manualshive.com logo in svg

GE MDS ORBIT MCR, Техническое руководство

Поделиться
Скачать
GE MDS ORBIT MCR Скачать руководство пользователя страница 1

 

 

MDS

 ORBIT MCR

 

Multiservice Connect Router 

 

 

 

 

 

 

       
 
 
MDS

 ORBIT ECR

 

Edge Connect Router

 

 

 

 

 

 

 

 
 
 

 

MDS 05-6632A01, Rev. F 

May 2016 

Including New Features from Firmware Revsion 4.6.x 

 

 

Techni

cal

 Ma

nu

al

 

 

Techni

cal

 Ma

nu

al

 

Содержание MDS ORBIT MCR

Страница 1: ...MDS ORBIT MCR Multiservice Connect Router MDS ORBIT ECR Edge Connect Router MDS 05 6632A01 Rev F May 2016 Including New Features from Firmware Revsion 4 6 x Technical Manual Technical Manual...

Страница 2: ...videos Orbit MCR Learning and Development YouTube Channel Quick Start instructions for this product are contained in publication 05 6709A01 Visit our website for downloadable copies of all documentati...

Страница 3: ...RROWBAND 21 2 3 6 2 4 TYPICAL APPLICATIONS 22 2 5 MCR AND ECR CONNECTORS AND INDICATORS 22 2 6 GROUNDING CONSIDERATIONS 28 2 7 MOUNTING OPTIONS 29 OPTIONAL DIN RAIL MOUNTING 30 2 7 1 2 8 ANTENNA PLANN...

Страница 4: ...1 LAN 193 3 8 2 ETHERNET PORT SECURITY PORT BASED AUTHENTICATION 199 3 8 3 VLAN OPERATION 200 3 8 4 BRIDGING 203 3 8 5 ROUTING 206 3 8 6 STATIC NEIGHBOR ENTRIES 211 3 8 7 ACCESS CONTROL LIST PACKET F...

Страница 5: ...395 6 7 CLI ENVIRONMENT 396 6 8 COMMAND OUTPUT PROCESSING 397 6 9 COUNT THE NUMBER OF LINES IN THE OUTPUT 398 6 10 SEARCH FOR A STRING IN THE OUTPUT 398 6 11 REGULAR EXPRESSIONS 399 6 12 DISPLAY LINE...

Страница 6: ...BIT 426 12 2 1 CISCO IOS 432 12 2 2 12 3 GRE IPSEC WITH JUNIPER JUNOS 437 ORBIT 437 12 3 1 JUNOS 441 12 3 2 13 0 APPENDIX H 802 1X PORT AUTHENTICATION W EAP 446 13 1 OVERVIEW 446 13 2 CONFIGURATION EX...

Страница 7: ...must not be co located All transmission antennas must be at least 20 cm apart to comply with FCC co location rules Orbit Device vs Minimum RF Safety Distance Radio Module Equipped Minimum Safety Dist...

Страница 8: ...egulations and obey all signs and notices Do not use the Orbit MCR when you suspect that it may cause interference or danger Near Medical and life support equipment Do not use the Orbit MCR in any are...

Страница 9: ...nual updates can be found on our web site at www gemds com Environmental Information The manufacture of this equipment has required the extraction and use of natural resources Improper disposal may co...

Страница 10: ...cordance with CSA STD C22 2 No 213 M1987 CSA Conditions of Approval The transceiver is not acceptable as a stand alone unit for use in the hazardous locations described above It must either be mounted...

Страница 11: ...an explosive gas atmosphere other than mines susceptible to firedamp 3 G Zone 2 Normal Protection level Gas Provides a low level of protection and is intended for use in a Zone 2 hazardous area Ex nA...

Страница 12: ...shall be installed in an enclosure that maintains an ingress protection rating of at least IP54 and meets the enclosure requirements of EN 60079 0 and EN 60079 15 The installer shall ensure that the m...

Страница 13: ...ncia a sistemas operando em car ter prim rio Este produto est homologado pela Anatel de acordo com os procedimentos regulamentados pela Resolu o n 242 2000 e atende aos requisitos t cnicos aplicados...

Страница 14: ...e que este equipo o dispositivo no cause interferencia perjudicial y 2 este equipo o dispositivo debe aceptar cualquier interferencia incluyendo la que pueda causar su operaci n no deseada New Zealand...

Страница 15: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 15...

Страница 16: ...n site Figure 1 1 MCR 4G Unit Standard 2E1S configuration shown Figure 1 2 ECR 900 Unit With a common hardware architecture and user interface the MCR and ECR offers flexibility in network design and...

Страница 17: ...TE North America ECR 4GS Name for the product when configured with 4G LTE EMEA APAC ECR 3G Name for the product when configured with 3G ECR 900 Name for the product when configured with unlicensed 900...

Страница 18: ...er in some cases command lines will be shown with non bolded italicized text contained within the string Such text indicates the need for user supplied variable parameters such as the name of an item...

Страница 19: ...y the serial or Ethernet connections on the unit s front panel Do not use the USB port in hazardous locations Network Management System Orbit MCR is supported by GE MDS PulseNET a Network Management S...

Страница 20: ...rth America 2 3 3 This 4G modem supports following technologies LTE 1900 B2 AWS B4 850 B5 700 B13 700 B17 1900 B25 GSM GPRS EDGE 850 900 1800 1900 MHz UMTS HSPA HSPA 2100 B1 1900 B2 AWS B4 850 B5 900...

Страница 21: ...orts multiple SAFs on any level Automatically adjusts Media Access scheme for SAF network to support simultaneous communications at alternating levels and minimize latency using dynamic fragmentation...

Страница 22: ...hat are located on a local internal private LAN or WiFi network The unit acts as an Access Point on the WiFi interface to provide connectivity to WiFi clients Figure 2 1 shows an example network in wh...

Страница 23: ...ollows The unit s LED Indicator Panel is described in Table 2 5 Figure 2 3 ECR Connectors and Indicators Sample configuration with Cell WiFi Ethernet and Serial port PWR Two conductor DC input connect...

Страница 24: ...iency based on the system s operating characteristics As viewed from the outside the unit Table 2 1 ETH1 2 Pin Details Pin Function Pin Function 1 Transmit Data TX High 5 Unused 2 Transmit Data TX Low...

Страница 25: ...llowing page provide pin descriptions for the COM1 data port in RS 232 mode and RS 485 modes respectively NOTE The COM2 port if present is restricted to RS 232 mode it cannot be used for RS 485 As vie...

Страница 26: ...ed device COM1 Port notes and wiring arrangements for RS 485 The COM1 port supports 4 wire and 2 wire RS 485 mode as follows RXD RXB and RXD RXA are data sent into the unit RXD RXB is positive with re...

Страница 27: ...Indicators Table 2 4 Description of LED Status Indicators LED Name LED State Description PWR DC Power Off Solid Green Fast Blink Red 1x sec No power to unit Unit is powered no problems detected Alarm...

Страница 28: ...rowband LnRadio MCR LN 3G Cellular Lic Narrowband LnRadio MCR LN Only Off Lic Narrowband LnRadio Table 2 6 ECR NIC LED Descriptions Product Configuration NIC1 NIC2 ECR 4G WiFi Cellular WiFi ECR 4G Onl...

Страница 29: ...if possible All grounds and cabling must comply with applicable codes and regulations One source for lightning protection products may be found online at http www protectiongroup com PolyPhaser 2 7 M...

Страница 30: ...l cables to prevent moisture from running along the cables and into the unit Optional DIN Rail Mounting 2 7 1 If ordered with the DIN rail mounting option the unit is supplied with a DIN rail clip att...

Страница 31: ...ctly Connected Cellular Antenna Typical Style GE MDS Part No 97 2485A04 WiFi Antenna Antenna connection for 2 4 GHz WiFi service The connector appears similar to the cellular connectors discussed abov...

Страница 32: ...4278A34 using a magnetic mount GE MDS PN 97 4278A78 This configuration offers easy mobility for evaluation purposes or indoor applications with good cellular signal coverage see Figure 2 11 Figure 2 1...

Страница 33: ...2 12 Typical Yagi Antenna mounted to mast Feedlines Selection of an antenna feedline is very important Poor quality cable should be avoided as it will result in power losses that may reduce the range...

Страница 34: ...factory representative or visit www gemds com to obtain a copy of the guide Table 2 9 Accessories Ancillary Items Item Description Part Number DC Power Plug 2 pin polarized Mates with power connector...

Страница 35: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 35...

Страница 36: ...use a user interface to add remove or alter a piece of configuration data The second step is to use the user interface to commit the change Multiple changes can be made prior to committing them This t...

Страница 37: ...ollowed by a slash character and ending with the bit length max 32 of the prefix A subnet mask is expressed in dot decimal notation For example 192 168 1 0 24 is equivalent to specifying 192 168 1 0 w...

Страница 38: ...ce Manager Overview Screen For initial configuration the Setup Wizard will appear and provide guidance in typical setups This will be disabled after initial setup is completed but may be re run at any...

Страница 39: ...iew Validate and Cancel Clicking the button defaults to Validate and saves the changes Figure 3 6 Save Button Changes to commit From the CLI all changes are made and committed using by using the commi...

Страница 40: ...en your primary key is lost If you don t make a spare you are always at risk of locking yourself out A one time recovery password is different from the one used to log into the unit on a routine basis...

Страница 41: ...cessed via TCP for example SSH Deleting a One Time Password As noted earlier a one time password is automatically revoked when it is used for log in A revoked password may be replaced but it must firs...

Страница 42: ...must be deleted if there are no more password slots available Change Default Passwords 3 1 3 For security purposes it is highly advised to change the default passwords for all user roles This is acco...

Страница 43: ...User Authentication 1 Update factory default passwords Secure login access into Orbit with local or RADIUS based user authentication Device Management 2 Secure access to Orbit for device management b...

Страница 44: ...meet field requirements but comes preconfigured as follows The COM and USB ports are enabled for local console operation When applicable interfaces are preconfigured as members of a bridge A DHCP ser...

Страница 45: ...3 2 Checklist for Initial Setup Configuration Step Applicable Manual Section Comment Additional Information Establish connection to the device SSH Serial USB Web Initial Settings Overview Specific Ap...

Страница 46: ...ular service in the listed Appendix Configuring for 900MHz operation if present 3 5 4 Unlicensed 900 MHz ISM NX915 NX915 is the hardware module that provides the 900 MHz operations It is factory confi...

Страница 47: ...rts WiFi and the bridge The following chart lists the required steps to configure the MCR for this specific scenario Note that for each step the linked manual section is provided as well as detailed i...

Страница 48: ...CR 1 Configure to bridge traffic from ETH1 and WiFi 3 8 5 Bridging Add ETH1 and WiFi to the bridge Orbit MCR 1 Set bridge IP address 3 8 5 Bridging Set to 192 168 1 21 prefix length 24 Orbit MCR 1 Ena...

Страница 49: ...myssid Orbit MCR 1 Configure to bridge traffic from ETH1 and WiFi 3 8 5 Bridging Add ETH1 and WiFi to the bridge Orbit MCR 1 Set bridge IP address 3 8 5 Bridging Set to 192 168 1 21 prefix length 24...

Страница 50: ...e incoming out of network address to drop all other traffic IN_UNTRUSTED 3 8 8 Access Control List Packet Filtering Firewall Set Rule 10 protocol all Action drop Configure the outgoing destination to...

Страница 51: ...unication Serial Interface 3 4 2 Follow these steps to configure the unit for its first use with serial console interface Connect a PC to the unit s COM port as shown in Figure 3 16 Maximum recommende...

Страница 52: ...3 Change the device name by typing in the following followed by enter set system name Device539 set system name Device539 Step 4 Verify the change looks correct by reading the data back using the foll...

Страница 53: ...e used as a quick reference before consulting the more detailed information which follows in this section Each CLI command is preceded by the symbol for operational command or for a configuration comm...

Страница 54: ...ice name set system name Mydevice Set the baud rate on COM1 set services serial ports COM1 baud rate b19200 Download a firmware package from TFTP server at 192 168 1 10 request system firmware reprogr...

Страница 55: ...mmands will configure the MCR for this scenario set interfaces interface Wi Fi type wifi set interfaces interface Wi Fi wifi config mode access point ap config ap myssid enabled true set interfaces in...

Страница 56: ...erface Bridge bridge settings members wifi ap myssid set interfaces interface Bridge ipv4 address 192 168 1 21 prefix length 24 set services dhcp enabled true v4subnet 192 168 1 0 24 domain name gemds...

Страница 57: ...ing Connectivity to Serial Based SCADA Device via UDP The following commands will configure the Orbit MCR 2 for this scenario set interfaces interface Wi Fi type wifi set interfaces interface Wi Fi wi...

Страница 58: ...ol icmp set services firewall filter IN_UNTRUSTED rule 1 actions action accept set services firewall filter IN_UNTRUSTED rule 10 match protocol all set services firewall filter IN_UNTRUSTED rule 10 ac...

Страница 59: ...vary depending on the Orbit MCR options ordered 3 5 Interface Configuration Serial Interface 3 5 1 A serial cable RJ45 cable with proper ETH to DB9 converter may be used to connect to a COM port on t...

Страница 60: ...rity 1 stop bit 8O1 8 char bits odd parity 1 stop bit 8N2 8 char bits no parity 2 stop bits 8E2 8 char bits even parity 2 stop bits 8O2 8 char bits odd parity 2 stop bits Hw Flow Control Hardware flow...

Страница 61: ...minal server 255 DEFAULT Vtime Receive Inter Byte Timeout The amount of time between bytes of data on the serial port in multiples of 1 millisecond that indicate the end of a serial message ready to b...

Страница 62: ...devices including TransNET the device will act similar to a DTE but will provide signaling on the CTS line instead of the RTS line When the first character of a transmission is ready to be sent to the...

Страница 63: ...ts Hold 2 This is also where VMIN and VTIME can be adjusted 3 Save the Configuration 4 CLI Configuration Commands Change ITALICS to fit the system Configure the following as an example set services se...

Страница 64: ...al details ports COM1 line mode rs232 baud rate b115200 byte format bf8n1 hw flow control false vmin 255 vtime 1 capability rs485 2 wire rs485 4 wire ports COM2 line mode rs232 baud rate b19200 byte f...

Страница 65: ...below table for approved Antenna Types Table 3 4 Approved Cell Antenna Types Application Location Frequency Range Gain Antenna Description GE MDS Part Number 3G 4G Cellular Indoor 698 2700MHz CELL BAN...

Страница 66: ...unit will use the first connection profile to establish connection with the cellular network If connection profile switching described later is enabled then the unit will switch to second profile in t...

Страница 67: ...ho messages to a remote host server periodically to keep the connection alive Service Recovery Service recovery configuration If multiple cellular providers are supported the Connection Profile Switch...

Страница 68: ...been set up with Verizon wireless a SIM card will be issued from that account When the modem is powered up with such a SIM the default APN on the modem is automatically updated to the one that identif...

Страница 69: ...eter specifies the number of keep alive messages that are sent before modem recovery is attempted DEFAULT 15 configurable only when recovery on timeout is enabled Service Recovery The service recovery...

Страница 70: ...ilure occurs when using the current profile DEFAULT FALSE disabled Switch to Next on Failure Timeout This parameter specifies the time interval for which data connection is attempted using the current...

Страница 71: ...E Dual SIM functionality is a selective order entry feature Default units are shipped with only SIM A enabled SIM B is not supported Monitoring From the Web UI status of the cell module can be reviewe...

Страница 72: ...be to free up buffer space In Errors For packet oriented interfaces the number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol In Unknown Pr...

Страница 73: ...rfaces Cell Status Cellular Figure 3 28 Cell Operational Status Screen Imsi International mobile subscriber identity Imei International mobile equipment identity Iccid Unique serial number of the SIM...

Страница 74: ...t with Verizon Wireless 4G LTE modem operating show interfaces state interface Cell cell status cell status imsi 311480023786469 cell status imei 990000947614196 cell status iccid 89148000000234127091...

Страница 75: ...a previous user When the previous command is entered a number of items are returned as shown in the example below The first two items highlighted blue show the IMSI and IMEI codes These are unique for...

Страница 76: ...em section The following example shows how to upload a cell modem firmware image file through the web browser and reprogram the cel modem with that image file Navigate to Interfaces Cell Actions Repro...

Страница 77: ...ing the cell modem firmware from the CLI enter the following command to download the firmware image from the TFTP server request interfaces interface Cell firmware reprogram filename cell 4g5 1 0 2 mp...

Страница 78: ...int or Station The specifications for the WiFi module are covered in LN400 101D LN400 LN900 101D LN900 2 4 GHz WiFi Specifications on Page 385 The table below contains the list of GE MDS approved ante...

Страница 79: ...eys via RADIUS The default SSID is based on the unit s serial number and takes the form of GEMDS_ SERNUM the serial number is printed on the chassis sticker The default password for WiFi operation is...

Страница 80: ...ULT 15 dBm 3 5 3 1 AP Mode Configuration To configure the parameters necessary for Access Point mode start by using the following section of the web UI Navigate to Interfaces Wi Fi Basic Config Wi Fi...

Страница 81: ...k on the ADD button or to delete an AP click on the SSID and then the Delete button By default an access point will be configured with the SSID GEMDS SERNUM and the WiFi password GEMDS ORBIT To edit a...

Страница 82: ...Access Only one VLAN can be configured on an access interface traffic carried for only one VLAN Trunk Two or more VLANs configured on a trunk port several VLANs can be carried simultaneously NOTE Reme...

Страница 83: ...d is created this will become the first SSID and the SSID ssidexample will become the second SSID Each SSID is independent of the other except for the parameters noted above Each SSID can be in or out...

Страница 84: ...ion mode to use Ccmp AES based encryption mechanism that is stronger than TKIP for WPA2 Tkip a stream cipher is used with a 128 bit per packet key meaning that it dynamically generates a new key for e...

Страница 85: ...ct normally contains a MAC address The interface s media specific modules must define the bit and byte ordering and the format of the value of this object For interfaces that do not have such an addre...

Страница 86: ...e transmitted and which were not addressed to a multicast or broadcast address at this sub layer including those that were discarded or not sent Out Broadcast Pkts The total number of packets that hig...

Страница 87: ...s since last packet Rxbytes received byte count Rxpackets received packet count 3 5 3 6 WiFi Status When Configured as a Station Figure 3 41 WiFi Station Statistics Information Ssid SSID of access poi...

Страница 88: ...ap somessid broadcast ssid true station max 7 station timeout 300 beacon interval 100 privacy mode none vlan mode none channel 6 operation mode 80211g dtim period 2 rts threshold 2347 fragm threshold...

Страница 89: ...i wifi config details mode access point tx power 15 ap config ap somessid broadcast ssid false station max 7 station timeout 300 beacon interval 100 privacy mode wpa2 personal psk config encryption cc...

Страница 90: ...nd SSID is intended to support auxiliary applications such as a dedicated management connection or guest LAN access The following example sets up a second Wi Fi AP with the SSID of somessid2 to the pr...

Страница 91: ...is created this will become the first SSID and the SSID somessid2 will become the second SSID Each SSID is independent of the other except for the parameters noted above Each SSID can be in or out of...

Страница 92: ...statistics statistics discontinuity time 2013 09 24T13 12 25 04 00 statistics in octets 3747 statistics in unicast pkts 26 statistics in multicast pkts 0 statistics in discards 0 statistics in errors...

Страница 93: ...of FHSS Frequency Hopping Spread Spectrum DTS Digital Transmission System and hybrid FHSS DTS technologies to provide dependable wireless communications The GE MDS NX915 NIC module is a point to mult...

Страница 94: ...ty when compared to 1000W kbps For clear spectrum use 1000W for unknown or busy spectrum it s safer to use the narrow 1000N modem Table 3 10 Approved NxRadio Antenna Types Application Location Frequen...

Страница 95: ...red to operate in the top half of the band while the Orbit can have its NX915 module configured for the lower half By default the radio ships from the factory with the 500kbps modem selected Dwell tim...

Страница 96: ...io Interface LED Descriptions LED NIC2 State Description NxRadio Interface Off Interface disabled Access Point Mode Blink Red Solid Red Solid Green NIC Initialization No Remotes connected Linked with...

Страница 97: ...not all the same and optimizing the system may take a little configuring based on Noise Floor Data Type Data Volume An LQI of 255 is reported on a given channel s during the setup sequence and might...

Страница 98: ...l authenticate with the AP PSK or a backend RADIUS server EAP before they are allowed to pass data on the network The authentication protocol is compliant with IEEE 802 1X If device authentication is...

Страница 99: ...FAULT Header Compression Disabled by DEFAULT Enable disable over the air robust header compression This feature compresses IP headers to improve system performance and is most useful in applications t...

Страница 100: ...DEFAULT aes128 ccm Protect data with 128 bit AES encryption using CCM mode aes256 ccm Protect data with 256 bit AES encryption using CCM mode Passphrase The passphrase used in PSK mode 8 to 64 letters...

Страница 101: ...icult to detect weak signals if at all but enhance the probability to detect the stronger ones High Sensitivity set when operating in a low noise environment with minimal radio interference DEFAULT Hi...

Страница 102: ...ARP to the intended device ADR Mode Adaptive data rate mode controls whether the NIC will attempt to use different modem speeds for different remotes All downstream traffic uses the lowest rate only...

Страница 103: ...with defaults The advanced configuration on an NX915 module operating as a Remote shares the same configuration for LNA state stale packets timeout and data retries as an Access Point Using the defaul...

Страница 104: ...k Name The name of the network Used to control what networks is connected to Valid values 1 to 31 letters DEFAULT mds nx The network name string is used to identify the logical network the device as a...

Страница 105: ...otocol Encryption The type of encryption to perform none No data privacy DEFAULT aes128 ccm Protect data with 128 bit AES encryption using CCM mode aes256 ccm Protect data with 256 bit AES encryption...

Страница 106: ...e lowest rate only upstream traffic can use the variable rate ADR setting is automatically learned by remotes but remotes modem must be set to Auto or 125 for 125 250kbps or 500 for 500 1250 kbps oper...

Страница 107: ...etwork Remote DEFAULT Access Point Store and Forward Network Name The name of the network Used to control what networks the radio connects to Valid values 1 to 31 letters DEFAULT is mds nx The network...

Страница 108: ...ty Mode The type of authentication to perform none Provide no device authentication or data privacy DEFAULT psk Use pre shared key authentication protocol eap Use Encapsulated Authentication Protocol...

Страница 109: ...ll not be trying extra to amplify the collocated RF noise It will be more difficult to detect weak signals if at all but enhance the probability to detect the stronger ones High Sensitivity set when o...

Страница 110: ...shold the NIC will attempt to use a faster modem ADR Threshold must be set for each radio Remotes and AP This is advantageous in that you can run the majority of the network in ADR mode but if a parti...

Страница 111: ...s sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer In Multicast Pkts The number of packets delivered by this sub layer to a higher sub layer which were add...

Страница 112: ...d packets that could not be transmitted because of errors NX Status Monitoring Interfaces NxRadio Status Nx Radio Figure 3 57 ISM 900 NX Status Init Status State of the NIC Initialization Off Not oper...

Страница 113: ...ratio of RF power out to power reflected is approaching a 4 1 ratio or higher ideally this should be 1 1 This should be corrected to achieve optimal radio performance It may be helpful to use an SWR t...

Страница 114: ...ation Regarding LQI MAC Statistics Figure 3 59 ISM 900 NX MAC Statistics Tx Success Successful transmissions Tx Fail Failed transmissions TTL expired or retry count exceeded Tx Queue Full Failed trans...

Страница 115: ...cess point with the network name of MyNetwork and default settings set interfaces interface NxRadio nx config device mode access point network name MyNetwork show interfaces interface NxRadio nx confi...

Страница 116: ...ase and aes128 ccm encryption set interfaces interface NxRadio nx config data compression lzo security encryption aes128 ccm security mode psk passphrase mypassphrase show interfaces interface NxRadio...

Страница 117: ...agment threshold 0 remote age time 600 endpoint age time 300 allow retransmit true arp cache false adr mode none adr threshold 70 encryption protocol 2 0 Other configuration The following will configu...

Страница 118: ...w retransmit true arp cache false adr mode none adr threshold 70 encryption protocol 2 0 Remote Mode The following will configure the NX915 module as a Remote with the network name of MyNetwork and de...

Страница 119: ...ed config lna state high sensitivity stale packet timeout 1500 data retries 3 nic id 0 gateway id 0 arp cache false adr mode none adr threshold 70 encryption protocol 2 0 The following configures the...

Страница 120: ...nfigured the module to automatically obtain a path in the network This is particularly useful in a network that contains Store and Forward devices Store and Forward Mode Basic configuration with defau...

Страница 121: ...k access Monitoring Ensure the CLI is in operational mode Access Point Mode The following shows status with two remotes connected show interfaces state interface NxRadio nx status tab nx status init s...

Страница 122: ...24 840000 72 8 75 925 762500 72 7 78 926 685000 73 7 Remote and Store and Forward Mode The following shows status when connected to a configured Access Point show interfaces state interface NxRadio nx...

Страница 123: ...G AVG CHANNEL FREQUENCY RSSI LQI 0 902 700000 68 7 3 903 622500 69 6 6 904 545000 69 6 9 905 467500 69 6 12 906 390000 70 6 15 907 312500 70 7 18 908 235000 71 5 21 909 157500 71 5 24 910 080000 72 6...

Страница 124: ...reater throughput then traditional FSK solutions The module utilizes QAM modulation a highly efficient PA and a direct conversion receiver to provide dependable wireless communications An advanced Med...

Страница 125: ...smit and Receive frequencies are unprogrammed and left to field installation personel to prevent inadvertant operation on the wrong channel For the advanced user the module supports configuring more i...

Страница 126: ...works in both upstream and downstream mode The mode selection varies between QPSK 16QAM and 64QAM A signal metric score is used to decide which modem selection to use The score is determined based on...

Страница 127: ...etwork that the device should join If the network name does not match the device will log an event to identify network name collisions Data Compression Over the air compression lzo Compresses the over...

Страница 128: ...seful in networks with some remotes close to the Access Point and others farther away or obstructed This mode allows the close remotes to take advantage of the higher data rate for the directed messag...

Страница 129: ...Narrowband LN EAP on an access point Security Settings Security Mode The type of over the air authentication to perform none Provide no device authentication or data privacy DEFAULT psk Use pre share...

Страница 130: ...cate Management side menu section 3 9 Radius Server AP EAP mode only A reference to the RADIUS server configuration configured through the System RADIUS side menu item section 3 7 4 Rekey Interval AP...

Страница 131: ...967295 seconds DEFAULT 300 5 minutes Allow Retransmit AP only All traffic from the remotes is sent to the AP When enabled the AP will retransmit traffic from one remote to another based on the MAC add...

Страница 132: ...he interface Licensed Narrowband radios appear as ln Admin Status The desired state of the interface Oper Status The current operational state of the interface If Index The index value for this interf...

Страница 133: ...aces the number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Out Octets The total number of octets transmitted out of the interface includ...

Страница 134: ...Firmware Revision NIC Firmware Revision Temperature The transceiver temperature in degrees C Modem Tx Success Number of packets successfully transmitted by the modem Modem Tx Error Number of transmit...

Страница 135: ...ut the Licensed Narrowband NIC s hardware is also displayed on the LN Radio s Statistics menu This information may be helpful when calling technical support Connections Status AP Only In AP mode the C...

Страница 136: ...ince link established After 4294967295 seconds the value displayed rolls over to 0 RSSI The RSSI measured at the time of the last received packet If using this reading to align an antenna or gather li...

Страница 137: ...re automatically resuming normal operation We recommend that you remain in test mode 10 minutes or less State Receive Enter Receive mode to check the RSSI of a received signal Keyed Key the transmitte...

Страница 138: ...ata retries 3 packet ttl 600 remote age time 600 endpoint age time 300 allow retransmit true arp cache false qam16 threshold 85 qam64 threshold 70 Security configuration The default security mode as s...

Страница 139: ...ication is selected from a list of configured Radius servers set interfaces interface LnRadio ln config security encryption aes256 ccm security mode eap radius server RADIUS_SERVER show interfaces int...

Страница 140: ...uency 451 4 channel 12 5KHz 9 6ksps modulation automatic fec false security security mode none encryption none advanced config data retries 3 nic id 0 inactivity timeout 600 remote age time 600 arp ca...

Страница 141: ...and Keys to use in the TLS authentication This information is selected from the PKI configuration set interfaces interface LnRadio ln config security encryption aes128 ccm security mode eap eap mode...

Страница 142: ...queue full 0 ln status mac stats mac tx error 0 ln status mac stats mac tx retry 132 ln status mac stats mac rx success 17952 ln status mac stats mac rx error 498 ln status last rx packet last rssi 1...

Страница 143: ...168 1 51 ln status ap info connected time 174 ln status ap info rssi 68 ln status ap info evm 0 ln status ap info rx modulation qpsk ln status last rx packet last rssi 68 ln status modem stats modem...

Страница 144: ...ces state interface LnRadio ln status test mode state keyed time 5 To enter Test Mode s receive state for 5 minutes request interfaces state interface LnRadio ln status test mode state receive time 5...

Страница 145: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 145...

Страница 146: ...interface status Event Logging 3 6 2 Understanding An event is a notification that something meaningful occurred on the unit Events contain information about the occurrence that may be useful for admi...

Страница 147: ...is stored in the local event log True False Priority If logging to Syslog alert action must be taken immediately crit critical condition debug debug level messages emerg system is unusable err error...

Страница 148: ...mple the follow shows the cell connect disconnect disabled for local logging this would be useful in an environment where the cell modem reconnects many times as part of normal operations Click on Add...

Страница 149: ...click on the Add button when finished Clicking on the add buton will display the Event Rule Details option Clicking the Finish button will add the event rule From the CLI this modification can be mad...

Страница 150: ...r Choices tcp udp tls tcp6 udp6 tls6 Message Format Choose either json_cee or text insert more info here If the TLS protocol is selected the following fields may be filled in TLS CA Certificate The na...

Страница 151: ...e event log navigate to Logging Actions Clear Event Log and click on the Perform Action button Figure 3 73 Clear Event Log The following example shows how to clear the event log from the CLI request l...

Страница 152: ...dvanced setting use default Block Size For TFTP the block size as defined in RFP 2348 advanced setting use default Timeout For FTP TFTP and SFTP the timeout in seconds advanced setting use default The...

Страница 153: ...he percentage complete for the operation To view the status of the process in the CLI ensure the CLI is in operational mode and then follow the example below show logging export event log status loggi...

Страница 154: ...incorporates a Iperf server that can be utilized by an external client Figure 3 76 Setup using iperf for throughput testing in a private network Iperf features TCP Measure bandwidth Report MSS MTU siz...

Страница 155: ...boot to once the snapshot is restored Take note that restoring the unit to a snapshot will overwrite the current configuration and that it cannot be undone Three types of snapshots exist on an Orbit M...

Страница 156: ...nit to the specified firmware image and restores the unit s configuration to the specified snapshot This operation cannot be undone Managing user snapshots The User Snapshots menu found under the Roll...

Страница 157: ...rs including letters numbers dashes underscores and spaces Description Description of this user snapshot Up to 127 characters including letters numbers dashes underscores and spaces Optional Default S...

Страница 158: ...s name Description The snapshot s description Date This is the date that the snapshot was created Version This is the firmware version that the unit was running at the time the snapshot was created U...

Страница 159: ...ommand deletes the specified user snapshot request system recovery user snapshots delete identifier Snapshot1 You can set an existing snapshot as the default user snapshot with the following command r...

Страница 160: ...le through the web UI and not through the CLI Server Address For FTP TFTP and SFTP the remote server s host name or IP address File Path For FTP TFTP and SFTP the path to the destination file on the r...

Страница 161: ...k inactive preparing transfering cancelling complete failure cancelled Detailed Message The details regarding the operation such as Generating support package Size The total number of bytes in the pac...

Страница 162: ...he ability to increase the complexity of the configured user login passwords User passwords can be configured to have a minimum length a minimum amount of lower case letters a minimum amount of capita...

Страница 163: ...et the date and time use the request set current datetime request system clock set current datetime current datetime 2013 10 01T8 33 45 Automatic set using NTP or SNTP Server To use an NTP server the...

Страница 164: ...g reliable NTP service such as pool ntp org Enabled Server enabled for use check True DEFAULT Iburst perform burst synchronization check True DEFAULT Prefer Use as preferred server check True DEFAULT...

Страница 165: ...1 00 00 Geographical location 3 7 2 The geographical location of the unit can be manually This information can be configured using the initial setup wizard Latitude in degrees Longitude in degrees Alt...

Страница 166: ...y to change the forgotten password See One Time Recovery Passwords on Page 39 Orbit user authentication provides the capability to manage the rules regarding logins and the setup rules regarding passw...

Страница 167: ...method succeeds the user is denied access DEFAULT Local Users only Radius Sys Local Users Disable Non Admin Users Indicates whether or not tech and oper accounts are disabled DEFAULT false Note these...

Страница 168: ...d to give preference to which method is used first when authenticating user access In the following example the list of RADIUS servers will be contacted first before the local authentication rules are...

Страница 169: ...l back to local authentication if the unit is configured to do so Many RADIUS servers do not respond to an invalid login attempt To the unit this appears the same as if the server is not there The con...

Страница 170: ...r 1 0 0 GEMDS value GEMDS UserAuth Group Administrator 2 GEMDS value GEMDS UserAuth Group Technician 1 GEMDS value GEMDS UserAuth Group Operator 0 The following line is required to be added to the ven...

Страница 171: ...uest This should be the address of the interface that is making the request If it is not provided the system will determine the address automatically Alternative entry is to use a Domain Name string F...

Страница 172: ...reprogram the firmware Users may add their own signatures to the firmware package using the GE MDS code signing tool NOTE Any additional signatures added to a firmware package will require the corresp...

Страница 173: ...n The following example shows how to upload a host firmware image file through the web browser and store the uploaded image file into the inactive region in memory Navigate to System Firmware Actions...

Страница 174: ...mcr bkrc 4_0_2 mpk from a TFTP server running on a host address 192 168 1 10 that is accessible from the MCR e g a locally connected host or remote host accessible via cellular interface To start rep...

Страница 175: ...rmware system firmware reprogram status size 38043384 system firmware reprogram status bytes transferred 38043384 system firmware reprogram status percent complete 100 Upon completion the unit can be...

Страница 176: ...ete The percentage complete for the operation To view the status of the verification process in the CLI ensure the CLI is in operational mode and then follow the example below show system firmware ver...

Страница 177: ...hat the web page does not display the current status if the device has not been instructed to copy the firmware image in other words if the state is inactive Figure 3 92 Copy Image Monitoring The copy...

Страница 178: ...llow approximately 2 minutes for the unit to complete the restarting process and refresh the screen Figure 3 93 Restart to Image To initiate a restart from the CLI ensure the CLI is in operational mod...

Страница 179: ...aseline When calibration is completed the device enters operational mode In operational mode the axis readings adjusted by the calibration results are used to determine current axis values Readings wh...

Страница 180: ...reshold for z axis Default 50 range 25 2000 NOTE None of these numbers for coordinates or thresholds has meaningful units They are just values that are all relative to each other A value of 50 cannot...

Страница 181: ...fter calibration From the CLI the Device status when operational after calibration could be show system tamper detection magnetometer system tamper detection magnetometer calibration offsets x axis 91...

Страница 182: ...ing from the configuration file on import will be assumed by the radio to be deleted Make certain that all necessary parameters are kept in the configuration file unless they are expected to be delete...

Страница 183: ...host address 192 168 1 10 that is accessible from the MCR e g a locally connected host or remote host accessible via cellular interface To start the configuration file export from the CLI enter the f...

Страница 184: ...how to have the device import a set of configuration parameters by uploading a local file through the web browser Navigate to System Config Files Actions Import Configuration Click on the Begin Import...

Страница 185: ...ommand to download the configuration from the TFTP server request system configuration files import filename config 2016 02 04 xml manual file server tftp address 192 168 1 10 Monitoring Import Once t...

Страница 186: ...acilitate the resolution of domain names to IP addresses NOTE Manual configuration of DNS overrides any DNS settings obtained via DHCP Configuring Using the Web UI The following example shows how to c...

Страница 187: ...working properly The example below shows the resolution of the name example com to the IP address 192 0 43 10 on a unit that is connected to the Internet Use the control sequence CTRL C to stop the p...

Страница 188: ...188 MDS Orbit MCR ECR Technical Manual MDS 05 6632A01 Rev F...

Страница 189: ...n NAT Destination NAT Port Forwarding Translating the destination address and or port of traffic ingressing the unit Destination NAT allows forwarding of traffic directed to a public external network...

Страница 190: ...network is not reachable through the higher preference route Link Layer 2 Failover The unit supports this feature by creation of a bond interface in an active backup mode that can aggregate a primary...

Страница 191: ...ot vary in bandwidth or for those where no accurate estimation can be made this info should contain the nominal bandwidth For interfaces that have no concept of bandwidth this info is not present Open...

Страница 192: ...dressed to a broadcast address at this sub layer including those that were discarded or not sent Out Multicast Pkts The total number of packets that higher level protocols requested be transmitted and...

Страница 193: ...0 10 10 141 23 static LINK LAYER IP ADDRESS ORIGIN STATE 10 10 10 109 00 11 11 e0 2e 70 dynamic stale 10 10 10 98 80 c1 6e f0 3b 7a dynamic reachable LAN 3 8 2 Understanding The unit has external Loca...

Страница 194: ...ed DEFAULT Disable will prevent usage Eth Phy Rate Choose the Ethernet speed support setting DEFAULT ALL Eth 10Mb Half Eth 10Mb Full Eth 100Mb Half Eth 100Mb Full Vlan Mode Virtual LAN Setting Etherne...

Страница 195: ...sername the MAC address without punctuation of the peer device connected to Ethernet port Example 00063d089883 Password an encrypted version of the Username Calling Station Id the same as the Username...

Страница 196: ...ngle VLAN Trunk Use this if this interface is intended to be a member of multiple VLANs Enabled Enable or disable the use of an IP address Forwarding Indicates if IPv4 packet forwarding is enabled or...

Страница 197: ...lation of source IP address of the traffic going out of the interface Source NAT Masquerading Use for selecting and applying a source NAT rule set from available source nat rule sets to outgoing traff...

Страница 198: ...nce shows how to configure the ETH1 port with a static IPv4 address configure Entering configuration mode private set interfaces interface ETH1 ipv4 address 192 168 1 11 prefix length 24 commit Monito...

Страница 199: ...fic on the Ethernet port In MAB security mode the Orbit will block all traffic on the Ethernet port but it still captures Ethernet frame headers so that it can read the source MAC address of ingress t...

Страница 200: ...traffic is not blocked security rejected The RADIUS server rejected the last authentication request security pending A RADIUS request was sent and the Orbit is waiting for a response VLAN Operation 3...

Страница 201: ...re the newly created VLAN After clicking the OK button on the pop up in Creation will automatically take the configuration screen for that interface or click on the new interface located in the Interf...

Страница 202: ...rfaces interface mgmt_vlan vlan config vlan id 99 set interfaces interface video_vlan type vlan set interfaces interface video_vlan vlan config vlan id 300 Operational Modes As previously shown in pre...

Страница 203: ...unk port is not a member of the native VLAN and an untagged packet arrives on that port the packet will be dropped As VLANs are implemented as bridges and it is not valid for a bridge to be a member o...

Страница 204: ...n the bridge are called routed interfaces Bridging is performed between bridged interfaces Routing is performed between routed interfaces The bridge interface itself is a routed interface NOTE The Cel...

Страница 205: ...ation mode to the bridge set interfaces interface Bridge bridge settings members wifi station interface Wi Fi Removing LAN ETH1 interface from the bridge delete interfaces interface Bridge bridge sett...

Страница 206: ...ed cost 100 designated bridge 8000 0002fd5dd280 designated port 32783 Routing 3 8 6 Understanding The Orbit MCR can forward IP packets between routed interfaces using a network path defined by the use...

Страница 207: ...Current routes may be viewed on the unit at any time by navigating to Routing on the left side of the screen The unit s current routes are displayed under the Status tab Figure 3 112 Routing status sc...

Страница 208: ...ected The example network path in Figure 3 1 requires an IPv4 address When previous routes have been configured the IPv4 Route table will display all user configured IPv4 static routes are listed as s...

Страница 209: ...is the destination in the example above so the server s address 216 171 112 36 is used with a prefix of 32 Next Hop As mentioned above this is the next routing device that occurs in the network path...

Страница 210: ...routes ipv4 route 1 description Default route outgoing interface Bridge dest prefix 0 0 0 0 0 next hop 192 168 1 1 commit Monitoring As mentioned in Configuring the unit s routes may be viewed on the...

Страница 211: ...s may occur if a neighbor does not respond to ARPs or neighbor solicitations or responds incorrectly Configuration To add a static IPv4 neighbor to the Wi Fi interface that maps the IP address 192 168...

Страница 212: ...r click the Add button The Configure New Neighbor menu appears Enter the neighbor s IP address and click Add Figure 3 118 Add New Neighbor Menu Following the IP address enter the neighbor s link layer...

Страница 213: ...perational mode show interfaces state interface ipv4 neighbor LINK LAYER NAME IP ADDRESS ORIGIN STATE Bridge 192 168 1 3 00 80 c8 3b 97 bb dynamic reachable 192 168 1 2 00 12 17 5c 4f 2d dynamic reach...

Страница 214: ...outgoing direction on an interface For example a filter applied to the cellular WAN interface of the MCR is typically very restrictive permitting only a small set of traffic to enter the unit whereas...

Страница 215: ...r The first rules are added to permit the desired types of traffic and a final rule or default policy is created that denies all other traffic The example filter rules below permit SSH traffic on TCP...

Страница 216: ...tricts incoming traffic Incoming IPsec tunnel traffic is allowed as are UDP services DNS NTP and IKE to allow IPsec connection setup Incoming TCP services SSH and NETCONF are also permitted to allow m...

Страница 217: ...ard displays the list of existing packet filtering rules on the device The MCR comes with four pre configured filters IN_TRUSTED IN_UNTRUSTED OUT_TRUSTED and OUT_UNTRUSTED Existing filters may be edit...

Страница 218: ...ules The following options are available Order Click the arrows to sort rules in order of priority Rules with higher priority are applied before rules with lower priority rule sets containing more tha...

Страница 219: ...rce Port Apply rule to traffic that originates at a specific source port This option is available only with protocols SCTP TCP and UDP Services Services Port Range Not Services Not Port Range Services...

Страница 220: ...Accept Allow packets to ingress or egress the unit Drop Block packets from ingress or egress Reject Block packets from ingress or egress and send an error message to the sender When ICMP protocol is...

Страница 221: ...ming traffic will have these well known service ports as its destination port Set Destination Port to Services and enter netconf Ssh in the textbox next to Services Again ensure that Actions is set to...

Страница 222: ...cipate that it will require outbound traffic restrictions in the future To allow interface specific customization we create a new packet filter To create a new filter click Add then Yes to verify the...

Страница 223: ...the Firewall service is running each network interface and IPsec connection on the device must be assigned an input and output packet filter Otherwise no traffic will flow By default each network devi...

Страница 224: ...apply the changes click Submit To view the list of packet filters that exist on the device at any time navigate to Firewall Basic Config and view the list of filters in the Filter tab Change the pack...

Страница 225: ...on accept NOTE The rule stated in step 5 permits SSH or NETCONF connection addressed to the cellular interface s IP address If it is desired that SSH or NETCONF connection only be allowed via the VPN...

Страница 226: ...ts in the private network will appear to have originated from a single IP address The IP address of the public interface of the MCR typically the cellular interface To allow return IP traffic for UDP...

Страница 227: ...ell interface The following example will illustrate the necessary steps in three ways Using the Source NAT wizard through the web UI and via the CLI Using the Source NAT Wizard The Source NAT Wizard a...

Страница 228: ...he checkbox next to an existing rule set and click Edit Selected or Delete Selected to modify existing rule sets To create a new rule set click the Add button Enter a name and click Ok to continue Fig...

Страница 229: ...does not originate from a specific source address range Not Address Set Apply rule to traffic that does not originate within a non contiguous set of source addresses Destination IP Apply rule to traf...

Страница 230: ...llular interface Click Next to continue Figure 3 142 Source NAT Wizard Summary Page A summary page appears that displays the changed items in the configuration s data model and the types of changes th...

Страница 231: ...all current source NAT rule sets on the device To edit an existing rule set simply click on the rule set s name To delete an existing rule set highlight it and click the Delete button To add a new ru...

Страница 232: ...be processed after a rule of ID 1 Therefore if the rules in a rule set should be applied in a particular order care must be taken to set the IDs accordingly In this example only one rule is required C...

Страница 233: ...urce address to the specified address For this example rule select Interface Figure 3 151 Source Creation Click the check box from the left of Interface to apply this specifier to the rule Once finish...

Страница 234: ...xample rule 1 source nat interface Apply this source NAT rule set to the cellular interface 4 set interfaces Cell nat source Example Commit configuration and exit configuration mode 5 commit Monitorin...

Страница 235: ...s Configuring Destination NAT configuration on MCR involves following high level steps Create a destination NAT rule set 1 Add one or more rules to perform destination NAT for specific incoming traffi...

Страница 236: ...on Wizards menu Figure 3 156 Port Forwarding Wizard Introductory Page The wizard s introduction page appears Click Next to continue Click Add to create a new rule set and enter name for the new rule s...

Страница 237: ...s Figure 3 159 Creating a new destination NAT rule The following options are available within the rule creation menu Order Click the arrows to sort rules in order of priority Rules with higher priorit...

Страница 238: ...sses Address Set Apply rule to a non contiguous set of destination addresses Not Address Apply rule to traffic that does not ingress at a specific address and prefix Not Address Range Apply rule to tr...

Страница 239: ...ays the items in the configuration s data model that were changed and type of changes that occurred To save and apply the changes click Submit Using the Web UI To view the list of destination NAT rule...

Страница 240: ...set services firewall nat destination rule set IO_SERVICES Create a rule to port forward Modbus TCP traffic that enters the cellular interface on port 5512 to 3 port 512 on the private HOST 1 set ser...

Страница 241: ...ve MCRs cellular network connection to a VPN gateway on a back office network 172 16 1 0 24 Both subnets which are located in separate sites have the same IP address schemes 192 168 1 0 24 Two network...

Страница 242: ...ng the Static NAT Wizard The following example demonstrates step by step static NAT configuration for Network A shown in Figure 3 164 During this example assume the following An IPsec connection named...

Страница 243: ...Static NAT Wizard The following options are available within the rule creation menu Order Click the arrows to sort rules in order of priority Rules with higher priority are applied before rules with l...

Страница 244: ...rule list from the dropdown box to the right of the interface or IPsec connection and click Next to continue A summary page appears that displays the items in the configuration s data model that were...

Страница 245: ...ation and exit configuration mode 5 commit VPN 3 8 12 Understanding Orbit supports following types of Virtual Private Network VPN setups 1 Site to Site Policy Based IPsec L3VPN This is enables routing...

Страница 246: ...remote LANs on the other side of the Remote IPsec router through a single GRE tunnel protected by transport mode IPsec connection Orbit also supports VLAN trunking over GRE tunnel for a case where th...

Страница 247: ...tandards it was created by Cisco and hence is primarily only supported by Cisco routers designed for use as IPsec hub routers Orbit Spoke HUB Router LAN 10 0 2 0 24 LAN 10 0 1 0 24 Customer Network In...

Страница 248: ...ation SAs during this phase setting up a secure channel for negotiating IPSec SAs in phase 2 IKE Phase 2 IPsec Security Association IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in...

Страница 249: ...n The role specifies whether Orbit initiates the connection initiator or it waits for the connection from the peer responder This should usually be set to initiator Configure an IPsec policy specifyin...

Страница 250: ...authentication will fail See section 3 7 1 Date Time and NTP on Page 162 In this example we assume that the pre shared key based authentication is used The VPN Setup Wizard is the simplest way to con...

Страница 251: ...up Selection Screen Click Next to continue The next screen shows an example network diagram for the selected setup Figure 3 169 VPN Setup Network Diagram Click Next to continue The next screen require...

Страница 252: ...N Force local address for this connection to an IP address resolved by the specified fully qualified domain name FQDN Local Identity Default address FQDN user FQDN DN Default Defaults to local IP addr...

Страница 253: ...he Orbit is the initiator it uses IKE v2 If the Orbit is the responder it accepts either IKE v1 or IKE v2 according to the policy proposed by the initiator IKE v1 As an initiator or responder the Orbi...

Страница 254: ...prior to running the VPN Setup Wizard The following options are available only when the authentication method chosen is Pre shared key Pre shared Key The pre shared key itself Click Next to continue...

Страница 255: ...f the key in the Diffie Hellman key exchange Higher groups include more bits and are thus more secure but require more time to complete the key exchange For phase 2 ciphersuite configuration DH group...

Страница 256: ...cases However in case one needs to configure some advanced setup or manipulate parameters that are not available for configuration in the wizard one can navigate to Services VPN to get full access to...

Страница 257: ...he IPsec connection is detected Life Time 15 1440 The time interval in minutes after which the IKE security association expires DPD Enabled Enable Disable Enabling dead peer detection DPD clears an es...

Страница 258: ...ction See section 3 8 8 Access Control List Packet Filtering Firewall for more information An inbound filter to the connection must be applied or no traffic will pass If a filter hasn t been created s...

Страница 259: ...to no less than 300 seconds 5 minutes to reduce the periodic traffic in the network set services vpn ike peer VPN GW ike policy IKE POLICY 1 set services vpn ike peer VPN GW local identity default se...

Страница 260: ...th method pub key Configure Public Key Infrastructure PKI security credentials 2 d Certificate type as rsa if RSA public key encryption based certificates are being used e Client certificate ID This i...

Страница 261: ...tocol all set services firewall filter IN_UNTRUSTED rule 12 actions action drop 2 Add following rules to OUT_UNTRUSTED filter that is applied to the Cell interface in the outgoing direction set servic...

Страница 262: ...Figure 3 174 VPN Status Under IKE panel click on the IKE security association row to view the detailed status Figure 3 175 VPN IKE Security Association Detailed Status Under IPsec panel click on the...

Страница 263: ...75 138 local id 172 18 175 138 remote host 172 18 175 40 remote id 172 18 175 40 initiator true initiator spi b19beb547030c7c3 responder spi 259b6cf8efb75dcc ciphersuite AES_CBC 128 HMAC_SHA2_256_128...

Страница 264: ...blished device can take 2 few minutes to sync time from NTP server VPN connection will not succeed until time is synchronized Mismatch in cipher suites configured for IKE policy on device and peer VPN...

Страница 265: ...his value is only used if the client doesn t include a lease time in its DHCP request In IPv6 addressing this is also known as valid lifetime Min Lease Time The minimum number of seconds that a client...

Страница 266: ...ation options are required Range Start The start of the range of IP addresses to be assigned Range End The last of the range of IP addresses to be assigned The following configuration options are opti...

Страница 267: ...sses to be assigned Range End The last of the range of IP addresses to be assigned Once all configuration is complete click Save Using the CLI The following shows an example of configuring DHCP servic...

Страница 268: ...CP connection is established then serial traffic from the COM port can pass to and from the TCP port as long as the TCP connection remains established When a terminal server on the unit is configured...

Страница 269: ...is detected the login prompt is presented as long as the port is enabled for console access Basic Setup of UDP Terminal Server Configuring The following shows how to enable a UDP terminal server on C...

Страница 270: ...Point to Multipoint Multipoint to Point Multipoint to Multipoint Local IPS Ipv4 IPS Configure to IPv4 address or leave blank for all Ipv6 IPS Configure to IPv6 address or leave blank for all Port The...

Страница 271: ...pass through routers to a specified number of hops Setting TTL to a value of 0 restricts the frame to the same host Setting TTL to a value of 1 restricts the frame to the same subnet Setting TTL to a...

Страница 272: ...0 sec DEFAULT If TCP Client Server is selected options for both TCP Client and TCP Server are available below displays the client side configuration Figure 3 188 TCP Terminal Client Settings Screen Re...

Страница 273: ...it handles the transmission of the multicast UDP packets This static route must define the Outgoing Interface for the Orbit to use to get to a Destination Prefix of the full multicast subnet of 224 0...

Страница 274: ...Pv4 2 Click on Add 3 Type a numeric ID 220 which will be used to identify this route and click Add 4 Enter the following 224 0 0 0 4 This destination prefix will cover the entire Multicast Subnet and...

Страница 275: ...ox Configure the UDP Mode that best fits the system configure any local ports remote ports IPs and 14 Multicast ports IPs Figure 3 192 Example UDP TS Configuration Save the configuration 15 Command Li...

Страница 276: ...x Packets The number of IP packets received IP Rx Bytes The number of IP bytes received Serial Tx Packets The number of serial packets transmitted Serial Tx Bytes The number of serial bytes transmitte...

Страница 277: ...uration Therefore device management is allowed solely on ETH1 s IP address Figure 3 194 Device Management Example Network A contractor s laptop should be able to access the corporate intranet through...

Страница 278: ...nt or empty the server will listen on all IPv6 addresses TLS Certificate The certificate to use for the HTTPS server If empty or not present a self signed certificate key pair will be used TLS Private...

Страница 279: ...figure To configure SSH to listen only to a specific address navigate to SSH Server Basic Config Figure 3 198 SSH Menu Enabled Whether or not to run the netconf server Default true Port The port to li...

Страница 280: ...erver to only listen for connections on the specified IPv6 addresses If not present or empty the server will listen on all IPv6 addresses Click Add an Entry next to IPv4 Bind IPs or IPv6 Bind IPs to a...

Страница 281: ...faces The Remote Management Service allows you to use the web UI of a radio to manage a second radio remotely You can also peform a broadcast firmware update from one radio typically the AP to other r...

Страница 282: ...ical Manual MDS 05 6632A01 Rev F Figure 3 200 Narrowband example network Configuration Using the WebUI Navigate to Services Remote Management and click the Basic Config tab Figure 3 201 Basic configur...

Страница 283: ...d secret used to allow remote connections to or from the device It must be the same on both sides of the connection For greater security we recommend that you change this password and do not use the d...

Страница 284: ...to reboot to the specified image version The Remote Management Service must be enabled on each remote radio in order for them to receive the request Interface The network interface on which to transm...

Страница 285: ...vice and TX Rate and Block Size parameters are set to their most conservative values Interface The network interface on which to transmit the reboot request If a desired network interface is present i...

Страница 286: ...al unit and port 8080 Only HTTP connections not HTTPS are possible at the present time Server IP Address Enter the IPv4 address of the remote unit that you wish to connect to When you click Perform Ac...

Страница 287: ...so open a remote web UI session on Orbit LnRadio and NxRadio interfaces status menus if the local radio is serving as an access point To do so navigate to Interfaces LnRadio Status or Interfaces NxRad...

Страница 288: ...eneral Status Displays whether the service is currently running Web Proxy Client Status The current state of the web proxy client Disabled The radio is currently not connected to a remote web UI Opera...

Страница 289: ...ation mode The following command requests remote units to reboot to image version 4 0 4 request services remote management reboot remote devices interface Bridge which image version 4 0 4 The followin...

Страница 290: ...For example with business critical traffic like SCADA traffic shaping can be setup to guarantee that this class of traffic will always have at least 100Kbyte s of an 800Kbyte s link regardless of the...

Страница 291: ...s Interface Bridge Ethernet Classifiers IPv4 Classifiers Packet Queue Egress Interface Figure 3 210 Packet classification of bridged traffic It is important to note that the Ethernet classifiers are o...

Страница 292: ...at QoS is Enabled Figure 3 211 Enabling QoS To create a classifier for GOOSE messages click Add in the Classifier submenu The Configure Classifier Details appears Figure 3 212 Naming a new classifier...

Страница 293: ...w match rule First give the new match rule a name and click the Add button Figure 3 215 Match Menu A match rule can be created to classify on either IPv4 or Ethernet In this example we use ether type...

Страница 294: ...er Higher priority packets will always be serviced first If there is excessive high priority traffic lower priority packets may be lost Fairness A fairness policy attempts to split up the traffic into...

Страница 295: ...pears Figure 3 221 Configuring a QoS priority class The following options are configurable Priority 1 16 This is the priority to be assigned to packets that match the classifier 1 is the highest prior...

Страница 296: ...n interface Using the CLI Example Prioritize traffic with a particular ether type above all other traffic This example will create a QoS policy that uses a classifier to prioritize GOOSE messages abov...

Страница 297: ...TP match M1 ipv4 dst port services ssh set services qos classifier FROM1234 match M1 ipv4 src address address 1 2 3 4 32 set services qos policy Policy1 prioritization class HIGH priority 1 classifier...

Страница 298: ...match M1 ipv4 protocol not assigned number tcp src address address 1 2 3 4 32 match M2 ipv4 protocol assigned number tcp src address address 1 2 3 4 32 dst port not services ssh This will make the cla...

Страница 299: ...ifier VIDEO match M1 ipv4 dst port port range 8080 set services qos policy HTB shaping htb class GOOSE priority 0 committed rate 100 max rate 800 classifier GOOSE set services qos policy HTB shaping h...

Страница 300: ...ps informs The agent supports v1 traps v2c v3 traps and informs Ability to configure a list of SNMP targets managers that shall receive traps and informs The unit sends SNMP traps informs to the confi...

Страница 301: ...agent Configuration of the SNMP agent community List of communities notify List of notify names and tags system System group configuration target List of targets for notifications traps informs usm C...

Страница 302: ...302 MDS Orbit MCR ECR Technical Manual MDS 05 6632A01 Rev F Figure 3 224 SNMP Main Page...

Страница 303: ...o r current folder For example for ORBIT MCR product the 1 MIB package is named mcr mib X_Y_Z zip where X Y Z is the corresponding firmware version Use snmpwalk tool to do SNMP walk on the unit only s...

Страница 304: ...s Port UDP protocol port to be used for communication Valid values 0 65535 Default 161 Max Message Size The privacy mode to use on this interface Debug Enabled The privacy mode to use on this interfac...

Страница 305: ...nt version v1 set services snmp agent version v2c set services snmp agent engine id from mac Create SNMP community named public with security name public 1 On the Web UI click on the community panel u...

Страница 306: ...commands set services snmp vacm view internet subtree 1 3 6 1 included VACM group A VACM group is used to organize a set of users in case of SNMP v3 or a set of community security names in case of SNM...

Страница 307: ...n be accomplished via the CLI using the following commands set services snmp vacm group all rights member public sec model v1 v2c set services snmp vacm group all rights access any no auth no priv rea...

Страница 308: ...gent version v1 delete services snmp agent version v2c set services snmp agent version v3 Create a local user named User1 with SHA1 authentication with password sha1Password and 2 AES encryption with...

Страница 309: ...nfiguration Choices select from the pulldown Sha DEFAULT secure hash algorithm SHA 1 a cryptographic hash function producing a 160 bit 20 byte hash value Md5 message digest 5 cryptographic hash functi...

Страница 310: ...ULT Used to create a localized key Key 20 byte Authentication key Filling in the User1 information values can be accomplished via the CLI using the following commands set services snmp usm local user...

Страница 311: ...MDS Orbit MCR ECR Technical Manual 311 Click on Add and configure a name for the group In this example the group name will be 4 secure Once finished click the Add button which will present additional...

Страница 312: ...l 7 Read View The name of the MIB view of the SNMP context authorizing read access Write View The name of the MIB view of the SNMP context authorizing write access Notify View The name of the MIB view...

Страница 313: ...above specifies a SNMP notify name e g std_v1_trap the tag e g std_v1_trap and the type of notification trap or inform The notify and tag names are kept the same for ease of configuration of SNMP tar...

Страница 314: ...alues can be accomplished via the CLI using the following commands set services snmp agent version v1 Configure SNMP manager as a target TARGET 1 v1 that listens on port 5000 has IP address 2 of 192 1...

Страница 315: ...s set services snmp vacm group all rights access any no auth no priv notify view internet Click Save on the Web UI 4 Via the CLI using the following commands commit To test above configuration start a...

Страница 316: ...GET 1 v2c port 5000 set services snmp target TARGET 1 v2c tag std_v2_trap set services snmp target TARGET 1 v2c v2c sec name public Give the VACM group named all rights as configured in previous examp...

Страница 317: ...nd generate ssh_login event by logging into the Orbit via SSH NOTE When using SNMPv3 traps the Orbit is the authoritative engine since it is the one sending the trap Therefore the user created in snmp...

Страница 318: ...on 4 commit To test above configuration start an SNMP trap receiver like snmptrapd with configuration file as shown below and generate ssh_login event by logging into the Orbit via SSH snmptrapd conf...

Страница 319: ...roup secure as configured in example on SNMP v3 only 4 configuration with security model usm Also ensure VACM group secure has notify access to internet view under usm security model and auth priv sec...

Страница 320: ...SM MIB usmStats usmStatsWrongDigests 0 SNMP USER BASED SM MIB usmStats usmStatsDecryptionErrors 0 show SNMP MPD MIB SNMP MPD MIB snmpMPDStats snmpUnknownSecurityModels 0 SNMP MPD MIB snmpMPDStats snmp...

Страница 321: ...f 6 successive pings fail or succeed Enabled Whether or not to run this operation Type Type of monitor operation Icmp Echo Monitor Dst Host Destination IP address or DNS name to send icmp echo to Src...

Страница 322: ...Failback 3 8 20 Understanding The unit incorporates integrated bridging and routing functionality with multiple wired and wireless interfaces The reliability of network links can be enhanced using ne...

Страница 323: ...ected to remote MCR called REMOTE hereafter that has both 900 MHz radio NX and Cellular radio options The IP packets sent by back office application to the remote asset are normally routed by the back...

Страница 324: ...ork 2 A network link monitoring operation that checks connectivity to each remote over the primary 3 interface and that enables primary route to be used when connectivity is up and secondary route to...

Страница 325: ...325 Configure Network Monitor Operation Configure a NETMON service icmp echo monitor operation named NX LINK CHECK that does a 3 periodic link check by pinging R1 over NX interface Please refer to NET...

Страница 326: ...ck office network 10 10 1 0 24 with NX as the outgoing interface and with address of R1 s interface on NX backhaul as the next hop Also configure this route with verify reachability using NX LINK CHEC...

Страница 327: ...echnical Manual 327 6 Configure secondary route towards SCADA back office network 10 10 1 0 24 with GRE1 as the outgoing interface and preference value of 20 From the same page click Add to add the se...

Страница 328: ...ec connection R1 filter input IN_TRUSTED set services vpn ipsec connection R1 filter output OUT_TRUSTED Configure GRE tunnel interface with mode ip over gre src address Local cell address and dst addr...

Страница 329: ...configured for REMOTE 2 10 10 7 0 24 NX primary 10 10 7 0 24 GRE TUN backup Failover to Cell enabled by checking primary route s reachability by pinging remote s NX interface CELL NX ETH GRE TUN ROUT...

Страница 330: ...ed on Bridge Optional IPsec configured over Cell to provide security The failover happens at the remote CELL NX ETH GRE TUN BRIDGING FUNCTION RTU AP 192 168 1 0 24 MCR to MCR NX CELL redundant network...

Страница 331: ...r time for traffic from AP towards the failed over REMOTE Using the Web UI AP Configuration Following features need to be configured on the AP IPsec transport mode connection To secure GRE traffic to...

Страница 332: ...AN address as configured in IPsec VPN towards REMOTE 2 Add GRE tunnels to the Bridge interface Add the GRE REMOTE 1 tunnel interface to the bridge that has NX interface and disable STP on 1 the bridge...

Страница 333: ...nt and AP s LAN segments Network Monitor Operation To send a periodic traffic to enable failover at the AP as described in 5 the NOTE earlier in this section Configure IPsec Transport Mode Connection...

Страница 334: ...2A01 Rev F Configure BOND interface Configure BOND interface in active backup mode with NxRadio and GRE AP as members and 1 NxRadio as the primary member Navigate to Interfaces Add Delete Interfaces a...

Страница 335: ...figure NETMON operation Configure a NETMON service icmp echo monitor operation named NX LINK CHECK that does 1 a periodic link check by pinging AP This is needed to generate a periodic traffic towards...

Страница 336: ...t and AP s LAN segments Network Monitor Operation To send a periodic traffic to enable failover at the AP as described in 5 the NOTE earlier in this section Configure IPsec transport mode connection C...

Страница 337: ...Manual 337 Configure BOND interface Configure BOND interface in active backup mode with NxRadio and GRE AP as members and 1 NxRadio as the primary member Navigate to Interfaces Add Delete Interfaces a...

Страница 338: ...figure NETMON operation Configure a NETMON service icmp echo monitor operation named NX LINK CHECK that does 1 a periodic link check by pinging AP This is needed to generate a periodic traffic towards...

Страница 339: ...al identity default set services vpn ike peer REMOTE 1_ike_peer peer endpoint address 10 150 1 10 set services vpn ike peer REMOTE 1_ike_peer peer identity default set services vpn ike peer REMOTE 2_i...

Страница 340: ...gs members port GRE REMOTE 1 set interfaces interface Bridge bridge settings members port GRE REMOTE 2 set interfaces interface Bridge bridge settings stp mode disabled REMOTE 1 Configuration Configur...

Страница 341: ...NxRadio Add BOND1 interface to Bridge disable STP on the bridge set interfaces interface Bridge bridge settings members port Bond1 set interfaces interface Bridge bridge settings stp mode disabled Con...

Страница 342: ...onfigured default action is ACCEPT The export route filter controls the routes that are exported into the routing protocol from the routing table By default the routing protocol prevents export of any...

Страница 343: ...llular Network RTU R1 Backoffice Router 10 10 40 1 0 24 10 10 6 0 24 REMOTE 1 GRE configured as routed interface over Cell Optional IPsec transport mode configured over Cell to secure GRE traffic RIP...

Страница 344: ...05 6632A01 Rev F Select the newly created LOCAL_LAN route filter and click Add to add a rule with ID 1 to this filter Select outgoing interface Bridge and Action accept Click Finish on the panels to c...

Страница 345: ...specific routing protocols RIP The basic RIP configuration consists of enabling the protocol and adding interfaces on which it should operate and configuring an export filter In addition MD5 authentic...

Страница 346: ...The user can check the routing table in the General panel to ensure a dynamic route for the back office has been received from the back office router The RIP panel displays the state of RIP routing p...

Страница 347: ...state rip statistics import withdraws rejected 0 routing state rip statistics import withdraws ignored 0 routing state rip statistics import withdraws accepted 0 routing state rip statistics export up...

Страница 348: ...Manual MDS 05 6632A01 Rev F Under Area click Add to add area 0 0 0 0 backbone Under Interface click Add to add GRE interface to area 0 0 0 0 To apply configuration click Save Using CLI In configuratio...

Страница 349: ...ea 0 0 0 0 interface GRE commit Monitoring Navigate to Routing Status The user can check the routing table in the General panel to ensure a dynamic route for the back office has been received from the...

Страница 350: ...able displays all link state advertisements LSAs received by this router Using CLI In operational mode enter following commands show routing state routes OUTGOING DEST PREFIX NEXT HOP INTERFACE SOURCE...

Страница 351: ...bors 1 num adjacent neighbors 1 area networks routing state ospf interface GRE routing state ospf routing instance MAIN_OSPF routing state ospf state up routing state ospf preference 150 routing state...

Страница 352: ...966 80000002 049b Area 0 0 0 0 0001 2 2 2 2 2 2 2 2 966 80000004 8785 Area 0 0 0 0 0001 10 10 6 1 10 10 6 1 967 80000002 d25b BGP The basic BGP configuration consists of adding a neighbor entry for ea...

Страница 353: ...n click Save NOTE Please see section 12 2 2 1 for an example on use of BGP to exchange routes over DMVPN network Using CLI In configuration mode enter following commands set routing bgp neighbor PRIMA...

Страница 354: ...PRIMARY HUB peer as 65500 set routing bgp neighbor PRIMARY HUB hold time 30 set routing bgp neighbor PRIMARY HUB keepalive time 10 Monitoring Navigate to Routing Status The user can check the routing...

Страница 355: ...port updates filtered 6 statistics export updates accepted 1 statistics export withdraws received 0 statistics export withdraws accepted 0 local state established peer address 172 16 0 1 peer as 65500...

Страница 356: ...antennas Configuring Navigate to Services GPS Service Basic Config The GPS service has very minimal configuration The user simply has to enable the GPS service for it to start collecting data from the...

Страница 357: ...es gps status speed 0 000000000000000e 0 services gps status heading 0 000000000000000e 0 NAME DEVICE SLOT1 CELL GPS dev ttyUSB1 Dynamic DNS 3 8 23 Understanding The unit supports Dynamic DNS DDNS ser...

Страница 358: ...service provider Update Interval The interval in minutes at which periodic update interval will occur Failure Retry Interval The interval in seconds at which retries will occur if connection cannot b...

Страница 359: ...m update hostname pump1 xyz com myip 1 1 1 1 Then user should enter following in the URL field http USERNAME PASSWORD xyz com update hostname HOSTNAME myip IP The username password hostname fields wil...

Страница 360: ...efined in the IETF RFC5798 In VRRP a group of physical routers are configured similarly with VRRP settings and together they act as one virtual router on the network Only one physical router is negoti...

Страница 361: ...cal router in a group gets its own priority The higher the number the higher the priority that the physical router will be become the Master during negotiation advertisement interval The Master router...

Страница 362: ...is typically used for Orbit devices with cellular interfaces where the Orbit is connected to the end device via LAN and the IP address received from the cellular network needs to be passed to the end...

Страница 363: ...lowing commands set services ip passthrough enabled true set services ip passthrough local service SSH protocol tcp port 22 set services ip passthrough local service HTTP protocol tcp port 80 set serv...

Страница 364: ...can only be imported using the manual method The device can import certificates that are in DER PEM or encrypted PEM format The device can import private keys that are in DER PEM or encrypted PEM Priv...

Страница 365: ...Size The number of bits in the key Allowed sizes include 1024 1536 2048 3072 and 4096 The following example shows how to have the device generate a private key of length 2048 bits with the identity ge...

Страница 366: ...cess in the CLI ensure the CLI is in operational mode and then follow the example below show pki private keys generate status pki private keys generate status state complete pki private keys generate...

Страница 367: ...FTP and SFTP the password on the remote server Control Port For FTP the TCP control port advanced setting use default Data Port For FTP the TCP data port advanced setting use default Block Size For T...

Страница 368: ...the CLI ensure the CLI is in operational mode and then follow the example below show pki private keys import status pki private keys import status state complete pki private keys import status detail...

Страница 369: ...st pki ca certs delete cert identity imported_ca_cert_2048 Configuring The following example shows how to have the device import a CA certificate by uploading a local file through the web browser Navi...

Страница 370: ...e file named ca_cert_2048 pem from a TFTP server running on a host address 192 168 1 10 that is accessible from the MCR e g a locally connected host or remote host accessible via cellular interface To...

Страница 371: ...follow the example below show pki ca certs import status pki ca certs import status state complete pki ca certs import status detailed message Successfully imported CA certificate pki ca certs import...

Страница 372: ...button once the certificate identity and the file source are configured Figure 3 238 Import Client Certificate The MCR supports file uploads through a web browser from a local file on the user s PC Th...

Страница 373: ...cessible via cellular interface To start the client certificate import from the CLI enter the following command to download the client certificate from the TFTP server request pki client certs import...

Страница 374: ...al number of bytes in the file not displayed on the web UI Bytes Transferred The number of bytes already transferred or processed not displayed on the web UI Percent Complete The percentage complete f...

Страница 375: ...t certs import scep status pki client certs import scep status last status 0 pki client certs import scep status poll count 2 pki client certs import scep status state Success pki client certs import...

Страница 376: ...e device may delete a firmware certificate by clicking the Delete button on the web user interface or using the CLI in operational mode See the following example for deleting CA certificates via the C...

Страница 377: ...se default Data Port For FTP the TCP data port advanced setting use default Block Size For TFTP the block size as defined in RFP 2348 advanced setting use default Timeout For FTP TFTP and SFTP the tim...

Страница 378: ...identified and the certificate information must be defined Configuring The certificate server is defined under certificate server In the operation shown below we define the SCEP server set pki certifi...

Страница 379: ..._ca_cert scep ca issuer identity predefined_ca_server cert server identity predefined_cert_server The next step is to request the new client certificate from the SCEP server request pki client certs i...

Страница 380: ...380 MDS Orbit MCR ECR Technical Manual MDS 05 6632A01 Rev F...

Страница 381: ...ubleshooting Refer toTable 4 3 Table 4 4 Table 4 5 and Table 4 6 Depending on the interfaces ordered the NIC1 and NIC2 slot can be populated with a Cellular modem a WiFi interface an LnRadio interface...

Страница 382: ...n No cellular connection Cell connection Table 4 4 WiFi Interface LED Descriptions LED NIC1 LED State Description WiFi Interface Off Interface disabled Access Point Mode Solid Green Solid Red Operatin...

Страница 383: ...llow indicates a link at 100 Mbps operation A flashing green indicates Ethernet data traffic 4 2 Technical Specifications GENERAL Input Power 11 to 55 VDC NOMINAL 10 to 60 VDC 15 Watts maximum dependi...

Страница 384: ...Remote Associated Idle 4 8W 350mA Remote Associated 50 Duty 10 8W 780mA Ethernet Port s RJ 45 10 100 Mbps Auto MDIX Serial Port s RJ 45 supporting RS 232 RS 485 LAN Protocols 802 3 Ethernet 802 1D Spa...

Страница 385: ...4G cell 4G1 4G5 N7NMC7355 4G cell 4GP N7NMC7354B NX915 E5MDS NX915 LN400 E5MDS LN400 LN900 E5MDS LN900 IC Industry WiFi 3195A ZCN722MV1 4G cell E4V 3229B E362 3G Cell 5131A HE910 NX915 101D NX915 LN4...

Страница 386: ...ge 902 to 928 MHz Power Output 20 dBm to 30 dBm in 1 0 dBm steps DEFAULT 30 dBm Output Impedance 50 Ohms Permissible Antennas GE MDS 93 97 3194A14 10dBd 12 15dBi YAGI Antenna GE MDS 93 97 3194A23 7dBd...

Страница 387: ...Jumper N F Conn Mnt GE MDS 93 97 3194A19 430 450MHz 7dBi OMNI w 16 Jumper N F Conn Mnt GE MDS 93 97 3194A26 450 470MHz 11 dBi OMNI w N F Conn Mnt GE MDS 93 97 3194A02 406 430MHz 12 dBi YAGI w N F Conn...

Страница 388: ...se including GE MDS 93 97 3194A17 902 928MHz 9dBi OMNI w 16 Jumper N F Conn GE MDS 93 97 3194A14 902 960MHz 12 dBi YAGI 6 Elementw N F Conn GE MDS 93 97 3194A13 902 960MHz 8 5 dBi YAGI 3 Elementw N F...

Страница 389: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 389...

Страница 390: ...s CTS Clear to Send Decibel dB A measure computed from the ratio between two signal levels Frequently used to express the gain or loss of a system Data Circuit terminating Equipment See DCE Data Commu...

Страница 391: ...MHz Poll A request for data issued from the host computer or master PLC to a Remote unit PLC Programmable Logic Controller A dedicated microprocessor configured for a specific application with discre...

Страница 392: ...ies a particular 802 11wireless LAN Supervisory Control And Data Acquisition See SCADA Telnet A terminal emulation protocol that enables an Internet user to communicate with a Remote device for manage...

Страница 393: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 393...

Страница 394: ...e CLI will provide feedback regarding the error The changes that were pending will still be pending at that point This gives the user the opportunity to discard the changes or to modify them and then...

Страница 395: ...tate Add a comment to a statement commit Commit current set of changes compare Show configuration differences copy Copy a dynamic element delete Delete a data element edit Edit a sub element exit Exit...

Страница 396: ...letions IP address string min 1 chars max 253 chars set system dns search mds 6 7 CLI Environment There are a number of session variables in the CLI They are only used during the session and are not p...

Страница 397: ...enabled It is enabled by default screen width integer Current width of terminal This is used when paginating output to get proper line count screen length integer Current length of terminal This is us...

Страница 398: ...include lines matching a regular expression For example show configuration logging match date event rules date_time_from_ntp event rules date_time_from_user event rules date_time_not_set In the examp...

Страница 399: ...a string Matches the end of a string abc Character class which matches any of the characters abc Character ranges are specified by a pair of characters separated by a abc negated character class whic...

Страница 400: ...ete the word before the cursor Ctrl w Esc Backspace or Alt Backspace Delete the word after the cursor Esc d or Alt d Insert the most recently deleted text at the cursor Ctrl y Scroll backward through...

Страница 401: ...if the CLI session is terminated without doing commit confirm default is confirm If the confirming commit was initiated with a persist argument then the same token needs to be supplied using the persi...

Страница 402: ...n the CLI is in operational mode Note that the following are examples and will vary from one system to the next show configuration system contact Mark name Orbit1 location Tank1 clock timezone locatio...

Страница 403: ...configuration interfaces interface ETH1 details type ethernetCsmacd enabled true ipv4 enabled true ip forwarding false address 192 168 1 10 prefix length 24 ipv6 enabled true ip forwarding false dup a...

Страница 404: ...ession will be terminated after this command since no further editing is possible Only available in configure exclusive and configure shared mode The confirming commit will be rolled back if the CLI s...

Страница 405: ...e insert path first last beforekey afterkey Insert a new element into an ordered list The element can be added first last default before or after another element move path first last beforekey afterke...

Страница 406: ...rational mode command set Set a parameter show Show a parameter status Display users currently editing the configuration tag add clear del tag add statement tag Add a tag to a configuration statement...

Страница 407: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 407...

Страница 408: ...ithin it as instructed by the VPN gateway However MCR also supports an out of band IMA connection where the unit connects to a separate IMA server not to pass data but just to perform integrity measur...

Страница 409: ...so on Obtaining Configuration File Hash 7 2 1 The following example shows the use of a request to get the system configuration hash admin none 22 09 59 request services vpn ipsec get config hash hash...

Страница 410: ...tus can then be checked again periodically for new attestation result show services vpn services vpn ipsec ipsec status connections connection IMA state disconnected failure reason none last timestamp...

Страница 411: ...EE Core Profile is that it can be extended by an organization so that they can add additional taxonomy categories and fields that describe vendor specific events 8 1 Event Taxonomy The CEE Core Profil...

Страница 412: ...e beginning of the encoded CEE Event MUST be identified by the CEE Event Flag Within Syslog the CEE Event Flag is cee Character Encoding If the syslog implementation is only 7 bit all characters not i...

Страница 413: ...riginated the event to the application who should receive the event syslog MSG 8 3 4 For events of type audit the msg is vendor specific whereas events of type alert must be in a specified format whic...

Страница 414: ...Ensure the CLI is in operational mode Follow the example below to view the state and statistics show logging event rules cell_connected description cell connection established local true priority noti...

Страница 415: ...the certificate information to aide lookup of the appropriate public key during signature verification infile The filepath for package file input outfile The filepath for signed package file output T...

Страница 416: ...ites ge_pubcert pem is the public certificate provided by GE MDS that is used to verify that the signed packaged is authentic The GE MDS public certificate will typically be downloaded by users from t...

Страница 417: ...ent Identity of the equipment in which the SIM card will be used The IMEI can be found by logging into the device and entering the following command show interfaces state interface Cell cell status im...

Страница 418: ...t can be user configured that defines a specific collection of radio operation The following table show the number of discrete frequencies or channels available for each modem type based on the select...

Страница 419: ...000 A A A C C A 43 915 922500 A A B D D B 44 916 230000 A A C A E C 45 916 537500 A A A B A D 46 916 845000 A A B C B E 47 917 152500 A A C D C F 48 917 460000 A A A A D A 49 917 767500 A A B B E B 50...

Страница 420: ...B F 72 924 840000 A A A A C A 73 925 147500 A A B B D B 74 925 455000 A A C C E C 75 925 762500 A A A D A D 76 926 070000 A A B A B E 77 926 377500 A A C B C F 78 926 685000 A A A C D A 79 926 992500...

Страница 421: ...SRX Local LAN 192 168 1 0 24 Remote LAN 192 168 2 0 24 Customer Network Internet Cellular network IPsec Tunnel carrying traffic between local and remote LANs The WAN IP address of SRX240 is 172 18 175...

Страница 422: ...ha256 hmac set services vpn ipsec policy SRX240 IPSEC POLICY ciphersuite CS1 dh group dh14 set services vpn ipsec connection SRX240 ike peer SRX240 IKE PEER set services vpn ipsec connection SRX240 ip...

Страница 423: ...ddress set services firewall filter OUT_UNTRUSTED rule 1 match src address address set CELL IP set services firewall filter OUT_UNTRUSTED rule 1 match src address add interface address true set servic...

Страница 424: ...rity ike proposal IKE PROP PSK encryption algorithm aes 128 cbc set security ike policy IKE POLICY PSK proposals IKE PROP PSK set security ike policy IKE POLICY PSK pre shared key ascii text test123 s...

Страница 425: ...plication any set security policies from zone TRUST to zone UNTRUST policy ORBIT138 NET 1 SA then permit tunnel ipsec vpn ORBIT138 set security policies from zone UNTRUST to zone TRUST policy ORBIT138...

Страница 426: ...ow we disable default route over Cell and instead setup BGP dynamic routing that advertises the local LAN network to the IOS router and received default route over the GRE tunnel form IOS router Orbit...

Страница 427: ...erated as ID1 set services vpn ike policy DMVPN CERT pki key id ID1 Root CA certificayte is installed as CA1 set services vpn ike policy DMVPN CERT pki ca cert id CA1 Sub CA certificates are installed...

Страница 428: ...terface GRE1 map HUB nbma address 172 18 175 45 set services nhrp interface GRE1 map HUB register true set services nhrp interface GRE1 map HUB cisco true set services nhrp interface GRE1 authenticati...

Страница 429: ...ion accept set services firewall filter IN_UNTRUSTED rule 11 match protocol esp set services firewall filter IN_UNTRUSTED rule 11 actions set services firewall filter IN_UNTRUSTED rule 11 actions acti...

Страница 430: ..._HMAC_SHA1 MODP_1536 established time 574 rekey time 9200 reauth time 2075232 services vpn ipsec security associations security association 4 name DMVPN state INSTALLED mode TRANSPORT udp encap false...

Страница 431: ...PRIMARY HUB routing instance inet main state up preference 100 import filter ACCEPT export filter LOCAL LAN statistics import updates received 1 statistics import updates rejected 0 statistics import...

Страница 432: ...thernet0 0 Ensure that the MTU configured matches the cell interface MTU default 1428 mtu 1428 ip address 172 18 175 45 255 255 255 0 duplex auto speed auto Certificate configuration crypto pki trustp...

Страница 433: ...rypto ikev2 policy DMVPN_IKEV2_POLICY match fvrf any proposal DMVPN_IKEV2_PROPOSAL crypto ikev2 profile DMVPN_IKEV2_PROFILE match certificate ORBIT_CERT_MAP identity local dn authentication remote rsa...

Страница 434: ...iguration router bgp 65500 bgp router id 172 16 0 1 bgp log neighbor changes bgp listen range 172 16 0 0 24 peer group DMVPN SPOKE neighbor DMVPN SPOKE peer group neighbor DMVPN SPOKE remote as 65550...

Страница 435: ...sed 0 pkts decompress failed 0 send errors 0 recv errors 0 local crypto endpt 172 18 175 45 remote crypto endpt 172 18 175 138 path mtu 1500 ip mtu 1500 ip mtu idb none current outbound spi 0xCF3F2463...

Страница 436: ...d State UpDn Tm Attrb 1 172 18 175 138 172 16 0 3 UP 16 55 28 D Routing status The highlighted route is the LAN network route received from Orbit via BGP DMVPN HUB show ip route Codes L local C connec...

Страница 437: ...he Juniper JUNOS based devices do not support IPsec transport mode for data traffic Therefore to protect GRE traffic one needs to setup IPsec tunnel instead of IPsec transport mode connection This lea...

Страница 438: ...s vpn ike policy SRX240 IKE POLICY auth method pre shared key set services vpn ike policy SRX240 IKE POLICY pre shared key test123 set services vpn ike policy SRX240 IKE POLICY ciphersuite CS1 encrypt...

Страница 439: ...irewall filter IN_TRUSTED rule 10 match protocol all set services firewall filter IN_TRUSTED rule 10 actions set services firewall filter IN_TRUSTED rule 10 actions action accept set services firewall...

Страница 440: ...set services firewall filter OUT_UNTRUSTED rule 2 match protocol all set services firewall filter OUT_UNTRUSTED rule 2 actions set services firewall filter OUT_UNTRUSTED rule 2 actions action drop 12...

Страница 441: ...hat configured on Cell interface on Orbit default 1428 set interfaces ge 0 0 0 unit 0 family inet mtu 1428 set interfaces ge 0 0 0 unit 0 family inet address 172 18 175 40 26 Local LAN 1 interface set...

Страница 442: ...set security ipsec policy IPSEC POLICY perfect forward secrecy keys group14 set security ipsec policy IPSEC POLICY proposals IPSEC PROP Common Policies set security policies from zone TRUST to zone T...

Страница 443: ...ecurity ipsec vpn ORBIT135 ike gateway ORBIT135 set security ipsec vpn ORBIT135 ike ipsec policy IPSEC POLICY IPsec policies set security policies from zone TRUST to zone VPN ORBIT135 policy ORBIT135...

Страница 444: ...curity associations Total active tunnels 1 ID Algorithm SPI Life sec kb Mon vsys Port Gateway 131073 ESP aes 128 sha256 5e4fca36 3403 unlim root 500 172 18 175 135 131073 ESP aes 128 sha256 cb6ed905 3...

Страница 445: ...n 0 192 168 3 1 32 Local 0 1w5d 20 14 32 Local via vlan 0 192 168 4 0 24 Direct 0 1w5d 18 34 56 via vlan 1 192 168 4 1 32 Local 0 1w5d 20 14 32 Local via vlan 1 192 168 1 0 24 Static 5 1w5d 18 35 02 v...

Страница 446: ...le to communicate with the RADIUS authentication server through a non authenticating Ethernet port or other backhaul network interface like the cellular modem Freeradius authentication server Wireless...

Страница 447: ...ates users and network clients The following shows only a snippet of the configuration but has the most important sections listed etc freeradius users Username password example joe Cleartext Password...

Страница 448: ...to be started before configuring authentication on a wired network interface When using EAP the Orbit ETH port security mode must also be set to EAP The Orbit is agnostic to the specific EAP method c...

Страница 449: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 449...

Страница 450: ...2 5 Following shows EAP TLS mode on Windows with certificates A certificate must be issued for the Windows peer The client certificate and the issuing certificate can be imported using the certmgr msc...

Страница 451: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 451...

Страница 452: ...452 MDS Orbit MCR ECR Technical Manual MDS 05 6632A01 Rev F...

Страница 453: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 453...

Страница 454: ...ents the following notification on Windows Clicking the notification presents the certificate selection box where the imported certificate can be chosen Running Wireshark in administrator mode on the...

Страница 455: ...of configuring PEAP mode on Kubuntu Linux Unlike Windows there is no need to start a service on this distribution Also this is no certificate import utility the certificates can reside anywhere on the...

Страница 456: ...thentication dot1x default group radius aaa authorization network default group radius aaa authorization network mylist none aaa session id common switch 1 provision ws c2960s 24ts l dot1x system auth...

Страница 457: ...te under Orbit MCR Software Firmware Downloads Support Items and download license declaration n_n_n txt Upon request in accordance with certain software license terms GE will make available a copy of...

Страница 458: ...by the country for the Orbit MCR Operation of the unit must be in full compliance with all country and regional requirements Table 15 1 Country Specific Installation Data Country Applicable Symbol s...

Страница 459: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 459 NOTES...

Страница 460: ...460 MDS Orbit MCR ECR Technical Manual MDS 05 6632A01 Rev F...

Страница 461: ......

Страница 462: ...and on any correspondence relating to the repair No equipment will be accepted for repair without an authorization number Return authorization numbers are issued online at www gedigitalenergy com Com...

Страница 463: ...GE MDS LLC Rochester NY 14620 Telephone 1 585 242 9600 FAX 1 585 242 9620 www gemds com 175 Science Parkway...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды