TDT C-Series Manual Download

Page: 1 / 136

Siemensstraße 18

84051 Essenbach

Tel:

+49 8703 929-00

Fax:

+49 8703 929-201

Web

www.tdt.de

E-Mail:

[email protected]

C1500

– Series

C1550

– Series

C2000

– Series

M3000

– Series

G5000

– Series

L3000

– L5000

DocID:

Manual C-, M-, G-, L-Series

Rev.:

8.54.0

– 01.03.2016 – SH

Summary of Contents for C-Series

Page 1: ...4051 Essenbach Tel 49 8703 929 00 Fax 49 8703 929 201 Web www tdt de E Mail support tdt de C1500 Series C1550 Series C2000 Series M3000 Series G5000 Series L3000 L5000 DocID Manual C M G L Series Rev 8 54 0 01 03 2016 SH ...

Page 2: ... accepts absolutely no responsibility for incorrect information We reserve the right to make changes to this documentation and the products described herein at any time with out prior notice Contact Our document department will be pleased to assist you should you experience problems with this document Copyright TDT GmbH Siemensstraße 18 84051 Essenbach Tel 49 8703 929 00 Fax 49 8703 929 201 Web ww...

Page 3: ... 1 3 1 1 2 C1500h 12 1 3 1 1 3 C1500hw 12 1 3 1 1 4 C1550 and C2000 13 1 3 1 2 Rear Side C Series 14 1 3 2 M3000 15 1 3 3 G5000 16 1 3 4 Serial number 16 1 4 Access Data 17 1 5 How to connect to the Router 18 1 5 1 Webinterface 18 1 5 2 Command Line Interface CLI 19 1 5 3 Serial Connection 19 2 Webinterface 22 3 Command Line Interface CLI 23 4 System Confuguration 24 4 1 Bootup and Shutdown 24 4 2...

Page 4: ... 4 8 System Time 33 4 9 Time Synchronisation 33 4 10 Webmin Configuration 34 4 10 1 IP Access Control 34 4 10 2 Port and Address 34 4 10 3 Logging 34 4 10 4 Language 35 4 10 5 Authentication 35 4 11 Webmin Users 36 5 Network Configuration 37 5 1 BIND DNS Server M3000 G5000 only 37 5 2 Certificate Management 37 5 2 1 Import PKCS 12 38 5 3 Connection Management 38 5 3 1 Connection Manager 38 5 3 1 1...

Page 5: ...argets 56 5 9 4 Linux Firewall Menu 56 5 9 5 Create a new rule 57 5 9 5 1 Chain and action details 57 5 9 5 2 Condition details 58 5 9 6 Example Setup IP Forwarding 60 5 10 Network Configuration 61 5 10 1 Network Interfaces 61 5 10 1 1 Bridge Settings 62 5 10 1 2 Tunnel Settings 62 5 10 2 Routing and Gateways 63 5 10 3 DNS Client 64 5 10 4 Host Addresses 64 5 11 OpenVPN 65 5 11 1 Add new server cl...

Page 6: ...First Out 77 5 14 1 2 4 PFIFO Packet First In First Out 77 5 14 1 2 5 DSMARK 77 5 14 1 2 6 HTB Hierarchical Token Bucket 78 5 14 1 2 7 PRIO Filter 78 5 14 1 2 8 PRIO Priomap 78 5 14 2 Incoming Interfaces 78 5 14 2 1 Interface parameters 78 5 14 3 Interface Statistics 78 5 15 SNMP 79 5 15 1 Access Control 79 5 15 2 Sysinfo Setup 79 5 15 3 Trap Control 80 5 15 3 1 SNMP Create New Trap Control 80 5 1...

Page 7: ...related settings 94 5 19 6 WPA WPA2 EAP settings 94 5 19 6 1 Radius Client Settings 94 5 19 6 2 Internal EAP Server Einstellungen 95 5 19 6 2 1 EAP User Einstellungen 95 5 19 7 MAC Address Filtering 95 5 20 WWAN 96 6 The Diagnose Menu 97 6 1 Connection Manager 97 6 2 Distribution Information 97 6 3 GSM Modem State 97 6 4 Load Balancer 97 6 4 1 Load Balancer Statistics 97 6 4 2 Load Balancer Connec...

Page 8: ... ntp 121 11 1 1 2 General Settings TDT CLI configuration general 122 11 1 2 Status menu TDT CLI status 122 11 1 2 1 Show menu TDT CLI status show 124 12 Hardware 125 12 1 C Series 125 12 1 1 Technical Data 125 12 1 1 1 C1500xx 125 12 1 1 2 C1550xxx 125 12 1 1 3 ELW Router C1550lw 126 12 1 2 Hardware Modules 126 12 1 3 DB9 RS232 PIN Allocation DTE V 24 127 12 2 M3000 127 12 2 1 Supportet UMTS GPRS ...

Page 9: ... 2 1 C Router with radio modem 133 13 2 1 1 GPS 134 13 2 1 1 1 Read GPS Data 134 13 2 1 1 2 Send GPS Data 135 13 2 2 C Router with WLAN module 135 13 3 Software 135 14 Link Overview 136 14 1 General Links 136 14 2 Important Informationen 136 14 3 Used Software 136 14 4 Further Links 136 ...

Page 10: ... hour until it has reached room temperature to prevent damage due to condensed water Due to transport plug in cards could have become loose Please check the proper condition of these cards before attempting to operate the unit 1 2 Package contents 1 2 1 C1500 C1500 C1500 or C1550 Power supply 12V DC 1 8 A with European plug CAT5 LAN cable Associated antennas depending on version Manual on USB Stic...

Page 11: ...for Factory Reset Manual on USB Stick 1 3 Unit description and Port Allocation 1 3 1 C1500 C1550 C2000 1 3 1 1 Front Side C Series The front of the C1500 includes three LED status indicators C1550 and C2000 are equipped with eight additional status LEDs Furthermore a reset button and a SIM slot are located on the routers front side Figure 1 Front side C1500 Figure 2 Front side C1550 Figure 3 Front...

Page 12: ...nd equipment the LEDs are preset LED Status Beschreibung Power off Unit is without power switched off on Operational mode low flashing Boot process fast flashing Remote access via SSH active 1 3 1 1 2 C1500h LED Wert Status Beschreibung L1 PPP3_UP_DOWN_DATA off PPP3 Link down on PPP3 Link up flashing data transfer on PPP3 RX TX L2 WWAN0_UP_DOWN_DATA equals radio connection off WWAN0 Link down on W...

Page 13: ...hing data transfer on WWAN0 RX TX Status 2 PPP2_UP_DOWN_DATA off PPP2 Link down on PPP2 Link up flashing data transfer on PPP2 RX TX Status 3 PPP3_UP_DOWN_DATA equals DSL off PPP3 Link down on PPP3 Link up flashing data transfer on PPP3 RX TX Status 4 ACTIVE_SIM_CARD off no SIM in use on SIM1 in use flashing SIM2 in use Status 5 GSM0_CONNECT_STATUS off no connection low flashing 2G connection GPRS...

Page 14: ... active ISDN Layer 1 connection B Rx Tx ISDN Status LED on B chanal connection established flashing ISDN data transfer WiFi AUX RP SMA socket for a second WLAN antenna used for N standard DSL RJ45 connector for the integrated DSL modem with status indicators Green flashing DSL synchronisation is running Green Orange on DSL sync is finnished Orange flashing DSL data transfer Serial 0 9 pole RS 232 ...

Page 15: ...0 is designed for a 19 Zoll Server Rack and takes the height of one rack unit On the front of the M3000 the following connectors and switches can be found from left to right Connector Description Power Pushbutton to swich on the Router LED Status indicator LEDs USB 2 USB 2 0 Ports for external Hardware COM 9 pole RS 232 console port speed 38400 8N1 On the rear of the M3000 the following relevant o...

Page 16: ...EC connector C14 for the power supply with 230V AC ON OFF Rocker switch to switch on the power supply extension Slot Depending on hardware of the G5000 e g DSL ISDN Ethernet Port s ttyS0 ttyS1 9 pole RS 232 console port speed 38400 8N1 eth0 eth1 eth10 10 100 1000BaseT interface with an automatic speed recognition at its disposal as well as an automatic recognition of the cable 1 1 or cross over VG...

Page 17: ...72 16 0 50 Subnet mask for wlan0 255 255 255 0 SSID TDT AP Pre Shared Key ASCII tdt Router Channel 1 2412 MHz Encryption WPA WPA2 PSK AES CCMP TKIP Webinterface Access via SSL https interface IP Username tdt Password tdt SSH CLI SSH Port 22 CLI Port 2000 Username root Password tdt Serial Port RS232 Speed 38400 bit s Data bits 8 Parity keine Stop bits 1 Note For connection to a PC please use a null...

Page 18: ...rk as the router In default you need an IP adress from the 192 168 0 0 255 range e g 192 168 0 1 and the 255 255 255 0 subnet 1 5 1 Webinterface Type the routers IP adress in the adress field of your web browser In default configuration the IP of the eth1 port is set to 192 168 0 50 Because the Webinterface is only accessable via SSL the syntax https must be included in front of the IP adress Exam...

Page 19: ...Y http www chiark greenend org uk sgtatham putty First navigate to Terminal Keyboard and set The Backspace key to parameter Control H Figure 10 PuTTY Configuration Keybord settings Then navigate back to Session and establish a SSH connection to the Routers IP using the CLI Port In delivery status the eth0 IP adresse is preset to 192 168 0 50 and the CLI Port is 2000 Figure 11 PuTTY Configuration f...

Page 20: ...on type to Serial Figure 12 change to serial Then navigate to Terminal Keyboard and set The Backspace key to parameter Control H Figure 13 PuTTY Configuration Keybord Einstellung Next navigate to Connection Serial type your PCs used COM port e g COM1 in the Serial line to connect box and set Speed baud to 38400 Choose Flow controll None and establish the connection Figure 14 PuTTY Configuration fo...

Page 21: ...21 von 136 Press Enter in the new opend window to go to the Login screen Sign in using the SSH Access data for security reasons the characters of the password won t be displayed Open the Command Line Interface by typing the command cli Figure 15 Router login ...

Page 22: ...m Networking Diagnose and Permanent Save After log in you will find these items on the left hand side of the website as well as a Manual Download Link the Reboot System and the Logout button A click onto a menue item will expand or reduce the menue The expanded menues will display the routers configuration items Figure 16 Home page and navigation with Networking menu expanded Important Run Permane...

Page 23: ...ple2 Example1 TDT CLI configuration enter configuration mode status Status information write Save Configuration Permanent to Flash save Save Configuration as Textfile to tmp load Load Configuration from Textfile in tmp and overwrite all existing configuration include Include Configuration from Textfile in tmp and add it to existing configuration reboot Reboot System shutdown Shutdown System halt S...

Page 24: ...ndling Using the Configuration Handling stored router configuration files can be reinstated or respectively the current router configuration files can be stored During saving process the whole etc directory will be stored into flash With the integrated upload and download function you are able to upload configuration files from your computer or download files from the router which have been create...

Page 25: ... 3 1 2 ICMP Checker Command Description ICMP Check Target Target host ICMP Check Interval Interval between pings in seconds ICMP Check Interval if one request failed Interval between pings if one ping failed ICMP Check Timeout Timeout for ICMP Check Ping Default 5 seconds ICMP Check packet size ICMP Check packet size in bytes Default 4 bytes Maximum Failed Requests Maximum number of failed pings b...

Page 26: ...nection is established the currently active simcard slot is beeing used for SMS Handler If no data connection is active the interal simcard slot SIM2 will be used as default see 13 2 1 C Router with radio modem In addition single or multiple phone number can be defined from which the router can be controlled SMS messages from other numbers will be ignored Command Description Accept SMS from phone ...

Page 27: ...ile network modem_net Show provider network the router is attached to e g T D1 modem_lac Show local area code modem_cell Show ID of current cell get_ip Provides IP address of the currently active mobile connection ppp_disc interface Disconnect a PPP interface connection_deact Deactivate a Connection Entry pppstat interface Shows the status of a PPP connection ifconfig Show interface status sastat ...

Page 28: ...router In this case the following commands can be defined Note replace n with interface modem number 4 5 1 Ethernet Value Status Description ETHn_UP_DOWN off ETHn link down on ETHn link up ETHn_DATA off no data transfer on ETHn on data transfer on ETHn RX TX ETHn_UP_DOWN_DATA off ETHn Link down on ETHn Link up flashing data transfer on ETHn RX TX 4 5 2 WLAN Value Status Description WLANn_ON_OFF of...

Page 29: ...n on WWANn Link up flashing data transfer on WWANn RX TX 4 5 4 GSM Options Value Status Description GSMn_CONNECT_STATUS off no connection low flashing 2G connection GPRS or EDGE fast flashing 3G connection UMTS WCDMA or HSPA on 4G connection LTE GSMn_REG_STATUS off not registered to a GSM network on Registered to GSM network GSMn_GPRS_REG_ROAM off not registered on registered home network flashing...

Page 30: ...rtificate Value Status Description CERT_name_STATUS off Certificate name not available or damaged on Certificate name available and valid flashing Certificate name available but expired 4 5 8 SIM Card Value Status Description ACTIVE_SIM_CARD off no SIM in use on SIM1 in use flashing SIM2 in use 4 5 9 Flashing frequencies Status Frequenzy low flashing 2000 ms medium flashing 500 ms fast flashing 10...

Page 31: ... 1st action and 2nd action by switching to Push Button Assignments 4 6 1 Push Button Actions First a particular action needs to be created It can be done by navigating through System Push Button Settings Push Button Actions Command Description Description Name brief description of the defined action Associated action Linux command or selected script Note Command should always be defined within dou...

Page 32: ...d Command Unix command to be executed For example etc sysconfig network devices ifup wlan0 Input to command If the task was successfully started the command entered here ist passed over during runtime When to execute Simple schedule The task can be executed at fixed times Possible values are hourly daily at midnight weekly on Sunday monthly on the 1st yearly on 1st Jan when the system boots Times ...

Page 33: ...ers Allow only listed users Only listed users are allowed to create and execute cron jobs Deny only listed users Access to con jobs is not granted for users listed here 4 8 System Time System and hardware time can be set within this module Furthermore the Time zone and a Network Time Protokoll Server NTP Server can be defined here 4 9 Time Synchronisation The NTP Time Synchronisation menu provides...

Page 34: ...very request Initiates a manually entered host name with every new access This is necessary for example when the remote station only has a dynamic DNS name and hence can change its IP address 4 10 2 Port and Address In the Port and Address menu you can enter the IP address and the port number the Webmin interface should listen to Command Description Listen on IP address Default Provided the router...

Page 35: ...an set the authentication and password timeouts Password timeouts can protect against socalled brute force attacks because they initiate an increasingly delayed logon procedure after an abortive logon attempt has taken place When the authentication is activated the sessions of all users are logged by the Webmin all inactive users will be automatically logged off Note Activation or deactivation of ...

Page 36: ... login file A special page or file will be displayed before login which you can enter in the following field 4 11 Webmin Users The Webinterface provides a powerful and flexilbe user administration Using the Webmin Users menu the Webmin s own user administration is opened It performes existing appointed users Apart from this it allows new users to be added and the authorisation for module access Th...

Page 37: ... server information Setup a DNS server wich is able to resolve local records and internet domains This presuppose a Root Zone wich will be downloaded from rs internic net Note This option requires an active internet connection Setup as an internet name server but use Webmin s older root server information This option is identical to the previous one but there is no ned to connect to internet Inste...

Page 38: ...atic Connections provides a simple start functionality only The Connection Manager monitors his connections Therefore it is recommended to use Connaction Manager any time The Connection Manager also allows realizing complex backup scenarios 5 3 1 Connection Manager The Connection Manager allows starting and monitoring of multiple physical ppp eth br wlan respectively logical IPSec connections All ...

Page 39: ...regular configurable interval and checks if an answer is received If no answer is received for the maximum of configured attempts the connection dial entry will be deactivated Note Please note that a connection dial entry won t join status disconnected if there is still one dial attempt present That means it will remain in status disconnecting until the redial delay is reached 5 3 1 1 3 Connection...

Page 40: ... 5 3 1 1 4 Add Connection Connection Dial Entry Parameter Parameters for a physical connection can be defined here For a better handling the configuration page is splitted in two sections Thereby the Advanced Connection Settings are displayed as hidden in default Command Description Connection Name Defines a name for the connection e g Main or Backup Use Interface Interface for Connection Entry SI...

Page 41: ...r or Ping Checker Pre Reboot Command Command to run before perform the reboot Reboot Mode Specifies the reboot mode Normal The unit will shutdown regularly and reboot automatically Forced Performs a direct reboot without a controlled termination of the running processes Connect time control Maximum Uptime Uptime before switch to status disconnected Note The connection status immediately changes to...

Page 42: ... ping response in seconds e g 4 Maximum failed Requests Maximum failed ping requests before disconnecting the entry default 2 Perform Ping Recovery Activate deactivate Ping Recovery Note Using Ping Recovery checks if data transmission is possible during initialisation Disconnect the connection in case of error Ping Recovery Interval Interval in seconds Ping Recovery Timeout Time to wait for an Pin...

Page 43: ...al Subordinated Connection fetches its configuration and enters the main loop if it s superordinated Connection Dial Entry is established successful If defined a Power Up Delay is applied before Within the Main Loop conditional action is performed depending on it s internal state as well as the state of other logical entries A Logical Entry is the only instance inside the connection Manager which ...

Page 44: ...ysical entries see Connection overview All created Connection Manager entries will be listed and displayed with the current status To improve clarity the connection background is colored according to its status Grey inactiv connection entry is inactive Blue active Power Up Delay connection setup initialization green Connected Connection established red disconnected Disconnected Inhibited by other ...

Page 45: ... 2 Static Connections In contrast to the Connection Manager the Static Connections provides no monitoring or backup of the connections Note Therefore the StaticConnections are recommended only for dial on demand and dial in connections 5 4 DHCP Server Using the DHCP Server menu it is possible to configure a DHCP server DHCP servers provide clients with network information and administer it central...

Page 46: ...known clients should be allowed to connect to the DHCP server or not be allocate an IP address Hosts directly in this subnet Groups which are found direct in the subnet Default lease time The validity time in minutes of the clients allocated DHCP configuration Maximum lease time Value of the maximum validity time of the allocated DHCP configuration Server name Name of the DHCP server Lease end for...

Page 47: ...configuration file etc dnsmasq conf on the menu page Note DNSmasq only answers DNS requests for local interfaces while holding the standard configuration Any changes on the configuration are being saved via the button Save Configuration Once started the service can take over a changed configuration via the button Restart DNSmasq In addition DNSmasq can be started Start DNSmasq stopped Stop DNSmasq...

Page 48: ...e g as a secondary MX 5 8 IPSec VPN In the IPSec VPN Functions menu you can create and administer IPSec connections The IPSec implementation is based on the Open Source project OpenSWAN Note Before configuration the IPSec interface must be mapped to a network interface using Global Settings menu Existing templates and connections will be listet on main page in the Connection Templates and Connecti...

Page 49: ...es the connection status during connection build up default Set MTU of ipsec Interfaces to Defines the MTU size of IPsec interfaces only necessary in particular cases Virtual Private Subnets for NAT T Defines the allowed subnets in the following scheme multiple values are comma separated IPv4 v4 1 2 3 4 mm IPv6 v6 aaaa bbbb cccc dddd eeee mm default v4 10 0 0 0 8 v4 192 168 0 0 16 v4 172 16 0 0 12...

Page 50: ... Log the interaction between Pluto and Klips parsing Log the structure of the incoming messages private Allows debugging of outgoing messages using the private key raw Log raw data 5 8 3 Connection Defaults Connection Default settings can be defined using this configuration menu Parameters to create templates and ipsec connections are equal to the following ones 5 8 3 1 Global Settings Command Des...

Page 51: ...Hop Specifies the gateway IP via which the IPSec remote peer can be reached Leave this field blank if peer is accessible directly Peer Right IP IPSec remote peers IP e g IPSec remote peers external IP or any for RoadWarriors using dynamic IPs Peer Right Next Hop Specifies the gateway IP via which the IPSec remote peer can be reached Leave this field blank if peer is accessible directly Authenticat...

Page 52: ...ificate to CA Only allow peers with hereby choosen Root CA Certificate Authority It is possible to use the own CA Same as Our or a CA from section CA Certificates default No 5 8 3 2 3 XAuth Client Settings Command Description XAuth Client Shall the router act as XAuth client default No MODECFG Client Act as Mode Configuration Client default No XAuth Group Name Our ID XAuth group name XAuth Group P...

Page 53: ...mando Beschreibung Local Subnet Defines the local private subnet behind the VPN gateway Syntax IP address subnet range e g 192 168 0 0 32 Local Source IP Local IP address representing the tunnel endpoint on remote side This value is needed for subnet subnet connections to route packets through the tunnel Remote Subnet Defines the remote subnet behind the remote VPN gateway Syntax IP address subnet...

Page 54: ...system or if they should be blocked Such a rule could for example be used to discard all packets which come from IP address 1 2 3 4 Every network packet which is transmitted received or forwarded pass through a chain of rules e g drop abolish accept queue respectively userspace buffering exit chain or run chain selecting another chain The individual rules within a sequence are processed from top t...

Page 55: ...UTING Here you can define the policy immediately used before routing Incoming packets INPUT Here you can define the policy for all incoming packets Forwarded packets FORWARD Here you can define the policy for all forwarded packets Outgoing packets OUTPUT Here you can define the policy for all outgoing packets Packets after routing POSTROUTING Here you can define the policy for all local and routed...

Page 56: ...fines how to handle the packet Targets are a user defined chain a default target or an extendet target For fixed chains a policy can be defined which will be applied if no rule matches A policy is always equal to a default target A general survey is located in table Chain and action details listed in Action to take column Default target is ACCEPT Figure 19 Flow diagram Default Policy Drop btw Acce...

Page 57: ...ing to the chosen chain type following targets can be defined Do nothing no action will be taken Accept the packet will be accepted and processed Drop the packet will be rejected without response Reject the packet will be rejected with response defined at Reject with ICMP type Userspace the packet will be placed in the queue of the user process Exit chain the sequence chain will be abandoned Log p...

Page 58: ...owing value Fragmentation Ignored Fragments of IP addresses will be ignored Is fragmented For fragment of IP packets there is no possibility to determine their source or target IP and port Therefore other conditions do not apply and it it only possible to perform the rule with this parameter Is not fragmented When the IP packets are not fragmented the rule will be performed Network protocol Ignore...

Page 59: ...g value for the rule to be applied Packet flow rate Ignored The packet throughput will be ignored Below The packet throughput must be below the following value for rule to be applied Above The packet throughput must be larger than the following value for the rule to be applied Packet burst rate Ignored The momentary peak packet throughput will be ignored Below The peak packet throughput can be bel...

Page 60: ...t is a so called range If only one IP or one port should be forwarded define the value range on it Now create conditions for the forwarding to the destination adress At Incoming interface set the the condition to Equals and in the second drop down menu choose the interface where the originally IP paket will be received e g eth1 Indicate under Network protocol the required protocol e g TCP Also set...

Page 61: ...therwise the settings will be lost if you reboot the router 5 10 1 Network Interfaces Under the menu item Network Interfaces you can configure and add the physical or virtual network interfaces Note As a result of changes to the network interfaces it might be necessary to log in to webinterface again using the new IP address To create a new permanent interface click on Add a new Interface in the I...

Page 62: ...rtual IP addresses for this physical interface can be assigned here if the main interface was created The values correspond to the ones listed here VLAN interfaces If the physical interface was created VLAN interfaces can be assigned to this interface The values correspond to the ones listed here 5 10 1 1 Bridge Settings Command Description Should this be a bridge interface Setup this interface as...

Page 63: ...able disable Path MTU Discovery on this tunnel Note A fixed ttl is incompatible with this option tunnelling with a fixed ttl always makes pmtu discovery Bind to Device Bind the tunnel to the device NAME so that tunneled packets will only be routed via this device only GRE tunnels 5 10 2 Routing and Gateways Using the Routing and Gateways menu you can define which router should be used to reach spe...

Page 64: ...f the host Command Description Hostname Hostname des Routers DNS servers The DNS server which is interrogated by the router when an unknown host name is used Resolution order Name resolution order Host The router attempts to resolve the names itself DNS The router attempts to resolve the names via the server defined in the DNS list NIS The router attempts to resolve the names via Network Informati...

Page 65: ...ol Client may get an IP address assigned from a DHCP server behind the VPN server Create appropriate Diffie Hellman Random File String Length of the Diffie Hellman Key The higher the String the longer it takes time to create the random file 5 11 2 Edit existing peer Command Description Peer name Name of the connection Operating Mode Defines the operation mode Port to use Port for the OpenVPN conne...

Page 66: ...rs only Limit concurrent clients Max number of simultanously active connections to the OpenVPN server Servers only Allow remote to change IP and or port Allows the client to use an own IP address and an own port respectively to change servers preset Enable Management Yes starts an TCP server on the given port for management For security reasons it is recommended to set the IP address to 127 0 0 1 ...

Page 67: ...l not be executed No default Additional configurations OpenVPN supports more than the listed parameters If you need one of the parameters you are able to define them here Script to execute after VPN is up The defined script will be executed after the OpenVPN connection is established The script is running under the user rights given in Change user after initialization Script to execute after VPN i...

Page 68: ... Description Name Name of the PPP connection Type Connection type of the PPP connection Possible types ADSL ISDN ISDN Dial In UMTS GPRS Phone Number s ISDN phone numbers for outgoing ISDN connections APN Access Point Name with UMTS GPRS connection Username Username of the connection Local IP Local IP address Remote IP IP address of the remote station Using Add a new PPP interface link will create ...

Page 69: ...lls From The definded Peers Callers are allowed to establish a connection Corresponding numbers are given here separated by commas To accept all incoming calls leave this field empty Maximum Transmit Unit The value defines the maximum size of a transmitted data packet Maximum Receive Unit The value defines the maximum size of a received data packet Protocol This parameter defines the connection pr...

Page 70: ...sses The remote station is interrogated about known DNS servers which will entered as DNS servers Maximum Transmit Unit The value defines the maximum size of a transmitted data packet Maximum Receive Unit The value defines the maximum size of a received data packet 5 12 1 2 Advanced PPP configuration for interface ppp For a simple connection the Advanced PPP parameters are not required special app...

Page 71: ...back comma seperated Time to Wait Befor Callback Wait n seconds befor performing a callback Default 60 sec Trys before giving up In case of error a maximum of n re tries will be initiated Default 4 Timeout before giving up Connection establishment will be attempted for n seconds Default 60 sec PPP multilink protocol Multilink PPP provides a bundeling of two ISDN B channels to one logical connectio...

Page 72: ...ed to automatically disconnect a connection if there is no response to the peer or which is already physically disconnected LCP Echo Interval This option causes an LCP echo request to be sent every n seconds This option would be used in conjunction with the LCP Echo Failure option Clamp MSS This function sets the Maximum Segment Size MSS It is necessary to connect networks with different MTU s and...

Page 73: ...e router s local IP address Default No Accept remote IP address Allowes the remote station to assign the router s remote IP address Default No PPP interface netmask Based on Remote IP the netmask is defined using the remote IP address Default String Defines the netmask for this PPP interface Force Local IP No Default No Yes set to Forces the specified local IP 5 12 1 2 8 Authentication Parameters ...

Page 74: ...ssion Set transmission of protocol field compression in transmit and receive direction Default Yes Address Control Compression Activates deactivates address control compression in both directions transmit and receive Default Yes Predictor 1 Compression Using Yes Predictor 1 Compression is required set to No to refuse Predictor 1 Compression Default Auto BSD Compression Activates BSD compression sc...

Page 75: ...rvice 5 12 2 PPP Accounts In the PPP Acounts menu PAP Password Authentication Protocol or CHAP Challenge Handshake Authentication Protocol users can be created and administered 5 12 2 1 Create new PPP CHAP PAP account Kommando Beschreibung Username Any The username can be empty or consist of any ASCII characters String The defined username must be used Password None There will not be any password ...

Page 76: ...of the modem s packetqueue In this case it is as if the queue has been fetched from the modem to the router 5 14 1 Outgoing Interfaces 5 14 1 1 Interface parameters Command Description Interface Selects the incoming interfaces Enable Interface Interface will be activated deactivated 5 14 1 2 Root Qdisc Parameters Note All QoS rules will be carried out as user root 5 14 1 2 1 TBF Token Bucket Filte...

Page 77: ...which connections are assigned to which queues However occasionally a number of connections must share the same queue whereas others use a queue exclusively Command Description Perturb Defines the time span for a hash function change Quantum Defines the number of bytes that a queue can send at one time This value must be at least as large as the current packet size MTU Otherwise the larger packets...

Page 78: ...riomap Command Description Number of Bands Defines a class The higher the number the higher the value of the class 5 14 2 Incoming Interfaces There are also possibilities to control the incoming network traffic with rules This implementation basically differs from the others because the incoming packets do not bottle up at the interface As a result a rule for incoming traffic can only be used toge...

Page 79: ...nter sales marketing etc Individual SNMP agents can also be represented in different communities e g routers Source Default All SNMP requests will be answered Hostname SNMP requests from the defined host will be accepted Subnet SNMP requests from the following networks IP address Subnet e g 10 1 4 0 24 will be accepted Restricted OID None Access to the total MIB permitted OID The value OID control...

Page 80: ...p Receiver SNMP Server receives SNMP Version 1 traps SNMPv2 Trap Receiver SNMP Server receives SNMP Version 2 traps SNMPv2 Inform Receiver SNMP Server receives SNMP Version 2 inform traps Process Yes Activates deactivates this trap control 5 15 4 Sub Agent Configurations Use this menu to configure the SNMP Monitoring 5 15 4 1 Common Settings Command Description Send trap on authentication failures...

Page 81: ...free memory to be monitored in device 3 Minimum limit When this value is undershot a trap will be sent Bytes Minimum free memory in bytes Percentage Minimum free memory in percent 5 15 4 4 Monitor File Sizes Command Description Destination Path details of the files to be monitored e g var log messages Max Size in Byte Maximum size of the files in bytes Process Yes The file will be monitored No The...

Page 82: ...gnores the HOME ssh known_hosts file during an RSA authentication Pre login message file None Default No message will output before login String The text message will output in the specified file before login User authorized keys file Default ssh authorized_keys The authentication keys are located in the default directory String The authentication keys are located in the declared directory Permit ...

Page 83: ...ected No The router doesn t terminate the connection when the client has been disconnected Allow TCP forwarding Yes Default Users can tunnel the client s TCP connections in the router network No Users cannot tunnel the client s TCP connections in the network Reverse validate client IP addresses Yes Default The router compares the host names with the IP addresses of the DNS server No The router acc...

Page 84: ...ndividual hosts in this menu Command Description Login as user Normally if no username is given on the ssh command line the name of the current user is used to login to the remote SSH server However this option can be used to specify a different default username for a particular host or hosts Escape character When making an interactive SSH login the escape character can be used to break out of the...

Page 85: ...ction is used to start an application in a terminal session define the complete path to the application here To add additional startup parameters use the with arguments field Connect to remote host In case the tunnel connection should connect to a server define the remote hostname and remote port here SSL certificate and key file Choose Use Webmin s cert to use the Webmin SSL certificate For a cus...

Page 86: ...s an ARP Response to announce the assignment of the virtual IP address to the new MAC address The Advertisement Timer is started The router switches to master status In case the router that already has master status receives another VRRP Advertisement With a higher priority the router returns to the backup status With a lower priority the VRRP Advertisement IP packet will be rejected and the route...

Page 87: ...th state Master or Backup Force Election Yes Will preempt a lower priority machine No The lower priority will maintain the master role even wenn a higher priority machine comes back online Delayed Delayes the preemption of a lower priority machine for n seconds Range 0 1000 Default 0 Interface The corresponding interface which the virtual IP should asume in error conditions e g eth0 Traced Interfa...

Page 88: ...cation will require an authentication header Auth Password Enter the password that will be used for the Auth Mode Pass The length of the password is specified with 8 characters if a password with more than 8 characters used the remaining characters will be discarded A password with less than 8 characters will be filled with 0 s Please note that the password will be sent over the network without en...

Page 89: ...he IP address of the Simple Mail Transfer Protocol server SMTP Server Connect Timeout The value defines the time in seconds how long it will be attempted to reach the SMTP server Default 30 sec Connection Synchronization OFF stops the synchronisation Master the router is defined as synchronisation master and sends status messages to the group Backup the router works as synchronisation backup serve...

Page 90: ...ress The IP address under which the virtual server can be reached Port The IP port of the virtual server A port with address 0 is only valid when the service is persistently specified In this case it is a wild card port to which connections to every port are allowed Firewall Mark This value is a firewall marking an integer value greater than 0 which implies a virtual service rather than an address...

Page 91: ... based on the source IP address of the individual servers by looking them up in a static hash table which the virtual server creates based on different criteria Using source hashing can when the number of permissible connections 2 Weight is exceeded result in the complete failure of the system Destination Hashing Using this procedure the jobs are allocated based on the target IP address of the ind...

Page 92: ...and the backend systems Usable Real Servers Under usable Real Server you can select an existing real server HTTP Virtualhost This value defines a virtual HTTP host Sorry Server IP The IP of the server which should accept the connections when all existing real servers are not available and cannot accept any additional connections Sorry Server Port The port of the server which should accept the conn...

Page 93: ...ings Command Description PSK Format Defines the format of a secret key PSK Pre Shared Key The secret key Using HEX format a key lenght of 64 characters is required Using ASCII at least 8 and up to 63 character can be used 5 19 3 N Standard settings High Throughput Capabilities Kommando Beschreibung Supported channel width set Specifies the channel width to use If HT40 High Throughput is used only ...

Page 94: ...nt will be sent to avoid hidden station problems Default disabled Fragmentation threshold Threshold for data size forcing data packets to be sent fragmented Default Disabled Basic rate set Defines the basic transmission rate 5 19 5 WEP related settings Command Description Authentification Open No authentication will be made Shared Authentication will be made using a secret key Open Shared Both var...

Page 95: ...le Enter the full path to the CA certificate file here File path to server certificate file Enter the full path to the server certificate file here File path to server private key file Enter the full path to the server private key file here Password for private key file Enter the passphrase for the private key file here 5 19 6 2 1 EAP User Einstellungen Command Description Username Identity Userna...

Page 96: ... registration should be performed or not Note May be useful if MultiSIM Cards are employed because the router reject calls during parallel ringing PIN If PIN is not disabled for the SIM card enter it here After successful authentication PIN can be disabled or changed here Should it be required to enter the PUK it also can be entered here Public Land Mobile Network Sets a preferred mobile operator ...

Page 97: ...ions 6 3 GSM Modem State On this page you can find information about the actual GSM modem state Depending on the modem type there can be different types of information IMEI and IMSI can be found here also informations about registration status network provider connection type location area code LAC cell id and signal quality CLI Equivalent The Command modemstat on menu site status will display the...

Page 98: ...ay of the connection status Source IP address and port of the client Virtual IP address and port of the virtual server Destination IP address and port of the real server 6 6 Log File Rotation The Log File Rotation ensures that the router will not run out of memory Therefore the log files are periodically checked to determine their size and rotates accordingly which means the files are renamed e g ...

Page 99: ... so it is recommended to use the c parameter count e g c 4 for four ping echo requests like Windows units CLI Equivalent Under processes on menu site status of CLI you can see the Linux command lines of the ongoing processes 6 9 System Information This page shows several information about the system the used hardware the network the memory usage and the filesystem 6 10 System Logs In System Logs s...

Page 100: ... CLI Equivalent Use write in CLIs main menu to run a Permanent Save 7 2 Save System to USB only M und G Series The M and G Series units provide the ability to backup the hole operating system to a USB stick Therefore it is necessary to use a TDT USB Init Stick Connect the USB Init Stick supplied by TDT to a USB interface Start backup procedure using Permanent Save Save System to USB optionally it ...

Page 101: ...rowser to log on to the router s Webinterface and navigate to System Configuration Handling Figure 22 Save and restore configuration Enter a custom name for the configuration file in the top field Enter filename of Backup Restore Delete and save the current configuration by pressing the Backup button In next step choose this saved configuration file in section Download Configuration Therefore pres...

Page 102: ... to the router s IP adress User and Password according to SSH Figure 23 Now you can see the folder structure of the router on the right side and your local disk on the left side On the router navigate to tmp and copy the matching file whether by using drag and drop or the context menu onto your local disk Now you can send this configuration as an Email attachment or archive it Note A configuration...

Page 103: ...disk navigate to the matching tar gz file and on the router to tmp and copy the saved configuration onto the router Log in to the CLI again and type load filename and confirm by pressing Enter The configuration is now restored to your router Important All existing settings are lost during this procedure To complete the restoration the configuration has to be saved permantly with command write and ...

Page 104: ...ccording to the combination of the LEDs the release of the reset button has different functions Active LED Time Function Power 0 3 seconds Reboot of the C1500 Power L1 4 14 seconds The C1500 switches off Power L1 L2 15 seconds Reboot of the C1500 and loading of the standard configuration Factory Reset 9 2 M3000 G5000 L Series Perform a regular system shut down if possible Using the webinterfaces m...

Page 105: ...reason a quick switch back to the previous system is possible without any problem During the update process the progress is displayed and the routers LED s are flashing Download the new firmware file and store a copy of it to the routers tmp directory using a SCP tool 10 1 Webinterface A system update can be done via the webinterface Navigating to the menupoint System Firmware Update The current f...

Page 106: ... url no config Value Description t target System1 Update System to hda1 System2 Update System to hda2 f file The filename of the firmware to load Important Specify the absolute path to the file diff If the update is a rsync diff file set this option optional server server url If you want to synchronize to a diff server optional no config If this option is set the existing configuration of the rout...

Page 107: ...e instruction write otherwise the settings will be lost in the case that the router performs a reboot or due to power fail 11 1 Top level TDT CLI Command Description configuration Enter configuration menu status Enter status information write Save configuration permanent to flashdisk save filename Save configuration as textfile to tmp load filename Load configuration from textfile in tmp Important...

Page 108: ... menu ipsec Open IPSec configuration menu ntp Open Time Server configuration menu 11 1 1 1 1 Network Interface menu TDT CLI configuration network interface Command Description ethernet instance Configure ethernet interfaces Always run this command with defined instance Example TDT CLI configuration network interface ethernet eth1 bridge instance Configure bridge device Always run this command with...

Page 109: ...ation network interface et hernet eth1 mask 255 255 255 0 broadcast Configure or lookup broadcast adress Example TDT CLI configuration network interface et hernet eth1 broadcast 192 168 0 255 gateway Configure or lookup gateway IP adress Example TDT CLI configuration network interface et hernet eth1 gateway 192 168 0 1 mtu Configure or lookup MTU Example TDT CLI configuration network interface et ...

Page 110: ...eth0 wlan0 OK addif Add interface to bridge device delif Delete Interface from bridge device view View parameters and values apply Apply changes delete Delete instance 11 1 1 1 1 3 PPP Interface TDT CLI configuration network interface ppp Command Description device Specifies the device for this connection type show type of the ppp interface read only conn type gprs Only a GPRS connection will be e...

Page 111: ... ipcp accept local The remote station is allowed to assign the router s local IP address yes no ipcp accept remote The remote station is allowed to assign the router s remote IP address yes no netmask The value defines the netmask for the PPP interface if empty the netmask will be announced dependant on the remote IP address usepeerdns The remote station is interrogated about known DNS servers whi...

Page 112: ...erval This option causes an LCP echo request to be sent by the pppd every n seconds Normally the remote station will answer with an LCP echo reply This option can be used in conjunction with the LCP ECHO FAILURE option to ascertain whether a remote station is contactable or not domain Inserts the entered domain name to the local host name for authentication purposes logfile Inserts log messages to...

Page 113: ...e Activate the Connection Manager yes no conn_entry Configure a dynamic call entry view View parameters and values apply Apply changes delete Delete instance 11 1 1 1 2 2 1 Connection Entry TDT CLI configuration network dialup dynamic conn_entry Command Description interface Configure interface type Connection type iface_type Interface type max_neg_timeout Maximum Negotiation Timeout in seconds De...

Page 114: ...Initialization is entered script_connected Script to execute once status Connected is entered script_disconnecting Script to execute once status Disconnecting is entered script_disconnected Script to execute once status Disconnected is entered ping_target Send ping to target ping_interface Interface to use for Ping ping_gateway Gateway to use for Ping ping_interval Ping interval in seconds ping_in...

Page 115: ...ce necessary metric Routing metrik view View parameters and values delete Delete instance 11 1 1 1 2 2 1 3 Logical Subordinated Connections TDT CLI configuration network dialup dynamic conn_entry conn_log_entry Command Description type Connection type name Connection name max_neg_timeout Maximum Negotiation Timeout in seconds Default 30 sec power_up_delay Power Up Delay in seconds ping_target Send...

Page 116: ...tivated connections before performing a reboot oos_time Whether this connection entry should go Out of Service or not yes no deact_father Whether the superordinated connection dial entry should be deactivated or not yes no inhibit List of Connection Dial Entries by which this entry is inhibited Komma separated inhibit_mode Inhibit Mode active connected oos debug Select Debug Mode 1 2 3 change_log_...

Page 117: ...t SNMP 11 1 1 1 3 1 SNMP Access Control TDT CLI configuration network snmp snmpacces Command Description oid Restricted OID source Source information Default Hostname Subnet hostname Source hostname mode ro read only rw read and write access is permitted ip Source IP mask Source mask Bits restrictoid Restrict OID Access yes no process Activate community yes no view View parameters and values apply...

Page 118: ...ance Prozesse zur Überwachung angeben es können die Anzahl der minimal und maximal laufenden Instanzen angegeben werden snmpfile name Configure or lookup processes to monitor disk_1 Configure or lookup files to monitor disk_1_min Disk mount path 1 disk_1_value Disk 1 minimum limit in bytes or percentage disk_2 Disk 1 value disk_3 analog disk 1 load_1_max analog disk 1 load_5_max Maximum load for 1...

Page 119: ... ID virtual_private Configure or lookup allowed networks nhelpers n Number of Pluto Helpers to be started crlcheckintervall sec Check interval for CRL s seconds strictcrlpolicy Enable disable strict CRL policy yes no forwardcontroll Enable disable IP forwarding on IPSec startup shutdown yes no nat_traversal Configure or lookup NAT Traversal yes no klipsdebug Enable disable KLIPS debugging plutodeb...

Page 120: ...orithm ike Configure or lookup IKE Algorithm ikelifetime Configure or lookup IKE lifetime hours keyexchange Configure or lookup key exchange method ike keylife Configure or lookup key lifetime hours left Local IP leftid Local ID leftnexthop Local next hop leftsourceip Local source IP leftsubnet Local subnet IP address leftprotoport Allowed protocols and ports leftcert Our public certificate leftca...

Page 121: ...ure or lookup Dead Peer Detection timeout view View parameters and values apply Apply changes delete Delete instance 11 1 1 1 5 NTP Settings TDT CLI configuration network ntp Command Description ntpserver adress Configure or lookup Time Servers broadcast Enable disable Broadcast yes no multicast Configure or lookup multicast address default custom custom Custom multicast address driftfile Driftfil...

Page 122: ...rompt Example TDT CLI configuration general prompt HelloWorld OK HelloWorld CLI configuration general hostname Configure the system hostname cli_port Configure the CLI TCP Port Default 2000 view View parameters and values apply Apply changes 11 1 2 Status menu TDT CLI status Command Description modemstat Show status of GPRS Module ppp_disc interface Disconnect a PPP interface connection_deact Deac...

Page 123: ...irmware Select the firmware file from directory tmp using the button and specify whether the existing configuration will be adopted or not Note By default the checkbox Adopt configuration is marked to transmit the existing configuration to the updated system Uncheck this option to prepare the updated system with a default configuration In order to use a differential update file activate the Differ...

Page 124: ... Series Manual TDT GmbH Chapter 11 CLI Commands Seite 124 von 136 Command Description show Open show menu 11 1 2 1 Show menu TDT CLI status show Command Description running config Show running configuration ...

Page 125: ...p Dimensions 158x28x155mm WxHxD without antenna Weight ca 870g Operating Temperature 5 C optional 25 C 60 C Humidity 85 none condensing Input power 7 18V DC Power supply 12V 2A Power consumption 6W 3G connector for external antenna SMA female WLAN connector for external antenna Reverse SMA male GPS connector for external antenna SMA female optional CE and vibration tested DIN EN 60068 2 6 1996 12 ...

Page 126: ...aseT Ethernet Switch unmanaged 1 Power LED 10 LEDs for extended status informations configurable 2 USB 2 0 Ports e g for backup or external hardware 1 RS232 Console Port for debugging or monitoring Dual SIM 2x mini SIM for backup strategies Real Time Clock Rigit metal housing Dimensions 158x40x157mm WxHxD without antenna Weight ca 1000g Operating Temperature 5 C optional 25 C 55 C Humidity 85 none...

Page 127: ...Data Term Ready 5 GND System Ground 6 DSR Data Set Ready 7 RTS Ready to Send 8 CTS Clear to Send 9 RI Ring Indicator 12 2 M3000 12 2 1 Supportet UMTS GPRS Cards Manufacturer Description Serial number Option GlobeTrotter 3G CL Option GlobeTrotter Fusion Quad Lite QL Option GlobeTrotter Express 7 2 FE Option Globetrotter Fusion HSDPA NF Option GlobeTrotter GT MAX GA Novatel Merlin XU870 Novatel Merl...

Page 128: ...C M G Series Manual TDT GmbH Chapter 12 Hardware Seite 128 von 136 12 2 2 Layout of the DSL ISDN Y Cable Figure 26 12 2 3 Ethernet 4 Port Card Figure 27 ...

Page 129: ...on you must at first log on to the console With the command vi etc saphir ini the configuration file will be opened In the following section the TE NT behaviour is defined HST_ISDN_ADAPTER HST_ISDN_ADAPTER_01 ControllerConfigOptions 0x0 HST_ISDN_ADAPTER_02 ControllerConfigOptions 0x1 The value 0x0 stands for TE and the value 0x1 stands vor NT In delivery status port1 is TE and port2 NT After chang...

Page 130: ...receiver doesn t get a signal Loss of signal blue Off Normal mode On The received frames or not synchronised correctly alarm indication signal green Off OSI Layer 2 inactive check OSI Layer 2 configuration On OSI Layer 2 active in normale mode OSI Layer 2 is permanent active 12 3 1 1 Pin allocation of the RJ45 PRI connector RJ45 front view Figure 29 PIN 1 PIN 2 PIN 3 PIN 4 PIN 5 PIN 6 PIN 7 PIN 8 ...

Page 131: ... untis with WLAN module IP adress for wlan0 172 16 0 50 Subnet mask for wlan0 255 255 255 0 SSID TDT AP Pre Shared Key ASCII tdt Router Channel 1 2412 MHz Encryption WPA WPA2 PSK AES CCMP TKIP Webinterface Access via SSL https interface IP Username tdt Password tdt SSH CLI SSH Port 22 CLI Port 2000 Username root Password tdt Serial Port RS232 Speed 38400 bit s Data bits 8 Parity keine Stop bits 1 ...

Page 132: ...n Users USER near parameter Password The new password will be entered in the following text field an applied with Save Button Note This will never change commandline user password for user root This password will be changed using commandline 13 1 1 2 Commandline user root Log in to commandline using a ssh client e g PuTTY Open password dialog by typing passwd Example root hostname passwd Changing ...

Page 133: ...nts of the R TTE Directive Latest documents can be found at download tdt de 13 2 System specific data 13 2 1 C Router with radio modem Possible links GPRS EDGE UMTS HSDPA HSUPA HSPA LTE Speed Max Downlink Depending on modem type Speed Max Uplink Depending on modem type Simkarten The routers are DualSIM capable e g for connection backup SIM1 on front side SIM2 C1500 and C1550 inside the device C200...

Page 134: ...or and a GPS antenna suitable for the modem type connected are available Note GPS is optional in the regular series and is only seen on ELW Routers 13 2 1 1 1 Read GPS Data With the command np dev gps0 you are able to read the current GPS Data from the C Series Routers command line For this the TimeServer has to be disabled when GPS is used as timer for NTP daemon at System Time Synchronization ...

Page 135: ...e IP adress for wlan0 172 16 0 50 Subnet mask for wlan0 255 255 255 0 SSID TDT AP Pre Shared Key ASCII tdt Router Channel 1 2412 MHz Encryption WPA WPA2 PSK AES CCMP TKIP Important For safety reasons please change the preset Pre Shared Key 13 3 Software This router consists of software which are distributed under different license terms in particular under proprietary license or under any Open Sou...

Page 136: ... Description Link WinSCP SCP Program http winscp net PuTTY SSH Client http www chiark greenend org uk sgtatham putty OpenVPN Client http openvpn net index php download community downloads html The GreenBow IPSec Client http www tdt de en products software greenbow 14 4 Further Links Description Link BIND DNS Server https www isc org software bind DNSmasq http thekelleys org uk dnsmasq doc html Dyn...

Search results

Summary of Contents for C-Series

Reviews:

Related manuals for C-Series

Brands by name

Popular brands

TDT C-Series, Manual

Search results

Summary of Contents for C-Series

Reviews:

Related manuals for C-Series

Brands by name

Popular brands