4RF Aprisa LTE Скачать руководство пользователя страница 167 | Manualshive

Страница: 167 / 248

background image

Managing the LTE | 167

Aprisa LTE User Manual 2.1

Setup secure GRE-over-IPsec connections (GRE tunnel inside IPsec VPN)

If the user requires a secure VPN, the IPsec VPN can be used without using inside a GRE tunnel, but IPsec
alone does not support multicast only GRE can provide that. Thus, it is more common to use GRE tunnel
inside an IPsec for a secure VPN that can carry any protocol. The Aprisa LTE can act as a GRE-over-IPsec
VPN endpoint.

Figure 20 describes the secure GRE-over-IPsec VPN connection to the corporate data center.

Figure 20 Setup secure GRE-over-IPsec connections

To setup the GRE-over-IPsec VPN connection per the above figure, perform the following steps:

1. Create a GRE tunnel. Navigate to SuperVisor

and on the GRE tab, click the Add

button. Set the GRE tunnel as described in the section above ‘Setup unsec

ure GRE PTP VPN

connections’.

2.

Create the IPsec Tunnel VPN. Navigate to the ‘IPsec Tunnel’ tab and click the Add button.

a.

Set ‘Tunnel Name = IPsec_Tunnel_0’. This sets the IPsec tunnel ID. This ID is recommended to

be used on both end of the tunnel configuration.

b.

Set ‘Mode’ as

required, either ‘Tunnel’ or ‘Transport’. See description under ‘Security > VPN >

IPsec Tunnel’.

In this example Mode = Transport.

c.

Set ‘Local Subnet = 121.90.26.133’

when Mode = Tunnel. This is the source transport IP address

and subnet, i.e. the local endpoint interface of the IPsec tunnel. This is the same IP address of

‘Source Public Address’ in GRE tunnel settings.

This field is greyed out when Mode = Transport.

d.

Set ‘Remote Subnet = 100.65.3.118’

when Mode = Tunnel. This is the destination transport IP

address and subnet, i.e. the remote endpoint interface of the IPsec tunnel. This is the same IP

address of ‘Destination Public Address’ in GRE tunnel settings.

This field is greyed out when Mode

= Transport.

e.

Set the ‘Local subnet’ and ‘Remote subnet’ at the data center, respectively (IP address are

swapped at the data center for appropriate local/remote IP address interfacing).

f. Set the appropriate encryption, Authentication and DHGroup as required. Make sure this settings

match with the peer IPsec connection.

3.

Create the IPsec VPN connection. Navigate to the ‘IPsec Connection’ tab and click the Add button.

a.

Set ‘IKE Connection Name = IKE_Tunnel_0’. This sets the security association of Internet Key

Exchange protocol ID used by IPsec security suite. This ID is recommended to be used on both
ends of the IKE IPsec configuration.

b.

Set ‘Remote Gateway = 100.65.3.118’. This is the destination transport IP address, i.e. the

remote endpoint interface of the IPsec tunnel. This is the same IP addre

ss of ‘Destination Public

Address’ in GRE tunnel settings and ‘Remote Subnet’ in IPsec tunnel settings

Note that in DMVPN

the remote gateway shall set to 0.0.0.0, since DMVPN automatically determine the address.

c. Set the

‘Authentication Method’ and the

associated pre-shared key or certification.

d. Set the appropriate encryption, Authentication and DHGroup as required. Make sure this settings

match with the peer IPsec connection.

e.

Set the ‘Associated Transport List’ by select the IPsec Tunnel name ‘IPsec_Tunnel_0’ from the

list.

«
...
165
166
167
168
169
...
»

Содержание Aprisa LTE

Страница 1: ...User Manual February 2021 Version 2 1 released with software build 2 1 00811003 ...

Страница 2: ......

Страница 3: ... Electrical and Electronic Equipment and WEEE Waste Electrical and Electronic Equipment environmental directives Restriction of hazardous substances RoHS The RoHS Directive prohibits the sale in the European Union of electronic equipment containing these hazardous substances lead cadmium mercury hexavalent chromium polybrominated biphenyls PBBs and polybrominated diphenyl ethers PBDEs 4RF has work...

Страница 4: ...could void the user s authority to operate the equipment Equipment authorizations sought by 4RF are based on the Aprisa LTE router being installed at a fixed restricted access location and operated within the environmental profiles defined in Table 1 operation outside these criteria may invalidate the authorizations and or license conditions Table 1 General Compliance Environmental Storage EN 300 ...

Страница 5: ...ser is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help WWAN LTE This product may contain...

Страница 6: ...6 Aprisa LTE User Manual 2 1 Compliance Canada ISED future compliance ...

Страница 7: ...S power supply with a maximum rating of 32V d c 100W is required to power the equipment The following text is printed on the Aprisa LTE WARNING EXPLOSION HAZARD Do not connect or disconnect while circuits are live unless area is known to be non hazardous The following text is printed on the Aprisa LTE where the end user is in Canada AVERTISSEMENT RISQUE D EXPLOSION Ne pas brancher ou débrancher ta...

Страница 8: ...er Manual 2 1 Symbols ISO 7000 0434B Exposure Warning Avertissement d exposition IEC 60417 5041 Potential hot surface hazard Risque potentiel de surface chaude ISO 7000 0434B Read the instructions Lis les instructions ...

Страница 9: ...te de câble dans une condition d exposition uniquement mobile ne doit pas dépasser les limites stipulées dans le tableau 3 La puissance rayonnée d un émetteur colocalisé ne doit pas dépasser la limite indiquée dans le tableau 3 Table 3 Antenna Compliance Requirements Operating mode Tx Freq Range MHz Max Time Avg Cond Power dBm Maximum Antenna Gain c EIRP Limits dBm Standalone dBi Collocated dBi LT...

Страница 10: ......

Страница 11: ...32 RS 422 RS 485 Interface 22 USB Interface 22 SFP Module Socket 22 LTE Architecture Overview 23 LTE Applications 25 Smart SCADA Applications 25 Transportation Applications 29 Smart City Applications 31 Network Backhaul Applications 32 Industrial Communication Applications 33 Leased Line Applications 34 DMVPN Service Applications 35 Dynamic Routing Applications 36 MP BGP 36 OSPF 37 LTE Product opt...

Страница 12: ...tor Adapters 58 Interface Connection and Cabling 59 Ethernet Interface Connections 59 Fibre Optic Connections 59 Serial RS 232 Interface Connections 60 Serial RS 422 RS 485 Interface Connections 61 USB 61 GPIO 62 Spares 63 Spare Fuses 63 Power Connectors 63 3 Managing the LTE 64 SuperVisor 64 SuperVisor Management Overview 65 Connecting to SuperVisor 65 Login to SuperVisor 66 Logout of SuperVisor ...

Страница 13: ...curity Setup 158 Security Users 159 Security RADIUS 162 Security VPN 165 Security SSH 177 Security HTTPS 178 Security SNMPv2 v3 180 Maintenance 184 Maintenance General 184 Maintenance Files 186 Maintenance Cellular 190 Maintenance Networking 192 Events 193 Events Alarm Summary 193 Events History Log 194 Events Setup 195 Events Action Setup 197 Events Trap Setup 199 Events Alarm I O Setup 202 Event...

Страница 14: ...1 Protocols 241 Wi Fi 241 Security 242 Interface Specifications 243 Ethernet Interface 243 Ethernet Interface with SFP 243 RS 232 Asynchronous Interface 244 General Purpose I O GPIO Pin Interface 245 Power Specifications 246 Power Supply 246 General Specifications 246 Environmental 246 Mechanical 246 7 Open Source License Statement 247 8 Trademarks and Service 247 Trademarks 247 Service 247 9 Prod...

Страница 15: ...ho have an appropriate level of training and experience Only such persons shall install and service the Aprisa LTE Contact Us If you experience any difficulty installing or using Aprisa LTE after reading this manual please contact Customer Support or your local 4RF representative The 4RF New Zealand head office is 4RF Limited 26 Glover Street Ngauranga PO Box 13 506 Wellington 6032 New Zealand E m...

Страница 16: ...prisa LTE router One power cable one metre fitted with 4 pin Molex Micro Fit 3 0 female connector and wire ended see Power Supply on page 51 One power connector power retention clip and screw The Aprisa LTE Quick Start Guide is available on the 4RF website at the URL Aprisa LTE Quick Start Guide ...

Страница 17: ...ations with redundant carrier connections for public and private networks Mobility and Wi Fi supporting advanced remote visibility in vehicle networks with GNSS location GNSS navigation and 2x2 MIMO Wi Fi access point client for robust workforce mobility and communication Advanced L2 L3 capabilities selectable L2 or L3 modes with VLAN QoS NAT IPv4 and IPv6 Transition support to maximize performanc...

Страница 18: ...et switch router using RJ45 connectors Used for Ethernet user traffic and product management See Ethernet Interface Connections on page 59 SERIAL One port of RS 232 RS 422 RS 485 serial using RJ45 connector See Serial RS 232 Interface Connections on page 60 and Serial RS 422 RS 485 Interface Connections on page 61 SFP SFP module socket see SFP Modules on page 41 The LTE router supplied with dust p...

Страница 19: ...tion 19 Aprisa LTE User Manual 2 1 Rear Panel Connections The rear panel connections to the LTE are Designator Description SIM cards 1 2 Removable plate for fitting of SIM cards See Installing a SIM on page 44 ...

Страница 20: ... the USB host port momentary and GPS position of poor quality hdop 5 when GNSS receiver enabled SFP LOS loss of signal detected LTE TX link in fallback to secondary SIM LTE RX link in fallback to secondary SIM Wi Fi in client mode and connected OK Flashing Orange Troubleshooting maintenance OTA software upgrade Management traffic on the USB port or receive invalid position from GNSS LTE TX traffic...

Страница 21: ...32 482 422 RJ45 LED Indicators LED Position front facing LED Name LED Color Explanation Right Link LED Off Port is disabled or not connected or link failed Solid Green Port link detected and connected Left Activity LED Off No data traffic detected on port Flashing Orange Data traffic detected on port ...

Страница 22: ...ket for fitting 2 x micro SIM cards Ethernet Interface 2 port 10 100 1000 base T Ethernet layer 2 switch using RJ45 female connector Used for Ethernet user traffic and modem network management RS 232 RS 422 RS 485 Interface 1 port RS 232 RS 422 RS 485 asynchronous port using RJ45 female connector USB Interface 1 x USB port using USB standard type C female connector Used for software upgrade diagno...

Страница 23: ...he technology related to a core network The EPC is based on IP as the transport technology for data and control plane including for instance voice service PCC The PCC Policy and Charging Control framework allows operators to control the service a customer receives over the network and its billing services based on time or data volume or event occurring based on the network state and SDF Service Da...

