ZIV SIP-2 User Manual Download Page 73

Page: 73 / 145

SIP-2

COMMUNICATION NODE TYPE SIP-2

73/145

USER GUIDE - Rev. 3 (January 2018)

5.12

VPN CONFIGURATION

This menu only appears when the SIP-2 equipment has the optional wireless WAN

interface.

As already mentioned in the

Tunnel

submenu of the

WAN

menu (section 5.5.2), the

tunnels are a method for establishing the opportune end-to-end links between equipment.

Unlike the GRE and IPIP tunnels, IPSec tunnels are characterised by being safe; this

means the information is transmitted so that its content cannot be accessed by others,

which is particularly important if the IP network upon which it is established is not controlled

by the user, or is not public.

To create an IPSec tunnel a security association must be established in each terminator:

Tunnel IP (origin) and Remote GW (destination).

An IPSec connection between two ends requires three steps:



Establishing an IKE Security association (IKE Policy).



Establishing an IPSec Security association (IPSec Association).



Sending protected data through the IPSec connection.

The parameters used in each of these steps are configured as independent blocks, thereby

permitting their use in more than one tunnel at the same time and reducing the need to

duplicate configuring information.

The DPD (Dead Peer Detection) function is a mechanism for supervising operativity in the

IPSec tunnels established.

Summary of Contents for SIP-2

Page 1: ...d Real 1 145 ZIV Antonio Machado 78 80 08840 Viladecans Barcelona Spain Tel 34 933 490 700 Fax 34 933 492 258 Mail to ziv zivautomation com www zivautomation com COMMUNICATION NODE TYPE SIP 2 USER GUIDE Rev 3 January 2018 ...

Page 2: ...ING OR CAUTION This symbol denotes a hazard Not following the indicated procedure operation or alike could mean total or partial breakdown of the equipment or even injury to the personnel handling it NOTE Information or important aspects to take into account in a procedure operation or alike ...

Page 3: ... 14 1 4 6 Certifications 14 1 4 7 Asynchronous serial data ports DCE characteristics 14 1 4 8 WAN interface characteristics 15 1 4 9 Mechanical characteristics 16 1 4 10 Operating conditions 16 1 5 WARNINGS 18 1 5 1 Warnings before installing 18 1 5 2 Equipment safety considerations 19 2 MECHANICAL AND ELECTRICAL CHARACTERISTICS 20 2 1 POWER SUPPLY 23 2 2 FAST ETHERNET PORTS Eth 0 Eth 1 24 2 3 RS ...

Page 4: ... CONFIGURATION 43 5 4 SERIAL PORT CONFIGURATION 44 5 5 WAN CONFIGURATION 46 5 5 1 cell0 submenu 46 5 5 2 Tunnel submenu 55 5 6 STATIC ROUTES CONFIGURATION 58 5 7 DNS SERVER CONFIGURATION 61 5 8 FILTERING CONFIGURATION 61 5 9 GW 104 101 CONFIGURATION 64 5 9 1 IEC 60870 5 104 configuration 64 5 9 2 IEC 60870 5 101 configuration 66 5 9 3 RTU configuration 67 5 10 NAT CONFIGURATION 70 5 11 DHCP SERVER...

Page 5: ...licy 93 5 16 4 Other 95 5 16 5 Transparent 96 5 17 CONFIGURATION OF THE SERIAL PORT AS ModemEmulator 96 5 18 REBOOT 99 5 19 CODE REFLASH 99 5 20 CONFIGURATION FILE 100 5 20 1 Upload from the computer to the equipment 100 5 20 2 Download from the equipment to the computer 101 6 STATISTICS 102 APPENDIX A BIBLIOGRAPHY AND ABBREVIATIONS 105 APPENDIX B DATA STRUCTURE IN CLI 110 ...

Page 6: ... HSPA or 4G LTE interface The cellular interface admits dual SIM operation It allows increasing the service availability since it provides access to more than one operator and the user configures how the equipment will manage the WAN connection and the operator in use The equipment can also have two digital inputs galvanically isolated which can be managed via SNMP Upon request it can also have tw...

Page 7: ...NICATION NODE TYPE SIP 2 7 145 USER GUIDE Rev 3 January 2018 FIGURE 2 Serial to IP encapsulation on wired interface FIGURE 3 Serial to IP encapsulation on GPRS network FIGURE 4 Remote connection between two SIP 2s ...

Page 8: ...o processing modes with the PAD function direct or with packets SIP 2 equipment has the necessary procedures to perform an intelligent encapsulation so as to process the data as higher level transmission units for a series of specific protocols of Telemetry and Telecontrol Thus the operations on the data are not limited to their mere transmission but possible errors are identified or the SIP 2 is ...

Page 9: ...en approaching the SIP 2 configuration by accessing the equipment HTML pages there is a description of the main operations that should be performed for the interconnection between physical ports COM and virtual ports TCP UDP It is advisable to perform the indicated operations in the order that they appear See chapter 5 for more detailed information about the configuration menus and their parameter...

Page 10: ... connections may have two behaviours active and passive Active means that the equipment will take the initiative as regards establishing the TCP connection On the contrary passive means that the equipment will await for external connection requests The behaviours are complementary between them The UDP connections do not need any prior establishment procedure it is just assumed that the receiver is...

Page 11: ...d The On Demand parameter is configured by default to establish the communication start permanently If the On Demand option is activated the duration of the connection will be established by the inactivity parameter which limits the connection to the activity periods 3 Establish the connections between the ports through their identifiers For this access the Connection submenu see section 5 16 2 fo...

Page 12: ... from a control center type 104 TCP IP in a transparent way The functionality is known as Gateway 104 101 and in this way the equipment offers two distinct behaviours acts as a remote 104 from the point of view of the control center and in turn acts as a control center 101 from the point of view of the remote terminal This functionality does not modify in any way the information units exchanged at...

Page 13: ... wire interface Depending on model female DB9 standard connector COM 2 for one RS 232 asynchronous serial data port DCE mode or 2 digital inputs and 2 digital outputs upon request galvanically isolated which can be managed via SNMP 1 service console DCE mode with female RJ 45 connector COM 0 Depending on model female DB9 standard connector for the console Then the equipment is not provided with th...

Page 14: ...hernet cables Serial cables Antenna cables Antennas Screws and fixing accessories for wall mount and or DIN rail installation 1 4 6 Certifications CE Designed for Electrical Substations Designed for industrial applications 1 4 7 Asynchronous serial data ports DCE characteristics Data bits 5 6 7 or 8 Stop bits 1 or 2 Parity odd even or none Speed 600 bit s to 115200 bit s Flow control none hardware...

Page 15: ...00 Class E2 0 4 W 26 dBm for EDGE 1800 1900 Quad band GPRS and EDGE class 33 Tri band UMTS HSPA 850 900 2100 MHz Class 3 0 25 W 24dBm for UMTS HSPA data up to 7 2 Mbit s downlink and 5 76 Mbit s uplink LTE 4G LTE 800 1800 2600 MHz Class 3 0 2 W 23dBm for LTE LTE data up to 100 Mbit s downlink and 50 Mbit s uplink UMTS HSPA 900 2100 MHz Class 3 0 25 W 24dBm for UMTS HSPA data up to 42 Mbit s downli...

Page 16: ...accordance with IEC 721 3 3 class 3K5 climatogram 3K5 R F emissions in accordance with EN 55022 standard Dielectric strength in accordance with EN 60255 5 standard Electromagnetic compatibility Electrostatic discharge immunity test in accordance with EN 61000 4 2 standard Radiated radio frequency electromagnetic field immunity test in accordance with EN 61000 4 3 standard Electrical fast transient...

Page 17: ... with EN 61000 4 16 standard Ripple on d c input power port immunity test in accordance with EN 61000 4 17 standard Voltage dips short interruptions and voltage variations on d c input power port immunity tests in accordance with EN 61000 4 29 standard Mechanical operating conditions Vibration in accordance with EN 60870 2 2 standard Shock in accordance with EN 60870 2 2 standard ...

Page 18: ...ll use these devices and the Safety standards EN 50110 2 In order to install and handle the SIP 2 the following points must be complied with Only qualified personnel appointed by the electricity company that owns the installation should carry out the installation and handling of the SIP 2 The environment in which it is to operate should be suitable for the SIP 2 fulfilling all the conditions indic...

Page 19: ...ird parties caused by the non fulfilment of point 1 1 The terminal contains components sensitive to static electricity the following must be observed when handling it Personnel appointed to carry out the installation and maintenance of the SIP 2 must be free of static electricity An anti static wristband and or heel connected to earth should be worn The room housing the SIP 2 must be free of eleme...

Page 20: ...diverse elements comprising the communication node type SIP 2 are supplied in a box ready for DIN rail mounting by means of optional accessory or wall mount FIGURE 5 show the general dimensions in mm of the SIP 2 FIGURE 5 General dimensions in mm of the SIP 2 NOTE Dimensions are identical for model of 1 Fast Ethernet port ...

Page 21: ...E Rev 3 January 2018 In FIGURE 6 can be seen in detail the position of the fixing holes for wall mounting FIGURE 7 shows the position of the slit for the placement of the DIN rail EN 50022 BS 5584 DIN 46277 3 fixing accessories FIGURE 6 Wall mount detail ...

Page 22: ...SIP 2 COMMUNICATION NODE TYPE SIP 2 22 145 USER GUIDE Rev 3 January 2018 FIGURE 7 Detail of the slit for fixing the DIN rail optional accessory ...

Page 23: ...grounding of the power supply complies with the EF floating class according to IEC 870 2 1 standard FIGURE 8 Location of the power supply connector Earth connection must be made before connecting any other power supply cable In DC supply voltage operation the equipment is protected against polarity inversion The earth terminal of the connector is connected to the equipment chassis Contact occurs i...

Page 24: ... interfaces The cable used to connect a 10 100Base Tx port should be an unshielded twisted 4 pair category five cable UTP 5 with 8 pin RJ 45 connectors The cable length should not be more than 100 m The UTP 5 cable is made up of eight copper wires that form the four twisted pairs covered in different coloured insulating material FIGURE 9 shows the colour of the wires that make up each one of the p...

Page 25: ... connector as well as the pair it belongs to according to ANSI TIA EIA 568 A standard in the 10 100Base Tx LAN interface FIGURE 10 Signals of the RJ 45 connector in the 10 100Base Tx LAN interface Straight through cables must be used see FIGURE 11 where the 4 pairs correspond at both ends of the cable FIGURE 11 Straight through cable ...

Page 26: ...lectrical characteristics of the connector are configured by software among the ones indicated in the technical characteristic see section 1 4 7 Asynchronous serial data ports DCE characteristics FIGURE 12 Location of the RS 232 RS 485 COM 1 port Pin RS 232 RJ 45 signal 1 DSR 2 DCD 3 DTR 4 GND 5 RD Out 6 TD In 7 CTS 8 RTS Pin RS 485 2 wire signal RS 485 4 wire signal 1 TX In 2 TX RX RX Out 7 TX RX...

Page 27: ... front plate This is a standard DB9 female connector DCE mode The connector has a protective cap The electrical characteristics of the connector are configured by software among the ones indicated in the technical characteristic see section 1 4 7 Asynchronous serial data ports DCE characteristics FIGURE 13 Location of the RS 232 COM 2 port Pin RS 232 DB9 signal 2 RD Out 3 TD In 5 GND 7 RTS 8 CTS ...

Page 28: ...nnector As is shown in FIGURE 13 the said inputs are arranged in the standard DB9 female connector on the front plate identified as DIGITAL INPUTS Its use is indicated below Pin Use 2 Input 1 3 Input 1 7 Input 2 8 Input 2 Upon request the equipment can have two digital inputs and two digital outputs In that case the use of contacts is the following Pin Use upon request 1 Input 1 2 Input 1 3 Input ...

Page 29: ...B is the top card and SIM A the bottom card Both SIMs CANNOT be activated simultaneously In the case of dual SIM operation one SIM acts as the primary one and the other as the secondary or back up one FIGURE 14 Detail of the SMA connector and of the slots for housing WAN interface SIM cards The inserting and removing procedure of the SIM cards is indicated in the following Before inserting a card ...

Page 30: ...SIP 2 COMMUNICATION NODE TYPE SIP 2 30 145 USER GUIDE Rev 3 January 2018 Inserting procedure of the SIM cards example with SIM B Removing procedure of the SIM cards example with SIM B ...

Page 31: ...d as COM 0 for accessing the equipment through a console This is a female RJ 45 connector see FIGURE 15 FIGURE 15 Location of the service connector COM 0 Pin RS 232 RJ 45 4 GND 5 RD Out 6 TD In COM 0 SERVICE PORT DCE mode Interface type ITU T V 24 V 28 EIA RS 232 Connector RJ 45 female Data Asynchronous Speed 115200 bit s Protocol CLI system console ...

Page 32: ...detail of the push button that loads the factory configuration in the equipment that is deletes any configuration that the user had set and or stored The touch is considered as whished when the push button is pressed for at least 3 seconds Any type of tool with 3 mm diameter must be used FIGURE 16 Initialization push button ...

Page 33: ...v 3 January 2018 3 LED SIGNALLING The SIP 2 has on the front plate two basic LEDs COM 0 and ON and several specific LEDs associated with the different interfaces The location and identification of the LEDs can be seen in FIGURE 17 FIGURE 17 LEDs of the SIP 2 ...

Page 34: ...emission or reception activity in the interface It lights up in green at 100 Mbit s and in amber at 10 Mbit s Link Act 1 LED Two coloured It stays on when the Eth 1 link is established correctly and flashes in the case of emission or reception activity in the interface It lights up in green at 100 Mbit s and in amber at 10 Mbit s LEDs associated with the RS 232 RS 485 port COM 1 RS232 RS485 LED Tw...

Page 35: ...n the COM 2 port LEDs associated with the WAN interface Net LED Green It stays on when the wireless interface has been registered in the operator network Session LED Amber It stays on when the operator session has been established for the wireless interface Cvrg LED Three coloured It stays on indicating the coverage level Green signal coverage is good Amber signal coverage is average Red insuffici...

Page 36: ...sible through the COM 0 connector service port a RJ 45 female connector in DCE mode that operates at 115200 bit s with 8 bit characters without parity and with a stop bit Access can also be obtained to the console remotely through a Telnet session Appendix B contains all the information required to use the CLI user console The appendix explains the access methods local and remote commands availabl...

Page 37: ...e network number and a different host number so the subnet mask must be the same for both The default gateway does not need to be configured If the SIP 2 equipment and the management computer belong to different LANs and the connection between them is via WAN their IP addresses may have a different network number but both must be connected to some device default gateway capable of interconnecting ...

Page 38: ...is to execute the Apply command which entails the immediate use of the changes made the second is to execute the Save command which means that the changes will be operative once the equipment is rebooted If accessing through the HTTP server after making the changes and before executing Apply or Save the Send button must be pushed to allow the equipment to obtain the new desired values If executing...

Page 39: ...SIP 2 COMMUNICATION NODE TYPE SIP 2 39 145 USER GUIDE Rev 3 January 2018 FIGURE 18 HTML page tree menu Standard version 104 101 Gateway version ...

Page 40: ...s the user identity In addition to the configuration parameters which will be described in the following sections as shown in the figure the system provides information about the equipment software that is to say version being executed and equipment hardware that is to say serial and tracking number The tree menu is permanently located on all the pages used by the HTTP server FIGURE 19 Main HTML p...

Page 41: ...t is used as a default value for the Client ID The identification parameters coincide with those assigned with the same name in the SNMP data 5 1 2 Access control Access control allows the user logins and associated passwords to be determined for the two pre established profiles guest and admin The guest profile can only access query operations On the contrary the admin profile has access to all t...

Page 42: ...ates whether the log data transmission on the service serial port is activated from the initial start up time Checkbox control selected or not The third parameter Enable periodic reset allows users to indicate whether they want to reboot the equipment automatically every so often This is established in days through the last parameter Periodic reset period 5 2 ADMINISTRATION The equipment has an in...

Page 43: ...switch Dual Ethernet box not selected or if they are independent interfaces Dual Ethernet box selected FIGURE 21 LAN configuration page Port configuration is then carried out through the eth0 and eth1 submenus Configuration data associated with eth1 interface affect the behaviour of the equipment only when the Dual Ethernet option is selected The screen related to each eth submenu of the LAN menu ...

Page 44: ...ain one if they have been previously added through the Add CommandButton 5 4 SERIAL PORT CONFIGURATION The Serial menu provides access to the equipment serial port configuration screen This port is configurable by software for RS 232 interface or RS 485 2 wire or 4 wire interface FIGURE 23 Serial port COM configuration page The screen related to the Serial menu has two well differentiated sections...

Page 45: ...col It establishes the protocol of the data to be encapsulated the possible values are the following raw without processing it is transparent to the information packed the data will be grouped in packets according to the related parameters being also transparent as regards the encapsulated information one of the identifiers of the telecontrol protocols being hold iec101_1 iec101 iec102_1 iec102 pi...

Page 46: ...e case of dual SIM functionality this permits users to determine which of the two available SIMs will act as the primary one SIMA or SIMB In this operating mode the SIM that is not selected is therefore the secondary or back up SIM It is also possible to establish an operating mode with alternation of the SIMs alternated each time the equipment is started up as well as an operating mode for random...

Page 47: ...SIP 2 COMMUNICATION NODE TYPE SIP 2 47 145 USER GUIDE Rev 3 January 2018 FIGURE 24 WAN interface configuration page ...

Page 48: ...ime in secondary minutes This parameter is associated with the dual SIM functionality It allows the time during which the equipment is connected to the secondary SIM to be limited After that time the equipment will again try to connect to the primary SIM The maximum time permitted is 1440 minutes Quality Sample Period sec This parameter defines the period of time that the equipment uses for sampli...

Page 49: ...lues to be applied and saved in the equipment DO NOT forget to execute the apply and save commands from the main menu tree Preferred network Only for the UMTS interface This allows the equipment behaviour to be specified in the case of a failure in UMTS HSDPA coverage When UMTS is selected the equipment will always try to connect to a UMTS HSDPA network This option therefore involves the disconnec...

Page 50: ...ality parameter for the GPRS 2G connection When the coverage level is below this value the equipment will not try to establish the operator session and will remain disconnected The default values are 113 dBm 0 no coverage and 51 dBm 100 coverage TABLE 2 relates the AT command for coverage measurement AT CSQ the value in dBm of said coverage and the level of coverage the equipment is receiving whic...

Page 51: ... only measure of quality o Coverage The system shall refer the measure Min Coverage with the corresponding configured value to evaluate the compliance of the required level o Signal_and_ecn0 The system will monitor both RSCP and EC n0 and for the quality criteria to be satisfied both measures must meet the corresponding thresholds simultaneously and for the entire evaluation period o Signal_or_ecn...

Page 52: ...6 3 7 101 dBm 7 3 8 99 dBm 8 4 11 97 dBm 9 5 14 95 dBm 10 6 15 93 dBm 1 11 11 21 91 dBm 2 12 17 29 89 dBm 2 13 23 35 87 dBm 3 14 29 43 85 dBm 3 15 35 49 83 dBm 4 16 41 57 81 dBm 5 17 47 66 79 dBm 5 18 53 74 77 dBm 6 19 59 85 75 dBm 6 20 65 99 73 dBm 7 21 71 100 71 dBm 8 22 77 100 69 dBm 8 23 83 100 67 dBm 9 24 90 100 65 dBm 10 25 92 100 63 dBm 10 26 94 100 61 dBm 10 27 96 100 59 dBm 10 28 97 100 5...

Page 53: ...amic DNS client execution Dyn Service Id Allows you to select one of the dynamic DNS service providers supported Login y Password Establishes the user name login and password password for accessing the service provider Host name Name of the equipment registered with the service provider i e the name of the equipment used to identify the SIP 2 via DNS Time interval seconds Time between accesses for...

Page 54: ...test fails the behaviour of the equipment is the one defined in the Action parameter The period model establishes by means of the two following parameters a test evaluation period and an admitted failure percentage within it Evaluation Period min When the Evaluation model parameter is configured as period this establishes a period between 1 and 6000 within which a failure of the accessibility test...

Page 55: ...28 1 In case of failure the behaviour is Single and in this case if there is no response to the Ping Test the equipment will be rebooted To prevent Ping Test failures occurring due to the simultaneous reception of traffic the equipment will check the activity through the WAN interface for 30 seconds prior to executing the Ping Test If the reception of traffic is detected the Ping Test function wil...

Page 56: ...e of the Tunnel ID parameter The address must be the host address but it admits the inclusion of the associated net mask and also its configuration in an indirect form through the equipment device identifier in which case the IP address configured in this interface is assigned with a host mask Tunnel Source This establishes the local interface through which the tunnel traffic will be routed In the...

Page 57: ...ameters referred to above to be identified with specific values The GRE tunnel is established between Routers A and B connected through an IPv4 network the connection could well be the Internet Routers A and B route the traffic between the equipment belonging to Group 1 and Group 2 as if both routers were directly connected to each other since they both have an IP address in the same segment 10 1 ...

Page 58: ...UTES CONFIGURATION The Statics Routes option of the Routing menu provides access to the configuration screen through which the user can provide the system with the static and permanent data for the routing service The screen has two well differentiated sections Explicit static routes are configured in the Static Routes section The address acting as a route by default in the case that the service h...

Page 59: ...s allows an additional filter to be established in the remote IP address for determining the selection of the next jump The condition is established based on a specific service tcp udp icmp After the service the port number 1 65535 must be indicated separated by two points The default value is any that is to say the route applies for all types of traffic only the IP destination is taken into accou...

Page 60: ...se destination does not coincide with any known route Dest I F Destination interface This permits the specification of the interface through which traffic routed to the router indicated in the previous field will be sent Metric This permits a value to be established originating from among the default different routes that could be created A higher metric means a lower priority If the wireless inte...

Page 61: ...e selected For proper operation of this service the DHCP client must NOT be configured FIGURE 30 DNS server configuration page 5 8 FILTERING CONFIGURATION The Filtering menu permits firewall functionalities defining which traffic is allowed and which traffic is rejected and the application of additional conditions to the traffic processed through the routing function The menu parameters are divide...

Page 62: ...s makes sense Destination This allows the IP source of the traffic to be specified i e to a specific IP address or from any IP address any The default value is any The specification of a particular IP address requires the values to be entered in the IP address format Example Subnet 192 168 50 0 255 255 255 0 or 192 168 50 0 24 or Host 192 168 50 5 255 255 255 255 or 192 168 50 5 32 or 192 168 50 5...

Page 63: ...p when the packet is ruled out the appropriate ICMP message is sent to the source address of the packet Description This permits a description of up to 15 alphanumerical characters to be specified Default Policy This allows the behaviour of the equipment filtering to be determined as regards not being included in any specific rule of the respective section Example A filtering policy is to be estab...

Page 64: ...r that operates with IEC 60870 5 104 The GW 104 101 menu contains three submenus IEC 60870 5 104 IEC 60870 5 101 and RTU which are described below 5 9 1 IEC 60870 5 104 configuration This submenu allows the operating parameters of the APCI layer according to the IEC 60870 5 104 standard to be configured and the parameters used in the format of the ASDUs FIGURE 33 IEC 60870 5 104 submenu of GW 104 ...

Page 65: ...her through an information message on the contrary direction or by a control message for this purpose The standard establishes that it is imperative that the value of the parameter t2 be lower than the parameter t1 The possible values and resolution are identical to those of t1 parameter Parameter t3 The t3 parameter sets the period of inactivity on an established APCI connection which involves th...

Page 66: ...remotes to be manageable by a control center IOA size It establishes the length of the field IOA Information Object Address in number of octets The possible values are 1 2 or 3 5 9 2 IEC 60870 5 101 configuration This submenu allows the typology of the telecontrol remote connection to the SIP 2 equipment to be configured and the mechanism used for display and error recovery on the IEC 60870 5 2 li...

Page 67: ... idle times for eliminating messages 5 9 3 RTU configuration This submenu allows the identity parameters of the telecontrol remote CA to be configured and the operating parameters of the IEC 60870 5 2 link FIGURE 35 RTU submenu of GW 104 101 menu The configuration parameters are described below BALANCED RTUs It establishes the equipment physical port number Port 1 for port COM1 Common Address Size...

Page 68: ...and already confirmed to the remote and that have not yet been transmitted to the control center or if they have been transmitted the confirmation from the control center has not yet been received ASDU Queue Time hours It establishes the persistence time of messages in the queue of the GW 104 101 from the moment there is no connection with a control center When the configured time is elapsed the s...

Page 69: ...ores the received ASDU from the telecontrol remote and already confirmed to the remote and that have not yet been transmitted to the control center or if they have been transmitted the confirmation from the control center has not yet been received ASDU Queue Time hours It establishes the persistence time of messages in the queue of the GW 104 101 from the moment there is no connection with a contr...

Page 70: ...the presence of this default rule since the services have a specific order of execution If not using NAT you should eliminate this default rule FIGURE 36 NAT configuration page The configuration parameters are Origin This establishes a range of IP addresses It admits the value any in the case that the origin IP address is not relevant Destination This establishes a range of IP addresses It admits ...

Page 71: ...2 has a built in DHCP server which allows IP addresses to be assigned automatically to the equipment requesting this The configuration parameters are Enable DHCP server This allows the DHCP service to be activated The DHCP server is operative when the option is selected First IP Addr Allows the first IP address of the IP addresses pool managed by the DHCP Server to be specified Last IP Addr Allows...

Page 72: ...WINS server This allows the IP address of the WINS server to be established which will be notified to the DHCP client WINS is a names resolution system owned by Microsoft for equipment executing the Windows operating system DNS Domain Name This establishes the DNS domain to be used by the client for creating its full DNS name Boot TFTP Server This establishes the IP address of the TFTP server that...

Page 73: ... network upon which it is established is not controlled by the user or is not public To create an IPSec tunnel a security association must be established in each terminator Tunnel IP origin and Remote GW destination An IPSec connection between two ends requires three steps Establishing an IKE Security association IKE Policy Establishing an IPSec Security association IPSec Association Sending prote...

Page 74: ...original IP address level The any value is accepted as well as IP network addresses through the IP Mask format Remote GW IP address of the terminator remote equipment in the IPSec tunnel Remote Network The range of IP addresses that can be reached at the remote end of the tunnel It is equivalent to a static route in the sense that all data coinciding with the specified range will be sent through t...

Page 75: ...s are crossed The options are off when the user does not want it to be enabled or it will not be accepted if proposed by the remote end which is also the default value On means that the option will be used when detecting the presence of NAT services between both ends and force entails its use regardless of whether or not the presence of NAT services is detected DPD Delay This parameter sets the ti...

Page 76: ...or exchanging codes The mode must be the same at both ends for the exchange to be successful The options are main aggressive and base Cipher alg Cipher alg This determines the cipher algorithm to be used for exchanging codes The available algorithms are DES 3DES and AES Hash Alg This determines the hash algorithm used for authentication during the code exchange The available options are MD5 Messag...

Page 77: ...orithms are DES 3DES and AES Hash alg This determines the hash algorithm used for authentication The available options are MD5 Message Digest 5 and SHA1 Secure Hash Algorithm A third option exists non auth which means the authentication is not included The authentication and ciphering options can be combined in different modes If the AH protocol is selected only the hash algorithm choice will be t...

Page 78: ...GURATION The equipment has an SNMP agent with the capacity to generate spontaneous messages to control equipment based on that protocol The agent admits the emitting of messages based on the SNMPv1 1 SNMPv2c 2 and SNMPv3 protocol and the selection of the type of message trap and inform Changes made to the SNMP agent configuration will only be active after RESETTING the equipment The Apply command ...

Page 79: ...auth or authentication and encryption priv In case of authentication transmission auth it is necessary to select the type of algorithm Auth Alg MD5 or SHA and establish the authentication password Auth Password The password establishes the word to be used to generate the authentication information The authentication word must be known by the receiver in order to be able to verify the authenticity ...

Page 80: ...addressee The transmission of the messages in a confirmed inform way is only accepted for the v2c and v3 versions of the protocol Trap v1 agent address This establishes the IP address the agent will communicate as being its own when sending spontaneous messages This parameter is only used to create the traps when using SNMPv1 Traps SNMPv3 Tabulate information allowing several destination equipment...

Page 81: ...ation FIGURE 40 NTP menu configuration page The usage parameters are Enable Enables disables the execution of the NTP client The client is operative when the option is selected Authentication keys Tabled information allowing the definition of different authentication codes to be used subsequently in communicating with the different NTP servers Server Tabled data that includes the NTP servers acces...

Page 82: ...a centralised and independent resource with respect to the equipment itself For this purpose the equipment has a TACACS client TACACS Terminal Access Controller Access Control System is a remote authentication protocol used to manage access to servers and communication devices it provides separate authentication authorisation and registration services The general configuration parameters are the f...

Page 83: ... consulting the configured tacacsplus servers Fallback to local access When this option is enabled if there is no accessibility to the configured TACACS servers users are permitted to validate themselves with local user names If the option is disabled and the TACACS servers are not accessible users will not be granted access Access through the console has this option permanently enabled for which ...

Page 84: ...packed with one of the telecontrol protocols being hold or with a policy defined by the user Some protocols have multiple identifiers which not only indicate the protocol itself but also the size of the link address when the standard requires it as a user option The protocols without multiple identifiers are the following pid1 dlms gestel sap20 twc dnp3 procome and iec103 The protocols with multip...

Page 85: ...es the maximum number of characters to be transmitted in a packet on the network FIGURE 42 Flow configuration page The configuration screen related to the Flow menu has three well differentiated sections which are described below The first one Physical Ports permits the serial port identification to be established and if the equipment is configured with the optional WAN interface to configure a se...

Page 86: ...oes not have direct access to the management service but to a determined port autocli parameter NOT activated it is still possible to access the cli management service by inserting the escape chain defined in this parameter If the cli management service is accessed through the escape sequence it is necessary to end the call and establish it again in order to recover the initial data flow Virtual P...

Page 87: ...ox the TCP connection is disabled and it will not be retried Passive TCP connections in passive mode It is a sequence identifier provided by the equipment itself Identifier It establishes a different and unequivocal name for each one of the TCP virtual ports TCP connections which will be awaiting connection requests from other equipment When being added all the connections have the name passivetcp...

Page 88: ... of TCP connection requests is enabled if the box is ticked When unchecking the box the TCP connection requests will be rejected RX UDP UDP ports that will accept data It is a sequence identifier provided by the equipment itself Identifier It establishes a different and unequivocal name for each one of the UDP virtual ports where the data packets will be accepted When added all the ports have the ...

Page 89: ...re data will be transmitted It is a sequence identifier provided by the equipment itself Identifier It establishes a different and unequivocal name for each one of the UDP virtual ports where the data packets will be transmitted When added all the ports have the name txudp0 configured by default and therefore it is essential to assign a specific name to each of them Port It establishes the destina...

Page 90: ...destination UDP port Remote Address Unicast or multicast IP address to be used for data transmission The 0 0 0 0 default value is not a valid IP address Protocol It establishes the protocol of the data to be encapsulated the possible values are indicated at the beginning of section 5 16 1 Usually the virtual ports operate in raw mode the corresponding physical port is configured with the desired p...

Page 91: ...ance in order to facilitate their origin if there are multiple spies Mode It establishes the representation format of the data available in the spy connection The acceptable values are raw original data format or hex hexadecimal representation Enable It establishes if the spy port is active or not The spy port is enabled if the box is ticked Example The figure shows an example of a spy port defini...

Page 92: ... It determines the second port included in this connection through its identifier It is essential to introduce the identifier name correctly in the two previous fields so that it is one of those established in the Physical ports and Virtual ports sections of the Flow menu configuration screen In order to avoid possible errors it is advisable to use the commands Ctrl C copy and Ctrl V paste instead...

Page 93: ...The Policy submenu of the Flow menu permits the creation of variants of some protocols which enhances the encapsulator functions see bibliography 4 The protocols that admit said variants are the following iec101 iec102 pid1 gestel and sap20 The additional functions implemented are designed for the use of the non balanced mode protocols so as to minimize the traffic between the encapsulation equipm...

Page 94: ...tion is regulated with the following parameters It is a sequence identifier provided by the equipment itself Identifier It establishes a different and unequivocal name for each one the policies When added all the policies have the name policy0 configured by default and therefore it is essential to assign a specific name to each of them Delay Control Mode The none option means that the Quick Check ...

Page 95: ...e these protocols admit two options as regards the size 5 16 4 Other The Other submenu of the Flow menu permits the activation of some additional facilities mainly focused towards the obtainment of information to facilitate the resolution of possible configuration errors or events The screen related to the Other submenu has three well differentiated sections which are described below FIGURE 47 Oth...

Page 96: ...ters are Passive Port Sets the passive TCP port on which the equipment accepts a connection to be relayed to another equipment in a transparent way Active IP Sets the IP address of the destination equipment to which the information of the passive TCP connection will be retransmitted Active Port Sets the TCP port used to set up the TCP connection to the destination equipment Description This permit...

Page 97: ...on mode but there should not be included in the actual command To consult the configured Dialling Table The table permits the translation of a clearly arbitrary numbering plan to IP address and ports ATD The serial port acts as a PPP server requesting the credentials user and password from the client equipment and providing an IP address to it The indicated parameters are established in the regist...

Page 98: ...m have the name emulator0 configured by default and therefore it is essential to assign a specific name to each of them User It establishes the admissible user when the equipment acts as a PPP server Password It establishes the password related to the PPP user from the previous field Authentication method It establishes the standard protocol used for the exchange of credentials with the external e...

Page 99: ...uipment admits the updating of applicative software by executing the Reflash command which is only available in the HTML pages and for the administrator profile The code reflash process does not alter the configuration data unless this is expressly indicated Nevertheless once terminated it entails a momentary loss of service due to the automatic rebooting of the equipment A binary images that is a...

Page 100: ...ked Once the equipment has received the file the system checks the file contents and verifies that the variables are valid and that the values assigned to them comply with the existing syntactic requirements If errors are detected in the received file irrespective of whether the Only verify option is selected or not the system automatically rejects all the information received and indicates the er...

Page 101: ...f desired the configuration can be applied by means of the Apply and Save commands or both 5 20 2 Download from the equipment to the computer With this option the user obtains a local copy of the operating configuration in txt format or xml format The procedure for downloading this file depends on both the http browser and the actions to perform with the received file for example where to store it...

Page 102: ...odemEmulator function the Ethernet LAN interface WAN interface the Routing rules DHCP server synchronization client NTP and port interconnection Flow each of which can be accessed by selecting the respective tag located under the heading Statistics Each statistical data table can be updated by pressing the Reload button without having to select the respective option again in the tree menu The stat...

Page 103: ...ION NODE TYPE SIP 2 103 145 USER GUIDE Rev 3 January 2018 FIGURE 51 Example of statistics related to ModemEmulator function FIGURE 52 Example of statistics related to LAN FIGURE 53 Example of statistics related to WAN ...

Page 104: ...GUIDE Rev 3 January 2018 FIGURE 54 Example of statistics related to Routing FIGURE 55 Example of statistics related to DHCP Server FIGURE 56 Example of statistics related to NTP FIGURE 57 Example of statistics related to the port interconnection Flow ...

Page 105: ...SIP 2 COMMUNICATION NODE TYPE SIP 2 105 145 USER GUIDE Rev 3 January 2018 APPENDIX A BIBLIOGRAPHY AND ABBREVIATIONS ...

Page 106: ...l SNMP 2 STD 62 IEEE RFC 3416 December 2002 Version 2 of the Protocol Operations for the Simple Network Management Protocol SNMP Obsoletes RFC 1905 3 IEEE RFC 1305 March 1992 Network Time Protocol Version 3 Specification Implementation and Analysis 4 Development specification of the terminals used for the creation of a point multipoint channel via GPRS_Rev 06 14 4 2008 of IBD reference GPF070302CV...

Page 107: ...ual Private Network DNS Domain Name Server DPD Dead Peer Detection DSCP Differentiated Services Code Point GPRS General Packet Radio Service GRE Generic Routing Encapsulation HTTP HyperText Transfer Protocol ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol IKE Internet Key Exchange IOA Information Object Address IP Internet Protocol IP Multicast Extension of the Inter...

Page 108: ...nt Protocol PPTP Point to Point Tunneling Protocol PSTN Public Switched Telephone Network QoS Quality of Service RADIUS Remote Authentication Dial In User Server RAS Registration Authentication and Status RSVP Reservation Protocol RTCP Real Time Control Protocol RTP Real Time Protocol SIM Subscriber Identity Module SMTP Simple Mail Transfer Protocol STP Spanning Tree Protocol TCP Transmission Cont...

Page 109: ...ry 2018 VLAN Virtual Local Area Network VPN Virtual Private Network VRID Virtual Router Identifier VRRP Virtual Router Redundancy Protocol WAN Wide Area Network WEP Wired Equivalent Privacy WINS Windows Internet Naming Service WPA Wi Fi Protected Access Client Support ...

Page 110: ...SIP 2 COMMUNICATION NODE TYPE SIP 2 110 145 USER GUIDE Rev 3 January 2018 APPENDIX B DATA STRUCTURE IN CLI ...

Page 111: ...where A name followed by indicates the name of a directory E g Main A name followed by indicates a parameter with a matrix structure as it contains several attributes E g nat A name with nothing after it is a parameter in itself E g Action The system makes a distinction between upper and lower case characters To browse through the directories the cd change directory command is used The data stored...

Page 112: ...in the case of obtaining undesirable results it is always possible to eliminate the Save command and reboot the equipment to recover the previous status even in the case that the changed activated lead to the user not being able to obtain access Users and their passwords are by default the same as in the web interface that is to say Login Password Guest profile guest passwd01 Admin profile admin p...

Page 113: ...uring a serial connection with the following characteristics Speed 115 200 bps Data bits 8 Parity No Stop bits 1 Flow control No In Windows XP execute HyperTerminal from Start All Programmes Accessories Communications HyperTerminal see FIGURE 58 FIGURE 58 Location of HyperTerminal in Windows XP On opening HyperTerminal a text box appears requesting the necessary information to establish the connec...

Page 114: ...d press return When at the prompt is displayed the sip password text enter the password and press return the user name and password are the same as in the web interface Remember that no text will appear in the HyperTerminal window when entering the password As operating systems like Microsoft Windows 7 no longer include the HyperTerminal program the Putty program free and executable is also consid...

Page 115: ...n the Serial menu last of all the serial port is configured Telnet access is carried out by configuring the port 23 SSH access is carried out by configuring the port 22 If an USB converter is used first consult the COM number in the Device administrator Control panel FIGURE 61 Device administrator window ...

Page 116: ...password are the same as in the web interface Remember that no text will appear in the Putty window when entering the password Remote mode access Remote mode access is obtained with the Telnet command and equipment IP address To use this access mode the equipment must have its IP address configured and be connected to the management computer network Telnet can be executed in Windows XP from the St...

Page 117: ...rminal can be used as the Telnet graphic interface To do this when configuring the connection select TCP IP Winsock in the Connect using drop down menu Telnet can also be run from the Putty program Simply type the IP address of the equipment in the main window and press Open Whatever the method chosen to establish connection with the equipment the sip login prompt will appear ready for the user to...

Page 118: ...Accept the Telnet client of Windows may be used FIGURE 65 Window of characteristics of Windows B 2 USER CONSOLE COMMANDS After starting the session with a valid login and password the prompt will change to equipment waiting for the user to enter a command The commands are instructions sent to the equipment to request or change a value or to browse through the tree in which the equipment parameters...

Page 119: ... equipment get Shows the parameter values help Shows the list of available commands Log Log all Shows the list of events ls Shows the lists of available parameters in the current directory ping Sends a ping to the indicated host quit Interrupts the connection with the equipment reboot Reboots the equipment reload Loads a previously saved configuration remove Eliminates an item from a matrix type p...

Page 120: ...formation in the log The events that are generated at the system level and sent to the log include an identification level The system supports 8 different levels separated into two blocks The first set corresponds to unwanted situations and the second block on information without affecting the functionality In the first block the values are emerg alert crit err and warning which represents a decre...

Page 121: ... is located or enter the relative route The new item created has the next order number with respect to the last one For instance if nat 1 and nat 2 already existed on executing the command add nat the item nat 3 is created Examples drn add nat drn wan add tunnel tunnel drn admin add nat apply This applies the configuration changes in the equipment but without saving them Syntax drn apply Arguments...

Page 122: ...r equipment with the same characteristics To apply the saved configuration in different equipment it must be of the same model and version and above all have the same firmware version installed since the factory configuration used to generate the commands list may be different in each one Example drn downdload get This show the current values of one or several equipment configuration parameters Sy...

Page 123: ...iminates an item from the matrix of a matrix type parameter Syntax drn remove name nº Arguments name Parameter from which the item is to be removed nº Optional Order number of the parameter item Observations To remove an item from the matrix of a matrix type parameter it is necessary to be in the respective directory or enter the relative route If the order number of the item to be removed is indi...

Page 124: ...and can be used irrespective of the directory where the user is Example drn restore save This saves the changes made in configuring the equipment in its permanent memory However these changes will not take effect until the equipment is rebooted Syntax drn save Arguments Observations This command can be used irrespective of the directory where the user is Example drn save ...

Page 125: ...nt must include the parameter name the item number and the attribute number Special attention should be paid when entering the arguments of this command as if no argument is indicated the system will request the new value of each of the parameters in the active directory and its subdirectories one by one Consequently if the set command is executed without an argument in the root directory the syst...

Page 126: ...ely above it two dots must be entered cd When the director is changed the prompt shows the equipment identification letters and the name of the active directory Example drn main Examples drn cd main drn main cd admin exit This closes the connection between the computer and the equipment and therefore the CLI programme session Syntax drn exit Arguments Observations Example drn exit quit This closes...

Page 127: ...t is required to reload the configuration saved in the equipment after the time it was saved Example drn reload telnet Open a telnet session keeping the connection established between the computer and the equipment open Syntax drn telnet Host Port Arguments Host Name of the destination host to which open a Telnet session Port optional Number of the destination port where to open a Telnet session O...

Page 128: ...atistics Syntax drn clear Arguments Observations Example drn clear date Shows the date and time recorded in the equipment Syntax drn date Arguments Observations Example drn date help Displays a list of all the available commands and a brief description of their functions Syntax drn help Arguments Observations Example drn help ...

Page 129: ...y for 100 records and if an important event occurs starting of sessions changes in configuration etc this is recorded in the equipment non volatile memory which also has capacity for 100 records Both the buffer and non volatile memory are of the circular type i e once the memory is full the oldest event is removed every time a new event occurs Operationally two logs are created which is permanent ...

Page 130: ...ed changed is in the active directory Syntax drn ls Arguments Observations Example drn ls ping This sends ICPM ECHO_REQUEST packets to a specific host Syntax drn ping host Arguments host Host name or destination IP address Observations When this command is executed the equipment starts to send pings to the indicated host until the user presses the Ctrl C keys Example drn ping 172 16 50 38 drn ping...

Page 131: ...Optional Name of the parameter whose status is to be consulted Observations Like the configuration parameters these are classified by categories in the form of a directories tree The normal use of this command is without arguments and from the root directory it shows all the equipment status parameters To show a parameter for a specific status or those of a specific directory the names of each one...

Page 132: ...equipment is a DRA 2 connected to a network and with an IP address configured which in the case of this example will be 111 222 0 123 In addition the computer used to make the connection is also connected to that network and the O S used is Windows XP To establish the connection through Telnet click on the Windows XP Start button and once the menu has appeared click on the command Execute In the w...

Page 133: ... information it makes no difference which login is entered admin or guest Enter guest and then press enter Now the system is waiting for us to enter the respective password Enter passwd01 which is the one associated with the guest user and press enter Remember that no text will appear in the Telnet window when entering the password If the login and password entered are correct the prompt drn will ...

Page 134: ...he system will only show the information at the start and it will be necessary to press enter once or several times for all the information to be shown You will know whether the system has finished showing all the information when the equipment prompt reappears drn It is important to save the information in a txt file using the download command so that it can be used whenever necessary 4 Method fo...

Page 135: ...d After releasing the left button press the enter key That way you will have copied the selected text into the Windows clipboard Now open Windows Notepad and paste the text Ctrl V in a txt file and save it 5 Obtaining the equipment status The get command shows the full status of the equipment Since the information shown is very lengthy every time a window is filled it will wait for the user to pre...

Page 136: ... save the information in a txt file using the method described in point 4 See list of example in point 9 6 Obtaining the equipment statistics The equipment statistics list is shown through the command stats Like the previous commands if the information to be displayed exceeds the edges of the window it will stop and wait for the user to press a key to continue Remember to save the information in a...

Page 137: ... non volatile memory due to their importance Remember to save the information in a txt file as indicated in point 4 8 Obtaining events taking place in the equipment in real time The log all command allows users to consult the events taking place in the equipment in real time The list of events will continuously be updated until the user presses the enter key Remember to save the information in a t...

Page 138: ...eriod 1 lan port port name enable vlan_function mode vid vid_acl 1 swt port on edge auto 1 auto 2 swt port on edge auto 1 auto 3 swt port on edge auto 1 auto 4 swt port on edge auto 1 auto 5 swt port on edge auto 1 auto 6 swt port on edge auto 1 auto 7 swt port on edge auto 1 auto 8 swt port on edge auto 1 auto vif vif static vid ip mask description 1 off 1 192 168 0 1 255 255 255 0 vlan_name stp ...

Page 139: ...pingkeep remoteip 0 0 0 0 remoteip2 0 0 0 0 freq 5 bytes 1 count 2 action none strict on tunnel tunnel tunnel iface description type ip source remote_gw remote_net enable 1 tun1 gre vlan1 vlan1 172 16 50 43 any on qos qos2 weightfair_enable on priority priority queue 0 medium 1 medium 2 medium 3 medium 4 medium 5 medium 6 medium 7 medium dscp dscp queue 0 medium 8 medium 16 medium 24 medium 32 med...

Page 140: ...00 255 25 5 255 0 192 168 0 1 profile vrrp enable off advert_int 1 if vlan1 vid 1 priority 100 vip 192 168 0 1 vmask 255 255 255 0 preempt on preempt_delay 0 auth_method none auth_passwd passwd02 pingkeep remoteip 0 0 0 0 gateway 0 0 0 0 freq 5 action none vpn traffic rules rules tunnel_id local_net remote_gw remote_net iskamp saname enable valid_in 1 ipsec1 172 16 50 0 255 255 255 0 77 211 25 76 ...

Page 141: ...uthenable authkey lowt raffic 1 192 168 0 1 unicast 5 10 off 1 off snmp enable off trapenable off trap_v1_aggent_addr none community community name access 1 public ro traps cell_linkup off cell_covlow off cell_covhigh off access tacacsplus server1_ip 0 0 0 0 server2_ip 0 0 0 0 encrypted on shared_key console method local web method local local on telnet method local local on security port port typ...

Page 142: ...alid certificate with the command upload cert raw The procedure for loading the certificate is the following Copy in the clipboard the certificate Then execute the indicated upload command and when it is in wait period paste the data from the clipboard Wait approximately 30s When the time is elapsed the data are shown 3 Load in privatekey a valid private key with the command upload privatekey raw ...

Page 143: ...the certificate has not been validated by a trusted authority Select Go to this web site not recommended Then the equipment access control requires the user login and password In the equipment with https operation the certificate the private key and the password of the last are part of the data obtained by means of the download command Therefore it is possible to add this information to the config...

Page 144: ...KgaJn0ZEGDqcoIMLj4 E3f 3QIDAQAB nA oGAOvDzYhVKhjodHlUzm3lbsZzAklKAKNorgn8kxbpYE RM8mkV9f Lb3jWhiEu nxy f7m7BmNMcex8bSRwduzrUnK66DW8jP3b2tsxJHLYU9UpN1XKDNBHGvgJ7Gis S nApu oZFYmh34uBl6SJkUdihCs4jM1ocQBQMHQ7mXe7Sk1sgECQQDgpSDx45vm8Yk nGoX4 UzcRIDoU47P3uHnnPTYUQMMqDta3K4bzualwcNOpU8bFtQbWfxjkThHthQBN nrUeER Ej9AkEA0S4ernXQGVJGm7b6JhJXFKkILVYo5vP0C3jx7ByRIMt4lkll4l7Q ntzNepK jlcmimzLWuHJAiyTBtvzfVcnU4...

Page 145: ...3LRxC1Mb6PI kNatYteCq5FJNjGunF8hDIQVc1x7O2ju2vmGOiyVfSz1eqiy Tx0dMYsgpBeY3K 8fb J1jmLPNzPhgMlzPK6VGNA70 QhfCG9l5xK1oWQ END CERTIFICATE Example of a valid private key BEGIN RSA PRIVATE KEY MIICWwIBAAKBgQC3j0h918P FU4ayovbXuzpq6Z0Vav01ignDrwtusdjRVn04bB6 f5qVcCMFyXaWotmN WU6HbnRpYR5ksffWUPlvFL1z7DxivBehYSdg7FRCkrj1ga8 fsOeosDIjmm3JBt3IyhOQxzEE5mM2hOhWKgaJn0ZEGDqcoIMLj4 E3f 3QIDAQAB AoGAOvDzYhVKhjodH...

Search results

Summary of Contents for SIP-2

Reviews:

Related manuals for SIP-2

Brands by name

Popular brands

ZIV SIP-2, User Manual

Search results

Summary of Contents for SIP-2

Reviews:

Related manuals for SIP-2

Brands by name

Popular brands