHCP clients IP Pool End End of the range of IP addresses which will be assigned to DHCP clients Lease Time Time in seconds for which the client may use the IP address Table 29 Configuration of DHCP Server All changes in settings will apply after pressing the Apply button Figure 26 WLAN Configuration 44 ...

Page 54: ...g to the settings in the chart below Options include Enable backup routes switching for Mobile WAN Enable backup routes switching for PPPoE Enable backup routes switching for WiFi STA Enable backup routes switching for Primary LAN or Enable backup routes switching for Secondary LAN Network interfaces belonging to individual backup routes should display a flag that says they are RUNNING This check ...

Page 55: ...AN eth2 Primary LAN eth0 Example The router selects the Secondary LAN as the default route only if you unmark the Create connection to mobile network check box on the Mobile WAN page Alternatively if you unmark the Create PPPoE connection check box on the PPPoE page To select the Primary LAN delete the IP address for the Secondary LAN and disabled the DHCP Client for the Secondary LAN Item Descrip...

Page 56: ...tocol is active ICMP Access for the ICMP protocol is active Target Port The port number on which access to the router is allowed Action Specifies the type of action the router performs allow The router allows the packets to enter the network deny The router denies the packets from entering the network Table 31 Filtering of Incoming Packets The next section of the configuration form specifies the f...

Page 57: ... is allowed Action Specifies the type of action the router performs allow The router allows the packets to enter the network deny The router denies the packets from entering the net work Table 32 Forwarding filtering When you enable the Enable filtering of locally destined packets function the router drops receives packets requesting an unsupported service The packet is dropped automatically witho...

Page 58: ...tion Example of the firewall configuration The router allows the following access from IP address 171 92 5 45 using any protocol from IP address 10 0 2 123 using the TCP protocol on port 1000 from IP address 142 2 26 54 using the ICMP protocol 49 ...

Page 59: ...4 CONFIGURATION Figure 29 Topology for the Firewall Configuration Example Figure 30 Firewall Configuration Example 50 ...

Page 60: ...tartup Script dialog is located in the Configuration section of the main menu When creating your rules in the start up script use the following format iptables t nat A napt p tcp dport PORT _PUBLIC j DNAT to destination IPADDR PORT1 _PRIVATE Enter the IP address IPADDR the public ports numbers PORT_PUBLIC and private PORT_PRIVATE in square bracket You use the following parameters to set the routin...

Page 61: ...et the redirect from HTTP Item Description Enable remote HTTP access on port This option sets the redirect from HTTP to HTTPS only disabled in default configuration Enable remote HTTPS access on port If field and port number are filled in configura tion of the router over web interface is allowed disabled in default configuration Enable remote SSH access on port Select this option to allow access ...

Page 62: ...eck box for this configuration The IP address in this example is the address of the device behind the router The default gateway of the devices in the subnetwork connected to router is the same IP address as displayed in the Default Server IP Address field The connected device replies if a PING is sent to the IP address of the SIM card 53 ...

Page 63: ...4 CONFIGURATION Example 2 Configuration with more equipment connected Figure 33 Example 2 Topology of NAT Configuration Figure 34 Example 2 NAT Configuration 54 ...

Page 64: ...ou can set port forwarding using the Public Port and Private Port fields in the NAT dialog You have now configured the router to access the 192 168 1 2 80 socket behind the router when accessing the IP address 10 0 0 1 81 from the Internet If you send a ping request to the public IP address of the router 10 0 0 1 the router responds as usual not forwarding And since the Send all remaining incoming...

Page 65: ...nnels Overview Figure 35 OpenVPN Tunnels List Item Description Description Specifies the description or name of tunnel Protocol Specifies the communication protocol UDP The OpenVPN communicates using UDP TCP server The OpenVPN communicates using TCP in server mode TCP client The OpenVPN communicates using TCP in client mode UDP TCP port Specifies the port of the relevant protocol UDP or TCP Remote...

Page 66: ... OpenVPN tunnel set the Ping Timeout to greater than the Ping Interval Renegotiate Interval Specifies the renegotiate period reauthorization of the Open VPN tunnel You can only set this parameter when the Authen ticate Mode is set to username password or X 509 certificate After this time period the router changes the tunnel encryption to help provide the continues safety of the tunnel Max Fragment...

Page 67: ...ord and X 509 Certificate authentication modes DH Parameters Specifies the protocol for the DH parameters key exchange which you can use for X 509 Certificate authentication in the server mode Local Certificate Specifies the certificate used in the local device You can use this authentication certificate for the X 509 Certificate authentication mode Local Private Key Specifies the key used in the ...

Page 68: ...4 CONFIGURATION The changes in settings will apply after pressing the Apply button Figure 36 OpenVPN tunnel configuration 59 ...

Page 69: ... 2 10 0 0 1 Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Local Interface IP Address 19 16 1 0 19 16 2 0 Remote Interface IP Address 19 16 2 0 19 18 1 0 Compression LZO LZO Authenticate mode none none Table 38 OpenVPN Configuration Example Examples of different options for configuration and authentication of OpenVPN tunnel can be found in the application note...

Page 70: ...d port information in the Local Protocol Port field then the router encapsulates only the packets matching the settings Item Description Create Activates deactivates the individual IPsec tunnels Description Displays the name of the tunnel specified in the configuration of the tunnel Edit Opens the IPsec tunnel configuration form Table 39 IPsec Tunnels Overview Figure 38 IPsec Tunnels List Item Des...

Page 71: ...ed format is preferred Encapsulation Mode Specifies the IPsec mode according to the method of encap sulation You can select the tunnel mode in which the entire IP datagram is encapsulated or the transport mode in which only IP header is encapsulated NAT traversal Enable disables NAT address translation on the tunnel If you use NAT between the end points of the tunnel then enable this parameter IKE...

Page 72: ...e IKE DH Group Key Lifetime Lifetime key data part of tunnel The minimum value of this pa rameter is 60 s The maximum value is 86400 s IKE Lifetime Lifetime key service part of tunnel The minimum value of this parameter is 60 s The maximum value is 86400 s Rekey Margin Specifies how long before a connection expires that the router attempts to negotiate a replacement Specify a maximum value that is...

Page 73: ...el OU TP CN A FQDN for example director conel cz the symbol proceeds the FQDN User FQDN for example director conel cz The certificates and private keys have to be in the PEM format Use only certificates containing start and stop tags The random time after which the router re exchanges new keys is defined as follows Lifetime Rekey margin random value in range from 0 to Rekey margin Rekey Fuzz 100 T...

Page 74: ...4 CONFIGURATION Figure 39 IPsec Tunnels Configuration 65 ...

Page 75: ...t 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Local Subnet 192 168 1 0 192 168 2 0 Local Subnet Mas 255 255 255 0 255 255 255 0 Authenticate mode pre shared key pre shared key Pre shared key test test Table 41 Example IPsec configuration Examples of different options for configuration and authentication of IPsec tunnel can be found in the application note IPsec Tunnel 6 ...

Page 76: ... configuration form Table 42 GRE Tunnels Overview Figure 41 GRE Tunnels List Item Description Description Description of the GRE tunnel Remote IP Address IP address of the remote side of the tunnel Remote Subnet IP address of the network behind the remote side of the tunnel Remote Subnet Mask Specifies the mask of the network behind the remote side of the tunnel Local Interface IP Address IP addre...

Page 77: ...ormat with this key the router sends the filtered data through the tunnel Specify the same key on both routers otherwise the router drops received packets Table 43 GRE Tunnel Configuration Attention the GRE tunnel does not pass through NAT The changes in settings will apply after pressing the Apply button Figure 42 GRE Tunnel Configuration 68 ...

