manualshive.com logo in svg

MDS Orbit MCR-4G, Technical Manual

The MDS Orbit MCR-4G technical manual is available for free download on our website. This comprehensive manual provides detailed instructions on how to operate and maintain your MDS Orbit MCR-4G device. Ensure top performance by accessing the manual at manualshive.com.

Share
Download
background image

116

MDS Orbit MCR-4G Technical Manual

MDS 05-6628A01, Rev. B

7.0  APPENDIX C – INTEGRITY MEASUREMENT 

AUTHORITY (IMA)

Understanding

The MCR supports the integrity measurement and attestation architecture as described by Trusted 
Network Connect (TNC) specifications, jointly developed and published by Trusted Computing Group 
(TCG) and IETF NEA working group.

The MCR establishes secure IPsec VPN connection with the VPN gateway via mutual authentication 
based on certificates or pre-shared secrets. The TNC architecture adds the ability to measure, report 
and verify the security state of the MCR (e.g. integrity of critical system configuration file) as a part of 
IPsec VPN authentication and authorization process.

MCR supports TNCCS 2.0 protocol and subset of TCG’s Platform trust Service (PTS). The MCR supports 
only file measurement capability of the PTS protocol. Also, only measurements for following files are 
supported:

1.

/tmp/system.config

 - This file includes all current system configuration. 

2.

/etc/tnc_config

Once the unit has been configured, the hash (sha256 or sha385) of system configuration file can be 
obtained via CLI (locally or remotely) and loaded into the Integrity Measurement Authority (IMA) 
database. 

Typically, integrity measurement and attestation happens automatically as part of IPsec VPN “data” 
connection establishment using EAP-TTLS method (and EAP-TNC authentication within it) as 
instructed by the VPN-gateway. However, MCR also supports an out-of-band IMA connection, where 
the unit connects to a separate IMA server not to pass data but just to perform integrity measurement 
and attestation. The IMA server, in such a setup, can then publish the unit’s “health” information to the 
VPN server that is terminating the actual data connections. This allows VPN server to enforce 
permit/deny policy for incoming VPN data connections from the unit.

Configuring

The out of band IMA configuration is exactly similar to VPN configuration described in VPN section 
except that the IPsec connection is designated specifically as out-of-band IMA connection and local 
and remote ip subnet are all set 0.0.0.0/0 as shown below:

admin@(none) 21:51:32> admin@(none) 19:33:29% set services vpn ipsec connections connection 
IMA-CONN-1 is-out-of-band-ima true

admin@(none) 21:51:32> admin@(none) 19:33:29% set services vpn ipsec connections connection 
IMA-CONN-1 local-ip-subnet 0.0.0.0/0

admin@(none) 21:51:32> admin@(none) 19:33:29% set services vpn ipsec connections connection 
IMA-CONN-1 remote-ip-subnet 0.0.0.0/0

Summary of Contents for Orbit MCR-4G

Page 1: ...Installation and Operation Guide Technical Manual MDS 05 6628A01 Rev B Preliminary AUGUST 2013 MDSTM Orbit MCR 4G Managed Connected Router 4G and WiFi...

Page 2: ...Quick Start instructions for this product are contained in publication 05 6702A01 Visit our website for downloadable copies of all documentation at www gemds com...

Page 3: ...10 Accessories and Spares 12 3 0 Device Management 13 3 1 Connecting a PC 13 Differences Between Serial SSH 13 Establishing Communication Serial Interface 13 Setting Basic Parameters First Steps 14 On...

Page 4: ...reserves its right to correct any errors and omissions in this publi cation RF Safety Notice English and French Concentrated energy from a directional antenna may pose a health hazard to humans Do no...

Page 5: ...s complies with Canadian ICES 003 Cet appareil num rique de la classe A est conforme la norme NMB 003 du Canada Operational Safety Notices The MDS Orbit MCR 4G may not be used in an environment where...

Page 6: ...l radio module only is CE marked and compliant with the RTTE directive Other configurations will be added for EU use in future releases Servicing Precautions No user serviceable parts are contained in...

Page 7: ...are marked with a symbol which may include lettering to indicate cadmium Cd lead Pb or mercury Hg For proper recycling return the battery to your supplier or to a designated collection point For more...

Page 8: ...use of the transceiver in hazardous locations and may void the approval A power connector with screw type retaining screws as supplied by GE MDS must be used Do not disconnect equipment unless power...

Page 9: ...communications network to meet geographic and industry specific challenges Information on other GE MDS products can be found by visiting our website at www gemds com 1 1 About This Manual This manual...

Page 10: ...will be shown with non bolded italicized text contained within the string Such text indicates the need for user supplied parameters such as the name of an item For example set interfaces interface myB...

Page 11: ...ces provide local connections while a cellular interface provides access to public carrier networks User interface Multiple user interfaces are provided for configuration and monitoring of the unit Th...

Page 12: ...it s front panel connectors and indicators These items are referenced in the text that follows The unit s LED Indicator Panel is described in Table 4 on Page 8 Figure 3 Connectors and Indicators 2E1S...

Page 13: ...rts This is a standard RJ 45 jack and features MDIX auto sensing capability allowing straight through or crossover cables to be used Connecting to the unit via SSH supports device management and provi...

Page 14: ...is hardwired as a DCE device Supported data formats for the COM port are 8N1 8 char bits no parity 1 stop bit Default setting 8N2 8 char bits no parity 2 stop bits 8O1 8 char bits odd parity 1 stop bi...

Page 15: ...vides for MIMO receive operation diversity with standard for 4G mod ules improving signal quality in many installations In general both antennas should always be used for cellular operation The GE MDS...

Page 16: ...tatus Indicators The LEDs on the unit provide visual indications of the status of the device as fol lows Figure 6 LED Status Indicators Table 4 Description of LED Status Indicators NOTE In addition to...

Page 17: ...uilding Bond the protector to the tower ground if possible All grounds and cabling must comply with applicable codes and regulations One source for lightning protection products may be found online at...

Page 18: ...s obtained when mounting antennas remotely using low loss coaxial cable Antennas mounted in close proximity to each other can couple signals between them and desensitize the RF module When placing the...

Page 19: ...onfiguration works well for indoor applications in equipment closets for more permanent use Outdoor use case External enclosures If the system is going to be installed in a weather tight enclosure and...

Page 20: ...ies Ancillary Items Item Description Part Number DC Power Plug 2 pin polarized Mates with power connector on the unit s case Screw terminals are provided for wires threaded locking screws to prevent a...

Page 21: ...COM port SSH uses an Ethernet PC connection to the radio s ETH port Maximum recommended cable length for a serial connection is 50 feet 15 meters SSH can be connected to the radio from any network po...

Page 22: ...default password admin and press Otherwise enter the saved password at the Password prompt Before placing the unit in final service it is recommended that the default password be changed to ensure th...

Page 23: ...st system recovery one time passwords create function selected function A one time password is automatically generated and displayed on the screen Copy this password and save it in the desired locatio...

Page 24: ...interfaces interface Wi Fi wifi config mode access point 2 set interfaces interface Wi Fi wifi config mode access point ap config ap GEMDS_ SERNUM broad cast ssid true privacy mode wpa2 personal psk c...

Page 25: ...y using details option on the CLI The show command can be used to view configuration data Notice the information displayed is different depending on which mode the CLI is in Operational or Configuarti...

Page 26: ...configuration mode private ok 2012 06 20 04 51 07 edit admin none 04 51 07 Step 3 Change the device name by typing in the following followed by enter set system name Device539 admin none 05 31 14 set...

Page 27: ...nterface myBridge bridge settings members port ETH1 Remove an interface from a bridge delete interfaces interface myBridge bridge settings members port ETH1 View WiFi settings show configuration inter...

Page 28: ...myssid 5 set interfaces interface myBridge ipv4 address 192 168 1 21 prefix length 24 6 set services dhcp enabled true v4subnet 192 168 1 0 24 domain name gemds range start 192 168 1 10 range end 192...

Page 29: ...sical interface Wi Fi wifi config mode access point ap config ap myssid 2 set interfaces interface myBridge virtual type bridge 3 set interfaces interface myBridge bridge settings members port ETH1 4...

Page 30: ...ice via UDP Invisible place holder Figure 13 Example 3 Unit Providing Connectivity to Serial Based SCADA Device via UDP The following commands will configure the MCR 4G 2 for this scenario 1 set inter...

Page 31: ...2 168 1 21 prefix length 24 4 set interfaces interface Cell physical interface Cell enabled true 5 set services firewall enabled true 6 set services firewall filter IN_UNTRUSTED 7 set services firewal...

Page 32: ...et services firewall nat source rule set MASQ 16 set services firewall nat source rule set MASQ rule 1 source nat interface 17 set services interfaces interface Cell nat source MASQ 3 4 Operational To...

Page 33: ...min none 00 04 43 set services serial console serial ports COM1 COM2 ok 2012 06 19 00 04 57 edit admin none 00 04 59 set services serial ports COM2 baud rate b19200 ok 2012 06 19 00 05 28 edit admin n...

Page 34: ...ribed below in a separate section Static or dynamic IP addressing DHCP for each interface Bridging Firewall Routing VPN Configuring See each individual section for details about configuring the LAN Ce...

Page 35: ...Entering configuration mode private ok 2012 06 20 06 03 54 admin none 06 04 45 set interfaces interface ETH1 ipv4 address 192 168 1 11 prefix length 24 ok 2012 06 20 06 05 01 edit admin none 06 05 01...

Page 36: ...0 status counters rx_errors 0 status counters rx_fifo_errors 0 status counters rx_frame_errors 0 status counters rx_length_errors 0 status counters rx_missed_errors 0 status counters rx_packets 8859 s...

Page 37: ...issuing these commands two bridges are created internally which are background operations hidden from the user In this case the two bridges are br_vlan99 and br_vlan300 When an interface is specified...

Page 38: ...false keep alive address host name or address interval host name or address Access Point Name APN After MCR has registered on the cellular network it sets up the IP data connection with a specific Pa...

Page 39: ...e as follows 4G Operation Default programming set interfaces interface Cell cell config service recovery lte recovery true commit 3G Operation Turn off the LTE Recovery Mode to allow continual 3G mode...

Page 40: ...61 ok 2013 01 18 16 23 38 Determining the Cell Module s IMSI IMEI When provisioning the cell module for network service the cellular provider typically requires the Interna tional Mobile Subscriber Id...

Page 41: ...d be used only to test connectivity 2 WPA2 CCMP AES Encryption This mode should be used if all client devices support WPA2 CCMP 3 Encryption TKIP Encryption This mode should be used if there is mix of...

Page 42: ...dmin none 00 19 02 set interfaces interface Wi Fi wifi config ap config privacy mode wpa2 per sonal psk config psk somepassphrase ok 2012 06 19 00 26 51 edit admin none 00 26 51 show interfaces interf...

Page 43: ...cmp tkip key mgmt wpa psk psk somepassphrase ok 2012 06 19 00 27 01 edit admin none 00 27 01 commit Commit complete Other configuration The following configures the device to broadcast its ssid suppor...

Page 44: ...k 2012 06 19 00 43 34 edit admin none 00 43 34 commit Commit complete Monitoring Ensure the CLI is in Operational mode Access Point Mode The following shows status with two stations connected Note tha...

Page 45: ...dmin none 00 52 24 show interfaces interface Wi Fi wifi status wifi status mode Station wifi status ssid somessid wifi status privacy wifi status channel 6 wifi status tx power 15 wifi status bssinfo...

Page 46: ...WiFi are not directed out the LAN connection and vice versa The bridged network is addressable via bridge interface a virtual interface The interfaces that are in the bridge are called bridged interf...

Page 47: ...rfaces interface myBridge bridge settings members port ETH1 Adding WiFi interface to the bridge Access Point admin none 00 06 20 set interfaces interface myBridge bridge settings members wifi ap myssi...

Page 48: ...ounters rx_frame_errors 0 status counters rx_length_errors 0 status counters rx_missed_errors 0 status counters rx_packets 151306 status counters rx_over_errors 0 status counters tx_aborted_errors 0 s...

Page 49: ...oute 1 dest prefix 0 0 0 0 0 next hop 192 168 1 10 route 2 dest prefix 10 2 3 1 32 next hop 192 168 1 9 ok 2012 06 19 00 05 01 edit admin none 00 05 01 Monitoring Ensure the CLI is in operational mode...

Page 50: ...erminating at MCR For example device man agement traffic using SSH or NETCONF protocol terminating at local device management process within the MCR unit Invisible place holder Figure 16 Packets Termi...

Page 51: ...t of one or more rules Each rule consists of two parts Matching criteria that a packet must satisfy for the rule to be applied Matching criteria consists of various parameters like protocol source des...

Page 52: ...ion on MCR involves following high level steps 1 Create a filter decide on default policy of the filter For example there are usually two ways to organize a filter a Create a restrictive filter i e th...

Page 53: ...S NTP and IKE to allow IPsec connection setup admin none 19 33 20 set services firewall filter IN_UNTRUSTED rule 2 match protocol udp src port services dns ike ntp admin none 19 33 20 set services fir...

Page 54: ...all traffic Later on if needed this filter can be enhanced to deny certain traffic from getting out of the cellular interface admin none 19 33 20 set services firewall filter OUT_UNTRUSTED rule 10 ma...

Page 55: ...ar to have originated from a single IP address the ip address of the public interface of the MCR typically cellular interface from HOST B s point of view To allow return IP traffic for UDP TCP connect...

Page 56: ...3 Create rule for masquerading admin none 19 33 20 set services firewall nat source rule set MASQ rule 1 source nat interface 4 Apply this source NAT rule set to cellular interface admin none 19 33 2...

Page 57: ...me rule id match protocol udp tcp src address network prefix dst address network prefix dst port unit16 destination nat address ip address port unit16 interfaces interface name nat destination name De...

Page 58: ...le set IO_SERVICES 3 Create rule for port forwarding Modbus TCP traffic coming into cellular interface on port 512 to port 5512 on private HOST 1 admin none 19 33 20 set services firewall nat destinat...

Page 59: ...llows PC 192 168 2 2 to communicate with remote Ethernet device 192 168 1 2 using any TCP UDP IP based protocol and vice versa IPsec Internet Protocol Security is a set of protocols defined by the IET...

Page 60: ...ifetime This allows for the IPsec connection to be re keyed simply by performing another phase 2 negotiation Configuring VPN VPN Configuration Hierarchy NOTE The configuration parameters shown here ar...

Page 61: ...and applied to the cellular interface The IN_UNTRUSTED and OUT_UNTRUSTED filters should be applied to incoming and outgoing traffic respectively filter IN_UNTRUSTED rule 1 match protocol udp src port...

Page 62: ...be included in the proposal during IKE phase 2 4 Configure an IPsec connection specifying IKE peer IPsec policy local and remote private IP subnets NOTE The above configuration parameters should matc...

Page 63: ...Group DH 14 group 14 modp2048 admin none 19 33 29 set services vpn ike policies policy IKE POLICY 1 ciphersuites ciphersuite AES256_CBC SHA256 DH14 encryption algo aes 256 cbc admin none 19 33 29 set...

Page 64: ...NN 1 ipsec policy IPSEC POLICY 1 admin none 19 33 29 set services vpn ipsec connections connection VPN GWY CONN 1 local ip subnet 192 168 1 0 24 admin none 19 33 29 set services vpn ipsec connections...

Page 65: ...vice and PC admin none 20 41 32 ping 192 168 2 1 PING 192 168 1 2 192 168 2 1 56 84 bytes of data 64 bytes from 192 168 2 1 icmp_req 1 ttl 63 time 389 ms 64 bytes from 192 168 2 1 icmp_req 2 ttl 63 ti...

Page 66: ...nitoring Ensure the CLI is in operational mode Follow the example below to view the state and statistics The ping utility can be used on the CLI when it is in operational mode to verify that DNS is wo...

Page 67: ...the unit s interfaces eth0 or br0 if eth0 is bridged must be configured with an IP address from this subnet admin none 04 18 26 set services dhcp v4subnet 192 168 0 0 16 domain name gemds range start...

Page 68: ...dpoint then traffic from the COM port is sent to the remote host at the specified port in UDP packets Likewise traffic sent to the UDP port of the unit is forwarded out the COM port Since UDP is state...

Page 69: ...perational mode Follow the example below to view the state and statistics admin none 22 03 06 show services serial SERIAL SERIAL SERIAL SERIAL SERIAL IP TX IP TX IP RX IP RX TX TX RX RX PORT PACKETS B...

Page 70: ...e following shows how to enable iperf service admin none 22 04 32 set services iperf enabled true admin none 22 04 32 commit NOTE If firewall is enabled then it must be configured to permit incoming T...

Page 71: ...the date and time use the request set current datetime admin none 18 18 58 request system clock set set current datetime current datetime time To use an NTP server an NTP server must be configured on...

Page 72: ...geographical location of the unit can be configured as shown below admin none 00 50 46 set system geographical location altitude 1 0 latitude 43 117807 longitude 77 611896 ok 2012 06 19 00 56 00 edit...

Page 73: ...sed encryption The user authentication can be done using locally stored passwords or via RADIUS Configuring The password for each user account can be changed using a request admin none 01 04 19 reques...

Page 74: ...tice event type console_login status success message user_name oper logging event log 62627 time stamp 2011 12 21T01 23 00 288046 00 00 priority notice event type console_login status failure message...

Page 75: ...ns that can occur in succession before the unit disables the ability to login for a specified amount of time The amount of time is determined by failed login lockout time which represents the time in...

Page 76: ...ssful response is received A RADIUS server must be configured to provide the user s authentication group in its authentication reply via a GE MDS vendor attribute This can be configured in freeradius...

Page 77: ...dles for debugging Configuring The following shows how to add a file server configuration named GE File Server 1 admin none 05 11 42 set file servers GE_file_server_1tftp address 192 168 1 2 admin non...

Page 78: ...the last SCEP operation initiated delete cacert Delete identified CA certificate delete clientcert Delete identified Client certificate delete firmware cert Delete identified certificate delete priv...

Page 79: ...manual file server tftp address 192 168 1 2 file name der2048 priv key key identity ex_key_1 is valid true ok 2012 06 19 00 36 27 admin none 00 36 27 show pki KEY KEY IDENTITY LENGTH KEY DATE TIME ex...

Page 80: ...ration of the Certificate Authority that will be accessed at the above server is setup in a second command in certmgr under ca servers admin none 03 05 56 set pki ca servers ca server ex_ca_serv ca id...

Page 81: ...ple admin none 06 37 30 config Entering configuration mode private ok 2012 06 23 06 37 32 edit admin none 06 37 32 set pki cert info certificate info my_ca_serv organization x509 GE MDS LLC org unit x...

Page 82: ...he CA server and an added extension Some of the names that may be added are _ENC encryption file _SGN signing file _ISS issuing file _INT intermediate file The second step is to request a client cert...

Page 83: ...ed cert it is not necessary to also call out this same key as the self key Here is a renewal request formed accordingly admin none 02 03 49 request pki get clientcert scep cert server name ex_scep_ser...

Page 84: ...cert delete cert delete firmware certificate delete priv key Here is an example of deleting the private key we have moved beyond when we re keyed the client certificate in the last step admin none 06...

Page 85: ...tics admin none 01 03 45 show pki KEY KEY IDENTITY LENGTH KEY DATE TIME test_priv_key 1024 2012 06 19T00 05 23Z CACERT IDENTITY test_ca_cert test_ca_cert_INT test_ca_cert_ISS CERT IDENTITY test_client...

Page 86: ...tions The events generated by the unit are converted to NETCONF notifications NETCONF clients can subscribe to the unit to receive those notifications Syslog The events generated by the unit can be se...

Page 87: ...ning tool NOTE Any additional signatures added to a firmware package will require the corresponding public certificates to be loaded into the unit for firmware reprogramming to complete successfully S...

Page 88: ...size 36005116 system firmware reprogramming status bytes transferred 7455744 system firmware reprogramming status percent complete 20 admin none 03 55 43 show system firmware reprogramming status sys...

Page 89: ...e via cellular interface admin none 22 14 57 request system support generate support package filename debug 2013 01 24 tgz manual file server ftp address 192 168 1 2 username xyz password xyz The MCR...

Page 90: ...edded LEDs A yellow indi cates a link at 100 Mbps operation A flashing green indicates Ethernet data traffic LED Name LED State Description PWR DC Power Off Solid Green Solid Amber Fast Blink Red 1x s...

Page 91: ...2MV1 Cell 3229B E362 Specifications subject to change without notice or obligation 4 4 Glossary of Terms Abbreviations If you are new to wireless communications systems some of the terms used in this...

Page 92: ...Terminal Equipment A device that provides data in the form of digital signals at its output DTE connects to the DCE device ETH Ethernet Fade Margin The greatest tolerable reduction in average received...

Page 93: ...Enrollment Protocol A scalable protocol for networks based on digital certifi cates which can be requested by users without the need for assistance or manual intervention from a system administrator S...

Page 94: ...d string rw port uint16 rw timeout uint32 ftp rw ftp rw address string rw username string rw password string rw control port uint16 rw data port uint16 rw timeout uint32 http rw http rw address string...

Page 95: ...s yang phys address rw mdsif dhcp rw mdsif client identifier string rw mdsif retry interval uint16 ro mdsif current address ip ro mdsif ip inet ipv4 address no zone ro mdsif prefix length uint8 rw ip...

Page 96: ...i ca cert id string rw mds_wifi ap config rw mds_wifi ap ssid rw mds_wifi ssid string rw mds_wifi broadcast ssid boolean rw mds_wifi station max uint32 rw mds_wifi station timeout uint32 rw mds_wifi b...

Page 97: ...ds_wifi txbitrate uint16 ro mds_wifi txbytes uint32 ro mds_wifi txpackets uint32 ro mds_wifi txfailed uint32 ro mds_wifi txretries uint32 rw mds_vlan vlan config rw mds_vlan vlan id vlan id rw mds_vla...

Page 98: ...ll lte recovery boolean rw mds cell lte recovery interval uint16 ro mds cell cell status ro mds cell imsi display string ro mds cell imei display string ro mds cell iccid display string ro mds cell md...

Page 99: ...t leafref rw fire nat rw fire source leafref rw fire destination leafref rw mdsif physical interface name rw mdsif name string rw mdsif type identityref rw mdsif system name string rw logging rw event...

Page 100: ...w certmgr servers encrypt algo cm certmgr enc algo rw cert info rw certificate info certificate info identity rw certificate info identity string rw country x509 string rw state x509 string rw locale...

Page 101: ...utc offset rw timezone utc offset int16 rw mdssys set rw ntp rw use ntp boolean rw ntp server address rw association type enumeration rw address inet host rw enabled boolean rw iburst boolean rw pref...

Page 102: ...rw mdssys user authentication type identityref rw mdssys options rw mdssys timeout uint8 rw mdssys attempts uint8 rw mdssys firmware ro mdssys versions location ro mdssys location uint8 ro mdssys vers...

Page 103: ...status status_type ro mdssys date created string ro mdssys date revoked string ro mdssys user string ro mdssys uptime ro mdssys seconds uint32 ro mdssys text string ro processes job_id ro job_id int3...

Page 104: ...inet ipv4 address rw dhcp domain name servers inet ipv4 address rw dhcp domain name inet domain name rw dhcp ntp servers inet host rw dhcp netbios name servers inet host rw dhcp v6subnet subnet mask r...

Page 105: ...2 ro serial ip rx packets uint32 ro serial ip rx bytes uint32 ro serial serial tx packets uint32 ro serial serial tx bytes uint32 ro serial serial rx packets uint32 ro serial serial rx bytes uint32 rw...

Page 106: ...fire nat rw fire source rw fire rule set name rw fire name sec word string rw fire rule id rw fire id uint32 rw fire match rw fire src address inet ipv4 prefix rw fire dst address inet ipv4 prefix rw...

Page 107: ...rw vpn version ike version rw vpn mode ike v1 mode rw vpn auth method ike auth method rw vpn pre shared key string rw vpn pki rw vpn cert type enumeration rw vpn cert id string rw vpn key id string r...

Page 108: ...w vpn dpd interval uint16 rw vpn ipsec rw vpn policy name rw vpn name sec word string rw vpn ciphersuite name rw vpn name sec word string rw vpn encryption algo encryption algo rw vpn mac algo mac alg...

Page 109: ...port inet port number rw web ipv4 bind ips leafref rw web ipv6 bind ips leafref rw web tls certificate string rw web tls priv key string ro watchdog status ro slab uint32 ro slab high watermark uint32...

Page 110: ...ng will still be pending at that point This gives the user the opportunity to discard the changes or to modify them and then try to commit them again Inputting values The format for each node in the d...

Page 111: ...ready typed tab completion will display different possible completions When the tab key is pressed and no text has been typed the CLI shows all of the possible commands that can be typed as shown belo...

Page 112: ...ting Routing parameters services Services which are configurable on this system system System group configuration admin none 01 06 49 set When the tab is key is pressed after the name of a data node t...

Page 113: ...is mandatory and yet it was not supplied in the initial request admin none 00 09 38 request system firmware reprogram inactive image preconfigured file server configuration_name fs1 Value for filename...

Page 114: ...ds can be chained to achieve more complex processing admin none 17 20 27 show configuration Possible completions annotation Show only statements whose annotation matches a pattern count Count the numb...

Page 115: ...supported interfaces bridge true interfaces interface eth0 if index 2 status mac address 1e ed 19 27 1a b3 status mtu 1500 status link up status ipv4 address 192 168 1 10 24 status ipv6 address fe80...

Page 116: ...d uid 1000 gid 100 uid 1000 gid 100 uid 1000 gid 100 uid 1000 gid 100 Display line numbers The linnum target causes a line number to be displayed at the beginning of each line in the display admin io...

Page 117: ...ete or Backspace Delete the character following the cursor Ctrl d Delete all characters from the cursor to the end of the line Ctrl k Delete the whole line Ctrl u or Ctrl x Delete the word before the...

Page 118: ...command Configure private exclusive shared Enter configure mode The default is private Private Edit private copy of running configuration Exclusive Lock and edit candidate configuration Shared Edit ca...

Page 119: ...stem platform machine armv7l system platform nodename none system clock current datetime 2012 06 19T01 25 05 00 00 system clock boot datetime 2012 06 19T00 00 34 00 00 system support support transfer...

Page 120: ...s configuration and any nodes that assumed a default value admin none 16 28 52 show configuration interfaces interface ETH1 details type ethernetCsmacd enabled true ipv4 enabled true ip forwarding fa...

Page 121: ...e compare command Differences will be annotated with removed and added If the brief option is specified then only the differences will be shown tag add statement tag Add a tag to a configuration state...

Page 122: ...les persist id id If a prior confirming commit operation has been performed with the persist argument then to modify the ongoing confirming commit process the persist id argument needs to be supplied...

Page 123: ...n mode of the CLI Reverting the changes can be done using the revert command rollback number Return the configuration to a previously committed configuration The system stores a limited number of old...

Page 124: ...ded into the Integrity Measurement Authority IMA database Typically integrity measurement and attestation happens automatically as part of IPsec VPN data connection establishment using EAP TTLS method...

Page 125: ...ocal ip subnet 192 168 1 0 24 remote ip subnet 192 168 2 0 16 failure retry interval 1 IMA CONN 1 is used for attestation and VPN GWY CONN 1 is used for VPN data connection If more than one IPsec conn...

Page 126: ...re reason none last timestamp 2013 01 18T21 24 26 00 00 ima evaluation non compliant major ima recommendation Quarantined ok 2013 01 18 22 13 20 Once it is determined through event logs that the confi...

Page 127: ...s and field value types used to represent common event data Selected fields and value types become associated with properties of a specific event instance CEE Event Schema defines the structure of an...

Page 128: ...cond resolution whereas the CEE timestamps have microsecond resolution with full year RFC 5424 4 Syslog messages do include the year and support for microsecond resolution 2 Syslog timestamps reflect...

Page 129: ...ce_name eth0 profile http gemds com cee_profile 1 0beta1 xsd DHCP Response from server assigning the IP 192 168 2 3 cee host stout pname my_appname time 2012 08 22T11 20 10 559748 04 00 action request...

Page 130: ...ure the unit with a server to which events will be sent admin none 03 58 13 set logging syslog server my_syslog_server ip 192 168 1 1 port 1999 pro tocol tls version RFC5424 tls options tls ca certifi...

Page 131: ...of the certificate information to aide lookup of the appropriate public key during signature verification infile The filepath for package file input outfile The filepath for signed package file output...

Page 132: ...downloaded by users from GE MDS websites ge_pubcert pem is the public certificate provided by GE MDS that is used to verify that the signed packaged is authentic The GE MDS public certificate will ty...

Page 133: ...MDS 05 6628A01 Rev B MDS Orbit MCR 4G Technical Manual 125 Signature 2 validation was successful Signature 1 validation was successful...

Page 134: ...of the equipment in which the SIM card will be used The IMEI can be found by logging into the device and entering the following command admin none 00 20 44 show interfaces interface Cell cell status i...

Page 135: ...EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DAT...

Page 136: ...1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice...

Page 137: ...by Eric Young eay cryptsoft com This product includes software written by Tim Hudson tjh cryptsoft com Original SSLeay License Copyright C 1995 1998 Eric Young eay cryptsoft com All rights reserved Th...

Page 138: ...edgement This product includes software written by Tim Hudson tjh cryptsoft com THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMP...

Page 139: ...ou to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a...

Page 140: ...arranty protection in exchange for a fee 2 You may modify your copy or copies of the Program or any portion of it thus forming a work based on the Program and copy and distribute such modifications or...

Page 141: ...nformation you received as to the offer to distribute corresponding source code This alternative is allowed only for noncommercial distribution and only if you received the program in object code or e...

Page 142: ...if a patent license would not permit royalty free redistribution of the Program by all those who receive copies directly or indirectly through you then the only way you could satisfy both it and this...

Page 143: ...free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR...

Page 144: ...136 MDS Orbit MCR 4G Technical Manual MDS 05 6628A01 Rev B NOTES...

Page 145: ...MDS 05 6628A01 Rev B MDS Orbit MCR 4G Technical Manual 137 NOTES...

Page 146: ...138 MDS Orbit MCR 4G Technical Manual MDS 05 6628A01 Rev B...

Page 147: ...epaired and returned to you as quickly as possible Please be sure to include the SRO number on the outside of the shipping box and on any corre spondence relating to the repair No equipment will be ac...

Page 148: ...GE MDS LLC Rochester NY 14620 Telephone 1 585 242 9600 FAX 1 585 242 9620 www gemds com 175 Science Parkway...

Reviews:

No comments

Related manuals for Orbit MCR-4G

Panasonic KX-UDS124 Important Information Manual preview
KX-UDS124
Brand: Panasonic Pages: 44
Planet GSW-1602SF User Manual preview
GSW-1602SF
Brand: Planet Pages: 20
ZyXEL Communications P-336M Quick Start Manual preview
P-336M
Brand: ZyXEL Communications Pages: 125
Hornington AirStation WHR-G300N Settings preview
AirStation WHR-G300N
Brand: Hornington Pages: 6
Allnet ALL1682504 Quick Installation preview
ALL1682504
Brand: Allnet Pages: 12
Telebyte 458-LM-E2-36 Quick Start Manual preview
458-LM-E2-36
Brand: Telebyte Pages: 19
Aztech DSL5068EN(1T1R) User Manual preview
DSL5068EN(1T1R)
Brand: Aztech Pages: 40
NETGEAR RP614 v2 Installation Manual preview
RP614 v2
Brand: NETGEAR Pages: 2
Moxa Technologies PT-7710 Series Hardware Installation Manual preview
PT-7710 Series
Brand: Moxa Technologies Pages: 2
B&B Electronics EIP308 Product Information preview
EIP308
Brand: B&B Electronics Pages: 2
Patton DiamondLink 3201 Quick Start Manual preview
DiamondLink 3201
Brand: Patton Pages: 12
Fastech Ezi-SERVOII EtherCAT TO User Manual preview
Ezi-SERVOII EtherCAT TO
Brand: Fastech Pages: 108
Global411 MS41p1 Quick Installation Manual preview
MS41p1
Brand: Global411 Pages: 15
Xyclop XC-4CH-NVR-1TB User Manual preview
XC-4CH-NVR-1TB
Brand: Xyclop Pages: 144
Silvertel Ag102 User Manual preview
Ag102
Brand: Silvertel Pages: 9
Alcatel-Lucent 9364 Installation And Commissioning Manual preview
9364
Brand: Alcatel-Lucent Pages: 60
Allied Telesis AT-AR3050S Installation Manual preview
AT-AR3050S
Brand: Allied Telesis Pages: 80
Conel LR77 v2 SL User Manual preview
LR77 v2 SL
Brand: Conel Pages: 32

Brands by name

Popular brands

Load more brands