MB Connect Line mbNET MDH 810 Скачать руководство пользователя страница 182

Страница: 182 / 226

Page 182 of 226
Version: 3.3.5

– DR05 – 23.03.2017

Authentication with certificates

19.3.7

1. Each subscriber needs the same root CA and a personal certificate signed by the root CA.

2. Like 1, but with addition-

al username/password verification.

3. Like 2, but without a personal certificate. In other words, the stations only need a root CA and

username/password.

Authentication with CA certificate and own certificate

19.3.7.1

There are three different types of authentication with certificates:

Tab

Label

Description

X.509 authentication

CA Certificate

This is the root certificate (root CA). All other cer-
tificates must come from this certificate.

Own Certificate

You use this certificate to authenticate yourself to
your VPN peer.

Additional user and pass-
word verification

Additional user data may be required from a client
dialing in. Please note that this user data must be
entered in the VPN server under

System User

User

Enter the user data of the VPN server (from the
System User menu) here.

Use only CA and Us-
er/password for client verifi-
cation

With this option, you authenticate yourself using
the CA certificate and the user data of the VPN
server (from the System User menu) only.

Peer must be TLS Server

This is an additional security option. The

“server

certificate

” must include the extension

nsCert-

Type=server

(see section

Creating certificates

Содержание mbNET MDH 810

Страница 1: ...MANUAL V3 3 6 EN MDH800 MDH859 23 03 2017 MDH810 MDH811 MDH814 MDH815 MDH816 MDH819 MDH830 MDH831 MDH834 MDH835 MDH841 MDH849 MDH850 MDH855 MDH858 MDH858 MDH859...

Страница 2: ...be found on our homepage www mbconnectline com We welcome comments suggestions for improvement or constructive criticism at any time Trademarks The use of any trademark not listed herein is not an in...

Страница 3: ...nel USB port 20 7 5 8 First time operation 21 Connecting the router to the power supply and switching on 21 8 1 Connecting the router to a configuration PC 22 8 2 9 Router configuration prerequisites...

Страница 4: ...Connecting the router 61 12 5 1 1 Configuring the router using the web interface 61 12 5 1 2 Configuring the industrial router for VPN connection to a client 64 12 6 Connecting and configuring the rou...

Страница 5: ...6 3 2 Menu settings SMS 118 16 3 3 Network Modem Callback 120 16 3 4 Network Modem SMS 121 16 3 5 Remote service control commands using SMS 122 16 3 6 Network Internet 123 16 4 Network Internet Intern...

Страница 6: ...PN Windows client 170 19 3 2 2 Authenticating a Windows client with static key 171 19 3 2 3 Router Router 173 19 3 2 4 Server no authentication or static key 175 19 3 2 1 Multi client Multiple clients...

Страница 7: ...22 12 Status Diagnostics 211 22 13 Status USB 212 22 14 Status Alarmmanagement 212 22 15 Status System 213 22 16 23 Extras 214 LUA 214 23 1 Toolbox 215 23 2 24 Factory settings on delivery 216 Usernam...

Страница 8: ...ection using an integrated firewall with IP filter NAT and port forwarding VPN with AES DES 3DES DESX Blowfish or RC2 encryption and authentication via pre shared key PSK static key or certificate X 5...

Страница 9: ...opening and improper repair can pose a danger to the user Unauthorized modifications are not covered by the manufacturer s warranty Opening up the device voids the warranty The router must be dispose...

Страница 10: ...du routeur ou des r parations non adapt es peuvent mettre en danger l utilisateur du routeur Le fabricant n assure aucune garantie concernant les modifi cations arbitraires La garantie devient caduque...

Страница 11: ...he Berkeley Software Distribution BSD the Massachusetts Institute of Technology MIT or another open source software license which regulates that the source code must be made available and if this soft...

Страница 12: ...Page 12 of 226 Version 3 3 5 DR05 23 03 2017 4 Technical Data...

Страница 13: ...100 Mbit s full and half duplex operation autodetection patch cable crossover cable USB interface USB Host 2 0 VPN VPN protocol IPsec PPTP OpenVPN 64 tun nel Item no 8812 UL 8813 UL 8814 UL 8830 UL 8...

Страница 14: ...nlink max 21 Mbps uplink max 5 76 Mbps Antenna connector SMA socket FCC FCC ID R17HE910 Devices with UMTS 3G modem Item no 8813 UL 8818 UL 8833 UL Target region EMEA Europe the Middle East and Africa...

Страница 15: ...ification EU 2 412 GHz 2 472 GHz 1 13 Channel USA 2 412 GHz 2 462 GHz 1 11 Channel WPA WP2 64 128 152bit WEP WPS 802 11b 1 2 5 5 11 Mbps 802 11g 6 9 12 18 24 36 48 54 Mbps 802 11n 20 MHz MCS0 7 up to...

Страница 16: ...arts are in the product package All devices mbNET router Quick Start Guide Straight through Ethernet cable Router variants with analog modem Router variants with GSM Modem 3G 4G RJ11 plugr RJ10 to TAE...

Страница 17: ...flashing 1 5Hz VPN connection active LED flashing 3 Hz Internet or VPN connection is being established Pwr Power LED off Router power source is switched off or router is not connect ed to power source...

Страница 18: ...10 MDH815 MDH830 MDH816 MDH835 X1 Power supply connection 10 30V DC 0V DC connection X2 4 Digital input I4 10 30V 3 Digital input I3 10 30V 2 Digital input I2 10 30V 1 Digital input I1 10 30V P Fuse p...

Страница 19: ...A1 Pin ISDN Analog 1 Not connected Not connected 2 TX Not connected 3 RX Lb b 4 RX La a 5 TX Not connected 6 Not connected Not connected Pin RS 232 RS 485 MPI 1 DCD Data Carrier Detect Not connected...

Страница 20: ...sion 3 3 5 DR05 23 03 2017 Pinout of front panel LAN WAN ports 7 4 Pinout front panel USB port 7 5 Signal 1 TX 2 TX 3 RX 4 Not connected 5 Not connected 6 RX Signal 1 VCC 5V 2 Data 3 Data 4 GND 1 2 3...

Страница 21: ...C first ensure that it is properly connected to a power supply other wise it may cause damage to other equipment You should therefore follow the instructions given below Connect the 10 30V DC power su...

Страница 22: ...be set to 192 168 0 X where X is variable o the subnet mask must be 255 255 255 0 For instructions on how to create the required settings on a PC please see the next page If you already know how to s...

Страница 23: ...In the next window double click on Internet Protocol TCP IP In the next window enter the appro priate IP address An appropriate IP address would be e g 192 168 0 2 Please note the Internet IP address...

Страница 24: ...t Protocol TCP IP 4 In the next window enter the appro priate IP address An appropriate IP address would be e g 192 168 0 2 Please note the Internet IP address must be 192 168 0 X and is not allowed t...

Страница 25: ...me admin Password no password required First Start on the Web interface Here you can select between the adjustment Cloudserver and Classic router With the setting Cloudserver you can connect to the po...

Страница 26: ...Page 26 of 226 Version 3 3 5 DR05 23 03 2017 Cloudserver 10 1 If you selected Cloudserver you can synchronize your configurations per CTM to your device The following page will appear...

Страница 27: ...r will obtain connection information such as IP address and subnet mask using DHCP Gateway and DNS servers can be specified as an option Static IP Set the connection information manually There will ap...

Страница 28: ...on from your ISP Internet Service Provider Please Note Important criterion If you use this setting then the router expects that a DLS Modem is connected direct to the WAN slot Label Description PPP Ty...

Страница 29: ...ion manually There will appear the following two in put fields enter your required data here IP address Specify an IP address Netmask Specify the netmask for the IP address Gateway Enter the IP addres...

Страница 30: ...e Europe PRO USA Canada USA Canada PRO or User Defined Cloudserver address name You can select the used Portalserver here Session Key If you have set a session key on the upload of the configuration f...

Страница 31: ...reen of the mbNET 10 1 5 If you search for your mbNET in your web browser you get this screen Here you can see the connection or network problems of the mbNET To see more detailed information click on...

Страница 32: ...aunch simplifying network Internet and VPN connec tion set up The wizard is easy to use and takes you through the configuration process step by step You can also launch the wizard manually To do this...

Страница 33: ...23 03 2017 Configuration screen of the mbNET 10 3 On successful log in you will be taken to the configuration interface home page If you use the mbNET with WLAN Firmware 4 1 you have a little differe...

Страница 34: ...nection the circle is solid gray Modem connection Only incoming modem connections are shown here A green dot means that a modem connection is established The display also shows which user is connected...

Страница 35: ...ently stores and applies all saved changes 6 This is a check box Clicking on a box enables disables the option as sociated with it 7 If input is required in a field that looks like this it must be ent...

Страница 36: ...lication requirements you need to implement some specific basic settings Proceed as follows On the navigation bar at the top bar on the web interface home page click System and Settings This will disp...

Страница 37: ...tem time The time is updated only after a restart or manually Registered time server 134 176 25 NTP server Specifies a time server for updating system time A time server IP address may be entered inst...

Страница 38: ...soon as it gets online CTM has to be activated on the device to ensure the transmitting of the con figuration Note Only available for devices with firmware version higher or equal to V 4 0 Label Desc...

Страница 39: ...able HTTPS If you check this checkbox you activate the safe variant of HTTP HTTPS Hyper Text Transfer Protocol Secure for the communication with the router over the web interface Important After enabl...

Страница 40: ...Page 40 of 226 Version 3 3 5 DR05 23 03 2017 WLAN Configuration 11 6 Network WLAN Label Description Interface Type DHCP Settings are received with DHCP Static IP You can set the settings manually...

Страница 41: ...PA2 PSK is the implementation of a high safety standards in accordance with the WLAN standards It is the successor of WPA and one of the safest methods of encryption WPANONE No authentication Encrypt...

Страница 42: ...ailable frequency band more effectively then older standards Max speed max 54 600 Mbit s Frequenzy 2 4 5 GHz Bandwith at 2 4GHz 20MHz at 5GHz 40MHz Range Indoor 70m Outdoor 250m 11GN mixed The standar...

Страница 43: ...web interface A description of some basic connection scenarios follows Choose the connection scenario that best applies to you and follow the instructions in the relevant sec tion Configuring the mbNE...

Страница 44: ...n with a client PC via DSL Internet access using a DSL modem see section 9 4 Configuring the mbNET industrial router for connection to the Internet using another router see section 9 5 Configuring the...

Страница 45: ...etwork 12 2 The following diagram shows how to connect the industrial router to a client over the public telephone network Using this type of connection the industrial router can be accessed over the...

Страница 46: ...adapter to analog cable Plug one end of the supplied cable into the RJ12 jack 1 on the bottom of the router and the other end into the TAE jack 2 ISDN connection applies to device models MDH xx2 With...

Страница 47: ...r the telephone network Label Description Modem Init ANALOG if using an analog device enter the command GCI country code for country codes see Country codes for analog devices here and in the second r...

Страница 48: ...check box to check it and enable a client computer to connect to the mbNET via a dial up connection PPP Server IP address here Enter the IP address of the PPP server In this case 192 168 4 100 This se...

Страница 49: ...r notes on adding us ers and assigning specific rights please see section Adding users Finally to save your changes permanent ly to the industrial router click Apply Changes For devices to be able to...

Страница 50: ...need to set up a suitable dial up connection on the computer as follows Click on START and then Control Panel Click on NETWORK CONNECTIONS and then NEW CONNECTION WIZARD This launches the connection w...

Страница 51: ...nfiguring the router client connection over the telephone network continued Now you need to give your connection a name then click NEXT Enter the telephone number of your remote station the number tha...

Страница 52: ...dem If you select ed the option every User with dial in rights you can enter the user name and password of a user who has dial in rights Click Connect You have established a connection to the router D...

Страница 53: ...y LEDs are shining solid green Connecting the router 12 3 1 1 Analog connection only applies to device models MDH xx0 Connect TAE adapter to analog cable Plug one end of the supplied cable into the RJ...

Страница 54: ...ee your provider listed you can enter your APN manually Ask your provider what details to enter for the APN or visit our website at http www mbconnectline de gsm grps mobilfunk html Phone number Enter...

Страница 55: ...ss is to be sent here For a detailed description of the Network Internet settings please see section Network Internet Save your changes by clicking Save Changes Click on System User and add a user wit...

Страница 56: ...n settings made previously the IP address is sent to the email address that was provided This allows you to ac cess the router via the IP address As the router IP address changes each time it dials in...

Страница 57: ...onnection or to set one up Connecting and configuring the router 12 4 1 Before you begin The router must already be connected to a suitable power source and the Power and Ready LEDs must both be solid...

Страница 58: ...e or be accessible over the Internet via MB Connect Line s DynDNS Confirm and save your entries Finally the mbNET must be restarted to fully implement the settings From the home page of the configurat...

Страница 59: ...hanges To finish restart the router Label Description Internet connections Here select to connect over Internet via WAN Connection Mode Select Connect immediately The connection will be established wh...

Страница 60: ...the router s IP address The option to transmit the IP address is se lected during router configuration The IP address is identified by sending it to the email address specified during configuration C...

Страница 61: ...into the 1 WAN connector on the mbNET router and the other end into the LAN connector 2 of the existing network router Configuring the router using the web interface 12 5 1 2 The connection wizard hel...

Страница 62: ...res a DNS server see Network DNS server WAN IP address Here enter the IP address of the mbNET connected to the WAN port In the example 192 168 1 100 Netmask Enter the subnet mask In this case 255 255...

Страница 63: ...net settings please see section Network Internet Label Description Internet connection From the drop down field select connect to Internet via WAN external router fixed line so that the Internet conne...

Страница 64: ...n called a VPN tunnel In the connection scenarios described in 9 3 and 9 4 a client can only access the router s serial interfaces for a description of serial interfaces see Serial Interfaces This doe...

Страница 65: ...al router via a VPN a user must be added and have VPN dial in rights assigned under user management For instructions on exactly how to add a user with spe cific rights please see section System Users...

Страница 66: ...t Otherwise check the box and click Next Please note that with firmware versions 2 0 and higher to enable IPSec configuration on the wizard page you first need to click on IPSec below the Start button...

Страница 67: ...PPTP server in a different address space if there is an address conflict Remote IP address or Range Enter the remote addresses here In the example 192 168 10 160 170 This assigns the IP addresses of t...

Страница 68: ...nt PC must have an existing Internet connection For information on setting up a client PC please see section Configuring a client PC for router access In Windows Control Panel click on Network Connect...

Страница 69: ...ISP For information on setting up and using the MB Connect Line DynDNS service please see section Network DynDNS When entering the router s IP address make sure that you always enter the current IP a...

Страница 70: ...connected to the Internet and accessible via the IP address Setting up a VPN connection from client to router 12 6 3 2 Double click on the VPN connection icon and in the next screen enter the user na...

Страница 71: ...an industrial router has been set up as a client please see the next section for settings that will allow it to access another remote industrial router Configuring a connection between two routers vi...

Страница 72: ...he Autoconfig option to NO and you will see the picture on the right From the home page navigation bar on the left click VPN and on the navigation bar at the top click PPTP This will display the scree...

Страница 73: ...the client The WINS server IP address can also be entered here for compatibility with older Microsoft operating systems Encryption This option selects the type of data encryption MPPE V2 All MPPE V2 1...

Страница 74: ...hot on the right 192 168 0 0 24 Authentication Choose one of the methods support ed by the PPTP server You can see what they are on the PPTP server s web page under VPN PPTP Encryption Use the same ty...

Страница 75: ...te station or the address for a whole network We recom mend entering a network address In the example 192 168 0 0 24 Note the CIDR notation 24 after the network address Authentication Select an authen...

Страница 76: ...te plus a server or client certificate In our case The server may be the mbNET or a separate server The client is either a computer or another mbNET The certificates are required to set up a secure VP...

Страница 77: ...ssary private keys You can download the program from http sourceforge net projects xca free of charge and install it in Windows in the usual way run the exe file When you launch XCA for the first time...

Страница 78: ...ificate click on the Certificates tab and open the following dialog box by clicking New Certificate Root certificate source 13 2 1 1 First change the Signature algorithm to MD5 so that the certificate...

Страница 79: ...the fields from Internal Name through email address For VPNs using IPSec Subject settings can later be used as an ID cf section Authentication Next create a private key by clicking on Generate a new...

Страница 80: ...80 of 226 Version 3 3 5 DR05 23 03 2017 Select key type RSA You can select any key size and of course any name The longer the key the more secure the encryption but also the more processing power requ...

Страница 81: ...specific start and end date in the relevant fields or use the adjacent Time Range field Time Range In the dialog boxes to the right enter the number of days months or years The list below specifies h...

Страница 82: ...you need to enter the LDAP or HTTP ad dress of the list The address should always be prefixed with a URI universal resource indicator e g URI http de wikipedia de For the field separator use a colon I...

Страница 83: ...the boxes marked Critical unchecked To create a root certificate please select the following values in the left hand column Certificate Sign CRL Sign Selecting these options means that your root certi...

Страница 84: ...3 2017 Creating a client certificate 13 2 2 To create a certificate signed by this CA in the Certificates tab highlight the root certificate that you just creat ed and click again on New Certificate A...

Страница 85: ...rtificate source 13 2 2 1 First we need to select our root certificate as the one that will be used as signatory We also need to set the signature algorithm to MD5 again We see here that our root cert...

Страница 86: ...rtificate subject 13 2 2 2 Once again assign the client certificate details from internal name through email address Then generate a key for the client certificate It is recommended that the key shoul...

Страница 87: ...c start and end date in the relevant fields or use the adjacent Time Range field Time Range In the dialog boxes to the right enter the number of days months or years The list below specifies how long...

Страница 88: ...ed with a URI universal resource indicator e g URI http de wikipedia de For the field separator use a colon If you hold local revocation lists this option is not relevant Authority Info Access This PK...

Страница 89: ...that OpenVPN can query whether a VPN server is also equipped with SSL This op tion can also be enabled on the mbNET The section on OpenVPN goes into more detail on this and on the set tings options I...

Страница 90: ...17 Now the certificates need to be published by highlighting the relevant ones in the Certificates tab and then clicking Export In the menu below you can specify the save location for the certificate...

Страница 91: ...ws XP Generating CRL Files Certificate Revocation Lists 13 3 If you wish to withdraw a team member s rights to use the VPN tunnel please read this section and create a certificate revocation list To d...

Страница 92: ...t it and click Export Select pem as the export format Choose a suitable save location then confirm with OK You can now import the list using the System Certificates menu on the mbNET web interface cf...

Страница 93: ...ificates from the list of available snap ins In the next window select Computer account In the next screen ensure that you select This Snap in will always manage Local computer computer running this c...

Страница 94: ...are required The CA certificate is automatically imported Nor is it necessary to save the console Double clicking on the relevant certificate displays its properties In the General tab you can check a...

Страница 95: ...tion is usually 40 or 128 Bit depending on key size Label Description HTTP Port The standard port for HTTP requests is TCP 80 You can change this if you need this port for your OpenVPN connection or i...

Страница 96: ...ng users 15 2 2 To edit a user proceed as follows Select System and then Users To select a user whose rights you want to change click on the edit button The user will be displayed in the first row alo...

Страница 97: ...ror message when you save In the three check boxes that follow specify which rights you want the new user to have Choose whether the user Can make settings in the web interface Administration o Can co...

Страница 98: ...gation bar on the left select System and then Users Select the row that contains the user name password and so on and click the icon to Delete To apply the settings to the router perma nently click Ap...

Страница 99: ...is called the Subject and whoever issues the certificate is called the Issuer Below is a screenshot of the relevant certificates tabs and the option to import a new certificate Personal Certificates 1...

Страница 100: ...ovides file path for certificate file Name for this certificate optional optional entry of a name for the certificate file Password certificate password entry The certificate must have been assigned a...

Страница 101: ...ilable as a CRT file and needs to be imported to the router Label Description Import new cer tificates Choose CRT file enter the file location or browse the relevant drive for the certificate file Fil...

Страница 102: ...tiple crt files Label Description Import new cer tificates Choose CRT file enter the file location or browse the relevant drive for the certificate file File extension crt Name for this certificate op...

Страница 103: ...le extension pem Update download address url the PEM file can be regularly updated by entering the download address Import CRL file as long as the above data have been entered correctly the blacklist...

Страница 104: ...ription Enable Select whether to enable connection of a USB device with the industrial router Workgroup name Enter the name of the workgroup through which users can access the drive Servername Enter a...

Страница 105: ...the USB device via SFTP Under USB Devices you can see if a USB Device is plugged in or not Label Description Active Check this box if you like the mbNET to mount the USB device SFTP User Please enter...

Страница 106: ...e also being saved to an USB Device Enable Remote Logging To enable a log server place a check in the box by clicking on it System log ging for the mbNET industrial router can now be outsourced to ano...

Страница 107: ...will be prompted to enter a location e g the USB drive letter Include certificates and keys This configures the system to copy an mbNET Please note that this configuration file should only be used for...

Страница 108: ...ved config file mbn mbns To restore a configuration the stored file containing the router configura tion must be restored i e transferred back on to the industrial router To perform a restore first cl...

Страница 109: ...SB 15 7 1 This requires a USB storage device to be connected to the industrial router so that the file can be transferred across The firmware name image bis is listed here To upgrade the firmware clic...

Страница 110: ...IP address of the router that you are upgrading Size of pool 10 Mask Network subnet mask Clicking on Save will store the settings In the drop down field under Current Directory you need to select the...

Страница 111: ...ss used for accessing the router from the LAN Label Description Interface To set up the LAN interface click on the tab LAN IP address Enter the router IP address Netmask Enter the subnet mask of the n...

Страница 112: ...refore automatically assigned a new IP address by the industrial router Please also contact your network ad ministrator to confirm this Static IP Select this setting if connection to the Internet is v...

Страница 113: ...ol connection For example in Austria PPTP is used with DSL connec tions PPP User Login see the access user name provided by your ISP PPP User Pass see the access password provided by your ISP WAN IP a...

Страница 114: ...oing Internet connection it cannot be used for an incoming connection Label Description Modem Init ANALOG If using an analog device enter the command GCI country code for coun try codes see Country co...

Страница 115: ...ction the router and the remote station establish a sepa rate network Dial in Authentication Specify whether a user name and password i e authentication will be required to dial in to the router The o...

Страница 116: ...the request Under Network Internet set the Internet connection to On demand and set the subse quent option to Connect on Sign 1 at Input To call the first number switch on input 1 To call the second...

Страница 117: ...and devices there are two Outgoing menus These are simply SIM1 and SIM2 There is also a second menu SMS settings Various provider specifications for every SIM card possible Switching between SIM1 and...

Страница 118: ...broadband provider here If it does not appear select Oth er Providername only GSM If your provider was not shown you can also manually enter the APN Access Point Name here You can obtain details of th...

Страница 119: ...he primary SIM card On Off SMS Remotely control services via SMS Enable Service Control via SMS On Off Check the Phone Number of the Sender On Off Senders Phone Number Enter the phone number of the se...

Страница 120: ...back function How to call back Activate Call Back via Phone With this setting the mbNET will connect to the Internet if called from a phone To es tablish a connection the mbNET must be alerted by four...

Страница 121: ...ecific number Then enter the sender s cell number in Senders Phone Number in the next field Commands sent from any other number will now be rejected Send an SMS when Internet Connection Established Th...

Страница 122: ...of the connection e g OPEN VPN START Wizard In addition be aware that connection name is case sensitive REBOOT This will restart your industrial router Please note that it cannot receive any commands...

Страница 123: ...nection will be established via modem Enter the login in formation under Netzwork Modem Internet via WAN If the internet connection should be established via DSL Modem then select this option You also...

Страница 124: ...while pushing dialout button o Connect when a signal is received at inputs I1 I2 I3 or I4 o Connect on traffic Close connection if Don t lock select this option if you want to prevent the Internet con...

Страница 125: ...you wish an Internet connection to be triggered by pressing the Dial out button on the front of the router check this box ADVICE Press and hold the Dial Out button until the Con LED starts to flash Co...

Страница 126: ...Page 126 of 226 Version 3 3 5 DR05 23 03 2017 Internet failover connection 16 4 3 Firmware versions 3 x x and higher have an optional failover function for the Internet connection...

Страница 127: ...for the Internet interfaces The order and number or interfaces are freely definable The Retry interface before switch to next interface parameter specifies how many times an Internet connection should...

Страница 128: ...in the following order If the first IP fails the second will be used If this one also fails the third will be used and once all three have been run through a test will be carried out If the set test...

Страница 129: ...tween SIM1 and SIM2 First we need to specify a primary SIM card which will always be verified or used by default The secondary SIM card is always the non primary one Switching is based on two selectab...

Страница 130: ...er here End End address of the range managed by the DHCP server Netmask Subnet mask of the range managed by the DHCP server Broadcast Broadcast address of the range managed by the DHCP server Gateway...

Страница 131: ...can enter up to five DNS server Settings This tab allows you to activate or enter the DNS server settings listed below No Hosts Computer names entered under the Network Host menu are ignored Strict O...

Страница 132: ...t via this IP However as soon as it closes this connection and dials in again it receives a new IP address The DynDNS service makes the industrial router contactable using the same address every time...

Страница 133: ...ternet 123456789 mbNET mymbnet biz The name will be globally available approx 1 2 minutes after Internet dial in Public DynDNS Service Label Description Enable If you are registered with a DynDNS prov...

Страница 134: ...al interface General 17 1 Both serial interfaces can be accessed via a dial up or Internet connection using a known IP address Serial interface COM1 can be directly configured to RS232 RS485 and RS422...

Страница 135: ...Page 135 of 226 Version 3 3 5 DR05 23 03 2017 RS232 485 serial interfaces 17 2...

Страница 136: ...cles the sys tem goes through until it sends the data packet Driver Select the driver that you want to load Device drivers can be selected for the following brands AllanBradley AMK ASB AtlasCopco Baum...

Страница 137: ...Manager Label Description Protocol VCOM LAN2 PC adapter MPI PROFIBUS Baud rate If you select VCOM LAN2 PC adapter the PG PC interfaces must be in stalled on a PC adapter MPI PROFIBUS For bus speeds hi...

Страница 138: ...he master gateway must be assigned as the PLC routing gateway station address on the router Example The PLC master is connected to the router e g address 13 via MPI Bus e g address 14 and a subscriber...

Страница 139: ...when the virtual COM Port was opened from an application program a small amount of data may be lost while the virtual COM port is being opened as some programs send data to the port immediately before...

Страница 140: ...pecify the own station address for the mbNET If you wish to set up a connection to a Siemens control system you first need to verify the settings in Simatic Manager by selecting Extras Set up PG PC in...

Страница 141: ...age 141 of 226 Version 3 3 5 DR05 23 03 2017 Settings for NETPro Step 7 17 4 1 Launch the NETPro application in Simatic Manager Create subnets 17 4 2 Create a PROFIBUS and an Industrial Ethernet subne...

Страница 142: ...1 you need to add a PC station You can skip steps 2 2 to 2 3 if you are using the NETPro Import function A pre configured mbNET station is available as an annex to these instructions You can download...

Страница 143: ...QH00 0AB4 V3 4 found by selecting Simatic PC Station Controller CPU412 2 PCI and a IE_CP V6 2 1 IE General found by selecting Simatic PC Station CP Industrial Ethernet IE General IE_CP SW V6 2 SP1 The...

Страница 144: ...Page 144 of 226 Version 3 3 5 DR05 23 03 2017 Add PC PG station 17 4 5 Now you need to add a PC PG station...

Страница 145: ...the Industrial Ethernet settings for the PC Specify the PG PC subnet mask and IP address here The PG PC IP address can be from any where in the network range but may not overlap with other addresses o...

Страница 146: ...6 of 226 Version 3 3 5 DR05 23 03 2017 After assigning your chosen interface the window should look like this S7ONLINE access must be set to Active The subnet Industrial Ethernet is now linked with th...

Страница 147: ...s PC Station in this case mbNET double click on IE General Click on Properties to set the interface parameters Enter the IP address and subnet mask here The IP address and subnet mask must be the same...

Страница 148: ...x network card will appear in the bottom border of the screen as PG PC interface It is recommended at this stage to assign a bus address in this case MPI to the PC station and link this with the subne...

Страница 149: ...uting 17 4 7 For the station to be able to contact a subscriber from another slave network see picture you need to make the following settings In the mbNET settings enable RFC1006 routing and enter th...

Страница 150: ...226 Version 3 3 5 DR05 23 03 2017 Connecting to S7 using the mbNET S7 driver 17 5 Alternatively the licensed mbNET S7 driver can be used Once installed this is directly available as an adapter in Sima...

Страница 151: ...Page 151 of 226 Version 3 3 5 DR05 23 03 2017 The router settings for this must be as shown below RFC1006 can be operated in parallel with this...

Страница 152: ...kets from the VPN tunnel normal Security With this setting incoming data traffic data from the Internet is denied while outgoing da ta traffic is allowed minimum Security With this setting all incomin...

Страница 153: ...he firewall interface under the WAN interface drop down field Label Description Enable Check the box by clicking it to enable the subsequent settings after they are saved Action The following options...

Страница 154: ...4 of 226 Version 3 3 5 DR05 23 03 2017 Edits the settings in the current line Deletes entries in the current line Accepts a new rule Temporarily saves the created rule Changes the order of the created...

Страница 155: ...to the Internet here If you leave the field blank the set action applies to all IP addresses Source Port Enter the port via which the data packets go to the Internet here Protocol The following option...

Страница 156: ...are available for selection All The set rule applies to all protocols tcp The set rule only applies to the TCP protocol udp The set rule only applies to the UDP protocol Destination IP Enter the IP to...

Страница 157: ...between these two networks This means that you do not have to adapt your entire network addressing scheme Label Description Enable Check the box by clicking it to enable the subsequent settings after...

Страница 158: ...on with two routers 19 1 1 The settings for a VPN connection via the IPSec protocol are described below From the start page click VPN in the navigation bar on the left and IPSec in the naviga tion bar...

Страница 159: ...the Internet and for requests from clients With a router router connection one of the following op tions for establishing a connection must be selected Connect immediately A connection is established...

Страница 160: ...ary if the VPN connection is es tablished via the Internet and natted between the LAN and WAN NAT Network address Translation This setting is generally enabled Permitted network for the cli ent only w...

Страница 161: ...must be entered as follows C country ST state L city O organization OU department CN certificate_name E email_address If some fields on the Subject tab were left blank when the certificate was created...

Страница 162: ...abel Description Protocol op tions You select the coding algorithms hash total algorithms etc used during the various phases on this tab PFS This setting is only supported for the router router connec...

Страница 163: ...dress field The L2TP server then works in a similar way to a DHCP server and can automatically as sign the addresses from the set range to the clients dialing in Label Description Local IP address Th...

Страница 164: ...on method here The client keeps sending the username password combination to the host until it ac cepts or rejects authentication of the client Authentication via CHAP Select the authentication method...

Страница 165: ...sses the server here Example 123456789 mbNET mymbnet biz or 80 187 33 55 Local IP This entry is optional If the server is not configured to assign an IP address to the client the client can request th...

Страница 166: ...es X 509 The following certificate variants are distinguished Each subscriber needs the same root CA and a personal certificate signed by the root CA Like 1 but with additional username password verif...

Страница 167: ...ient and mbNET Next select the static key If you have not yet created a static key you can use the key created by mbNET Click Next Clicking Next completes the configuration of the connection Click Fin...

Страница 168: ...on in the input field Connection type Select the connection type Client Router Connection via the drop down field Only one client to network connection can be created Depending on the authentication m...

Страница 169: ...of the gateway for traffic through the local net work All packets coming into the LAN receive the sender IP ad dress of the mbNET Although this means that it is then no longer possible to distinguish...

Страница 170: ...LAN the sender IP address of the mbNET Although this means that it is then no longer possible to distinguish between senders in the LAN the LAN subscribers do NOT have to have the mbNET entered as a g...

Страница 171: ...ication To be able to es tablish an Open VPN connection with your mbNET without encryption you just need to delete the after remote Next enter the public IP address of the mbNET the address accessible...

Страница 172: ...entering the IP address see arrow Note that you must always use two backslashes in the path name Authenticating a Windows client with certificates Change the indicated options as appropriate to your c...

Страница 173: ...of the web interface Then click the Start button for the wizard for VPN connections followed by Next Select Connection between 2 Networks Select the VPN server in the following window and click Next...

Страница 174: ...1 0 2 VPN TUNNEL 10 1 0 1 ROUTING 192 168 0 100 If Wait for incoming Connection was selected then this mbNET is in Server Mode and is called Server in the further documentation otherwise if Connect im...

Страница 175: ...tunnel end point here e g 10 1 0 1 Local network Enter your network address in CIDR notation here 192 168 0 0 24 Peer network Enter the network address of your peer in CIDR no tation here 192 168 99 0...

Страница 176: ...ing these entries Multi client Multiple clients can dial in 19 3 2 2 Tab Label Description Network Settings Client IP address pool With authentication with certificates multiple different clients can...

Страница 177: ...s range of the local network in CIDR notation here E g 10 1 0 2 24 Multiple peers with different network addresses can es tablish a VPN Connection yes selected With authentication with certificates an...

Страница 178: ...rk Set tings Local IP address Enter the IP address of the local VPN tunnel end point here e g 10 1 0 2 Peer IP address Enter the IP address of the peer VPN tunnel end point here e g 10 1 0 1 Local net...

Страница 179: ...o network setting is needed on the client because it is sent to the client by the server Tab Label Description Network Settings Do NAT for all out going traffic This option was introduced for compatib...

Страница 180: ...password No authentication 19 3 4 This setting should primarily be used for test purposes It provides a quick and easy way of testing the con nection with a peer e g whether the correct ports are ena...

Страница 181: ...key or generate it yourself All imported keys can be downloaded as a copy under Down load Tab Label Description Static Keys Name for this static key Enter the name of the key to be generated here Choo...

Страница 182: ...e root CA All other cer tificates must come from this certificate Own Certificate You use this certificate to authenticate yourself to your VPN peer Additional user and pass word verification Addition...

Страница 183: ...ates must come from this certificate Own Certificate You use this certificate to authenticate yourself to your VPN peer Additional user and password verification Additional user data may be required f...

Страница 184: ...a client di aling in Please note that this user data must be en tered in the VPN server under System User User Enter the user data of the VPN server from the Sys tem User menu here Do not use my own...

Страница 185: ...3 3 5 DR05 23 03 2017 Inactivity settings 19 3 8 If the OpenVPN connection is to be started via a digital input or the dial out button the connection is au tomatically dropped after a defined time wi...

Страница 186: ...9 If the OpenVPN connection is to be started via a digital input or the dial out button the connec tion is automatically dropped after a defined time without any data traffic OpenVPN offers a range of...

Страница 187: ...PN tunnel has not been used for n seconds Ping restart seconds The tunnel is restarted if the VPN peer does not respond to the ping within n seconds or no data packet is received MTU bytes The default...

Страница 188: ...ged archives GZIP on an external FTP server at a fixed interval Variables of the type flags times counters inputs outputs data blocks and peripherals can currently be read from an S7 controller via RF...

Страница 189: ...Page 189 of 226 Version 3 3 5 DR05 23 03 2017 Configuring the connection 20 1 If using the MPI PROFIBUS interface of the router the RFC1006 protocol must first be activated for this in terface...

Страница 190: ...button after entering the data If using the MPI PROFIBUS interface the IP of the router s LAN interface must be entered in the PLC IP ad dress field Otherwise the IP address of the PLC The slot addre...

Страница 191: ...BOOL IBy input byte y BYTE IWy input word y WORD IDy input double word y DWORD Oy z output bit y z BOOL OBy output byte y BYTE OWy output word y WORD ODy output double word y DWORD PIy z peripheral i...

Страница 192: ...for this The Maximum firewall security setting does not permit the agreement of a dynamic communication port as required during FTP communication between the client and server The router fire wall mus...

Страница 193: ...Description of the tag Address Address of the tag Value Value of the tag in the data format which was set at the tag Timestamp Shows the exact time when the tag was readed Valid value Shows if the tag...

Страница 194: ...ail address you have spec ified switch two digital outputs independent of each other in the event of a fault when there is an ac tive Internet connection or manually Digital inputs 21 2 Click Alarmman...

Страница 195: ...er the email address or phone number to which the industrial router should send the text when the input is activated and the relevant signal level has resulted in the action be ing initiated Up to thr...

Страница 196: ...ntable The action number is defined in the Number drop down field There are different actions available depending on device model The E Mail function is available with all devices the SMS option is av...

Страница 197: ...not want to evaluate the outputs for possible switching opera tions On with Malfunction Select this setting if the corresponding output of the industrial router is to be set to signal lev el 1 in the...

Страница 198: ...nection external connection The IP address is displayed as soon as the router has a physical connection to the network or is assigned a static IP address The number of data packets received and transm...

Страница 199: ...ns Shows the physical connections via which the router is connected to other computers Routing Table Shows all routes used Router Listen ing Ports Shows all monitored ports Router Con nections Con nec...

Страница 200: ...Page 200 of 226 Version 3 3 5 DR05 23 03 2017 Firewall 22 3 1 At Firmware versions greater then 4 there exists the additional tab Firewall under Status Network IN OUT FORWARD 22 3 1 1...

Страница 201: ...Page 201 of 226 Version 3 3 5 DR05 23 03 2017 NAT 22 3 1 2...

Страница 202: ...Page 202 of 226 Version 3 3 5 DR05 23 03 2017 Status Modem 22 4 Note Not available at mbNET variants with WLAN...

Страница 203: ...of connection and the assigned IP and DNS addresses Modemloggings Shows the commands sent to the modem to initialize it and the status of the connection process The error messages that occur when esta...

Страница 204: ...ended to use these buttons unless requested to do so by a member of the support team Information from the last connection Shows the connection time and the number of bytes sent and received during the...

Страница 205: ...d to use these buttons unless requested to do so by a member of the sup port team Information from the last connection Shows the connection time and the number of bytes sent and received during the mo...

Страница 206: ...IP address Shows the IP address of the DNS server if not assigned by the Internet service provider Systemloggings Shows the individual operations executed by the DNS server Status DynDNS 22 8 Label D...

Страница 207: ...tus NTP 22 9 Label Description Date Time UTC Shows the current system time in Universal Time Coordinates UTC Local Date Time Shows the time using the time zone setting Systemloggings Shows all notific...

Страница 208: ...outgoing VPN connections of the router An active connection is indicated by a green dot The connection duration and active user are displayed After the connection is disconnected the active connection...

Страница 209: ...ote IP address are displayed After the connection is disconnected you can read off the active connection time Clients Shows the outgoing VPN connections of the router An active connection is indicated...

Страница 210: ...incoming and outgoing VPN connections of the router An active connection is indicated by a green dot The name local address and peer address are displayed here You can manually connect or disconnect...

Страница 211: ...whether name resolution http www mbconnectline de 88 12 12 34 takes place If this function ends in an error message check whether there is a DNS server address under Network DNS in your mbNET or wheth...

Страница 212: ...um is integrated in the routers file system and the file system created on the USB storage medium Status Alarmmanagement 22 15 Label Description Input Shows the states at the four inputs The states ar...

Страница 213: ...d to establish the cause of errors on the router If for example the ERROR LED on the front is flashing it may be possible to de termine the cause of the error using the log Error loggings Firmware ver...

Страница 214: ...Page 214 of 226 Version 3 3 5 DR05 23 03 2017 23 Extras LUA 23 1 You can activate LUA to write and execute LUA scripts...

Страница 215: ...fault port for the webserver is 80 But this port is already occupied by the webinterface of the router The default value for the toolbox webserver is port 81 You can access the webserver with http ro...

Страница 216: ...ould first back up your configuration Once you have carried out these steps your previous settings will no longer be available 1 Switch on the device 2 Wait until the Rdy LED blinks 3 Press and hold t...

Страница 217: ...applicable any associated values Letters can be in uppercase and lowercase Multiple commands can be combined into a command line Example L1M1 N5 Analog modem commands 26 1 B Selects the communication...

Страница 218: ...the current setting N Selects the error correction settings AT N0 Error correction switched off AT N1 Transparent transmission of any data widths via the serial interface without data buffering and er...

Страница 219: ...ial tone detection enabled Messages OK CONNECTxxx RING NO CARRIER ERROR NO ANSWER and NO DIAL TONE ISDN terminal adapter TA commands 26 2 B Defines the transmission protocol in the B channel ATB0 V 11...

Страница 220: ...e page screen Now click on auf den Button Yes really reboot now The restart process takes about 2 minutes Via reset button 27 1 2 Press the Reset button on the mbNET Device This initiates the booting...

Страница 221: ...device 2 Wait until the Rdy LED blinks 3 Press and hold the dial out button until the Fc4 TxD2 LED lights up 4 Press the dial out button again Fc3 RxD2 lights up 5 Press the dial out button again Fc2...

Страница 222: ...B5 16 Bahamas BS B5 17 Bahrain BH B5 18 Bangladesh BD B5 19 Barbados BB B5 20 Belarus BY B5 21 Belgium BE FD 22 Belize BZ B5 23 Benin BJ B5 24 Bermuda BM B5 25 Bhutan BT B5 26 Bolivia BO B5 27 Bosnia...

Страница 223: ...5 64 El Salvador SV B5 65 Equatorial Guinea GQ B5 66 Eritrea ER B5 67 Estonia EE FD 68 Ethiopia ET B5 69 Falkland Islands Malvinas FK B5 70 Faroe Islands FO B5 71 Fiji FJ B5 72 Finland FI FD 73 France...

Страница 224: ...ic of KR B5 114 Kuwait KW B5 115 Kyrgyzstan KG B5 116 Lao People s Democratic Republic LA B5 117 Latvia LV FD 118 Lebanon LB B5 119 Lesotho LS B5 120 Liberia LR B5 121 Libyan Arab Jamahiriya LY B5 122...

Страница 225: ...PK B5 163 Palau PW B5 164 Panama PA B5 165 Papua New Guinea PG B5 166 Paraguay PY B5 167 Peru PE B5 168 Philippines PH B5 169 Pitcairn PN B5 170 Poland PL FD 171 Portugal PT FD 172 Puerto Rico PR B5...

Страница 226: ...nd TH B5 210 Togo TG B5 211 Tokelau TK B5 212 Tonga TO B5 213 Trinidad and Tobago TT B5 214 Tunisia TN B5 215 Turkey TR FD 216 Turkmenistan B5 217 Turks and Caicos Islands TC B5 218 Tuvalu TV B5 219 U...

Результаты поиска

Содержание mbNET MDH 810

Отзывы:

Похожие инструкции для mbNET MDH 810

Бренды по названию

Популярные бренды

MB Connect Line mbNET MDH 810, Руководство пользователя

Результаты поиска

Содержание mbNET MDH 810

Отзывы:

Похожие инструкции для mbNET MDH 810

Бренды по названию

Популярные бренды