Global Net MRM-X3000 Installation And Configuration Manual
Multi-Radio-Modem
X3000
Installation and Configuration Guide
Important Notice
The Multi-Radio-Modem X3000 (MRM-X3000) when used in conjunction with a third
party wireless data device (Express card or USB radio device) on a well-designed
wireless network is intended to provide secure reliable communications.
GNCI accepts no responsibility for damages of any kind resulting from network failure,
instability of a wireless network, incorrectly configured MRM devices, or failure of the
GNCI MRM-X3000 device.
Copyright
©2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, Global Net
Commerce Inc. All rights reserved.
Printed in Canada
No part of this publication may be reproduced, stored in a retrieval system, or
transmitted by any form or by any means, without the prior permission of the publisher.
The information in this manual is subject to change without notice.
Global Net Commerce Inc. shall not be liable for incidental or consequential damages
resulting from the use, performance, or furnishing of this manual.
Trademarks
Product names, brands, logos, trademarks, etc., other than those of Global Net
Commerce Inc. used in this manual, are owned by their respective companies.
The equipment certifications appropriate to your devices are marked on the device and
the accompanying product specific documentation.
Devices inserted into the Express Card or USB slot of the Multi-Radio-Modem have
their own regulatory compliance markings and documentation.
Important Note: United States FCC Information
This equipment has been tested and found to comply with the limits for a class B digital
device, pursuant to part 15 of the FCC rules and ICES 03. These limits are designed to
provide reasonable protection against harmful interference in a residential installation.
This equipment generates uses and can radiate radio frequency energy and, if not
installed and used in accordance with the instructions, may cause harmful interference
to radio communications. However, there is no guarantee that interference will not occur
Regulatory Information
in a particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the
user is encouraged to try to correct the interference by one or more of the following
measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and the receiver.
Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
Caution: Changes or modifications to this equipment, not expressly approved by GNCI,
could void the user's authority to operate the equipment.
Contact Information
Main Office
2102 Business Centre Drive
Suite 130
Irvine, California
92612 USA
Lab and Warehouse
711 W. 17th Street
Unit G9
Costa Mesa, California
92627 USA
www.gnciwireless.com.com
For Sales, Service, Warranty, and Repair
Please Call 949.515.1960
By email:
info@gnciwireless.com
sales@gnciwireless.com
Item Description
Required or Optional
Multi-Radio-Modem Base Unit
Required
MRM Power Supply
Required
Express/USB Radio Card
Required
SIM Card
Optional *
GSM Antenna
Optional **
CDMA Antenna
Optional ***
ULSSC Cable
Optional ****
1. About This Guide
1.1. Introduction
This guide is intended to provide instruction on the physical installation of the MultiRadio-Modem, and related devices. Additionally, this guide provides instructions and
guidelines on software configuration. This guide assumes the reader is familiar with the
design and configuration of Internet Protocol network devices, such as routers and
switches.
1.1.1. Components for the Multi-Radio-Modem
Below are the required and optional components for the correct operation of the MultiRadio-Modem.
* SIM Card is required only for GSM Radio Cards.
** GSM Antenna comes only when MRM ordered for GSM networks.
*** CDMA Antenna comes only when MRM ordered for CDMA networks.
**** ULSSC Cable is required only for legacy protocol operations such as Bisync and
SDLC.
1.2. Sequence Used for This Guide
A general overview of using the MRM in a wireless network is given to provide the
reader with some context and understanding for the configuration sections.
Network addressing is critical to the successful operation of the MRM, and a section
discussing network addressing is provided.
The MRM unit must be configured prior to use, with client specific addressing and
information. Therefore, the configuration section is covered prior to the physical
installation section.
2. System Overview
This chapter provides an overview of the MRM product, and where it fits into a network
topology.
2.1. Introduction
The MRM solution from GNCI is designed to permit wireless operations of Automated
Teller Machines (ATM), Point of Sale controllers (POS), Branch Backup, Mobile
Branches and other high security, stationary/mobile business devices.
This product is designed to seamlessly deploy wireless access points for the intended
devices, where traditionally, land line services are required.
This equipment is also designed, to easily retrofit existing land line deployments, without
significant operational, or configuration changes required to existing systems.
This equipment is a multi.purpose, multi.protocol, flexible, high security appliance
capable of integrating into sophisticated networking environments.
2.2. Network Overview, All Protocols including IP
Figure 2.1
2.3. Network Components
Figure 2.1 shows various components of a wireless network using MRM devices.
Each of these main components is described in this section.
2.3.1. Remote Site Terminal
The remote site terminal is any X.25, SDLC, 3270 BISYNC, or TCP/IP on Ethernet
device. This can be, but is not limited to, ATM or POS machines, and personal
computers.
Note: The firmware on the MRM-X3000 supports IP protocol only.
Refer to the MRM-L3000 manual if you are running 3270 BISYNC or
SDLC Protocols
2.3.2. Remote Site GNCI MRM
The remote site MRM operates as a functioning modem on a wireless GSM
GPRS/EDGE/UMTS, HSUPA, HSDPA, HSPA+, LTE network, or a CDMA
1xRTT/EvDO/EvDO RevA, LTE network.
Additionally, the MRM provides for high security using the standards based IPSec
protocol, and encrypts data with the 3DES or AES algorithms. The MRM has a built in
firewall, which provides additional security from unwanted intrusion.
The MRM-X3000 uses a built in 10/100 Ethernet port for TCP/IP communications.
2.3.3. GSM and CDMA Networks
GSM networks are available in the United States, Canada, and many countries
worldwide. GSM is widely deployed and provides for an always on, data connection.
GSM customer networks for secure data transfer are implemented with custom or
private APNs (Access Point Name). APNs are typically deployed to enhance security,
prohibiting communications with any device or network outside of the custom or private
APN. APNs for financial applications typically provide for host location access via
private land line frame relay connections. Higher speed networks using GSM using
UMTS, HSUPA, HSDPA, HSPA+, and LTE technologies are currently being deployed.
CDMA networks are available in the United States; however deployment is limited
outside of North America. CDMA provides bursting rates to 144 kbps on 1xRTT
networks, a maximum 2.4 Mbps on EvDO RevA networks and much higher burst rates
exceeding 8.0 Mbps on newer LTE networks. For secure and financial applications,
CDMA carriers provide for host site access via land line frame relay/MPLS connections.
2.3.4. Host Location Corporate Host
The corporate host shown in figure 2.1 is responsible for providing the transaction
applications driving the ATM or POS system. These hosts can interface to the network
using serial or LAN media, and can connect with TCP/IP, SDLC, X.25, 3270 BISYNC, or
LAN based LLC2.
2.3.5. Host Location Frame Relay Router
The frame relay router shown in figure 2.1 terminates the frame relay connection and
PVC/MPLS interconnecting the host location to the GSM or CDMA network. IP
addressing for this connection is typically provided by the carrier along with private
client designated IP addressing. Shown in figure 2.1 as a device of its own, this may be
a shared device terminating other frame relay connections for other applications, or may
be a device of combined function terminating frame relay, and also providing for IPSec
termination.
2.3.6. Host Location IPSec Tunnel Termination
The IPSec tunnel termination device shown in figure 2.1 manages the IPSec tunnels to
each remote MRM unit. It is responsible for maintaining keys for each remote MRM, and
providing 3DES encrypted payload. Additionally, this router must be placed into this
topology at a strategic location, to ensure proper IP routing to hosts and remote MRM
devices. Shown in figure 2.1, this device may be solely used for IPSec termination, or it
may run IPSec in addition to other functions in the network, including the termination of
frame relay/MPLS lines discussed in section 2.3.5. Typically, this device is a Cisco
Systems router or VPN server. Many models of Cisco equipment support IPSec. The
selection criteria used to determine which specific model is best suited for a client
network is dependent upon network size, topology, and other design considerations,
determined prior to any MRM units being deployed in the field.
2.4. Network Addressing
For any network to route data correctly, there must be an addressing and numbering
scheme employed. This section describes the important addressing and numbering
elements for a successful MRM deployment. A network addressing plan is
recommended to be made prior to any major MRM deployment. Specific configuration
tasks related to addressing are discussed in the next chapter.
2.4.1. IP Addressing
This section describes the IP addressing requirements across an MRM network.
Below is figure 2.4 indicating important areas of IP address consideration, numbered
one (1) through five (5).
The main concept of IP addressing when using IPSec, is to create a "tunnel" across a
foreign internet or third party network, connecting two private network entities together,
while masking from the end points, the existence of the transit network.
In figure 2.4 below, the private networks 1 and 5 are unaware of the carrier’s Internet
network connecting them together, through the use of the IPSec tunnel across the
network.
Figure 2.4
2.4.1.1. Area 1 IP Addressing Host Private Network
The host location private IP network is the private network in which the host is located.
For non-IP host communications, this network is part of the IPSec router terminating the
tunnels. This network typically exists prior to an MRM deployment, and IP network
addressing has been assigned by a network design engineer or administrator, typically
using IP Address for private Internets as described in RFC 1918. The corporate host
and any other service hosts, including management hosts and their respective IP
networks, must be visible to the "remote" device network (Area 5) through the IPSec
tunnel.
2.4.1.2. Area 2 IP Addressing Tunnel Termination
The device(s) in area 2 must be directly connected, or reachable to the IP host in area
1. In addition, the IPSec tunnel terminating device in area 2, must have an IP address
acting as a tunnel peer to the remote MRM devices, and must be reachable through the
CDMA or GSM network. This IP address is normally assigned by the carrier, to ensure
reachability across the carrier’s network to the remote MRM. However, carriers now
offer MPLS Private VPN networks which provide for client-specific IP addressing. If the
carrier assigns the IP addressing, the carrier will typically assign a small IP network
from their IP address space, with a 29- or 30-bit mask. One host from within this
network must act as the IPSec tunnel peer. This network can be assigned on a physical
interface, or a logical (loopback) interface.
2.4.1.3. Area 3 IP Addressing Frame Relay/MPLS Access Point
Frame Relay/MPLS is typically used to connect the host network to the carrier. A
customer can use an existing frame relay/MPLS circuit. Prior to the introduction of
MPLS circuits, a PVC connection to the carrier was required, or in some cases, a
completely new frame relay line was used, with a PVC connection to the carrier. This
determination is made during the design stage of a network. The carrier will assign an
IP subnet for use on the frame relay PVC, typically with a 30-bit mask, providing for one
IP at the client router for the PVC, and one IP at the carrier’s router for the same PVC.
For routing purposes, the IP address assigned to the carriers router, becomes the
gateway address to reach Area 4 IP networks (MRM radio IP addresses). This address
is used for static routing purposes in the client frame relay router, as the next hop
address to reach the distant MRM IP range (Area 4). Routing protocols are not
permitted on the frame relay link between the client and carrier. Frame relay DLCI
numbers are assigned by the frame relay carrier responsible for the PVC link between
the client and the carrier, and are made available when the PVC order is complete.
Note: Recently Carriers have migrated away from Frame Relay and are now only
offering Private VPN Tunnels over MPLS Circuits.
2.4.1.4. Area 4 IP Addressing MRM Radio IP
In both GSM and CDMA networks, the IP address assigned to the radio device
connecting to the carrier network is made dynamically. The IP addresses are
determined by the carrier, and assigned to the modem dynamically during connection
time. In both CDMA and GSM networks, the modems connect to the network using the
PPP protocol, and are assigned IP addresses during this connection setup. IP
addresses that are dynamically assigned are typically known to be within an IP subnet
range, which is useful to know for the purposes of IPSec configurations at the host
network. In the case of a private or custom APN on the GSM network, the IP address
range which can be assigned to the connecting modems is tightly defined, and is a
range of IP addresses which will only be assigned to modems belonging to the private
APN, and thereby will only be assigned to modems belonging to a particular client.
Some GSM carriers offer to use IP address space for the modems, which can be
specified by the client.
From the perspective of the MRM device, the IP address assigned to the radio of the
MRM at connection time, acts as the devices Wide Area Network (WAN) interface. This
IP address acts as the IPSec tunnel peer, communicating with the host network tunnel
peer. Since the IP Address is dynamic, only the peer at the host IPSec tunnel
termination router is known. Therefore, specific IPSec configuration is required at the
host, examples of which are discussed in the next section.
2.4.1.5. Area 5 IP Addressing Remote Private IP Network
The remote location private IP network is a private IP network in which the remote
device (ATM or POS) is connected to or associated. This network is assigned prior to
an MRM deployment, and IP network addressing has been assigned by a network
design engineer or an administrator. This is typically done using an IP address for a
private network as described in RFC 1918 and form part of the IP address plan for the
wireless network.
This network communicates with the Area 1 private network (Host Network), over the
IPSec tunnel. For Ethernet connected TCP/IP devices, an IP network must be
assigned, and, individual host IP addresses from this network must be assigned for the
MRM's Ethernet port, and the ATM/POS device.
Example: IP Network: 192.168.10.0/30
MRM Ethernet Port: 192.168.10.1
ATM/POS device: 192.168.10.2
This IP network operates on a virtual (loopback) port within the MRM, not associated to
any physical interface, for the purposes of IPSec private networking with the host
private network.
2.4.2. Other Network Numbering Requirements
For legacy protocol implementations, other network numbering assignments are
required, such as X.121 addresses and poll codes. Refer to the MRM-L3000 Installation
Guide for legacy protocols.
MRM Serial Number
1010150438
Radio Card Serial Number
356471031535837
SIM Card Number
89302370105215208037
Mobile Telephone Number
949.555.1212
APN Name
mybanksapn.com
Username
GSM
Password
network
3. MRM-X3000 Configuration
This chapter provides instruction for the configuration of the MRM for remote site
operation.
In order to use the MRM, a wireless service account must be established with a wireless
carrier, and the MRM configured with account specific information.
3.1. Preparation
This section describes what information is required before configuring the MRM for the
wireless services provider.
3.1.1 GSM Preparation
The GSM service provider will provide the following for account activation.
. GSM SIM Card (with SIM card number and mobile telephone number)
. APN Name
. Username
. Password
The GSM SIM card has a SIM card number and an associated mobile telephone
number. Records of these numbers should be carefully kept, as they can be required
later for troubleshooting with the carrier. It is recommended that records be kept for
each MRM location that includes the MRM serial number, the radio card serial number,
the SIM number, and telephone number.
In most cases, the APN name will remain the same for all remote MRMs belonging to
the same client.
Username and password may be supplied by the carrier as further authentication to
connect to the network. Note that some carriers do not implement the
Username/password as a requirement.
Table 3.1 Example GSM Remote Site Account Information
MRM Serial Number
1010150438
Radio Card Serial Number
09112561854
Activation Code
884325
System ID
16422
Mobile Telephone Number
949.555.1212
Username
9495551212@mycarrier.com
Password
mycarrier
3.1.2. CDMA Preparation
The CDMA service provider will provide the following for account activation:
. Username
. Password
. Telephone Number
. Activation Code
. System ID (SID)
Radio cards should be activated in a laptop using the carrier’s network activation
software. Once completed, the card can be inserted into the MRM.
The activation code and System ID are required only at initial activation time, using the
carrier’s activation software. The Username and password are required for
configuration in the MRM, if required by the carrier. Records should be kept for each
remote MRM with the noted information from the example below.
Table 3.1.2 Example CDMA Remote Site Account Information
3.2. Components Required For Configuration
This section describes the required equipment, cables, and software for the
configuration of the MRM.
3.2.1. Required Components for GSM Configuration
Configuration of the MRM requires the user to provide the following:
* A desktop or laptop computer, with an Ethernet communications port and an
Express Card/USB ports
* An Ethernet cable (either straight-through or crossover)
* A browser such as Internet Explorer or Mozilla Firefox
3.2.2. Required Components for CDMA Configuration
Configuration of the MRM requires the user to provide the following:
* A desktop or laptop computer, with an Ethernet communications port and an
ExpressCard / USB port
* An Ethernet cable
* A browser such as Internet Explorer or Mozilla Firefox
D -IN I
DC-IN
Init.
D -IN I
3.3. Accessing the MRM for Initial Configuration
The MRM unit is shipped with a default configuration, which includes a pre-defined
Ethernet port, Ethernet (facing the rear of MRM, it is the leftmost Ethernet port).
Figure 3.3.1 MRM Side Panels
Ethernet Port
Ethernet port is factory set for IP address 192.168.10.1 with a mask of
255.255.255.252. To access the MRM configuration, a connection must be made from
the computer's Ethernet port to the MRM's Ethernet port, via an Ethernet crossover
cable. The IP address settings in the computer must be set to specify IP address
192.168.10.2 with a mask of 255.255.255.252, and a gateway of 192.168.10.1.
Follow these steps to access the MRM configuration:
Step 1 . Power on the MRM unit with radio card inserted into either the
ExpressCard slot or the USB port. The port selection will depend on which
type of wireless aircard you are using. Connect the power supply cable to
AC Power, and to the 6 VDC receptacle on the MRM.
Step 2 . Connect your computer to the MRM Ethernet port (shown in Figure 3.3.1)
using a standard Ethernet cable.
Step 3 . Set the IP address, subnet mask, and gateway in your computer, as
shown on the next page.
Step 4 . Using a web browser, connect to the default IP address of 192.168.10.1.
D
-
Figure 3.3.2 Accessing the MRM via a Static IP address using USB port
Ethernet IP Add: 10.30.0.1
Ethernet Cable Masks: 255.255.255.252
Follow these steps to access the MRM configuration:
Step 1 . Power on the MRM unit without the radio card inserted in the USB port, by
connecting the power supply cable to AC power outlet, and to the 6 VDC
receptacle on the MRM. Note: A Trendnet TU2ET100 USB-to-Ethernet
adapter is required to connect through the MRM-X3000 USB port.
Step 2 . Connect your computer to the Ethernet port of the Trendnet TU2ET100
adapter. Then connect the USB adapter to the USB port on the MRMX3000. (Shown in Figure 3.3.2.)
Step 3 . Configure your computer to receive an IP address:
10.30.0.2/30 (subnet mask of 255.255.255.252).
Step 4 . Using a web browser, connect to the default gateway IP address of
10.30.0.1
MRM-X3000 Home Screen
Home Screen Start Section 3.4.1
1. A summary of the MRM-X3000 operation and connectivity status can be obtained by
Clicking on the GNCI logo in the upper left hand portion of the Home Screen
2. The information on the Home Page will provide WWAN/carrier connection status,
Total Bytes count and System Time.
3.4. Configuring the MRM System Parameters
This section describes the configuration of MRM system parameters.
3.4.1. Default Username and Password
The default system username is “admin”, and the default system password is “gnci”.
You can change the password in the Name and Password section, under the SYSTEM
CONFIG heading.
3.4.2 Basic Setup
3.4.2.1 LAN Port
LAN Port Setup
LAN Port IP Address and Mask: Enter the IP address you wish to use for the MRM.
LAN Port Speed: Speed settings for the Ethernet port on the MRM. Settings are
Negotiate Automatically, 10 Mbps Half Duplex, 10 Mbps Full Duplex, 100 Mbps Half
Duplex, 100 Mbps Full Duplex.
Enable DHCP Server on LAN Port: Check this box if you would like the MRM to act as
a DHCP server.
Loading...