MB Connect Line mbNET MDH 810 Manual Download Page 76 | Manualshive

Page: 76 / 226

background image

Page 76 of 226
Version: 3.3.5

– DR05 – 23.03.2017

13.

Creating certificates and revocation lists using XCA.

Certificates overview

13.1

Any subscriber communicating over a VPN connection needs 2 certificates. One certificate must
be signed by a CA (Certificate Authority). Each subscriber must have the CA certificate plus a
“server” or “client” certificate. In our case:



The server

may be the

mbNET

or a separate server.



The client

is either a computer or another

mbNET

.

The certificates are required to set up a secure VPN tunnel and are used to authenticate the VPN
subscriber. If the subscriber has no certificate, or an invalid certificate, no VPN tunnel can be es-
tablished between the two devices if the authentication setting on the

mbNET

is

“

X.509

”.

To understand how to create certificates, please read the following pages.

«
...
74
75
76
77
78
...
»

Summary of Contents for mbNET MDH 810

Page 1: ...MANUAL V3 3 6 EN MDH800 MDH859 23 03 2017 MDH810 MDH811 MDH814 MDH815 MDH816 MDH819 MDH830 MDH831 MDH834 MDH835 MDH841 MDH849 MDH850 MDH855 MDH858 MDH858 MDH859...

Page 2: ...be found on our homepage www mbconnectline com We welcome comments suggestions for improvement or constructive criticism at any time Trademarks The use of any trademark not listed herein is not an in...

Page 3: ...nel USB port 20 7 5 8 First time operation 21 Connecting the router to the power supply and switching on 21 8 1 Connecting the router to a configuration PC 22 8 2 9 Router configuration prerequisites...

Page 4: ...Connecting the router 61 12 5 1 1 Configuring the router using the web interface 61 12 5 1 2 Configuring the industrial router for VPN connection to a client 64 12 6 Connecting and configuring the rou...

Page 5: ...6 3 2 Menu settings SMS 118 16 3 3 Network Modem Callback 120 16 3 4 Network Modem SMS 121 16 3 5 Remote service control commands using SMS 122 16 3 6 Network Internet 123 16 4 Network Internet Intern...

Page 6: ...PN Windows client 170 19 3 2 2 Authenticating a Windows client with static key 171 19 3 2 3 Router Router 173 19 3 2 4 Server no authentication or static key 175 19 3 2 1 Multi client Multiple clients...

Page 7: ...22 12 Status Diagnostics 211 22 13 Status USB 212 22 14 Status Alarmmanagement 212 22 15 Status System 213 22 16 23 Extras 214 LUA 214 23 1 Toolbox 215 23 2 24 Factory settings on delivery 216 Usernam...

Page 8: ...ection using an integrated firewall with IP filter NAT and port forwarding VPN with AES DES 3DES DESX Blowfish or RC2 encryption and authentication via pre shared key PSK static key or certificate X 5...

Page 9: ...opening and improper repair can pose a danger to the user Unauthorized modifications are not covered by the manufacturer s warranty Opening up the device voids the warranty The router must be dispose...

Page 10: ...du routeur ou des r parations non adapt es peuvent mettre en danger l utilisateur du routeur Le fabricant n assure aucune garantie concernant les modifi cations arbitraires La garantie devient caduque...

Page 11: ...he Berkeley Software Distribution BSD the Massachusetts Institute of Technology MIT or another open source software license which regulates that the source code must be made available and if this soft...

Page 12: ...Page 12 of 226 Version 3 3 5 DR05 23 03 2017 4 Technical Data...

Page 13: ...100 Mbit s full and half duplex operation autodetection patch cable crossover cable USB interface USB Host 2 0 VPN VPN protocol IPsec PPTP OpenVPN 64 tun nel Item no 8812 UL 8813 UL 8814 UL 8830 UL 8...

Page 14: ...nlink max 21 Mbps uplink max 5 76 Mbps Antenna connector SMA socket FCC FCC ID R17HE910 Devices with UMTS 3G modem Item no 8813 UL 8818 UL 8833 UL Target region EMEA Europe the Middle East and Africa...

Page 15: ...ification EU 2 412 GHz 2 472 GHz 1 13 Channel USA 2 412 GHz 2 462 GHz 1 11 Channel WPA WP2 64 128 152bit WEP WPS 802 11b 1 2 5 5 11 Mbps 802 11g 6 9 12 18 24 36 48 54 Mbps 802 11n 20 MHz MCS0 7 up to...

Page 16: ...arts are in the product package All devices mbNET router Quick Start Guide Straight through Ethernet cable Router variants with analog modem Router variants with GSM Modem 3G 4G RJ11 plugr RJ10 to TAE...

Page 17: ...flashing 1 5Hz VPN connection active LED flashing 3 Hz Internet or VPN connection is being established Pwr Power LED off Router power source is switched off or router is not connect ed to power source...

Page 18: ...10 MDH815 MDH830 MDH816 MDH835 X1 Power supply connection 10 30V DC 0V DC connection X2 4 Digital input I4 10 30V 3 Digital input I3 10 30V 2 Digital input I2 10 30V 1 Digital input I1 10 30V P Fuse p...

Page 19: ...A1 Pin ISDN Analog 1 Not connected Not connected 2 TX Not connected 3 RX Lb b 4 RX La a 5 TX Not connected 6 Not connected Not connected Pin RS 232 RS 485 MPI 1 DCD Data Carrier Detect Not connected...

Page 20: ...sion 3 3 5 DR05 23 03 2017 Pinout of front panel LAN WAN ports 7 4 Pinout front panel USB port 7 5 Signal 1 TX 2 TX 3 RX 4 Not connected 5 Not connected 6 RX Signal 1 VCC 5V 2 Data 3 Data 4 GND 1 2 3...

Page 21: ...C first ensure that it is properly connected to a power supply other wise it may cause damage to other equipment You should therefore follow the instructions given below Connect the 10 30V DC power su...

Page 22: ...be set to 192 168 0 X where X is variable o the subnet mask must be 255 255 255 0 For instructions on how to create the required settings on a PC please see the next page If you already know how to s...

Page 23: ...In the next window double click on Internet Protocol TCP IP In the next window enter the appro priate IP address An appropriate IP address would be e g 192 168 0 2 Please note the Internet IP address...

Page 24: ...t Protocol TCP IP 4 In the next window enter the appro priate IP address An appropriate IP address would be e g 192 168 0 2 Please note the Internet IP address must be 192 168 0 X and is not allowed t...

Page 25: ...me admin Password no password required First Start on the Web interface Here you can select between the adjustment Cloudserver and Classic router With the setting Cloudserver you can connect to the po...

Page 26: ...Page 26 of 226 Version 3 3 5 DR05 23 03 2017 Cloudserver 10 1 If you selected Cloudserver you can synchronize your configurations per CTM to your device The following page will appear...

Page 27: ...r will obtain connection information such as IP address and subnet mask using DHCP Gateway and DNS servers can be specified as an option Static IP Set the connection information manually There will ap...

Page 28: ...on from your ISP Internet Service Provider Please Note Important criterion If you use this setting then the router expects that a DLS Modem is connected direct to the WAN slot Label Description PPP Ty...

Page 29: ...ion manually There will appear the following two in put fields enter your required data here IP address Specify an IP address Netmask Specify the netmask for the IP address Gateway Enter the IP addres...

Page 30: ...e Europe PRO USA Canada USA Canada PRO or User Defined Cloudserver address name You can select the used Portalserver here Session Key If you have set a session key on the upload of the configuration f...

Page 31: ...reen of the mbNET 10 1 5 If you search for your mbNET in your web browser you get this screen Here you can see the connection or network problems of the mbNET To see more detailed information click on...

Page 32: ...aunch simplifying network Internet and VPN connec tion set up The wizard is easy to use and takes you through the configuration process step by step You can also launch the wizard manually To do this...

Page 33: ...23 03 2017 Configuration screen of the mbNET 10 3 On successful log in you will be taken to the configuration interface home page If you use the mbNET with WLAN Firmware 4 1 you have a little differe...

Page 34: ...nection the circle is solid gray Modem connection Only incoming modem connections are shown here A green dot means that a modem connection is established The display also shows which user is connected...

Page 35: ...ently stores and applies all saved changes 6 This is a check box Clicking on a box enables disables the option as sociated with it 7 If input is required in a field that looks like this it must be ent...

Page 36: ...lication requirements you need to implement some specific basic settings Proceed as follows On the navigation bar at the top bar on the web interface home page click System and Settings This will disp...

Page 37: ...tem time The time is updated only after a restart or manually Registered time server 134 176 25 NTP server Specifies a time server for updating system time A time server IP address may be entered inst...

Page 38: ...soon as it gets online CTM has to be activated on the device to ensure the transmitting of the con figuration Note Only available for devices with firmware version higher or equal to V 4 0 Label Desc...

Page 39: ...able HTTPS If you check this checkbox you activate the safe variant of HTTP HTTPS Hyper Text Transfer Protocol Secure for the communication with the router over the web interface Important After enabl...

Page 40: ...Page 40 of 226 Version 3 3 5 DR05 23 03 2017 WLAN Configuration 11 6 Network WLAN Label Description Interface Type DHCP Settings are received with DHCP Static IP You can set the settings manually...

Page 41: ...PA2 PSK is the implementation of a high safety standards in accordance with the WLAN standards It is the successor of WPA and one of the safest methods of encryption WPANONE No authentication Encrypt...

Page 42: ...ailable frequency band more effectively then older standards Max speed max 54 600 Mbit s Frequenzy 2 4 5 GHz Bandwith at 2 4GHz 20MHz at 5GHz 40MHz Range Indoor 70m Outdoor 250m 11GN mixed The standar...

Page 43: ...web interface A description of some basic connection scenarios follows Choose the connection scenario that best applies to you and follow the instructions in the relevant sec tion Configuring the mbNE...

Page 44: ...n with a client PC via DSL Internet access using a DSL modem see section 9 4 Configuring the mbNET industrial router for connection to the Internet using another router see section 9 5 Configuring the...

Page 45: ...etwork 12 2 The following diagram shows how to connect the industrial router to a client over the public telephone network Using this type of connection the industrial router can be accessed over the...

Page 46: ...adapter to analog cable Plug one end of the supplied cable into the RJ12 jack 1 on the bottom of the router and the other end into the TAE jack 2 ISDN connection applies to device models MDH xx2 With...

Page 47: ...r the telephone network Label Description Modem Init ANALOG if using an analog device enter the command GCI country code for country codes see Country codes for analog devices here and in the second r...

Page 48: ...check box to check it and enable a client computer to connect to the mbNET via a dial up connection PPP Server IP address here Enter the IP address of the PPP server In this case 192 168 4 100 This se...

Page 49: ...r notes on adding us ers and assigning specific rights please see section Adding users Finally to save your changes permanent ly to the industrial router click Apply Changes For devices to be able to...

Page 50: ...need to set up a suitable dial up connection on the computer as follows Click on START and then Control Panel Click on NETWORK CONNECTIONS and then NEW CONNECTION WIZARD This launches the connection w...

Page 51: ...nfiguring the router client connection over the telephone network continued Now you need to give your connection a name then click NEXT Enter the telephone number of your remote station the number tha...

Page 52: ...dem If you select ed the option every User with dial in rights you can enter the user name and password of a user who has dial in rights Click Connect You have established a connection to the router D...

Page 53: ...y LEDs are shining solid green Connecting the router 12 3 1 1 Analog connection only applies to device models MDH xx0 Connect TAE adapter to analog cable Plug one end of the supplied cable into the RJ...

Page 54: ...ee your provider listed you can enter your APN manually Ask your provider what details to enter for the APN or visit our website at http www mbconnectline de gsm grps mobilfunk html Phone number Enter...

Page 55: ...ss is to be sent here For a detailed description of the Network Internet settings please see section Network Internet Save your changes by clicking Save Changes Click on System User and add a user wit...

Page 56: ...n settings made previously the IP address is sent to the email address that was provided This allows you to ac cess the router via the IP address As the router IP address changes each time it dials in...

Page 57: ...onnection or to set one up Connecting and configuring the router 12 4 1 Before you begin The router must already be connected to a suitable power source and the Power and Ready LEDs must both be solid...

Page 58: ...e or be accessible over the Internet via MB Connect Line s DynDNS Confirm and save your entries Finally the mbNET must be restarted to fully implement the settings From the home page of the configurat...

Page 59: ...hanges To finish restart the router Label Description Internet connections Here select to connect over Internet via WAN Connection Mode Select Connect immediately The connection will be established wh...

Page 60: ...the router s IP address The option to transmit the IP address is se lected during router configuration The IP address is identified by sending it to the email address specified during configuration C...

Page 61: ...into the 1 WAN connector on the mbNET router and the other end into the LAN connector 2 of the existing network router Configuring the router using the web interface 12 5 1 2 The connection wizard hel...

Page 62: ...res a DNS server see Network DNS server WAN IP address Here enter the IP address of the mbNET connected to the WAN port In the example 192 168 1 100 Netmask Enter the subnet mask In this case 255 255...

Page 63: ...net settings please see section Network Internet Label Description Internet connection From the drop down field select connect to Internet via WAN external router fixed line so that the Internet conne...

Page 64: ...n called a VPN tunnel In the connection scenarios described in 9 3 and 9 4 a client can only access the router s serial interfaces for a description of serial interfaces see Serial Interfaces This doe...

Page 65: ...al router via a VPN a user must be added and have VPN dial in rights assigned under user management For instructions on exactly how to add a user with spe cific rights please see section System Users...

Page 66: ...t Otherwise check the box and click Next Please note that with firmware versions 2 0 and higher to enable IPSec configuration on the wizard page you first need to click on IPSec below the Start button...

Page 67: ...PPTP server in a different address space if there is an address conflict Remote IP address or Range Enter the remote addresses here In the example 192 168 10 160 170 This assigns the IP addresses of t...

Page 68: ...nt PC must have an existing Internet connection For information on setting up a client PC please see section Configuring a client PC for router access In Windows Control Panel click on Network Connect...

Page 69: ...ISP For information on setting up and using the MB Connect Line DynDNS service please see section Network DynDNS When entering the router s IP address make sure that you always enter the current IP a...

Page 70: ...connected to the Internet and accessible via the IP address Setting up a VPN connection from client to router 12 6 3 2 Double click on the VPN connection icon and in the next screen enter the user na...

Page 71: ...an industrial router has been set up as a client please see the next section for settings that will allow it to access another remote industrial router Configuring a connection between two routers vi...

Page 72: ...he Autoconfig option to NO and you will see the picture on the right From the home page navigation bar on the left click VPN and on the navigation bar at the top click PPTP This will display the scree...

Page 73: ...the client The WINS server IP address can also be entered here for compatibility with older Microsoft operating systems Encryption This option selects the type of data encryption MPPE V2 All MPPE V2 1...

Page 74: ...hot on the right 192 168 0 0 24 Authentication Choose one of the methods support ed by the PPTP server You can see what they are on the PPTP server s web page under VPN PPTP Encryption Use the same ty...

Page 75: ...te station or the address for a whole network We recom mend entering a network address In the example 192 168 0 0 24 Note the CIDR notation 24 after the network address Authentication Select an authen...

Page 76: ...te plus a server or client certificate In our case The server may be the mbNET or a separate server The client is either a computer or another mbNET The certificates are required to set up a secure VP...

Page 77: ...ssary private keys You can download the program from http sourceforge net projects xca free of charge and install it in Windows in the usual way run the exe file When you launch XCA for the first time...

Page 78: ...ificate click on the Certificates tab and open the following dialog box by clicking New Certificate Root certificate source 13 2 1 1 First change the Signature algorithm to MD5 so that the certificate...

Page 79: ...the fields from Internal Name through email address For VPNs using IPSec Subject settings can later be used as an ID cf section Authentication Next create a private key by clicking on Generate a new...

Page 80: ...80 of 226 Version 3 3 5 DR05 23 03 2017 Select key type RSA You can select any key size and of course any name The longer the key the more secure the encryption but also the more processing power requ...

Page 81: ...specific start and end date in the relevant fields or use the adjacent Time Range field Time Range In the dialog boxes to the right enter the number of days months or years The list below specifies h...

Page 82: ...you need to enter the LDAP or HTTP ad dress of the list The address should always be prefixed with a URI universal resource indicator e g URI http de wikipedia de For the field separator use a colon I...

Page 83: ...the boxes marked Critical unchecked To create a root certificate please select the following values in the left hand column Certificate Sign CRL Sign Selecting these options means that your root certi...

Page 84: ...3 2017 Creating a client certificate 13 2 2 To create a certificate signed by this CA in the Certificates tab highlight the root certificate that you just creat ed and click again on New Certificate A...

Page 85: ...rtificate source 13 2 2 1 First we need to select our root certificate as the one that will be used as signatory We also need to set the signature algorithm to MD5 again We see here that our root cert...

Page 86: ...rtificate subject 13 2 2 2 Once again assign the client certificate details from internal name through email address Then generate a key for the client certificate It is recommended that the key shoul...

Page 87: ...c start and end date in the relevant fields or use the adjacent Time Range field Time Range In the dialog boxes to the right enter the number of days months or years The list below specifies how long...

Page 88: ...ed with a URI universal resource indicator e g URI http de wikipedia de For the field separator use a colon If you hold local revocation lists this option is not relevant Authority Info Access This PK...

Page 89: ...that OpenVPN can query whether a VPN server is also equipped with SSL This op tion can also be enabled on the mbNET The section on OpenVPN goes into more detail on this and on the set tings options I...

Page 90: ...17 Now the certificates need to be published by highlighting the relevant ones in the Certificates tab and then clicking Export In the menu below you can specify the save location for the certificate...

Page 91: ...ws XP Generating CRL Files Certificate Revocation Lists 13 3 If you wish to withdraw a team member s rights to use the VPN tunnel please read this section and create a certificate revocation list To d...

Page 92: ...t it and click Export Select pem as the export format Choose a suitable save location then confirm with OK You can now import the list using the System Certificates menu on the mbNET web interface cf...

Page 93: ...ificates from the list of available snap ins In the next window select Computer account In the next screen ensure that you select This Snap in will always manage Local computer computer running this c...

Page 94: ...are required The CA certificate is automatically imported Nor is it necessary to save the console Double clicking on the relevant certificate displays its properties In the General tab you can check a...

Page 95: ...tion is usually 40 or 128 Bit depending on key size Label Description HTTP Port The standard port for HTTP requests is TCP 80 You can change this if you need this port for your OpenVPN connection or i...

Page 96: ...ng users 15 2 2 To edit a user proceed as follows Select System and then Users To select a user whose rights you want to change click on the edit button The user will be displayed in the first row alo...

Page 97: ...ror message when you save In the three check boxes that follow specify which rights you want the new user to have Choose whether the user Can make settings in the web interface Administration o Can co...

Page 98: ...gation bar on the left select System and then Users Select the row that contains the user name password and so on and click the icon to Delete To apply the settings to the router perma nently click Ap...

Page 99: ...is called the Subject and whoever issues the certificate is called the Issuer Below is a screenshot of the relevant certificates tabs and the option to import a new certificate Personal Certificates 1...

Page 100: ...ovides file path for certificate file Name for this certificate optional optional entry of a name for the certificate file Password certificate password entry The certificate must have been assigned a...

Page 101: ...ilable as a CRT file and needs to be imported to the router Label Description Import new cer tificates Choose CRT file enter the file location or browse the relevant drive for the certificate file Fil...

Page 102: ...tiple crt files Label Description Import new cer tificates Choose CRT file enter the file location or browse the relevant drive for the certificate file File extension crt Name for this certificate op...

Page 103: ...le extension pem Update download address url the PEM file can be regularly updated by entering the download address Import CRL file as long as the above data have been entered correctly the blacklist...

Page 104: ...ription Enable Select whether to enable connection of a USB device with the industrial router Workgroup name Enter the name of the workgroup through which users can access the drive Servername Enter a...

Page 105: ...the USB device via SFTP Under USB Devices you can see if a USB Device is plugged in or not Label Description Active Check this box if you like the mbNET to mount the USB device SFTP User Please enter...

Page 106: ...e also being saved to an USB Device Enable Remote Logging To enable a log server place a check in the box by clicking on it System log ging for the mbNET industrial router can now be outsourced to ano...

Page 107: ...will be prompted to enter a location e g the USB drive letter Include certificates and keys This configures the system to copy an mbNET Please note that this configuration file should only be used for...

Page 108: ...ved config file mbn mbns To restore a configuration the stored file containing the router configura tion must be restored i e transferred back on to the industrial router To perform a restore first cl...

Page 109: ...SB 15 7 1 This requires a USB storage device to be connected to the industrial router so that the file can be transferred across The firmware name image bis is listed here To upgrade the firmware clic...

Page 110: ...IP address of the router that you are upgrading Size of pool 10 Mask Network subnet mask Clicking on Save will store the settings In the drop down field under Current Directory you need to select the...

Page 111: ...ss used for accessing the router from the LAN Label Description Interface To set up the LAN interface click on the tab LAN IP address Enter the router IP address Netmask Enter the subnet mask of the n...

Page 112: ...refore automatically assigned a new IP address by the industrial router Please also contact your network ad ministrator to confirm this Static IP Select this setting if connection to the Internet is v...

Page 113: ...ol connection For example in Austria PPTP is used with DSL connec tions PPP User Login see the access user name provided by your ISP PPP User Pass see the access password provided by your ISP WAN IP a...

Page 114: ...oing Internet connection it cannot be used for an incoming connection Label Description Modem Init ANALOG If using an analog device enter the command GCI country code for coun try codes see Country co...

Page 115: ...ction the router and the remote station establish a sepa rate network Dial in Authentication Specify whether a user name and password i e authentication will be required to dial in to the router The o...

Page 116: ...the request Under Network Internet set the Internet connection to On demand and set the subse quent option to Connect on Sign 1 at Input To call the first number switch on input 1 To call the second...

Page 117: ...and devices there are two Outgoing menus These are simply SIM1 and SIM2 There is also a second menu SMS settings Various provider specifications for every SIM card possible Switching between SIM1 and...

Page 118: ...broadband provider here If it does not appear select Oth er Providername only GSM If your provider was not shown you can also manually enter the APN Access Point Name here You can obtain details of th...

Page 119: ...he primary SIM card On Off SMS Remotely control services via SMS Enable Service Control via SMS On Off Check the Phone Number of the Sender On Off Senders Phone Number Enter the phone number of the se...

Page 120: ...back function How to call back Activate Call Back via Phone With this setting the mbNET will connect to the Internet if called from a phone To es tablish a connection the mbNET must be alerted by four...

Page 121: ...ecific number Then enter the sender s cell number in Senders Phone Number in the next field Commands sent from any other number will now be rejected Send an SMS when Internet Connection Established Th...

Page 122: ...of the connection e g OPEN VPN START Wizard In addition be aware that connection name is case sensitive REBOOT This will restart your industrial router Please note that it cannot receive any commands...

Page 123: ...nection will be established via modem Enter the login in formation under Netzwork Modem Internet via WAN If the internet connection should be established via DSL Modem then select this option You also...

Page 124: ...while pushing dialout button o Connect when a signal is received at inputs I1 I2 I3 or I4 o Connect on traffic Close connection if Don t lock select this option if you want to prevent the Internet con...

Page 125: ...you wish an Internet connection to be triggered by pressing the Dial out button on the front of the router check this box ADVICE Press and hold the Dial Out button until the Con LED starts to flash Co...

Page 126: ...Page 126 of 226 Version 3 3 5 DR05 23 03 2017 Internet failover connection 16 4 3 Firmware versions 3 x x and higher have an optional failover function for the Internet connection...

Page 127: ...for the Internet interfaces The order and number or interfaces are freely definable The Retry interface before switch to next interface parameter specifies how many times an Internet connection should...

Page 128: ...in the following order If the first IP fails the second will be used If this one also fails the third will be used and once all three have been run through a test will be carried out If the set test...

Page 129: ...tween SIM1 and SIM2 First we need to specify a primary SIM card which will always be verified or used by default The secondary SIM card is always the non primary one Switching is based on two selectab...

Page 130: ...er here End End address of the range managed by the DHCP server Netmask Subnet mask of the range managed by the DHCP server Broadcast Broadcast address of the range managed by the DHCP server Gateway...

Page 131: ...can enter up to five DNS server Settings This tab allows you to activate or enter the DNS server settings listed below No Hosts Computer names entered under the Network Host menu are ignored Strict O...

Page 132: ...t via this IP However as soon as it closes this connection and dials in again it receives a new IP address The DynDNS service makes the industrial router contactable using the same address every time...

Page 133: ...ternet 123456789 mbNET mymbnet biz The name will be globally available approx 1 2 minutes after Internet dial in Public DynDNS Service Label Description Enable If you are registered with a DynDNS prov...

Page 134: ...al interface General 17 1 Both serial interfaces can be accessed via a dial up or Internet connection using a known IP address Serial interface COM1 can be directly configured to RS232 RS485 and RS422...

Page 135: ...Page 135 of 226 Version 3 3 5 DR05 23 03 2017 RS232 485 serial interfaces 17 2...

Page 136: ...cles the sys tem goes through until it sends the data packet Driver Select the driver that you want to load Device drivers can be selected for the following brands AllanBradley AMK ASB AtlasCopco Baum...

Page 137: ...Manager Label Description Protocol VCOM LAN2 PC adapter MPI PROFIBUS Baud rate If you select VCOM LAN2 PC adapter the PG PC interfaces must be in stalled on a PC adapter MPI PROFIBUS For bus speeds hi...

Page 138: ...he master gateway must be assigned as the PLC routing gateway station address on the router Example The PLC master is connected to the router e g address 13 via MPI Bus e g address 14 and a subscriber...

Page 139: ...when the virtual COM Port was opened from an application program a small amount of data may be lost while the virtual COM port is being opened as some programs send data to the port immediately before...

Page 140: ...pecify the own station address for the mbNET If you wish to set up a connection to a Siemens control system you first need to verify the settings in Simatic Manager by selecting Extras Set up PG PC in...

Page 141: ...age 141 of 226 Version 3 3 5 DR05 23 03 2017 Settings for NETPro Step 7 17 4 1 Launch the NETPro application in Simatic Manager Create subnets 17 4 2 Create a PROFIBUS and an Industrial Ethernet subne...

Page 142: ...1 you need to add a PC station You can skip steps 2 2 to 2 3 if you are using the NETPro Import function A pre configured mbNET station is available as an annex to these instructions You can download...

Page 143: ...QH00 0AB4 V3 4 found by selecting Simatic PC Station Controller CPU412 2 PCI and a IE_CP V6 2 1 IE General found by selecting Simatic PC Station CP Industrial Ethernet IE General IE_CP SW V6 2 SP1 The...

Page 144: ...Page 144 of 226 Version 3 3 5 DR05 23 03 2017 Add PC PG station 17 4 5 Now you need to add a PC PG station...

Page 145: ...the Industrial Ethernet settings for the PC Specify the PG PC subnet mask and IP address here The PG PC IP address can be from any where in the network range but may not overlap with other addresses o...

Page 146: ...6 of 226 Version 3 3 5 DR05 23 03 2017 After assigning your chosen interface the window should look like this S7ONLINE access must be set to Active The subnet Industrial Ethernet is now linked with th...

Page 147: ...s PC Station in this case mbNET double click on IE General Click on Properties to set the interface parameters Enter the IP address and subnet mask here The IP address and subnet mask must be the same...

Page 148: ...x network card will appear in the bottom border of the screen as PG PC interface It is recommended at this stage to assign a bus address in this case MPI to the PC station and link this with the subne...

Page 149: ...uting 17 4 7 For the station to be able to contact a subscriber from another slave network see picture you need to make the following settings In the mbNET settings enable RFC1006 routing and enter th...

Page 150: ...226 Version 3 3 5 DR05 23 03 2017 Connecting to S7 using the mbNET S7 driver 17 5 Alternatively the licensed mbNET S7 driver can be used Once installed this is directly available as an adapter in Sima...

Page 151: ...Page 151 of 226 Version 3 3 5 DR05 23 03 2017 The router settings for this must be as shown below RFC1006 can be operated in parallel with this...

Page 152: ...kets from the VPN tunnel normal Security With this setting incoming data traffic data from the Internet is denied while outgoing da ta traffic is allowed minimum Security With this setting all incomin...

Page 153: ...he firewall interface under the WAN interface drop down field Label Description Enable Check the box by clicking it to enable the subsequent settings after they are saved Action The following options...

Page 154: ...4 of 226 Version 3 3 5 DR05 23 03 2017 Edits the settings in the current line Deletes entries in the current line Accepts a new rule Temporarily saves the created rule Changes the order of the created...

Page 155: ...to the Internet here If you leave the field blank the set action applies to all IP addresses Source Port Enter the port via which the data packets go to the Internet here Protocol The following option...

Page 156: ...are available for selection All The set rule applies to all protocols tcp The set rule only applies to the TCP protocol udp The set rule only applies to the UDP protocol Destination IP Enter the IP to...

Page 157: ...between these two networks This means that you do not have to adapt your entire network addressing scheme Label Description Enable Check the box by clicking it to enable the subsequent settings after...

Page 158: ...on with two routers 19 1 1 The settings for a VPN connection via the IPSec protocol are described below From the start page click VPN in the navigation bar on the left and IPSec in the naviga tion bar...

Page 159: ...the Internet and for requests from clients With a router router connection one of the following op tions for establishing a connection must be selected Connect immediately A connection is established...

Page 160: ...ary if the VPN connection is es tablished via the Internet and natted between the LAN and WAN NAT Network address Translation This setting is generally enabled Permitted network for the cli ent only w...

Page 161: ...must be entered as follows C country ST state L city O organization OU department CN certificate_name E email_address If some fields on the Subject tab were left blank when the certificate was created...

Page 162: ...abel Description Protocol op tions You select the coding algorithms hash total algorithms etc used during the various phases on this tab PFS This setting is only supported for the router router connec...

Page 163: ...dress field The L2TP server then works in a similar way to a DHCP server and can automatically as sign the addresses from the set range to the clients dialing in Label Description Local IP address Th...

Page 164: ...on method here The client keeps sending the username password combination to the host until it ac cepts or rejects authentication of the client Authentication via CHAP Select the authentication method...

Page 165: ...sses the server here Example 123456789 mbNET mymbnet biz or 80 187 33 55 Local IP This entry is optional If the server is not configured to assign an IP address to the client the client can request th...

Page 166: ...es X 509 The following certificate variants are distinguished Each subscriber needs the same root CA and a personal certificate signed by the root CA Like 1 but with additional username password verif...

Page 167: ...ient and mbNET Next select the static key If you have not yet created a static key you can use the key created by mbNET Click Next Clicking Next completes the configuration of the connection Click Fin...

Page 168: ...on in the input field Connection type Select the connection type Client Router Connection via the drop down field Only one client to network connection can be created Depending on the authentication m...

Page 169: ...of the gateway for traffic through the local net work All packets coming into the LAN receive the sender IP ad dress of the mbNET Although this means that it is then no longer possible to distinguish...

Page 170: ...LAN the sender IP address of the mbNET Although this means that it is then no longer possible to distinguish between senders in the LAN the LAN subscribers do NOT have to have the mbNET entered as a g...

Page 171: ...ication To be able to es tablish an Open VPN connection with your mbNET without encryption you just need to delete the after remote Next enter the public IP address of the mbNET the address accessible...

Page 172: ...entering the IP address see arrow Note that you must always use two backslashes in the path name Authenticating a Windows client with certificates Change the indicated options as appropriate to your c...

Page 173: ...of the web interface Then click the Start button for the wizard for VPN connections followed by Next Select Connection between 2 Networks Select the VPN server in the following window and click Next...

Page 174: ...1 0 2 VPN TUNNEL 10 1 0 1 ROUTING 192 168 0 100 If Wait for incoming Connection was selected then this mbNET is in Server Mode and is called Server in the further documentation otherwise if Connect im...

Page 175: ...tunnel end point here e g 10 1 0 1 Local network Enter your network address in CIDR notation here 192 168 0 0 24 Peer network Enter the network address of your peer in CIDR no tation here 192 168 99 0...

Page 176: ...ing these entries Multi client Multiple clients can dial in 19 3 2 2 Tab Label Description Network Settings Client IP address pool With authentication with certificates multiple different clients can...

Page 177: ...s range of the local network in CIDR notation here E g 10 1 0 2 24 Multiple peers with different network addresses can es tablish a VPN Connection yes selected With authentication with certificates an...

Page 178: ...rk Set tings Local IP address Enter the IP address of the local VPN tunnel end point here e g 10 1 0 2 Peer IP address Enter the IP address of the peer VPN tunnel end point here e g 10 1 0 1 Local net...

Page 179: ...o network setting is needed on the client because it is sent to the client by the server Tab Label Description Network Settings Do NAT for all out going traffic This option was introduced for compatib...

Page 180: ...password No authentication 19 3 4 This setting should primarily be used for test purposes It provides a quick and easy way of testing the con nection with a peer e g whether the correct ports are ena...

Page 181: ...key or generate it yourself All imported keys can be downloaded as a copy under Down load Tab Label Description Static Keys Name for this static key Enter the name of the key to be generated here Choo...

Page 182: ...e root CA All other cer tificates must come from this certificate Own Certificate You use this certificate to authenticate yourself to your VPN peer Additional user and pass word verification Addition...

Page 183: ...ates must come from this certificate Own Certificate You use this certificate to authenticate yourself to your VPN peer Additional user and password verification Additional user data may be required f...

Page 184: ...a client di aling in Please note that this user data must be en tered in the VPN server under System User User Enter the user data of the VPN server from the Sys tem User menu here Do not use my own...

Page 185: ...3 3 5 DR05 23 03 2017 Inactivity settings 19 3 8 If the OpenVPN connection is to be started via a digital input or the dial out button the connection is au tomatically dropped after a defined time wi...

Page 186: ...9 If the OpenVPN connection is to be started via a digital input or the dial out button the connec tion is automatically dropped after a defined time without any data traffic OpenVPN offers a range of...

Page 187: ...PN tunnel has not been used for n seconds Ping restart seconds The tunnel is restarted if the VPN peer does not respond to the ping within n seconds or no data packet is received MTU bytes The default...

Page 188: ...ged archives GZIP on an external FTP server at a fixed interval Variables of the type flags times counters inputs outputs data blocks and peripherals can currently be read from an S7 controller via RF...

Page 189: ...Page 189 of 226 Version 3 3 5 DR05 23 03 2017 Configuring the connection 20 1 If using the MPI PROFIBUS interface of the router the RFC1006 protocol must first be activated for this in terface...

Page 190: ...button after entering the data If using the MPI PROFIBUS interface the IP of the router s LAN interface must be entered in the PLC IP ad dress field Otherwise the IP address of the PLC The slot addre...

Page 191: ...BOOL IBy input byte y BYTE IWy input word y WORD IDy input double word y DWORD Oy z output bit y z BOOL OBy output byte y BYTE OWy output word y WORD ODy output double word y DWORD PIy z peripheral i...

Page 192: ...for this The Maximum firewall security setting does not permit the agreement of a dynamic communication port as required during FTP communication between the client and server The router fire wall mus...

Page 193: ...Description of the tag Address Address of the tag Value Value of the tag in the data format which was set at the tag Timestamp Shows the exact time when the tag was readed Valid value Shows if the tag...

Page 194: ...ail address you have spec ified switch two digital outputs independent of each other in the event of a fault when there is an ac tive Internet connection or manually Digital inputs 21 2 Click Alarmman...

Page 195: ...er the email address or phone number to which the industrial router should send the text when the input is activated and the relevant signal level has resulted in the action be ing initiated Up to thr...

Page 196: ...ntable The action number is defined in the Number drop down field There are different actions available depending on device model The E Mail function is available with all devices the SMS option is av...

Page 197: ...not want to evaluate the outputs for possible switching opera tions On with Malfunction Select this setting if the corresponding output of the industrial router is to be set to signal lev el 1 in the...

Page 198: ...nection external connection The IP address is displayed as soon as the router has a physical connection to the network or is assigned a static IP address The number of data packets received and transm...

Page 199: ...ns Shows the physical connections via which the router is connected to other computers Routing Table Shows all routes used Router Listen ing Ports Shows all monitored ports Router Con nections Con nec...

Page 200: ...Page 200 of 226 Version 3 3 5 DR05 23 03 2017 Firewall 22 3 1 At Firmware versions greater then 4 there exists the additional tab Firewall under Status Network IN OUT FORWARD 22 3 1 1...

Page 201: ...Page 201 of 226 Version 3 3 5 DR05 23 03 2017 NAT 22 3 1 2...

Page 202: ...Page 202 of 226 Version 3 3 5 DR05 23 03 2017 Status Modem 22 4 Note Not available at mbNET variants with WLAN...

Page 203: ...of connection and the assigned IP and DNS addresses Modemloggings Shows the commands sent to the modem to initialize it and the status of the connection process The error messages that occur when esta...

Page 204: ...ended to use these buttons unless requested to do so by a member of the support team Information from the last connection Shows the connection time and the number of bytes sent and received during the...

Page 205: ...d to use these buttons unless requested to do so by a member of the sup port team Information from the last connection Shows the connection time and the number of bytes sent and received during the mo...

