Westermo MRD-310 Скачать руководство пользователя страница 70

Страница: 70 / 195

6623-3201

5.3.1 Enabling the Denial of Service filters

The Filter Description table provides a number of DOS filters,
as shown in

Figure 54.

The filters can be applied to packets

received from the LAN port, the wireless port (WLS), and
from any VPN tunnel by checking the boxes in the appropriate
column.

Figure 54: Firewall DoS filter options.

The function of each filter is described below:

Rate limit TCP SYN packets

This will limit the number of new TCP connection requests
(SYN packets) allowed from the given interface. The rate will
be limited to 5 per second.

Drop invalid TCP flag combinations

Some DOS attacks will send packets that present an invalid
combination of TCP flags which may cause problems for some
operating systems. The filter will drop packets with invalid
combinations received on the given interface.

Rate limit ICMP requests

This will limit the number of ICMP requests (for example, ping
requests) allowed from the given interface. The rate will be
limited to 5 per second.

Accept limited ICMP types

The types of ICMP packets that are accepted will be limited
to types 0, 3, 8 and 11.

Содержание MRD-310

Страница 1: ...r Modem Router Web configuration reference guide www westermo com REV A 6623 3201 2008 10 Mälartryck AB Eskilstuna Sweden Westermo Teleindustri AB 2008 Web configuration reference guide 6623 3201 MRD 310 MRD 330 ...

Страница 2: ...ing the Status of the Connection 35 3 3 Connection Management 39 3 3 1 Connection Establishment 40 3 3 2 Connection Maintenance 42 3 3 3 Remote Poll Setup 43 3 3 4 Miscellaneous Options 44 3 3 5 Connect on Demand 45 3 4 Circuit Switched Data CSD Mode 45 3 4 1 CSD Single Port 46 3 4 2 CSD Multiplexed 47 3 5 SMS Triggers 50 3 5 1 Trigger configuration 50 3 5 2 Access Control 52 3 5 2 1 Example Defau...

Страница 3: ... Management 148 6 5 1 Add a Certificate 149 6 5 2 Checking the Certificate Details 151 6 5 3 Adding Further Certificates 152 6 5 4 Deleting a Certificate 154 7 Serial Server 156 7 1 Selecting a port function 156 7 2 Common configuration options 158 7 2 1 Serial port settings 158 7 2 2 Packet framer settings 160 7 3 Raw TCP Client Server 162 7 3 1 Description 162 7 3 2 Selecting the port function 1...

Страница 4: ...uring the unit for Circuit Switched mode and for more advanced configuration refer to the Advanced Configuration section 1 1 Configure the 3G Wireless interface To access the configuration page for the 3G Wireless inter face click on Wireless The Basic Wireless configuration page will be displayed as shown in Figure 1 Figure 1 Wireless Interface Basic configuration ...

Страница 5: ...The SIM card may have a PIN associated with it and may require the PIN to be entered before the unit can access the SIM To set the SIM PIN click Setup A dialog box as shown in Figure 2 will be displayed Figure 2 SIM PIN control dialog Set the field marked Enter when requested to Yes and enter the PIN in the New PIN and Confirm PIN entry boxes Then click the Set button to save the PIN Figure 3 SIM ...

Страница 6: ... two sections The first section shows the current connection state and the selected profile and the second sec tion lists the available profiles A connection profile groups together the settings required to connect to a provider s network The unit allows multiple profiles to be configured to allow quick changes to the network connection settings For most applications only one profile is required F...

Страница 7: ... password can now be entered in the text field The password is visible as it is being typed so that it can be checked for errors prior to being set Once set the password will no longer be visible Note The provider may not supply a username and password if network authentication is not required In this case set the Authentication to None leave the username blank and do not set a password Figure 5 A...

Страница 8: ...he screen will now change to show the added profile as shown in Figure 6 As this is the only profile entered it will be automatically selected as the current profile and the profile entry will be shaded green to indicate that it is the selected profile Figure 6 Profile added and selected ...

Страница 9: ...n set the Connection state to Always connect and click the Update button to save the changes Once the changes have been set the MRD 3xx will initiate a 3G connection Connection will normally take up to 30 seconds Figure 7 shows the completed wireless configuration Figure 7 Completed wireless configuration ...

Страница 10: ...wn in Figure 8 The status of the con nection will change as the unit connects to the network first it will report Checking then Connecting and finally Connected To see the value changing the page will need to reload Figure 8 Wireless Status page Note If the status is reported as Error then check that the profile settings have been entered correctly as shown in Section 3 2 1 Once connected the Stat...

Страница 11: ...11 6623 3201 Figure 9 Status alarm page ...

Страница 12: ...IP address and netmask in the Interface Configuration table Click Update to set the changes Once the changes have been set the IP address of the MRD 3xx Unit will change Enter the new address in the browser on the PC It will be necessary to login again follow ing the procedure described in the previous section 1 2 2 Enabling DHCP The DHCP server allows clients on the local network to be automatica...

Страница 13: ...uration Choose a group of available IP addresses on the local network For example if the IP address of the MRD 3xx is 192 168 2 200 with a net mask of 255 255 255 0 a group chosen could be 192 168 2 210 to 192 168 2 240 This will provide 31 addresses for clients Under the DHCP Server Configuration table Set the o Enabled option to Yes Enter the first address of the group in the o Start Address box...

Страница 14: ...ork Address Translation and firewalling to protect clients on the local network To configure clients to use the MRD 3xx as their gateway If the clients have a DHCP address allocated by the MRD 3xx they will have learned the necessary set tings No further configuration is needed If clients have static IP addresses set their default route and DNS server to the IP address of the MRD 3xx ...

Страница 15: ...nctions are accessed by selecting the System tab of the main menu 2 1 Administration To access the Administration features select Administration from the System sub menu a page similar to that shown in Figure 12 will be displayed Figure 12 System Administration page ...

Страница 16: ...rver Timezone Specify the timezone for location of the MRD 3xx Manually set time Click button to set time manually Edit users and passwords Click button to edit users and passwords Timed reboot Specify a time in hours after which the MRD 3xx will automatically reboot Set to 0 to disable automatic re boot Reboot unit Click the Reboot button to immediately reboot the MRD 3xx ...

Страница 17: ...example of the System Information page is shown in Figure 13 The first section of the page lists the Model and serial number of the unit plus the firmware and boot loader version The seconds part of the page lists the LAN MAC address the IMEI of the wireless module wireless IMSI ant the wireless software ver sion Figure 13 System Information page ...

Страница 18: ...ss the configuration back up restore options select Backup Upgrade from the System sub menu The Backup Upgrade page will be displayed as shown in Figure 14 Figure 14 Backup and Upgrade page To save the current configuration click on the link in the sec tion titled Backup current configuration A pop up box similar to that shown in Figure 15 will be displayed select Save to Disk and click OK and sel...

Страница 19: ... which should then be shown in the text box as shown in Figure 16 click the Upload button to transfer the file to the MRD 3xx Once the upload is complete the MRD 3xx will need to be rebooted so the restored configuration can take affect The details for performing a reboot can be found in the Administration section Figure 16 Restore configuration ...

Страница 20: ...t Backup Upgrade from the System sub menu the Backup Upgrade page will be displayed as shown in Figure 17 Figure 17 Backup and Upgrade page To upgrade the MRD 3xx firmware click the Browse button in the section titled Upgrade MRD 3xx firmware then select the navigate to and select the upgrade file Figure 18 Select firmware upgrade file ...

Страница 21: ...ou can chose to can cel the upgrade by clicking the Cancel Upgrade button Figure 19 Upload the upgrade file To proceed with the upgrade click the Upgrade button the page will change to that shown in Figure 20 The firmware upgrade will now proceed Figure 20 Upload the upgrade file Note The upgrade will take several minutes to complete after which the MRD 3xx will reboot during this time the power t...

Страница 22: ...3 3201 2 5 SNMP The MRD 3xx supports SNMP for network management of the unit The SNMP configuration page can be accessed by selecting the SNMP tab of the System sub menu Figure 21 The SNMP configuration page ...

Страница 23: ...30 only The MRD 330 has two general purpose digital inputs and two general purpose digital outputs the options for these can be found by selecting GPIO on the System sub menu Figure 22 The General Prupose I O configutration page ...

Страница 24: ...ay the settings click on the Wireless tab on the top menu bar The subsections of the configuration are Network Configure the operation mode select the frequency band of operation and set the SIM PIN Packet mode Configure the packet mode Connection Management Advanced configuration of the network connection Circuit switched mode Configure the circuit switched data mode SMS Configure the Short Messa...

Страница 25: ... set the operat ing mode select the frequency band of operation and set the SIM PIN To display the Network page select Wireless from the main menu the Network page is the default page displayed it should appear similar to that of Figure 23 Figure 23 Wireless Network configuration ...

Страница 26: ...one serial port of the MRD 3xx is connected to the Wireless interface once con nected all data coming into the Wireless port is directed to the serial port and all data received by the serial port is trans mitted to the Wireless interface To set the mode of the MRD 3xx select Wireless from the main menu and Network from the Sub menu then select either Packet mode HSDPA GPRS or Circuit switched mod...

Страница 27: ...nding a valid network the MRD 3xx will then attempt to connect using GSM Using the options available for the frequency band it is possible to restrict the band and protocol search to a limited number this may mean a quicker connection time and it also means that the MRD 3xx will not connect in an unexpected mode Frequency band selection shows the available frequency band options 3 1 3 Setting the ...

Страница 28: ...28 6623 3201 Set the field marked Enter when requested to Yes and enter the PIN in the New PIN and Confirm PIN entry boxes Then click the Set button to save the PIN Figure 27 SIM PIN control dialog ...

Страница 29: ...s and is divided into two sections The first section shows the current connec tion state and the selected profile The second section lists the available profiles To add a new profile click Add a new profile and a screen similar to Figure 29 will be displayed A connec tion profile groups together the settings required to connect to a provider s network the MRD 3xx allows multiple pro files to be co...

Страница 30: ...r to being set once set the password will no longer be visible Note The provider may not supply a username and password if network authentication is not required in this case set the Authentication to None leave the username blank and do not set a password Once the data has been entered click the Update button to add the profile The screen will now change to show the added profile as shown in Figu...

Страница 31: ...dded using the same procedure to a maximum of five profiles This is illustrated in Figure 31 the configuration shown has 4 profiles profile 1 is the selected profile this is highlighted by the green background of this profile in the profile index Figure 31 Multiple profiles added ...

Страница 32: ...example to delete profile 4 from the profile list shown in Figure 31 click on the Delete icon a warning dialog box will appear similar to that shown in Figure 32 click OK to delete the profile Figure 32 Profile delete warning The page will be re displayed as shown in Figure 33 with pro file 4 removed from the profiles index Figure 33 Profile 4 deleted ...

Страница 33: ... to edit For example to edit profile 1 in the profile list shown in Figure 33 click the Edit icon for profile 1 the information for that profile will now appear in a new screen as shown in Figure 34 Complete the changes to the profile then click the Update button to commit the changes Figure 34 Editing a profile ...

Страница 34: ... options available Always connect and Disabled select the desired option select the desired profile and click the Update button to save the changes Once the changes have been set the MRD 3xx will initiate a 3G connection connection may take up to 120 seconds Figure 35 shows an example of a Wireless packet mode configuration Figure 35 Completed wireless configuration ...

Страница 35: ...ure 36 The status of the connection will change as the unit connects to the net work first it will report Checking then Connecting and finally Connected to see the value changing the page will need to be refreshed Figure 36 Wireless status page Indicates modem is registerd to a network Received Signal Level RSSI Network provider details plus cell locations and ID Indicates modem is connected to a ...

Страница 36: ...he SIM card PIN The Network Registration field indicates whether the MRD 3xx is actively registered to the 3G network No connection is possible without registration If the Network Registration field is No possible causes include Poor signal strength Check that the antenna is o properly connected and experiment with different locations for the MRD 3xx to achieve a higher RF Level Problem with the S...

Страница 37: ...ith the APN username or password is likely Check that the values these settings with the network provider Refer to Section 3 2 1 for details on how to enter these values into the MRD 3xx The remaining fields list the length of time connected IP address allocated by the network and data counters All of this information will reset if a connection is restarted except the Total Session Time field whic...

Страница 38: ...38 6623 3201 Once all errors have been resolved and the MRD 3xx is con nected to a wireless network the Status Alarms page should have no faults listed as shown in Figure 39 Figure 39 Status Alarm page ...

Страница 39: ...o main areas connection establishment and connection maintenance To access the Wireless connection management options select the Wireless tab from the main menu and then select the Connection management tab from the sub menu the Connection management page as shown in Figure 40 will be displayed Figure 40 Wireless connection management page ...

Страница 40: ...ote Poll Setup must be enabled and configured cor rectly refer to section 3 3 3 Timeout between remote poll attempts Specify the time in seconds to wait between successive polls should a poll fail This option is only available when the Remote poll required for successful connection option is set to Yes Failed establishment attempts before RF restart Specify the number of failed connection attempts...

Страница 41: ...a time in minutes to remain in CSD mode before reverting to packet mode and attempting to establish a con nection This value value is only used if the Failed establish ment attempts before dropping to CSD option is set to a value greater than 0 ...

Страница 42: ...at the interval specified 3 Poll if Rx idle for interval Only poll the specified server when not data has been received from the wireless interface for the specified interval 4 Reconnect if Rx idle for interval Reconnect if data has not been received by the wireless interface for the specified inter val Interval between successful polls Specify the time interval in minutes between polls Timeout be...

Страница 43: ...poll is disabled 2 Ping ICMP Ping the specified address 3 TCP Socket Establish a TCP socket to the specified address the connection will be established then after a few seconds terminated Primary poll address Specify the address of the primary server to poll Backup poll type 1 Disabled Primary poll is disabled 2 Ping ICMP Ping the specified address 3 TCP Socket Establish a TCP socket to the specif...

Страница 44: ...ill be used by the MRD 3xx to direct DNS requests If this value is set to No a DNS server should be entered manually Verbose output to system log If set to Yes verbose connection information will be included in the system log As the size of the system log is limited this option should only be enabled if connection problems are being experienced ...

Страница 45: ...l ing its associated data number the MRD 3xx will answer the call and make a direct connection from the wireless port to a serial port Once connected all data coming into the wireless port will be directed to the serial port and all data received by the serial port will be directed to the wireless port When in CSD mode the MRD 3xx can only connect one serial port to the wireless port The LAN inter...

Страница 46: ...e 41 shows the Circuit switched mode page The selected port will always be provid ed with a standard AT command interface allowing a device attached to the port to initiate dialing and answer incoming calls Figure 41 Circut Switched Data CSD mode page 1 Set the Operating mode to Direct to single port and click Update 2 Click on the Edit icon of desired serial port to access unit configuration A ne...

Страница 47: ...ted and return the connection to the virtual termi nal Another port can then be selected allowing communica tion with multiple devices in one CSD telephone call The virtual terminal can operate in a verbose mode which will send prompts and echo characters sent to it This mode is best used when issuing the commands manually as it provides the user with feedback Alternatively the virtual terminal ca...

Страница 48: ...character is 3F ASCII then the disconnect sequence would be 2 seconds 2 seconds Upon receiving this sequence the MRD 3xx would disconnect from the currently connected serial port and return control to the virtual terminal Figure 42 Circuit Switched Data CSD mode port multiplexed page ...

Страница 49: ...eived Set the number Bytes to wait from connection until the default port selected Set the number of Seconds to wait from connection until default port selected 4 The second configuration section allows the parameters for each port to be set up Each port can act in one of two modes a Raw mode The port will be inactive except when selected during a CSD call Data will pass transparently through the ...

Страница 50: ...yed To configure the trig gers complete the following steps 1 For each of the triggers to be enabled tick the Enabled checkboxes 2 For each of the triggers to be disabled untick the Enabled checkboxes 3 For each of the triggers that has been enabled set the Match on field to a Exact The received text must exactly match the Trigger string any additional characters will cause a mis match b Contains ...

Страница 51: ...51 6623 3201 Figure 43 SMS Triggers configuration page ...

Страница 52: ...control over the access to the SMS triggers The default policy can be set to allow which will allow any number that has not be specifically set to be denied or the default policy can be set to deny in which case all numbers will be denied unless specifically set to allow ...

Страница 53: ...1 Click the Add new access control button 2 In the section titled Add new SMS access control a Add a label for the new entry b Enter the phone number c Set the Action to Drop 3 Click the Update button to save the changes 4 Repeat the steps above to add further numbers When complete the page will include the number to be dropped as shown in Figure 44 4 4 Figure 44 SMS Triggers number to drop added ...

Страница 54: ...on titled SMS Access Control set the Default policy Action to Drop 2 In the section titled Add new SMS access control a Add a label for the new entry b Enter the phone number c Set the Action to Accept 3 Click the Update button to save the changes 4 Repeat the steps above to add further numbers When complete the page will include the number to be accepted as shown in Figure 46 Figure 45 SMS Trigge...

Страница 55: ...55 6623 3201 Figure 46 SMS Triggers number to accept added ...

Страница 56: ...ress used to access the MRD 3xx via the LAN Ethernet interface The default IP settings of the MRD 3xx Unit Router are IP Address 192 168 2 200 Netmask 255 255 255 0 The Network settings are contained on the Network LAN page under the Interface Configuration heading To change the IP settings 1 Click the Network tab on the main menu this will display the LAN page as shown in Figure 47 the LAN interf...

Страница 57: ... IP Address has been changed the new IP address will need to entered into the web browser to re gain access the MRD 3xx web interface it will also be necessary to login again For details on accessing the web pages and logging into the MRD 3xx refer to the User Guide ...

Страница 58: ...ace it will be necessary to perform a factory reset of the MRD 3xx as described in the User Guide this will clear all the configuration settings of the MRD 3xx to the factory default settings and the LAN ports will be enabled To disable the LAN Interface 1 Click the Network tab on the main menu this will display the LAN page as shown in Figure 47 the LAN interface settings are in the section title...

Страница 59: ...2 240 and the Default and Maximum lease times have been set to 1440 minutes So if these values are consitant with the network that the MRD 3xx is connected to then the DHCP can be enabled by setting the Enabled field to Yes and clicking the Update button Figure 49 DHCP configuration If the standard settings are not applicable for the connected network then refer to Figure 49 and follow the steps b...

Страница 60: ...ease time 7 Enter a lease time for the Maximum Lease time 8 Click the Update button to commit the changes 4 3 Configuring clients to use the MRD 3xx The MRD 3xx will act as a gateway for connections destined over the wireless interface The default configuration will pro vide Network Address Translation NAT and firewalling to protect clients on the local network To configure clients to use the MRD ...

Страница 61: ...e MRD 3xx is configured by default to act as a Domain Name Server DNS proxy this means that the MRD 3xx passes DNS requests from the LAN interface to an external DNS server and returns the result to the client which initi ated the DNS request Therefore all devices connected to the LAN Interface can specify the IP address of the MRD 3xx as the DNS server If the DHCP server of the MRD 3xx has been e...

Страница 62: ... domain name to be assigned to a device with a dynamic IP address Depending on the system used by the wireless provider the MRD 3xx may receive a dynamic IP address using this service it may be possible to establish connections to the MRD 3xx without needing to track the IP address of the MRD 3xx This makes it possible for other sites on the Internet to establish connections to the machine without...

Страница 63: ...page the Dynamic DNS settings are in the section titled Dynamic DNS Client Configuration 2 Tick Enabled checkbox 3 Select the service provider from the Service drop down menu 4 Enter the Domain in the Domain text box 5 Enter the username for your account in the Username text box 6 Enter the password for your account in the Passoword text box 7 Click the Update button to save the changes Figure 51 ...

Страница 64: ...ample if the unit is only to be used for serial communications then the firewall can be set up to only allow connections through to the serial server which connects to the serial ports 5 1 Firewall Setup The MRD 3xx firewall configuration is accessed by selecting the Firewall tab from the main menu When selected the page shown in Figure 52 will be displayed This page shows and allows configuration...

Страница 65: ... To disable NAPT uncheck the Connections from LAN checkbox and press Update 5 1 2 Stateful Packet Inspection SPI The firewall in the unit can function in Stateful Packet Inspection SPI mode When enabled the firewall will track the state of each connection passing through it for example TCP streams and only allow packets belonging to a known connection to enter from the wireless port In most cases ...

Страница 66: ...or a protocol click the checkbox for the protocol and press Update Protocol Description FTP Adds support for active mode File Transfer Protocol TFTP Adds support for the Trivial File Transfer Protocol H 323 Adds support for the H 323 voice and videocon ferencing protocol PPTP Adds support for the Point to point Tunneling Protocol IRC Adds support for the Internet Relay Chat pro tocol Table 1Firewa...

Страница 67: ... to enable access to some services from the wireless port or to disable access to some services from the VPN tun nels by changing the settings on this page The port numbers for internal services are the standard port numbers for the service type for example port 80 is used for the web server It is possible to change the port number for a particular service This may be a requirement if a conflict e...

Страница 68: ... can be accessed No access All incoming requests are dropped Set the Default policy set to Deny and check no boxes in the Allow column Restricted access Incoming requests for particular services will be allowed Set the Default policy to Deny and check the boxes for the desired services in the Allow column Full access All incoming requests allowed Set the Default policy to Allow To change the port ...

Страница 69: ...to reset or consume resources to such a level that it is unable to provide the intended service A consequence of such an attack is that even if the device is able to handle the large number of communica tions requests the bandwidth over the communications chan nel used for the attack may be completely consumed poten tially preventing legitimate connections to the targeted device The firewall has f...

Страница 70: ...w TCP connection requests SYN packets allowed from the given interface The rate will be limited to 5 per second Drop invalid TCP flag combinations Some DOS attacks will send packets that present an invalid combination of TCP flags which may cause problems for some operating systems The filter will drop packets with invalid combinations received on the given interface Rate limit ICMP requests This ...

Страница 71: ... protocol the source or destination address Some example custom filters are A filter than only allows traffic from a particular host on the WAN to access through to the LAN ports A filter that drops all traffic from a particular host on the WAN To select the Custom Filters page click the Custom Filters tab on the sub menu Figure 55 shows the custom filter page with no filters configured Figure 55 ...

Страница 72: ...lter Options The custom filter options are shown when the Add new cus tom filter button on the Custom Filters page is clicked The Add new custom filter page will be displayed as shown in Figure 56 Figure 56 Adding a new custom filter ...

Страница 73: ...es Locally generated packets The filter will be applied to packets generated by one of the unit s internal services Incoming interface If selected packets will be matched based on the network interface they have been received on Note that this can t be applied to Locally generated packets as they have been gener ated by the unit itself Outgoing interface If selected packets will be matched based o...

Страница 74: ...t for example 443 or a range of ports 80 143 can be entered Destination address Similar to the Source address but instead matching on the destination address Destination port or range Similar to the Source port or range but instead matching on the destination port Action Determines what action on packets who meet all of the matching criteria for the filter If set to Deny the packet will be dropped...

Страница 75: ...s example a new filter will be created to allow packets received via the wireless port from IP address 112 112 112 112 and destined to the LAN network Figure 57 Adding a new custom filter As shown in the example that in the centre column Incoming interface Outgoing interface and Source address are checked This indicates that these are the matching criteria that will be applied to packets All crite...

Страница 76: ...623 3201 To save the new filter click the Update button The main Custom Filter page will again be shown with the new filter listed as shown in Figure 58 Figure 58 The custom filter page with a single filter ...

Страница 77: ...received from the LAN port from IP address 211 211 211 211 and destined to the wire less network Again notice that in the centre column Incoming interface Outgoing interface and Source address are checked This indicates these are the matching criteria that will be applied to packets All criteria that are unchecked will be ignored Figure 59 Adding a new custom filter ...

Страница 78: ... 6623 3201 To add the filter to the filters table click the Update button the main page will again be shown with the new filter added as seen in Figure 60 Figure 60 The custom filter table with 2 filters ...

Страница 79: ...er will display in the same table as shown when adding a new filter As an example to edit the second filter click the pencil icon in the second row of the table A page similar to the Add new fil ter page will be displayed but now showing the details of filter 2 Changes that add protocol and port number matching to the criteria are shown in Figure 61 Figure 61 Editing a custom filter ...

Страница 80: ...ck the Update button or to lose any changes click the Cancel button The main page will again be displayed as shown in Figure 62 with the changes for filter 2 added to the table Figure 62 The main custom filter table after editing filter 2 ...

Страница 81: ...deleted A warning box will be displayed Click OK to confirm the deletion or Cancel to prevent the filter from being deleted For example to delete filter 2 from the table shown in Figure 63 click the bin icon in row 2 of the table A warning box will now be displayed as shown if Figure 63 Click OK to confirm Figure 63 Deleting a custom filter ...

Страница 82: ...82 6623 3201 The filter table will be displayed with the filter removed as shown in Figure 64 Figure 64 Custom filter table with filter 2 removed ...

Страница 83: ...s eg HTTP to a private machine on the LAN network without needing to expose the entire private machine to the public network To access the port forward configuration page select the Firewall tab from the main menu then the Port Forwards tab from the sub menu The page will list a table showing all cur rent port forwards When first selected the table will be empty as shown in Figure 65 Figure 65 Por...

Страница 84: ...ions can be set for each port forward Enabled Set the enabled check box to have the rule installed in the firewall A rule can be temporarily disabled by unchecking this box Protocol The unit is able to forward TCP UDP GRE ESP and AH Most forwards will be either TCP or UDP Select the appropriate protocol from the list Incoming interface Select the interface that the packets to be forwarded on will ...

Страница 85: ...e a range entered as for example 120 150 that the firewall will match on to forward to the new destination address New destination address This is the IP address of the server to forward to 192 168 2 230 in the example New destination port In addition to changing the destination address it is also pos sible to change the destination port To do so enter the port in this field This field can be left...

Страница 86: ...w port forward button This will select the Add new port forward page An example of adding a new port forward is shown in Figure 67 In this example a new port forward is created to forward from port 80 of the wireless port to a HTTP server at address 192 168 2 240 Figure 67 Adding a Port forward ...

Страница 87: ...Figure 68 The port forward page with a single port forward To add a second port forward click the Add new port forward button In the example shown in Figure 69 a port forward is created which forward packets received for IP address 112 112 112 112 on port 80 of the wireless port to LAN IP address 192 168 2 232 Figure 69 Adding a second port forward ...

Страница 88: ...add the new port forward to the port forward table click the Update button The main page will again be shown with the new port forward added as seen in Figure 70 Figure 70 The port forward page with a two port forwards ...

Страница 89: ... displayed in the same table as when creating a new port forward As an example to edit the second port forward in the port forward table click the pencil icon in the second row of the table A page similar to the Add new port forward page will be displayed but will show the details of port forward 2 Changes were made so the destination is now port 22 as shown in Figure 71 Figure 71 Editing a port f...

Страница 90: ...ck the Update button or to lose changes click the Cancel button The main page will again be displayed as shown in Figure 72 with the changes for port for ward 2 added to the table Figure 72 Main port forward page with revised port forward ...

Страница 91: ...column of the forward to be deleted A warning box will be displayed Click OK to confirm the deletion For example to delete port forward 2 from the table shown in Figure 72 click the bin icon in row 2 of the table A warning box will now be displayed as shown if Figure 73 Click OK Figure 73 Deleting a port forward ...

Страница 92: ...92 6623 3201 The port forward table will be displayed with the port for ward removed as shown in Figure 74 Figure 74 Port forward table of deleting a port forward ...

Страница 93: ...NAT applied where the source address is altered or Destination NAT DNAT applied where the destination address is altered Some example custom NATs are Source NAT on all packets being transmitted out a VPN tunnel Destination NAT to redirect packets to a host on the LAN To access the Custom NAT configuration page select the Firewall tab from the main menu then the Custom NAT tab from the sub menu The...

Страница 94: ...201 5 6 2 Custom NAT Options To access the Custom NAT options click the Add new custom NAT button on the main Custom NAT page Figure 76 shows the page for entering a custom NAT Figure 76 Add new Custom NAT page ...

Страница 95: ...vices Incoming interface If selected packets will be matched based on the network interface they have been received on Note that this can only be applied to a Destination NAT on Incoming packets Outgoing interface If selected packets will be matched based on the network interface they will be transmitted on Note that this can only be applied to a Source NAT Protocol If selected packets will be mat...

Страница 96: ...hing on the destination port Target address This is the address that the NAT rule will apply to packets When set to Custom any IP address can be entered in the text box If an interface is selected from the dropdown box the current address of that interface will be applied to packets Target port For rules that specify either the TCP or UDP protocol it is possible to also alter the port number If no...

Страница 97: ... 77 In this example a new custom NAT is created which will source NAT packets outgoing on the SSL VPN interface to the IP address of the SSL VPN Figure 77 Adding a custom NAT It can be seen in the example that in the centre column only Outgoing interface is checked This indicates these are the matching criteria that will be applied to packets In this case all packets outgoing on the SSL VPN will b...

Страница 98: ...3 3201 Click Update to save the new custom NAT The custom NAT table will be updated to include the new custom NAT as shown in Figure 78 Figure 78 Main custom NAT page showing new custom NAT added to the table ...

Страница 99: ... 79 a destination NAT is created for packets destined for the wireless port Figure 79 Adding a custom NAT To add the new custom NAT click the Update button The main page will again be shown with the new custom NAT added as seen in Figure 80 Figure 80 Main custom NAT page showing new custom NAT added to the table ...

Страница 100: ... the same table as when creating a new custom NAT As an example to edit the second custom NAT in the Custom NAT table shown in Figure 80 click the pencil icon in the second row of the table A page similar to the new cus tom NAT page will be displayed but with the details of custom NAT 2 To set the protocol for the custom NAT to be UDP changes were made as shown in Figure 81 Figure 81 Editing a cus...

Страница 101: ...es click the Update button or to lose the changes click Cancel The main page will again be displayed as shown in Figure 82 with the changes for custom NAT 2 added to the table Figure 82 Main custom NAT page with revised custom NAT 2 ...

Страница 102: ...te column of the NAT to be deleted A warning box will be displayed Click OK to confirm the deletion For example to delete custom NAT 2 from the table shown in Figure 82 click the bin icon in row 2 of the table A warning box will now be displayed as shown if Figure 83 Click OK Figure 83 Deleting a Custom NAT ...

Страница 103: ...103 6623 3201 The custom NAT table will be displayed with the custom NAT removed as shown in Figure 84 8 4 Figure 84 Custom NAT table after deleting a Custom NAT ...

Страница 104: ...rk in the case of the MRD 3xx unit the secured communications network is tunneled through the 3G wireless network and then over the Internet or private network to a VPN capable router or server The MRD 3xx unit has support for SSL IPsec and PPTP L2TP based VPNs and can be configured for multiple VPN tunnels to operate simultaneously ...

Страница 105: ...e used to create a tunnel through which other layer 4 protocols such as TCP UDP can pass An example of an SSL VPN is OpenVPN which is a free and open source virtual private network VPN program for creat ing point to point or server to multiclient encrypted tunnels It is capable of establishing direct links between computers that are behind NAT firewalls For information on installing and configurin...

Страница 106: ...the sub menu so it will be automatically displayed Figure 85 shows the MRD 3xx SSL based VPN configuration options available Figure 85 SSL based VPN configuration web page The configuration options are dived into Basic Configuration in the top part of the page and Advanced Configuration in the bottom section of the page The details of each option is described below ...

Страница 107: ...vantages are broadcasts can be problematic on a wireless network as the over the air traffic is increased and bridging does not scale well as new devices are added to the network Routed Routing will create a separate sub net for each VPN connection to access one subnet from another requires routing rules to be configured at the VPN router The advantages of routing are efficiency scaleability and n...

Страница 108: ... timeout secs Specify the ping timeout in seconds This is used to determine if the VPN connection has terminated if this time is exceeded the connection will be re established Compression Specify if compression is to be used for the data being trans mitted through the VPN tunnel Select one of the following options from the drop down list Off Compression is disabled Adaptive The performance will be...

Страница 109: ... down list the options are DES Data Encryption Standard 3DES 192 192 bit Triple Data Encryption Standard Blowfish 128 128 bit Blowfish Default AES 128 128 bit Advanced Encryption Standard AES AES 192 192 bit Advanced Encryption Standard AES AES 256 256 bit Advanced Encryption Standard AES ...

Страница 110: ...rver using a routed connection and UDP as the connection protocol The IP address of the OpenVPN server is 123 123 123 123 and the port number is 1194 The certificate supplied for authentication is called demoClient To ensure the connection remains connected the ping interval will be set to 30 seconds with a timeout of 120 seconds Compression will be disabled and the Encryption algorithm will 128 b...

Страница 111: ... display the the SSL VPN con figuration page Figure 87 shows the MRD 3xx SSL based VPN configuration with the options set for the example Figure 87 SSL based VPN configuration web page The following are configuration settings used for the example ...

Страница 112: ... Checked Connection Protocol UDP Transport Type Routed Remote address 123 123 123 123 Remote port 1194 Certificate demoClient Advanced Configuration options Ping interval secs 30 Ping timeout secs 120 Compression Off Encryption algorithm Blowfish 128 ...

Страница 113: ...test the VPN a ping command can be run from a machine connected to the VPN server the following is the result of the ping ping 10 90 91 30 PING 10 90 91 30 10 90 91 30 56 84 bytes of data 64 bytes from 10 90 91 30 icmp_seq 1 ttl 62 time 141 ms 64 bytes from 10 90 91 30 icmp_seq 2 ttl 62 time 122 ms 64 bytes from 10 90 91 30 icmp_seq 3 ttl 62 time 120 ms 64 bytes from 10 90 91 30 icmp_seq 4 ttl 62 ...

Страница 114: ...s responded to the ping and the byte counters on the status page have increased as seen in Figure 89 Figure 89 SSL VPN status after running Ping the byte counts have increased The VPN is now operational as can be used to pass data ...

Страница 115: ... 3 of the OSI model this means that it can be used for protecting layer 4 protocols including both TCP and UDP the most commonly used transport layer protocols Using strong encryption and public key cryptography IPsec can secure data links over public networks which would otherwise be insecure IPsec is a framework which is built in to various security products from companies such as Cisco and Juni...

Страница 116: ...N configuration page click VPN on the main menu then click IPsec VPN on the sub menu The page shown in Figure 90 will be displayed The page con tains general IPsec configuration options at the top and a list of configured tunnels at the bottom Figure 90 IPsec based VPN main page ...

Страница 117: ... and private IP address then the con nection to the Internet will be via a Network Address Translator NAT this will require the use of NAT Traversal for IPsec to establish a con nection Keepalive Period NAT keepalives are used to keep the dynamic NAT mapping alive during a connection between two peers NAT keepalives are UDP packets with an unencrypted payload of 1 byte Although similar to dead pee...

Страница 118: ...is will display the first of 3 pages used to configure the IPsec VPN tunnel The first page is the Tunnel Configuration shown in Figure 91 the second page is Phase 1 configuration shown in Figure 92 and the third page is the Phase 2 configuration shown in Figure 93 Figure 91 IPsec tunnel configuration ...

Страница 119: ...nnel This is used as a refer ence and is particularly useful when more than one tunnel is configured Enabled Check the box to enable the IPsec VPN Local interface Select the interface over which to create the tunnel from the following options Default Default The interface to which the default route directs connections WLS The wireless interface LAN The LAN Ethernet interface ...

Страница 120: ...or fully qualified domain name of remote host to which the connection is to be established Operating mode Select the operating mode of the IPsec tunnel from the fol lowing options Tunnel Default Tunnel mode encapsulates the entire IP packet to provide a secure connection between two gateways In tunnel mode the payload the header and the routing information are all encrypted and then encapsulated i...

Страница 121: ...egin Default is 10 Minutes Fuzz Defines the maximum percentage by which the margin can be increased in order to randomise rekeying intervals Default is 100 Dead peer detection delay timeout sec Dead Peer Detection DPD is a method of detecting a dead Internet Key Exchange IKE peer The method uses IPsec traf fic patterns to minimise the number of messages required to confirm the availability of the ...

Страница 122: ...which the two hosts agree on how to exchange further information securely The options for Phase 1 are Authentication method Select the authentication method from the drop down list the options are Pre shared key The Pre Shared Key PSK is a key value which is entered into each host and is used for authentica tions Certificate A certificate is an electronic document containing a public key and a dig...

Страница 123: ... has been selected For information on how to enter certificates refer to Section 6 5 Certificate Management Remote ID The remote host ID Local ID The local host ID Negotiation mode Select the negotiated mode from the drop down list the options are Main mode Main mode provides identity protection for the hosts initiating the session Main mode cannot be used when there is Network Address Translation...

Страница 124: ...thm Select the authentication mode from the drop down list options are MD5 Message Digest algorithm 5 SHA1 Secure Hash Algorithm Diffie Hellman Group A cryptographic protocol which allows two parties to establish a shared secret key over an insecure network without the parties having any prior knowledge of the other party Select the Diffie Hellman Group from the drop down list the options are DH G...

Страница 125: ...125 6623 3201 Figure 93 IPsec Phase 2 configuration ...

Страница 126: ...load ESP is used to encrypt the data transmitted in IP datagrams The proposal establishes the Encryption algorithm and Authentication protocol to use Encryption Algorithm Select the encryption algorithm from the drop down list the options are AES 128 128 bit Advanced Encryption Standard AES AES 256 256 bit Advanced Encryption Standard AES 3DES Triple Data Encryption Standard 3DES Blowfish 128 128 ...

Страница 127: ...ot be compromised if one of the private keys is compro mised in the future Perfect_forward_secrecy Check to enable perfect forward secrecy Diffie Hellman Group Select the Diffie Hellman Group from the drop down list the options are DH Grp 1 768 The 768 bit Diffie Hellman group DH Grp 2 1024 The 1024 bit Diffie Hellman group DH Grp 5 1536 The 1536 bit Diffie Hellman group DH Grp 14 2048 The 2048 bi...

Страница 128: ...ork definition Local Configure the local connection Network None Host only The tunnel is connected in host mode the IP address will be that of the interface used for the IPsec tunnel If the IPsec tunnel is over the wire less interface the IP address will be that of the wireless interface This may not be desirable if the wireless interface is assigned a dynamic IP address as the remote end will not...

Страница 129: ...0 24 Remote Configure the remote connection Network None The tunnel is connected in host mode Specify a subnet The tunnel is connected to a specified subnet All traffic All traffic is directed to the IPsec tunnel Address For host connections enter an IP address for net work connections enter an network IP address including netmask For example 10 10 10 0 24 ...

Страница 130: ... Viritual Host 11 22 33 44 Router Static IP address 123 123 123 123 LAN Subnet 192 168 2 0 24 Figure 94 IPsec configuration example network Tunnel Configuration To start select the IPsec main page by first clicking VPN on the main menu and then IPsec on the sub menu then click the Add new tunnel button The first page of three IPsec tunnel configuration pages will be displayed as shown in Figure 95...

Страница 131: ...rameters are entered Label Test Enabled On Checked Local interface WLS Local nexthop Auto Remote host 123 123 123 123 Operating mode Tunnel Initiate tunnel On Checked Init rekeying margin mins fuzz Init rekeying On Checked Margin 10 Minutes Fuzz 100 Dead peer detection delay timeout sec Delay 0 Timeout 0 ...

Страница 132: ...com and local ID is ab example com As the wireless IP address is dynamic and private the network provider will use Network Address Translation NAT so main mode cannot be used for the negotiation mode requiring the negotiating mode to be set to aggressive mode The IKE proposal will use Triple DES as the encryption algorithm SH1 for authentication and Diffie Hellman group 3 The IKE lifetime will be ...

Страница 133: ... Algorithm SHA1 Diffie Hellman Group DH Grp 2 1024 IKE lifetime mins 60 Once entered click the Next button to continue to Phase 2 configuration Phase 2 Configuration The Phase 2 Configuration page is shown in Figure 97 this page also include the Tunnel network settings For the Phase 2 configuration the ESP proposal encryption algorithm is set to Triple DES and the authentication algorithm set to S...

Страница 134: ... described requires the following parameters to be entered ESP proposal Encryption Algorithm 3DES Authentication Algorithm SHA1 Perfect forward secrecy group Perfect_forward_secrecy Off un checked Diffie Hellman Group DH Grp 2 1024 Non selectable default value Key lifetime mins 480 ...

Страница 135: ...re entered Enabled Checked Local Network Virtual Host Address 11 22 33 44 Remote Network Specify a subnet Address 192 168 2 0 24 To complete the process of adding the tunnel click the Update button The tunnel will be saved and the General IPsec Configuration page will again be displayed now with the new tunnel added to the Tunnels table a shown in Figure 98 Figure 98 IPsec based VPN main page with...

Страница 136: ... remote host note this may take several minutes to complete To check the status of the tunnel click Status on the main menu then VPN on the sub menu a page similar to that shown in Figure 100 will be displayed If the Status of the tunnel is Connected then the tunnel has been established and data can be passed over it To obtain further details on the VPN connection click the link Detailed IPsec sta...

Страница 137: ...137 6623 3201 Figure 100 IPsec connection status Figure 101 IPsec connection status detail ...

Страница 138: ...blishing Virtual Private Network VPN tunnels over an insecure network such as the Internet PPTP uses a client server module for establishing the VPN the MRD 3xx pro vides a PPTP client PPTP was developed by Microsoft and is provided with most versions of the Windows operating sys tem An advantage of PPTP is it is easy to configure ...

Страница 139: ...t to Point Tunneling Protocol PPTP L2TP can be viewed as an extension to the Point to Point Protocol PPP One endpoint of an L2TP tunnel is called the L2TP Network Server LNS the LNS waits for new tunnels to be established The other endpoint is called the L2TP Access Concentrator LAC the LAC initiates tunnel connections to the LNS the MRD 3xx implements an L2TP LAC Once the L2TP tunnel has been est...

Страница 140: ...To access the PPTP L2TP configuration page click VPN on the main menu then PPTP L2TP on the sub menu The PPTP L2TP page will list the currently configured tunnels Figure 102 shows the page with no tunnels configured Figure 102 The PPTP L2TP main page ...

Страница 141: ...ge will be displayed as shown in Figure 103 Figure 103 The PPTP L2TP Add new tunnel page Add new tunnel options Label A label or name for the tunnel Enabled Check the box to enable the tunnel Type Select the type of tunnel from the drop down list the options are PPTP Point to Point Tunneling Protocol l2TP Layer 2 Tunneling Protocol ...

Страница 142: ...The username for authentication Password Specify the password for connection with the remote host To set a new password click the New check box and then enter the password MTU Specify Maximum Transmission Unit MTU the size in bytes of the largest packet which can be sent over the IPsec tunnel Default value is 1400 Use peer DNS Check the box to enable peer DNS ...

Страница 143: ... this example a connection will be established from the MRD 3xx to an PPTP server The tunnel will be called test it is of type PPTP and the remote host is at IP address 123 123 123 123 The domain is x the username is qwerty and the password password The MTU setting is left at the default of 1400 and peer DNS is enabled PPTP VPN tunnel PPTP Server Figure 104 SSL based VPN example network ...

Страница 144: ...menu The PPTP L2TP page will then be displayed to add a tunnel click the Add new tunnel button on the main PPTP L2TP page the Add new tunnel page will be displayed Figure 105 illustrates the PPTP add tunnel page with the parameters entered for the configuration described above Figure 105 The PPTP L2TP main page ...

Страница 145: ...assword password MTU 1400 Use peer DNS On Checked Once the options have been entered click the Update button to add the tunnel The settings will be saved and the main PPTP L2TP page will be displayed with the new tunnel added to the Tunnels table as shown in Figure 106 The MRD 3xx will now attempt to establish a connection with the PPTP server Figure 106 The PPTP L2TP main page ...

Страница 146: ...ed Figure 107 is the status page for the PPTP VPN created in this example Figure 107 The PPTP L2TP main page The status of the tunnel is connected indicating that the tun nel has been established and traffic can flow The status page also indicates the local IP address of the tunnels and the number of bytes that have been received and transmitted ...

Страница 147: ...simul taneously One SSL VPN up to 3 IPsec tunnels and up to 3 PPTP L2TP tunnels can be configure to operate simultane ously Figure 108 is an example of the VPN Status page with one SSL one IPsec and one PPTP VPN tunnel operating Figure 108 The VPN status page showing 3 active VPN connections ...

Страница 148: ...on to ensure security The MRD 3xx unit supports X 509 digital certificates International Telecommunications Union Recommendation X 509 including SSL Secure Sockets Layer certificates To access the certificate management page select VPN from the main menu and Certificates from the sub menu the page shown in Figure 109 will be displayed The top part of the page lists the currently loaded certificate...

Страница 149: ... add a certificate click the Browse button then navigate to the certificate and select it In the example shown in Figure 110 the file demoClient p12 is selected this contains the certifi cate demoClient Figure 110 Uploading a VPN Certificate ...

Страница 150: ...tificate to the MRD 3xx click the Upload to MRD 3xx button the page will be updated and the certificate will be added to the Certificates table as shown in Figure 111 Figure 111 VPN Certificate table listing the uploaded certificate ...

Страница 151: ...e Certificate Details Once uploaded the details of a certificate can be displayed by clicking view located in the detail column of the table Figure 112 is an example of the details of a certificate Figure 112 VPN Certificate details ...

Страница 152: ...tificates can be uploaded to the MRD 3xx the process is the same as adding the first certificate For each additional certificate click the Browse button navigate to the certificate then click the Upload to MRD 3xx button Figure 113 Adding a second VPN Certificate ...

Страница 153: ...shown in Figure 113 In this example the file demoClient2 p12 is selected this file contains the certificate demoClient2 Figure 114 shows the certificate table with the second certificate added Figure 114 VPN Certificate table listing both uploaded certificates ...

Страница 154: ...the icon is clicked a warning box will be displayed Click OK to confirm the deletion or Cancel to prevent the certificate from being deleted For example to delete certificate 2 from the table shown in Figure 114 click the bin icon in row 2 of the table A warning box will now be displayed as shown if Figure 115 click OK Figure 115 Deleting a VPN Certificate ...

Страница 155: ...155 6623 3201 The certificate table will be displayed with certificate removed as shown in Figure 116 Figure 116 VPN Certificate list with the second certificate deleted ...

Страница 156: ...parent pipe between the serial port and a TCP network connection Example uses of this mode include connecting to a remote PC running serial port redirector software with virtual COM ports or connect ing two units back to back to create a serial bridge Raw UDP This function is similar to Raw TCP Client Server mode but uses UDP as the network transport UDP has lower over heads than TCP but as UDP of...

Страница 157: ...serial server will perform conversion from Modbus TCP to Modbus RTU or Modbus ASCII allowing polling by a Modbus TCP master Telnet RFC 2217 Server The serial server will function as a Telnet server including the protocol extensions defined in RFC 2217 In addition to trans porting data this mode also allows a remote PC with appro priate software to change the port configuration baud rate etc and re...

Страница 158: ...re 117 will be shown Figure 117 Common port configuration parameters For each port the following parameters can be set Baudrate The port can be configured for any standard baudrate from 300 baud to 230400 baud Databits The port can be configured for operation with 5 to 8 databits Stopbits The port can be configured for operation with 1 or 2 stopbits Parity The port can be configured for none odd o...

Страница 159: ...XON character is hex 0x13 Both The port will use both hardware and software flow control Line state when disconnected This field determines the state of the port s RTS and DTR handshaking lines while the port is disconnected To set a sig nal active while disconnected check the associated box Most equipment uses 8 databits 1 stopbit and no parity how ever this should be verified against the referen...

Страница 160: ...um packet size This value determines the largest packet size to be passed to the network for transmission If set to 0 the packet framer will be disabled and data will bypass the packet framer The value chosen will depend on the application however the value should not be set higher than 1024 so the packet will fit a conventional Ethernet frame Minimum size before sending In some applications it ma...

Страница 161: ...he characters set the in Match characters field are received the data will be sent immediately Match all characters If both of the characters set in the Match characters field are received in order the data will be sent immediately Match characters Used in conjunction with the Immediate send character matching field these characters determine what data will cause an immediate send The values are e...

Страница 162: ...g two units back to back to create a serial bridge 7 3 2 Selecting the port function The serial server configuration is accessed by selecting Serial Server from the main menu and Port Setup from the submenu To enable a port for Raw TCP Client Server function select Raw TCP Client Server from the Function column of the appro priate port Once selected click Update to confirm the change Once confirme...

Страница 163: ... 3201 7 3 3 Configuring the port function Once the port function has been selected click the pencil icon in the Edit column to change the configuration of the port Figure 120 Raw TCP Client Server configuration ...

Страница 164: ...pecified address and port number Connect address For Connect or Accept and Connect network modes this is the address the server will attempt to connect to The address entered should be in IPv4 decimal dotted notation Connect port For Connect or Accept and Connect network modes this is the TCP port number the server will attempt to connect to The value entered should be a valid TCP port number Time...

Страница 165: ...on is currently active on the serial server and a new connection request is accepted this field determines the action that will be taken If set the new connection will become the active connection and the existing connection will be closed If not set the existing connection will remain active and the newly received connection will be closed TCP keepalive time When set to a value greater than 0 TCP...

Страница 166: ...protocols than can provide the necessary error correction 7 4 2 Selecting the port function The serial server configuration is accessed by selecting Serial Server from the main menu and Port Setup from the submenu To enable a port for Raw UDP function select Raw UDP from the Function column of the appropriate port Once selected click Update to confirm the change Once confirmed the port will displa...

Страница 167: ...67 6623 3201 7 4 3 Configuring the port function Once the port function has been selected click the pencil icon in the Edit column to change the configuration of the port Figure 122 Raw UDP configuration ...

Страница 168: ...nota tion Send port This is the UDP port number the server will send UDP pack ets to The value entered should be a valid UDP port number Local receive port This is the UDP port number that UDP packets will be received on at the unit The value entered should be a valid UDP port number For information on setting the Port Configuration see section 7 2 1 For information on setting the Packet Framing s...

Страница 169: ...function is suited to applications where equipment attached to the serial port expects to see a dial up unit 7 5 2 Selecting the port function The serial server configuration is accessed by selecting Serial Server from the main menu and Port Setup from the submenu To enable a port for the Unit Emulator function select Unit Emulator from the Function column of the appropriate port Once selected cli...

Страница 170: ...6623 3201 7 5 3 Configuring the port function Once the port function has been selected click the pencil icon in the Edit column to change the configuration of the port Figure 124 Unit Emulator configuration ...

Страница 171: ...reate a connection to the address 192 168 2 200 and port number 6001 Dotted Dial string is ATD 192 168 2 220 6001 Padded Dial string is ATD 0109020106080202020006001 From phone book When a dial command is entered the emulator will look up the unit s phone book and attempt to translate the number to an address and port number More details on the phone book can be found in section 7 9 Accept incomin...

Страница 172: ...n 0 TCP keepalives will be enabled for connections with probes sent at the frequency specified minutes This may assist in detecting failed connec tions Rings until answered This field determines the default number of rings the emulator will wait before automatically answering a call This is equiva lent to setting the ATS0 S Register in a conventional unit DCD mode This field determines the default...

Страница 173: ... the DTR line transitions from the active to inactive state while the emulator is on online data mode the emulator will drop to AT command mode equivalent to AT D1 Hangup If the DTR line transitions from the active to inactive state while the emulator is on online data mode the emulator will terminate the current call equivalent to AT D2 For information on setting the Port Configuration see sectio...

Страница 174: ...layer frames without fragmentation ensuring reliable transport of the DNP3 data in a single TCP or UDP packet Sever serial port emulation is not required The SCADA server can communicate with the DNP3 device directly via TCP rather than through serial port emulation soft ware This reduces the complexity and number of soft ware layers required on the SCADA servers Dual function endpoint The remote ...

Страница 175: ...main menu and Port Setup from the submenu To enable a port for the DNP3 IP Serial Gateway function select DNP3 IP Serial Gateway from the Function column of the appropriate port Once selected click Update to confirm the change Once confirmed the port will display as shown in Figure 125 Figure 125 Selecting DNP3 Gateway function ...

Страница 176: ...6623 3201 7 6 3 Configuring the port function Once the port function has been selected click the pencil icon in the Edit column to change the configuration of the port Figure 126 DNP3 Gateway configuration ...

Страница 177: ...aster will poll periodically but facility is required to support unsolicited responses UDP endpoint The serial server will operate in UDP mode receiving data on the specified port number and transmitting responses to the specified master Listen port For all station types this determines the TCP UDP port the serial server will listen for connections TCP or data UDP on The value entered should be a ...

Страница 178: ... existing connection will be closed If not set the existing con nection will remain active and the newly received connection will be closed Timeout between failed TCP connects For TCP dual endpoint only if a connection request has failed the server will wait the amount of time in seconds specified in this field before attempting another connection request While a short timeout may cause the connec...

Страница 179: ... port fields Address and port of last request Packets transmitted over network will be sent to the source address of the most recently received packet If no packets have been received packets will be transmitted to the address specified in the Master address and Master port fields For information on setting the Port Configuration see section 7 2 1 ...

Страница 180: ...al protocol convertors 7 7 2 Selecting the port function The serial server configuration is accessed by selecting Serial Server from the main menu and Port Setup from the submenu To enable a port for the Modbus IP Serial Gateway function select Modbus IP Serial Gateway from the Function column of the appropriate port Once selected click Update to confirm the change Once confirmed the port will dis...

Страница 181: ...rt number that the serial server will listen for connections on The value entered should be a valid TCP port number The default Modbus TCP port number is 502 Drop current if new accept If a connection is currently active on the serial server and a new connection request is accepted this field determines the action that will be taken If set the new connection will become the active connection and t...

Страница 182: ...liseconds to wait for a response from a serial slave device before retrying the request or returning an error to the Modbus master RTU framing timeout This is the timeout in milliseconds the the serial server will use to determine the boundaries of Modbus RTU packets received on the serial port Retries Should no valid response be recieved from a Modbus slave the value in this field determines the ...

Страница 183: ...t client can be used to connect to the server The Telnet sever mode also supports the RFC 2217 exten sions which when used with a remote PC running appropri ate serial port redirector software allow port configuration changes such as the baudrate to be transmitted over the network to the unit Changes in unit handshaking lines are also transmitted ...

Страница 184: ...the main menu and Port Setup from the submenu To enable a port for the Telnet Server function select Telnet RFC 2217 Server from the Function column of the appropri ate port Once selected click Update to confirm the change Once confirmed the port will display as shown in Figure 129 Figure 129 Selecting Telnet Server function ...

Страница 185: ...6623 3201 7 8 3 Configuring the port function Once the port function has been selected click the pencil icon in the Edit colum to change the configuration of the port Figure 130 Telnet Server configuration ...

Страница 186: ...eld determines the action that will be taken If set the new connection will become the active connection and the existing connection will be closed If not set the existing connection will remain active and the newly received connection will be closed TCP keepalive time When set to a value greater than 0 TCP keepalives will be enabled for connections with probes sent at the frequency specified minu...

Страница 187: ...he Unit Emulator to be used as a drop in replacement for a traditional dial up unit and to create IP connections rather than phone calls For more information on the Unit Emulator see section 7 5 To access the Phone Book configuration select Serial Server from the main menu and Phone Book from the submenu The page will initially have no entries as shown in Figure 131 Figure 131 Phone Book with no e...

Страница 188: ...r entering a new entry Figure 132 Page for adding Phone Book entry The following options can be set for each entry Dial string This is the phone number that the dial command will attempt to match against Connect address This is the IP address the serial server will attempt to con nect to Connect port This is the IP port number the serial server will attempt to connect to ...

Страница 189: ... phone book page click the Add new phone book entry button An example of adding a new entry is shown in Figure 133 In this example a new entry is cre ated that translates dial string 123 to connection address 123 123 123 123 123 Figure 133 Adding a Phone Book Entry ...

Страница 190: ...entry as shown in Figure 134 Figure 134 The Phone Book page with a single entry To add a second entry click the Add new phone book entry button In the example shown in Figure 135 an entry is cre ated which translates dial string 234 to connection address 234 234 234 234 234 Figure 135 Adding a second entry ...

Страница 191: ...1 To commit the new phone book entry to the table click the Update button The main page will again be shown with the new entry added as seen in Figure 136 Figure 136 The phone book page with two phone book entires ...

Страница 192: ...one book entry As an example to edit the second phone book entry in the table click the pencil icon in the second row of the table To change the connect port of the entry to 235 changes were made as shown in Figure 137 Figure 137 Editing a phone book entry To save the changes click the Update button or to lose any changes click the Cancel button The main page will again be displayed as shown in Fi...

Страница 193: ...leted by clicking the bin icon in the Delete column of the entry to be deleted A warning box will be displayed Click OK to confirm the deletion For example to delete phone book entry 2 from the table shown in Figure 138 click the bin icon in row 2 of the table A warning box will now be displayed as shown if Figure 139 Click OK ...

Страница 194: ...194 6623 3201 Figure 139 Deleting a phone book entry The phone book table will be displyed with the entry removed as shown in Figure 140 Figure 140 Phone boook table after deletion of entry ...

Страница 195: ...termo Data Communications Ltd Talisman Business Centre Duncan Road Park Gate Southampton SO31 7GA Phone 44 0 1489 580 585 Fax 44 0 1489 580586 E Mail sales westermo co uk Westermo Data Communications GmbH Goethestraße 67 68753 Waghäusel Tel 49 0 7254 95400 0 Fax 49 0 7254 95400 9 E Mail info westermo de Westermo Data Communications S A R L 9 Chemin de Chilly 91160 CHAMPLAN Tél 33 1 69 10 21 00 Fax...

Результаты поиска

Содержание MRD-310

Отзывы:

Похожие инструкции для MRD-310

Бренды по названию

Популярные бренды

Westermo MRD-310, Справочное руководство

Результаты поиска

Содержание MRD-310

Отзывы:

Похожие инструкции для MRD-310

Бренды по названию

Популярные бренды