Advantech B+B SmartWorx LR77 v2 Скачать руководство пользователя страница 74 | Manualshive

Страница: 74 / 135

background image

3. CONFIGURATION

******************** server cert *************************************
openssl genrsa -des3 -passout pass:router -out private/server.pem 2048
openssl req -new -key private/server.pem -out tmp/server.req
openssl x509 -req -days 7305 -sha1 -extensions v3_req -CA ca.crt -CAkey
private/ca.key -in tmp/server.req -CAserial ca.srl -CAcreateserial
-out server.crt

******************** client cert **************************************
openssl genrsa -des3 -passout pass:router -out private/client.pem 2048
openssl req -new -key private/client.pem -out tmp/client.req
openssl x509 -req -days 7305 -sha1 -extensions v3_req -CA ca.crt -CAkey
private/ca.key -in tmp/client.req -CAserial ca.srl -CAcreateserial
-out client.crt

The IPsec function supports the following types of identifiers (ID) for both sides of the

tunnel,

Remote ID

and

Local ID

parameters:

•

IP address (for example, 192.168.1.1)

•

DN (for example, C=CZ,O=Conel,OU=TP,CN=A)

•

FQDN (for example, @director.conel.cz) –

the @ symbol proceeds the FQDN.

•

User FQDN (for example, [email protected])

The certificates and private keys have to be in the PEM format. Use only certificates containing
start and stop tags.

The random time, after which the router re-exchanges new keys is defined as follows:

Lifetime - (Rekey random value in range (from 0 to Rekey margin * Rekey Fuzz/100))

The default exchange of keys is in the following time range:

•

Minimal time: 1h - (9m + 9m) = 42m

•

Maximal time: 1h - (9m + 0m) = 51m

We recommend that you maintain the default settings. When you set key exchange times

higher, the tunnel produces lower operating costs, but the setting also provides less security.
Conversely, when you reducing the time, the tunnel produces higher operating costs, but
provides for higher security.

The changes in settings will apply after clicking the

Apply

button.

67

«
...
72
73
74
75
76
...
»

Содержание B+B SmartWorx LR77 v2

Страница 1: ...Configuration Manual for v2 Routers ...

Страница 2: ...ice Useful tips or information of special interest Firmware version Current version of firmware is 6 0 1 September 7 2016 GPL licence Source codes under GPL licence are available free of charge by sending an email to cellularsales advantech bb com Advantech B B SmartWorx s r o Sokolska 71 562 04 Usti nad Orlici Czech Republic Manual Rev 1 released in CZ September 12 2016 i ...

Страница 3: ...uration 25 3 3 Mobile WAN Configuration 28 3 3 1 Connection to Mobile Network 28 3 3 2 DNS Address Configuration 30 3 3 3 Check Connection to Mobile Network Configuration 30 3 3 4 Data Limit Configuration 31 3 3 5 Switch between SIM Cards Configuration 31 3 3 6 Dial In access configuration 34 3 3 7 PPPoE Bridge Mode Configuration 34 3 4 PPPoE Configuration 37 3 5 WiFi Configuration 38 3 6 WLAN Con...

Страница 4: ... 21 USB Port Configuration 100 3 22 Scripts 104 3 22 1 Startup Script 104 3 22 2 Up Down Script 105 3 23 Automatic Update Configuration 106 4 Customization 109 4 1 User Modules 109 5 Administration 111 5 1 Users 111 5 2 Change Profile 112 5 3 Change Password 113 5 4 Set Real Time Clock 113 5 5 Set SMS Service Center Address 114 5 6 Unlock SIM Card 114 5 7 Send SMS 115 5 8 Backup Configuration 115 ...

Страница 5: ...ter 26 19 Example of VRRP configuration backup router 27 20 Mobile WAN Configuration 35 21 Example 1 Mobile WAN Configuration 36 22 Example 2 Mobile WAN Configuration 36 23 PPPoE configuration 37 24 WiFi Configuration 43 25 WLAN Configuration 45 26 Backup Routes Configuration 46 27 Firewall Configuration 51 28 Topology for the Firewall Configuration Example 52 29 Firewall Configuration Example 52 ...

Страница 6: ...MS Configuration 95 54 Expansion Port Configuration 98 55 Example of Ethernet to serial communication 99 56 Example of serial port extension 99 57 USB configuration 102 58 Example 1 USB port configuration 102 59 Example 2 USB port configuration 103 60 Example of a Startup Script 104 61 Example of Up Down Script 105 62 Example of Automatic Update 1 107 63 Example of Automatic Update 2 108 64 User m...

Страница 7: ...21 17 VRRP configuration 25 18 Check connection 25 19 Mobile WAN Connection Configuration 29 20 Check Connection to Mobile Network Configuration 30 21 Data Limit Configuration 31 22 Switch between SIM cards configuration 32 23 Parameters for SIM card switching 33 24 Dial In access configuration 34 25 PPPoE configuration 37 26 WiFi Configuration 42 27 WLAN Configuration 44 28 Configuration of DHCP ...

Страница 8: ... port 82 54 Object identifier for M BUS port 82 55 SMTP client configuration 85 56 SMS Configuration 88 57 Control via SMS 88 58 Control SMS 89 59 Send SMS on the serial Port 1 89 60 Send SMS on the serial Port 2 89 61 Send SMS on ethernet PORT1 configuration 90 62 List of AT Commands 91 63 Expansion Port Configuration 1 96 64 Expansion Port Configuration 2 97 65 CD Signal Description 97 66 DTR Si...

Страница 9: ...the router over the web interface enter http xxx xxx xxx xxx into the URL for the browser where xxx xxx xxx xxx is the router IP address The router s default IP address is 192 168 1 1 The default username is root and the default password is root When you successfully enter login information on the login page web interface will be displayed The left side of the web interface displays the menu You w...

Страница 10: ...l not be automatically upgraded with the firmware upgrade You can upgrade HTTPS certificate by deleting files etc certs https in the router e g via SSH The certificates will be re created auto matically during the next router s start If you decide to use the self signed certificate in the router to prevent the security message domain disagreement from pop up every time you log into the router you ...

Страница 11: ... Card Identification of the SIM card Primary or Secondary Interface Defines the interface Flags Displays network interface flags IP Address IP address of the interface MTU Maximum packet size that the equipment is able to transmit Rx Data Total number of received bytes Rx Packets Received packets Rx Errors Erroneous received packets Rx Dropped Dropped received packets Rx Overruns Lost received pac...

Страница 12: ...n Port 2 Expansion port fitted to the position 2 None indicates that this position is equipped with no port Binary Input State of binary input Binary Output State of binary output Table 2 Peripheral Ports 2 1 4 System Information Item Description Firmware Version Information about the firmware version Serial Number Serial number of the router in case of N A is not available Profile Current profile...

Страница 13: ...gth of the selected cell Signal Quality Signal quality of the selected cell EC IO for UMTS and CDMA it s the ratio of the signal received from the pilot channel EC to the overall level of the spectral density ie the sum of the signals of other cells IO RSRQ for LTE technology Defined as the ratio N RSRP RSSI The value is not available for the EDGE technology CSQ Cell Signal Quality relative value ...

Страница 14: ...59 This week This week from Monday 0 00 to Sunday 23 59 Last week Last week from Monday 0 00 to Sunday 23 59 This period This accounting period Last period Last accounting period Table 5 Description of Periods Item Description Signal Min Minimal signal strength Signal Avg Average signal strength Signal Max Maximal signal strength Cells Number of switch between cells Availability Availability of th...

Страница 15: ...ription RX data Total volume of received data TX data Total volume of sent data Connections Number of connection to mobile network establishment Table 7 Traffic Statistics The last part Mobile Network Connection Log displays information about the mobile net work connections and any problems that occurred while establishing them Figure 2 Mobile WAN status 8 ...

Страница 16: ...ing 802 11b in 802 11g BSS connection num_sta_no_short_slot_time Number of stations not supporting the Short Slot Time num_sta_no_short_preamble Number of stations not supporting the Short Preamble Table 8 Access Point State Information Detailed information is displayed for each connected client Most of them have an internal character Here are two examples Item Description STA MAC address of conne...

Страница 17: ...Hz beacon interval Period of time synchronization capability List of access point AP properties signal Signal level of access point AP last seen Last response time of access point AP SSID Identifier of access point AP Supported rates Supported rates of access point AP DS Parameter set The channel on which access point AP broadcasts ERP Extended Rate PHY information element providing backward compa...

Страница 18: ...2 STATUS WiFi Scan output may look like this Figure 4 WiFi Scan 11 ...

Страница 19: ...re1 GRE tunnel interface usb0 USB interface Table 11 Description of Interfaces in Network Status Each of the interfaces displays the following information Item Description HWaddr Hardware unique address of networks interface inet IP address of interface P t P IP address second ends connection Bcast Broadcast address Mask Mask of network MTU Maximum packet size that the equipment is able to transmi...

Страница 20: ...ueuelen Length of front network device RX bytes Total number of received bytes TX bytes Total number of transmitted bytes Table 12 Description of Information in Network Status You may view the status of the mobile network connection on the network status screen If the connection to the mobile network is active it will appear in the system information as an usb0 interface The Route Table is display...

Страница 21: ...plays the following information Item Description lease Assigned IP address starts Time that the IP address was assigned ends Time that the IP address lease expires hardware ethernet Unique hardware MAC address uid Unique ID client hostname Host computer name Table 13 DHCP Status Description The DHCP status may occasionally display two records for one IP address This may be caused by resetting the ...

Страница 22: ...e will bring up the information for any IPsec Tunnels that have been established If the tunnel has been built correctly the screen will display IPsec SA established highlighted in red in the figure below If there is no such text in log the tunnel was not created Figure 7 IPsec Status 15 ...

Страница 23: ...e www dnsdynamic org www noip com Figure 8 DynDNS Status When the router detects a DynDNS record update the dialog displays one or more of the following messages DynDNS client is disabled Invalid username or password Specified hostname doesn t exist Invalid hostname format Hostname exists but not under specified username No update performed yet DynDNS record is already up to date DynDNS record suc...

Страница 24: ...nes a new file is created for storing the system log After completion of 1000 lines in the second file the first file is overwritten with a new file The Syslogd program will output the system log It can be started with two options to modify its behavior Option S followed by decimal number sets the maximal number of lines in one log file Option R followed by hostname or IP address enables logging t...

Страница 25: ...2 STATUS The following example figure shows how to send syslog information to a remote server at 192 168 2 115 on startup Figure 10 Example program syslogd start with the parameter R 18 ...

Страница 26: ...ess from a DHCP server in LAN network IP address Specifies a fixed set of IP addresses for the network interfaces ETH Subnet Mask Specifies a Subnet Mask for the IP address Bridged Activates deactivates the bridging function on the router no The bridging function is inactive default yes The bridging function is active Media type Specifies the type of duplex and speed used in the network Auto negat...

Страница 27: ...n be active on the router The Only DHCP Client IP Address and Subnet Mask parameters are used to configure the bridge Primary LAN has higher priority when both interfaces eth0 eth1 are added to the bridge Other interfaces wlan0 wifi can be added to or deleted from an existing bridge at any time The bridge can be created on demand for such interfaces but not if it is configured by their respective ...