Page 78: ...tunnel configuration Configuration A B Remote IP Address 10 0 0 2 10 0 0 1 Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Table 44 GRE Tunnel Configuration Example Examples of different options for configuration of GRE tunnel can be found in the application note GRE Tunnel 7 69 ...

Page 79: ...s of the server Server IP Address IP address of the server Client Start IP Address IP address to start with in the address range The range is offered by the server to the clients Client End IP Address The last IP address in the address range The range is offered by the server to the clients Local IP Address IP address of the local side of the tunnel Remote IP Address IP address of the remote side ...

Page 80: ... B Mode L2TP Server L2TP Client Server IP Address 10 0 0 1 Client Start IP Address 192 168 2 5 Client End IP Address 192 168 2 254 Local IP Address 192 168 1 1 Remote IP Address Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Username username username Password password password Table 46 L2TP Tunnel Configuration Example 71 ...

Page 81: ...rver Server IP Address IP address of the server Local IP Address IP address of the local side of the tunnel Remote IP Address IP address of the remote side of the tunnel Remote Subnet Address of the network behind the remote side of the tunnel Remote Subnet Mask The mask of the network behind the remote side of the tunnel Username Username for the PPTP tunnel login Password Password for the PPTP t...

Page 82: ...he PPTP tunnel Configuration A B Mode PPTP Server PPTP Client Server IP Address 10 0 0 1 Local IP Address 192 168 1 1 Remote IP Address 192 168 2 1 Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Username username username Password password password Table 48 PPTP Tunnel Configuration Example 73 ...

Page 83: ...e click DynDNS in the main menu Item Description Hostname The third order domain registered on the www dyndns org server Username Username for logging into the DynDNS server Password Password for logging into the DynDNS server Server Specifies a DynDNS service other than the www dyndns org Possible other services www spdns de www dnsdynamic org www noip com Enter the update server service informat...

Page 84: ...hen the router acts as a NTP client This means that the router automatically adjusts the internal clock every 24 hours Item Description Primary NTP Server Address IP or domain address of primary NTP server Secondary NTP Server Address IP or domain address of secondary NTP server Timezone Specifies the time zone where you installed the router Daylight Saving Time Activates deactivates the DST shift...

Page 85: ...s also necessary to specify a password for access to the Community SNMP agent The default setting is public You can define a different password for the Read community read only and the Write community read and write for SNMPv1 v2 You can also define 2 SNMP users for SNMPv3 You can define a user as read only Read and another as read and write Write The router allows you to configure the parameters ...

Page 86: ...inutes Table 53 SNMP Configuration R SeeNet Each monitored value is uniquely identified using a numerical identifier OID Object Iden tifier This identifier consists of a progression of numbers separated by a point The shape of each OID is determined by the identifier value of the parent element and then this value is complemented by a point and current number So it is obvious that there is a tree ...

Page 87: ...ollowing range of OID is used OID Description 1 3 6 1 4 1 30140 2 3 1 0 Binary input BIN0 values 0 1 1 3 6 1 4 1 30140 2 3 2 0 Binary output OUT0 values 0 1 1 3 6 1 4 1 30140 2 3 3 0 Binary input BIN1 values 0 1 Table 54 Object identifier for binary inputs and output The list of available and supported OIDs and other details can be found in the application note SNMP Object Identifier 8 Figure 51 S...

Page 88: ...SNMP agent field The dialog displayed the internal variables in the MIB tree after entering the IP address Furthermore you can find the status of the internal variables by entering their OID The path to the objects is iso org dod internet private enterprises conel protocols The path to information about the router is iso org dod internet mgmt mib 2 system 79 ...

Page 89: ...ial characters are not allowed Own E mail Address Address of the sender Table 55 SMTP client configuration The mobile service provider can block other SMTP servers then you can only use the SMTP server of the service provider Figure 53 SMTP Client Configuration Example You send e mails from the Startup script The Startup Script dialog is located in the Con figuration section of the main menu The r...

Page 90: ...mail email t name domain com s subject m message a c directory abc doc r 5 The command above sends an e mail address to name domain com with the subject subject body message message and attachment abc doc directly from the directory c directory The router attempts to send the message five times 81 ...

Page 91: ...automatically when the router is disconnection from a mobile network Send SMS when datalimit exceeded Activates deactivates the sending of an SMS mes sage automatically when the data limit exceeded Send SMS when binary input on I O port BIN0 is active Automatic sending SMS message after binary input on I O port BIN0 is active Text of message is in tended parameter BIN0 Add timestamp to SMS Activat...

Page 92: ...er one or more phone numbers then you can control the router using SMS messages sent only from the specified phone numbers If you enter the wild card character then you can control the router using SMS messages sent from any phone number Control SMS messages do not change the router configuration For example if the router is changed to the off line mode using an SMS message then the router remains...

Page 93: ...send receive an SMS on the serial Port 2 Item Description Baudrate Communication speed on the expansion port 2 Table 60 Send SMS on the serial Port 2 Setting the parameters in the Enable AT SMS protocol over TCP frame you can enable the router to send and receive SMS messages on a TCP port This function requires you to specify a TCP port number The router sends SMS messages using a standard AT com...

Page 94: ...torage AT CMSS Sends a short message from the SIM storage location AT COPS Identifies the mobile networks available AT CPIN Used to query and enter a PIN code AT CPMS Selects the SMS memory storage types to be used for short message operations AT CREG Displays network registration status AT CSCA Sets the short message service center SMSC number AT CSCS Selects the character set AT CSQ Returns the ...

Page 95: ... to mobile network the phone with the number entered in the dialog receives an SMS in the following form Router Unit ID has established connection to mobile network IP address xxx xxx xxx xxx After disconnecting from the mobile network the phone with the number entered in the dialog receives an SMS in the following form Router Unit ID has lost connection to mobile network IP address xxx xxx xxx xx...

Page 96: ...Example 2 Configuration for sending SMS via serial interface on the Port 1 Figure 55 Example 2 SMS Configuration Example 3 Control the router using an SMS from any phone number Figure 56 Example 3 SMS Configuration 87 ...

Page 97: ...4 CONFIGURATION Example 4 Control the router using an SMS from two phone numbers Figure 57 Example 4 SMS Configuration 88 ...

Page 98: ...bpage If you have the SWITCH version of the router 3x Ethernet ETH2 interface the port can be configured in the LAN item on the Tertiary LAN subpage see Chapter 4 1 In the upper part of the configuration window the port can be enabled and the type of the connected port is shown in the Port Type item Other items are described in the table below Item Description Baudrate Applied communication speed ...

Page 99: ...ions check box then the router rejects any other con nection attempt This means that the router no longer supports multiple connections If you mark the Check TCP connection check box the router verifies the TCP connection Item Description Keepalive Time Time after which the router verifies the connection Keepalive Interval Length of time that the router waits on an answer Keepalive Probes Number o...

Page 100: ... remote device is ready for communications DTR Description server Description client Active The router allows the establishment of TCP connections The router initiates a TCP connec tion Nonactive The router denies the establishment of TCP connections The router terminates the TCP con nection Table 66 DTR Signal Description The changes in settings will apply after pressing the Apply button Figure 5...

Page 101: ...4 CONFIGURATION Examples of the expansion port configuration Figure 59 Example of Ethernet to serial communication Figure 60 Example of serial port extension 92 ...

Page 102: ...op bit Split Timeout Time to rupture reports If the gap between two characters exceeds the parameter in milliseconds any buffered characters will be sent over the Ethernet port Protocol Communication protocol TCP communication using a linked protocol TCP UDP communication using a unlinked protocol UDP Mode Mode of connection TCP server The router will listen for incoming TCP connection requests TC...

Page 103: ...fies that another device is connected to the other side of the cable CD Description Active TCP connection is enabled Nonactive TCP connection is disabled Table 69 CD Signal description When you mark the Use DTR as control of TCP connection check box the router uses the data terminal ready DTR single to control the TCP connection The remote device sends a DTR single to the router indicating that th...

Page 104: ...4 CONFIGURATION Figure 61 USB configuration Examples of USB port configuration Figure 62 Example 1 USB port configuration 95 ...

Page 105: ...4 CONFIGURATION Figure 63 Example 2 USB port configuration 96 ...

Page 106: ...button Figure 64 Startup script Any changes to the startup scripts will take effect the next time the router is power cycled or rebooted This can be done with the Reboot button in the web administration or by SMS message Example of Startup script When the router starts up stop syslogd program and start sys logd with remote logging on address 192 168 2 115 and limited to 100 entries Figure 65 Examp...

Page 107: ...onnection is established Script commands entered into the Down Script window will run when the PPP WAN connection is lost The changes in settings will apply after pressing the Apply button Figure 66 Up Down script Example of Up Down script After establishing or losing a PPP connection connection to mobile network the router sends an email with information about the PPP connection Figure 67 Example...

Page 108: ...specified by that ad dress HTTP HTTPS FTP or FTPS USB flash drive The router finds the current firmware or con figuration in the root directory of the connected USB device Both Looking for the current firmware or configuration from both sources Base URL Base URL or IP address from which the configuration file will be down loaded This option also specifies the communication protocol HTTP HTTPS FTP ...

Page 109: ... for the SPECTRE v3 LTE router Firmware http example com SPECTRE v3 LTE bin Configuration file http example com test cfg Figure 68 Example of Automatic Update 1 The following examples check for new firmware or configurations each day at 1 00 a m An example is given for the SPECTRE v3 LTE router with MAC address 00 11 22 33 44 55 Firmware http example com SPECTRE v3 LTE bin Configuration file http ...

Page 110: ...n the same page If the module contains an index html or index cgi page the module name serves as a link to this page The module can be deleted using the Delete button Updating a module is done the same way Click the Add button and the module with the higher newer version will replace the existing module The current module configuration is left in the same state Programming and compiling of modules...

Page 111: ... saves contents of these messages to an XML file pduSMS Sends short messages SMS to specified number GPS Allows the router to provide location and time information in all weather anywhere on or near the Earth where there is an unobstructed line of sight to four or more GPS satellites Pinger Allows you to manually or automatically verify the functionallity of the connection between two network inte...

Page 112: ...ser Delete Deletes the corresponding user account Table 73 Users Overview Be careful If you lock every account with the permission role Admin you can not unlock these accounts This also means that the Users dialog is unavailable for every user because every admin account is locked and the users do not have sufficient permissions The second block contains configuration form which allows you to add ...

Page 113: ...e the settings to and ensure that the Copy settings from current profile to selected profile box is checked The current settings will be stored in the alternate profile after the Apply button is pressed Any changes will take effect after restarting router through the Reboot menu in the web administrator or using an SMS message Example of usage profiles Profiles can be used to switch between differ...

Page 114: ... your network change the default password You can not enable remote access to the router for example in NAT until you change the password Figure 74 Change Password 6 4 Set Real Time Clock You can set the internal clock directly using the Set Real Time Clock dialog in the Adminis tration section of in the main menu You can set the Date and Time manually When entering the values manually use the for...

Page 115: ...with an international prefix 420 xxx xxx xxx If you are unable to send or receive SMS messages contact your carrier to find out if this parameter is required Figure 76 Set SMS Service Center Address 6 6 Unlock SIM Card The SPECTRE v3 ERT router does not support the Unlock SIM Card option If your SIM card is protected using a 4 8 digit PIN number Personal Identification Num ber open the Unlock SIM ...

Page 116: ...S It is also possible to send an SMS message using CGI script For details of this method see the application note Commands and Scripts 1 6 8 Backup Configuration You can save the configuration of the router using the Backup Configuration function If you click on Backup Configuration in the Administration section of the main menu then the router allows you to select a directory in which the router ...

Page 117: ...he firmware update the router will show the following messages The progress is shown in the form of adding dots After the firmware update the router will automatically reboot Uploading firmware intended for a different device can cause damage to the router Starting with FW 5 1 0 a mechanism to prevent multiple startups of the firmware update is included Firmware update can cause incompatibility wi...

Page 118: ...6 ADMINISTRATION 6 11 Reboot To reboot the router select the Reboot menu item and then press the Reboot button Figure 81 Reboot 109 ...

Page 119: ...s to the router s eth0 interface LAN Wait a moment after turning on the router The router will connect to the mobile network and the Internet This will be indicated by the LEDs on the front panel of the router WAN and DAT Additional configuration can be done in the LAN and Mobile WAN items in the Configura tion section of the web interface LAN configuration The factory default IP address of the ro...

Page 120: ... default For more details see Chapter 4 3 1 Figure 84 Access to the Internet from LAN Mobile WAN configuration To check whether the connection is working properly go to the Mobile WAN item in the Status section You will see information about operator signal strength etc At the bottom you should see the message Connection successfully established The Network item should display information about th...

Page 121: ...cess to the Internet sample topology The configuration form on the Backup Routes page lets you back up the primary connection with alternative connections to the Internet mobile network Each backup connection can be assigned a priority Figure 86 Backup access to the Internet LAN configuration 112 ...

Page 122: ...options you will need to enable the wlan0 network interface in the WLAN item as shown in Fig 87 Check the Enable WLAN interface set the Operating Mode to station STA enable the DHCP client and fill in the default gateway and DNS server Click the Apply button to confirm the changes For details see Chapter 4 6 Use the WiFi item to configure a connection to a WiFi network See Fig 88 Check the Enable ...

Page 123: ...T connector Depending on the SIM card you are using To set up backup routes you will need to enable Check Connection in the Mobile WAN item See Fig 89 Set the Check connection option to enabled bind and fill in an IP address of the mobile operator s DNS server or any other reliably available server and enter the time interval of the check For detailed configuration see Chapter 4 3 1 Figure 89 Back...

Page 124: ...igure 90 Backup access to the Internet Backup Routes configuration You can verify the configured network interfaces in the Status section in the Network item You will see the active network interfaces eth0 connection to LAN eth1 wired connection to the Internet wlan0 WiFi connection to the Internet and usb0 mobile connection to the Internet IP addresses and other data are included At the bottom of...

Page 125: ... is a configuration item in the web interface of the router see chapter 4 10 or Application Note 5 IPsec it is also configuration item in the web interface of the router see chapter 4 11 or Application Note 6 You can also create non encrypted tunnels GRE PPTP and L2TP You can use GRE or L2TP tunnel in combination with IPsec to create VPNs There is an example of an OpenVPN tunnel in Fig 91 To estab...

Page 126: ...ing the remote subnet and mask not necessary The important items are Local and Remote Interface IP Address where the information regarding the interfaces of the tunnel s end must be filled in In the example shown the pre shared secret is known so you would choose this option in the Authentication Mode item and insert the secret key into the field Confirm the configuration clicking the Apply button...

Page 127: ... same as in the previous ex amples Just insert the SIM card into the SIM1 slot at the back of the router and attach the antenna to the ANT connector at the front No extra configuration is needed depending on the SIM card used For more details see Chapter 4 3 1 Expansion Port 1 configuration The RS232 interface port can be configured in the Con figuration section via the Expansion Port 1 item See f...

Page 128: ... from the PC Labeled as SCADA in Fig 93 as a TCP client to the IP address 10 0 6 238 port 2345 the public IP address of the SIM card used in the router corresponding to the usb0 network interface The devices can now communicate To check the connection go to System Log Status section and look for the TCP connection established message 119 ...

Page 129: ...custom hostname This client monitors the router s IP address and updates it whenever it changes GRE Generic Routing Encapsulation GRE is a tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point to point links over an Internet Protocol net work It is possible to create four different tun nels HTTP The Hypertext Transfer Protocol HTTP is an application...

Page 130: ...pproaching 1 IPv6 addresses are represented as eight groups of four hexadecimal digits separated by colons 2001 0db8 85a3 0042 1000 8a2e 0370 7334 but methods of abbreviation of this full notation exist L2TP Layer 2 Tunnelling Protocol L2TP is a tunnelling protocol used to support virtual private networks VPNs or as part of the delivery of ser vices by ISPs It does not provide any encryption or co...

Page 131: ...509 Router A router is a device that forwards data packets between computer networks creating an overlay internetwork A router is connected to two or more data lines from different net works When a data packet comes in one of the lines the router reads the address information in the packet to determine its ultimate destina tion Then using information in its routing ta ble or routing policy it dire...

Page 132: ...tor abbreviated URL also known as web address is a spe cific character string that constitutes a refer ence to a resource In most web browsers the URL of a web page is displayed on top in side an address bar An example of a typi cal URL would be http www example com index html which indicates a protocol http a hostname www example com and a file name index html A URL is technically a type of uni f...

Page 133: ...inesses gov ernments organizations and individuals for al most any purpose imaginable X 509 In cryptography X 509 is an ITU T standard for a public key infrastructure PKI and Privilege Management Infrastructure PMI X 509 specifies amongst other things standard formats for public key certificates certificate re vocation lists attribute certificates and a certifi cation path validation algorithm 124...

Page 134: ...fault IP address 3 Default password 3 Default SIM card 32 Default username 3 DHCP 20 Dynamic 21 Static 22 DNS server 21 31 DoS attacks 48 DynDNS 74 E Expansion Port RS232 89 RS232 485 ETH 89 RS485 422 232 89 SWITCH 89 F Firewall 47 Filtering of Forwarded Packets 47 Filtering of Incoming Packets 47 Protection against DoS attacks 48 Firmware update 99 108 Firmware version 7 G GRE 67 I IPsec 61 Authe...

Page 135: ...res 1 S Save Log 18 Save Report 18 Security certificate 4 Send SMS 107 Serial line RS232 89 RS422 89 RS485 89 Serial number 7 Set internal clock 105 Signal Quality 8 Signal Strength 8 SMS 82 SMS Service Center 106 SMTP 80 SNMP 76 Startup Script 97 Switch between SIM Cards 32 System Log 18 T Transfer speed 1 U Unlock SIM card 106 Up Down script 98 Usage Profiles 104 USB USB RS232 converters 94 USB ...

Page 136: ...ote 2 Conel SmartCluster Application Note 3 Conel R SeeNet Application Note 4 Conel R SeeNet Admin Application Note 5 Conel OpenVPN Tunnel Application Note 6 Conel IPsec Tunnel Application Note 7 Conel GRE Tunnel Application Note 8 Conel SNMP Object Identifier Application Note 9 Conel AT Commands Application Note 127 ...

Reviews:

No comments

Related manuals for SPECTRE V3

Brand: Quantum Pages: 20

Brand: BSD Networks Pages: 7

Brand: Macsense Pages: 39

Brand: IEI Technology Pages: 86

Lite N42B1P Series

Brand: Dahua Technology Pages: 14

Brand: IMC Networks Pages: 36

Brand: Network Critical Pages: 200

Brand: Idis Pages: 16

Fast EtherLink XL PCI 10/100BASE-TXNetwork Interface...

Brand: 3Com Pages: 12

Brand: Wave wifi Pages: 3

Brand: Hi-flying Pages: 59

airPoint Nexus sB3210

Brand: SmartBridges Pages: 55

Brand: Teldat Pages: 47

Brand: Infrant Technologies Pages: 98

Brand: Billion Pages: 20

Brand: Crestron Pages: 2

Brand: Bosch Pages: 28

Brand: Bosch Pages: 44

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands