manualshive.com logo in svg

ETIC IPL-I1128, User Manual, Page: 33 / 56

Share
Download
ETIC IPL-I1128 User Manual Download Page 33

 

CONFIGURATION 

 

IPL-M156 / IPL-I1128 / IPL-L134 router 

User manual ref. 9017109-01

 

Page 33

 

 

11   Restricting the rights of a remote user  

A remote user filter applies to the IP frames received from an 
authenticated remote user. 
 
Once the user has been authenticated and the PPP connection or the has 
been set, the router applies the filter assigned to the user who has been 
recognized; the remote user filter checks the destination IP address and 
port number. 
 
25 remote user filters can be configured and assigned individually to each 
of the users declared in the user list. 
 

11.1 Filter structure 

 

A filter

 is a table made of several lines; each line is called a rule. 

A rule defines what decision the filter has to make when  it receives a 
particular IP frame from the Internet; the decision can be Reject or 
Authorize. 
 
Each rule of the filter is composed a two fields which defines a data flow : 

• 

Service : Protocol (telnet, http…),  

• 

Host : destination  IP@. 

 

To avoid to be obliged to describe what the filter has to do with any 
possible data flow, the filter policy has to be selected. 
 
The filter policy is the policy the firewall has to apply when it encounters 
an IP frame not described by one of the rules of the filter. 
 
The policy can be  
 

• 

“Drop all the IP frames not described by one of the rules”; 

or  

• 

“Accept all the IP frames not described by one of the rules”. 

 
The first policy is generally the right one because it is cautious. 
 
 
 
 
 

Summary of Contents for IPL-I1128

Page 1: ...134 Dedicated line router _________________ User manual Document reference 9017109 01 _________________ www hvssystem com Siège social 2 rue René Laennec 51500 Taissy France Contact hvssystem hvssystem com Tél 0326824929 Fax 0326851908 Distribué par ...

Page 2: ...28 IPL L134 router The IPL M156 and IPL I1128 and IPL L134 routers are manufactured by ETIC TELECOMMUNICATIONS 13 Chemin du vieux chêne 38240 MEYLAN FRANCE TEL 33 4 76 04 20 00 FAX 33 4 76 04 20 01 E mail hotline etictelecom com web www etictelecom com ...

Page 3: ...nnectors 13 1 3 DIP switches 16 2 VENTILATION 16 3 SUPPLY VOLTAGE 16 4 ETHERNET INTERFACE 16 5 RS232 INTERFACE 17 6 RS485 INTERFACE 17 7 INPUT OUTPUT CONNECTION 17 8 PSTN LINE IPL M156 18 9 ISDN LINE IPL I1128 19 10 DEDICATED LINE IPL L134 19 CONFIGURATION 1 OVERVIEW 20 2 CONNECTING A PC TO THE ETHERNET INTERFACE 20 3 MODIFYING THE CONFIGURATION PARAMETERS THROUGH THE LAN 21 4 WRONG IP ADDRESS OR ...

Page 4: ...NECTIONS BETWEEN ROUTERS 24 8 1 Dial up PSTN or ISDN connection 24 8 2 Dedicated line connection 27 9 CONFIGURING STATIC ROUTES 30 10 REMOTE USERS CONNECTION 31 10 1 Configuring the users list 32 11 RESTRICTING THE RIGHTS OF A REMOTE USER 33 11 1 Filter structure 33 11 2 Configuration 34 12 SERIAL TO IP GATEWAY 37 12 1 Modbus gateway 38 12 2 RAW TCP gateway 41 12 3 Multicast gateway 43 13 ADVANCED...

Page 5: ...CONTENT IPL M156 IPL I1128 IPL L134 router User manual ref 9017109 01 Page 5 MAINTENANCE 1 DIAGNOSTIC 49 2 SAVING THE PARAMETERS FILE 50 3 UPDATING THE FIRMWARE 50 APPENDIX 1 HTML configuration server ...

Page 6: ...cated voice band 2 wire line RJ45 Ethernet 10 Mb s 1 1 1 RS232 RS85 1 1 1 IP router NAT DNAT Port forwarding SNMP traps DNS DHCP client or server LAN interface Firewall SPI Remote access server RAS VPN PPTP IPSEC SSL Remote access server Digital input for email alarms 3 3 3 Serial gateway Raw TCP client and server Telnet server Multicast Modbus client and server Unitelway Html Configuration Option...

Page 7: ... C 60 C Humidity 5 95 PSTN ISDN Dedicated line PSTN Analog PSTN line 2 wires V90 modem 56 kb s DTMF and pulse dialling International and programmable line interface ISDN ETSI EURO ISDN conform BRI interface 1 B channel management 64 kb s Dedicated line 2 wires line V34 modem 33 4 kb s Voice band 300 3400 Hz Ethernet IP router Ethernet One Ethernet 10BT interface IP router Remote connections static...

Page 8: ...EC or TLS SSL or PPTP Encryption 3DES Certificate 509 Logs Date and time stamped logs Remote access server RAS User list 25 users Connection PPP connection Login password call back Alarms 3 inputs emails Serial interface RS232 1200 115200 kb s parity N E O Serial to IP gateways Modbus master and slave Raw client et server Telnet Multicast UDP multicast unitelway ...

Page 9: ...L M156 IPL I1128 IPL L134 router User manual ref 9017109 01 Page 9 3 Product overview The IPL is designed to interconnect safely automated devices over the PSTN or ISDN or dedicated lines PSTN network ISDN network ...

Page 10: ...slation DNAT Safe VPN links The IPL router is able to establish safe VPN tunnels Once a VPN is established between two IPL routers each IP device connected to the first LAN can exchange IP frames with any device connected to the other LAN as if they were linked with a private line If the VPN is established between a remote user PC and an IPL router the remote user can access to the devices connect...

Page 11: ...ned or closed SNMP The IPL router is an SNMP agent Html and DIP switches configuration The IPL is configured with a web server Two DIP switches allow to set the method the products receives its IP address over the LAN interface From a DHCP client or server factory IP address or stored IP address Remote access server The IPL provides to authorized users a remote access to the devices connected eith...

Page 12: ......

Page 13: ...set Blinking Remote connection in progress The number of blinks gives an indication of the signal level VPN Lit One VPN at least has been established Blinking VPN establishment in progress LINK Ethernet Interface connected DATA Data activity RD Bytes transmitted to the RS232 from the IPL TD Bytes received from the RS232 to the IPL Lit Operation Blinking hardware defect 1 2 Connectors ...

Page 14: ...Digital input Nr 3 5 OUT1 Relay output 1 6 OUT2 Relay output 2 7 B RS485 polarity B 8 A RS485 polarity A DB9 fem RS232 connector Pin Circuit Designation IPL Terminal 1 CD 109 Carrier detect 2 RD 104 Data Reception 3 TD 103 Data Emission 4 DTR 108 Data terminal ready 5 GND 102 Ground 6 DSR 107 Data set ready 7 RTS 105 Request to send 8 CTS 106 Clear to send 9 RI 125 Ring indicator ISDN RJ45 connect...

Page 15: ...ed line RJ45 connector IPL M156 or IPL L134 Pin Polarit y 1 2 3 4 Telephone line wire 1 5 Telephone line wire 2 6 7 8 Nota bene An RJ11 PSTN cable can be connected to the RJ45 connector of the IPL M156 or IPL L134 The 2 wires of the PSTN or dedicated line must be present on wires 3 and 4 of the RJ11 ...

Page 16: ...It enables to restore the factory profile To restore the factory profile switch the power on while pressing the push button until the RUN light turns green Attention Once the factory profile has been restored the stored configuration is lost 2 Ventilation To avoid overheating when the ambient temperature is high leave a 1 cm 0 5 inch space on each side of the product 3 Supply voltage The supply vo...

Page 17: ... line adaptation For a several meters long connection over the RS485 local interface it is not necessary to adapt the RS485 line For a longer distance connect a 120 Ohm resistor at each end of the line 7 Input output connection Alarm output 1 relay output is provided to indicate an alarm The alarm condition can be selected using the html server The electrical characteristics of the output are Opto...

Page 18: ...f the router is an RJ45 8 points connector But an RJ11 telephone cable can be used The two active telephone wires are the wires number 4 and 5 located in the middle of the connector If the IPL line is an extension line connected to a company PBX it must be a Direct Inward Dialling line DDI or DID in such a way that the remote router can dial the IPL number and be connected directly to the IPL bypa...

Page 19: ...ated line IPL L134 The IPL L134 is designed to be connected to a two wire dedicated line The line must be a voice band line It can be private or leased The line connector located at the bottom of the router is an RJ45 8 pins connector The two telephone line wires are the wires number 4 and 5 located in the middle of the connector An RJ11 telephone cable can be connected to the RJ45 connector In th...

Page 20: ...heck the DIP switches SW1 and SW2 they must be set to OFF and OFF to select the stored IP address or if necessary to ON and OFF to restore the factory IP address Coming from factory the DIP switches SW1 and SW2 are set OFF ready for configuration and the IP address of the IPL is 192 168 0 128 Step 2 Create or modify the PC TCP IP connection Assign to the PC an IP in accordance with the IPL IP addr...

Page 21: ...s assigned to the router Or launch the ETICFINDER utility Configuration modifications through the Internet Modifications can be also carried out through the Internet We advise to protect the access to the administration server with a password The modifications have to be carried out cautiously to avoid to loose the link with the router 4 Wrong IP address or password When launching the html browser...

Page 22: ...P address 192 168 0 128 will also automatically be assigned to the product as long as SW01 will remain ON and SW2 OFF 5 Saving configuration modifications Once modifications of the parameters of one page have been carried out click the Save button at the bottom of the screen After some parameters changes the IPL must restart When the configuration has been completely carried out click the Reboot r...

Page 23: ...the start address and the end address 7 Modem configuration 7 1 PSTN modem IPL M156 Select the System menu and then Modem Enter the prefix the router has to dial when the router is connected to a PABX line Check that the Use default initialisation string option is selected Check that the Permanent link Leased Line option is not selected 7 2 ISDN adapter IPL I1128 Select the System menu and then Mo...

Page 24: ... nodes Click the Add a node button 8 1 Dial up PSTN or ISDN connection The connection with a remote node can be an outgoing connection or an ingoing connection or an outgoing and ingoing connection If a connection is an outgoing connection the local IPL router dials towards the remote router when IP frames have to be transmitted If a connection is an ingoing connection the local IPL router waits f...

Page 25: ...er by dialling towards the remote router or by accepting an incoming call from the remote router X X X Remote router IP and Remote network netmask parameter Enter the IP address and the netmask of the remote router Ethernet interface X X Modem parameter Select the built in choice X X Dial number parameter Enter the number the router has to dial to connect to the remote router X X My login and My p...

Page 26: ...er X X X Firewall filter parameter Select the firewall filter assigned to the connection X X X NAT parameter Select yes to enable the NAT function In that case the PPP IP address of the router is assigned as the source address to all IP frames transmitted by a device towards the PSTN or ISDN If no PPP IP address has been entered it is replaced by the IP address of the router over the Ethernet inte...

Page 27: ...e connection The connection with a remote node can be an outgoing connection or an ingoing connection If the connection is declared as an outgoing connection in a router it must be declared as an ingoing connection in the remote router The table below explains the parameters to configure in both cases ...

Page 28: ...router Select Ingoing if the router waits from an incoming call from the remote router X X Remote router IP and Remote network netmask parameter Enter the IP address and the netmask of the remote router Ethernet interface X Modem parameter Select the built in choice X My login and My password parameters Enter the login and the password the router has to transmit to the remote router to connect to ...

Page 29: ...T parameter Select yes to enable the NAT function In that case the PPP IP address of the router is assigned as the source address to all IP frames transmitted by a device towards the PSTN or ISDN If no PPP IP address has been entered it is replaced by the IP address of the router over the Ethernet interface X X Router PPP IP address and Remote router PPP IP address parameters Enter the IP address ...

Page 30: ...route is called a static route A static route consists in a table which describes a destination network IP address and netmask and the IP address of the router through which an IP frame intended for that hidden network must pass That router can be one of the routers connected directly to the local network or a router connected to a remote network Example 192 168 10 0 Router 2 192 168 10 1 192 168 ...

Page 31: ... network IP address and netmask Gateway IP address Enter the Ip address of the gateway through which the IP frames intended for that network must pass 10 Remote users connection 10 1 Overview The IPL provides a remote user connection function called RAS When a remote PC sets a PPP connection with the router the remote user identity code and password is checked individual access right are automatic...

Page 32: ...isplayed in the user list Login password The login and the password will have to be entered by each user at the beginning of the remote connection E mail The IPL router will send an email to that address in two situations Alarm email the router sends an alarm email to the defined user If the input 1 is closed or opened if that option has been set Internet connection email Once connected to the Int...

Page 33: ... table made of several lines each line is called a rule A rule defines what decision the filter has to make when it receives a particular IP frame from the Internet the decision can be Reject or Authorize Each rule of the filter is composed a two fields which defines a data flow Service Protocol telnet http Host destination IP To avoid to be obliged to describe what the filter has to do with any p...

Page 34: ...that the new service assign a protocol udp tcp icmp and a port number Save The list is updated Step 2 Build a filter Select the security menu then firewall and then Filter list The list of the stored filters is displayed Click add a new filter Assign a name to the new filter Choose the policy All is forbidden except what we specify is the advised policy Click add a new rule to the list Select a ho...

Page 35: ...CONFIGURATION IPL M156 IPL I1128 IPL L134 router User manual ref 9017109 01 Page 35 ...

Page 36: ...PL I1128 IPL L134 router Step 3 Assign a filter to each user Select the System menu and then User list Among the users select a user to which you want to assign a filter and click modify the user window is displayed Assign a filter to the user click OK and save ...

Page 37: ...odbus master to an IP modbus server RAW TCP server or client To connect two serial devices through an IP network Telnet To connect a Telnet terminal to the IPL RAW UDP To exchange serial data between several serial and IP devices through an IP network using a table of IP addresses Multicast To exchange serial data between a great number of serial and IP devices through an IP network using the mult...

Page 38: ...n modbus server and enable the modbus server gateway and set the parameters as follows ASCII RTU protocol Select the right option Proxy Enable the proxy option if you wish to avoid to frequent requests on the RS232 RS485 interface Cache refreshment period Select the period at which the gateway will send request to the slaves PLC Timeout waiting for the answer Set up the timeout the gateway has to ...

Page 39: ...ing character of the same frame Modbus slave address Choose specified by the modbus TCP client if the address of the slave PLC must be decoded by the gateway from the modbus TCP frame coming from the client Otherwise specify the modbus address of the slave PLC in that case only one slave can be connected to the RS232 serial interface TCP inactivity Timeout Set the time the gateway will wait before...

Page 40: ...ption Inter character gap Set up the maximum delay the gateway will have to wait between a received character of a modbus answer frame and the following character of the same frame TCP inactivity Timeout Set the time the gateway will wait before disconnecting the TCP link if no characters are detected TCP port number Set the TCP port number the gateway has to use IP address The modbus client gatew...

Page 41: ...ce has to send requests to one or several slave devices also called server located on the IP network The serial device must be for example a master device Select the transparent and then the raw client menus Enable the raw client gateway and set up the parameters as follows RS232 485 input buffer size Set up the maximum length of an asynchronous string the gateway will store before transmitting it...

Page 42: ...ateway can be used if a serial slave device has to answer requests coming from devices located on the IP network and acting like a master also called TCP client Select the transparent and then the raw server menus Enable the raw server gateway and set up the parameters as follows RS232 485 input buffer size Set up the maximum length of an asynchronous string the gateway will store before transmitt...