Страница 28: ... ranges of static allocated IP addresses with addresses allocated by the dynamic DHCP server IP address conflicts and incorrect network function can occur if you overlap the ranges Example 1 Configure the network interface to connect to a dynamic DHCP server The range of dynamic allocated addresses is from 192 168 1 2 to 192 168 1 4 The address is allocated 600 second 10 minutes Figure 11 Example ...

Страница 29: ...3 CONFIGURATION Figure 12 Example 1 LAN Configuration Page 22 ...

Страница 30: ...2 to 192 168 1 4 The address is allocated for 600 seconds 10 minutes The client with the MAC address 01 23 45 67 89 ab has the IP address 192 168 1 10 The client with the MAC address 01 54 68 18 ba 7e has the IP address 192 168 1 11 Figure 13 Example 2 Network Topology with both Static and Dynamic DHCP Servers Figure 14 Example 2 LAN Configuration Page 23 ...

Страница 31: ...re the network interface to connect to a default gateway and DNS server Default gateway IP address is 192 168 1 20 DNS server IP address is 192 168 1 20 Figure 15 Example 3 Network Topology Figure 16 Example 3 LAN Configuration Page 24 ...

Страница 32: ...0 A priority value of 0 is not allowed Table 17 VRRP configuration You may set the Check connection flag in the second part of the window to enable au tomatic test messages for the cellular network In some cases the mobile WAN connection could still be active but the router will not be able to send data over the cellular network This feature is used to verify that data can be sent over the PPP con...

Страница 33: ...ing If a response to the packet is received within the timeout specified by the Ping Timeout parameter then the router knows that the connection is still active If the router does not receive a response within the timeout period it will attempt to test the mobile WAN connection using standard Ping commands Example of the VRRP protocol Figure 17 Topology of VRRP configuration example Figure 18 Exam...

Страница 34: ...3 CONFIGURATION Figure 19 Example of VRRP configuration backup router 27 ...

Страница 35: ...rd for logging into the GSM network Authentication Authentication protocol in the GSM network PAP or CHAP The router selects the authentication method PAP The router uses the PAP authentication method CHAP The router uses the CHAP authentication method IP Address Specifies the IP address of SIM card You manually enter the IP ad dress only when mobile network carrier assigned the IP address Phone N...

Страница 36: ...the MTU value low more frequent fragmentation of data occurs More frequent fragmentation means a higher overhead and also the possibility of packet damage during defragmentation On the contrary a higher MTU value can cause the network to drop the packet If the IP address field is left blank when the router establishes a connection then the mobile network carrier automatically assigns an IP address...

Страница 37: ... address three times in a row the router terminates the current connection and tries to establish new ones Checking can be set separately for two SIM cards or two APNs Send an ICMP to an IP address that you know is still functional The operator s DNS server for example If the Check Connection item is set to the enabled option ping requests are sent on the basis of routing table Thus the requests m...

Страница 38: ...ter Data Limit State see below is set to not applicable or Send SMS when data limit is exceeded in SMS Configuration is not selected the Data Limit set here will be ignored 3 3 5 Switch between SIM Cards Configuration In the lower part of the configuration form you can specify the rules for toggling between the two SIM cards The router will automatically toggle between the SIM cards and their indi...

Страница 39: ...ceeded BIN0 State Configure the use of SIM cards based on binary input 0 state This option is not available on Libratum versions of the routers not applicable It is possible to use the SIM regardless of BIN0 state on Only use the SIM card if the BIN0 state is logical 1 voltage present off Only use the SIM card if the BIN0 state is logical 0 no voltage Table 22 Switch between SIM cards configuratio...

Страница 40: ...e router will attempt to switch back to the default SIM card This applies only when there is default SIM card defined and the backup SIM is selected beacuse of a failure of the default one or if roaming settings cause the switch This feature is available only when Switch to other SIM card when connection fails is enabled Initial Timeout Specifies the length of time that the router waits before the...

Страница 41: ...s not have a connection to a mobile network you may use this function to gain access to the router via dial up connections The router waits two minutes to accept connections If no one logs on during this time the router will make another attempt to establish a GPRS connection Item Description Username User name for secured Dial In access Password Password for secured Dial In access Table 24 Dial I...

Страница 42: ...3 CONFIGURATION Figure 20 Mobile WAN Configuration 35 ...

Страница 43: ...or the secondary SIM card In the case of data stream on the router the control pings are not sent but the data stream is monitored Figure 21 Example 1 Mobile WAN Configuration Example 2 The following configuration illustrates a scenario in which the router changes to a backup SIM card after exceeding the data limits of 800MB The router sends a warning SMS upon reaching 400MB The accounting period ...

Страница 44: ...Username for secure access to PPPoE Password Password for secure access to PPPoE Authentication Authentication protocol in GSM network PAP or CHAP The router selects the authentication method PAP The router uses the PAP authentication method CHAP The router uses the CHAP authentication method MRU Specifies the Maximum Receiving Unit The MRU identifies the max imum packet size that the router can r...

Страница 45: ...v2 both PEAPv0 and PEAPv1 is supported only Item Description Operating mode WiFi operating mode access point AP The router becomes an access point to which other devices in station STA mode can connect station STA The router becomes a client station It re ceives data packets from the available access point AP and sends data from cable connection via the WiFi network SSID The unique identifier of W...

Страница 46: ...no country code is specified or if the wrong country code is en tered the router may violate country specific regulations for the use of WiFi frequency bands HW Mode HW mode of WiFi standard that will be supported by WiFi access point IEE 802 11b 2 4 GHz IEE 802 11b g 2 4 GHz IEE 802 11b g n 2 4 GHz Channel The channel where the WiFi AP is transmitting Supported 2 4 GHz channels 1 2 3 4 5 6 7 8 9 ...

Страница 47: ...er en cryption 802 1X RADIUS authentication with port based Network Ac cess Control PNAC using encapsulation of the Extensible Authentication Protocol EAP over LAN EAPOL Encryption Type of data encryption in the WiFi network None No data encryption WEP Encryption using static WEP keys This encryption can be used for Shared authentication TKIP Dynamic encryption key management that can be used for ...

Страница 48: ...SK Key for WPA PSK authentication This key must be entered accord ing to the selected WPA PSK type as follows 256 bit secret 64 hexadecimal digits ASCII passphrase 8 to 63 characters PSK File absolute path to the file containing the list of pairs PSK key MAC address RADIUS Auth Server IP IP address of the RADIUS server In AP mode only and with one of RADIUS authentications selected RADIUS Auth Pas...

Страница 49: ...ntications selected RADIUS Password RADIUS access password In STA mode only and with one of RA DIUS authentications selected Access List Mode of Access Deny list Disabled Access Deny list is not used Accept Clients in Accept Deny list can access the network Deny Clients in Access Deny list cannot access the network Accept Deny List Accept or Denny list of client MAC addresses that set network ac c...

Страница 50: ...3 CONFIGURATION Figure 24 WiFi Configuration 43 ...

Страница 51: ...from cable connection via the WiFi network DHCP Client Activates deactivates DHCP client IP Address Fixed set IP address of WiFi network interface Subnet Mask Subnet mask of WiFi network interface Bridged Activates bridge mode no Bridged mode is not allowed default value WLAN network is not connected with LAN network of the router yes Bridged mode is allowed WLAN network is connected with one or m...

Страница 52: ...ription IP Pool Start Beginning of the range of IP addresses which will be assigned to DHCP clients IP Pool End End of the range of IP addresses which will be assigned to DHCP clients Lease Time Time in seconds for which the client may use the IP address Table 28 Configuration of DHCP Server All changes in settings will apply after pressing the Apply button Figure 25 WLAN Configuration 45 ...

Страница 53: ...y con nection with alternative connections to the Internet mobile network or enable Multiple WANs mode It is also possible to prioritize each backup connection option Switching between connections is carried out according to order of priority and the state of the connections Figure 26 Backup Routes Configuration 46 ...

Страница 54: ... transmissions Table 29 Backup Routes Configuration To add the network interfaces to the backup routes system mark the checkbox s of the following interface options Enable backup routes switching for Mobile WAN Enable backup routes switching for PPPoE Enable backup routes switching for WiFi STA Enable backup routes switching for Primary LAN or Enable backup routes switching for Secondary LAN En ab...

Страница 55: ...owing list contains the names of backup routes and corresponding network interfaces in order of default priorities Mobile WAN pppX usbX PPPoE ppp0 WiFi STA wlan0 Secondary LAN eth1 Primary LAN eth0 Example The router selects the Secondary LAN as the default route only if you unmark the Create connection to mobile network check box on the Mobile WAN page Alternatively if you unmark the Create PPPoE...

Страница 56: ...tocol is active ICMP Access for the ICMP protocol is active Target Port The port number on which access to the router is allowed Action Specifies the type of action the router performs allow The router allows the packets to enter the network deny The router denies the packets from entering the network Table 31 Filtering of Incoming Packets The next section of the configuration form specifies the f...

Страница 57: ... is allowed Action Specifies the type of action the router performs allow The router allows the packets to enter the network deny The router denies the packets from entering the net work Table 32 Forwarding filtering When you enable the Enable filtering of locally destined packets function the router drops receives packets requesting an unsupported service The packet is dropped automatically witho...

Страница 58: ...tion Example of the firewall configuration The router allows the following access from IP address 171 92 5 45 using any protocol from IP address 10 0 2 123 using the TCP protocol on port 1000 from IP address 142 2 26 54 using the ICMP protocol 51 ...

Страница 59: ...3 CONFIGURATION Figure 28 Topology for the Firewall Configuration Example Figure 29 Firewall Configuration Example 52 ...

Страница 60: ...tartup Script dialog is located in the Configuration section of the main menu When creating your rules in the start up script use the following format iptables t nat A napt p tcp dport PORT _PUBLIC j DNAT to destination IPADDR PORT1 _PRIVATE Enter the IP address IPADDR the public ports numbers PORT_PUBLIC and private PORT_PRIVATE in square bracket You use the following parameters to set the routin...

Страница 61: ...ault configuration Enable remote FTP access on port Select this option to allow the router using FTP Enable remote SSH access on port Select this option to allow access to the router using SSH disabled in default configuration Enable remote Telnet access on port Select this option to allow the router using Telnet Enable remote SNMP access on port Select this option to allow access to the router us...

Страница 62: ...eck box for this configuration The IP address in this example is the address of the device behind the router The default gateway of the devices in the subnetwork connected to router is the same IP address as displayed in the Default Server IP Address field The connected device replies if a PING is sent to the IP address of the SIM card 55 ...

Страница 63: ...3 CONFIGURATION Example 2 Configuration with more equipment connected Figure 32 Example 2 Topology of NAT Configuration Figure 33 Example 2 NAT Configuration 56 ...

Страница 64: ...d Private Port fields It is now configured to access 192 168 1 2 80 socket behind the router when accessing 10 0 0 1 81 from the Internet and so on If you send the ping request to the public IP address of the router 10 0 0 1 the router will respond as usual not forwarding If you access the IP address 10 0 0 1 in the browser it is port 80 nothing will happen Port 80 in the Public Port list is not d...

Страница 65: ...IP address of opposite tunnel side You can also use the domain name Remote Subnet Specifies the IP address of a network behind opposite side of the tunnel Remote Subnet Mask Specifies the subnet mask of a network behind opposite side of the tunnel Redirect Gateway Adds rewrites the default gateway All the packets are then sent to this gateway via tunnel if there is no other specified default gatew...

Страница 66: ... applied NAT rules are not applied to the OpenVPN tunnel applied NAT rules are applied to the OpenVPN tunnel Authenticate Mode Specifies the authentication mode none No authentication is set Pre shared secret Specifies the shared key function for both sides of the tunnel Username password Specifies authentication using a CA Certificate Username and Password X 509 Certificate multiclient Activates ...

Страница 67: ...509 Certificate authentication mode Username Specifies a login name which you can use for authentication in the username password mode Password Specifies a password which you can use for authentication in the username password mode Extra Options Specifies additional parameters for the OpenVPN tunnel such as DHCP options The parameters are proceeded by two dashes For possible parameters see the hel...

Страница 68: ...3 CONFIGURATION The changes in settings will apply after pressing the Apply button Figure 34 OpenVPN tunnel configuration 61 ...

Страница 69: ... 2 10 0 0 1 Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Local Interface IP Address 19 16 1 0 19 16 2 0 Remote Interface IP Address 19 16 2 0 19 18 1 0 Compression LZO LZO Authenticate mode none none Table 37 OpenVPN Configuration Example Examples of different options for configuration and authentication of OpenVPN tunnel can be found in the application note...

Страница 70: ... IP address of remote side of the tunnel It is also possible to enter the domain name Remote ID Identifier ID of remote side of the tunnel It consists of two parts a hostname and a domain name Remote Subnet IP address of a network behind remote side of the tunnel Remote Subnet Mask Subnet mask of a network behind remote side of the tunnel Remote Protocol Port Specifies Protocol Port of remote side...

Страница 71: ...hm auto The encryption and hash algorithm are selected au tomatically manual The encryption and hash algorithm are defined by the user IKE Encryption Encryption algorithm 3DES AES128 AES192 AES256 IKE Hash Hash algorithm MD5 SHA1 SHA256 SHA384 or SHA512 IKE DH Group Specifies the Diffie Hellman groups which determine the strength of the key used in the key exchange process Higher group num bers ar...

Страница 72: ...d DPD Timeout The period during which device waits for a response Authenticate Mode Specifies the means by which the router authenticates Pre shared key Sets the shared key for both sides of the tunnel X 509 Certificate Allows X 509 authentication in multi client mode Pre shared Key Specifies the shared key for both sides of the tunnel The prereq uisite for entering a key is that you select pre sh...

Страница 73: ...mp myrootca req openssl x509 req days 7305 sha1 extensions v3_ca signkey private ca key in tmp myrootca req out ca crt server cert openssl genrsa out private server key 2048 openssl req new key private server key out tmp server req openssl x509 req days 7305 sha1 extensions v3_req CA ca crt CAkey private ca key in tmp server req CAserial ca srl CAcreateserial out server crt client cert openssl gen...

Страница 74: ...s for example 192 168 1 1 DN for example C CZ O Conel OU TP CN A FQDN for example director conel cz the symbol proceeds the FQDN User FQDN for example director conel cz The certificates and private keys have to be in the PEM format Use only certificates containing start and stop tags The random time after which the router re exchanges new keys is defined as follows Lifetime Rekey margin random val...

Страница 75: ...3 CONFIGURATION Figure 36 IPsec Tunnels Configuration 68 ...

Страница 76: ...t 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Local Subnet 192 168 1 0 192 168 2 0 Local Subnet Mas 255 255 255 0 255 255 255 0 Authenticate mode pre shared key pre shared key Pre shared key test test Table 39 Example IPsec configuration Examples of different options for configuration and authentication of IPsec tunnel can be found in the application note IPsec Tunnel 6 ...

Страница 77: ... remote side of the tunnel Remote Subnet Mask Specifies the mask of the network behind the remote side of the tunnel Local Interface IP Address IP address of the local side of the tunnel Remote Interface IP Address IP address of the remote side of the tunnel Multicasts Activates deactivates sending multicast into the GRE tunnel disabled Sending multicast into the tunnel is inactive enabled Sending...

Страница 78: ...3 CONFIGURATION Figure 38 GRE Tunnel Configuration 3 12 1 Example of the GRE Tunnel Configuration Figure 39 Topology of GRE Tunnel Configuration Example 71 ...

Страница 79: ...P Address 10 0 0 2 10 0 0 1 Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Table 41 GRE Tunnel Configuration Example Examples of different options for configuration of GRE tunnel can be found in the application note GRE Tunnel 7 72 ...

Страница 80: ...s of the server Server IP Address IP address of the server Client Start IP Address IP address to start with in the address range The range is offered by the server to the clients Client End IP Address The last IP address in the address range The range is offered by the server to the clients Local IP Address IP address of the local side of the tunnel Remote IP Address IP address of the remote side ...

Страница 81: ...on A B Mode L2TP Server L2TP Client Server IP Address 10 0 0 1 Client Start IP Address 192 168 2 5 Client End IP Address 192 168 2 254 Local IP Address 192 168 1 1 Remote IP Address Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Username username username Password password password Table 43 L2TP Tunnel Configuration Example 74 ...

Страница 82: ...rver Server IP Address IP address of the server Local IP Address IP address of the local side of the tunnel Remote IP Address IP address of the remote side of the tunnel Remote Subnet Address of the network behind the remote side of the tunnel Remote Subnet Mask The mask of the network behind the remote side of the tunnel Username Username for the PPTP tunnel login Password Password for the PPTP t...

Страница 83: ...of the PPTP tunnel Configuration A B Mode PPTP Server PPTP Client Server IP Address 10 0 0 1 Local IP Address 192 168 1 1 Remote IP Address 192 168 2 1 Remote Subnet 192 168 2 0 192 168 1 0 Remote Subnet Mask 255 255 255 0 255 255 255 0 Username username username Password password password Table 45 PPTP Tunnel Configuration Example 76 ...

Страница 84: ...e click DynDNS in the main menu Item Description Hostname The third order domain registered on the www dyndns org server Username Username for logging into the DynDNS server Password Password for logging into the DynDNS server Server Specifies a DynDNS service other than the www dyndns org Possible other services www spdns de www dnsdynamic org www noip com Enter the update server service informat...

Страница 85: ...hen the router acts as a NTP client This means that the router automatically adjusts the internal clock every 24 hours Item Description Primary NTP Server Address IP or domain address of primary NTP server Secondary NTP Server Address IP or domain address of secondary NTP server Timezone Specifies the time zone where you installed the router Daylight Saving Time Activates deactivates the DST shift...

Страница 86: ...s also necessary to specify a password for access to the Community SNMP agent The default setting is public You can define a different password for the Read community read only and the Write community read and write for SNMPv1 v2 You can also define 2 SNMP users for SNMPv3 You can define a user as read only Read and another as read and write Write The router allows you to configure the parameters ...

Страница 87: ...tion Baudrate Communication speed Parity Control parity bit none Data will be sent without parity even Data will be sent with even parity odd Data will be sent with odd parity Stop Bits Number of stop bits Table 50 SNMP configuration MBUS extension Parameters Enable XC CNT extension and Enable M BUS extension cannot be checked at the same time Selecting Enable reporting to supervisory system and e...

Страница 88: ...e basic tree structure that is used for creating the OIDs Figure 46 OID Basic Structure The SNMP values that are specific for Conel routers create the tree starting at OID 1 3 6 1 4 1 30140 You interpret the OID in the following manner iso org dod internet private enterprises conel This means that the router provides for example information about the binary input and output The following table sho...

Страница 89: ...1 0 IdNumber meter number 1 3 6 1 4 1 30140 2 2 address 2 0 Manufacturer 1 3 6 1 4 1 30140 2 2 address 3 0 Version specified meter version 1 3 6 1 4 1 30140 2 2 address 4 0 Medium type of metered medium 1 3 6 1 4 1 30140 2 2 address 5 0 Status errors report 1 3 6 1 4 1 30140 2 2 address 6 0 0 VIF value information field 1 3 6 1 4 1 30140 2 2 address 7 0 0 measured value 1 3 6 1 4 1 30140 2 2 addre...

Страница 90: ... pro vide information About the internal temperature of the device OID 1 3 6 1 4 1 30140 3 3 and power voltage OID 1 3 6 1 4 1 30140 3 4 The list of available and supported OIDs and other details can be found in the application note SNMP Object Identifier 8 Figure 47 SNMP Configuration Example 83 ...

Страница 91: ...SNMP agent field The dialog displayed the internal variables in the MIB tree after entering the IP address Furthermore you can find the status of the internal variables by entering their OID The path to the objects is iso org dod internet private enterprises conel protocols The path to information about the router is iso org dod internet mgmt mib 2 system 84 ...

Страница 92: ...ial characters are not allowed Own E mail Address Address of the sender Table 55 SMTP client configuration The mobile service provider can block other SMTP servers then you can only use the SMTP server of the service provider Figure 49 SMTP Client Configuration Example You send e mails from the Startup script The Startup Script dialog is located in the Con figuration section of the main menu The r...

Страница 93: ...mail email t name domain com s subject m message a c directory abc doc r 5 The command above sends an e mail address to name domain com with the subject subject body message message and attachment abc doc directly from the directory c directory The router attempts to send the message five times 86 ...

Страница 94: ...ivates deactivates the sending of an SMS mes sage automatically when the data limit exceeded Send SMS when binary input on I O port BIN0 is active Send an SMS message when the binary input on the I O port BIN0 goes active The text of the message is set using parameter BIN0 Send SMS when binary input on expansion port BIN1 BIN4 is active Automatic sending SMS message after binary input on expansion...

Страница 95: ...via SMS check box The default setting of the remote control function is active Note Every received control SMS is processed and then deleted from the router Item Description Phone Number 1 Specifies the first phone number allowed to access the router us ing an SMS Phone Number 2 Specifies the second phone number allowed to access the router using an SMS Phone Number 3 Specifies the third phone num...

Страница 96: ... to 0 set out0 1 Sets the binary output to 1 set out1 0 Sets the binary output of XC CNT to 0 set out1 1 Sets the binary output of XC CNT to 1 set profile std Sets the standard profile set profile alt1 Sets the alternative profile 1 set profile alt2 Sets the alternative profile 2 set profile alt3 Sets the alternative profile 3 reboot The router reboots get ip The router responds with the IP addres...

Страница 97: ...urns the specific model identity of the manufacturer AT CGMR Returns the specific model revision identity of the manufacturer AT CGPADDR Displays the IP address of the usb0 interface AT CGSN Returns the product serial number AT CIMI Returns the International Mobile Subscriber Identity number IMSI AT CMGD Deletes a message from the location AT CMGF Sets the presentation format for short messages AT...

Страница 98: ...model identity of the manufacturer AT GMR Returns the specific model revision identity of the manufacturer AT GSN Returns the product serial number ATE Determines whether or not the device echoes characters ATI Transmits the manufacturer specific information about the device Table 62 List of AT Commands A detailed description and examples of these AT commands can be found in the application note A...

Страница 99: ... to mobile network the phone with the number entered in the dialog receives an SMS in the following form Router Unit ID has established connection to mobile network IP address xxx xxx xxx xxx After disconnecting from the mobile network the phone with the number entered in the dialog receives an SMS in the following form Router Unit ID has lost connection to mobile network IP address xxx xxx xxx xx...

Страница 100: ...3 CONFIGURATION Example 2 Configuration for sending SMS via serial interface on the Port 1 Figure 51 Example 2 SMS Configuration 93 ...

Страница 101: ...3 CONFIGURATION Example 3 Control the router using an SMS from any phone number Figure 52 Example 3 SMS Configuration 94 ...

Страница 102: ...3 CONFIGURATION Example 4 Control the router using an SMS from two phone numbers Figure 53 Example 4 SMS Configuration 95 ...

Страница 103: ...ime to rupture reports If the gap between two characters exceeds the parameter in milliseconds any buffered characters will be sent over the Ethernet port Protocol Protocol TCP communication using a linked protocol TCP UDP communication using a unlinked protocol UDP Mode Mode of connection TCP server The router will listen for incoming TCP connection requests TCP client The router will connect to ...

Страница 104: ...ctive TCP connection is disabled Table 65 CD Signal Description When you mark the Use DTR as control of TCP connection check box the router uses the data terminal ready DTR single to control the TCP connection The remote device sends a DTR single to the router indicating that the remote device is ready for communications DTR Description server Description client Active The router allows the establ...

Страница 105: ...3 CONFIGURATION Figure 54 Expansion Port Configuration 98 ...

Страница 106: ...3 CONFIGURATION Examples of the expansion port configuration Figure 55 Example of Ethernet to serial communication Figure 56 Example of serial port extension 99 ...

Страница 107: ...op bit Split Timeout Time to rupture reports If the gap between two characters exceeds the parameter in milliseconds any buffered characters will be sent over the Ethernet port Protocol Communication protocol TCP communication using a linked protocol TCP UDP communication using a unlinked protocol UDP Mode Mode of connection TCP server The router will listen for incoming TCP connection requests TC...

Страница 108: ...ies that another device is connected to the other side of the cable CD Description Active TCP connection is enabled Nonactive TCP connection is disabled Table 69 CD Signal description When you mark the Use DTR as control of TCP connection check box the router uses the data terminal ready DTR single to control the TCP connection The remote device sends a DTR single to the router indicating that the...

Страница 109: ...3 CONFIGURATION Figure 57 USB configuration Examples of USB port configuration Figure 58 Example 1 USB port configuration 102 ...

Страница 110: ...3 CONFIGURATION Figure 59 Example 2 USB port configuration 103 ...

Страница 111: ...window to create your own scripts which will be executed after all of the initialization scripts are run right after the router is turned on or rebooted The changes in settings will apply after pressing the Apply button Any changes to the Startup Script will take effect the next time the router is power cycled or rebooted This can be done with the Reboot button in the Administration section or by ...

Страница 112: ...n is established Script commands entered into the Down Script window will run when the WAN connection is lost The changes in settings will apply after pressing the Apply button Also you need to reboot the router to make Up Down Script work Example of Up Down Script After establishing or losing the WAN connection connection to mobile network the router sends an email with information about the conn...

Страница 113: ...specified by that ad dress HTTP HTTPS FTP or FTPS USB flash drive The router finds the current firmware or con figuration in the root directory of the connected USB device Both Looking for the current firmware or configuration from both sources Base URL Base URL or IP address from which the configuration file will be down loaded This option also specifies the communication protocol HTTP HTTPS FTP ...

Страница 114: ...es to download the nonexistent ver file then there is a risk that the router will download the bin file over and over again Firmware update can cause incompatibility with the user modules It is recommended that you update user modules to the most recent version Information about the user modules and the firmware compatibility is at the beginning of the user module s Application Note The following ...

Страница 115: ...are or configurations each day at 1 00 a m An example is given for the LR77 v2 router with MAC address 00 11 22 33 44 55 Firmware http example com LR77 v2 bin Configuration file http example com 00 11 22 33 44 55 cfg Figure 63 Example of Automatic Update 2 108 ...

Страница 116: ...the module contains an index html or index cgi page the module name serves as a link to this page The module can be deleted using the Delete button Updating a module is done the same way Click the Add button and the module with the higher newer version will replace the existing module The current module configuration is left in the same state Programming and compiling of modules is described in th...

Страница 117: ...d saves contents of these messages to an XML file pduSMS Sends short messages SMS to specified number GPS Allows the router to provide location and time information in all weather anywhere on or near the Earth where there is an unobstructed line of sight to four or more GPS satellites Pinger Allows you to manually or automatically verify the functionality of the connection between two network inte...

Страница 118: ...ser Delete Deletes the corresponding user account Table 73 Users Overview Be careful If you lock every account with the permission role Admin you can not unlock these accounts This also means that the Users dialog is unavailable for every user because every admin account is locked and the users do not have sufficient permissions The second block contains configuration form which allows you to add ...

Страница 119: ...e the settings to and ensure that the Copy settings from current profile to selected profile box is checked The current settings will be stored in the alternate profile after the Apply button is pressed Any changes will take effect after restarting router through the Reboot menu in the web administrator or using an SMS message Example of using profiles Profiles can be used to switch between differ...

Страница 120: ... your network change the default password You can not enable remote access to the router for example in NAT until you change the password Figure 68 Change Password 5 4 Set Real Time Clock You can set the internal clock directly using the Set Real Time Clock dialog in the Adminis tration section of in the main menu You can set the Date and Time manually When entering the values manually use the for...

Страница 121: ...with an international prefix 420 xxx xxx xxx If you are unable to send or receive SMS messages contact your carrier to find out if this parameter is required Figure 70 Set SMS Service Center Address 5 6 Unlock SIM Card The XR5i v2 router does not support the Unlock SIM Card option If your SIM card is protected using a 4 8 digit PIN number Personal Identification Num ber open the Unlock SIM Card fo...

Страница 122: ... is also possible to send an SMS message using CGI script For details of this method see the application note Commands and Scripts 1 5 8 Backup Configuration You can save the configuration of the router using the Backup Configuration function If you click on Backup Configuration in the Administration section of the main menu then the router allows you to select a directory in which the router save...

Страница 123: ...he filename written out as Firmware Name when updating the firmware Figure 74 Update Firmware During the firmware update the router will show the following messages The progress is shown in the form of adding dots After the firmware update the router will automatically reboot Uploading firmware intended for a different device can cause damage to the router Starting with FW 5 1 0 a mechanism to pre...

Страница 124: ...5 ADMINISTRATION 5 11 Reboot To reboot the router select the Reboot menu item and then press the Reboot button Figure 75 Reboot 117 ...

Страница 125: ...stem time df displaying of informations about file system dmesg displaying of kernel diagnostics messages echo string write email Email send free displaying of informations about memory gsmat sends AT commands cdmaat for routers with CDMA module gsminfo displaying of informations about signal quality gsmsms SMS send hwclock displaying change of time in RTC ifconfig displaying change of interface c...

Страница 126: ...ump of actual directory reboot reboot rm file delete rmdir directory delete route displaying change of route table service start stop of service sleep pause on set seconds number slog displaying of system log tail displaying of file end tcpdump monitoring of network touch file create actualization of file time stamp vi text editor Table 75 Telnet commands 119 ...

Страница 127: ... DynDNS client DynDNS service lets you ac cess the router remotely using an easy to re member custom hostname This client monitors the router s IP address and updates it whenever it changes GRE Generic Routing Encapsulation GRE is a tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point to point links over an Internet Protocol net work It is possible...

Страница 128: ...of IPv4 address exhaustion IPv6 is intended to replace IPv4 which still car ries the vast majority of Internet traffic as of 2013 As of late November 2012 IPv6 traffic share was reported to be approaching 1 IPv6 addresses are represented as eight groups of four hexadecimal digits separated by colons 2001 0db8 85a3 0042 1000 8a2e 0370 7334 but methods of abbreviation of this full notation exist L2T...

Страница 129: ...ure of the RADIUS protocol it is often used by ISPs and enterprises to manage access to the Internet or internal networks wire less networks and integrated e mail services Root certificate In cryptography and com puter security a root certificate is either an un signed public key certificate or a self signed cer tificate that identifies the Root Certificate Author ity CA A root certificate is part...

Страница 130: ... error checked delivery of a stream of octets between programs running on comput ers connected to a local area network intranet or the public Internet It resides at the transport layer Web browsers use TCP when they connect to servers on the World Wide Web and it is used to deliver email and transfer files from one loca tion to another UDP The User Datagram Protocol UDP is one of the core members ...

Страница 131: ...gional or national boundaries using private or public network transports Business and govern ment entities utilize WANs to relay data among employees clients buyers and suppliers from various geographical locations In essence this mode of telecommunication allows a business to effectively carry out its daily function regard less of location The Internet can be considered a WAN as well and is used ...

Страница 132: ...s 2 Default password 2 Default SIM card 31 Default username 2 DHCP 18 117 Dynamic 19 Static 20 DNS 117 DNS server 19 29 Domain Name System see DNS DoS attacks 48 Dynamic Host Configuration Protocol see DHCP DynDNS 74 E Expansion Port CNT 93 MBUS 93 RS232 93 RS485 422 93 F Firewall 47 Filtering of Forwarded Packets 47 Filtering of Incoming Packets 47 Protection against DoS attacks 48 Firmware updat...

Страница 133: ... Router Accessing 2 S Save Log 16 Save Report 16 Send SMS 112 Serial line RS232 93 RS422 93 RS485 93 Serial number 5 Set internal clock 110 Signal Quality 6 Signal Strength 6 Simple Network Management Protocol see SNMP SMS 84 SMS Service Center 111 SMTP 82 119 SNMP 76 120 Startup Script 101 Switch between SIM Cards 30 System Log 16 T TCP 120 Telnet 115 Transmission Control Protocol see TCP U UDP 1...

Страница 134: ...V Virtual private network see VPN VPN 120 VRRP 24 120 W WiFi 37 Authentication 39 HW Mode 38 Operating mode 37 WLAN 43 Operating mode 43 127 ...

Страница 135: ...vantech B B SmartWorx R SeeNet Application Note 4 Advantech B B SmartWorx R SeeNet Admin Application Note 5 Advantech B B SmartWorx OpenVPN Tunnel Application Note 6 Advantech B B SmartWorx IPsec Tunnel Application Note 7 Advantech B B SmartWorx GRE Tunnel Application Note 8 Advantech B B SmartWorx SNMP Object Identifier Application Note 9 Advantech B B SmartWorx AT Commands Application Note 128 ...

Отзывы:

Нет отзывов

Похожие инструкции для B+B SmartWorx LR77 v2

Бренд: 3Com Страницы: 48

Бренд: Paradyne Страницы: 22

Бренд: JCG Страницы: 3

Бренд: National Instruments Страницы: 36

VigorIPPBX 2820 Series

Бренд: Draytek Страницы: 29

Бренд: Dahua Страницы: 24

Бренд: LaCie Страницы: 22

Бренд: Fortinet Страницы: 20

APS6-400 Series

Бренд: Eaton Страницы: 114

AirStation WZR-1166DHP

Бренд: Buffalo Страницы: 2

Бренд: AMX Страницы: 1

Бренд: Tenda Страницы: 120

ipRocketLink 3101 Series

Бренд: Patton Страницы: 119

Бренд: C&H Technologies Страницы: 50

Бренд: Cayman Systems Страницы: 170

Бренд: TRENDnet Страницы: 7

Бренд: Lanpro Страницы: 6

Full-Rated Router ADSL2+

Бренд: PC Concepts Страницы: 104

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды