UR5i Configuration Manual
UR5i Configuration Manual
UR5i Configuration Manual
v2 Routers
CONFIGURATION MANUAL
v2 Routers
Used Symbols
Danger – Information regarding user safety or potential damage to the router.
Firmware Version
Current version of firmware is 6.1.1 (March 9, 2017).
The manufacturer of the device hereby grants the right to use debugging techniques (e.g.
decompilation) and making customer modifications of any executable linked with a LGPL li-
brary for own purposes. Note these rights are limited to the customer’s own usage. No further
distribution of such modified executables and no transmission of the information obtained dur-
ing these actions may be done.
Advantech B+B SmartWorx s.r.o., Sokolska 71, 562 04 Usti nad Orlici, Czech Republic
Manual Rev. 1 released in CZ, March 10, 2017
i
v2 Routers
Contents
1 Access to the Web Conf. 2
1.1 Secured access to web configuration . . . . . . . . . . . . . . . . . . . . . . . . 4
2 Status 5
2.1 General Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.1 Mobile Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.2 Primary LAN, Secondary LAN, WiFi . . . . . . . . . . . . . . . . . . . . 6
2.1.3 Peripheral Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.4 System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2 Mobile WAN Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.3 WiFi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.4 WiFi Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.5 Network Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.6 DHCP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.7 IPsec Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.8 DynDNS Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.9 System Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3 Configuration 20
3.1 LAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.2 VRRP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3.3 Mobile WAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.3.1 Connection to Mobile Network . . . . . . . . . . . . . . . . . . . . . . . 33
3.3.2 DNS Address Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.3.3 Check Connection to Mobile Network Configuration . . . . . . . . . . . 35
3.3.4 Data Limit Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.3.5 Switch between SIM Cards Configuration . . . . . . . . . . . . . . . . . 36
3.3.6 Dial-In access configuration . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.3.7 PPPoE Bridge Mode Configuration . . . . . . . . . . . . . . . . . . . . . 39
3.4 PPPoE Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.5 WiFi Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.6 WLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.7 Backup Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.8 Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
3.9 Firewall Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.10 NAT Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.11 OpenVPN Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
3.12 IPsec Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
3.13 GRE Tunnels Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
ii
v2 Routers
4 Customization 120
4.1 User Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
5 Administration 122
5.1 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
5.2 Change Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
5.3 Change Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
5.4 Set Real Time Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
5.5 Set SMS Service Center Address . . . . . . . . . . . . . . . . . . . . . . . . . . 125
5.6 Unlock SIM Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
5.7 Unblock SIM Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
5.8 Send SMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
5.9 Backup Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
5.10 Restore Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
5.11 Update Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
5.12 Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
iii
v2 Routers
8 Index 137
iv
v2 Routers
List of Figures
1 Example of the Web Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Mobile WAN status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 WiFi Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4 WiFi Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5 Network Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6 DHCP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
7 IPsec Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
8 DynDNS Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
9 System Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
10 Example program syslogd start with the parameter -R . . . . . . . . . . . . . . 19
11 Example 1 – Network Topology for Dynamic DHCP Server . . . . . . . . . . . . 24
12 Example 1 – LAN Configuration Page . . . . . . . . . . . . . . . . . . . . . . . 25
13 Example 2 – Network Topology with both Static and Dynamic DHCP Servers . 26
14 Example 2 – LAN Configuration Page . . . . . . . . . . . . . . . . . . . . . . . 27
15 Example 3 – Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
16 Example 3 – LAN Configuration Page . . . . . . . . . . . . . . . . . . . . . . . 29
17 Topology of VRRP configuration example . . . . . . . . . . . . . . . . . . . . . 31
18 Example of VRRP configuration – main router . . . . . . . . . . . . . . . . . . . 31
19 Example of VRRP configuration – backup router . . . . . . . . . . . . . . . . . 32
20 Mobile WAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
21 Example 1 – Mobile WAN Configuration . . . . . . . . . . . . . . . . . . . . . . 41
22 Example 2 – Mobile WAN Configuration . . . . . . . . . . . . . . . . . . . . . . 41
23 PPPoE configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
24 WiFi Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
25 WLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
26 Backup Routes Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
27 Static Routes Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
28 Firewall Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
29 Topology for the Firewall Configuration Example . . . . . . . . . . . . . . . . . 59
30 Firewall Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
31 Example 1 – Topology of NAT Configuration . . . . . . . . . . . . . . . . . . . . 61
32 Example 1 – NAT Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
33 Example 2 – Topology of NAT Configuration . . . . . . . . . . . . . . . . . . . . 63
34 Example 2 – NAT Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
35 OpenVPN tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
36 Topology of OpenVPN Configuration Example . . . . . . . . . . . . . . . . . . . 69
37 IPsec Tunnels Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
38 Topology of IPsec Configuration Example . . . . . . . . . . . . . . . . . . . . . 76
39 GRE Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
40 Topology of GRE Tunnel Configuration Example . . . . . . . . . . . . . . . . . 78
v
v2 Routers
vi
v2 Routers
List of Tables
1 Mobile Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2 Peripheral Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3 System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4 Mobile Network Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5 Description of Periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
6 Mobile Network Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7 Traffic Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
8 Access Point State Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
9 State Information about Connected Clients . . . . . . . . . . . . . . . . . . . . 10
10 Information about Neighbouring WiFi Networks . . . . . . . . . . . . . . . . . . 11
11 Description of Interfaces in Network Status . . . . . . . . . . . . . . . . . . . . 13
12 Description of Information in Network Status . . . . . . . . . . . . . . . . . . . . 14
13 DHCP Status Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
14 Configuration of the Network Interface . . . . . . . . . . . . . . . . . . . . . . . 21
15 Configuration of Dynamic DHCP Server . . . . . . . . . . . . . . . . . . . . . . 22
16 Configuration of Static DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . 22
17 Configuration of 802.1X Authentication . . . . . . . . . . . . . . . . . . . . . . . 23
18 VRRP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
19 Check connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
20 Mobile WAN Connection Configuration . . . . . . . . . . . . . . . . . . . . . . . 34
21 Check Connection to Mobile Network Configuration . . . . . . . . . . . . . . . . 35
22 Data Limit Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
23 Switch between SIM cards configuration . . . . . . . . . . . . . . . . . . . . . . 37
24 Parameters for SIM card switching . . . . . . . . . . . . . . . . . . . . . . . . . 38
25 Dial-In access configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
26 PPPoE configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
27 WiFi Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
28 WLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
29 Configuration of DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
30 Backup Routes Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
31 Backup Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
32 Static Routes configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
33 Filtering of Incoming Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
34 Forwarding filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
35 NAT Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
36 Configuration of send all incoming packets . . . . . . . . . . . . . . . . . . . . . 60
37 Remote Access Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
38 OpenVPN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
39 OpenVPN Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . 69
40 IPsec Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
vii
v2 Routers
1
v2 Routers
You can monitor the status, configuration and administration of the router via the Web
interface. To access the router over the web interface, enter http://xxx.xxx.xxx.xxx into the
URL for the browser where xxx.xxx.xxx.xxx is the router IP address. The router’s default IP
address is 192.168.1.1. The default username is root and the default password is root.
When you successfully enter login information on the login page, web interface will be
displayed. The left side of the web interface displays the menu. You will find links for the
Status, Configuration, Customization and Administration of the router.
Name and Location displays the router’s name, location and SNMP configuration (see
3.16.5). These fields are user-defined for each router.
2
v2 Routers
3
v2 Routers
For enhanced security, you should change the default password. If the router’s default
password is set, the menu item Change password is highlighted in red.
If the green LED is blinking, you may restore the router to its factory default settings by
pressing RST on front panel. The configuration will be restored to the factory defaults and the
router will reboot. (The green LED will be on during the reboot.)
HTTPS certificate creation in the router was updated since FW 5.3.5 to be more secure.
Existing HTTPS certificates on already manufactured routers will not be automatically
upgraded with the firmware upgrade! You can upgrade HTTPS certificate by deleting
files /etc/certs/https* in the router (e.g. via SSH). The certificates will be re-created auto-
matically during the next router’s start.
If you decide to use the self-signed certificate in the router to prevent the security message
(domain disagreement) from pop up every time you log into the router, you can take the fol-
lowing steps. Note: You will have to use the domain name based on the MAC address of the
router and it is not guaranteed to work with every combination of an operating system and a
browser.
• Add the DNS record to your DNS system: Edit /etc/hosts (Linux/Unix OS) or
C:\WINDOWS\system32\drivers\etc\hosts (Windows OS) or configure your own DNS
server. Add a new record with the IP address of your router and the domain name
based of the MAC address of the router (MAC address of the first network interface seen
in Network Status in the Web interface of the router.) Use dash separators instead of
colons. Example: A router with the MAC address 00:11:22:33:44:55 will have a domain
name 00-11-22-33-44-55.
• Access the router via the new domain name address (E.g. https://00-11-22-33-44-55).
If you see the security message, add an exception so the next time the message will
not pop up (E.g. in Firefox Web browser). If there is no possibility to add an exception,
export the certificate to the file and import it to your browser or operating system.
4
v2 Routers
2. Status
2.1 General Status
You can access a summary of basic router information and its activities by opening the
General page. This page is the default dialog displayed when you login to the device. Infor-
mation is divided into several sections, based upon the type of router activity or the properties
area: Mobile Connection, Primary LAN, Peripherals Ports and System Information. If your
router is equipped with WIFI expansion port, there is also WIFI section.
5
v2 Routers
Item Description
Expansion Port 1 Expansion port fitted to the position 1 (None indicates that this
position is equipped with no port)
Expansion Port 2 Expansion port fitted to the position 2 (None indicates that this
position is equipped with no port)
Binary Input State of binary input
Binary Output State of binary output
Table 2: Peripheral Ports
Item Description
Firmware Version Information about the firmware version
Serial Number Serial number of the router (in case of N/A is not available)
Profile Current profile – standard or alternative profiles (profiles are used
for example to switch between different modes of operation)
Supply Voltage Supply voltage of the router
Temperature Temperature in the router
Time Current date and time
Uptime Indicates how long the router is used
Licenses Link to the list of open source software components of the
firmware together with their complete license texts (GPL versions
2 and 3, LGPL version 2, BSD-style licenses, MIT-style licenses).
Table 3: System Information
6
v2 Routers
The XR5i v2 routers do not display the Mobile WAN status option.
The Mobile WAN menu item contains current information about connections to the mobile
network. The first part of this page (Mobile Network Information) displays basic information
about mobile network the router operates in. There is also information about the module,
which is mounted in the router.
Item Description
Registration State of the network registration
Operator Specifies the operator’s network the router operates in
Technology Transmission technology
PLMN Code of operator
Cell Cell the router is connected to
LAC Location Area Code – unique number assigned to each location area
Channel Channel the router communicates on
Signal Strength Signal strength of the selected cell
Signal Quality Signal quality of the selected cell:
• EC/IO for UMTS and CDMA (it’s the ratio of the signal received
from the pilot channel – EC – to the overall level of the spectral
density, ie the sum of the signals of other cells – IO)
N ×RSRP
• RSRQ for LTE technology (Defined as the ratio RSSI )
• The value is not available for the EDGE technology
CSQ Cell Signal Quality, relative value is given by RSSI (dBm). 2–9 range
means Marginal, 10–14 range means OK, 15–16 range means Good,
20–30 range means excellent.
Neighbours Signal strength of neighboring hearing cells
Manufacturer Module manufacturer
Model Type of module
Revision Revision of module
IMEI IMEI (International Mobile Equipment Identity) number of module
ESN ESN (Electronic Serial Number) number of module (for CDMA routers)
MEID MEID number of module
ICCID Integrated Circuit Card Identifier is international and unique serial
number of the SIM card.
Table 4: Mobile Network Information
7
v2 Routers
If a neighboring cell is highlighted in red, there is a risk that the router may repeatedly
switch between the neighboring cell and the primary cell. This can affect the performance of
the router. To prevent this, re-orient the antenna or use a directional antenna.
The next section of this window displays historical information about the quality of the cel-
lular WAN connection during each logging period. The router has standard intervals, such as
the previous 24 hours and last week, and also includes information one user-defined interval.
Period Description
Today Today from 0:00 to 23:59
Yesterday Yesterday from 0:00 to 23:59
This week This week from Monday 0:00 to Sunday 23:59
Last week Last week from Monday 0:00 to Sunday 23:59
This period This accounting period
Last period Last accounting period
Table 5: Description of Periods
Item Description
Signal Min Minimal signal strength
Signal Avg Average signal strength
Signal Max Maximal signal strength
Cells Number of switch between cells
Availability Availability of the router via the mobile network (expressed as a percent-
age)
Table 6: Mobile Network Statistics
• Placing your cursor over the maximum or minimum signal strength will display the last
time the router reached that signal strength.
8
v2 Routers
The middle part of this page displays information about transferred data and the number
of connections for both SIM cards (for each period).