Page 206: ...IP address Shows the IP address of the DNS server if not assigned by the Internet service provider Systemloggings Shows the individual operations executed by the DNS server Status DynDNS 22 8 Label D...

Page 207: ...tus NTP 22 9 Label Description Date Time UTC Shows the current system time in Universal Time Coordinates UTC Local Date Time Shows the time using the time zone setting Systemloggings Shows all notific...

Page 208: ...outgoing VPN connections of the router An active connection is indicated by a green dot The connection duration and active user are displayed After the connection is disconnected the active connection...

Page 209: ...ote IP address are displayed After the connection is disconnected you can read off the active connection time Clients Shows the outgoing VPN connections of the router An active connection is indicated...

Page 210: ...incoming and outgoing VPN connections of the router An active connection is indicated by a green dot The name local address and peer address are displayed here You can manually connect or disconnect...

Page 211: ...whether name resolution http www mbconnectline de 88 12 12 34 takes place If this function ends in an error message check whether there is a DNS server address under Network DNS in your mbNET or wheth...

Page 212: ...um is integrated in the routers file system and the file system created on the USB storage medium Status Alarmmanagement 22 15 Label Description Input Shows the states at the four inputs The states ar...

Page 213: ...d to establish the cause of errors on the router If for example the ERROR LED on the front is flashing it may be possible to de termine the cause of the error using the log Error loggings Firmware ver...

Page 214: ...Page 214 of 226 Version 3 3 5 DR05 23 03 2017 23 Extras LUA 23 1 You can activate LUA to write and execute LUA scripts...

Page 215: ...fault port for the webserver is 80 But this port is already occupied by the webinterface of the router The default value for the toolbox webserver is port 81 You can access the webserver with http ro...

Page 216: ...ould first back up your configuration Once you have carried out these steps your previous settings will no longer be available 1 Switch on the device 2 Wait until the Rdy LED blinks 3 Press and hold t...

Page 217: ...applicable any associated values Letters can be in uppercase and lowercase Multiple commands can be combined into a command line Example L1M1 N5 Analog modem commands 26 1 B Selects the communication...

Page 218: ...the current setting N Selects the error correction settings AT N0 Error correction switched off AT N1 Transparent transmission of any data widths via the serial interface without data buffering and er...

Page 219: ...ial tone detection enabled Messages OK CONNECTxxx RING NO CARRIER ERROR NO ANSWER and NO DIAL TONE ISDN terminal adapter TA commands 26 2 B Defines the transmission protocol in the B channel ATB0 V 11...

Page 220: ...e page screen Now click on auf den Button Yes really reboot now The restart process takes about 2 minutes Via reset button 27 1 2 Press the Reset button on the mbNET Device This initiates the booting...

Page 221: ...device 2 Wait until the Rdy LED blinks 3 Press and hold the dial out button until the Fc4 TxD2 LED lights up 4 Press the dial out button again Fc3 RxD2 lights up 5 Press the dial out button again Fc2...

Page 222: ...B5 16 Bahamas BS B5 17 Bahrain BH B5 18 Bangladesh BD B5 19 Barbados BB B5 20 Belarus BY B5 21 Belgium BE FD 22 Belize BZ B5 23 Benin BJ B5 24 Bermuda BM B5 25 Bhutan BT B5 26 Bolivia BO B5 27 Bosnia...

Page 223: ...5 64 El Salvador SV B5 65 Equatorial Guinea GQ B5 66 Eritrea ER B5 67 Estonia EE FD 68 Ethiopia ET B5 69 Falkland Islands Malvinas FK B5 70 Faroe Islands FO B5 71 Fiji FJ B5 72 Finland FI FD 73 France...

Page 224: ...ic of KR B5 114 Kuwait KW B5 115 Kyrgyzstan KG B5 116 Lao People s Democratic Republic LA B5 117 Latvia LV FD 118 Lebanon LB B5 119 Lesotho LS B5 120 Liberia LR B5 121 Libyan Arab Jamahiriya LY B5 122...

Page 225: ...PK B5 163 Palau PW B5 164 Panama PA B5 165 Papua New Guinea PG B5 166 Paraguay PY B5 167 Peru PE B5 168 Philippines PH B5 169 Pitcairn PN B5 170 Poland PL FD 171 Portugal PT FD 172 Puerto Rico PR B5...

Page 226: ...nd TH B5 210 Togo TG B5 211 Tokelau TK B5 212 Tonga TO B5 213 Trinidad and Tobago TT B5 214 Tunisia TN B5 215 Turkey TR FD 216 Turkmenistan B5 217 Turks and Caicos Islands TC B5 218 Tuvalu TV B5 219 U...

Reviews:

No comments

Related manuals for mbNET MDH 810

Brand: 3xLogic Pages: 2

Brand: F5 Pages: 2

Brand: F5 Pages: 90

Brand: F5 Pages: 47

Brand: Harmonic Pages: 56

Brand: Matrix Switch Corporation Pages: 61

Brand: Garderos Pages: 23

LinkSmart KW6515

Brand: Kasda Pages: 31

FireWire 800 + Hi-Speed USB Combo

Brand: SIIG Pages: 20

Brand: Jøtul Pages: 20

Brand: ebm-papst Pages: 11

Brand: Glacier Pages: 2

Brand: TP-Link Pages: 131

Brand: Omron Pages: 6

Brand: NCR Pages: 15

Brand: Xenteq Pages: 16

Brand: Maxtor Pages: 2

BiPAC 5200S RC Series

Brand: Billion Pages: 79

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands