RACOM M!DGE2 User Manual Download Page 1

Page: 1 / 189

User manual

M!DGE2

GPRS/UMTS/HSPA+/LTE

router

fw 4.2.x.x

6/11/2019
version 1.2

www.racom.eu

RACOM s.r.o.

| Mirova 1283 |

592 31 Nove Mesto na Morave | Czech Republic

Tel.: +420 722 937 522 | E

-mail: [email protected]

Summary of Contents for M!DGE2

Page 1: ...User manual M DGE2 GPRS UMTS HSPA LTE router fw 4 2 x x 6 11 2019 version 1 2 www racom eu RACOM s r o Mirova 1283 592 31 Nove Mesto na Morave Czech Republic Tel 420 722 937 522 E mail racom racom eu ...

Page 2: ......

Page 3: ...ring up your wireless router 26 5 3 Connecting M DGE to a programming PC 26 5 4 Basic setup 27 6 Installation 28 6 1 Mounting 28 6 2 Antenna mounting 28 6 3 Power supply 28 7 Web Configuration 29 7 1 HOME 29 7 2 INTERFACES 30 7 3 ROUTING 71 7 4 FIREWALL 85 7 5 VPN 90 7 6 SERVICES 102 7 7 SYSTEM 137 7 8 LOGOUT 159 8 Command Line Interface 160 8 1 General usage 161 8 2 Print help 162 8 3 Getting con...

Page 4: ...RJ45 Plug 13 4 4 MicroSIM cards slots 15 4 5 Screw terminal 15 4 6 Reset button 17 4 7 Indication LEDs 18 4 8 Flat bracket 25 4 9 Flat bracket dimensions 25 10 1 EU Declaration of Conformity 178 10 2 EU Declaration of Conformity 181 10 3 Country of Origin declaration 182 List of Tables 4 1 Pin assignment Ethernet interface 13 4 2 Ethernet Port Specification 13 4 3 USB 2 0 Host Port Specification 1...

Page 5: ...delays or losses of data are rare when wireless devices such as the M DGE are used in an appropriate manner within a well constructed network M DGE should not be used in situations where failure to transmit or receive data could result in damage of any kind to the user or any other party including but not limited to personal injury death or loss of property RACOM accepts no liability for damages o...

Page 6: ...etting of IP address of the connected computer By default the DHCP server is enabled thus you can allow the Dynamic Host Configuration Protocol DHCP on your computer to lease an IP address from the M DGE Wait approximately 20 seconds until your computer has received the parameters IP address subnet mask default gateway DNS server As an alternative you can configure a static IP address on your PC e...

Page 7: ...erating system and standard TCP IP communication protocols Thanks to the compact size and versatility of M DGE wireless routers prove indispensable in many SCADA and telemetry as well as POS ATM lottery and security surveillance applications M DGE together with RACOM RipEX radio router offers an unrivalled solution for combining cellular and UHF VHF licensed radios in a single network 1 2 Key feat...

Page 8: ... 1 3 Standards EN 62368 1 2014 Safety Health EN 62311 2008 EN 55032 2015 EMC EN 55035 2017 EN 61000 6 2 2016 EN 61000 6 3 2007 A1 2011 AC 2012 EN 301 489 1 V2 1 1 EN 301 489 3 V2 1 1 EN 301 489 7 V1 3 1 EN 301 489 17 V3 2 0 EN 301 489 24 V1 5 1 EN 301 489 52 V1 1 1 EN 300 328 V2 1 1 RF Spectrum EN 301 511 V9 0 2 EN 301 908 1 V11 1 1 EN 301 908 2 V11 1 1 EN 301 908 13 V11 1 1 M DGE2 GPRS UMTS HSPA ...

Page 9: ...assthrough VLAN management Bridges USB autorun device server Serial port login console device server protocol server SDK Modem bridge Modem emulator Digital I O Routing Section 7 3 ROUTING Static Routing Extended Routing Multipath Routes Multicast BGP OSPF Mobile IP Quality of Service QoS Security Firewall Section 7 4 FIREWALL NAPT Port Forwarding Stateful Inspection Firewall Firewall Virtual Priv...

Page 10: ...iners System Administration Section 7 7 SYSTEM Configuration via Web Manager Configuration via Command Line Interface CLI accessible via Secure Shell SSH and telnet Batch configuration with text files User administration Troubleshooting tools Over the air software update Licensing extra features Keys and certificates HTTPS SSH OpenVPN Legal Notice M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 10 M ...

Page 11: ...S etc devices dynamically upon each connection Please read application note M DGE MG102i Serial SCADA Protocols 1 which describes how to ef ficiently solve this problem using RACOM routers 3 3 Network center In every network the center plays a key role and has to be designed according to customer s require ments Several possible solutions are described in the application note M DGE MG102i Typical ...

Page 12: ... SMA Fig 4 2 Antenna connectors SMA The M DGE router is equipped with two antenna connectors The ANT connector serves as a main antenna connection the AUX connector is auxiliary and serves for better communication with BTS diversity M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 12 Product ...

Page 13: ...Tab 4 2 Ethernet Port Specification Specification Feature 10 100 Mbps Speed TX Mode Automatic MDI MDI X Crossover 4 2 3 USB M DGE uses USB 2 0 Host A interface USB interface is wired as standard Tab 4 3 USB 2 0 Host Port Specification Specification Feature Low Full Hi Speed Speed max 500 mA Current 3 m Max cable length mandatory Cable shield Type A Connector type 13 RACOM s r o M DGE2 GPRS UMTS HS...

Page 14: ...Tab 4 4 USB pin description wire signal USB pin red 5 V 1 white Data 2 green Data 3 black GND 4 M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 14 Product ...

Page 15: ...ning pull the front part of the holder down and then you can open it After inserting of SIM card cropped edge left connectors down close the holder and lock it Important Power off the rourter before inserting the SIM card 4 2 5 Screw terminal Screw terminal plug type Stelvio Kontek CPF5 15 or MRT3P 15V01 can be used Fig 4 5 Screw terminal Screw terminal plug types Phoenix Contact 1847204 MC 1 5 10...

Page 16: ...lay contact normally open DO NO 8 Digital Output isolated Relay common DO COM 9 Digital Output isolated Relay contact normally closed DO NC 10 Tab 4 6 Digital input levels 0 to 3 VDC logical level 0 9 to 32 VDC logical level 1 Note Negative input voltage is not recognised Tab 4 7 Digital output parameters 1 A Maximal continuous current 32 VDC Maximal switching voltage 32 W Maximal switching capaci...

Page 17: ...onnector Use a blunt tool no more than 1 mm in diameter e g a paper clip to press the button The reset button has two functions Reboot the system Press at least 3 seconds to release a system reboot The reboot is indicated with the red blinking STAT LED Factory reset Press at least 10 seconds to release a factory reset The start of the factory reset is confirmed by all LEDs lighting up GREEN for a ...

Page 18: ...up green on VPN VPN connection is being established green blinking VPN connection down off EXT LED indicates the state of the extension interfaces Hint Cellular WWAN signal strength can be indicated green excellent orange medium red weak on off blinking EXT Shows the overall system state This could be derived from health indicators such as all services up and running overall throughput is normal C...

Page 19: ...00 MHz Band 7 2600 MHz Frequency bands A 3G UMTS HSDPA HSUPA Band 5 850 MHz Band 8 900 MHz Band 4 AWS i e 1700 MHz Band 2 1900 MHz Band 1 2100 MHz 2G GSM GPRS EDGE GSM 850 MHz E GSM 900 MHz DCS 1800 MHz PCS 1900 MHz 3G UMTS HSDPA HSUPA Band 5 850 MHz Band 8 900 MHz Band 2 1900 MHz Band 1 2100 MHz Frequency bands U 2G GSM GPRS EDGE GSM 850 MHz E GSM 900 MHz DCS 1800 MHz PCS 1900 MHz 4G LTE 3GPP Rel...

Page 20: ...ctive antenna 3 3 VDC SMA female 72 channel u blox M8 engine GPS QZSS L1 C A GLONASS L10F BeiDou B1I Galileo E1B C SBAS L1 C A WAAS EGNOS MSAS GAGAN GNSS Time pulse option TTL logic 1 pulse s SMA female USB service interface USB host interface supporting memory devices USB type A connector USB2 0 2 micro SIM 3FF SIM 50 Ω Impedance Antenna Interface 2 SMA female supporting MIMO Connector 9 6 28 8 V...

Page 21: ...92 in Dimensions Ca 450g 0 99 lbs Weight CE FCC Type Approval Options Various antennas suitable for your application are available Antennas Flat bracket mounting kit Mounting kit 21 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Product ...

Page 22: ...3G 2G world wide Note P and A are available for high volumes only Slot Proprietary extension slot Possible values N not used C The second RS232 485 1 DI 1 DO Part No M DGE2 HW COM IO signal pin description RS 232 GND non isolated 1 RS 232 RxD non isolated RS485 A Half Duplex 2 RS 232 TxD non isolated RS485 B Half Duplex 3 Digital input Negative signal input isolated to GND 4 Digital input Positive...

Page 23: ...ntly for specific S N anytime later on Possible values M DGE2 LXC Linux container Part No M DGE2 SW LXC SERVER Server clients extension Part No M DGE2 SW SERVER SW key SERVER Default Feature 35 10 DHCP reservations 35 10 Local host names 35 20 NAPT rules 35 20 Firewall rules 15 10 Firewall address groups 25 10 OpenVPN clients 30 10 Static routes yes no DynDNS server Type specific product type for ...

Page 24: ...ive signal input isolated to GND 5 Digital Output isolated Relay contact normally opened 6 Digital Output isolated Relay common 7 Digital Output isolated Relay contact normally closed 8 SW feature keys The SW feature key should be added to a new or running system via adding a license menu SYSTEM Licensing see Section 7 7 7 Licensing LXC Virtualization Linux container LXC Server Licence Enlargement...

Page 25: ...acket Flat bracket Installation bracket for flat mounting For usage details see chapter Mounting and chapter Dimensions Fig 4 8 Flat bracket Fig 4 9 Flat bracket dimensions 25 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Product ...

Page 26: ...outer Switch on your power supply The STAT LED flashes for a few seconds and after 8 seconds it starts blinking to a green light After approximately 30 seconds your router will have booted and will be ready the STAT LED remains shining When the Mobile Connection is enabled the WAN LED starts blinking while connecting to the cellular network the color green orange red represents the signal strength...

Page 27: ...itial M DGE setup f You might check the Configure automatic mobile data connection for automatic WWAN configur ation Manual changes are usually required afterwards Note that Firewall is also enabled with predefined WAN administration ports 5 4 Basic setup The M DGE Web Manager can always be reached via the Ethernet interface After successful setup Web Manager can also be accessed via the mobile in...

Page 28: ... of the deflective effects caused by large metal surfaces elevators machine housings etc close meshed iron constructions and choose the antenna location accordingly Fit the antenna or connect the antenna cable to the ANT connector In external antennas the surge protection of coaxial connection would be required Note Be sure that the antenna was installed according to the recommendation by the ante...

Page 29: ... dashboard during normal operation The highest priority link which has been established successfully will become the so called hotlink which holds the default route for outgoing packets Detailed information about status of each WAN interface is available in a separate window 29 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Web Configuration ...

Page 30: ...e note that each WAN link has to be configured and enabled in order to appear on this page In case a WAN link goes down the system will automatically switch over to the next link in order of priority the priorities can be changed using the arrows on the right side of the window A link can be either established when the switch occurs or permanently to minimize link downtime 1st priority This link w...

Page 31: ...the appropriate Weight In the following example the outgoing traffic will be distributed between LAN2 80 and WWAN1 20 links Note This option is general and applies to all outgoing traffic See Section 7 3 3 Multipath Routes for more detailed configuration We recommend using the permanent option for WAN links However in case of time limited mobile tariffs the switchover option should be used After c...

Page 32: ...e might be situations in which the default 29 disables the communication E g WWAN IP is 10 10 10 6 The connected device obtaines this IP via DHCP and sets the default gateway to 10 10 10 7 but this IP is a broadcast IP within 29 subnet and the communication is not possible If you configure subnet 10 10 10 0 29 manually a default gateway would be 10 10 10 8 in newly created local 28 subnet Example ...

Page 33: ...horitative hosts A link will be declared as down if all trials have failed The link will be considered up again if at least one host is reachable You may further specify an emergency action if no uplink can be established at all Configurable actions are None Restart link services Reboot system 33 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Web Configuration ...

Page 34: ...ting Network Debugging Ping The first response typically takes a longer time than the following ones in cellular networks the Ping timeout should be set to the longer time than with the first response Ping interval Time to wait before sending the next probe Retry interval if ping failed If the first trial fails ping hosts in this modified interval until the ping is successful or the maximum number...

Page 35: ...usually forms the LAN1 interface which should be used for LAN purposes Other interfaces can be used to connect other LAN segments or for configuring a WAN link The LAN10 interface will be available as soon as a pre configured USB Ethernet device has been plugged in e g XA Ethernet USB adapter Port Setup Port Assignment This menu can be used to individual assigning of Ethernet ports to LAN interfac...

Page 36: ...tiation which will configure the link speed automatically to comply with other devices in the network In case of negotiation problems you may assign the modes manually but it has to be ensured that all devices in the network utilize the same settings then M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 36 Web Configuration ...

Page 37: ...e of a remote LAN host must be configured with the same VLAN ID as defined on the router Further 802 1P introduces a pri ority field which influences packet scheduling in the TCP IP stack The following priority levels from the lowest to the highest exist VLAN Priority Levels Parameter Background 0 Best Effort 1 Excellent Effort 2 Critical Applications 3 Video 100 ms latency and jitter 4 Voice 10 m...

Page 38: ...the LAN mode The Alias IP address enables configuring the LAN interface with a second IP address subnet MTU Configure MTU of a given Ethernet interface Note Setting of the IP address is interconnected with the DHCP Server if enabled menu the SERVICES DHCP Server menu M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 38 Web Configuration ...

Page 39: ...preferred protocol when communicating with another WAN access device like a DSL modem Username PPPoE user name to be used for authentication at the access device Password PPPoE password to be used for authentication at the access device Service Name Specifies the service name set of the access concentrat or Leave it blank unless you have many services and need to specify the one you need to connec...

Page 40: ...t registering to a network usually takes some time and depends on signal strength and possible radio interferences You may hit the Update button at any time in order to restart PIN unlocking and trigger another network registration attempt Under some circumstances e g in case the modem flaps between base stations it might be necessary to set a specific service type or assign a fixed operator The l...

Page 41: ...se of different settings The default option is automatic in areas with interfering base stations you can force a specific type e g 3G only in order to prevent any flapping between the stations around Registration mode The default option is set to all networks You can limit the modem registration to packet switched only e g no Dial in Server or circuit switched only option which can be for example ...

Page 42: ...interface Preferred service The preferred service type Please note that these settings supersede the general SIM based settings as soon as the link is being dialed Generally the connection settings are derived automatically as soon as the modem has been registered and the network provider has been found in our database Otherwise it will be required to configure the following settings Phone number ...

Page 43: ...me network Negotiate DNS Specifies whether the DNS negotiation should be performed and the retrieved name servers should be applied to the system Call to ISDN This option must be enabled in case of 2G connections talking to an ISDN modem Header compression Enables or disables Van Jacobson TCP IP Header Compression for PPP based connections This feature will improve TCP IP per formance over slow se...

Page 44: ...able with without local interfaces or disable software bridges If you need an interface in the local system you need to define an IP address for the local device IP Address IP address of the local interface available only if Enabled with local interface was selected Netmask Netmask of the local interface available only if Enabled with local inter face was selected MTU Optional MTU size for the loc...

Page 45: ...g always enabled Click on the Refresh button in the tab Devices for displaying connected USB devices and add them with by clicking on the plus sign Autorun This feature can be used to automatically perform a software config update as soon as an USB storage stick has been plugged in Following files must exist in the root directory of a FAT16 32 formatted stick For authentication autorun key For a s...

Page 46: ...se your admin password differs if applied to multiple M DGE routers For new devices with an empty password the hash key e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 can be used The hash keys can be generated by running the command echo n admin password sha256sum on a Linux system or an Internet hash key generator search for sha 256 hash calculator 7 2 6 Serial Port The serial p...

Page 47: ...ork See the details below Modem bridge Direct connection between the LTE modem tty and the serial interface Modem emulator Replacement for legacy dial in dial out connections based on analog or GSM modems AT commands support Protocol server Special implementation of various serial protocols like Modbus IEC101 DNP3 See the details below SDK This option enables controlling the serial interface via t...

Page 48: ...s the number of stop bits used to indicate the end of a frame Software flow control In XON XOFF software flow control either end can send a stop XOFF or start XON character to the other end to control the rate of incoming data Hardware flow control While 3 wired connection is used with M DGE hardware flow control is not available Server Configuration Telnet or TCP raw Protocol on IP port Port The ...

Page 49: ... IP address Important The UDP Device Server functionality has been moved into SDK only The required script for this functionality can be provided on demand Modem bridge Direct connection between the LTE modem tty and the serial interface e g for dial in connections to Metering unit Configure the RS232 as required and choose the mobile modem required 49 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router ...

Page 50: ...hile 3 wired connection is used with M DGE hardware flow control is not available Port Any incoming connection will be received on the Port configured This Port needs to be allowed keep this in mind for Firewall configurations The Phonebook configuration will keep the aliases of any Phone numbers so that you do not need to reconfigure your device and can use the original addressing scheme Number R...

Page 51: ...to 1400 bytes Idle size Received frames on COM are closed when the gap between bytes is longer than the Idle value This parameter defines the maximum gap in milliseconds in the received data stream If the gap exceeds this value the link is considered idle the received frame is closed and forwarded to the network The default Idle size differs based on the serial baud rate configuration Remember tha...

Page 52: ...o the M DGE router processed there and are forwarded as unicasts through the mobile network to their destination When the gateway defined in the Routing table belongs to the Ethernet LAN UDP datagrams are instead forwarded to the Ethernet interface After reaching the gateway the datagram is forwarded according to the Routing table When the UDP datagram reaches its final IP destination it should be...

Page 53: ... is currently implemented The parameters described in this section are typical of most protocols There is only a link to them in description of the respective Protocol Mode of Connected device List box Master Slave Default Master The typical SCADA application follows the Master Slave scheme where the structure of the message is different for the Master and Slave SCADA units Because of that it is n...

Page 54: ...tion between the Protocol address and the IP address UDP port pair has to be done It can be done either via Table or Mask Hence a SCADA message received from the serial interface is encapsulated into a UDP IP data gram where the destination IP address and the destination UDP port are defined according to the settings of the Address translation Mask Translation using the Mask is simpler to set howe...

Page 55: ...gth can be 1 byte but for the DNP3 and UNI protocols support 2 bytes addresses IP The IP address to which Protocol address will be translated This IP address is used as the destination IP address in the UDP datagram in which serial SCADA packet received from COM is encapsulated UDP port Interface This is the UDP port number which is used as the destination UDP port in the UDP datagram in which the...

Page 56: ... network are sent to the respective COM according to the UDP port setting Parameters Destination IP This is the IP address of the destination Unit UDP port Interface This is the UDP port number which is used as the destination UDP port in the UDP datagram in which the packet received from COM is encapsulated C24 C24 is a serial polling type communication protocol used in Master Slave applications ...

Page 57: ...arameters Mode of Connected device Master Broadcast Note There is no the possibility to set Broadcast address since Cactus broadcast messages always have the address 0x00 Hence when the Broadcast is On packets with this destination are handled as broadcasts Broadcasting is not supported with mobile networks Address translation Table Mask Slave Broadcast accept Max gap timeout ms Default 30 The lon...

Page 58: ...n the Unit receives a data frame from the connected device it generates the ACK frame 0x1006 locally When the Unit receives the data frame from the mobile network it sends the frame to the connected device and waits for the ACK If the ACK is not received within 1 sec timeout Unit sends ENQ 0x1005 ENQ and ACK are not generated for broadcast packets DNP3 Each frame in the DNP3 protocol contains the ...

Page 59: ...tion is generated when address byte is 0xFF 2B ADDR Two byte address IEC 870 5 101 standard is 1 byte The frame is 1 byte longer than the standard one There is the Intel sequence of bytes low byte high byte Mask Address translation has to be used because Table one is limited to just one byte address length The Master station broadcast is generated when the low address byte is 0xFF and high address...

Page 60: ... WAIT COMMAND 0x13 to its Master The Unit does not accept the next WAIT COMMAND discards it till the Wait timeout expires The Recommended value is in the 1 10 seconds range Modbus Modbus RTU is a serial polling type communication protocol used by Master Slave application More Modbus Masters can be used within one network and one Slave can be polled by more Masters Modbus protocol configuration use...

Page 61: ... over the COM inter face However from time to time RB period the RB packets are transferred over the network in order to check whether the respective Slave is still on When the RB response from the Slave to this RB packet is not received over the mobile network within the set RB timeout i e the respective Slave is out of order the central Unit stops local answering to RB packets from the master fo...

Page 62: ...ckets from the Master received over the mobile network RTU address Hex Default 01 Active only when the Local simulation RB is On The connected RTU s address is supposed to be filled in This address 0x00 0xFF is used in the RB packets generated locally in the M DGE RipEX and transmitted over the COM Siemens 3964 R The 3964 protocol is utilized by the Siemens Company as a Point to Point connection b...

Page 63: ...ddress translation Table Mask Slave Broadcast accept DLE timeout ms Default 1000 min 300 max 8190 M DGE RipEX expects a response DLE from the connected device RTU within the set timeout If it is not received the Unit repeats the frame according to the Retries setting Retries No Default 3 min 0 max 7 When DLE timeout is On and the DLE packet is not received from the connected device RTU within the ...

Page 64: ...rotocol with ASYNC LINK protocol and spontaneous packet generation on remote sites are possible The UNI protocol is fully transparent i e all messages are transported and delivered in full without any modifications Italicised parameters are described in Common parameters Mode of Connected device Master Address mode List box Binary 1 B ASCII 2 B Binary 2B LSB first Binary 2B MSB first Default Binar...

Page 65: ...appen that a response from a Slave No 1 is delivered after the respective timeout expired and the Master generates the request for the next Slave No 2 in the meantime In such a case the delayed response from No 1 would have been considered as the response from No 2 When Poll response control is On the delayed response from the Slave No 1 is discarded and the Master stays ready for the response fro...

Page 66: ... can apply the following settings Besides on and off you may keep the status after reboot at default which corresponds to the default state as the hardware will be initialized at power up The digital inputs and outputs can also be monitored and controlled by SDK scripts M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 66 Web Configuration ...

Page 67: ...ort have the following specification Max allowed cable length 30m Max allowed antenna gain 3 0 dBi Min distance between colocated radio transmitter antennas e g GNSS to LTE 20cm Connector type SMA Time pulse TTL logic L 0 to 0 8 V H 2 to 3 3 V minimal connected load 100 Ω GNSS status This pages provides further information about the satellites in view and values derived from them 67 RACOM s r o M ...

Page 68: ...GPRMC Satellites used frames The number of satellites used for calculating the position as stated in GPGGA Dilution of precision The dilution of precision as stated in GPGSA frames furtheron each satellite also comes with the following details GNSS satellite inform ation PRN frames The PRN code of the satellite also referred as satellite ID as stated in GPGSA Elevation stated in GPGSV frames The e...

Page 69: ...that is substantially easier to parse than the NMEA 0183 emitted directly by the GNSS device We are currently running the Berlios GPS daemon version 3 15 supporting the new JSON format Please navigate to http www catb org gpsd for getting more information about how to connect any clients to the daemon remotely The position values can also be queried by the CLI and used in SDK scripts GNSS Module C...

Page 70: ...ished when a client connects You can specify on request which typically requires an R to be sent Data will be sent instantly in case of raw mode which will provide NMEA frames or super raw which includes the original data of the GPS receiver If the client supports the JSON format i e newer libgps is used the json mode can be specified Note Please consider to restrict access to the server port eith...

Page 71: ... emergency action You can either let just restart the server which will also re initialize the GPS function on the module or reset the module in severe cases Please note that this may have effects on any running WWAN SMS services 7 3 ROUTING 7 3 1 Static Routes This menu shows all routing entries of the system which can consist of active and configured ones Netmasks can be specified in CIDR notati...

Page 72: ...ion network Flags A ctive P ersistent H ost Route N etwork Route D efault Route The flags obtain the following meanings Active The route is considered active it might be inactive if the interface for this route is not yet up Persistent The route is persistent which means it is a configured route otherwise it corresponds to an interface route Host The route is a host route typically the netmask is ...

Page 73: ...estination address netmask but also a source ad dress netmask incoming interface and the type of service TOS of packets Incoming interface The interface on which the packet enters the system Source address The packet source address Source netmask The packet source netmask Destination address The packet destination address Destination netmask The packet destination netmask Protocol Protocol used AN...

Page 74: ...ltiple interfaces At least two interfaces must be defined to establish the Multipath routing Additional interfaces can be added by pressing the plus sign Target network netmask The target network for which the Multipath routing will be applied Interface The interface for the selected path Weight Interface weight in relation to the others e g values 4 and 1 for two paths will result in 80 and 20 of...

Page 75: ...ast messages IGMP proxy IGMP proxy which is able to maintain multicast groups on a particular interface and distribute incoming multicast packets towards the downstream interfaces on which hosts have joined the groups Administrative status Specifies whether multicast routing is active Incoming interface The upstream interface on which multicast groups are joined and on which multicast packets come...

Page 76: ...he BGP tab allows to set up peerings of the M DGE router with other Border Gateway Protocol enabled routers BGP status Specifies whether the BGP routing protocol is active AS number The number of the autonomous system to which the M DGE router belongs available range 1 4294967295 Redistribute connected routes Redistribute routes to networks which are directly connected to the M DGE router Redistri...

Page 77: ...nge 1 4294967295 Password Password for authentication with the peer router If left blank authentication is disabled Multihop Allow multiple hops between this router and the peer router instead of requiring the peer to be directly connected The Networks tab allows to add IP network prefixes that shall be distributed via BGP in addition to the networks that are redistributed from other sources as de...

Page 78: ...routes Redistribute routes learned via the BGP routing protocol Redistribute default route Redistribute the routers default route Disable when redundancy backup Disables the OSPF protocol when the router is set to slave mode by the VRRP redundancy protocol The interfaces tab is used to define OSPF specific settings for the IP interfaces of the router If no settings are defined for a specific inter...

Page 79: ...e used to enable a seamless switch between different WAN technologies It boasts with very small outages during switchover while keeping all IP sessions alive which is being accomplished by communicating with the static public IP address of a home agent which will encapsulate the packets and send them further to the router Switching works by telling the home agent that the hotlink address has chang...

Page 80: ...of nodes represented in 8 chars hex Authentication type The used authentication can be prefix suffix md5 or hmac md5 Shared secret The shared secret used for authentication can be a 128 bit hex or ASCII string Life time The lifetime of security associations in seconds MTU Maximum transmission unit in bytes UDP encapsulation Specifies whether UDP encapsulation shall be used Mobile network address O...

Page 81: ...f the following settings SPI The home address of the network Authentication type The mask for the home network Shared secret The shared secret used for the mobile node authentication at the home agent This can be either a 128 bit hexadecimal value or a random length ASCII string 81 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Web Configuration ...

Page 82: ...of the available bandwidth In case of demands for other class or qdisc algorithms please contact our support team in order to evaluate the best approach for your application QoS Administration The administration page can be used to enable and disable QoS QoS Classification The classification section can be used to define the WAN interfaces on which QoS should be active Interface The WAN interface ...

Page 83: ...interfaces operating in a mobile environment are suffering variable bandwidths thus rather lower values should be used In case an interface has been activated the system will automatically create the following queues high A high priority queue which may hold any latency critical services such as VoIP default A default queue which will handle all other services low A low priority queue which may ho...

Page 84: ...ers apply Interface The QoS interface of the queue Queue The QoS queue to which this service shall be assigned Source Specifies a network address and netmask used to match the source address of packets Destination Specifies a network address and netmask used to match the destination target address of packets Protocol Specifies the protocol for packets to be matched Type of Service Specifies the To...

Page 85: ... HTTPS SSH or TELNET by default but block any other packets coming from the WAN interface Please note that the specified rules are processed by order that means traversing the list from top to bottom until a matching rule is found If there is no matching rule found the packet is allowed Administrative status Enable or disable packet filtering Allow WAN administration This option will predefine the...

Page 86: ... address of matching packets Possible values are ANY LOCAL addressed to the system itself Group or Specify specified by an address netmask Destination The destination address of matching packets can be ANY LOCAL addressed itself Group or Specify specified by address netmask Protocol Used IP protocol of matching packets Destination port s Destination port of matching packets You can specify a singl...

Page 87: ...ivate network and hosts on a public network It generally allows a single public IP address to be used by many hosts from the private LAN network Administration The administration page lets you specify the interfaces on which masquerading will be performed NAT will hereby use the address of the selected interface and choose a random source port for outgoing connections and thus enables communicatio...

Page 88: ... rules Note The rules are processed by order that means traversing the list from top to bottom until a matching rule is found If there is no matching rule found the packet will pass as is Description A meaningful rule description Incoming interface Interface from which matching packets are received Source The source address or network from which matching packets are received Map Choosing whether t...

Page 89: ...ether the rule applies to the host or to the network Outgoing interface Outgoing interface on which matching packets are leaving the router Target The target address or network to which matching packets are destined Source address ports Source address ports of matching packets if Map is set to host Source network netmask Source network netmask of matching packets if Map is set to network Rewrite t...

Page 90: ...after the bootup Tunnel Configuration The router supports a single server tunnel and up to 4 client tunnels You can specify tunnel parameters in standard configuration or upload an expert mode file which has been created in advance Refer to section the section called Client Management to learn more about how to manage clients and generate the files Operation mode Choose the client or server mode f...

Page 91: ...dged from or to a particular interface You can also set the MTU for the tunnel Authentication You can choose between credential based where you have to specify a username and password and certificate based options Note that keys certi ficates have to be created in the SYSTEM Keys Certificates menu You may also upload files which you have generated on your host system HMAC digest HMAC is commonly u...

Page 92: ...network behind the tunnel If in doubt create an extra static route pointing to the correct interface Negotiate DNS If enabled the system will use the nameservers which have been negotiated over the tunnel Allow duplicates Allow multiple clients with the same common name to concurrently connect Verify certs Check peer certificate against local CRL Server Mode A server tunnel typically requires the ...

Page 93: ...xed addresses to the other ones as well You may specify the network behind the clients as well as the routes to be pushed to each client This can be useful for routing purposes e g in case you want to redirect traffic for particular networks towards the server Routing between the clients is generally not allowed but you can enable it if desired Finally you can generate and download all expert mode...

Page 94: ...d key exchange Negotiating keys for encryption and authentication is generally done by the Internet Key Exchange protocol IKE which consists of two phases IKE phase 1 IKE authenticates the peer during this phase for setting up an ISAKMP secure asso ciation This can be carried out by either using main or aggressive mode The main mode approach utilizes the Diffie Hellman key exchange and authenticat...

Page 95: ...ons and SPIs Security Payload Identifiers for a faster tunnel re establishment Detection cycle Set the delay in seconds between Dead Peer Detection RFC 3706 keepalives R_U_THERE R_U_THERE_ACK that are sent for this connection default 30 seconds Failure threshold The number of unanswered DPD R_U_THERE requests until the IPsec peer is considered dead the router will then try to re establish a dead c...

Page 96: ...FQDN username FQDN or IP address Local ID The local ID value Peer ID type The identification type for the remote router Peer ID The peer ID value Note When using certificates you would need to specify the Operation mode When run as the PKI client you can create a Certificate Signing Request CSR in the certificates section which needs to be submitted at your Certificate Authority and imported to th...

Page 97: ...his feature heavily increases security as PFS avoids penetration of the key exchange protocol and prevents compromising the keys negotiated earlier Using Public Key Infrastructure requires similar settings but the Operation mode must be configured Operation mode Mode can be set either to server or client As a server and once you have successfully set up an IPsec tunnel you can manage and enable cl...

Page 98: ...a valid SA with the matching source and destination network is present Therefore you may need to specify the networks behind the endpoints by applying the following settings Local network address The address of your Local Area Network LAN Local network mask The netmask of your LAN Peer network address The address of the remote network behind the peer Peer network mask The netmask of the remote net...

Page 99: ... amongst Microsoft Dial up networking servers However due to its weak encryption algorithms it is nowadays considered insecure but it still provides a straightforward way for establishing tunnels When setting up a PPTP tunnel you would need to choose between server or client Listen address Specifies on which IP address should be listened for incoming client connections Server address The server ad...

Page 100: ...ed with different credentials and IP addresses A client tunnel requires the following parameters to be set Server address The address of the remote server Username The username used for authentication Password The password used for authentication M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 100 Web Configuration ...

Page 101: ...el netmask The local subnet mask of the tunnel Remote network The remote network address of the tunnel Remote netmask The remote subnet mask of the tunnel In general the local tunnel address netmask should not conflict with any other interface addresses The remote network netmask will result in an additional route entry in order to control which packets should be encapsulated and transferred over ...

Page 102: ...ronment that is easy to dig in However feel free to contact us via support racom eu and we will happily support you in finding a programming solution to your specific problem The Language The arena scripting language offers a broad range of POSIX functions like printf or open and provides together with tailor made API functions a simple platform for implementing any sort of applications to interco...

Page 103: ...izing them in the SDK Let s now pay some attention to the very powerful API function nb_status It can be used to query the router s status values in the same manner as they can be shown with the CLI It returns a structure of variables for a specific section a list of available sections can be obtained by running cli status h By using the dump function you can figure out the content of the returned...

Page 104: ..._config_set function it is possible to start a re configuration of any parts of the system upon status changes You may find all possible parameters by reading the etc config factory config cfg file accessible via CLI cat etc config factory config cfg grep ntp network ntp status 1 network ntp server0 0 pool ntp org network ntp server1 1 pool ntp org network ntp ping 1 network ntp interval 256 netwo...

Page 105: ... either time based e g each Monday or triggered by one of the pre defined system events e g wan up as described in Section 7 6 7 Events With both a script and a trigger you can finally set up an SDK job now The test event usually serves as a good facility to check whether your job is working as expected The admin section also offers facilities to troubleshoot any issues and control running jobs Th...

Page 106: ... Mbytes your scripts can write to the internal flash Enable watchdog This option enables watchdog supervision for each script If the script does not respond or is stopped with an exit code not equal null the system is rebooted The status page informs you about the current SDK status It provides an overview about any finished jobs you can also stop a running job there and view the script output in ...

Page 107: ...ify the trigger Type The type of the trigger either time based or event based Condition Specifies the time condition for time based triggers e g hourly Timespec The time specification which together with the condition specifies the time s when the trigger should be pulled Event The system event upon which the trigger should be pulled 107 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Web Configurati...

Page 108: ...fies the trigger that should launch the job Script Specifies the script to be executed Arguments Defines arguments which can be passed to the script supports quoting they will precede the arguments you formerly may have assigned to the script itself Testing Check the current NTP server and set it to the IP address 192 168 0 2 and enable the NTP synchronisation printf The NTP server was previously ...

Page 109: ...icking on the Run button SDK Sample Application As an introduction you can step through a sample application namely the SMS control script which implements remote control over short messages and can be used to send a system status back to the sender The source code is listed in the appendix Once enabled you can send a message to the phone number associated with a SIM modem It generally requires a ...

Page 110: ...current IP address of the VPN interface if enabled disconnect terminates all WAN connections including VPN reboot Initiates a system reboot output 1 on Switch digital output 1 on output 1 off Switch digital output 1 off output 2 on Switch digital output 2 on output 2 off Switch digital output 2 off A response to the status command typically looks like System MIDGE midge 0002A9FFC32E WAN1 WWAN1 is ...

Page 111: ...ents Last lease address Last address for DHCP clients Lease duration Number of seconds 30 86400 how long a given lease will be valid until it has to be requested again Persistent leases By checking this option only static hosts will obtain the IP leases DHCP options By default DHCP will hand out the interface address as the default gate way and DNS server address if not configured elsewhere It is ...

Page 112: ... Administrative status Enabled or disabled Domain name The domain name used for short name lookups Primary name server The primary default name server which will be used instead of negoti ated name servers Secondary name server The secondary default name server which will be used instead of ne gotiated name servers You may further configure static hosts for serving fixed IP addresses for various h...

Page 113: ...es the IP address range which is allowed to poll the NTP server Note See the description of how to set the correct router time in the section called Time Region 7 6 5 Dynamic DNS Dynamic DNS client on this box is generally compatible with various DynDNS services on the Internet running by means of definitions by the DynDNS organization see www dyndns com for server imple mentations Administrative ...

Page 114: ...ion Protocol The protocol used for authentication HTTP HTTPS Server address The address of the server which shall be updated Server port The port of the server which shall be updated TSIG key name The name of the TSIG key which is allowed to perform updates TSIG key The TSIG key encoded in base64 Please note that your RACOM router can operate as DynDNS service as well provided that you hold a vali...

Page 115: ...rom address Sender e mail address Server address SMTP server address Server port SMTP server port typically 25 Authentication Choose the required authentication method to authenticate against the SMTP server Encryption The optional encryption for the e mail messaging none or TLS Username User name for authentication Password Password for authentication 115 RACOM s r o M DGE2 GPRS UMTS HSPA LTE rou...

Page 116: ...can also test e mail messages 7 6 7 Events By using the event manager you can notify remote systems about system events A notification can be sent using E Mail SMS or SNMP traps M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 116 Web Configuration ...

Page 117: ...ote SNMP service MD5 or SHA Encryption The encryption algorithm for accessing the remote SNMP service DES or SHA Engine ID The engine ID of the remote SNMP service The messages will contain a description provided by you and a short system information The default texts for a specific Event are as follows Description Event ID Category A GSM call is coming in call incoming 701 CALL Outgoing voice cal...

Page 118: ... 407 PPTP PPTP connection came up pptp up 406 System is now backup router redundancy backup 1002 REDUNDANCY System is now master router redundancy master 1001 SDK has been started sdk startup 507 SDK SMS has not been sent sms notsent 602 SMS SMS has been received sms received 603 SMS report has been received sms report received 604 SMS has been sent sms sent 601 System is in error state system err...

Page 119: ...r SMS com munication Sending messages heavily depends on the registration state of the modem and whether the provided SMS Center service works and may fail You may use the sms report received event to figure out whether a message has been successfully sent Received messages are pulled from the SIMs and temporarily stored on the router but get cleared after a system reboot Please consider to consul...

Page 120: ... enforce messages be sent over a dedicated SIM Phone numbers can also be specified by regular expressions here are some examples 12345678 Specifies a fixed number 1 Specifies any numbers starting with 1 1 9 Specifies any numbers starting with 1 and ending with 9 12 Specifies any numbers starting with either 1 or 2 Please note that numbers have to be entered in international format including a vali...

Page 121: ...the system All non matching messages will be allowed Status The status page can be used to the current modem status and get information about any sent or received messages There is a small SMS inbox reader which can be used to view or delete the messages Please note that the inbox will be cleared each midnight in case it exceeds 512 kbytes of flash usage Testing This page can be used to test wheth...

Page 122: ...em by applying applicable firewall rules The following parameters can be applied to the Telnet service Administrative status Whether the Telnet service is enabled or disabled Server port The TCP port of the service usually 23 The following parameters can be applied to the SSH service Administrative status Whether the SSH service is enabled or disabled Server port The TCP port of the service usuall...

Page 123: ...e additional information over the system and its WWAN GNSS and WLAN interfaces They can be accessed over the following OIDs RACOM MIB OID Assignment Parameter 1 3 6 1 4 1 33555 10 40 admin 1 3 6 1 4 1 33555 10 50 mgWwanTable 1 3 6 1 4 1 33555 10 51 mgGnssTable 1 3 6 1 4 1 33555 10 53 dio 1 3 6 1 4 1 33555 10 54 mgSerialTable 1 3 6 1 4 1 33555 10 60 mgWlanTable 1 3 6 1 4 1 33555 10 61 mgWlanStation...

Page 124: ...3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 33555 10 40 11 0 s http server directory Note config Update expects a zip file named serial number zip in the specified directory which contains at least a user config zip Supported protocols are TFTP HTTP s and FTP Specifying a username password or port is not yet supported get configuration update status snmpget v 3 u ...

Page 125: ...NMPv3 only Contact System maintainer or other contact information Location Device location Listening port SNMP agent port Once the SNMP agent is enabled SNMP traps can be generated using SDK scripts or can be triggered by various Events see the SYSTEM Events menu SNMP Authentication 125 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Web Configuration ...

Page 126: ...munity name for read access Admin community Defines the community name for admin access Allowed host Defines the host which is allowed for admin access Note The SNMP daemon is also listening on WAN interfaces and it is therefore suggested to restrict the access via the firewall 7 6 11 Web Server This page can be used to configure different ports for accessing the Web Manager via HTTP HTTPS We stro...

Page 127: ...PS connections HTTPS certificate Either information that the certificate is installed or a link to create such certificate HTTPS security Choose the HTTPS security level follow the help within the menu itself Enable CLI PHP Enable CLI PHP service see Section 8 16 CLI PHP 127 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Web Configuration ...

Page 128: ...tems by running the Virtual Router Redundancy Protocol VRRP among them A typical VRRP scenario defines the first host playing the master and another the backup device they both define a virtual gateway IP address which will be distributed by gratuitous ARP messages for updating the ARP cache of all LAN hosts and thus redirecting the packets accordingly A takeover will happen within approximately 3...

Page 129: ...P transparently was not a preferred option in the cellular routers on contrary it is a recommended solution In such a case that all connected devices use Modbus TCP there is no need to use and configure this feature Just send data transparently as TCP over the cellular network But if you combine Modbus TCP and Modbus RTU within one network you should use our Modbus TCP solution You do not need any...

Page 130: ...ll received packets to the localhost Important In some Modbus TCP implementations Unit ID field within the datagram is always set to FF In such a case you can use the Replace PLC address option so that the Unit ID is replaced by some Modbus RTU address Thanks to this parameter regular Mask Table address translation can be used Consider carefully where you put the corresponding parameter local or r...

Page 131: ... M DGE This type of interconnection between M DGE and application is especially advantageous when there is not any physical serial interface on the computer the serial cable between M DGE and computer would be too long e g the M DGE is installed very close to the antenna to improve radio coverage the LAN between the computer and the place of M DGE installation already exists Modbus TCP is used wit...

Page 132: ...inistrative status Enable or disable the particular TS Type Set the TS Type either TCP or UDP session TCP Timeout If the Type is TCP configure the required TCP timeout i e close the TCP session if there is no communication for a given time period M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 132 Web Configuration ...

Page 133: ...h M DGE Destination Port The destination port of TCP UDP session In some cases applications dynamically change the IP port with each datagram In such a case set Destination port 0 M DGE will then send replies to the port from which the last response was received This feature allows to extend the number of simultaneously opened TCP connections between a M DGE and locally connected application to an...

Page 134: ...es who will be responsible for call routing If SDK has been spe cified you would need to install a script see examples which will be responsible for routing and accepting the calls Otherwise the static routing configuration will be used In case you are running multiple WWAN interfaces sharing the same SIM please bear in mind that the system may switch SIMs during operation which will also result i...

Page 135: ...available with a wide variety of echo characteristics and noise pickup Although the echo delay is typically short 16 ms with all headsets the echo return loss characteristics can vary significantly and are not well known a priori to the handset designer This mode is more robust and more aggressive at echo cancellation Speakerphone Handle situations of loud echo with extreme acoustic distortion Thi...

Page 136: ... on Using the SDK you can also ini tiate or accept a call adjust its volume level or do a hangup Anyway for simple scenarios the generic method should be sufficient and can be configured as follows Source Specifies the source endpoint i e where the call comes in Mode The type of action which shall be applied for the call DROP will silently hangup the call ROUTE will route the call to the specified...

Page 137: ...ttacker can guess the uptime of the system The uptime is a lower bound for the age of the main system components like the kernel If the system has an uptime of 3 years it s unlikely that recent security patches were applied Syslog Storage The storage device on which logfiles shall be stored Max filesize The maximum size of the logfiles in kB until they will get rotated Redirect address Specifies a...

Page 138: ...admin password will be used Time Region Network Time Protocol NTP is a protocol for synchronizing the clocks of computer systems over packet switched variable latency data networks M DGE can synchronize its system time with an NTP server If enabled time synchronization is usually triggered after a WAN link has come up but before starting any VPN connections Further time synchronizations are schedu...

Page 139: ...ICMP ping to check whether NTP servers are available when running initial time update Time zone Time zone based on your geographical location Daylight saving changes This option can be used to reflect daylight saving changes e g switching from summer to standard time depending on the selected time zone Sync will perform the time synchronization immediately Virtualization Virtualization gives custo...

Page 140: ...ge the user accounts on the device The standard admin user is a built in power user that has permission to access the Web Manager and other administrative services and is used by several services as the default user Keep in mind that the admin password will be also applied to the root user which is able to enter a system shell Any other user represents a user with lower privileges for instance it ...

Page 141: ...ote Authentication A remote RADIUS server can be used to authenticate users This applies for the Web Manager and other services supporting and incorporating remote authentication Administrative status Enable or disable remote authentication Use for login This option enables remotely defined users to access the Web Man ager Primary RADIUS configuration Server address RADIUS server address Secret Se...

Page 142: ...We also apply forward compatibility when downgrading to a previous software within the same release line which is accomplished by sorting out unknown configuration directives which actually may lead to loss of settings and features Therefore it s always a good idea to keep a copy of the working configuration Generally we do not recommend downgrading the software A software image can be either uplo...

Page 143: ... want to downgrade to a release 4 1 x and lower The same passphrase will be used for bootloader login as well All users which have no password stored on the device will not be able to login after downgrade until new passwords have been applied Automatic Software Update Status Enable disable automatic software update Time of day Every day at this time M DGE will do a check for updates URL The serve...

Page 144: ...ween these profiles any time It can be for example useful when there is some issue with the newest firmware and you need to restore the previous firmware version easily Or you can just test some new features in the newest firmware and then get back to the previous one 7 7 4 Configuration Configuration via the Web Manager becomes tedious for large volumes of devices M DGE therefore offers automatic...

Page 145: ...estore a particular configuration you can upload a configuration previously downloaded or update configuration from the provided URL link You can choose between missing configuration directives stay the same as in the currently running configuration Automatic Updates Status Enable disable automatic configuration update Time of day Time of day when the system will check for updates 145 RACOM s r o ...

Page 146: ...168 1 1 You will be able to communicate again with the device using the default network parameters You may store the currently running configuration as factory defaults which will reside active even when a factory reset has been initiated e g by your service staff Please ensure that this corresponds to a working configuration A real factory reset to the default settings can be achieved by restorin...

Page 147: ...umber of packets and the packet size The traceroute utility can be used to print the route to a remote host Define the target host IP or hostname Time To Live TTL number of hops on the resulting route and the timeout in seconds max time to wait for the final respond The tcpdump utility generates a network capture PCAP of an interface which can be later analyzed with Wireshark 147 RACOM s r o M DGE...

Page 148: ... of received packets is set to 1000 For downloading the file just click on the Download button The captured file can be also downloaded from the tmp directory via the appropriate file manager The darkstat utility can be used to visualize your current network connections and traffic on a particular interface M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 148 Web Configuration ...

Page 149: ...arate window Displaying graphs and individual host statistics are supported System Debugging Log files can be viewed downloaded and reset here Please study them carefully in case of any issues 149 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Web Configuration ...

Page 150: ...Default debugging levels for individual daemons are as follows configd 4 watchdog 4 swupdate 5 wwan managerc 5 led manager 5 M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 150 Web Configuration ...

Page 151: ...set button afterwards Tech Support You can generate and download a tech support file here We strongly recommend providing this file when getting in touch with our support team either by e mail or via our online support form as it would significantly speed up the process of analyzing and resolving your problem Note For both direct E mail and Online support form a connection to the Internet has to b...

Page 152: ...le in a plain text anyway 7 7 6 Keys Certificates The key and certificate page lets you generate required files for securing your services such as the HTTPS WebServer and SSH server Keep in mind that you will need to create keys and certificates for VPN or WLAN in case of certificate based authentication You can also revoke and invalidate certi ficates again for instance if they have been compromi...

Page 153: ...on e g WPA EAP TLS Authorities Other certificate authorities which we trust when establishing SSL client connections For each certificate section it is possible to perform the following operations generate locally Generate key and certificate locally on M DGE upload files Key and certificate will be uploaded We support files in PKCS12 PKCS7 PEM DER format as well as RSA DSS keys in OpenSSH or Drop...

Page 154: ...rganization Department OU The name of the organizational unit to which the certificate issuer belongs Location L The certificate owner s location State ST The certificate owner s state Country C The certificate owner s country usually a TLD abbreviation Common Name CN The certificate owner s common name mainly used to identify a host E Mail The certificate owner s email address Expiry period The n...

Page 155: ...e and private key can also be uploaded in one stroke by using the container format PKCS12 RSA DSS keys can be converted from OpenSSH or Dropbear formats It is possible to specify the passphrase for opening the private key Please note that the system will generally apply the system wide certificate passphrase on a key when installing the certificate Thus changing the general passphrase will result ...

Page 156: ...the chain of trust If a certificate enrollment request times out it is possible to re trigger the interrupted enrollment request and it will be resumed using the previously generated key In case a request has been rejected you are required to erase the certificate first and then start the enrollment process all over again Authorities For SSL client connections as used by SDK functions or when down...

Page 157: ...e that some features are disabled if no valid license is provided Availability means that the licence can be applied to the current hardware The valid license is active if the status licensed is displayed in the respective line 157 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Web Configuration ...

Page 158: ...es detailed in formation for each package including the relevant license text and the corresponding source URL The user is now obliged to accept our end user license agreement during the initial setup of the router We remind you that the source code of any package can be obtained by contacting our technical support at support racom eu M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 158 Web Configurat...

Page 159: ...7 8 LOGOUT Log out from Web Manager 159 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Web Configuration ...

Page 160: ...nterface version 1 1 C Copyright RACOM s r o Czech Republic This kit is distributed under the terms of GPLv2 Enter help for a list of available commands or hit the TAB key for auto completion Ready to serve The CLI supports the TAB completion that is expanding entered words or fragments by hitting the TAB key at any time This applies to commands but also to arguments and generally offers a conveni...

Page 161: ...next command from the history list moving forward in the list CTRL n Move to the first line in the history ALT Move to the end of the input history ALT Search backward starting at the current line and moving up through the history CTRL r Session will be frozen CTRL s Reactivate frozen session CTRL q Delete character at point or exit CLI if at the beginning of the line CTRL d Drag the character bef...

Page 162: ...system reset Reset system facilities reboot Reboot system shell Run shell command dio DIO control help Print help for command no autologout Turn off auto logout history Show command history exit Exit 8 3 Getting config parameters The get command can be used to get configuration values not the current values get h Usage get hsvfc parameter parameter Options s generate sourceable output v validate c...

Page 163: ...te h Usage update hfrsnbv software config firmware module license sshkeys URL Options r reboot after update f force update n don t reset missing config values with factory defaults b update backup config s show update status Available update targets software Perform software update firmware module Perform module firmware update on upgradable module config Update configuration license Update licens...

Page 164: ...n license License information storage Storage information led LED status virt Virtualization status wwan WWAN module status wlan WLAN module status gnss GNSS GPS module status eth Ethernet interface status lan LAN interface status wan WAN interface status openvpn OpenVPN connection status ipsec IPsec connection status pptp PPTP connection status gre GRE connection status dialin Dial In connection ...

Page 165: ...t the active mobile connection will be deactivated during the scan procedure scan h Usage scan hs interface Options s generate sourceable output Available interfaces Mobile1 wwan0 See the example below scan s Mobile1 NETWORK1_NAME EUROTEL CZ NETWORK1_LAI 23002 NETWORK1_RAT GSM NETWORK1_SERVICE CSD NETWORK1_STATUS Current NETWORK2_NAME vodafone CZ NETWORK2_LAI 23003 NETWORK2_RAT GSM NETWORK2_SERVIC...

Page 166: ...start system services restart h Usage restart h service Available services configd Configuration daemon dnsmasq DNS DHCP server dropbear SSH server firewall Firewall and NAPT gpsd GPS daemon gre GRE connections ipsec IPsec connections lighttpd HTTP server link manager WAN links network Networking openvpn OpenVPN connections pptp PPTP connections qos QoS daemon smsd SMS daemon snmpd SNMP daemon sur...

Page 167: ...ager led manager event manager link manager wwanmd surveyor mobile node home agent voiced smsd sdkhost ser2net qosd gpsd ubxd rrsp2 rrsp11 rrsp12 rrsp21 8 12 Resetting system The reset command can be used to reset the router back to factory defaults reset h Usage reset h facility Available reset facilities factory Reset system to factory defaults statistics Reset link statistics 167 RACOM s r o M ...

Page 168: ...dio out1 on 7 get dio out1 8 get dio out2 9 set h 8 16 CLI PHP CLI PHP an HTTP front end to the CLI application can be used to configure and control the router remotely It is enabled in factory configuration thus can be used for deployment purposes but disabled as soon as the admin account has been set up The service can later be turned on off by setting the cliphp status configuration parameter g...

Page 169: ... as cli get admin password admin debug admin access It supports whitespaces but please be aware that any special characters in the URL must be specified according to RFC1738 which usually done by common clients such as wget lynx curl Response The returned response will always contain a status line in the format return msg with return values of OK if succeeded and ERROR if failed Any output from th...

Page 170: ...ig key arg1 config value arg2 config key arg3 config value Notes In contrast to the other commands this command requires a set of tuples because of the reserved char i e arg0 key0 arg1 val0 arg2 key1 arg3 val1 arg4 key2 arg5 val2 etc Examples http 192 168 1 1 cli php version 2 output html usr admin pwd admin01 command set arg0 snmp status arg1 1 http 192 168 1 1 cli php version 2 output html usr a...

Page 171: ... Update system facilities Key usage command update arg0 facility arg1 URL Notes Available facilities can be retrieved by running command update arg0 h Examples http 192 168 1 1 cli php version 2 output html usr admin pwd 127 admin01 command update arg0 software arg1 tftp 192 168 1 254 latest http 192 168 1 1 cli php version 2 output html usr admin pwd admin01 command update arg0 config arg1 tftp 1...

Page 172: ... that function Examples http 192 168 1 1 cli php version 2 output html usr admin pwd admin01 command send arg0 mail arg1 abc 40abc com arg2 test send Send TechSupport Key usage command send arg0 techsupport arg1 stdout command send arg0 techsupport arg1 address arg2 subject Notes The address has to be a valid E Mail address such as abc abc com the at sign can be encoded with 40 The E Mail client m...

Page 173: ...dex e g 0 for wwan0 The USSD code can consist of digits plus signs asterisks can be encoded with 2A and dashes can be encoded with 23 Examples http 192 168 1 1 cli php version 2 output html usr admin pwd admin01 command send arg0 ussd arg1 0 arg2 2A100 23 173 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Command Line Interface ...

Page 174: ...ages The Web Manager displays messages in the status bar in the footer of a web page There are three levels Green The action was performed successfully Yellow Warning please consider the information Red Error command was not performed typically with recommended action which is required before the possible successful action 9 3 Troubleshooting tools 9 3 1 Pinger Connection from the M DGE router can...

Page 175: ...nformation about boot up process and about running processes can be found in the Linux like Log files see the SYSTEM Troubleshooting System Debugging menu 175 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Troubleshooting ...

Page 176: ...eme ambient conditions Protect the communication module against dust moisture and high temperature We remind the users of the duty to observe the restrictions concerning the utilization of radio devices at petrol stations in chemical plants or in the course of blasting works in which explosives are used Switch off the communication module when traveling by plane When using the communication module...

Page 177: ...ecovery of waste in an environmentally safe manner using processes that comply with the WEEE Directive Battery Disposal This product may contain a battery Batteries must be disposed of properly and may not be disposed of as unsorted municipal waste within the European Union See the product document ation for specific battery information Batteries are marked with a symbol which may include letterin...

Page 178: ... the market of radio equipment and repealing Directive 1999 5 EC Harmonised standards used for demonstration of conformity Safety Health EN 62368 1 2014 RED article 3 1a EN 62311 2008 EMC EN 55035 2017 RED article 3 1b EN 55032 2015 EN 61000 6 2 2016 EN 61000 6 3 2007 A1 2011 AC 2012 EN 301 489 1 V2 1 1 EN 301 489 3 V2 1 1 EN 301 489 7 V1 3 1 EN 301 489 17 V3 2 0 EN 301 489 24 V1 5 1 EN 301 489 52...

Page 179: ...COM s r o déclare que l équipement radioélectrique du type M DGE 2 est conforme à la directive 2014 53 UE HR RACOM s r o ovime izjavljuje da je radijska oprema tipa M DGE 2 u skladu s Direktivom 2014 53 EU IT Il fabbricante RACOM s r o dichiara che il tipo di apparecchiatura radio M DGE 2 è conforme alla direttiva 2014 53 UE LV Ar šo RACOM s r o deklarē ka radioiekārta M DGE 2 atbilst Direktīvai 2...

Page 180: ...ade so smernicou 2014 53 EÚ SL RACOM s r o potrjuje da je tip radijske opreme M DGE 2 skladen z Direktivo 2014 53 EU FI RACOM s r o vakuuttaa että radiolaitetyyppi M DGE 2 on direktiivin 2014 53 EU mukainen SV Härmed försäkrar RACOM s r o att denna typ av radioutrustning M DGE 2 överensstämmer med direktiv 2014 53 EU M DGE2 GPRS UMTS HSPA LTE router RACOM s r o 180 Safety environment licensing ...

Page 181: ... 2011 65 EU of the European Parliament and of the Council on the restriction of the use of certain hazardous substances in electrical and electronic equipment RoHS and Directive 2012 19 EU of the European Parliament and of the Council on waste electrical and electronic equipment WEEE RoHS Applicable Exemption 7 b Compliance has been verified via internal design controls supplier declarations and o...

Page 182: ...y of Origin of the MG102i and M DGE routers and its accessories is the Czech Republic EU Part Number Description MG102i L dual SIM GPRS EDGE HSPA LTE router 5Eth RS232 2DI 2DO MG102i U dual SIM GPRS EDGE UMTS HSPA router 5Eth RS232 2DI 2DO MG102i 2UW G dual module GPRS EDGE UMTS HSPA router WiFi GPS MG102_DINSET DIN rail mounting accessories M DGE UMTS GPRS EDGE UMTS HSPA router 2Eth RS232 2DI 2DO...

Page 183: ...freight If circumstances do not permit the equipment to be returned to RACOM then the customer is liable and agrees to reim burse RACOM for expenses incurred by RACOM during servicing the equipment on site When equipment does not qualify for servicing under warranty RACOM shall charge the customer and be reimbursed for costs incurred for parts and labour at prevailing rates This warranty agreement...

Page 184: ...l System for Mobile communications GUI Graphical User Interface HSCSD High Speed Circuit Switched Data HSDPA High Speed Downlink Packet Access HSUPA High Speed Uplink Packet Access HTML Hypertext Markup Language HW Hardware IP Internet Protocol IPsec Internet Protocol Security ISDN Integrated Services Digital Network ISP Internet Service Provider LAN Local Area Network NAPT Network Address Port Tr...

Page 185: ... TCP Transmission Control Protocol TFTP Trivial File Transfer Protocol UDP User Datagram Protocol UMTS Universal Mobile Telecommunications System URL Universal Resource Locator VPN Virtual Private Network WEEE Waste Electrical and Electronic Equipment environmental directives 185 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Glossary ...

Page 186: ...E e mail 115 ethernet 35 event manager 116 F F bracket 25 factory reset 146 features 19 key features 7 file configuration 144 firewall 85 G glossary 184 H home 29 I implementation notes 11 indication LEDs 18 installation 28 interfaces 30 IPsec 94 K keys 152 L LAN cable 26 LED 18 legal notice 158 licensing 157 logout 159 M menu firewall 85 home 29 interfaces 30 logout 159 routing 71 services 102 sy...

Page 187: ... services 102 SIM 40 SIM card 26 SMS 119 SNMP agent 123 software update 142 specification 19 standards 8 start 6 system 137 bootloader 138 leds 138 restart 140 settings 137 syslog 137 T technical specification 19 terminalserver 131 time region 138 troubleshooting 147 174 U update 142 USB 45 V Virtualization 139 voicegateway 134 VPN 90 W WAN 30 web configuration 29 187 RACOM s r o M DGE2 GPRS UMTS ...

Page 188: ...188 ...

Page 189: ...Appendix B Revision History 2018 10 01 Revision 1 0 1st version 2018 12 04 Revision 1 1 update fw 4 2 x x 2019 10 06 Revision 1 2 GNSS 189 RACOM s r o M DGE2 GPRS UMTS HSPA LTE router Revision History ...

Search results

Summary of Contents for M!DGE2

Reviews:

Related manuals for M!DGE2

Brands by name

Popular brands

RACOM M!DGE2, User Manual

Search results

Summary of Contents for M!DGE2

Reviews:

Related manuals for M!DGE2

Brands by name

Popular brands