Page 43: ...o Ethernet IP devices through an IP network The serial multicast gateway can be used for instance when a serial master device has to send requests to many slave serial devices also called server located on the IP network Serial data is transmitted by each serial device to all other serial devices through the IP network But at the opposite of the RAW UDP technology described previously that Multica...

Page 44: ...ed by RFC 2365 to be constrained to a local group or organization Routers are typically configured with filters to prevent multicast traffic in this address range from flowing outside an autonomous system AS or any user defined domain Within an autonomous system or domain the limited scope address range can be further subdivided so those local multicast boundaries can be defined This also allows f...

Page 45: ...e a string received from the asynchronous device Once declared complete the gateway will transmit the string to the IP network TCP port parameter Set the port number the gateway has to use Multicast group IP address Enter the multicast IP address assigned to the group with respect to the rules of the IANA authority 13 Advanced functions 13 1 Alarms 13 1 1 SNMP The IPLA router is able to send snmp ...

Page 46: ... the users of the users list To set that function select the Alarm menu Enable the alarm email Select this option if you want an email to be sent to a user when the digital input 1 is set ON or OFF Alarm launched on event If the option OPEN is selected the alarm will be sent each time the digital input will be opened If the option CLOSED is selected the alarm will be sent each time the digital inp...

Page 47: ...f the associated machine The explore link To explore the HD of the associated machine if it is a Windows machine The ftp link To explore the files of the associated device If the we portal option has been selected see below the web portal page is displayed when the remote user launches the navigator and enters the Ip address assigned to the IPL router In that case the administration server usually...

Page 48: ...ws to restrict access to the administration server with a login and a password If the login and or password have been forgotten free access to the administration server can be recovered by setting the micro switch 1 ON and the micro switch 2 OFF Attention When the micro switch 1 is set ON and the micro switches 2 is set OFF the factory IP address 192 168 0 128 is restored ...

Page 49: ...em LAN MAC address Ethernet mode half or full IP address Modem Built in or external modem status Serial gateway That page displays the current status of the serial gateways Type of the gateway Modbus RAW Telnet serial port set up data rate etc number of characters received or sent Number of TCP frames or UDP datagrams received or sent Number of TCP connections enabled The View link displays a wind...

Page 50: ...he parameters file Click the Load button and confirm to restart the product Attention A parameters file can only be restored towards a product having the same firmware version 3 Updating the firmware Step 1 Before starting you need A PC with a Web browser An Ethernet cable or a switch The FTP server software which can be downloaded from the firmware page of the ETIC download area web server Step 2...

Page 51: ...yed Select the System menu and then firmware Update In the field IP address of the TFTP server enter the IP address of your PC Note The IP address of the PC is written in the field Server Interface in the TFTP server windows Click Save and then Update The first file should begin to be downloaded from the PC to the router During the operation the led blinks When the download is finished the product...

Page 52: ......

Page 53: ...he initialisation string of the modem RS232 RS485 To set the parameters of the serial interface SNMP To set the SNMP traps DHCP To set the DHCP server function over the Ethernet interface Firmware update Update the product firmware Save restore To download upload the configuration file of the product Reboot To restart the product Routing Remote nodes To describe remote routers Static routes To des...

Page 54: ...way Modbus To configure the modbus gateway Transparent To configure the rawTCP multicast telnet gateway Unitelway To configure the unitelway gateway Alarms To enter the conditions an email is transmitted to a user Diagnostic Logs To display logs Network status To display all the parameters of the connection in use MAC IP SHDSL connection data rate error rate statistics Gateway status To display th...

Page 55: ......

Page 56: ...e Tel 33 4 76 04 20 00 Fax 33 4 76 04 20 01 E mail contact etictelecom com Web www etictelecom com www hvssystem com Siège social 2 rue René Laennec 51500 Taissy France Contact hvssystem hvssystem com Tél 0326824929 Fax 0326851908 Distribué par ...

Reviews:

No comments