manualshive.com logo in svg

Sierra Wireless oMG series, Operation And Configuration Manual, Page: 86 / 101

Share
Download
Sierra Wireless oMG series Operation And Configuration Manual Download Page 86

Operation and Configuration Guide 3.14

86

4118618

Local Subnets

: lists the LAN segments configured on the unit - just select 

the ones to use for the VPN. Note: this field will auto update the names if they 
have been updated on the LAN configuration page.

·

Gateway Virtual IP

: if Local Termination is set to network, this field must 

be set to the IP address that the oMG has on one of the LAN segments 
selected on the VPN (defined on the LAN Segments configuration page). 
If Local Termination is set to host, this field must be set to the gateway 
virtual IP address (i.e. not an IP address on the LAN segment, but a host 
address to use for that VPN). 

Note: This field is not used for IKEv1.

Internet Key Exchange

:

·

IKE Transform

: set to the desired IKE transform.

·

MOBIKE

: set this field to enabled only when using an ACM (other appli-

ances don't support MOBIKE). This is compatible only with IKEv2 and 
allows the IP addresses associated with IKEv2 and the SA (security 
association) to be changed without tearing down and re-establishing the 
VPN connection. This end result is a fast switch of the VPN that has 
minimal impact to end user data.

·

Dead Peer Detection

: during idle periods, an "R_U_THERE" packet is 

sent every delay period. If an "R_U_THERE_ACK" packet has not been 
received within the timeout period, the peer will be declared dead. When 
Dead Peer Detection is enabled, the Delay and Timeout time can be set. 
The default values are 10 and 30 seconds respectively. Note that interop-
erable DPD is not completely reliable. A VPN link monitor is recom-
mended to ensure reliable failure detection and recovery. Note: set to 
disabled if MOBIKE is enabled.

Delay

: Set to 10.

Timeout

: Set to 30.

·

IKE Lifetime (min)

: Set to 60. The lifetime for the IKE SA (security 

association). Once the lifetime has been reached a new SA will be 
negotiated. Either end may initiate the negotiation; both sides need not 
agree.

·

Reauthenticate on IKE ReKey

: This field specifies if re authentication 

should be performed when re-keying IKE SA (security association). This 
parameter is only meaningful for IKEv2.

IPSec

:

·

ESP Transform

: Set to the desired ESP transform. Note: this value and 

the IKE Transform must be configured the same on the ACM.

·

IP Compression

: enable this field to use packet compression. Note: this 

field must be set to disabled if the VPN server doesn't support 
compression.

·

Force UDP Encapsulation

: Set to enabled (default). Sierra Wireless 

recommends this field be enabled. When the VPN server is behind a 
firewall, firewall configuration is simplified as the firewall only has to allow 
ports 500 (IKE) and 4500 (UDP-encapsulated ESP) when UDP encapsu-
lation is employed. 

Summary of Contents for oMG series

Page 1: ...oMG Operation and Configuration Guide 3 14 4118618 Rev 4...

Page 2: ...In aircraft the Sierra Wireless modem MUST BE POWERED OFF When operating the Sierra Wireless modem can transmit signals that could interfere with various onboard systems Note Some airlines may permit...

Page 3: ...chnical support including warranty and returns Web sierrawireless com company contact us Global toll free number 1 877 687 7795 6 00 am to 6 00 pm PST Corporate and product information Web sierrawirel...

Page 4: ...AN Link Configuration 14 5 1 1 Cellular WAN Link Configuration 15 5 1 2 WiFi WAN Link Configuration 16 5 1 3 Ethernet WAN Link Configuration 16 5 1 4 Serial WAN Link Configuration 17 5 2 Defining an A...

Page 5: ...l Settings 36 6 4 2 Deleting a LAN Network Rules 37 6 5 Attaching a Network Printer 37 6 6 Setting up Virtual LANs 38 7 How to Configure a VPN 39 7 1 Detecting Dead VPN Connections 40 7 2 Multi VPN Su...

Page 6: ...57 12 Applications 58 13 Updating the System 59 13 1 Configuring Auto Software Updates 59 13 2 Over the Air Updates 61 14 Troubleshooting 62 14 1 Viewing Advanced System Event Information 62 A Configu...

Page 7: ...6 2 LAN Segment Settings 83 A 6 3 VLAN Settings 84 A 6 4 LAN Ethernet 802 1x Settings 84 A 7 LAN Throughput Settings 84 A 8 WAN Recovery Settings 85 A 9 VPN Configuration Settings 85 A 10 Bluetooth Su...

Page 8: ...tends the utility and convenience of LAN networking to devices and applications in vehicles The oMG interfaces with the AMM Sierra Wireless mobile network management system Figure 1 1 The back panel o...

Page 9: ...prior to shipping If a network card must be installed please read the oMG Installation and Configuration Guide for your model of oMG 1 4 Related Publications Table 1 1 Related Publications Title and P...

Page 10: ...ge 99 3 Test the unit connect a test device such as a PC equipped with Ethernet or WiFi to the oMG LAN An oMG with factory default settings will provide an unsecured WiFi access point AP broadcasting...

Page 11: ...e Configuration of the unit is best performed using a web browser running on a Windows 7 or Windows XP PC As of version 3 8 the oMG supports Internet Explorer 9 Other devices and other browsers may wo...

Page 12: ...Settings The oMG includes an Easy Access page which allows users on all devices connected to the unit to view the unit s operational status without having to log into the unit To view the Easy Access...

Page 13: ...alled field is checked for each Ethernet port listed Optional if Ethernet is to be used for LAN devices ensure that the Use field has been set to LAN for at least one of the ports Optional if Ethernet...

Page 14: ...mmonly used for providing connectivity to devices on the oMG s LAN Multiple devices can also be configured to provide redundant WAN access should one connection go down Note The oMG does not support U...

Page 15: ...r typical settings can include a dial string user ID password and modem initialization The screenshot below shows the cellular configuration settings for a Sierra Wireless Aircard Figure 5 2 Common Ce...

Page 16: ...onfiguration Additional details on these settings are available in WiFi Link Configuration Settings on page 71 Once a WiFi WAN link has been configured it must then be assigned to an AP profile which...

Page 17: ...ernet WAN Configuration Settings For information about Ethernet WAN configuration settings see Ethernet Link Configuration Settings on page 72 5 1 4 Serial WAN Link Configuration A serial modem can be...

Page 18: ...al AP and the credentials i e access security etc required to connect to that AP from the oMG The settings for a profile must therefore match those defined at the actual WiFi AP itself To define an AP...

Page 19: ...ion failures occurring on a healthy connection between a WAN link and a LAN segment e g server timeouts due to a server being rebooted A monitor accomplishes detection and recovery by periodically che...

Page 20: ...ect a dead connection ensuring that the correct LAN segment is selected for the Source Address field See WAN Monitor Settings on page 76 for information on specific settings 4 Click Save to save the m...

Page 21: ...the assigned access point profile ii Navigate to WAN WiFi Networks locate the AP and click Configure iii Select the monitor under network settings Figure 5 8 Assigning the Monitor to the WiFi Access P...

Page 22: ...stability Selection is based on a scoring system where penalties for issues e g a link being down reduce a link s score Each link is evaluated based on its score and the link with the highest score is...

Page 23: ...ving past a depot s WiFi hostspot Note These settings are not available on cellular devices By default both are set to 15 seconds and will prevent a WiFi link s status from changing from down to up an...

Page 24: ...n some condition is not being met e g a link has not been able to establish a connection for some time The other value that can be defined is the Recovery Period which specifies the amount of time tha...

Page 25: ...example with WiFi and two Cellular links Note This graph is intended to provide a basic introduction to how policies use scoring to switch between links In practice other factors such as a WiFi device...

Page 26: ...regions where part of each overlaps the other The coverage in Region 1 is known to best for Mobile Network Operator 1 C1 and the coverage in Region 2 is known to be best for Mobile Network Operator 2...

Page 27: ...Geographic Region Policy on page 64 for a summary of this policy s settings 5 4 4 Time Period Policy Overview The Time Period Policy promotes one link over others when operating within a defined time...

Page 28: ...tive A key aspect in tuning this policy is to define an appropriate speed threshold such that the switch from WiFi to cellular happens before WiFi connectively is lost This will provide a seamless swi...

Page 29: ...p to ensure that the preferred link is utilized the most as signal strengths between devices fluctuate If devices from different Mobile Network Operators are equally preferable the signal strength in...

Page 30: ...nd Velocity Policy Combination The following can be observed on this timeline WiFi starts with a higher score of 1200 cellular with 1000 The vehicle is stationary with no speed At 6 minutes the WiFi c...

Page 31: ...tworking Rules on page 65 for more information about the specific configuration fields for each rule type Note Both Access Blocking and Access Granting rules may be created to implement very specific...

Page 32: ...ngs on page 85 for detailed information on these settings Enabling WAN Link Recovery will restart the entire unit and force the oMG to boot up again if WAN connectivity is lost The Remote Configuratio...

Page 33: ...deployed using the following steps The careful and deliberate configuration of LAN access will help to ensure a more secure system Note To add or remove LAN devices see Preparing the Network Interface...

Page 34: ...nfigured with additional BSSIDs maximum of three LAN segmentation and the process of adding LAN segments is used for advanced networking scenarios when LAN traffic from different devices must not be p...

Page 35: ...nt must have a different scope i e IP address range from the other segments A warning will be provided if an attempt is made to cross segment scopes as shown in Figure 6 6 Figure 6 6 Warning for a seg...

Page 36: ...ent to modify and click Configure in the Actions column See LAN Segment Settings on page 83 for details on each setting 3 To enable DHCP set the Enable DHCP Server field to enabled and assign the DHCP...

Page 37: ...if the printer will use a static IP address or will obtain one through DHCP from the oMG and click Save See Configuring LAN Segments on page 34 for information on configuring and assigning LAN segmen...

Page 38: ...LANs A VLAN can be used when devices inside the vehicle require VLAN tagging for their operation or the vehicle LAN has a switch with VLAN tagging enabled If a vehicle has VLANs configured or four Eth...

Page 39: ...all of the following information oMG LAN IP Subnetwork LAN Mask LAN IP Address Security components such as pre shared key certificates etc Note Using pre shared keys PSK for authentication on some VP...

Page 40: ...a VPN service is down For IKEv2 it is recommended that MOBIKE be enabled if multiple WAN links are available which will automatically switch links when one goes down MOBIKE has been tested by Sierra...

Page 41: ...e VPN tunnels per WAN link With this feature one or more VPN policies can be applied to one or more WAN links in the LCI Figure 7 2 Selecting Multiple WAN Links The VPNs assigned to a WAN link can als...

Page 42: ...N link WiFi Network has two or more VPNs any of these VPNs cannot have both a local and remote subnet overlapping at the same time Distinct ping monitors can be assigned to each VPN tunnel The oMG s L...

Page 43: ...e domains to be resolved by the indicated internal DNS servers For example filename private zone conf zone customer local IN type forward forward only forwarders 10 5 1 1 10 6 1 1 zone customer intern...

Page 44: ...B e g an antenna connection or through Ethernet using the UDP protocol The unit comes pre configured to use the built in GPS device by default The GPS data can also be forwarded to additional servers...

Page 45: ...n be used to configure or change GPS settings See GPS Configuration Settings on page 89 for detailed information on each field 1 Navigate to the GPS tab 2 Select Enable 3 In the GPS Sources section se...

Page 46: ...Serial Allows data to be sent to a device connected to the oMG s serial port The oMG s serial port settings must match those of the receiving system Note that Serial forwarding requires that the Seria...

Page 47: ...Balanced option to enabled 4 Specify a weight 5 Click Save to save the WAN link configuration 6 Repeat these steps on at least one other WAN link Note Load balancing is accomplished by randomly assig...

Page 48: ...t QoS Prioritizing in the rule dropdown and click Add New Networking Rule 3 Enter a descriptive name for the rule in the Rule Name field 4 Configure the fields and click Save See QoS Priority on page...

Page 49: ...d but only if the Minimum Report Interval time has elapsed If the threshold hold has not been reached it will be sent when the Maximum Report Interval elapses For more information on these fields see...

Page 50: ...g on This is used to delay powering on the unit until after a certain amount of time has elapsed after turning on the ignition 4 Click Save to save the startup configuration settings See Startup on pa...

Page 51: ...adings are subject to cable length and will always be slightly lower than the voltage measured at the source 3 Click Save to save the shutdown configuration When a shut down occurs due to a high low v...

Page 52: ...ber etc can be obtained by navigating to the General General tab which displays the following Figure 11 1 General Status Information 11 2 Obtaining Network Status Network status information such as th...

Page 53: ...ion purposes can be configured from the Security Users tab Figure 11 3 User Configuration Screen To Add a New Administrator 1 Navigate to Security Users 2 Enter the name of the new user in the User Na...

Page 54: ...sword is used password entry may be required when accessing the unit through an AMM Consult with Sierra Wireless Technical Support before changing the password to ensure that Sierra Wireless can conti...

Page 55: ...ckup restore 2 Click on Backup beside Backup configuration and save the file in an appro priate location To restore a configuration from a previous backup 1 Navigate to General Backup restore 2 Click...

Page 56: ...under Results Figure 11 6 Tool example executing the ping command against a known website URL 11 8 Running Custom Scripts The General Advanced Routing Rules tab allows administrators to run custom sc...

Page 57: ...G and laptop and the following settings must be configured on the oMG via the LCI 1 Navigate to the Devices Serial tab and ensure that Use is set to Application 2 Navigate to the GPS tab and locate th...

Page 58: ...vehicle routing and two way messaging between a control center and an oMG equipped with a Garmin personal navigation device Each application requires configuration on both the oMG and the AMM Configu...

Page 59: ...link Patterns on page 99 13 1 Configuring Auto Software Updates The oMG can be configured to check for and download updates for its software its BIOS and for its on board MC7354 cellular module over a...

Page 60: ...the currently installed image and that specified on the SIM card the oMG will automatically install the appropriate image on next boot when a connection is available In other words Mobile Network Oper...

Page 61: ...greement Note that a customer must request upgrades from Sierra Wireless Technical Support before they are automatically published If an oMG has been configured to automatically check for updates the...

Page 62: ...iewing Advanced System Event Information 4 If the LCI page is not accessible ensure that the browser has the proxy server disabled If using Internet Explorer 7 add the LCI s URL as a trusted host Note...

Page 63: ...g files Logs are stored in a compressed file format to optimize memory usage The log file naming convention describes its function e g yyyy mm ddfirewall log records firewall activity Log files should...

Page 64: ...s Recovery Period the amount of time in seconds a link which has come online again must wait before it can become an active link This is used to help ensure that the link is stable If the link disconn...

Page 65: ...trength Policy Switches networks based on the signal strength of the WAN connection Signal Strength Threshold dBm the threshold of signal strength below which a penalty should be applied Penalty the a...

Page 66: ...estination IP Address Destination IP port range defined by the first and last port inclusively of the range Enter a rule name for identification purposes Fields that are left blank are treated as wild...

Page 67: ...IP address will be given priority based on the priority value specified in integers The lowest priority is 0 The higher the number the higher the priority Maximum Guaranteed Bandwidth Enter a rate and...

Page 68: ...which bear an address other than that of the cellular modem Masquerade Port Range Auto Manual manual is the default and should be used in most cases to avoid using defined or reserved ports Minimum M...

Page 69: ...work Operator APN specifies the Mobile Network Operator access point network for the E362 E371 AC340 AC341U MC7700 and MC7354 modules e g we01 vzwstatic for the Verizon Static IP network Typically thi...

Page 70: ...to prevent packets from being dropped on slower WAN connections This field should not be changed without assistance from Sierra Wireless Signal Strength Change Threshold dBm the threshold for sending...

Page 71: ...matic is selected the oMG will read factory param eters from the modem to best determine how to connect to the selected network Mobile Network Operator If a specific Mobile Network Operator is selecte...

Page 72: ...discussed below This is typically desirable in a depot situation This should be disabled in a metropolitan network where fast roaming is required Satisfactory Quality of Signal once an oMG has associ...

Page 73: ...n with internal DNS servers This requires DNS zones to be defined on the oMG see Configuring DNS Zones for Private DNS Server Use on page 43 for details Primary DNS specifies the IP address of the dom...

Page 74: ...d or reserved ports Minimum Maximum Port Number The range of ports to use for masquerade The default range is 49152 to 65535 The minimum value is 0 and the maximum is 65535 If the minimum is set below...

Page 75: ...within enterprise networks Use an enterprise specific monitor Monitor Mode defines the action that will occur on the link if the monitor fails or succeeds Success in one monitor keeps the link up defa...

Page 76: ...AN link configuration page for a WiFi which has been provisioned to be used on WAN SSID the Service Set Identifier of the WiFi network to which the oMG should connect Probe Hidden SSID allow disallow...

Page 77: ...ranslation Automatic DNS if selected the DNS servers provided by the network service provider via DHCP will be used to resolve host names This must be disabled if using a static IP address If Automati...

Page 78: ...ion an authentication protocol is chosen PEAP Version if enabled the version of the PEAP Protected Extensible Authentication Protocol that should be used PEAP Label If enabled specifies which type of...

Page 79: ...ecified here selecting Browse will allow uploading from a device connected to the LAN Private Key if the WiFi network administrator has supplied a private key for this network it can be specified here...

Page 80: ...e below SSID if Auto SSID is not enabled the string in this field will be used as the SSID The default value is the same as the value that would result from enabling Auto SSID Channel the WiFi channel...

Page 81: ...text editor and then emailed to Sierra Wireless Technical Support who will push the file to the oMG The for mat of the file must abide by the following Files must be in plain ASCII text Comment lines...

Page 82: ...Master Key WPA EAP Enable 802 1x specifies whether to enable 802 1x authenti cation for the access point Enable Cisco Legacy 802 1x Compatibility enable for systems that use lower case MAC addresses...

Page 83: ...maller network Enable DHCP Server when checked DHCP is enabled when unchecked DHCP is disabled DHCP Low Address the start of the IP address of the address pool used for DHCP DHCP High Address the end...

Page 84: ...enegotiate its connection credentials periodically and to avoid having to do a full re keying each time the oMG moves into the area served by a different authenticator EAP Re authentication Period whe...

Page 85: ...sult in losing WAN connectivity If the oMG has no WAN connectivity after the timer expires the oMG will revert to the original configuration A 9 VPN Configuration Settings Friendly Name enter a descri...

Page 86: ...If an R_U_THERE_ACK packet has not been received within the timeout period the peer will be declared dead When Dead Peer Detection is enabled the Delay and Timeout time can be set The default values...

Page 87: ...indicates when the current Auth ID and PSK become the active credentials in a rotating credential system The format of the date is yyyy mm dd hh mm Secondary Auth ID this field is used in conjunction...

Page 88: ...monitor as any other ensuring that the target IP address is reachable only via the IPsec VPN tunnel Unlike the WAN monitors where more than one can be combined ensure only one VPN monitor is selected...

Page 89: ...from the location calcu lation which appear within the specified mask above the horizon The range is 0 to 90 The default is 5 Dynamics Code refines filtering calculations based on the type of terrain...

Page 90: ...intervals faster than five seconds are not recommended The local consumer is defaulted to Port 9345 using TCP UDP and serial broadcast are disabled by default To receive data via the serial port i En...

Page 91: ...events Values must be 0 The default is 30 A 12 General Configuration Settings A 12 1 Startup AutoPower changes the start up behavior When enabled the oMG starts automatically when power is applied Oth...

Page 92: ...e oMG s CPU above which the oMG will not operate Button reset time the amount of time in seconds required to hold the external black RESET button to trigger a factory reset A 12 3 Tools ping sends an...

Page 93: ...IP address A 12 5 Auto Software Updates Options The following options control oMG firmware updates Enabled If selected every time the oMG establishes a connection it checks the AMM firmware repository...

Page 94: ...forms updates when the ignition is turned on Should the ignition be turned off during an update this option will override the Uptime Extension After Ignition Off shutdown option see Shutdown on page 9...

Page 95: ...gateway may require an additional 8 seconds to connect on boot Firmware Download Enabled enabled by default when enabled the oMG will automatically download an image package when the Mobile Network Op...

Page 96: ...RFC 2131 USB USB 2 0 x 2 Serial or Ethernet Configurable rear panel supports custom connector configurations Compatibility Operates with WiFi certified client devices Supports all major client operati...

Page 97: ...ged by network priority availability GPS location time of day GPS velocity Protocols Supported Transparent support for HTTP HTTPS SMTP POP IMAP FTP etc PPP RFC 2516 GPS Track vehicle locations on maps...

Page 98: ...ty and over voltage protection Locking power connector AC adapter optional Power Management System Auto power up on ignition sense Managed power down including programmable shut off delay Input voltag...

Page 99: ...e Ingress Protection IP54 Vibration Shock In accordance with SAE J1455 EMI EMC FCC Part 15 Reliability The oMG2000 has an MTBF Ground Fixed 40 C as follows 521 000 hours 59 47 years MTBF calculation i...

Page 100: ...settings are incorrect External Red Off Normal operation On for two seconds then off repeating Initial power connection made Two flashes per second The unit is shutting down due to a temperature or v...

Page 101: ...Rev 4 May 17 101 C C Supported USB To Serial Adaptors Table 3 1 Supported USB Adaptors Supported USB Ethernet Adaptors IO Gear IOGear GU232A Star Tech ICUUSB232...

Reviews:

No comments