Item Description
RX data Total volume of received data
TX data Total volume of sent data
Connections Number of connection to mobile network establishment
Table 7: Traffic Statistics
The last part (Mobile Network Connection Log) displays information about the mobile net-
work connections and any problems that occurred while establishing them.
9
v2 Routers
2.3 WiFi
This item is available only if the router is equipped with a WiFi module.
Selecting the WiFi item in the main menu of the web interface will display information about
the WiFi access point (AP) and associated stations.
Item Description
hostapd state dump Time the statistical data relates to
num_sta Number of connected stations
num_sta_non_erp Number of connected stations using 802.11b in 802.11g
BSS connection
num_sta_no_short_slot_time Number of stations not supporting the Short Slot Time
num_sta_no_short_preamble Number of stations not supporting the Short Preamble
Table 8: Access Point State Information
Detailed information is displayed for each connected client. Most of them have an internal
character. Here are two examples:
Item Description
STA MAC address of connected device (station)
AID Identifier of connected device (1 – 2007). If 0 is displayed, the station is
not currently connected.
Table 9: State Information about Connected Clients
10
v2 Routers
This item is available only if the router is equipped with a WiFi module.
Selecting the WiFi Scan item scans for neighboring WiFi networks and displays the re-
sults. Scanning can only be performed if the access point (WiFi AP) is off.
Item Description
BSS MAC address of access point (AP)
TSF A Timing Synchronization Function (TSF) keeps the timers for
all stations in the same Basic Service Set (BSS) synchronized.
All stations shall maintain a local TSF timer.
freq Frequency band of WiFi network [kHz]
beacon interval Period of time synchronization
capability List of access point (AP) properties
signal Signal level of access point (AP)
last seen Last response time of access point (AP)
SSID Identifier of access point (AP)
Supported rates Supported rates of access point (AP)
DS Parameter set The channel on which access point (AP) broadcasts
ERP Extended Rate PHY – information element providing backward
compatibility
Extended supported Supported rates of access point (AP) that are beyond the scope
rates of eight rates mentioned in Supported rates item
RSN Robust Secure Network – The protocol for establishing a se-
cure communication through wireless network 802.11
Table 10: Information about Neighbouring WiFi Networks
11
v2 Routers
12
v2 Routers
Interface Description
eth0, eth1 Network interfaces (Ethernet connection)
ppp0 Active PPP connection to the mobile network – wireless module is con-
nected via USB interface
wlan0 WiFi interface
tun0 OpenVPN tunnel interface
ipsec0 IPSec tunnel interface
gre1 GRE tunnel interface
usb0 USB interface
Table 11: Description of Interfaces in Network Status
Item Description
HWaddr Hardware (unique) address of networks interface
inet IP address of interface
P-t-P IP address second ends connection
Bcast Broadcast address
Mask Mask of network
MTU Maximum packet size that the equipment is able to transmit
Metric Number of routers, over which packet must go trought
RX • packets – received packets
• errors – number of errors
• dropped – dropped packets
• overruns – incoming packets lost because of overload
• frame – wrong incoming packets because of incorrect packet size
13
v2 Routers
Item Description
TX • packets – transmit packets
• errors – number of errors
• dropped – dropped packets
• overruns – outgoing packets lost because of overload
• carrier – wrong outgoing packets with errors resulting from the
physical layer
You may view the status of the mobile network connection on the network status screen.
If the connection to the mobile network is active, it will appear in the system information as an
usb0 interface. The Route Table is displayed at the bottom.
For the XR5i v2 routers, interface ppp0 indicates the PPPoE connection.
14
v2 Routers
For each client in the list, the DHCP status window displays the following information.
Item Description
lease Assigned IP address
starts Time that the IP address was assigned
ends Time that the IP address lease expires
hardware ethernet Unique hardware MAC address
uid Unique ID
client-hostname Host computer name
Table 13: DHCP Status Description
The DHCP status may occasionally display two records for one IP address. This may be
caused by resetting the client network interface.
Note: Records in the DHCP Status window are divided into two separate parts – Active DHCP
Leases (Primary LAN) and Active DHCP Leases (WLAN).
15
v2 Routers
16
v2 Routers
You can use the following servers for the Dynamic DNS service:
• www.dyndns.org
• www.spdns.de
• www.dnsdynamic.org
• www.noip.com
When the router detects a DynDNS record update, the dialog displays one or more of the
following messages:
The router’s SIM card must have public IP address assigned or DynDNS will not function
correctly.
17
v2 Routers
18
v2 Routers
The following example (figure) shows how to send syslog information to a remote server at
192.168.2.115 on startup.
19
v2 Routers
3. Configuration
3.1 LAN Configuration
To enter the Local Area Network configuration, select the LAN menu item in the Configu-
ration section. The Primary LAN subitem is for the router’s main Ethernet interface (ETH). If
the router has additional Ethernet ports (PORT1 or PORT2), they are configured using the
Secondary LAN subitem. For routers with two additional Ethernet ports, PORT1 and PORT2
are automatically bridged together.
Item Description
DHCP Client Enables/disables the DHCP client function.
IP address Specifies a fixed set of IP addresses for the network interfaces ETH.
Subnet Mask Specifies a Subnet Mask for the IP address.
Default Gateway Specifies the IP address of default gateway. When entering the IP
address of default gateway, every packet for which the destination IP
address was not found in the routing table, is sent to this IP address.
DNS server Specifies the IP address of the DNS server. When the IP address is not
found the Routing Table, the router forwards an IP address requests to
the DNS server.
Bridged Activates/deactivates the bridging function on the router.
20
v2 Routers
Item Description
Media type Specifies the type of duplex and speed used in the network.
The router considers the last address in the network range to be broadcast address,
regardless of the address is set as a broadcast or not. Connection (ping) to the broadcast
address does not work.
The Default Gateway and DNS Server items are only used if the DHCP Client item is set
to disabled and if the Primary or Secondary LAN is selected by the Backup Routes system
as the default route. (The selection algorithm is described in section 3.7). Since FW 5.3.0,
Default Gateway and DNS Server are also supported on bridged interfaces (e.g. eth0 + eth1).
Only one bridge can be active on the router. The Only DHCP Client, IP Address and Subnet
Mask parameters are used to configure the bridge. Primary LAN has higher priority when both
interfaces (eth0, eth1) are added to the bridge. Other interfaces (wlan0 – wifi) can be added to
or deleted from an existing bridge at any time. The bridge can be created on demand for such
interfaces, but not if it is configured by their respective parameters.
The DHCP server assigns the IP address, gateway IP address (IP address of the router)
and IP address of the DNS server (IP address of the router) to the connected clients. If these
values are filled in by the user in the configuration form, they will be preferred.
The DHCP server supports static and dynamic assignment of IP addresses. Dynamic
DHCP assigns clients IP addresses from a defined address space. Static DHCP assigns IP
addresses that correspond to the MAC addresses of connected clients.
21
v2 Routers
Item Description
Enable dynamic Select this option to enable a dynamic DHCP server.
DHCP leases
IP Pool Start Starting IP addresses allocated to the DHCP clients.
IP Pool End End of IP addresses allocated to the DHCP clients.
Lease time Time in seconds that the IP address is reserved before it can be re-
used.
Table 15: Configuration of Dynamic DHCP Server
Item Description
Enable static Select this option to enable a static DHCP server.
DHCP leases
MAC Address MAC address of a DHCP client.
IP Address Assigned IP address.
Table 16: Configuration of Static DHCP Server
Do not to overlap ranges of static allocated IP addresses with addresses allocated by the
dynamic DHCP server. IP address conflicts and incorrect network function can occur if
you overlap the ranges.
22
v2 Routers
Authentication (802.1x) to Radius server can be enabled in next configuration section. This
functionality requires additional setting of identity and certificates as described in following
table.
Item Description
Enable IEEE Select this option to enable 802.1X Authentication.
802.1X Authenti-
cation
Authentication Select authentication method (EAP-PEAPMSCHAPv2 or EAP-TLS).
Method
CA Certificate Definition of CA certificate for EAP-TLS authentication protocol.
Local Certificate Definition of local certificate for EAP-TLS authentication protocol.
Local Private Key Definition of local private key for EAP-TLS authentication protocol.
Identity User name – identity.
Password Access password. This item is available for EAP-PEAPMSCHAPv2
protocol only.
Local Private Key Definition of password for private key of EAP-TLS protocol. This item
Password is available for EAP-TLS protocol only.
Table 17: Configuration of 802.1X Authentication
23
v2 Routers
24
v2 Routers
25
v2 Routers
Example 2: Configure the network interface to connect to a dynamic and static DHCP server:
Figure 13: Example 2 – Network Topology with both Static and Dynamic DHCP Servers
26
v2 Routers
27
v2 Routers
Example 3: Configure the network interface to connect to a default gateway and DNS server:
28
v2 Routers
29
v2 Routers
Item Description
Virtual Server IP Address This parameter sets the virtual server IP address. This ad-
dress must be the same for both the primary and backup
routers. Devices on the LAN will use this address as their
default gateway IP address.
Virtual Server ID This parameter distinguishes one virtual router on the net-
work from another. The main and backup routers must use
the same value for this parameter.
Host Priority The active router with highest priority set by the parameter
Host Priority, is the main router. According to RFC 2338, the
main router should have the highest possible priority – 255.
The backup router(s) have a priority in the range 1 – 254
(default value is 100). A priority value of 0 is not allowed.
Table 18: VRRP configuration
You may set the Check connection flag in the second part of the window to enable au-
tomatic test messages for the cellular network. In some cases, the mobile WAN connection
could still be active but the router will not be able to send data over the cellular network. This
feature is used to verify that data can be sent over the PPP connection and supplements
the normal VRRP message handling. The currently active router (main/backup) will send test
messages to the defined Ping IP Address at periodic time intervals (Ping Interval) and wait for
a reply (Ping Timeout). If the router does not receive a response to the Ping command, it will
retry up to the number of times specified by the Ping Probes parameter. After that time, it will
switch itself to a backup router until the PPP connection is restored.
Item Description
Ping IP Address Destinations IP address for the Ping commands. IP Address can
not be specified as a domain name.
Ping Interval Interval in seconds between the outgoing Pings.
Ping Timeout Time in seconds to wait for a response to the Ping.
Ping Probes Maximum number of failed ping requests.
Table 19: Check connection
You may use the DNS server of the mobile carrier as the destination IP address for the test
messages (Pings).
30
v2 Routers
The Enable traffic monitoring option can be used to reduce the number of messages that
are sent to test the PPP connection. When this parameter is set, the router will monitor the
interface for any packets different from a ping. If a response to the packet is received within the
timeout specified by the Ping Timeout parameter, then the router knows that the connection is
still active. If the router does not receive a response within the timeout period, it will attempt to
test the mobile WAN connection using standard Ping commands.
31
v2 Routers
32
v2 Routers
The XR5i v2 routers do not display the Mobile WAN configuration option.
Select the Mobile WAN item in the Configuration menu section to enter the cellular network
configuration page.
Item Description
APN Network identifier (Access Point Name)
Username User name for logging into the GSM network
Password Password for logging into the GSM network
Authentication Authentication protocol in the GSM network:
IP Address Specifies the IP address of SIM card. You manually enter the IP ad-
dress, only when mobile network carrier assigned the IP address.
Phone Number Specifies the telephone number the router dials for a GPRS or CSD
connection. The router uses a default telephone number *99***1 #.
Operator Specifies the carrier code. You can specify the parameter as the PLNM
preferred carrier code.
Network type Specifies the type of protocol used in the mobile network.
33
v2 Routers
Item Description
PIN Specifies the PIN used to unlock the SIM card. Use a PIN parameter
only if the network requires a SIM card router. The SIM card is blocked
after several failed attempts to enter the PIN.
MRU Specifies the Maximum Receive Unit which is the maximum size of a
packet that the router can receive in a given environment. The default
value is 1500 B. Other settings can cause the router to incorrectly trans-
mit data. Minimal value is 128 B.
MTU Specifies the Maximum Transmission Unit which is the maximum size
of a packet that the router can transmit in a given environment. The de-
fault value is 1500 B. Other settings can cause the router to incorrectly
transmit data. Minimal value is 128 B.
Table 20: Mobile WAN Connection Configuration
The following list contains tips for working with the Mobile WAN configuration form:
• If the MTU size is set incorrectly, then the router does not exceed the data transfer. When
you set the MTU value low, more frequent fragmentation of data occurs. More frequent
fragmentation means a higher overhead and also the possibility of packet damage during
defragmentation. On the contrary, a higher MTU value can cause the network to drop
the packet.
• If the IP address field is left blank, when the router establishes a connection, then the
mobile network carrier automatically assigns an IP address. If you assign an IP address,
then the router accesses the network quicker.
• If the APN field is left blank, then the router automatically selects the APN using the IMSI
code of the SIM card. If the PLMN (operator number format) is not in the APN list, then
the router uses the default APN "internet". If AT&T carrier network is detected, "phone"
is used as default APN. The mobile network carrier defines the APN.
• If you enter the word blank in the APN field, then the router interprets the APN as blank.
ATTENTION:
• If the router has only one SIM card slot, it switches between the APN options.
A router with two SIM card slots switches between the SIM cards.
• The correct PIN must be filled in. SIM cards with two APNs will use the same
PIN for both APNs. An incorrect PIN can block the SIM card.
34
v2 Routers
Parameters identified with an asterisk require you to enter the appropriate information only
if this information is required by the mobile network carrier.
When the router is unsuccessful in establishing a connection to mobile network, verify
accuracy of the entered data. Alternatively, you can try a different authentication method or
network type.
Item Description
Ping IP Address Specifies the destination IP address or domain name for ping
queries.
Ping Interval Specifies the time intervals between the outgoing pings.
Table 21: Check Connection to Mobile Network Configuration
If you mark the Enable Traffic Monitoring checkbox, then the router stops sending ping
request to the Ping IP Address and it monitors the data stream on the connection to mobile
network. If this connection is without data longer than the Ping Interval, then the router sends
a ping request to the Ping IP Address.
Enabling the Check Connection function for mobile networks is necessary for uninter-
rupted and lasting operation of the router.
35
v2 Routers
Item Description
Data Limit Specifies the maximum expected amount of data transmitted (sent
and received) over GPRS in one billing period (month). Maximum
value is 2 TB (2097152 MB).
Warning Threshold Specifies the percentage of the "Data Limit" in the range of 50 % to
99 %. If the data limit is exceeded, the router sends an SMS in the
following form Router has exceeded (value of Warning Threshold)
of data limit.
Accounting Start Specifies the day of the month in which the billing cycle starts for
the SIM card used. When the service provider that issued the SIM
card specifies the start billing period, the router begins to count
the amount of transferred data starting on this day.
Table 22: Data Limit Configuration
If the parameter Data Limit State (see below) is set to not applicable or Send SMS when data
limit is exceeded in SMS Configuration is not selected, the Data Limit set here will be ignored.
Item Description
SIM Card Enable or disable the use of a SIM card. If you set all the SIM
cards to disabled, this means that the entire cellular module is
disabled.
36
v2 Routers
Item Description
Roaming State Configure the use of SIM cards based on roaming. This roaming
feature has to be activated for the SIM card on which it is enabled!
Data Limit State Configure the use of SIM cards based on the Data Limit set
above:
BIN0 State Configure the use of SIM cards based on binary input 0 state.
This option is not available on Libratum versions of the routers.
Use the following parameters to specify the decision making of SIM card switching in the
cellular module.
Item Description
Default SIM Card Specifies the modules’ default SIM card. The router will attempt
to establish a connection to mobile network using this default.
37
v2 Routers
Item Description
Initial State Specifies the action of the cellular module after the SIM card has
been selected.
Note: If offline, you can change this initial state by SMS message
only – see SMS Configuration. The cellular module will also go
into off-line mode if none of the SIM cards are not selected.
Switch to other SIM Applicable only when connection is established on the default
card when connec- SIM card and then fails. If the connection failure is detected by
tion fails Check Connection feature above, the router will switch to the
backup SIM card.
Switch to default SIM If enabled, after timeout, the router will attempt to switch back
card after timeout to the default SIM card. This applies only when there is default
SIM card defined and the backup SIM is selected beacuse of a
failure of the default one or if roaming settings cause the switch.
This feature is available only when Switch to other SIM card when
connection fails is enabled.
Initial Timeout Specifies the length of time that the router waits before the first at-
tempt to revert to the default SIM card, the range of this parameter
is from 1 to 10000 minutes.
Subsequent Timeout Specifies the length of time that the router waits after an unsuc-
cessful attempt to revert to the default SIM card, the range is from
1 to 10000 min.
Additive Constant Specifies the length of time that the router waits for any further
attempts to revert to the default SIM card. This length time is the
sum of the time specified in the "Subsequent Timeout" param-
eter and the time specified in this parameter. The range in this
parameter is from 1 to 10000 minutes.
Table 24: Parameters for SIM card switching
38
v2 Routers
Example:
If you mark the Switch to default SIM card after timeout check box, and you enter the following
values:
The first attempt to change to the primary SIM card or APN is carried out after 60 minutes.
When the first attempt fails, a second attempt is made after 30 minutes. A third attempt is
made after 50 minutes (30+20). A fourth attempt is made after 70 minutes (30+20+20).
Dial-In access configuration is supported for these routers only: ER75i, UR5, ER75i v2
and UR5 v2.
You may define access over CSD connection by selecting the Enable Dial-In Access func-
tion. Access can be secured by using the Username and Password. If the router does not have
a connection to a mobile network, you may use this function to gain access to the router via
dial-up connections. The router waits two minutes to accept connections. If no one logs on
during this time the router will make another attempt to establish a GPRS connection.
Item Description
Username User name for secured Dial-In access.
Password Password for secured Dial-In access.
Table 25: Dial-In access configuration
The changes in settings will apply after clicking the Apply button.
39
v2 Routers
40
v2 Routers
Example 1: The figure below displays the following scenario: the connection to the mobile
network is controlled on the address 8.8.8.8 with the time interval of 60 seconds for the pri-
mary SIM card and on the address www.google.com with the time interval 80 seconds for the
secondary SIM card. In the case of data stream on the router, the control pings are not sent,
but the data stream is monitored.
Example 2: The following configuration illustrates a scenario in which the router changes to
a backup SIM card after exceeding the data limits of 800MB. The router sends a warning SMS
upon reaching 400MB. The accounting period starts on the 18th day of the month.
41
v2 Routers
Item Description
Username Username for secure access to PPPoE
Password Password for secure access to PPPoE
Authentication Authentication protocol in GSM network
MRU Specifies the Maximum Receiving Unit. The MRU identifies the max-
imum packet size, that the router can receive in a given environ-
ment. The default value is 1492 bytes. Other settings can cause in-
correct data transmission.
MTU Specifies the Maximum Transmission Unit. The MTU identifies the
maximum packet size, that the router can transfer in a given envi-
ronment. The default value is 1492 bytes. Other settings can cause
incorrect data transmission.
Table 26: PPPoE configuration
Setting a bad packet size value (MRU, MTU) can cause unsuccessful transmission.
42
v2 Routers
This item is available only if the router is equipped with a WiFi module.
Configure the WiFi network by selecting the WiFi item in the main menu of the router web
interface. Activate WiFi by selecting Enable WiFi at the top of the form. You may set the
following properties listed in the table below.
RADIUS (Remote Authentication Dial-In User Service) networking protocol that provides cen-
tralized Authentication, Authorization, and Accounting (AAA) management for users is sup-
ported on WiFi. The router can be RADIUS client only (not the server) – typically as a WiFi
AP (Access Point) negotiating with the RADIUS server. In WiFi STA (Station) operating mode
the authentication method EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1) is supported
only.
Item Description
Operating mode WiFi operating mode:
Probe Hidden Probes hidden SSID (only for station (STA) mode)
SSID
Continued on next page
43
v2 Routers
Item Description
Client Isolation In access point (AP) mode only. If checked, the access point will
isolate every connected client so they do not see each other (they
are in different networks, they cannot PING between each other). If
unchecked, the access point behavior is like a switch, but wireless
– the clients are in the same LAN and can see each other.
Country Code Code of the country where the router is installed. This code must be
entered in ISO 3166-1 alpha-2 format. If a country code isn’t speci-
fied and the router has not implemented a system to determine this
code, it will use "US" as the default country code.
If no country code is specified or if the wrong country code is en-
tered, the router may violate country-specific regulations for the use
of WiFi frequency bands.
HW Mode HW mode of WiFi standard that will be supported by WiFi access
point.
44
v2 Routers
Item Description
Authentication Access control and authorization of users in the WiFi network.
45
v2 Routers
Item Description
WEP Key 1–4 Allows entry of four different WEP keys:
WPA PSK Type The possible key options for WPA-PSK authentication.
• 256-bit secret
• ASCII passphrase
• PSK File
WPA PSK Key for WPA-PSK authentication. This key must be entered accord-
ing to the selected WPA PSK type as follows:
RADIUS Auth IP address of the RADIUS server. In AP mode only and with one of
Server IP RADIUS authentications selected.
RADIUS Auth RADIUS server access password. In AP mode only and with one of
Password RADIUS authentications selected.
RADIUS Auth Port RADIUS server port. The default is 1812. In AP mode only and with
one of RADIUS authentications selected.
RADIUS Acct IP address of the RADIUS accounting server. Define only if different
Server IP from the authentication and authorization server. In AP mode only
and with one of RADIUS authentications selected.
Continued on next page
46
v2 Routers
Item Description
RADIUS Acct Access password of RADIUS accounting server. Define only if dif-
Password ferent from the authentication and authorization server. In AP mode
only and with one of RADIUS authentications selected.
RADIUS Acct Port RADIUS accounting server port. The default is 1813. Define only
if different from the authentication and authorization server. In AP
mode only and with one of RADIUS authentications selected.
RADIUS EAP Type of authentication protocol (EAP-PEAP/MSCHAPv2 or EAP-
Authentication TLS).
RADIUS CA Definition of CA certificate for EAP-TLS authentication protocol.
Certificate
RADIUS Local Definition of local certificate for EAP-TLS authentication protocol.
Certificate
RADIUS Local Definition of local private key for EAP-TLS authentication protocol.
Private Key
RADIUS Local Definition of password for private key of EAP-TLS protocol. Available
Private Key for EAP-TLS protocol only.
Password
RADIUS Identity RADIUS user name – identity. In STA mode only and with one of
RADIUS authentications selected.
RADIUS Password RADIUS access password. In STA mode only and with one of RA-
DIUS authentications selected.
Access List Mode of Access/Deny list.
Accept/Deny List Accept or Denny list of client MAC addresses that set network ac-
cess. Each MAC address is separated by new line.
Continued on next page
47
v2 Routers
Item Description
Syslog Level Logging level, when system writes to the system log.
48
v2 Routers
49
v2 Routers
This item is available only if the router is equipped with a WiFi module.
The WiFi LAN and DHCP server page is displayed by selecting WLAN in the configuration
section. You will then be able to set the following properties (see table below). Use the Enable
WLAN interface check box at the top of this form to enable WiFi LAN interface.
Item Description
Operating Mode WiFi operating mode:
Default Gateway IP address of the default gateway. When entering the IP address
of the default gateway, all packets for which the record was not
found in the routing table will be sent to this address.
DNS Server Address to which all DNS queries are forwarded.
Table 28: WLAN Configuration
50
v2 Routers
Use Enable dynamic DHCP leases item at the bottom of this form to enable dynamic
allocation of IP addresses using the DHCP server. You may also specify these values:
Item Description
IP Pool Start Beginning of the range of IP addresses which will be assigned to DHCP
clients.
IP Pool End End of the range of IP addresses which will be assigned to DHCP
clients.
Lease Time Time in seconds for which the client may use the IP address.
Table 29: Configuration of DHCP Server
All changes in settings will apply after pressing the Apply button.
51
v2 Routers
52
v2 Routers
Item Description
Enable backup The default route is selected according to the settings below. If dis-
routes switching abled (unchecked), the backup routes system operates in the back-
ward compatibility mode based on the default priorities of the network
interfaces (listed below).
Mode • Single WAN – The default mode. Only one interface is used for
WAN communication at a time. Other interfaces are used for
WAN when the preferred interface fails, based on the priorities
set.
• Multiple WANs – Multiple interfaces can be used for WAN con-
nection. When WAN communication via multiple interfaces is
received, the same interface is used in reply, therefor; the traf-
fic will stay on the given interface. The set priorities are used
when transmitting data from the router or from the network be-
hind the router. The highest priority interface is used for these
transmissions.
To add the network interfaces to the backup routes system, mark the checkbox(s) of the
following interface options: Enable backup routes switching for Mobile WAN, Enable backup
routes switching for PPPoE, Enable backup routes switching for WiFi STA, Enable backup
routes switching for Primary LAN or Enable backup routes switching for Secondary LAN. En-
abled interfaces are then used for WAN access either in Single WAN mode (only one interface
at a time) or in Multiple WANs mode (multiple interfaces at a time), based on priorities set:
Item Description
Priority Priority for the type of connection (network interface).
Ping IP Address Destination IP address or domain name of ping queries to check
the connection.
Ping Interval The time interval between consecutive ping queries.
Table 31: Backup Routes
Attention! If you want to use a mobile WAN connection as a backup route, you must
choose the enable + bind option in the Check Connection item on the Mobile WAN page
and fill in the ping address. See chapter 3.3.1.
53
v2 Routers
Network interfaces belonging to individual backup routes are also checked before use for
flags which indicate the state of the interface. (E.g. RUNNING on the Network Status page.)
This prevents, for example, the disconnection of an Ethernet cable. Any changes made to
settings will be applied after pressing the Apply button.
Default Priorities for Backup Routes: If the Enable backup routes switching check box is
unchecked, the backup routes system will operate in the backward compatibility mode. The
router selects the route based on the default priorities of the enabled settings for each of
the network interfaces, enabling appropriate services that comply with these network inter-
faces. The following list contains the names of backup routes and corresponding network
interfaces in order of default priorities:
Example: The router selects the Secondary LAN as the default route only if you unmark the
Create connection to mobile network check box on the Mobile WAN page. Alternatively, if you
unmark the Create PPPoE connection check box on the PPPoE page. To select the Primary
LAN, delete the IP address for the Secondary LAN and disabled the DHCP Client for the
Secondary LAN.
Note: Consider there is a concept of variable WAN and LAN interfaces even if the Backup
Routes are not enabled. The situation may occur, that LAN intended interface becomes WAN
interface (because of specified or default priorities). Communication from WAN interface to
LAN interface can then be blocked depending on the NAT and Firewall Configuration.
54
v2 Routers
Item Description
Enable IPv4 (IPv6) If checked, static routing functionality is enabled. Active are only
static routes routes enabled by the checkbox in the first column of the table.
Destination Network The destination IP address of the remote network or host to which
you want to assign a static route.
Mask or Prefix The subnet mask of the remote network or host IP address.
Length
Gateway IP address of the gateway device that allows for contact between
the router and the remote network or host.
Metric Metric definition, means number rating of the priority for the route
in the routing table. Routes with lower metrics have higher priority.
Interface Select an interface the remote network or host is on.
Table 32: Static Routes configuration
55
v2 Routers
Item Description
Source IP address from which access to the router is allowed.
Protocol Specifies the protocol used for remote access:
Target Port The port number on which access to the router is allowed.
Action Specifies the type of action the router performs:
The next section of the configuration form specifies the forwarding policy. If you unmark
the Enabled filtering of forwarded packets check box, then packets are automatically accepted.
If you activate this function, and a packet is addressed to another network interface, then the
router sends the packet to the FORWARD chain. When the FORWARD chain accepts the
packet and there is a rule for forwarding it, the router sends the packet. If a forwarding rule is
unavailable, then the router drops the packet.
This configuration form also contains a table for specifying the filter rules. It is possible
to create a rule to allow data with the selected protocol by specifying only the protocol, or to
create stricter rules by specifying values for source IP addresses, destination IP addresses,
and ports.
56
v2 Routers
Item Description
Source IP address from which access to the router is allowed.
Destination IP address of destination device.
Protocol Specifies the protocol used for remote access:
Target Port Specifies the port number on which access to the router is allowed.
Action Specifies the type of action the router performs:
When you enable the Enable filtering of locally destined packets function, the router drops
receives packets requesting an unsupported service. The packet is dropped automatically
without any information.
As a protection against DoS attacks, the Enable protection against DoS attacks limits the
number of allowed connections per second to five. The DoS attack floods the target system
with meaningless requirements.
57
v2 Routers
58
v2 Routers
59
v2 Routers
Item Description
Public Port Public port
Private Port Private port
Type Protocol type
Server IP address IP address where the router forwards incoming data.
Table 35: NAT Configuration
If you require more than sixteen NAT rules, then insert the remaining rules into the start
up script. The Startup Script dialog is located in the Configuration section of the main menu.
When creating your rules in the start up script, use the following format:
Enter the IP address [IPADDR], the public ports numbers [PORT_PUBLIC], and private
[PORT_PRIVATE] in square bracket.
You use the following parameters to set the routing of incoming data from the PPP to a
connected computer.
Item Description
Send all remaining incoming Activates/deactivates forwarding unmatched incoming
packets to default server packets to the default server. The prerequisite for the
function is that you specify a default server in the Default
Server IP Address field. The router can forward incom-
ing data from a GPRS to a computer with the assigned
IP address.
Default Server IP Address Specified the IP address for the default server.
Table 36: Configuration of send all incoming packets
60
v2 Routers
If you enable the following options and enter the port number, the router allows you to
remotely access to the router from a PPP interface.
Item Description
Enable remote HTTP access on port If field and port number are filled in, configura-
tion of the router over web interface is allowed
(disabled in default configuration).
Enable remote HTTPS access on port If field and port number are filled in, configura-
tion of the router over web interface is allowed
(disabled in default configuration).
Enable remote FTP access on port Select this option to allow the router using FTP.
Enable remote SSH access on port Select this option to allow access to the router
using SSH (disabled in default configuration).
Enable remote Telnet access on port Select this option to allow the router using Telnet.
Enable remote SNMP access on port Select this option to allow access to the router
using SNMP (disabled in default configuration).
Masquerade outgoing packets Activates/deactivates the network address trans-
lation function.
Table 37: Remote Access Configuration
61
v2 Routers
It is important to mark the Send all remaining incoming packets to default server check box
for this configuration. The IP address in this example is the address of the device behind the
router. The default gateway of the devices in the subnetwork connected to router is the same
IP address as displayed in the Default Server IP Address field. The connected device replies
if a PING is sent to the IP address of the SIM card.
62
v2 Routers
63
v2 Routers
In this example there is additional equipment connected behind the router, using a Switch.
Every device connected behind the router has its own IP address. This is the address to enter
in the Server IP Address field in the NAT configuration. All of these devices will be communi-
cating on port 80, but you can configure the Port Forwarding in the NAT configuration Public
Port and Private Port fields. It is now configured to access 192.168.1.2:80 socket behind the
router when accessing 10.0.0.1:81 from the Internet, and so on. If you send the ping request to
the public IP address of the router (10.0.0.1), the router will respond as usual (not forwarding).
If you access the IP address 10.0.0.1 in the browser (it is port 80), nothing will happen – Port
80 in the Public Port list is not defined, and you have not checked the Enable remote HTTP
access on port 80. And since the Send all remaining incoming packets to default server is not
enabled, the attempt to connect will fail.
64
v2 Routers
Item Description
Description Specifies the description or name of tunnel.
Protocol Specifies the communication protocol.
UDP/TCP port Specifies the port of the relevant protocol (UDP or TCP).
Remote IP Address Specifies the IP address of opposite tunnel side. You can also
use the domain name.
Remote Subnet Specifies the IP address of a network behind opposite side of the
tunnel.
Remote Subnet Mask Specifies the subnet mask of a network behind opposite side of
the tunnel.
Redirect Gateway Adds (rewrites) the default gateway. All the packets are then sent
to this gateway via tunnel, if there is no other specified default
gateway inside them.
Local Interface IP Specifies the IP address of a local interface.
Address
Remote Interface Specifies the IP address of the interface of opposite side of the
IP Address tunnel.
Ping Interval Specifies the time interval after which the router sends a mes-
sage to opposite side of tunnel to verify the existence of the tun-
nel.
Ping Timeout Specifies the time interval during which the router waits for a
message sent by the opposite side. For proper verification of the
OpenVPN tunnel, set the Ping Timeout to greater than the Ping
Interval.
Continued on next page
65
v2 Routers
Item Description
Renegotiate Interval Specifies the renegotiate period (reauthorization) of the Open-
VPN tunnel. You can only set this parameter when the Authen-
ticate Mode is set to username/password or X.509 certificate.
After this time period, the router changes the tunnel encryption
to help provide the continues safety of the tunnel.
Max Fragment Size Maximum size of a sent packet.
Compression Compression of the data sent:
NAT Rules Activates/deactivates the NAT rules for the OpenVPN tunnel:
Pre-shared Secret Specifies the pre-shared secret which you can use for every au-
thentication mode.
CA Certificate Specifies the CA Certificate which you can use for the user-
name/password and X.509 Certificate authentication modes.
Continued on next page
66
v2 Routers
Item Description
DH Parameters Specifies the protocol for the DH parameters key exchange which
you can use for X.509 Certificate authentication in the server
mode.
Local Certificate Specifies the certificate used in the local device. You can use this
authentication certificate for the X.509 Certificate authentication
mode.
Local Private Key Specifies the key used in the local device. You can use the key
for the X.509 Certificate authentication mode.
Username Specifies a login name which you can use for authentication in
the username/password mode.
Password Specifies a password which you can use for authentication in the
username/password mode.
Extra Options Specifies additional parameters for the OpenVPN tunnel, such as
DHCP options. The parameters are proceeded by two dashes.
For possible parameters see the help text in the router using SSH
– run the openvpnd --help command.
Table 38: OpenVPN Configuration
There is a condition for tunnel to be established: WAN route has to be active (for example
mobile connection established) even if the tunnel does not go through the WAN.
67
v2 Routers
The changes in settings will apply after pressing the Apply button.
68
v2 Routers
Configuration A B
Protocol UDP UDP
UDP Port 1194 1194
Remote IP Address 10.0.0.2 10.0.0.1
Remote Subnet 192.168.2.0 192.168.1.0
Remote Subnet Mask 255.255.255.0 255.255.255.0
Local Interface IP Address 19.16.1.0 19.16.2.0
Remote Interface IP Address 19.16.2.0 19.18.1.0
Compression LZO LZO
Authenticate mode none none
Examples of different options for configuration and authentication of OpenVPN tunnel can be
found in the application note OpenVPN Tunnel [5].
69
v2 Routers
To encrypt data between the local and remote subnets, specify the appropriate values in
the subnet fields on both routers. To encrypt the data stream between the routers only,
leave the local and remote subnets fields blank.
If you specify the protocol and port information in the Local Protocol/Port field, then the
router encapsulates only the packets matching the settings.
Item Description
Description Name or description of the tunnel.
Remote IP Address IP address of remote side of the tunnel. It is also possible to enter
the domain name.
Remote ID Identifier (ID) of remote side of the tunnel. It consists of two parts:
a hostname and a domain-name.
First Remote Subnet IP address of a network behind remote side of the tunnel.
First Remote Subnet Subnet mask of a network behind remote side of the tunnel.
Mask
Second Remote IP address of the second network behind remote side of the tun-
Subnet nel. For IKE Protocol = IKEv2 only.
Second Remote Subnet mask of the second network behind remote side of the
Subnet Mask tunnel. For IKE Protocol = IKEv2 only.
Remote Protocol/Port Specifies Protocol/Port of remote side of the tunnel. The general
form is protocol/port, for example 17/1701 for UDP (protocol 17)
and port 1701. It is also possible to enter only the number of
protocol, however, the above mentioned format is preferred.
Local ID Identifier (ID) of local side of the tunnel. It consists of two parts:
a hostname and a domain-name.
First Local Subnet IP address of a local network.
Continued on next page
70
v2 Routers
Item Description
First Local Subnet Subnet mask of a local network.
Mask
Second Local Subnet IP address of the second local network. For IKE Protocol = IKEv2
only.
Second Local Subnet Subnet mask of the second local network. For IKE Protocol =
Mask IKEv2 only.
Local Protocol/Port Specifies Protocol/Port of a local network. The general form is
protocol/port, for example 17/1701 for UDP (protocol 17) and
port 1701. It is also possible to enter only the number of protocol,
however, the above mentioned format is preferred.
Encapsulation Mode Specifies the IPsec mode, according to the method of encap-
sulation. You can select the tunnel mode in which the entire IP
datagram is encapsulated or the transport mode in which only IP
header is encapsulated.
Force NAT Traversal Enable NAT traversal enforcement (UDP encapsulation of ESP
packets). (Enabled).
IKE Protocol Specifies the version of IKE (IKEv1/IKEv2, IKEv1 or IKEv2).
IKE Mode Specifies the mode for establishing a connection (main or ag-
gressive). If you select the aggressive mode, then the router es-
tablishes the IPsec tunnel faster, but the encryption is perma-
nently set to 3DES-MD5. We recommend that you not use the
aggressive mode due to lower security!
IKE Algorithm Specifies the means by which the router selects the algorithm:
71
v2 Routers
Item Description
ESP Algorithm Specifies the means by which the router selects the algorithm:
• Pre-shared key – Sets the shared key for both sides of the
tunnel.
• X.509 Certificate – Allows X.509 authentication in multi-
client mode.
Pre-shared Key Specifies the shared key for both sides of the tunnel. The prereq-
uisite for entering a key is that you select pre-shared key as the
authentication mode.
CA Certificate Certificate for X.509 authentication.
Remote Certificate Certificate for X.509 authentication.
Local Certificate Certificate for X.509 authentication.
Continued on next page
72
v2 Routers
Item Description
Local Private Key Private key for X.509 authentication.
Local Passphrase Passphrase used during private key generation.
Debug Choose the level of verbosity to System Log. Silent (default),
audit, control, control-more, raw, private (most verbose including
the private keys).
Table 40: IPsec Tunnel Configuration
Do not miss:
• If local and remote subnets are not configured then only packets between local and
remote IP address are encapsulated, so only communication between two routers
is encrypted.
• If protocol/port fields are configured then only packets matching these settings are
encapsulated.
The following procedure describes how to generate certificates and keys without a pass-
word phrase:
73
v2 Routers
Listed below are the certificates with password phrase "router" (certification authority re-
mains unchanged):
The IPsec function supports the following types of identifiers (ID) for both sides of the
tunnel, Remote ID and Local ID parameters:
The certificates and private keys have to be in the PEM format. Use only certificates containing
start and stop tags.
The random time, after which the router re-exchanges new keys is defined as follows:
Lifetime - (Rekey margin + random value in range (from 0 to Rekey margin * Rekey Fuzz/100))
We recommend that you maintain the default settings. When you set key exchange times
higher, the tunnel produces lower operating costs, but the setting also provides less security.
Conversely, when you reducing the time, the tunnel produces higher operating costs, but
provides for higher security.
The changes in settings will apply after clicking the Apply button.
74
v2 Routers
75
v2 Routers
Configuration A B
Remote IP Address 10.0.0.2 10.0.0.1
Remote Subnet 192.168.2.0 192.168.1.0
Remote Subnet Mask 255.255.255.0 255.255.255.0
Local Subnet 192.168.1.0 192.168.2.0
Local Subnet Mas: 255.255.255.0 255.255.255.0
Authenticate mode pre-shared key pre-shared key
Pre-shared key test test
Examples of different options for configuration and authentication of IPsec tunnel can be found
in the application note IPsec Tunnel [6].
76
v2 Routers
To open the GRE Tunnel Configuration page, click GRE in the Configuration section of the
main menu. The menu item will expand and you will see four separate configuration pages:
1st Tunnel, 2nd Tunnel, 3rd Tunnel and 4th Tunnel. The GRE tunnel function allows you to
create an unencrypted connection between two separate LAN networks. The router allows
you to create four GRE tunnels.
Item Description
Description Description of the GRE tunnel.
Remote IP Address IP address of the remote side of the tunnel.
Remote Subnet IP address of the network behind the remote side of the tunnel.
Remote Subnet Mask Specifies the mask of the network behind the remote side of the
tunnel.
Local Interface IP IP address of the local side of the tunnel.
Address
Remote Interface IP IP address of the remote side of the tunnel.
Address
Multicasts Activates/deactivates sending multicast into the GRE tunnel:
Pre-shared Key Specifies an optional value for the 32 bit shared key in numeric
format, with this key the router sends the filtered data through
the tunnel. Specify the same key on both routers, otherwise the
router drops received packets.
Table 42: GRE Tunnel Configuration
The changes in settings will apply after pressing the Apply button.
77
v2 Routers
78
v2 Routers
Configuration A B
Remote IP Address 10.0.0.2 10.0.0.1
Remote Subnet 192.168.2.0 192.168.1.0
Remote Subnet Mask 255.255.255.0 255.255.255.0
Table 43: GRE Tunnel Configuration Example
Examples of different options for configuration of GRE tunnel can be found in the application
note GRE Tunnel [7].
79
v2 Routers
To open the L2TP Tunnel Configuration page, click L2TP in the Configuration section of the
main menu. The L2TP tunnel function allows you to create a password protected connection
between 2 LAN networks. The router activates the tunnels after you mark the Create L2TP
tunnel check box.
Item Description
Mode Specifies the L2TP tunnel mode on the router side:
80
v2 Routers
Configuration A B
Mode L2TP Server L2TP Client
Server IP Address — 10.0.0.1
Client Start IP Address 192.168.2.5 —
Client End IP Address 192.168.2.254 —
Local IP Address 192.168.1.1 —
Remote IP Address — —
Remote Subnet 192.168.2.0 192.168.1.0
Remote Subnet Mask 255.255.255.0 255.255.255.0
Username username username
Password password password
Table 45: L2TP Tunnel Configuration Example
81
v2 Routers
Select the PPTP item in the menu to configure a PPTP tunnel. PPTP tunnel allows pass-
word protected connections between two LANs. It is similar to L2TP. The tunnels are active
after selecting Create PPTP tunnel.
Item Description
Mode Specifies the L2TP tunnel mode on the router side:
The changes in settings will apply after pressing the Apply button.
The firmware also supports PPTP passthrough, which means that it is possible to create a
tunnel through the router.
82
v2 Routers
Configuration A B
Mode PPTP Server PPTP Client
Server IP Address — 10.0.0.1
Local IP Address 192.168.1.1 —
Remote IP Address 192.168.2.1 —
Remote Subnet 192.168.2.0 192.168.1.0
Remote Subnet Mask 255.255.255.0 255.255.255.0
Username username username
Password password password
Table 47: PPTP Tunnel Configuration Example
83
v2 Routers
3.16 Services
3.16.1 DynDNS
The DynDNS function allows you to access the router remotely using an easy to remem-
ber custom hostname. This DynDNS client monitors the IP address of the router and up-
dates the address whenever it changes. In order for DynDNS to function, you require a pub-
lic IP address, either static or dynamic, and an active Remote Access service account at
www.dyndns.org. Register the custom domain (third-level) and account information specified
in the configuration form. You can use other services, too – see the table below, Server item.
To open the DynDNS Configuration page, click DynDNS in the main menu.
Item Description
Hostname The third order domain registered on the www.dyndns.org server.
Username Username for logging into the DynDNS server.
Password Password for logging into the DynDNS server.
Server Specifies a DynDNS service other than the www.dyndns.org. Possible
other services:
www.spdns.de
www.dnsdynamic.org
www.noip.com
Enter the update server service information in this field. If you leave this
field blank, the default server members.dyndns.org will be used.
Table 48: DynDNS Configuration
To access the router’s configuration remotely, you will need to have enabled this option in the
NAT configuration (bottom part of the form), see chapter 3.10.
84
v2 Routers
3.16.2 FTP
FTP protocol (File Transfer Protocol) can be used to transfer files between the router and
another device on the computer network. Configuration form of TP server can be done in FTP
configuration page under Services menu item. By ticking Enable FTP service item the FTP
server on the router is enabled.
85
v2 Routers
3.16.3 HTTP
HTTP protocol (Hypertext Transfer Protocol) is internet protocol used for exchange of hy-
pertext documents in HTML format. This protocol is used for accessing the web server used
for user’s configuration of the router. Recommended usage however is of HTTPS protocol,
which used encryption for secure exchange of transferred data. Configuration form of HTTP
and HTTPS service can be done in HTTP configuration page under Services menu item. By
default, HTTP service is disabled and preferred is using of HTTPS service. For this default
setting, a request for communication with HTTP protocol is redirected to HTTPS protocol au-
tomatically.
Item Description
Enable HTTP service Enabling of HTTP service.
Enable HTTPS Enabling of HTTPS service.
service
Session Timeout Inactivity timeout when the session is closed.
Table 49: Parameters for HTTP and HTTPS services configuration
86
v2 Routers
3.16.4 NTP
The NTP configuration form allows you to configure the NTP client. To open the NTP page,
click NTP in the Configuration section of the main menu. NTP (Network Time Protocol) allows
you to periodically set the internal clock of the router. The time is set from servers that provide
the exact time to network devices.
• If you mark the Enable local NTP service check box, then the router acts as a NTP server
for other devices in the local network (LAN).
• If you mark the Synchronize clock with NTP server check box, then the router acts as a
NTP client. This means that the router automatically adjusts the internal clock every 24
hours.
Item Description
Primary NTP Server IP or domain address of primary NTP server.
Address
Secondary NTP IP or domain address of secondary NTP server.
Server Address
Timezone Specifies the time zone where you installed the router.
Daylight Saving Time Activates/deactivates the DST shift.
The figure below displays an example of a NTP configuration with the primary server set
to ntp.cesnet.cz and the secondary server set to tik.cesnet.cz and with the automatic change
for daylight saving time enabled.
87
v2 Routers
3.16.5 SNMP
The SNMP page allows you to configure the SNMP v1/v2 or v3 agent which sends in-
formation about the router (and its expansion ports) to a management station. To open the
SNMP page, click SNMP in the Configuration section of the main menu. SNMP (Simple Net-
work Management Protocol) provides status information about the network elements such as
routers or endpoint computers. In the version v3, the communication is secured (encrypted).
To enable the SNMP service, mark the Enable the SNMP agent check box.
Item Description
Name Designation of the router.
Location Location of where you installed the router.
Contact Person who manages the router together with information how to contact
this person.
Table 51: SNMP Agent Configuration
To enable the SNMPv1/v2 function, mark the Enable SNMPv1/v2 access check box. It is
also necessary to specify a password for access to the Community SNMP agent. The default
setting is public.
You can define a different password for the Read community (read only) and the Write
community (read and write) for SNMPv1/v2. You can also define 2 SNMP users for SNMPv3.
You can define a user as read only (Read), and another as read and write (Write). The router
allows you to configure the parameters in the following table for every user separately. The
router uses the parameters for SNMP access only.
To enable the SNMPv3 function, mark the Enable SNMPv3 access check box, then specify
the following parameters:
Item Description
Username User name
Authentication Encryption algorithm on the Authentication Protocol that is
used to verify the identity of the users.
Authentication Password Password used to generate the key used for authentication.
Privacy Encryption algorithm on the Privacy Protocol that is used to
ensure confidentiality of data.
Privacy Password Password for encryption on the Privacy Protocol.
Table 52: SNMPv3 Configuration
88
v2 Routers
• Activating the Enable I/O extension function allows you monitor the binary I/O inputs on
the router.
• Selecting the Enable XC-CNT extension lets you monitor the expansion port CNT inputs
and outputs status.
• Selecting Enable M-BUS extension and entering the Baudrate, Parity and Stop Bits lets
you monitor the meter status connected to the expansion port MBUS status.
Item Description
Baudrate Communication speed
Parity Control parity bit:
Parameters Enable XC-CNT extension and Enable M-BUS extension cannot be checked
at the same time.
Selecting Enable reporting to supervisory system and entering the IP Address and Period
lets you send statistical information to the monitoring system, R-SeeNet.
Item Description
IP Address IP address
Period Period of sending statistical information (in minutes).
Table 54: SNMP Configuration – R-SeeNet
89
v2 Routers
Each monitored value is uniquely identified using a numerical identifier OID – Object Iden-
tifier. This identifier consists of a progression of numbers separated by a point. The shape
of each OID is determined by the identifier value of the parent element and then this value is
complemented by a point and current number. So it is obvious that there is a tree structure.
The following figure displays the basic tree structure that is used for creating the OIDs.
The SNMP values that are specific for Conel routers create the tree starting at OID =
.1.3.6.1.4.1.30140. You interpret the OID in the following manner:
iso.org.dod.internet.private.enterprises.conel
This means that the router provides for example, information about the binary input and
output. The following table shows the range of used OID values:
OID Description
.1.3.6.1.4.1.30140.2.3.1.0 Binary input BIN0 (values 0,1)
.1.3.6.1.4.1.30140.2.3.2.0 Binary output OUT0 (values 0,1)
Table 55: Object identifier for binary input and output
90
v2 Routers
For the expansion port CNT, the following range of OID is used:
OID Description
.1.3.6.1.4.1.30140.2.1.1.0 Analogy input AN1 (range 0-4095)
.1.3.6.1.4.1.30140.2.1.2.0 Analogy input AN2 (range 0-4095)
.1.3.6.1.4.1.30140.2.1.3.0 Counter input CNT1 (range 0-4294967295)
.1.3.6.1.4.1.30140.2.1.4.0 Counter input CNT2 (range 0-4294967295)
.1.3.6.1.4.1.30140.2.1.5.0 Binary input BIN1 (values 0,1)
.1.3.6.1.4.1.30140.2.1.6.0 Binary input BIN2 (values 0,1)
.1.3.6.1.4.1.30140.2.1.7.0 Binary input BIN3 (values 0,1)
.1.3.6.1.4.1.30140.2.1.8.0 Binary input BIN4 (values 0,1)
.1.3.6.1.4.1.30140.2.1.9.0 Binary output OUT1 (values 0,1)
Table 56: Object identifier for CNT port
For the expansion port M-BUS, the following range of OID is used:
OID Description
.1.3.6.1.4.1.30140.2.2.<address>.1.0 IdNumber – meter number
.1.3.6.1.4.1.30140.2.2.<address>.2.0 Manufacturer
.1.3.6.1.4.1.30140.2.2.<address>.3.0 Version – specified meter version
.1.3.6.1.4.1.30140.2.2.<address>.4.0 Medium – type of metered medium
.1.3.6.1.4.1.30140.2.2.<address>.5.0 Status – errors report
.1.3.6.1.4.1.30140.2.2.<address>.6.0 0. VIF – value information field
.1.3.6.1.4.1.30140.2.2.<address>.7.0 0. measured value
.1.3.6.1.4.1.30140.2.2.<address>.8.0 1. VIF – value information field
.1.3.6.1.4.1.30140.2.2.<address>.9.0 1. measured value
.1.3.6.1.4.1.30140.2.2.<address>.10.0 2. VIF – value information field
.1.3.6.1.4.1.30140.2.2.<address>.11.0 2. measured value
.1.3.6.1.4.1.30140.2.2.<address>.12.0 3. VIF – value information field
.1.3.6.1.4.1.30140.2.2.<address>.13.0 3. measured value
.. ..
. .
.1.3.6.1.4.1.30140.2.2.<address>.100.0 47. VIF – value information field
.1.3.6.1.4.1.30140.2.2.<address>.101.0 47. measured value
Table 57: Object identifier for M-BUS port
The meter address can be from range 0 – 254, where the number 254 is broadcast.
91
v2 Routers
Starting with firmware version 3.0.4, all v2 routers with board RB-v2-6 and newer pro-
vide information About the internal temperature of the device (OID 1.3.6.1.4.1.30140.3.3) and
power voltage (OID 1.3.6.1.4.1.30140.3.4).
The list of available and supported OIDs and other details can be found in the application note
SNMP Object Identifier [8].
92
v2 Routers
In order to access a particular device enter the IP address of the SNMP agent which is
the router, in the Remote SNMP agent field. The dialog displayed the internal variables in the
MIB tree after entering the IP address. Furthermore, you can find the status of the internal
variables by entering their OID.
93
v2 Routers
3.16.6 SMTP
You use the SMTP form to configure the Simple Mail Transfer Protocol client (SMTP) for
sending e-mails.
Item Description
SMTP Server Address IP or domain address of the mail server.
SMTP Port Port the SMTP server is listening on.
Secure Method none, SSL/TLS, or STARTTLS. Secure method has to be sup-
ported by the SMTP server.
Username Name for the e-mail account.
Password Password for the e-mail account. The password can contain the
following special characters * + , - . / : = ? ! # % [ ] _ { } ~
The following special characters are not allowed: “ $ & ’ ( ) ; < >
Own E-mail Address Address of the sender.
Table 58: SMTP client configuration
The mobile service provider can block other SMTP servers, then you can only use the SMTP
server of the service provider.
You send e-mails from the Startup script. The Startup Script dialog is located in the Con-
figuration section of the main menu. The router also allows you to send e-mails using an SSH
connection. Use the email command with the following parameters:
94
v2 Routers
The command above sends an e-mail address to [email protected] with the subject
"subject", body message "message" and attachment "abc.doc" directly from the directory
c:\directory\. The router attempts to send the message five times.
95
v2 Routers
3.16.7 SMS
The SMS Configuration page is not available for the XR5i v2 routers.
Open the SMS Configuration page, click SMS in the Configuration section of the main
menu. The router can automatically send SMS messages to a cell phone or SMS message
server when certain events occur. The form allows you to select which events generate an
SMS message.
Item Description
Send SMS on power up Activates/deactivates the sending of an SMS mes-
sage automatically on power up.
Send SMS on connect to mobile Activates/deactivates the sending of an SMS mes-
network sage automatically when the router is connected to
a mobile network.
Send SMS on disconnect to mo- Activates/deactivates the sending of an SMS mes-
bile network sage automatically when the router is disconnection
from a mobile network.
Send SMS when datalimit Activates/deactivates the sending of an SMS mes-
exceeded sage automatically when the data limit exceeded.
Send SMS when binary input on Send an SMS message when the binary input on the
I/O port (BIN0) is active I/O port (BIN0) goes active. The text of the message
is set using parameter BIN0.
Send SMS when binary input on Automatic sending SMS message after binary input
expansion port (BIN1 – BIN4) is on expansion port (BIN1 – BIN4) is active. Text of
active message is intended parameter BIN1 – BIN4.
Add timestamp to SMS Activates/deactivates the adding a time stamp to the
SMS messages. This time stamp has a fixed format
YYYY-MM-DD hh:mm:ss.
Phone Number 1 Specifies the phone number to which the router sends
the generated SMS.
Phone Number 2 Specifies the phone number to which the router sends
the generated SMS.
Phone Number 3 Specifies the phone number to which the router sends
the generated SMS.
Unit ID The name of the router. The router sends the name
in the SMS.
BIN0 – SMS SMS text messages when activate the first binary in-
put on the router.
Continued on next page
96
v2 Routers
Item Description
BIN1 – SMS SMS text messages when activate the binary input on
the expansion port.
BIN2 – SMS SMS text messages when activate the binary input on
the router.
BIN3 – SMS SMS text messages when activate the binary input on
the router.
BIN4 – SMS SMS text messages when activate the binary input on
the router.
Table 59: SMS Configuration
After you enter a phone number in the Phone Number 1 field, the router allows you to
configure the control of the device using an SMS message. You can configure up to three
numbers for incoming SMS messages. To enable the function, mark the Enable remote control
via SMS check box. The default setting of the remote control function is active. Note: Every
received control SMS is processed and then deleted from the router.
Item Description
Phone Number 1 Specifies the first phone number allowed to access the router us-
ing an SMS.
Phone Number 2 Specifies the second phone number allowed to access the router
using an SMS.
Phone Number 3 Specifies the third phone number allowed to access the router
using an SMS.
Table 60: Control via SMS
• If you leave the phone number field blank, then you can restart the router using an
SMS Reboot message from any phone number.
• If you enter one or more phone numbers, then you can control the router using SMS
messages sent only from the specified phone numbers.
• If you enter the wild card character ∗, then you can control the router using SMS
messages sent from any phone number.
97
v2 Routers
Control SMS messages do not change the router configuration. For example, if the router is
changed to the off line mode using an SMS message, then the router remains in this mode.To
return the router to the on-line mode, reboot or power cycle the device. The behavior is the
same for every SMS control message.
To control the router using an SMS, send only message text containing the control com-
mand. You can send control SMS messages in the following form:
SMS Description
go online sim 1 The router changes to SIM1 (APN1)
go online sim 2 The router changes to SIM2 (APN2)
go online Changes the router to the online mode
go offline Changes the router to the off line mode
set out0=0 Sets the binary output to 0
set out0=1 Sets the binary output to 1
set out1=0 Sets the binary output of XC-CNT to 0
set out1=1 Sets the binary output of XC-CNT to 1
set profile std Sets the standard profile
set profile alt1 Sets the alternative profile 1
set profile alt2 Sets the alternative profile 2
set profile alt3 Sets the alternative profile 3
reboot The router reboots
get ip The router responds with the IP address of the SIM card
Table 61: Control SMS
Choosing Enable AT-SMS protocol on expansion port 1 and Baudrate makes it possible to
send/receive an SMS on the serial Port 1.
Item Description
Baudrate Communication speed on the expansion port 1
Table 62: Send SMS on the serial Port 1
Choosing Enable AT-SMS protocol on expansion port 2 and Baudrate makes it possible to
send/receive an SMS on the serial Port 2.
Item Description
Baudrate Communication speed on the expansion port 2
Table 63: Send SMS on the serial Port 2
98
v2 Routers
Setting the parameters in the Enable AT-SMS protocol over TCP frame, you can enable
the router to send and receive SMS messages on a TCP port. This function requires you to
specify a TCP port number. The router sends SMS messages using a standard AT command.
Item Description
TCP Port TCP port on which will be allowed to send/receive SMS messages.
Table 64: Send SMS on ethernet PORT1 configuration
Sending SMS
If you establish a connection to the router using a serial interface or Ethernet, then you can
use AT commands to manage SMS messages. The following table lists only the commands
that the router supports. For other AT commands the router sends an OK response. The
router sends an ERROR response for complex AT commands.
AT Command Description
AT+CGMI Returns the specific identity of the manufacturer.
AT+CGMM Returns the specific model identity of the manufacturer.
AT+CGMR Returns the specific model revision identity of the manufacturer.
AT+CGPADDR Displays the IP address of the usb0 interface.
AT+CGSN Returns the product serial number.
AT+CIMI Returns the International Mobile Subscriber Identity number (IMSI).
AT+CMGD Deletes a message from the location.
AT+CMGF Sets the presentation format for short messages.
AT+CMGL Lists messages of a certain status from a message storage area.
AT+CMGR Reads a message from a message storage area.
AT+CMGS Sends a short message from the device to entered tel. number.
AT+CMGW Writes a short message to the SIM storage.
AT+CMSS Sends a short message from the SIM storage location.
AT+COPS? Identifies the mobile networks available
AT+CPIN Used to query and enter a PIN code.
AT+CPMS Selects the SMS memory storage types, to be used for short message
operations.
AT+CREG Displays network registration status.
AT+CSCA Sets the short message service center (SMSC) number
AT+CSCS Selects the character set.
Continued on next page
99
v2 Routers
AT Command Description
AT+CSQ Returns the signal strength of the registered network.
AT+GMI Returns the specific identity of the manufacturer.
AT+GMM Returns the specific model identity of the manufacturer.
AT+GMR Returns the specific model revision identity of the manufacturer.
AT+GSN Returns the product serial number.
ATE Determines whether or not the device echoes characters.
ATI Transmits the manufacturer specific information about the device.
Table 65: List of AT Commands
A detailed description and examples of these AT commands can be found in the application
note AT commands [9].
100
v2 Routers
After powering up the router, the phone with the number entered in the dialog receives an SMS
in the following form:
Router (Unit ID) has been powered up. Signal strength –xx dBm.
After connecting to mobile network, the phone with the number entered in the dialog receives
an SMS in the following form:
Router (Unit ID) has established connection to mobile network. IP address xxx.xxx.xxx.xxx
After disconnecting from the mobile network, the phone with the number entered in the dialog
receives an SMS in the following form:
Router (Unit ID) has lost connection to mobile network. IP address xxx.xxx.xxx.xxx
101
v2 Routers
Example 2: Configuration for sending SMS via serial interface on the Port 1.
102
v2 Routers
Example 3: Control the router using an SMS from any phone number.
103
v2 Routers
Example 4: Control the router using an SMS from two phone numbers.
104
v2 Routers
3.16.8 SSH
SSH protocol (Secure Shell) allows to carry out a secure remote login to the router. Con-
figuration form of SSH service can be done in SSH configuration page under Services menu
item. By ticking Enable SSH service item the SSH server on the router is enabled.
Item Description
Enable SSH service Enabling of SSH service.
Session Timeout Inactivity timeout when the session is closed.
Table 66: Parameters for SSH service configuration
105
v2 Routers
3.16.9 Telnet
Telnet is a protocol used to provide a bidirectional interactive text-oriented communication
facility with the router. Configuration form of Telnet service can be done in Telnet configuration
page under Services menu item. By ticking Enable Telnet service item the Telnet server on
the router is enabled.
106
v2 Routers
Item Description
Baudrate Applied communication speed.
Data Bits Number of data bits.
Parity Control parity bit:
• TCP server – The router will listen for incoming TCP connection
requests.
• TCP client – The router will connect to a TCP server on the
specified IP address and TCP port.
Server Address When set to TCP client above, it is necessary to enter the Server ad-
dress and TCP port.
TCP Port TCP/UDP port used for communications. The router uses the value for
both the server and client modes.
Inactivity Timeout Time period after which the TCP/UDP connection is interrupted in case
of inactivity.
Table 67: Expansion Port Configuration 1
107
v2 Routers
If you mark the Reject new connections check box, then the router rejects any other con-
nection attempt. This means that the router no longer supports multiple connections.
If you mark the Check TCP connection check box, the router verifies the TCP connection.
Item Description
Keepalive Time Time after which the router verifies the connection.
Keepalive Interval Length of time that the router waits on an answer.
Keepalive Probes Number of tests that the router performs.
Table 68: Expansion Port Configuration 2
When you mark the Use CD as indicator of the TCP connection check box, the router uses
the carrier detection (CD) signal to verify the status of the TCP connection. The CD signal
verifies that another device is connected to the other side of the cable.
CD Description
Active TCP connection is enabled
Nonactive TCP connection is disabled
Table 69: CD Signal Description
When you mark the Use DTR as control of TCP connection check box, the router uses the
data terminal ready (DTR) single to control the TCP connection. The remote device sends a
DTR single to the router indicating that the remote device is ready for communications.
Since firmware 3.0.9, all v2 routers provide a program called getty which allows user to connect
to the router via the serial line (router must be fitted with an expansion port RS232!). Getty
displays the prompt and after entering the username passes it on login program, which asks
for a password, verifies it and runs the shell. After logging in, it is possible to manage the
system as well as a user is connected via telnet.
108
v2 Routers
109
v2 Routers
110
v2 Routers
Item Description
Baudrate Applied communication speed.
Data Bits Number of data bits.
Parity Control parity bit:
• TCP server – The router will listen for incoming TCP connection
requests.
• TCP client – The router will connect to a TCP server on the
specified IP address and TCP port.
Server Address When set to TCP client above, it is necessary to enter the Server ad-
dress and TCP port.
TCP Port TCP/UDP port used for communications. The router uses the value
for both the server and client modes.
Inactivity Timeout Time period after which the TCP/UDP connection is interrupted in
case of inactivity.
Table 71: USB Port Configuration 1
111
v2 Routers
If you mark the Reject new connections check box, then the router rejects any other con-
nection attempt. This means that the router no longer supports multiple connections.
If you mark the Check TCP connection check box, the router verifies the TCP connection.
Item Description
Keepalive Time Time after which the router verifies the connection.
Keepalive Interval Length of time that the router waits on an answer.
Keepalive Probes Number of tests that the router performs.
Table 72: USB Port Configuration 2
When you mark the Use CD as indicator of the TCP connection check box, the router uses
the carrier detection (CD) signal to verify the status of the TCP connection. The CD signal
verifies that another device is connected to the other side of the cable.
CD Description
Active TCP connection is enabled
Nonactive TCP connection is disabled
Table 73: CD Signal description
When you mark the Use DTR as control of TCP connection check box, the router uses the
data terminal ready (DTR) single to control the TCP connection. The remote device sends a
DTR single to the router indicating that the remote device is ready for communications.
• FTDI
• Prolific PL2303
• Silicon Laboratories CP210×
The changes in settings will apply after pressing the Apply button
112
v2 Routers
113
v2 Routers
114
v2 Routers
3.19 Scripts
There is possibility to create your own shell scripts executed in the specific situations. Go
to the Scripts page in the Configuration section in the menu. The menu item will expand and
there are Startup Script and Up/Down scripts you can use. For more examples of Scripts and
possible commands see the Application Note Commands and Scripts [1].
Any changes to the Startup Script will take effect the next time the router is power cycled
or rebooted. This can be done with the Reboot button in the Administration section, or
by SMS message.
Example of Startup Script: When the router starts up, stop syslogd program and start
syslogd with remote logging on address 192.168.2.115 and limited to 100 entries.
115
v2 Routers
The changes in settings will apply after pressing the Apply button. Also you need to reboot
the router to make Up/Down Script work.
Example of Up/Down Script: After establishing or losing the WAN connection (connection
to mobile network), the router sends an email with information about the connection state. It
is necessary to configure SMTP before.
116
v2 Routers
Item Description
Source Select the location of the update files:
Base URL Base URL or IP address from which the configuration file will be down-
loaded. This option also specifies the communication protocol (HTTP,
HTTPS, FTP or FTPS), see examples below.
Unit ID Name of configuration (name of the file without extension). If the Unit
ID is not filled, the MAC address of the router is used as the filename
(the delimiter colon is used instead of a dot.)
Update Hour Use this item to set the hour (range 1-24) when the automatic update
will be performed every day. If the time is not specified, automatic up-
date is performed five minutes after turning on the router and then
every 24 hours. If the detected configuration file is different from the
running one, it is downloaded and the router is restarted automatically.
Table 75: Automatic Update Configuration
The configuration file name consists of Base URL, hardware MAC address of ETH0 inter-
face and cfg extension. Hardware MAC address and cfg extension are added to the file name
automatically and it isn’t necessary to enter them. When the parameter Unit ID is enabled,
it defines the concrete configuration name which will be downloaded to the router, and the
hardware MAC address in the configuration name will not be used.
117
v2 Routers
The firmware file name consists of Base URL, type of router and bin extension. For the
proper firmware filename, see the Update Firmware page in Administration section – it us
written out there. See Chapter 5.11.
It is necessary to load two files (.bin and .ver) to the HTTP/FTP server. If only the .bin
file is uploaded and the HTTP server sends the incorrect answer of 200 OK (instead of
the expected 404 Not Found) when the device tries to download the nonexistent .ver file,
then there is a risk that the router will download the .bin file over and over again.
Firmware update can cause incompatibility with the user modules. It is recommended that
you update user modules to the most recent version. Information about the user modules
and the firmware compatibility is at the beginning of the user module’s Application Note.
The following examples check for new firmware or configurations each day at 1:00 a.m. An
example is given for the LR77 v2 router.
• Firmware: http://example.com/LR77-v2.bin
• Configuration file: http://example.com/test.cfg
118
v2 Routers
The following examples check for new firmware or configurations each day at 1:00 a.m. An
example is given for the LR77 v2 router with MAC address 00:11:22:33:44:55.
• Firmware: http://example.com/LR77-v2.bin
• Configuration file: http://example.com/00.11.22.33.44.55.cfg
119
v2 Routers
4. Customization
4.1 User Modules
You may run custom software programs in the router to enhance the features of the router.
Use the User Modules menu item to add new software modules to the router, to remove them,
or to change their configuration. Use the Browse button to select the user module (compiled
module has tgz extension). Use the Add button to add a user module.
The new module appears in the list of modules on the same page. If the module contains
an index.html or index.cgi page, the module name serves as a link to this page. The module
can be deleted using the Delete button.
Updating a module is done the same way. Click the Add button and the module with the
higher (newer) version will replace the existing module. The current module configuration is
left in the same state.
Programming and compiling of modules is described in the Application Note Programming of
User Modules [10].
User modules can be custom-programmed. They can also be downloaded from company
web site (www.bb-smartcellular.eu). Here are a few examples of the user modules that are
available on the web site.
120
v2 Routers
Attention: In some cases the firmware update can cause incompatibility with installed
user modules. Some of them are dependent on the version of the Linux kernel (for exam-
ple SmsBE and PoS Configuration). It is best to update user modules to the most recent
version.
Information about the user module and the firmware compatibility is at the beginning of the
user module’s Application Note.
121
v2 Routers
5. Administration
5.1 Users
This configuration function is only available for users assigned the admin role!
To assign roles and manage user accounts open the Users form in the Administration
section of the main menu. The first frame of this configuration form contains an overview of
available users. The table below describes the meaning of the buttons in this frame.
Button Description
Lock Locks the user account. This user is not allowed to log in to the
router, neither web interface nor SSH.
Change Password Allows you to change the password for the corresponding user.
Delete Deletes the corresponding user account.
Table 77: Users Overview
Be careful! If you lock every account with the permission role Admin, you can
not unlock these accounts. This also means that the Users dialog is unavailable
for every user, because every admin account is locked and the users do not have
sufficient permissions.
The second block contains configuration form which allows you to add new user. All items
are described in the table below.
Item Description
Role Specifies the type of user account:
Username Specifies the name of the user allowed to log in the device.
Password Specifies the password for the corresponding user.
Confirm Password Confirms the password you specified above.
Table 78: Add User
122
v2 Routers
Ordinary users are not able to access router via Telnet, SSH or SFTP. Read only FTP
access is allowed for these users.
Example of using profiles: Profiles can be used to switch between different modes of op-
eration of the router such as PPP connection, VPN tunnels, etc. It is then possible to switch
between these settings using the front panel binary input, an SMS message, or Web interface
of the router.
123
v2 Routers
The default password of the router is root for the root user. To maintain the security of
your network change the default password. You can not enable remote access to the
router for example, in NAT, until you change the password.
124
v2 Routers
The XR5i v2 router does not support the Set SMS Service Center Address option.
The function requires you to enter the phone number of the SMS service center to send
SMS messages. To specify the SMS service center phone number use the Set SMS Ser-
vice Center configuration form in the Administration section of the main menu. You can leave
the field blank if your SIM card contains the phone number of the SMS service center by
default. This phone number can have a value without an international prefix (xxx-xxx-xxx)
or with an international prefix (+420-xxx-xxx-xxx). If you are unable to send or receive SMS
messages, contact your carrier to find out if this parameter is required.
The XR5i v2 router does not support the Unlock SIM Card option.
If your SIM card is protected using a 4 – 8 digit PIN number (Personal Identification Num-
ber), open the Unlock SIM Card form in the Administration section of the main menu and enter
the PIN number in the SIM PIN field, then click the Apply button. The router requires you to
enter the PIN code each time that you power up the SIM card.
The SIM card is blocked after three failed attempts to enter the PIN code. Unblocking of
SIM card by PUK number is described in next chapter.
125
v2 Routers
The XR5i v2 router does not support the Unblock SIM Card option.
SIM card can be unblocked on Unblock SIM Card administration page. The SIM card can
be either unblocked or just the SIM code can be changed. In both cases the PUK code into
SIM PUK field and new SIM code into New SIM PIN field has to be entered. To proceed click
on Apply button.
The SIM card will be permanently blocked after the three unsuccessful attempts of the
PUK code entering.
126
v2 Routers
The XR5i v2 router does not support the Send SMS option.
You can send an SMS message from the router to test the cellular network. Use the Send
SMS dialog in the Administration section of the main menu to send SMS messages. Enter the
Phone number and text of your message in the Message field, then click the Send button. The
router limits the maximum length of an SMS to 160 characters. (To send longer messages,
install the pduSMS user module).
It is also possible to send an SMS message using CGI script. For details of this method,
see the application note Commands and Scripts [1].
Keep in mind potential security risks when creating backup, especially for user accounts.
Secured connection to the router should be used.
You can save actual configuration of the router using the Backup Configuration item in
the Administration menu section. If you click on this item a configuration pane will open, see
figure 79. Here you can choose what will be backed up. You can back up configuration of the
router (item Configuration) or configuration of all user accounts (item Users). Both types of the
configuration can be backed up separately or at once into one configuration file.
Click on Apply button and the configuration will be stored into configuration file (file with
cfg extension) into a directory according the settings of the web browser. Stored configuration
can be later used for its restoration, see chapter 5.10 for more information.
127
v2 Routers
Due to the different format it is not possible to import user accounts backed up on a router
of v1 product line (and older) to a router of v2 product line (and newer). The same
limmitation is for opposite direction.
You can restore a configuration of the router stored into a file using the Restore Configura-
tion form. Click on Browse button to navigate to the directory containing the configuration file
you wish to load to the router. To start the restoration process click on Apply button.
Do not turn off the router during the firmware update. The firmware update can take up to
five minutes to complete. Always use the filename written out as Firmware Name when
updating the firmware.
During the firmware update, the router will show the following messages. The progress is
shown in the form of adding dots (’.’).
After the firmware update, the router will automatically reboot.
128
v2 Routers
Uploading firmware intended for a different device can cause damage to the router.
Starting with FW 5.1.0, a mechanism to prevent multiple startups of the firmware update
is included. Firmware update can cause incompatibility with the user modules. It is recom-
mended to update user modules to the most recent version. Information about user module
and firmware compatibility is at the beginning of the user module’s Application Note.
5.12 Reboot
To reboot the router select the Reboot menu item and then press the Reboot button.
129
v2 Routers
Monitoring of status, configuration and administration of the router can be performed over
the Telnet interface. The default IP address of the modem is 192.168.1.1. Configuration may
be performed only by the user "root" with initial password "root".
The following commands may be used to configure the router over Telnet:
Command Description
cat file contain write
cp copy of file
date show/change of system time
df displaying of informations about file system
dmesg displaying of kernel diagnostics messages
echo string write
email Email send
free displaying of informations about memory
gsmat sends AT commands (cdmaat for routers with CDMA module)
gsminfo displaying of informations about signal quality
gsmsms SMS send
hwclock displaying/change of time in RTC
ifconfig displaying/change of interface configuration
io reading/writing input/output pins
ip displaying/change of route table
iptables displaying/modification of NetFilter rules
kill process kill
killall processes kill
ln link create
ls dump of directory contain
mkdir file create
mv file move
ntpdate synchronization of system time with NTP server
Continued on next page
130
v2 Routers
Command Description
passwd password change
ping ICMP ping
ps displaying of processes information
pwd dump of actual directory
reboot reboot
rm file delete
rmdir directory delete
route displaying/change of route table
service start/stop of service
sleep pause on set seconds number
slog displaying of system log
tail displaying of file end
tcpdump monitoring of network
touch file create/actualization of file time stamp
vi text editor
Table 79: Telnet commands
131
v2 Routers
Backup Routes Allows user to back up the pri- the router’s IP address and updates it whenever
mary connection with alternative connections to it changes.
the Internet/mobile network. Each backup con-
nection can have assigned a priority. Switching GRE Generic Routing Encapsulation (GRE) is
between connections is done based upon set pri- a tunneling protocol that can encapsulate a wide
orities and the state of the connections. variety of network layer protocols inside virtual
point-to-point links over an Internet Protocol net-
DHCP The Dynamic Host Configuration Proto- work. It is possible to create four different tun-
col (DHCP) is a network protocol used to con- nels.
figure devices that are connected to a network
so they can communicate on that network using HTTP The Hypertext Transfer Protocol (HTTP)
the Internet Protocol (IP). The protocol is imple- is an application protocol for distributed, collab-
mented in a client-server model, in which DHCP orative, hypermedia information systems. HTTP
clients request configuration data, such as an IP is the foundation of data communication for the
address, a default route, and one or more DNS World Wide Web.
server addresses from a DHCP server. Hypertext is structured text that uses logi-
cal links (hyperlinks) between nodes containing
DHCP client Requests network configuration text. HTTP is the protocol to exchange or transfer
from DHCP server. hypertext.
DHCP server Answers configuration request by HTTPS The Hypertext Transfer Protocol Secure
DHCP clients and sends network configuration (HTTPS) is a communications protocol for se-
details. cure communication over a computer network,
with especially wide deployment on the Inter-
DNS The Domain Name System (DNS) is a hi- net. Technically, it is not a protocol in and of it-
erarchical distributed naming system for comput- self; rather, it is the result of simply layering the
ers, services, or any resource connected to the Hypertext Transfer Protocol (HTTP) on top of the
Internet or a private network. It associates var- SSL/TLS protocol, thus adding the security ca-
ious information with domain names assigned pabilities of SSL/TLS to standard HTTP commu-
to each of the participating entities. Most promi- nications.
nently, it translates easily memorized domain
names to the numerical IP addresses needed IP address An Internet Protocol address (IP
for the purpose of locating computer services address) is a numerical label assigned to each
and devices worldwide. By providing a world- device (e.g., computer, printer) participating in
wide, distributed keyword-based redirection ser- a computer network that uses the Internet Pro-
vice, the Domain Name System is an essential tocol for communication. An IP address serves
component of the functionality of the Internet. two principal functions: host or network inter-
face identification and location addressing. Its
DynDNS client DynDNS service lets you ac- role has been characterized as follows: A name
cess the router remotely using an easy to re- indicates what we seek. An address indicates
member custom hostname. This client monitors where it is. A route indicates how to get there
132
v2 Routers
The designers of the Internet Protocol defined an ries the vast majority of Internet traffic as of
IP address as a 32-bit number and this system, 2013. As of late November 2012, IPv6 traffic
known as Internet Protocol Version 4 (IPv4), is share was reported to be approaching 1%.
still in use today. However, due to the enormous IPv6 addresses are represented as eight groups
growth of the Internet and the predicted deple- of four hexadecimal digits separated by colons
tion of available addresses, a new version of IP (2001:0db8:85a3:0042:1000:8a2e:0370:7334),
(IPv6), using 128 bits for the address, was de- but methods of abbreviation of this full notation
veloped in 1995. exist.
133
v2 Routers
tablish and maintain Internet protocol connec- ubiquitous nature of the RADIUS protocol, it is
tions across gateways that implement network often used by ISPs and enterprises to manage
address translation (NAT). access to the Internet or internal networks, wire-
less networks, and integrated e-mail services.
NTP Network Time Protocol (NTP) is a net-
working protocol for clock synchronization be- Root certificate In cryptography and com-
tween computer systems over packet-switched, puter security, a root certificate is either an un-
variable-latency data networks. signed public key certificate or a self-signed cer-
tificate that identifies the Root Certificate Author-
OpenVPN OpenVPN implements virtual pri- ity (CA). A root certificate is part of a public key
vate network (VPN) techniques for creating se- infrastructure scheme. The most common com-
cure point-to-point or site-to-site connections. It mercial variety is based on the ITU-T X.509 stan-
is possible to create four different tunnels. dard, which normally includes a digital signature
from a certificate authority (CA).
PAT Port and Address Translation (PAT) or Net- Digital certificates are verified using a chain of
work Address Port Translation (NAPT) see NAT. trust. The trust anchor for the digital certificate is
the Root Certificate Authority (CA). See X.509.
Port In computer networking, a Port is an
application-specific or process-specific software Router A router is a device that forwards data
construct serving as a communications endpoint packets between computer networks, creating
in a computer’s host operating system. A port is an overlay internetwork. A router is connected
associated with an IP address of the host, as to two or more data lines from different net-
well as the type of protocol used for communi- works. When a data packet comes in one of the
cation. The purpose of ports is to uniquely iden- lines, the router reads the address information
tify different applications or processes running in the packet to determine its ultimate destina-
on a single computer and thereby enable them tion. Then, using information in its routing ta-
to share a single physical connection to a packet- ble or routing policy, it directs the packet to the
switched network like the Internet. next network on its journey. Routers perform the
traffic directing functions on the Internet. A data
packet is typically forwarded from one router to
PPTP The Point-to-Point Tunneling Protocol
another through the networks that constitute the
(PPTP) is a tunneling protocol that operates at
internetwork until it reaches its destination node.
the Data Link Layer (Layer 2) of the OSI Ref-
erence Model. PPTP is a proprietary technique
that encapsulates Point-to-Point Protocol (PPP) SFTP Secure File Transfer Protocol (SFTP) is
frames in Internet Protocol (IP) packets using a secure version of File Transfer Protocol (FTP),
the Generic Routing Encapsulation (GRE) pro- which facilitates data access and data transfer
tocol. Packet filters provide access control, end- over a Secure Shell (SSH) data stream. It is part
to-end and server-to-server. of the SSH Protocol. This term is also known as
SSH File Transfer Protocol.
RADIUS Remote Authentication Dial-In User
Service (RADIUS) is a networking protocol that SMTP The SMTP (Simple Mail Transfer Proto-
provides centralized Authentication, Authoriza- col) is a standard e-mail protocol on the Internet
tion, and Accounting (AAA or Triple A) manage- and part of the TCP/IP protocol suite, as defined
ment for users who connect and use a network by IETF RFC 2821. SMTP defines the message
service. Because of the broad support and the format and the message transfer agent (MTA),
which stores and forwards the mail. SMTP by de-
134
v2 Routers
fault uses TCP port 25. The protocol for mail sub- or the public Internet. It resides at the transport
mission is the same, but uses port 587. SMTP layer.
connections secured by SSL, known as SMTPS, Web browsers use TCP when they connect to
default to port 465. servers on the World Wide Web, and it is used
to deliver email and transfer files from one loca-
SMTPS SMTPS (Simple Mail Transfer Protocol tion to another.
Secure) refers to a method for securing SMTP
with transport layer security. For more informa- UDP The User Datagram Protocol (UDP) is one
tion about SMTP, see description of the SMTP. of the core members of the Internet protocol suite
(the set of network protocols used for the Inter-
SNMP The Simple Network Management Pro- net). With UDP, computer applications can send
tocol (SNMP) is an Internet-standard protocol messages, in this case referred to as datagrams,
for managing devices on IP networks. Devices to other hosts on an Internet Protocol (IP) net-
that typically support SNMP include routers, work without prior communications to set up spe-
switches, servers, workstations, printers, mo- cial transmission channels or data paths. The
dem racks, and more. It is used mostly in net- protocol was designed by David P. Reed in 1980
work management systems to monitor network- and formally defined in RFC 768.
attached devices for conditions that warrant ad-
ministrative attention. SNMP is a component of URL A uniform resource locator, abbreviated
the Internet Protocol Suite as defined by the In- URL, also known as web address, is a spe-
ternet Engineering Task Force (IETF). It con- cific character string that constitutes a refer-
sists of a set of standards for network manage- ence to a resource. In most web browsers, the
ment, including an application layer protocol, a URL of a web page is displayed on top in-
database schema, and a set of data objects. side an address bar. An example of a typi-
cal URL would be http://www.example.com/
SSH Secure Shell (SSH), sometimes known index.html, which indicates a protocol (http), a
as Secure Socket Shell, is a UNIX-based com- hostname (www.example.com), and a file name
mand interface and protocol for securely getting (index.html). A URL is technically a type of uni-
access to a remote computer. It is widely used form resource identifier (URI), but in many tech-
by network administrators to control Web and nical documents and verbal discussions, URL is
other kinds of servers remotely. SSH is actually often used as a synonym for URI, and this is not
a suite of three utilities – slogin, ssh, and scp considered a problem.
– that are secure versions of the earlier UNIX
utilities, rlogin, rsh, and rcp. SSH commands VPN A virtual private network (VPN) extends a
are encrypted and secure in several ways. Both private network across a public network, such as
ends of the client/server connection are authen- the Internet. It enables a computer to send and
ticated using a digital certificate, and passwords receive data across shared or public networks
are protected by being encrypted. as if it were directly connected to the private net-
work, while benefiting from the functionality, se-
TCP The Transmission Control Protocol (TCP) curity and management policies of the private
is one of the core protocols of the Internet proto- network. This is done by establishing a virtual
col suite (IP), and is so common that the entire point-to-point connection through the use of ded-
suite is often called TCP/IP. TCP provides reli- icated connections, encryption, or a combination
able, ordered, error-checked delivery of a stream of the two.
of octets between programs running on comput- A VPN connection across the Internet is similar
ers connected to a local area network, intranet to a wide area network (WAN) link between the
135
v2 Routers
sites. From a user perspective, the extended net- regional, or national boundaries) using private or
work resources are accessed in the same way as public network transports. Business and govern-
resources available from the private network. ment entities utilize WANs to relay data among
employees, clients, buyers, and suppliers from
VPN server see VPN. various geographical locations. In essence, this
mode of telecommunication allows a business
VPN tunnel see VPN. to effectively carry out its daily function regard-
less of location. The Internet can be considered
a WAN as well, and is used by businesses, gov-
VRRP VRRP protocol (Virtual Router Redun-
ernments, organizations, and individuals for al-
dancy Protocol) allows you to transfer packet
most any purpose imaginable.
routing from the main router to a backup router
in case the main router fails. (This can be used
to provide a wireless cellular backup to a primary X.509 In cryptography, X.509 is an ITU-T
wired router in critical applications). standard for a public key infrastructure (PKI)
and Privilege Management Infrastructure (PMI).
X.509 specifies, amongst other things, standard
WAN A wide area network (WAN) is a network
formats for public key certificates, certificate re-
that covers a broad area (i.e., any telecommu-
vocation lists, attribute certificates, and a certifi-
nications network that links across metropolitan,
cation path validation algorithm.
136
v2 Routers
8. Index
Data limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Default Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 H
Default IP address . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Default password . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 HTTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Default SIM card . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Default username . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20, 132 I
Dynamic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70, 133
DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Authenticate Mode . . . . . . . . . . . . . . . . . . . . 72
DNS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20, 35 Encapsulation Mode . . . . . . . . . . . . . . . . . . 71
Domain Name System . . . . . . . . . . . . . . see DNS IKE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
DoS attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
137
v2 Routers
L Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Remote access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80, 133 Restore Configuration . . . . . . . . . . . . . . . . . . . . 128
LAN Router
Primary LAN . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Accessing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Secondary LAN . . . . . . . . . . . . . . . . . . . . . . . 20
Location Area Code . . . . . . . . . . . . . . . . . . . . . . . . . 7
S
M Save Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Save Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Mobile network . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Send SMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Multiple WANs . . . . . . . . . . . . . . . . . . . . . . . . . 53, 55 Serial line
RS232 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
RS422 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
N RS485 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Serial number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60, 133 Set internal clock . . . . . . . . . . . . . . . . . . . . . . . . . 124
Neighbouring WiFi Networks . . . . . . . . . . . . . . . 11 Signal Quality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Network Address Translation . . . . . . . . see NAT Signal Strength . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87, 134 Simple Network Management Protocol . . . . see
NTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 SNMP
SMS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
SMS Service Center . . . . . . . . . . . . . . . . . . . . . . 125
O SMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94, 134
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88, 135
Object Identifier. . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 SSH. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
OpenVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65, 134 Startup Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Authenticate Mode . . . . . . . . . . . . . . . . . . . . 66 Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Switch between SIM Cards . . . . . . . . . . . . . . . . 36
System Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
P
Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 T
PAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
PIN number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
PLMN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106, 130
Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Transmission Control Protocol . . . . . . . see TCP
PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
PPPoE Bridge Mode . . . . . . . . . . . . . . . . . . . . . . . 39
PPTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82, 134 U
PUK number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Unblock SIM card . . . . . . . . . . . . . . . . . . . . . . . . 126
R Uniform resource locator . . . . . . . . . . . . see URL
Unlock SIM card. . . . . . . . . . . . . . . . . . . . . . . . . . 125
RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43, 46 Up/Down script . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
138
v2 Routers
139
v2 Routers
9. Recommended Literature
[1] Advantech B+B SmartWorx: Commands and Scripts for v2 and v3 Routers,
Application Note
[2] Advantech B+B SmartWorx: SmartCluster, Application Note
[3] Advantech B+B SmartWorx: R-SeeNet, Application Note
[4] Advantech B+B SmartWorx: R-SeeNet Admin, Application Note
[5] Advantech B+B SmartWorx: OpenVPN Tunnel, Application Note
[6] Advantech B+B SmartWorx: IPsec Tunnel, Application Note
[7] Advantech B+B SmartWorx: GRE Tunnel, Application Note
[8] Advantech B+B SmartWorx: SNMP Object Identifier, Application Note
[9] Advantech B+B SmartWorx: AT Commands, Application Note
140