Страница 24: ...ent Tracking Area TAI and handover management EPS bearer management S GW An S GW terminates the interface towards an E UTRAN It serves as the local mobility anchor point of data connections for inter eNB and inter 3GPP handover P GW A P GW provides a UE with access to a PDN by assigning an IP address from the address space of the PDN The P GW serves as the mobility anchor point for handover betwee...

Страница 25: ...ter functions The Aprisa LTE supports the following market segments Smart SCADA Transportation Smart City Backhaul Industrial Communication Smart SCADAApplications The Aprisa LTE supports the following smart SCADA applications Smart Grid communication platform for self healing management power outage resiliency for security physical attack supply demand side management SSM DSM and balancing of pow...

Страница 26: ... WLAN for local office connectivity or for local secure device management The Aprisa LTE supports Ethernet serial using the embedded terminal server fiber optic SFP Wi Fi connection with RTU PLC supporting all IP serial SCADA protocols The user can disable or create local LAN switch bridge with all or part of the remaining interfaces not used at or toward the WAN side of the network Figure 2 Smart...

Страница 27: ...g path metric priority Figure 4 Smart SCADA LTE path and Any Interface Alternate Path Application The Aprisa LTE can be used in harsh environments like electrical substations supporting IEEE 1613 requirements for communications networking devices installed in electric power substations and IEC 61850 3 general requirements for communication networks and systems for power utility automation standard...

Страница 28: ...uling Application In a smart SCADA workforce vehicle mobility application the Aprisa LTE provides the field technician onsite Wi Fi WLAN local connectivity and communication path to the HQ control center The control center can track the vehicle on a map for security e g theft auditing including GNSS location speed and heading and read online self diagnostics and reporting alerts state of the vehic...

Страница 29: ... a local Wi Fi WLAN communication to connect to the public internet and provide the public management center the ability to track the train bus location on a map view the security cameras and read the bus diagnostic and alerts status as shown in Figure 8 Figure 8 Public Transportation Application The Aprisa LTE in a fleet management application provides the corporate fleet management center the ab...

Страница 30: ...ding GNSS location speed and heading read online vehicles self diagnostics and reporting alerts state when ODB II interface is connected via an adapter e g USB Wi Fi to the Aprisa LTE The Aprisa LTE also provides communication to the vehicle built in computer and Wi Fi connectivity to bodycams on ambulance doctors police firefighters as shown in Figure 10 Figure 10 Public Safety Application ...

Страница 31: ...applications A communication platform for city service streetlight traffic light and video security The Aprisa LTE in a smart city application provides communication to city security video cameras connected via Ethernet or Wi Fi traffic lights and streetlight for city control center Figure 11 Smart City Application ...

Страница 32: ...work backhaul applications SCADA backhauling AMI AMR backhauling DMR backhauling The Aprisa LTE in a network backhauling application provides LTE backhauling communication network to smart SCADA licensed unlicensed radio network and to AMI AMR network as shown in Figure 12 Figure 12 Network Backhauling Application ...

Страница 33: ...router communication platform Underground sewerage Wi Fi communication platform The Aprisa LTE in an industrial communication application provides a networking switch router device functionality in a substation or industrial site and or a terminal server device to connect a legacy serial device e g serial RTU to an IP network without the need to use the LTE network as shown in Figure 13 Figure 13 ...

Страница 34: ...N leased line Any leased line topology supported point to point PTP point to multipoint PMP and multipoint mesh MPMP Supports any endpoint interface to any endpoint interface e g Ethernet fiber copper Serial The Aprisa LTE in a leased line application provides the required connectivity between endpoints with different interfaces across the LTE network with the ability to control the bandwidth and ...

Страница 35: ...point GRE mGRE Tunnel IPSec and NHRP Next Hop Resolution Protocol for a flexible virtual point to multipoint or full mesh secure VPN network Can be used over dynamic routing protocols such as BGP and OSPF or static routes The Aprisa LTE DMVPN service application supports the following benefits Secure full mesh connectivity built for any service s over the internet private network Replace or used a...

Страница 36: ...routing protocol OSPF EIGRP etc and thus useful in organization with multiple IGP routing domains or with multiple ISP Cell Operator connections MP BGP introduce the following benefits When BGP is running inside routing domain AS Autonomous System used as internal iBGP and between AS used as external eBGP Interworks with all IGP protocols OSPF EIGRP etc and IPv4 v6 multicast unicast MP BGP Support...

Страница 37: ...route injection into extension of stub area and ABRs Area Border Routers route aggregation to reduce route info OSPF providing fast convergence time since routing changes are propagated instantaneously in short time and not periodically OSPF allows load balancing OSPF allows the concept of logical area division of networks where routers can be divided into areas in an Autonomous System AS to limit...

Страница 38: ...26 B29 B30 B32 B41 B42 B43 B46 B48 B66 M003 EM7455 Cat 6 2CA 300 Cat 6 2CA 50 B1 B2 B3 B4 B5 B7 B12 B13 B20 B25 B26 B29 B30 B41 M004 EM7430 Cat 6 2CA 300 Cat 6 2CA 50 B1 B3 B5 B7 B8 B18 B19 B21 B28 B38 B39 B40 B41 Downlink only Carrier Aggregation Network Modules The Aprisa LTE provides the following Network Module options Network Module Function Part Number Option N00 No network module fitted to ...

Страница 39: ...f a tamper is detected this device will immediately erase the encryption key in the battery backed tamper protected memory Factory default settings are immediately loaded and a tamper event is added at the next boot It uses a pluggable 3V lithium battery to power the tamper circuits while the router is not powered CAUTION There is a risk of fire or explosion if the lithium battery is replaced by a...

Страница 40: ...carrier APLT M001 N01 P0 V0 T0A0 T1 Tethered to AT T APLT M001 N01 P0 V0 T1A0 T2 Tethered to Verizon APLT M001 N01 P0 V0 T2A0 Wi Fi Region The Aprisa LTE region options Option Function Part Number Option A0 No Region APLT M001 N01 P0 V0 T0A0 A1 FCC APLT M001 N01 P0 V0 T0A1 A2 ICES APLT M001 N01 P0 V0 T0A2 A3 ETSI APLT M001 N01 P0 V0 T0A3 ...

Страница 41: ...tance up to 2 0 km on multi mode fibre Operating temperature range 0 to 70C APLB MSFP 131 SM SW 10ST Aprisa LTE SFP Module Up to 1 Gbit s bi directional data links Fibre Optic 1310nm single mode single wavelength Connector LC Duplex Distance up to 10 km on 9 125µm single mode fibre Operating temperature range 0 to 70C APLB MSFP 131 SM SW 40ST Aprisa LTE SFP Module Up to 1 Gbit s bi directional dat...

Страница 42: ...t Cables 5 2m black WiFi LTE cable LMR 195 GNSS cable LMR 100 APLB AONI CBR NF Aprisa LTE omnidirectional low PIM collinear antenna operates over the CBRS band 3550 3700 MHz Dimensions diameter x height mm inches 25 4 x 257 1 0 x 10 0 Polarization Vertical Linear Connectors N type Female Gain 6 8 dBi APLB APNL 3GH DP NF Aprisa LTE 3 3 4 01 GHz dual polarization dual slant panel antenna Dimensions ...

Страница 43: ...Micro Fit 3 0 female connector and wire ended Cable length 1m Pin 1 Red ve Power Input Pin 2 Black ve Power Input Pin 3 Green Digital Input Pin 4 White Digital Output APLB PPWR X10 Aprisa LTE power cable fitted with 4 pin Molex Micro Fit 3 0 female connector and wire ended Cable length 10m Pin 1 Red ve Power Input Pin 2 Black ve Power Input Pin 3 Green Digital Input Pin 4 White Digital Output ...

Страница 44: ...crews 5 Turn the LTE power on 6 Go to SuperVisor Cellular SIM 1 2 to view the SIM status 7 Go to SuperVisor Cellular General to enable assign the SIM to a PDN Profile see Cellular General on page 83 Attach the Cellular LTE GNSS and Wi Fi Antennas Attach either separate antennas for LTE GNSS and for Wi Fi or a single combo antenna to the appropriate QMA connectors See Antennas on page 42 for antenn...

Страница 45: ...uperVisor Interfaces Networking SFP for SFP settings Hardware Restoring of Factory Defaults The Aprisa LTE factory defaults can be restored via a 2 pin header on the board assembly To restore the Aprisa LTE factory default configuration 1 Power off the LTE 2 Open the LTE enclosure by unscrewing the securing screws posi 2 see enclosure picture on page 237 3 Short the two pins of the RESET header as...

Страница 46: ... APN navigate to Cellular General and set the active backup APNs per your installed SIM s Wi Fi Network Name and password if router was ordered with Wi Fi navigate to Interfaces Networking WiFi click the Edit button and set under Interface Configuration the ESSID WiFi network name and the password If you are currently using the router s Wi Fi network you will need to reconnect your devices to the ...

Страница 47: ...ctivate Aprisa LTE software 1 Download the software file 4nu into your computer 2 Login to SuperVisor and go to Software File Transfer The method is set to HTTPS 3 Click Start Transfer 4 Browse to the 4nu software file stored on your computer The software release file will be transferred to the LTE Available Software Pack location and the file integrity verified If the file transfer fails check th...

Страница 48: ...rom a USB flash drive in to the Aprisa LTE and activated rebooted automatically Load Only New software will be uploaded from a USB flash drive in to the Aprisa LTE The software will need to be manually activated later see Software Manager on page 212 3 Insert the USB flash drive into the LTE host port The AUX LED will light green indicating the presence of a USB flash drive It does not indicate th...

Страница 49: ...ash active firmware To load and activate later Aprisa LTE software from a remote FTP server 1 Open the CLI interface see Command Line Interface on page 226 2 Type copy ftp username password server ip or name file path and name flash available firmware To activate already loaded Aprisa LTE software 1 Open the CLI interface see Command Line Interface on page 226 2 Type copy flash available firmware ...

Страница 50: ...ate antennas for LTE GNSS and for Wi Fi or a single combo antenna to the appropriate QMA connectors on the LTE Turn the power source on Connect your PC to one of the Ethernet ports and login to SuperVisor with admin admin Setup the correct SIM slot and APN name to use in SuperVisor Cellular settings Test the setup by verifying internet connectivity Check the SuperVisor Monitoring page that the LTE...

Страница 51: ...ded is supplied in the box with each LTE Additional power cables of the same type can be ordered from 4RF as accessories Part Number Part Description APLB PPWR X01 4RF LTE Acc Cable Power 1m APLB PPWR X10 4RF LTE Acc Cable Power 10m Wire your power source to the power cable and plug the connector into the LTE Spare Molex Micro Fit 3 0 connectors can be ordered from 4RF Part Number Part Description...

Страница 52: ...C the Aprisa LTE must be installed within a restricted access location to prevent human contact with the enclosure heat sink ATTENTION Si l Aprisa LTE fonctionne dans un environnement où la température ambiante dépasse 50 C l Aprisa LTE doit être installé dans un endroit à accès restreint de manière à éviter tout contact humain avec le dissipateur de chaleur du boîtier WARNING The Aprisa LTE can b...

Страница 53: ...th connection point on the top left of the enclosure A M4 8mm pan pozi machine screw and M4 lock washer is supplied fitted to the router This screw is used to earth the enclosure to a protection earth A minimum of 0 8 mm2 18 AWG wire shall be used and it shall not contain switches or protective devices ...

Страница 54: ...s The Aprisa LTE has four threaded holes M4 in the enclosure base and two holes 5 2 mm through the enclosure for mounting Mounting options include DIN rail mounting with the Aprisa LTE DIN Rail Mounting Bracket Rack shelf mounting Wall mounting Outdoor enclosure mounting ...

Страница 55: ...to enable the mounting on a standard DIN rail Part Number Part Description APLB MBRK DIN 4RF LTE Acc Mounting Bracket DIN Rail The Aprisa LTE is mounted into the DIN rail mounting bracket using the four M4 threaded holes in the Aprisa LTE enclosure base Four 8 mm M4 pan pozi machine screws are supplied with the bracket ...

Страница 56: ...ommended 3 1 worst case On all bands including band edges Total radiated efficiency 50 on all bands Measured at RF connector Includes mismatch antenna loss but excludes coaxial loss Radiation pattern Nominally Omni directional radiation pattern in azimuth plane Envelope correlation coefficient between Main and Diversity 0 5 on Rx bands below 960 MHz 0 2 on Rx bands above 1 4 GHz Mean Effective Gai...

Страница 57: ... Gain Maximum gain and uniform coverage in the high elevation angle and zenith Gain in azimuth plane is not desired Average 3D gain 5 dBi Isolation between GNSS and Ant1 10 dB in all uplink bands Typical VSWR 2 5 1 Polarization Any other than LHCP left hand circular polarized is acceptable Active GNSS Antenna Where an active GNSS antenna is used a 3 15 V d c supply at up to 100 mA is available at ...

Страница 58: ...E Router Installation Aprisa LTE User Manual 2 1 RF Connector Adapters Part Number Description APLB AQMM SMF QMA Male to SMA Female Adapter APLB AQMM SMP QMA Male to SMA Male Adapter reverse outer conductor ...

Страница 59: ...TX _D1 Transmit Output Green Orange 3 RX _D2 Receive Input Orange white Green white 4 BI _D3 Bi directional Bi directional Blue Blue 5 BI _D3 Bi directional Bi directional Blue white Blue white 6 RX _D2 Receive Input Orange Green 7 BI _D4 Bi directional Bi directional Brown white Brown white 8 BI _D4 Bi directional Bi directional Brown Brown Fibre Optic Connections SFP modules available as accesso...

Страница 60: ... Blue white 6 RXD Output Orange Green 7 DSR Output Brown white Brown white 8 CTS Output Brown Brown Note The TIA 568B wiring is the most commonly used and matches the cables we supply RS 232 Customer Cable Wiring Aprisa LTE RS 232 Interface DCE DTE Customer Interface DCE Customer Interface RJ45 Pin Number Pin Function Direction Pin Function DB9 Male Pinout Pin Function DB9 Female Pinout 1 RTS Inpu...

Страница 61: ...ns RS 422 Serial Interface pinout RJ45 Pin Number Pin Function 1 TX 2 3 TX 4 Ground 5 6 RX 7 8 RX RS 485 Serial Interface pinout RJ45 Pin Number Pin Function Full Duplex Half Duplex 1 TX TX RX 2 3 TX TX RX 4 Ground Ground 5 6 RX 7 8 RX USB The LTE USB connector is a standard USB type C connector ...

Страница 62: ...use e g door open close or operating a camera remotely See General Purpose I O GPIO Pin Interface on page 245 for the interface specification GPIO Digital Input Pin3 of the Molex Micro Fit connector used for the following functions Programmable ignition turn on and turn off delays Programmable sleep modes Input sensing for protection systems GPIO Digital Output Pin 4 of the Molex Micro Fit ...

Страница 63: ...iption APLS FNAN 454 05 02 4RF LTE Spare Fuse Nano SMF 454 Series 5A 2 Items APLS FNAN 454 05 10 4RF LTE Spare Fuse Nano SMF 454 Series 5A 10 Items APLS FNAN 454 05 50 4RF LTE Spare Fuse Nano SMF 454 Series 5A 50 items Power Connectors Part Number Part Description APLS CML4 FEM 01 4RF LTE Spare Connector Molex 4 Pin Micro Fit 3 0 Female 1 item ...

Страница 64: ...soft Edge SuperVisor enables operators to configure and manage the Aprisa LTE The key features of SuperVisor are Full element management configuration and diagnostics Performance and alarm monitoring alarm states time stamped events etc View and set standard configuration parameters including Cellular settings see Cellular General on page 83 Set and view security parameters User management Operate...

Страница 65: ...th a subnet mask of 255 255 255 0 To change the Aprisa LTE IP address 1 Set up your PC for a compatible IP address e g 192 168 4 100 with a subnet mask of 255 255 255 0 2 Connect your PC network port to one of the Aprisa LTE Ethernet ports 3 Open a browser and enter 192 168 4 1 4 Login to the LTE router with the default username admin and password admin 5 Go to Interfaces Networking Logical Interf...

Страница 66: ...sa LTE has a randomly generated unique self signed ECC256 security certificate which may cause the browser to prompt a certificate warning The valid certificate is Issued By 4RF APRISA which can be viewed in the browser When connecting to a remote device for first time you should manually load the certificate before connecting Once you have added the exception to your browser if a warning is shown...

Страница 67: ...see Security Users Accounts on page 160 Logout of SuperVisor As the maximum number of concurrent users that can be logged into an LTE router is 6 not logging out correctly can restrict access to the LTE router until after the timeout period 30 minutes If the SuperVisor window is closed without logging out the LTE router will automatically log the user out after a timeout period of 3 minutes To log...

Страница 68: ... Branding Bar The branding bar at the top of the SuperVisor frame shows the branding of SuperVisor on the left and the product branding on the right SuperVisor Alarm Bar The alarm bar shows the name of the LTE router that SuperVisor is logged into on the left The LED alarm indicators reflect the status of the front panel LEDs on the LTE router ...

Страница 69: ...ead Write Interfaces Networking USB No Access No Access Read Write Read Write Interfaces Networking WiFi No Access No Access Read Write Read Write Interfaces Networking Logical Interfaces No Access No Access Read Write Read Write Interfaces Networking Static Routes No Access No Access Read Write Read Write Interfaces Networking DHCP and DNS No Access No Access Read Write Read Write Interfaces Netw...

Страница 70: ...ummary Read Only Read Only Read Only Read Only Software Setup No Access No Access Read Write Read Write Software File Transfer No Access No Access Read Write Read Write Software Manager No Access No Access Read Write Read Write Monitoring Terminal Read Only Read Only Read Only Read Only Monitoring Cellular Read Only Read Only Read Only Read Only Monitoring Ethernet Read Only Read Only Read Only Re...

Страница 71: ...r Settings Changes to parameters settings have no effect until the Save button is clicked Click the Save button to apply the changes or Cancel button to restore the current value Terminal Terminal Summary TERMINAL SUMMARY This page displays the current settings for the Terminal parameters Terminal Details on page 72 and Terminal Device on page 74 for setting details ...

Страница 72: ...etails This page displays the current device hardware details MANUFACTURING DETAILS Serial Number This parameter displays the Serial Number of the device shown on the enclosure label Part Number This parameter displays the LTE part number ...

Страница 73: ...splays the SFP port MAC Address Active Software Version This parameter displays the version of the software currently operating the device Previous Software Version This parameter displays the software version that was running on the device prior to the current software being activated A new device from the factory will display None for the Previous SW Version WiFi MAC Address This parameter displ...

Страница 74: ...racters but cannot contain invalid characters A popup warns of the invalid characters 1 Enter the device Terminal Name 2 Enter the device Host Name 3 Enter the device Location of the router 4 Enter a Contact Name 5 Enter the Contact Details 6 Enter the Group Id This is the Aprisa LTE router virtual group for NMS visual purpose or group operational purpose The default value is 0 ...

Страница 75: ...e not sure use the Select All to select all bands or select only the supported bands to minimize band search and connection time or restoration time 2 On the same page set the cellular operator APN name that identifies the PDN Gateway P GW to create the connection to the PDN WAN network Setup the required active SIM IP version and roaming and enable the service connection Enabling roaming allows t...

Страница 76: ...76 Aprisa LTE User Manual switch to the next lower priority enabled PDN under the PDN Profile Settings see Cellular General ...

Страница 77: ... connects to another available cellular network operator high charges might apply 3 In case of APN backup connection requirements setup a second APN name identifier a backup APN connection per each cellular operator i e a total of four 4 APNs two per each SIM operator Note The order of the APN settings is important since the first APN is the highest priority followed by lower priority APNs and in ...

Страница 78: ...Manufacturer Displays the modem manufacturer Model Displays the modem model number IMEI Displays the International Mobile Equipment Identifier IMEI a unique 15 or 17 digit code used to identify an individual mobile station to a GSM UMTS or LTE network This number is stored in the cellular modem ...

Страница 79: ...nds supported by the installed LTE module and the carrier see LTE Modules on page 38 Enabled Bands Displays the list of bands enabled in this LTE see Cellular General on page 83 Carrier Aggregation When enabled allows carrier aggregation to take place Modem State Displays the cellular modem state The values can be Failed Unknown Initializing Locked Disabled Disabling Enabling Enabled Searching Reg...

Страница 80: ...number to the SIM card in a mobile cellular phone SIM Slot Indicates whether SIM is present or removed from the socket and its current status It can take values 1 or 2 SIM PIN Displays if this SIM requires a PIN or not Enabled indicates a PIN is required for this SIM Disabled indicates that no PIN is required for this SIM SIM Status Displays the SIM status Not locked Locked PIN Locked PUK Present ...

Страница 81: ... Not Connected Registration State Displays the Registration state Unknown Registered Home Current Band Displays the band to which the modem is currently attached APN in Use Displays the current Access Point Name APN in use The APN is an identifier that lives in the LTE core network Cellular IPv4 Address Displays the current Cellular IPv4 Address Cellular IPv6 Address Displays the current Cellular ...

Страница 82: ...tallation phase to validate it is connected to the appropriate eNB ID and cell sector per the RF path planning eNB ID Evolved NodeB Identifier eNB is a decimal number used to identify an eNB uniquely within an operator mobile network or Public Land Mobile Network PLMN The eNB ID can have either 20 bits or 28 bits It is also comprised within the Global eNB ID which uniquely identifies an eNB global...

Страница 83: ...t to connect to the highest priority PDN and switching between PDN due to connection failure is controlled by the Redundancy Settings configuration parameters see Cellular Carrier Redundancy on page 85 For example the user may set four different PDN connections on a single cellular operator i e using a single SIM1 card slot where the first PDN will serve as the highest priority followed by lower p...

Страница 84: ...witching from the home network i e the SIM operator network to the roaming network when the Aprisa LTE is being used outside the range of its home network and connects to another available cellular network the roaming network When on the roaming network charges may be applied per customer contract Note This option is useful if the Aprisa LTE frequently crosses between network operator or between b...

Страница 85: ...n a roaming network before it automatically switches to a secondary next lower priority PDN If after switching the secondary PDN network is not available for the initial scan timeout duration then the connection return to the roaming service network for another roaming timeout time The roaming timeout value is unlimited but the recommended range is between 600 15 000 seconds The default value is 6...

Страница 86: ...ction then next lower priority PDN profile is used If there are no lower priority PDNs then first highest priority PDN profile is used The idle scan timeout value is unlimited The default value is 120 seconds 2 minutes Revert Mode This parameter controls which PDN profile to select when attempting to revert to a PDN network profile First PDN or Previous PDN Controls Start button starts the heath c...

Страница 87: ... address type to IPv4 or IPv6 Ping Destination IP Address This parameter sets the destination IP address for the pings Inter ping Interval s This parameter sets the time in seconds between pings Ping Timeout s This parameter sets the maximum amount of time in seconds to wait for a ping result Link Failure Ping Threshold s This parameter sets the number of failed ping attempts to the destination ad...

Страница 88: ...s parameter enables disables SIM PIN SIM PIN This parameter sets the SIM PIN The pin must be between 4 and 8 characters Preferred Provider This parameter sets the Preferred Provider e g None AT T Verizon Wireless etc SIM Status This parameter displays the SIM status e g Not Locked Locked SIM PIN Retries Remaining This parameter displays the number of SIM PIN retries remaining when entering the SIM...

Страница 89: ...he Short Message Service control command SMS Control Command Password This parameter sets the Short Message Service control command password The password is used to verify commands sent to the Aprisa LTE over SMS SMS messages must be sent in the format of password space command e g if password is passabc then the command to reboot the Aprisa LTE using SMS will be passabc reboot ...

Страница 90: ...lays the current GNSS values LOCATION SUMMARY Position Coordinates The current GNSS latitude longitude and altitude Heading degrees The current direction in degrees Speed kph The current speed in kilometers per hour Last Updated The last time the GNSS data was updated ...

Страница 91: ...for calculations but the fix quality could still be improved A more open view of the sky is recommended 10 20 Fair Represents a low confidence level Positional measurements should be discarded or used only to indicate a very rough estimate of the current location 20 Poor At this level measurements are inaccurate by as much as 300 meters with a 6 meter accurate device 50 DOP 6 meters and should be ...

Страница 92: ... disables GNSS Active Antenna This parameter enables disables the GNSS antenna power 3 3V Log Interval min This parameter sets the interval in seconds between GNSS log entries 0 disables GNSS logging The default is 600 seconds Position Coordinates This parameter manually sets the position latitude and longitude Status The last know GNSS status ...

Страница 93: ... 93 Aprisa LTE User Manual 2 1 Interfaces Networking Interfaces Networking Summary This page displays the current settings for all interfaces and the status of the ports See the Interfaces Networking pages for settings ...

Страница 94: ...or display Mode This parameter controls the enable disable of the Ethernet port The default setting is Standard Option Function Standard Ethernet Port is in standard operation Disabled Ethernet port is disabled Useful when the port is unused or when user would like to save in power consumption Speed Mbit s This parameter controls the traffic rate of the Ethernet port The default setting is Auto Op...

Страница 95: ... LTE 95 Aprisa LTE User Manual 2 1 Duplex This parameter controls the transmission mode of the Ethernet port The default setting is Auto Option Function Auto Provides auto selection of Ethernet Port duplex setting ...

Страница 96: ...on Standard SFP Port is in standard operation Disabled SFP port is disabled Useful when the port is unused or when user would like to save in power consumption Speed Mbit s This parameter controls the traffic rate of the Ethernet port The default setting is Auto Option Function Auto Provides auto selection of SFP Port Speed 10 100 1000 Mbit s Duplex This parameter controls the transmission mode of...

Страница 97: ...arameters SERIAL PORTS SETTINGS Name This parameter sets the port name which can be up to 32 characters Mode This parameter defines the mode of operation of the serial port The default setting is Standard Option Function Disabled The serial port is not required Terminal Server Serial traffic is encapsulated in IP packets ...

Страница 98: ...ired at the end of the bus pair RS 485 Full Duplex RS 485 full duplex provides multi drop two way communication between a master device and up to 32 slave devices on a 4 wire bus With Full Duplex data can pass simultaneously both to and from the devices A 120 ohm termination is required at the end of each pair of the bus MTU Size bytes This parameter sets the size of the packet in bytes received b...

Страница 99: ...ode this parameter sets the period the between the CTS being set and data being transmitted The default setting is 0 ms CTS Hold ms In CTS Keying mode this parameter sets the period the between the end of the data and CTS being cleared The default setting is 0 ms Inter Frame Gap chars This parameter defines the gap between successive serial data frames It is used to delimit the serial data to defi...

Страница 100: ...nnector The default setting is Auto Option Function Auto For RS232 mode only the link LED is on if either CTS or DSR is asserted by peer device or if data has been received in last 10 seconds If using RS422 HD RS232 FD or RS485 the link LED is always on Always On The link LED is always on regardless of link status ...

Страница 101: ...isten for a TCP connection on the specified local port and if necessary establish a TCP connection with the specified remote unit Data received from any client shall be forwarded to the associated serial port while data received from that serial port shall be forwarded to every client with an open TCP connection Inactivity Timeout seconds This specifies the duration in seconds to automatically ter...

Страница 102: ...d 162 snmp The default setting is 20000 The user is responsible for ensuring that there is no conflict on the network Remote Address This parameter sets the IP address of the server connected to the LTE Ethernet port When the remote address port is configured as 0 0 0 0 0 each outgoing UDP packet will be sent to the source address of the last received UDP packet Remote Port This parameter sets the...

Страница 103: ...his page provides setup of the USB host port parameters USB DETAILS Mode This parameter defines the mode of operation of the USB port The default setting is USB Host Option Function Disabled The USB port is not required USB Host The USB port is active for software upgrades etc ...

Страница 104: ...E User Manual Interfaces Networking WiFi This section provides setup of the WiFi port parameters Scan Button The Scan Button scans for Wi Fi networks Edit Button The Edit Button edits the Wi Fi device configuration ...

Страница 105: ...int s MAC address The SSID keeps the packets from client device within the correct WLAN even when overlapping WLANs are present However there are usually multiple APs and their associated clients within each WLAN and BSSID is the AP identifier which makes the bound between AP and its clients and included in all wireless packets User client device are aware to the network SSID but usually unaware t...

Страница 106: ...ctions with them Client In Client mode the wireless client is assigned an IP from the associated AP and is able to access to wired network through associated AP ESSID This parameter sets the WiFi ESSID The Extended Service Set Identifier ESSID consists of all the BSSIDs in the network For practical purposes the ESSID identifies the same network as the SSID The default setting is AprisaLTE Network ...

Страница 107: ...WEP Shared key Wired Equivalent Privacy WEP is an older Wi Fi security standard It is not secure and should only be used for compatibility with older equipment WPA PSK Wi Fi Protected Access WPA is an older Wi Fi security standard that is still in common use WPA2 PSK WPA2 is an enhanced version of WPA which provides improved security WPA2 PSK Pre Shared Key is commonly used in home and small offic...

Страница 108: ...CL Allow all Except Listed MACs Allow access to all MAC addresses except those in the Wi Fi MAC access control list ACL WiFi Interface Configuration MAC Advanced Settings This page provides setup of the WiFi Advanced Settings Isolate Clients This parameter confines and restricts clients connected to the Wi Fi network When enabled clients cannot communicate with each other or with wired network whe...

Страница 109: ...8 This is normally a 48 prefix within the fd00 8 range defined in RFC4192 The default value is randomly generated and different on each Aprisa LTE If your organization uses ULA addressing this should be modified to the appropriate prefix Controls Restart This restarts the interface which causes the interface to be disabled with link status down then restarted This will clear address tables learnt ...

Страница 110: ...110 Aprisa LTE User Manual ...

Страница 111: ...ows assignment of one or more IPv4 and or IPv6 static addresses along with manual configuration of default gateway DHCP Client Allows automatic configuration of IPv4 address netmask gateway and DNS servers through the DHCP protocol DHCPv6 Client Allows automatic configuration of IPv6 from any combination of stateless DHCPv6 stateful DHCPv6 DHCPv6 PD and SLAAC Create a bridge over multiple interfac...

Страница 112: ... Custom VLAN interface This allows creation of virtual 802 1q VLAN tag interfaces For example entering eth1 100 creates an interface that uses 802 1q packets with VLAN id 100 on ETH1 Custom VLAN bridge To pass for example VLAN id 100 between ETH1 and ETH2 enter eth1 100 and eth2 100 To create a VLAN bridge with ETH1 having id 100 ETH2 having id 200 and SFP being a trunk port First create a new log...

Страница 113: ...n of default gateway DHCP Client Allows automatic configuration of IPv4 address netmask gateway and DNS servers through the DHCP protocol DHCPv6 Client Allows automatic configuration of IPv6 from any combination of stateless DHCPv6 stateful DHCPv6 DHCPv6 PD and SLAAC IPv4 Address When the Protocol is set to Static Address this sets the static IP Address of the radio Management and Ethernet ports a...

Страница 114: ...ny DNS servers available on this interface This is the same as the settings in windows networking IPv6 assignment length This parameter is only present for a static interface configuration Specifies the delegated prefix length for this interface IPv6 assignment hint This parameter is only present for a static interface configuration Specifies a sub prefix to use e g if assignment length is 64 and ...

Страница 115: ...eam facing interfaces Usually relevant to ports using DHCPv6 protocol although can sometimes apply in other unusual topologies Override MTU This parameter sets the MTU Maximum Transmission Unit largest possible size of a data packet between 0 and 1500 The default setting is 1500 Use gateway metric Any gateways on this interface either statically assigned or automatically discovered e g through DHC...

Страница 116: ...n logical interfaces By default the LAN is a bridge of ETH1 and ETH2 ports If the user wishes to include the SFP1 port default as WAN interface in the LAN bridge the WAN interface must be deleted first and then add the SFP1 port to the LAN bridge If the user wishes to change the ETH1 and ETH2 default LAN bridge interface to Router port each with its own IP subnet the LAN is changed to not bridged ...

Страница 117: ...naging the LTE 117 Aprisa LTE User Manual 2 1 Interface Select the physical interface e g ETH1 ETH2 or SFP that this logical interface covers If Bridge interfaces is selected then you may select multiple ...

Страница 118: ... firewall settings of a static address interface Create Assign firewall zone Choose the firewall zone you want to assign to the interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it ...

Страница 119: ...protocol The default setting is DHCP Client Option Function Static Address Allows assignment of one or more IPv4 and or IPv6 static addresses along with manual configuration of default gateway DHCP Client Allows automatic configuration of IPv4 address netmask gateway and DNS servers through the DHCP protocol DHCPv6 Client Allows automatic configuration of IPv6 from any combination of stateless DHC...

Страница 120: ... default gateway When selected the default route provided by the DHCP server will be added to the routing table Use DNS servers advertised by peer If this parameter is selected the DNS server advertised by the DHCP server is used Use gateway metric Any gateways on this interface either statically assigned or automatically discovered e g through DHCP will be assigned this metric when added to the r...

Страница 121: ...ETH1 ETH2 or SFP that this logical interface covers If Bridge interfaces is selected then you may select multiple Enable STP Only for bridged interfaces using Spanning Tree Protocol This is designed to prevent loops in L2 networks Enable this protocol if there is any chance of a loop If connecting to narrow band links such as Aprisa SR it is often advisable to disable the STP protocol Enable IGMP ...

Страница 122: ... firewall settings of a DHCP Client interface Create Assign firewall zone Choose the firewall zone you want to assign to the interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it ...

Страница 123: ...gh the DHCP protocol DHCPv6 Client Allows automatic configuration of IPv6 from any combination of stateless DHCPv6 stateful DHCPv6 DHCPv6 PD and SLAAC Request IPv6 Address This parameter specifies how prefix allocation is requested Option Function Try Ask server for prefix but accept whatever is given Force Keep requesting if server gives smaller prefix Disabled Don t specify prefix length in requ...

Страница 124: ...relevant to ports using DHCPv6 protocol although can sometimes apply in other unusual topologies Use default gateway If this parameter is active a default gateway discovered with RA protocol will be added to the routing table Use DNS servers advertised by peer If this parameter is active the DNS server advertised by the DHCPv6 server is used Override MTU This parameter sets the MTU Maximum Transmi...

Страница 125: ...g ETH1 ETH2 or SFP that this logical interface covers If Bridge interfaces is selected then you may select multiple Enable STP Only for bridged interfaces using Spanning Tree Protocol This is designed to prevent loops in L2 networks Enable this protocol if there is any chance of a loop If connecting to narrow band links such as Aprisa SR it is often advisable to disable the STP protocol Enable IGM...

Страница 126: ... firewall settings of a DHCPv6 Client interface Create Assign firewall zone Choose the firewall zone you want to assign to the interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it ...

Страница 127: ...ult value is 100 Limit This parameter sets the number of addresses the DHCP server can lease out Continuing from the above example if the start address is 192 168 4 100 and the server can lease out 150 default limit value available addresses will be from 192 168 4 100 to 192 168 4 249 The default value is 150 Lease time This parameter sets duration of an IP lease Leased out addresses will expire a...

Страница 128: ...ngs IPv4 Netmask This parameter overrides the LAN netmask sent to DHCP clients The default value is 255 255 255 0 DHCP Options This parameter allows additional options to be sent by the DHCP server to clients For example with 26 1470 or option mtu 1470 you can inform clients of the specified MTU value ...

Страница 129: ...Advertisement packets NDP Proxy This parameter when in relay mode acts as a proxy for Neighbour Discovery ND packets This is generally required when DHCPv6 or Router Advertisement acting as a relay When in hybrid mode chooses when to proxy automatically Always announce default router This parameter selects this device is advertised as a default route through Router Advertisement packets even if th...

Страница 130: ...130 Aprisa LTE User Manual ...

Страница 131: ...each the route destination Target This parameter specifies the single IP such as 192 168 100 100 or a network such as 192 168 100 0 that this route can reach Netmask For a network this parameter specifies the netmask For example specify 255 255 255 0 if the network is 192 168 100 0 24 Gateway This parameter sets the gateway IP address where packets will be forwarded to a router with this IP addres...

Страница 132: ...nother value that help the router choose the best route among multiple feasible routes to a destination The metric value based on information such as path length bandwidth load hop count path cost delay that may be used by the different routing protocols The lowest Metric value has the highest priority route Metric value range is 0 to 16 777 215 Example if packet destination address is 10 10 10 10...

Страница 133: ...STATIC IPv6 ROUTES Interface Same as for IPv4 Target If the target is a single address specify it directly eg 2402 2380 305 3100 834 If it is a network specify in CIDR notation eg 2402 2380 305 3100 64 Gateway Same as for IPv4 Metric Same as for IPv4 ...

Страница 134: ...nd DNS DHCP and DNS General Settings This page provides setup of the DHCP and DNS servers Authoritative When enabled this parameter relaxes strict RFC behaviour to speed up clients obtaining leases but should only be enabled if there is no other DHCP server ...

Страница 135: ...4 4 server Note that any DNS servers obtained through DHCP DHCPv6 and IPv6 RA will automatically be used Static leases Hostname sets the hostname to give to the static entry MAC address This parameter specifies the MAC address of the device to statically allocate an IP address A list of detected MAC addresses is provided for convenience but any valid 48 bit MAC address can be specified IPv4 addres...

Страница 136: ...ual DHCP and DNS Advanced Settings This page provides setup of DHCP advanced settings Maximum active leases Specifies the number of leases the DHCP server will allocate to clients simultaneously The default value is unlimited ...

Страница 137: ... on a defined set of security rules Firewall General Settings This page provides setup of the firewall main policies and zones policies over your network interfaces to control network traffic flow This section defines the main policies of the firewall function It matches packet against all defined firewall chain rules If no rule matches an Action Accept Drop and Reject is performed Drop invalid pa...

Страница 138: ...Output Accept Perform Action on packets pass output firewall chain Forward Reject Perform Action on packets pass forwarding firewall chain The Action parameters define the operation related to the firewall chain Action Function Accept The packet gets to continue to the next firewall chain Drop The packet is dropped Reject The packet is dropped and an ICMP packet containing a message of rejection i...

Страница 139: ...n defines network port zones and their exposer to other zones Network port zones entities are defined in Interfaces Networking Logical Interfaces per port network or group of ports Zone Forwarding Inter Zone Forwarding Control the forwarding policies between the specified source and destination zones The forwarding rule is unidirectional ...

Страница 140: ...his zone Rules for the VPN zone itself will instead apply to the received packet Is VPN Indicates that the firewall zone is to apply to inner traffic going through an IPSec tunnel as opposed to the traffic directly on and interface When set the covered networks option is replaced with a covered subnets option Covered Networks This allows selections of which interfaces this firewall zones rules are...

Страница 141: ... rules which allows remote computers on the Internet to connect to a specific computer or service within the private LAN Rule is Enabled Toggles the rule ON or OFF If unchecked the rule will not be deleted but it also will not be loaded into the firewall Name Name of the rule used purely for easier management purposes ...

Страница 142: ...ted at the given IP address only External port Matches incoming traffic directed at the given port only May be specified as a start end range e g 10000 10010 Internal zone Specifies the internal zone where the incoming connection will be redirected to Internal IP address Specifies the internal IP address to which the incoming connection will be redirected to Internal port Specifies the internal po...

Страница 143: ...ser Manual 2 1 Firewall Traffic Rules This page provides setup of traffic rules which define policies for packets traveling between different zones for example to reject traffic between certain hosts or to open WAN ports on the router ...

Страница 144: ...ing packet Source zone Packets arriving from the specified source zone will match this rule The special device zone matches packets that originate from the Aprisa LTE Any Zone may also be specified Default value is wan ppp Source Address The source zone from which data packets will redirected from Destination Address Port Redirect matched traffic to the given IP address and destination port Action...

Страница 145: ... network bottlenecks to prevent packet drops QoS Classifier This page adds packet classifiers which select packets for QoS management Classifier Name The name of this classifier profile Ingress Interface This parameter sets any interface using or interface or group of interfaces configured at Interfaces Networking Logical Interfaces on page 109 in the selected profile classification rules For exam...

Страница 146: ...d to set an IP packet with Diffserv priority Valid DSCP values are 0 63 Example of commonly used DSCP values DSCP decimal Value Meaning Drop Precedence 46 EF Expedited Forwarding High Priority 0 Best Effort 10 AF11 Assured Forwarding Low 12 AF12 Medium 14 AF13 High 18 AF21 Low 20 AF22 Medium 22 AF23 High 26 AF31 Low 28 AF32 Medium 30 AF33 High 34 AF41 Low 36 AF42 Medium 38 AF43 High 8 CS1 Class Se...

Страница 147: ...tocol TCP UDP Port decimal Modbus 502 IEC 60870 5 104 2 404 DNP 3 20 000 SNMP 161 SNMP TRAP 162 Protocol Number This parameter is IPv4 IPv6 packet header Protocol Next Header field respectively in the selected profile classification rule Use value 1 to ignore this field or the IP protocol next header number to match with the following common values able to be set by name TCP UDP ICMP IGMP GRE ESP ...

Страница 148: ...ssigned to a policy rule which is related to an egress port Default DSCP This parameter assigns the default DSCP to a packet on an egress port when packet does not match any of the classifier s rules associated with selected profile policy rules i e when a packet matches a classifier rule it will assign to a packet the assigned DSCP value define in the classifier tab and in the policy profile the ...

Страница 149: ...Managing the LTE 149 Aprisa LTE User Manual 2 1 Services Services Summary ...

Страница 150: ...f SuperVisor GENERAL SuperVisor Polling Period s This parameter sets the rate at which SuperVisor refreshes page information and LED states SuperVisor Inactivity Timeout min This parameter sets the period of user inactivity before SuperVisor automatically logs out of the LTE ...

Страница 151: ...he end user has a dynamic IP address and wants to bind it to a static hostname The router is compatible with many different third party DNS services that provide the possibility to create a custom hostname and bind it to an IP address The DDNS service periodically updates the IP address information of the hostname making sure that the device remains reachable via the same hostname even in cases wh...

Страница 152: ...through supervisor NTP Time is configured using remote NTP servers Time Zone Offset The Time Zone Offset is the number of hours minutes offset from UTC time The default setting is enabled but set to 0 hours Clicking the Time Zone Offset field brings up a pop up to enter the offset Option Function Manual Manual entry of Date and Time East Sets 0 to 23 Hours and 00 to 59 Minutes offset from NTP West...

Страница 153: ... Server 1 to 4 Address This parameter sets the address of the four possible NTP servers Address may be specified as DNS name IPv4 or IPv6 address Synchronization is attempted from all configured servers and the NTP service intelligently uses offsets from all of them to accurately set the time Synchronization Status This field shows the status of the current synchronization or the result of the las...

Страница 154: ...154 Aprisa LTE User Manual Controls Synchronize Now This Synchronize Now button provides manual Synchronization ...

Страница 155: ...is setting this pin 3 is acting as GPIO input for any other purpose not related to power on off Enabled The Aprisa LTE will turn on after the configured Minimum Turn On Input Voltage time only when Ignition sense GPIO input pin see GPIO on page 62 is active and turn off after the configured Minimum Turn Off Input Voltage time only when ignition sense GPIO input pin is inactive The active state of ...

Страница 156: ... While voltage is lower than this threshold but higher than minimum operating voltage of the LTE the OK led will flash once every 5 seconds The valid values are from 10 0 V and 27 0 V but the value must always be higher than Minimum Turn Off Input Voltage The default value is 10 V Minimum Turn Off Input Voltage The LTE will turn off when the input supply voltage is lower than this threshold The va...

Страница 157: ...Managing the LTE 157 Aprisa LTE User Manual 2 1 Security Security Summary This page displays the current security settings ...

Страница 158: ...if the Security Level is set to Strong config files generated in Maintenance will be encrypted and cannot be opened without the appropriate key set in the following Encryption Key settings Encryption Key This parameter sets the password for Severity Level Strong It uses AES 256 CBC encryption The password is converted to AES key using the PBKDF2 Password Based Key Derivation Function 2 key derivat...

Страница 159: ...one upper case letter and contains at least one lower case letter and contains at least one digit and is not a term in a familiar language or jargon and is not identical to or derived from the accompanying account name from personal characteristics or from information from one s family social circle and is easy to remember for instance by means of a key sentence ...

Страница 160: ...splaying 8 user accounts SuperVisor shall automatically display the last user account page when a new user is added However if there are unsaved changes on the current page the user shall be prompted to save the changes first before adding a new user 2 Enter the Username A username can be up to 32 characters but cannot contain tabs Usernames are case sensitive 3 Enter the Password The password mus...

Страница 161: ...n privileges cannot be deleted User Privilege Default Username Default Password User Privileges View Users in this group can only view the summary pages Technician Users in this group can view and edit parameters except Security Users and Security Setup Engineer Users in this group can view and edit parameters except Security Users Admin admin admin Users in this group can view and edit all parame...

Страница 162: ...erver for authentication of the user Transactions between the RADIUS client and RADIUS server are authenticated through the use of a shared secret which is never sent over the network For a RADIUS server to respond to the LTE it must be configured with the following Management Privilege level attributes Admin Level 4 Technician Level 2 Viewer Level 1 Alternatively for Admin level only for a RADIUS...

Страница 163: ...adius Server Settings Secondary Server This parameter sets which radius server is used as the secondary server for authentication Select one of the possible authentication servers setup in Radius Server Settings RADIUS ACCOUNTING SETTINGS Primary Server This parameter sets which radius server is used as the primary server for accounting log of user activity Select one of the possible accounting se...

Страница 164: ... server Reject and Deny Reject the authentication received from the radius server RADIUS SERVER SETTINGS Server Name You can enter up to four radius servers 1 4 IP Address The IP address of the Radius server Port Number The Port Number of the Radius server RADIUS uses UDP as the transport protocol UDP port 1812 is used for authentication authorization UDP port 1813 is used for accounting Old RADIU...

Страница 165: ...bove figure perform the following steps on Aprisa LTE 1 Navigate to SuperVisor Security VPN and on the GRE tab click the Add button 2 Set Mode IP over GRE or IP over GREv6 in case of IPv6 GRE tunnel 3 Set Tunnel Name GRE_Tunnel_0 This sets the tunnel ID This ID is recommended to be used on both ends of the tunnel configuration 4 Set Tunnel IPv4 address Netmask 192 168 2 2 255 255 255 252 30 or Tun...

Страница 166: ...han the operator Cellular MTU shown in Cellular Summary page 9 Set Source Interface wwan If all traffic is directed via this interface and public IP address might change it is recommended to set the source interface only and leave the source destination public address with default value 0 0 0 0 to eliminate the tunnel disconnection on public IP change ...

Страница 167: ...el settings This field is greyed out when Mode Transport d Set Remote Subnet 100 65 3 118 when Mode Tunnel This is the destination transport IP address and subnet i e the remote endpoint interface of the IPsec tunnel This is the same IP address of Destination Public Address in GRE tunnel settings This field is greyed out when Mode Transport e Set the Local subnet and Remote subnet at the data cent...

Страница 168: ...ual Note after GRE over IPsec VPN setup the Aprisa LTE is connected directly to the data center and in terms of routing the hop count is considered as a single hop count event though there are multiple routers across the path ...

Страница 169: ... for L2 tunnels Data in a GRE tunnel is NOT encrypted IPSec can be used to encrypt GRE tunnels Mode IP over GRE is a L3 tunnel for IP packets both IPv4 and IPv6 over IPv4 networks IP over GREv6 is a L3 tunnel for IP packets both IPv4 and IPv6 over IPv6 networks Ethernet over GRE GREv6 options transport L2 packets of any type over networks of IPv4 or IPv6 respectively Tunnel Name Name of the tunnel...

Страница 170: ... GRE this should be an IPv4 address and for IP Ethernet over GREv6 this should be an IPv6 address Destination public address The address of the remote device that will terminate the tunnel TTL The TTL to set on outgoing GRE packets The default is 0 which means the TTL of encapsulated packets is inherited MTU The MTU to set on the virtual interface When GRE is setup over the cellular interface this...

Страница 171: ...f this tunnel Mode Option Function Tunnel This encapsulates the IP header and the payload and introduces a new outer header Can be used to create site site VPNs Transport This encapsulates only the IP payload and not the header It provides a secure connection between two endpoints Often combined with other tunneling protocol e g GRE to create site site VPNs Local Subnet An IPv4 or IPv6 address pre...

Страница 172: ... IPSec GRE tunneling so other traffic like pings are unencrypted ESP Proposal Encryption Algorithm Encryption algorithm for IKE SA exchange for this tunnel ESP Proposal Authentication Algorithm Authentication algorithm for IKE SA exchange for this tunnel transport Only applicable for CBC and CTR based encryption algorithms ESP Proposal DhGroup Diffie Hellman algorithm for IKE SA exchange for this ...

Страница 173: ...l 2 1 VPN IPSec Connection This page provides VPN IPSec connection configuration of the remote gateway address and the algorithms used for authentication between gateways IPSEC CONNECTION SETTINGS IKE Connection Name Name of the IKE connection ...

Страница 174: ...one of the subjectAltName extensions contained in the certificate Make sure the Local Identity specified on this IPsec gateway is configured as Remote Identify on remote IPsec gateway IKE Authentication Method How the two gateways should authenticate each other Either Pre Shared Key PSK or Certificate If certificate is chosen ensure that a ROOT_CA certificate is uploaded that will verify the remot...

Страница 175: ...onds DPD Timeout Defines the timeout after which all connections to a peer are deleted Applies only to IKEv1 Must be greater than DPD Delay Default value is 300 seconds Exchange mode Main or Aggressive Aggressive is faster as less messages to establish connection but is not recommended due to known security flaws Only valid for IKEv1 or mixed connections Initiator mode Always on Immediately start ...

Страница 176: ...Type Option Function ROOT CA This is a public key that identifies a root certificate authority and is used to verify the identity of a remote device Device Certificate This is a public certificate that can be used as the identity of this device when communicating with a remote device Requires a matching private key Device Private Key This is a private key used for proving that this device identity...

Страница 177: ...he given interface or if unspecified on all interfaces Port Specifies the listening port of the SSH interface Generate ECDSA RSA Key Generates a new random private key for SSH server identity ECDSA RSA Public key This is the server identity For extra security users may configure their SSH client to only connect to servers with this identity ...

Страница 178: ...TPS This page provides HTTPS configuration HTTPS Enables HTTPS operation HTTP Port Number This parameter sets the HTTP Port Number The default value is 80 HTTPS Port Number This parameter sets the HTTPS Port Number The default value is 443 ...

Страница 179: ...e HTTP web server The zip file must contain two files 1 certificate_name crt This must be a PEM format certificate 2 certificate_name key A private key that was used to sign the crt file Any file name may be used only the extension crt and key of the two files is important Allowed certificate algorithms are RSA 1024 2048 or 4096 bit or ECDSA 256 bit with hashes of SHA 1 SHA 256 SHA 384 or SHA 512 ...

Страница 180: ... Versions Option Function All Version Allows all SNMP protocol versions SNMPv3 Only Only SNMPv3 transactions will be accepted SNMPv3 With Authentication Only Only SNMPv3 transactions using authentication protocol define in SNMPv3 users TAB will be accepted SNMPv3 With Authentication and Privacy Only SNMPv3 transactions using authentication and encryption protocol define in SNMPv3 users TAB will be...

Страница 181: ...he SNMP protocol version selected Read Only This parameter sets the Community String when SNMPv1 v2c is used and Context Name when SNMPv3 is used for read only objects The default value is public Read Write This parameter sets the Community String when SNMPv1 v2c is used and Context Name when SNMPv3 is used for read write objects The default value is private ...

Страница 182: ...rotocols Auth Protocol Option Function None No SNMPv3 authentication protocol selected to be used MD5 MD5 authentication protocol is used with SNMPv3 transaction SHA SHA authentication protocol is used with SNMPv3 transaction SHA 224 SHA 224 authentication protocol is used with SNMPv3 transaction SHA 256 SHA 256 authentication protocol is used with SNMPv3 transaction SHA 384 SHA 384 authentication...

Страница 183: ...l selected to be used DES DES privacy encryption protocol is used with SNMPv3 transaction AES 128 AES 128 privacy encryption protocol is used with SNMPv3 transaction AES 192 AES 192 privacy encryption protocol is used with SNMPv3 transaction AES 256 AES 256 privacy encryption protocol is used with SNMPv3 transaction Priv Password This parameter sets the Privacy encryption protocol password which c...

Страница 184: ...t is traffic affecting To reboot the radio 1 Tick the Reboot checkbox 2 Click Apply to continue or Cancel to abort 3 Click OK to reboot the router or Cancel to abort All the LTE LEDs will turn off except the OK LED The LTE will be operational again in about 10 seconds The LTE LEDs will light appropriately when the router is ready to operate 4 Login to SuperVisor ...

Страница 185: ...File When activated the alarm history will be deleted Restore Factory Defaults When activated all router parameters will be set to the factory default values This includes resetting the router LAN IP address to the default of 192 168 4 1 Note Take care using this command ...

Страница 186: ...nd restored from PC Note If the security level is set to Strong in Security Setup the config file will be encrypted and cannot be opened with regular compression applications Event Log History Saved to a PC GNSS Log Saved to a PC Support Information Saved to a PC Note If the security level is set to Strong in Security Setup the support file will be encrypted and cannot be opened with regular compr...

Страница 187: ...E operating on software version 1 0 0 Action Action Option Save to PC This saves the Configuration Settings with a filename of AprisaLTE serialnumber config tar gz for standard security or AprisaLTE serialnumber config tar gz enc for strong security to your PC downloads directory If you wish to open the config file check the security level is set to Standard in Security Setup on page 158 To open t...

Страница 188: ...stem file opened with Notepad Restore from PC This restores all user configuration settings from a previously saved LTE Configuration Settings file A reboot warning message will warn of a pending reboot after the PC file is selected Clicking OK will open a browser file selection window to select the file Note If you are using Explorer it must be IE10 or above for this feature to work correctly ...

Страница 189: ...C This saves the GNSS Log with a filename of AprisaLTE serialnumber gnsslogs tar gz to your PC downloads directory File Support Information Action Action Option Save to PC This saves the Support Information with a filename of AprisaLTE serialnumber support for Standard security or AprisaLTE serialnumber support enc for Strong security to your PC downloads directory If you wish to open the support ...

Страница 190: ...Function On Enables the PDN Profile Lock Off Disables the PDN Profile Lock Timer Enables the PDN profile lock for a specified duration PDN Profile Lock Selection Selects which PDN profile to lock PDN Profile Lock Duration Locks the PDN for a specified duration if PDN Profile Lock Enable is set to Timer Active Profile Shows which PDN profile is currently active Lock Status Shows if lock is enabled ...

Страница 191: ...ual 2 1 Lock Remaining Duration How much time is left for active PDN to go back to unlock state Carrier Search Max Timeout s When Carrier search is started using the start button then this time specifies the maximum time to scan for networks ...

Страница 192: ... Traceroute Sends packets with gradually increasing TTL values to discover the route that a packet takes to reach a destination Note that many routers disable ICMP time exceeded messages so not all intermediary hops will be discovered Nslookup Attempts to resolve the given domain name to an IP address using the configured and or discovered DNS servers ...

Страница 193: ...Informational Events Informational Events are generated to provide information on key activities that are occurring on the LTE These events do not indicate an alarm on the LTE and are used to provide information only See Alarm Events on page 239 for a complete list of events ALARM SUMMARY The Alarm Summary is a display tree that displays the current states of all LTE alarms The alarm states refres...

Страница 194: ...are stored in the LTE The complete event history list can be downloaded to your PC see File Event Log History on page 189 The Event History can display the last 50 events stored in the LTE in blocks of 8 events Auto Refresh The Event History page selected will refresh automatically every 12 seconds if the Auto Refresh is ticked ...

Страница 195: ... Events Setup This page allows alarm event parameters to be configured for all alarm events see Alarm Events on page 239 EVENTS SETUP All active alarms for configured alarm events will be displayed on the Monitoring pages see Monitoring on page 214 ...

Страница 196: ...aged object Warning The Warning severity level indicates the detection of a potential or impending service affecting fault before any significant effects have been felt Action should be taken to further diagnose if necessary and correct the problem in order to prevent it from becoming a more serious service affecting fault Information No problem indicated purely information Suppress This parameter...

Страница 197: ...tup to trigger outputs EVENT ACTION SETUP Action Type This parameter sets the action type that will be activated on the LTE for the condition defined in Action Threshold Criteria Option Function None This action setup does not activate any alarm output Activate Alarm Output 1 This action setup activates alarm output 1 Hardware Reset This action resets the LTE hardware ...

Страница 198: ...arm is a warning alarm Equal Cleared Activates the action output when an LTE alarm is cleared Equal or Worse than Major Activates the action output when an LTE alarm is a major alarm or a critical alarm Equal or Worse than Minor Activates the action output when an LTE alarm is a minor alarm a major alarm or a critical alarm Equal or Worse than Warning Activates the action output when an LTE alarm ...

Страница 199: ...LTE User Manual 2 1 Events Trap Setup This page enables the setup of SNMP traps to capture LTE alarm events TRAPS SETUP All events can generate SNMP traps The types of traps that are supported are defined in the Notification Mode ...

Страница 200: ...ode This parameter sets when an event related trap is sent Option Function Event Recorded When an event is recorded in the event history log a trap is sent Event Updated When an event is updated in the event history log a trap is sent All Events When an event is recorded or updated in the event history log a trap is sent Notification Type This parameter sets the type of event notification Option F...

Страница 201: ...rameter sets the time interval to wait for an acknowledgement before sending another retry Maximum Retries This parameter sets the maximum number of retries to send the event without acknowledgement before it gives up Enabled This parameter determines if the entry is used ...

Страница 202: ...lowing functions Programmable ignition turn on and turn off Input sensing for externally triggered alarms The alarm outputs can be used to interconnect to Aprisa SR and SR radio alarm inputs ALARM PORTS Name The alarm IO number Type The Type shows if the alarm is an input or output Active State The Active State parameter sets the alarm state when the alarm or ignition input if that is enabled is a...

Страница 203: ... alarm is active high i e voltage higher than 10 VDC on the port will cause an active alarm state Alarm Output Option Function Low The alarm is active low i e the active alarm state will generate a ground contact output High The alarm is active high i e the active alarm state will drive the output with the same voltage as the LTE supply input Current State The Current State shows the current state...

Страница 204: ...field contains json formatted fields that match the fields seen in the Events History Log screen logId Integer identifier timestamp The time the event occurred in RFC3339 format eventid Integer identifier of the type of event Identifiers are defined in the 4RF EVENT MIB auth 1 for authorization login logout messages 0 otherwise eventName String name of the event maps to the eventid alarmStatus Sta...

Страница 205: ... 1 SYSLOG REMOTE SERVER SETTINGS Destination Address Address of the remote syslog server May be IPv4 or IPv6 address Destination Port The port to send to on the remote server Defaults to 514 Enabled Syslog messages are only sent to enabled servers ...

Страница 206: ...is page enables the restoring of setup events back to factory defaults EVENT DEFAULTS Restore Defaults This parameter when activated restores all previously configured event parameters using Events Setup on page 195 to the factory default settings ...

Страница 207: ... of the File Transfer SOFTWARE VERSIONS Current Version This parameter displays the software version running on the router Previous Version This parameter displays the software version that was running on the router prior to the current software being activated Software Pack Version This parameter displays the software that has been uploaded to the router and is ready for activation ...

Страница 208: ...y This parameter shows the status of the transfer Idle In Progress or Completed Method This parameter shows the file transfer method e g HTTPS File This parameter shows the software file source Transfer Result This parameter shows the progress of the transfer ...

Страница 209: ...Host port either at power on or when inserted at any time The default setting is Load Only Option Function Load and Activate New software will be loaded from a USB flash drive in to the Aprisa LTE and activated automatically Load Only New software will be loaded from a USB flash drive in to the Aprisa LTE The software will need to be manually activated see Software Manager on page 212 None Softwar...

Страница 210: ...o transfer new software from a file source into the router SETUP FILE TRANSFER Method This parameter sets the method of file transfer Option Function HTTP HTTPS Transfers the software directly from a PC software pack file to the router File This parameter shows the software file source ...

Страница 211: ... of the data Successful The transfer has finished successfully File Error The transfer has failed Verification Failed The transfer completed but the file was not valid Check that the file uploaded was an Aprisa LTE software upgrade file Note To check that the Aprisa LTE software upgrade file 4nu is valid obtain the checksum sha1 file for that software release contained in the Software Release zip ...

Страница 212: ...ly used to activate new software on the LTE Both the previous software if available and Software Pack versions can be activated on the device from this page CURRENT SOFTWARE Version This parameter displays the software version running on the device Status This parameter displays the status of the software version running on the device always active ...

Страница 213: ...ftware pack version available Status This parameter displays the status of the software pack version Option Function Available The software pack is available for use Activating The software pack is activating in the device Unavailable There is no software pack loaded into the device Activate This parameter activates the software pack The device will automatically reboot after activation To activat...

Страница 214: ...Voltage V Parameter to show the current power supply input voltage 10 to 30 VDC CPU Utilization Parameter to show the current CPU utilization 0 to 100 Memory Used bytes Parameter to show the current system memory used Memory Available bytes Parameter to show the current system memory available Storage Used bytes Parameter to show the current storage memory that has been used Storage Available byte...

Страница 215: ...eived Quality RSRQ of the MAIN input 10 to 20 dBm Current SNR dB Parameter to show the current Signal to Noise Ratio SNR of the MAIN input Current SINR dB Parameter to show the current Signal to Interference Noise Ratio SINR of the MAIN input 0 to 20 dB TX Packets Parameter to show the total number of packets transmitted by modem includes multicast broadcast packets TX Bytes Parameter to show the ...

Страница 216: ...Function Normal Operating Limits RX Multicast Packets Parameter to show the number of received packets that are multicast RX Dropped Packets Parameter to show the total number of receive packets dropped by modem includes multicast broadcast packets ...

Страница 217: ...S All Ethernet Ports TX Monitored Parameter Function Normal Operating Limits Maximum Capacity Parameter to show the maximum Ethernet data rate of the Ethernet port Equal to the Ethernet port speed setting TX Packets Parameter to show the number of packets transmitted to the customer from the Ethernet port TX Bytes Parameter to show the number of bytes transmitted to the customer from the Ethernet ...

Страница 218: ...abber oversize and fragments and excluding IFG framing bytes bits Multicast Packets Parameter to show the number of multicast packets received from the customer into the Ethernet port Multicast packets are packets that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Packets in Error Parameter to show the number of errored packet...

Страница 219: ...e port TX Packets Parameter to show the number of packets transmitted on the serial port TX Bytes Parameter to show the number of characters transmitted on the serial port TX Dropped Bytes Parameter to show the number of bytes that were not transmitted because buffer was full or timed out RX Packets Parameter to show the number of packets received on the serial port RX Bytes Parameter to show the ...

Страница 220: ...with the encryption mode and SSID and BSSID of the connection The bar icon will also vary depending on the signal strength of the connection The Associated Stations list shows a list of other WiFi devices in this network When operating in Client mode this will only show one entry the WiFi Access Point When operating in Access Point mode this will show a list of all the active clients ...

Страница 221: ...time till a re authentication will be performed Age The time since the previous re authentication Each entry in the Child Connections list shows an IPSec Tunnel configuration that is active ID ID for this tunnel Name The configured Tunnel Name for the IPSec tunnel Connection The configured Connection Name for the IPSec connection that this tunnel is using Local The local subnet in packets sent ove...

Страница 222: ...in the table for this amount of time The device should send another DHCP request before this expires to remain active Active DHCPv6 Leases list shows the addresses that the DHCPv6 server in the Aprisa LTE has assigned to other devices Host This is the DNS hostname for the device the lease is assigned to FQDN Fully qualified domain name is in brackets IPv6 Address The address that Aprisa LTE has as...

Страница 223: ...23 Aprisa LTE User Manual 2 1 Monitoring Firewall This page displays the router firewall performance monitoring parameters This page shows the status and traffic counters for all firewall rules including NAT translation ...

Страница 224: ...ng Routes This page displays the router routing table The routes displayed here will include configured static routes routes to directly attached networks along with routes discovered through discovery protocols such as DHCP and IPv6 RA ...

Страница 225: ...s mappings between IPv4 address and MAC address and on which interface that mapping is present These mappings are discovered using the ARP Address Resolution Protocol The IPv6 Neighbours list shows mappings between IPv6 address and MAC address and on which interface that mapping is present These mappings are discovered using the ND Neighbour Discovery protocol ...

Страница 226: ...SSHv2 vs SSHv1 uses a more enhanced security encryption algorithm The SSHv2 protocol consists of three major components The Transport Layer Protocol provides server authentication confidentiality and integrity with perfect forward secrecy The User Authentication Protocol which authenticates the client to the server The Connection Protocol which multiplexes the encrypted tunnel into several logical...

Страница 227: ...SH Linux Terminal Ubuntu Kitty portal DameWare smartTTY Terminals https terminals codeplex com mRemoteng Multi Remote Next Generation 2 Open the SSH client 3 Install the server public key using the method appropriate for your SSH client This key is available in supervisor on the Security SSH page This step is optional but provides a guarantee that you are correcting directly and there is no man in...

Страница 228: ...s see Copy Commands below exit Exit from the CLI ping ping ip ipv6 arp host source src the network interface to send the packet from repeat cnt number of repeats resolve Attempt to resolve host names broadcast Perform broadcast ping size bytes Size of ping packet interval seconds Interval between pings flood Flood interface with pings duplicate detect reboot Reboots the LTE router see Router Comma...

Страница 229: ...own iface xxx this selects which interface to dump This could be physical interfaces like eth1 eth2 sfp1 wwan0 wlan0 or can be virtual interfaces like the lan bridge br lan or a gre tunnel filter xxx allows you to display only packets matching the filter See here for information on filter syntax https www tcpdump org manpages pcap filter 7 html Example command to capture icmp packets on eth1 tcpdu...

Страница 230: ...evel exit hostname name Sets hostname to specified value hostname name supervisor httpport xx httpsport xx redirect on off Configures supervisor listen ports for http https Each parameter is optional and if omitted the value does not change no supervisor httpport no supervisor httpsport Disables supervisor on http or https cellular modem carrier preferred xxx Set the preferred carrier Engineer and...

Страница 231: ...ble Turn on privileged mode command end End current mode and change to enable mode exit Exit current mode and down to previous mode find Find CLI command matching a regular expression list Print command list mtrace Multicast trace route to multicast source no Negate a command or set its defaults output Direct vtysh output to file ping Send echo messages quit Exit current mode and down to previous ...

Страница 232: ...s 1 2 3 4 xyz test log Any ftps url Example ftps user pass 1 2 3 4 xyz test log Any flash active firmware Destination only If source is standby firmware active partition is swapped If the source is available firmware then it is first installed to standby before activating If the source is remote url it is loaded to available installed to standby then activated Admin only flash standby firmware Can...

Страница 233: ...ent alarm input status show device output Display current alarm output status show device netdev ifacename all Displays detailed port statistics for the specified physical network port show device netdev list Shows a list of available physical network ports show device sensors all Shows readings from internal sensors temperature voltage and accelerometer show device sfp Shows detail diagnostics ab...

Страница 234: ... Table Examples inet4 show IPv4 routing table inet6 show IPv6 routing table log Show contents of log file software Show software versions active Show Active software all Show all software versions available Show available software running Show running software standby Show standby software startup config Show the contents of startup configuration syslog Show syslog output ful Show complete syslog ...

Страница 235: ...d In general a standard SNMP TRAP agent supports SNMP engine ID This is supported by using the standard method of negotiation between the NMS and Aprisa LTE where the Aprisa LTE provides this engine ID to the NMS thus it is not a configurable parameter in Aprisa LTE The engine ID must be unique per each device in the network and thus it is composed by a hash function of the Aprisa LTE MAC address ...

Страница 236: ...t of the MIB files comply with ITU T ASN 1 Abstract Syntax Notation One standard notation The following are the list of the proprietary MIBs supported by Aprisa LTE 4RF MIB txt Top level 4RF products MIB 4RF EVENTHISTORY MIB txt 4RF MIB for Aprisa LTE events history logging 4RF EVENTS MIB txt 4RF MIB for Aprisa LTE events alarms 4RF MFGDETAILS MIB txt 4RF MIB for Aprisa LTE manufacturing informati...

Страница 237: ... Both the positive and negative power connections are fused The fuse type is a Littlefuse 0453005 0MRSN with a rating of 5 A To replace the fuses 1 Remove the input power and antenna cables 2 Unscrew the enclosure securing screws posi 2 2 Separate the enclosure halves CAUTION Antistatic precautions must be taken as the internal components are static sensitive ...

Страница 238: ...losure and tighten the screws Note Is it critical that the screws are re tightened to 0 8 Nm The regulatory compliance of the LTE router may be affected if the screws are not tightened correctly Additional spare fuses can be ordered from 4RF see Spare Fuses on page 63 ...

Страница 239: ...rm Warning SNR Alarm When SNR is lower or higher than configured thresholds Alarm Warning SINR Alarm When SINR is lower or higher than configured thresholds Alarm Warning Daily Usage Exceeded SIMx When combined TX RX byte count is exceeded for SIMx in current day rolling over at 0 00 each day Alarm Warning Weekly Usage Exceeded SIMx When combined TX RX byte count is exceeded for SIMx in current we...

Страница 240: ...ng geofenced area Informational gnssPositionAccuracy Alarm active if GNSS signal HDOP is 5 Alarm Warning gnssLOS Alarm active if GNSS signal is lost Alarm will not show for first 60 seconds after GNSS is enabled When alarm is cleared additional info should indicate the newly discovered position Alarm Minor gnssOutsideGeofence Alarm generated if user is outside the geofence radius specified by the ...

Страница 241: ...32 B38 B39 B40 B41 B42 B43 B46 B48 and B66 SIMs Dual Micro SIM 15 mm x 12 mm x 0 76 mm GNSS Positioning and Timing GPS GLONASS Beidou Galileo and QZSS option Protocols Ethernet IEEE 802 3 802 1d q p Ethernet 10 100 1000BASE T and 100 1000Base X Serial RS 232 RS 422 RS 485 Wi Fi IEEE 802 11 b g n ac VPN IPsec and GRE Wi Fi Frequency Range 2 4 to 2 495 GHz 5 15 to 5 825 GHz Performance 802 11ac Wave...

Страница 242: ...Authentication MD5 SHA 1 SHA 256 SHA 384 SHA 512 DH Group DH 1 DH 2 DH 5 DH 14 DH 15 DH 19 DH 20 DH 21 IKE IKEv1 and IKEv2 Key Wrap AES Key Wrap Algorithm to RFC 3394 FIPS FIPS 197 AES and FIPS 140 2 Security Requirements Hardening NIST SCAP processes monitoring Tamper MEMS high performance 3 axis accelerometer ...

Страница 243: ... LTE router link capacity Maximum transmission unit Option setting up to 9216 bytes Jumbo packet Address table size Unlimited Ethernet mode 10Base T 100Base TX 1000Base TX Full duplex or half duplex Auto negotiating and auto sensing Diagnostics Left Green LED Off no Ethernet signal received On Ethernet signal received Right Orange LED Off no data present on the interface Flashing data present on t...

Страница 244: ...ce ITU T V 24 EIA TIA RS 232E Interface direction DCE only Maximum line length 10 metres dependent on baud rate Async parameters Standard mode data bits 7 or 8 bits Standard mode parity Configurable for None Even or Odd Standard mode stop bits 1 or 2 bits Interface baud rates 300 600 1200 2400 4800 9600 19200 38400 57600 and 115200 bit s Control signals DCE to DTE CTS RTS DSR DTR Diagnostics Left ...

Страница 245: ...nnector Detector type Non isolated ground referenced voltage detector Detection voltage on 9 VDC Detection voltage off 4 VDC Maximum applied input voltage 36 VDC Maximum input current limit 2 7mA Output Interface Pin 4 of Molex Micro Fit 3 0 Connector Output type Non isolated ground referenced open collector output Output voltage VDC power input voltage Maximum drive current 200 mA Overload protec...

Страница 246: ...Operating temperature range 30 to 70 C 22 to 158 F Storage temperature range 40 to 85 C 40 to 185 F Max thermal loading 26 6 BTU hr Operating humidity Maximum 95 non condensing Acoustic noise emission No audible noise emission Mechanical Dimensions Width 177 mm 6 97 Depth 110 mm 4 33 and 136 mm 5 35 with QMA connectors Height 41 5 mm 1 63 Weight 740 g 1 67 lbs Colour Matt black Mounting Wall 2 x M...

Страница 247: ...mark of AT T Intellectual Property II L P Verizon Wireless is a trademark of Verizon Trademark Services LLC The use of the trademarks OpenVPN AT T and Verizon indicates compatibility and does not indication endorsement or approval USB C is a trademark of the USB Implementers Forum Service All hardware maintenance must be completed by 4RF or an authorized service centre Do not attempt to carry out ...

Страница 248: ...ely You must not dispose of electrical and electronic waste with municipal and other waste You must separate it from other waste and recycling so that it can be easily collected by the proper regional WEEE collection system in your area YOUR ROLE in the Recovery of WEEE By separately collecting and properly disposing of WEEE you are helping to reduce the amount of WEEE that enters the waste stream...

Отзывы:

Нет отзывов

Похожие инструкции для Aprisa LTE

Ray 3 Plus Client

Бренд: Sun Microsystems Страницы: 6

Бренд: dixell Страницы: 4

AirStation WHR-G300N

Бренд: Hornington Страницы: 6

EdgeRouter PoE ERPoe-5

Бренд: Ubiquiti Страницы: 13

ACCULINK 3161 CSU

Бренд: Paradyne Страницы: 19

Бренд: Deliberant Страницы: 16

Бренд: TP-Link Страницы: 113

Бренд: VIA Technologies Страницы: 25

Бренд: Planet Страницы: 20

Бренд: Datalogic Страницы: 2

EdgePoint EP-R8

Бренд: Ubiquiti Страницы: 22

Бренд: ADC Страницы: 29

Бренд: Tenda Страницы: 74

Бренд: AMCI Страницы: 55

Бренд: Tripp Lite Страницы: 2

Бренд: Cabletron Systems Страницы: 54

Бренд: MTL Страницы: 12

Бренд: Crestron Страницы: 40

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды