Global Net MRM-X3000 Installation And Configuration Manual

Multi-Radio-Modem
X3000
Installation and Configuration Guide
Important Notice
GNCI accepts no responsibility for damages of any kind resulting from network failure, instability of a wireless network, incorrectly configured MRM devices, or failure of the GNCI MRM-X3000 device.
Copyright
©2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, Global Net Commerce Inc. All rights reserved. Printed in Canada
No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, without the prior permission of the publisher.
The information in this manual is subject to change without notice. Global Net Commerce Inc. shall not be liable for incidental or consequential damages resulting from the use, performance, or furnishing of this manual.
Trademarks
Product names, brands, logos, trademarks, etc., other than those of Global Net Commerce Inc. used in this manual, are owned by their respective companies.
The equipment certifications appropriate to your devices are marked on the device and the accompanying product specific documentation.
Devices inserted into the Express Card or USB slot of the Multi-Radio-Modem have their own regulatory compliance markings and documentation.
Important Note: United States FCC Information This equipment has been tested and found to comply with the limits for a class B digital
device, pursuant to part 15 of the FCC rules and ICES 03. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur
Regulatory Information
in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna. Increase the separation between the equipment and the receiver. Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
Caution: Changes or modifications to this equipment, not expressly approved by GNCI, could void the user's authority to operate the equipment.
Contact Information
Main Office
2102 Business Centre Drive
Suite 130
Irvine, California
92612 USA
Lab and Warehouse
711 W. 17th Street
Unit G9
Costa Mesa, California
92627 USA
www.gnciwireless.com.com
For Sales, Service, Warranty, and Repair
Please Call 949.515.1960
By email:
info@gnciwireless.com
sales@gnciwireless.com
Item Description
Required or Optional
Multi-Radio-Modem Base Unit
Required
MRM Power Supply
Required
Express/USB Radio Card
Required
SIM Card
Optional *
GSM Antenna
Optional **
CDMA Antenna
Optional ***
ULSSC Cable
Optional ****
1. About This Guide
1.1. Introduction
This guide is intended to provide instruction on the physical installation of the Multi­Radio-Modem, and related devices. Additionally, this guide provides instructions and guidelines on software configuration. This guide assumes the reader is familiar with the design and configuration of Internet Protocol network devices, such as routers and switches.
1.1.1. Components for the Multi-Radio-Modem
Below are the required and optional components for the correct operation of the Multi­Radio-Modem.
* SIM Card is required only for GSM Radio Cards. ** GSM Antenna comes only when MRM ordered for GSM networks. *** CDMA Antenna comes only when MRM ordered for CDMA networks. **** ULSSC Cable is required only for legacy protocol operations such as Bisync and
SDLC.
1.2. Sequence Used for This Guide
A general overview of using the MRM in a wireless network is given to provide the reader with some context and understanding for the configuration sections. Network addressing is critical to the successful operation of the MRM, and a section discussing network addressing is provided.
The MRM unit must be configured prior to use, with client specific addressing and information. Therefore, the configuration section is covered prior to the physical installation section.
2. System Overview
This chapter provides an overview of the MRM product, and where it fits into a network topology.
2.1. Introduction
The MRM solution from GNCI is designed to permit wireless operations of Automated Teller Machines (ATM), Point of Sale controllers (POS), Branch Backup, Mobile Branches and other high security, stationary/mobile business devices.
This product is designed to seamlessly deploy wireless access points for the intended devices, where traditionally, land line services are required.
This equipment is also designed, to easily retrofit existing land line deployments, without significant operational, or configuration changes required to existing systems.
This equipment is a multi.purpose, multi.protocol, flexible, high security appliance capable of integrating into sophisticated networking environments.
2.2. Network Overview, All Protocols including IP
Figure 2.1
2.3. Network Components
Figure 2.1 shows various components of a wireless network using MRM devices. Each of these main components is described in this section.
2.3.1. Remote Site Terminal
The remote site terminal is any X.25, SDLC, 3270 BISYNC, or TCP/IP on Ethernet device. This can be, but is not limited to, ATM or POS machines, and personal computers.
Note: The firmware on the MRM-X3000 supports IP protocol only.
Refer to the MRM-L3000 manual if you are running 3270 BISYNC or SDLC Protocols
2.3.2. Remote Site GNCI MRM
The remote site MRM operates as a functioning modem on a wireless GSM GPRS/EDGE/UMTS, HSUPA, HSDPA, HSPA+, LTE network, or a CDMA 1xRTT/EvDO/EvDO RevA, LTE network.
Additionally, the MRM provides for high security using the standards based IPSec protocol, and encrypts data with the 3DES or AES algorithms. The MRM has a built in firewall, which provides additional security from unwanted intrusion.
The MRM-X3000 uses a built in 10/100 Ethernet port for TCP/IP communications.
2.3.3. GSM and CDMA Networks
GSM networks are available in the United States, Canada, and many countries worldwide. GSM is widely deployed and provides for an always on, data connection. GSM customer networks for secure data transfer are implemented with custom or private APNs (Access Point Name). APNs are typically deployed to enhance security, prohibiting communications with any device or network outside of the custom or private APN. APNs for financial applications typically provide for host location access via private land line frame relay connections. Higher speed networks using GSM using UMTS, HSUPA, HSDPA, HSPA+, and LTE technologies are currently being deployed.
CDMA networks are available in the United States; however deployment is limited outside of North America. CDMA provides bursting rates to 144 kbps on 1xRTT networks, a maximum 2.4 Mbps on EvDO RevA networks and much higher burst rates exceeding 8.0 Mbps on newer LTE networks. For secure and financial applications, CDMA carriers provide for host site access via land line frame relay/MPLS connections.
2.3.4. Host Location Corporate Host
The corporate host shown in figure 2.1 is responsible for providing the transaction applications driving the ATM or POS system. These hosts can interface to the network using serial or LAN media, and can connect with TCP/IP, SDLC, X.25, 3270 BISYNC, or LAN based LLC2.
2.3.5. Host Location Frame Relay Router
The frame relay router shown in figure 2.1 terminates the frame relay connection and PVC/MPLS interconnecting the host location to the GSM or CDMA network. IP addressing for this connection is typically provided by the carrier along with private client designated IP addressing. Shown in figure 2.1 as a device of its own, this may be a shared device terminating other frame relay connections for other applications, or may be a device of combined function terminating frame relay, and also providing for IPSec termination.
2.3.6. Host Location IPSec Tunnel Termination
The IPSec tunnel termination device shown in figure 2.1 manages the IPSec tunnels to each remote MRM unit. It is responsible for maintaining keys for each remote MRM, and providing 3DES encrypted payload. Additionally, this router must be placed into this topology at a strategic location, to ensure proper IP routing to hosts and remote MRM devices. Shown in figure 2.1, this device may be solely used for IPSec termination, or it may run IPSec in addition to other functions in the network, including the termination of frame relay/MPLS lines discussed in section 2.3.5. Typically, this device is a Cisco Systems router or VPN server. Many models of Cisco equipment support IPSec. The selection criteria used to determine which specific model is best suited for a client network is dependent upon network size, topology, and other design considerations, determined prior to any MRM units being deployed in the field.
2.4. Network Addressing
For any network to route data correctly, there must be an addressing and numbering scheme employed. This section describes the important addressing and numbering elements for a successful MRM deployment. A network addressing plan is recommended to be made prior to any major MRM deployment. Specific configuration tasks related to addressing are discussed in the next chapter.
2.4.1. IP Addressing
This section describes the IP addressing requirements across an MRM network. Below is figure 2.4 indicating important areas of IP address consideration, numbered
one (1) through five (5). The main concept of IP addressing when using IPSec, is to create a "tunnel" across a
foreign internet or third party network, connecting two private network entities together, while masking from the end points, the existence of the transit network.
In figure 2.4 below, the private networks 1 and 5 are unaware of the carriers Internet network connecting them together, through the use of the IPSec tunnel across the network.
Figure 2.4
2.4.1.1. Area 1 IP Addressing Host Private Network
The host location private IP network is the private network in which the host is located. For non-IP host communications, this network is part of the IPSec router terminating the tunnels. This network typically exists prior to an MRM deployment, and IP network addressing has been assigned by a network design engineer or administrator, typically using IP Address for private Internets as described in RFC 1918. The corporate host and any other service hosts, including management hosts and their respective IP networks, must be visible to the "remote" device network (Area 5) through the IPSec tunnel.
2.4.1.2. Area 2 IP Addressing Tunnel Termination
The device(s) in area 2 must be directly connected, or reachable to the IP host in area
1. In addition, the IPSec tunnel terminating device in area 2, must have an IP address acting as a tunnel peer to the remote MRM devices, and must be reachable through the CDMA or GSM network. This IP address is normally assigned by the carrier, to ensure reachability across the carrier’s network to the remote MRM. However, carriers now offer MPLS Private VPN networks which provide for client-specific IP addressing. If the carrier assigns the IP addressing, the carrier will typically assign a small IP network from their IP address space, with a 29- or 30-bit mask. One host from within this network must act as the IPSec tunnel peer. This network can be assigned on a physical interface, or a logical (loopback) interface.
2.4.1.3. Area 3 IP Addressing Frame Relay/MPLS Access Point
Frame Relay/MPLS is typically used to connect the host network to the carrier. A customer can use an existing frame relay/MPLS circuit. Prior to the introduction of MPLS circuits, a PVC connection to the carrier was required, or in some cases, a completely new frame relay line was used, with a PVC connection to the carrier. This determination is made during the design stage of a network. The carrier will assign an IP subnet for use on the frame relay PVC, typically with a 30-bit mask, providing for one IP at the client router for the PVC, and one IP at the carriers router for the same PVC. For routing purposes, the IP address assigned to the carriers router, becomes the gateway address to reach Area 4 IP networks (MRM radio IP addresses). This address is used for static routing purposes in the client frame relay router, as the next hop address to reach the distant MRM IP range (Area 4). Routing protocols are not permitted on the frame relay link between the client and carrier. Frame relay DLCI numbers are assigned by the frame relay carrier responsible for the PVC link between the client and the carrier, and are made available when the PVC order is complete.
Note: Recently Carriers have migrated away from Frame Relay and are now only offering Private VPN Tunnels over MPLS Circuits.
2.4.1.4. Area 4 IP Addressing MRM Radio IP
In both GSM and CDMA networks, the IP address assigned to the radio device connecting to the carrier network is made dynamically. The IP addresses are determined by the carrier, and assigned to the modem dynamically during connection time. In both CDMA and GSM networks, the modems connect to the network using the PPP protocol, and are assigned IP addresses during this connection setup. IP
addresses that are dynamically assigned are typically known to be within an IP subnet range, which is useful to know for the purposes of IPSec configurations at the host network. In the case of a private or custom APN on the GSM network, the IP address range which can be assigned to the connecting modems is tightly defined, and is a range of IP addresses which will only be assigned to modems belonging to the private APN, and thereby will only be assigned to modems belonging to a particular client. Some GSM carriers offer to use IP address space for the modems, which can be specified by the client.
From the perspective of the MRM device, the IP address assigned to the radio of the MRM at connection time, acts as the devices Wide Area Network (WAN) interface. This IP address acts as the IPSec tunnel peer, communicating with the host network tunnel peer. Since the IP Address is dynamic, only the peer at the host IPSec tunnel termination router is known. Therefore, specific IPSec configuration is required at the host, examples of which are discussed in the next section.
2.4.1.5. Area 5 IP Addressing Remote Private IP Network
The remote location private IP network is a private IP network in which the remote device (ATM or POS) is connected to or associated. This network is assigned prior to an MRM deployment, and IP network addressing has been assigned by a network design engineer or an administrator. This is typically done using an IP address for a private network as described in RFC 1918 and form part of the IP address plan for the wireless network.
This network communicates with the Area 1 private network (Host Network), over the IPSec tunnel. For Ethernet connected TCP/IP devices, an IP network must be assigned, and, individual host IP addresses from this network must be assigned for the MRM's Ethernet port, and the ATM/POS device.
Example: IP Network: 192.168.10.0/30 MRM Ethernet Port: 192.168.10.1 ATM/POS device: 192.168.10.2
This IP network operates on a virtual (loopback) port within the MRM, not associated to any physical interface, for the purposes of IPSec private networking with the host private network.
2.4.2. Other Network Numbering Requirements
For legacy protocol implementations, other network numbering assignments are required, such as X.121 addresses and poll codes. Refer to the MRM-L3000 Installation Guide for legacy protocols.
MRM Serial Number
1010150438
Radio Card Serial Number
356471031535837
SIM Card Number
89302370105215208037
Mobile Telephone Number
949.555.1212
APN Name
mybanksapn.com
Username
GSM
Password
network
3. MRM-X3000 Configuration
This chapter provides instruction for the configuration of the MRM for remote site operation.
In order to use the MRM, a wireless service account must be established with a wireless carrier, and the MRM configured with account specific information.
3.1. Preparation
This section describes what information is required before configuring the MRM for the wireless services provider.
3.1.1 GSM Preparation
The GSM service provider will provide the following for account activation. . GSM SIM Card (with SIM card number and mobile telephone number)
. APN Name . Username . Password
The GSM SIM card has a SIM card number and an associated mobile telephone number. Records of these numbers should be carefully kept, as they can be required later for troubleshooting with the carrier. It is recommended that records be kept for each MRM location that includes the MRM serial number, the radio card serial number, the SIM number, and telephone number.
In most cases, the APN name will remain the same for all remote MRMs belonging to the same client.
Username and password may be supplied by the carrier as further authentication to connect to the network. Note that some carriers do not implement the Username/password as a requirement.
Table 3.1 Example GSM Remote Site Account Information
MRM Serial Number
1010150438
Radio Card Serial Number
09112561854
Activation Code
884325
System ID
16422
Mobile Telephone Number
949.555.1212
Username
9495551212@mycarrier.com
Password
mycarrier
3.1.2. CDMA Preparation
The CDMA service provider will provide the following for account activation: . Username . Password . Telephone Number . Activation Code . System ID (SID)
Radio cards should be activated in a laptop using the carrier’s network activation
software. Once completed, the card can be inserted into the MRM. The activation code and System ID are required only at initial activation time, using the
carrier’s activation software. The Username and password are required for configuration in the MRM, if required by the carrier. Records should be kept for each remote MRM with the noted information from the example below.
Table 3.1.2 Example CDMA Remote Site Account Information
3.2. Components Required For Configuration
This section describes the required equipment, cables, and software for the configuration of the MRM.
3.2.1. Required Components for GSM Configuration
Configuration of the MRM requires the user to provide the following: * A desktop or laptop computer, with an Ethernet communications port and an
Express Card/USB ports * An Ethernet cable (either straight-through or crossover) * A browser such as Internet Explorer or Mozilla Firefox
3.2.2. Required Components for CDMA Configuration
Configuration of the MRM requires the user to provide the following: * A desktop or laptop computer, with an Ethernet communications port and an
ExpressCard / USB port * An Ethernet cable * A browser such as Internet Explorer or Mozilla Firefox
D -IN I
DC-IN
Init.
D -IN I
3.3. Accessing the MRM for Initial Configuration
The MRM unit is shipped with a default configuration, which includes a pre-defined Ethernet port, Ethernet (facing the rear of MRM, it is the leftmost Ethernet port).
Figure 3.3.1 MRM Side Panels
Ethernet Port
Ethernet port is factory set for IP address 192.168.10.1 with a mask of
255.255.255.252. To access the MRM configuration, a connection must be made from the computer's Ethernet port to the MRM's Ethernet port, via an Ethernet crossover cable. The IP address settings in the computer must be set to specify IP address
192.168.10.2 with a mask of 255.255.255.252, and a gateway of 192.168.10.1. Follow these steps to access the MRM configuration: Step 1 . Power on the MRM unit with radio card inserted into either the
ExpressCard slot or the USB port. The port selection will depend on which type of wireless aircard you are using. Connect the power supply cable to AC Power, and to the 6 VDC receptacle on the MRM.
Step 2 . Connect your computer to the MRM Ethernet port (shown in Figure 3.3.1)
using a standard Ethernet cable.
Step 3 . Set the IP address, subnet mask, and gateway in your computer, as
shown on the next page.
Step 4 . Using a web browser, connect to the default IP address of 192.168.10.1.
D
-
Figure 3.3.2 Accessing the MRM via a Static IP address using USB port
Ethernet IP Add: 10.30.0.1 Ethernet Cable Masks: 255.255.255.252
Follow these steps to access the MRM configuration: Step 1 . Power on the MRM unit without the radio card inserted in the USB port, by
connecting the power supply cable to AC power outlet, and to the 6 VDC receptacle on the MRM. Note: A Trendnet TU2ET100 USB-to-Ethernet adapter is required to connect through the MRM-X3000 USB port.
Step 2 . Connect your computer to the Ethernet port of the Trendnet TU2ET100
adapter. Then connect the USB adapter to the USB port on the MRM­X3000. (Shown in Figure 3.3.2.)
Step 3 . Configure your computer to receive an IP address:
10.30.0.2/30 (subnet mask of 255.255.255.252). Step 4 . Using a web browser, connect to the default gateway IP address of
10.30.0.1
MRM-X3000 Home Screen
Home Screen Start Section 3.4.1
1. A summary of the MRM-X3000 operation and connectivity status can be obtained by
Clicking on the GNCI logo in the upper left hand portion of the Home Screen
2. The information on the Home Page will provide WWAN/carrier connection status,
Total Bytes count and System Time.
3.4. Configuring the MRM System Parameters
This section describes the configuration of MRM system parameters.
3.4.1. Default Username and Password
The default system username is “admin, and the default system password is “gnci”. You can change the password in the Name and Password section, under the SYSTEM CONFIG heading.
3.4.2 Basic Setup
3.4.2.1 LAN Port
LAN Port Setup
LAN Port IP Address and Mask: Enter the IP address you wish to use for the MRM. LAN Port Speed: Speed settings for the Ethernet port on the MRM. Settings are
Negotiate Automatically, 10 Mbps Half Duplex, 10 Mbps Full Duplex, 100 Mbps Half Duplex, 100 Mbps Full Duplex.
Enable DHCP Server on LAN Port: Check this box if you would like the MRM to act as a DHCP server.
Enable Internet Access using NAT: Check this box if you would like devices connected
GSM Account Information
Value
Description
GSM APN
blank
Enter the APN name for the customer network. Mandatory field if this MRM is used in GSM mode.
Username
Blank
Enter the GSM Username. (Optional)
Password
Blank
Enter the GSM Password. (Optional)
CDMA Account Information
Value
Description
Username
Blank
Enter the CDMA Username. (Optional)
Password
Blank
Enter the CDMA Password. (Optional)
to the MRM to be able to access the Internet using Network Address Translation. DNS Mode: Choose the DNS mode you wish to use. Other options are available from
the drop-down menu. DNS IP Address: Enter the IP address of your DNS server, when configured manually.
3.4.2.2 3G/4G WWAN Wireless WAN Setup
Table 3.4.2.1
IPSec VPN Parameter
Default
Description
IPSec VPN Host IP
Blank
The Tunnel Peer IP Address found on the IPSec Router at the Host location.
Destination Private Network
Blank
The private network address from which the host location this MRM will communicate.
Local Private Network
Blank
The private network assigned to this MRM for IPSec communications.
Phase 1 Encryption / Hash / DH Group
Blank
Contact GNCI Technical Support where advanced settings are required
IPSec Pre-Shared Key
Blank
Enter the Pre-Shared Key (PSK) for this IPSec connection
Press Reset/Save button to proceed to the next step. Selecting Reset resets the values in your computers browser, not the configuration values in the MRM.
3.4.2.3 IPsec VPN Settings
Select the Enable IPSec VPN Tunneling check box to enable IPSec on this MRM. By default, the MRM runs IPSec with 3DES encryption, uses IKE, and PSK.
Table 3.4.2.3
Confirm PSK Here
Blank
Re-enter the PSK to validate. If the two keys entered do not match, the MRM will indicate an error.
Encryption Key Timeout
1
Lifetime of encryption key and ISAKMP SA
Dead Peer Detection
Default
Description
Use Dead Peer Detection
Checked
Check or uncheck box to enable /disable DPD.
DPD Timer
90
Choose a value of 15 to 300 minutes, in increments of 5 min.
DPD Max Retries
3
Max number of DPD retries before the MRM declares the IPSec tunnel dead. Range is 2 to 20 in increments of 1.
Action on DPD Event
Restart
Wireless
and IPSec
Select what action to take in the event of a Dead Peer Detection. The options are Restart Wireless and IPSec or Restart IPSec.
Press the “Save button to proceed to the next step. Selecting Reset resets the values in your computers browser, not the configuration values in the MRM. Select Reset to go back to the default settings, this will allow you to re-enter changes. Once all changes are completed, select Save. If all configuration entries have been made, you can save the final configuration by selecting the “Apply New Config” Button.
4. MRM Installation
This chapter covers the physical installation of the MRM.
4.1. Preparation
The MRM unit must be configured prior to final installation. See section 3 for configuration instructions and examples.
Note: A complete site survey and site analysis is recommended prior to installing the MRM. The site survey and site analysis is designed to qualify the remote site for consistent/reliable radio signal stability. Test results and radio signal stability should be documented for each remote site.
! Note !
Special Note For CDMA Installations
CDMA radio cards must be activated in a laptop or desktop computer prior to installation in the MRM. Carefully follow the instructions provided to you on the Wireless AirCard Installation CD, or by the automated instructions imbedded in the CDMA wireless modem.
Ensure the card is functioning correctly and can connect to the wireless carrier prior to inserting the card into the MRM.
4.1.1. Required Equipment
Item Description
Installation Requirement
Multi-Radio-Modem Base Unit
Required for all installations
MRM Power Supply
Required for all installations
CDMA Radio USB/ExpressCard
Required for CDMA installations
GSM Radio USB/ ExpressCard
Required for GSM installations
SIM Card
Required for GSM installations
GSM Antenna
Required for GSM installations
CDMA Antenna
Required for CDMA installations
ULSSC Cable (MRM-L3000 only)
Required for Bisync or SDLC installations (MRM-L3000 only)
Ethernet Cable
Required for TCP/IP installations
ATM / POS / or connecting device
Required for all installations
AC 120 V Power Outlet
Required for all installations
Small Slotted Screw Driver (MRM­L3000 only)
Required for Bisync or SDLC installations (MRM-L3000)
The table below indicates the equipment required for the type of installation. Table 4.1.1
Optional mounting hardware may be required at some remote sites to physically secure the devices, depending on installation requirements.
4.2. Antenna Considerations
A base small antenna is provided with the MRM shipment. GSM and CDMA antennas have different connectors.
!! Warning : FCC RF Exposure Guidelines
While this device is in operation, a separation distance of at least 20 cm must be maintained between the radiating antenna and the body of all persons exposed by the transmitter to meet FCC exposure guidelines.
To comply with FCC regulations limiting both maximum RF output power and human exposure to RF radiation, the maximum antenna gain must not exceed 6 dBi in the cellular band and 4 dBi in the PCS band.
4.2.1. Antenna Location
Locate the antenna as far away from personnel as possible to minimize signal blocking. For optimum reception, position the antenna above the height of personnel and nearby equipment or structures. Locate the antenna to allow as free a radiation pattern as possible.
4.2.2. Antenna Ground Plane
If possible, ensure the antenna is mounted on a good ground plane (ferrous metal surface).
4.2.3. Proximity to other antennas
In general, avoid locating the antenna closer than 1.5 meters (5 feet) to another antenna.
4.3. Installation Procedure
To install the MRM at a remote location, use the following steps:
1) Insert the provided GSM or CDMA radio card into the ExpressCard or USB port on the side panel of the MRM.
2) Install the MRM at a suitable location, within cabling distance of the connecting device (either RS-232 or Ethernet cable) and the antenna location.
3) Install the antenna at a suitable location, and connect into the radio card.
4) Connect the RS-232 or Ethernet cabling to the connecting device. (For MRM L3000 only: If connecting the RS-232 cable (ULSSC Cable), ensure that the DB­25 end of the cable is securely attached to the connecting device using a screw driver.)
5) Connect the power supply to the MRM.
6) Connect the power supply to a 120 VAC electrical outlet.
Note: An uninterruptible power supply (UPS) or surge protector is recommended
for all installations.
The MRM installation is now complete and ready for testing or use.
5. MRM Status and Monitoring
This section describes how to monitor the MRM, check for status, using the web interface.
5.1. Using the Web Interface for Monitoring and Status
The web interface is used to display information about the current operational state of the MRM, as well as perform some basic diagnostics.
5.1.1. Accessing the Overview Screen
The web interface main screen provides a simple overview of the current RF status, as well as the current status of legacy or Ethernet connections.
To access the overview, use a web browser, and point to the appropriate IP address using HTTP. To review or see an updated overview, or to go back to the overview from a different page, click on the Global Net Commerce Inc. logo at the top left of the screen. See below example, which shows a configured MRM overview on a CDMA network.
6.1.1 Network Config
Firewall Parameter
Default
Description
Allow Access From
blank
Enter either individual IP hosts, or specify IP networks which will be permitted to access the MRM.
Allow Access From
blank
same as above
Allow Access From
blank
same as above
6.1.1.1 Access & Firewall
Check the Enable Firewall check box to enable the IP firewall on the MRM. The MRM will deny all traffic from all IP addresses except the IPSec tunnel peer, unless specified.
Table 6.1.1.1
6.1.2 3G WANN Setup:
Selecting Reset resets the values in your computers browser, not the configuration values in the MRM.
Select Reset/Save to complete the configuration.
6.2.1 Dynamic DNS
Dynamic DNS Setup:
Use Dynamic DNS Provider: Select your Dynamic DNS provider from the adjacent list. Select from the drop-down menu for available options.
DDNS Domain Name: Enter the domain name used by your Dynamic DNS provider. DDNS Username: Enter the appropriate DDNS Username. DDNS Password: Enter the appropriate DDNS password.
7.1.1 System Config
7.1.1.1 Name & Password
MRM-X3000 Host Name
7.1.1.1 Configuring Host Name
Each MRM unit has a configurable hostname, which can be up to 20 characters in length. The host name can be assigned completely at the discretion of the client. Hostnames appear in syslog and SNMP messages for monitoring purposes. Hostnames can assume the name of connecting devices such as ATM or POS controllers. For example, the MRM hostname could be MyBankATM54321.
MRM-X3000 Authentication for RADIUS Password Configuration
The Password configuration is accessed by clicking on Password located under the SYSTEM section.
Click on the Name and Password Tab under the SYSTEM category on the left side of the browser screen to access this configuration.
Enter the new password for the MRM in the box provided, and confirm the password as indicated. Press the Apply button to make the change.
Note: The actual passwords are not displayed on the screen for security purposes.
7.1.1.2 Date & Time
7.1.1.2 Configuring the Date and Time Settings
The Date and Time configuration is accessed by clicking on Date and Time located under the SYSTEM section.
There are three ways to set the date and time on the MRM unit.
1) Set the date and time to the same date and time as the current date and
time on the computer configuring the MRM. Press the appropriate Set Date and Time button.
2) Manually set the date and time. Use the pull down boxes to manually set
the date and time to specific value.
Press the appropriate Set Date and Time button.
3) Set date and time using a remote NTP server. The MRM will use the Network Time Protocol to synchronize its clock
with a remote NTP server.
Enter the Remote NTP Server IP address in the box provided. This IP
address needs to be reachable from the wireless network or via the IPSec tunnel. If domain names are supported, you substitute a domain or machine name in place of an IP address (for example “pool.ntp.org”).
The date and time will typically be in UTC (Universal Time Coordinated), and therefore, a time zone adjustment may be required, such as -5 for EST and -8 for PST. Enter the Timezone Adjustment value from the drop down box indicated.
The MRM will automatically adjust itself for daylight savings time if the Adjust for Daylight Saving Time checkbox is checked.
Press the Save button for the NTP setting to take effect.
7.1.1.3 Advanced
Click on the Advancedbutton under the system heading. Click on Flash Upgrade to upload new firmware to your MRM. Follow the prompts.
Note: Your firmware version must be stored on your computer, with accessible file permissions.
7.1.1.4 Flash Upgrade Screen
1. Click on the Advanced button under the system heading. Click on Automatic Background Pinging to generate background traffic on the data link.
2. Click on the Advanced button under the system heading. Click on Failsafe Configuration to designate a currently active configuration as a backup configuration in case of a misconfigured unit, you can revert back to your base configuration by pressing the INIT button located next to the power source on the MRM for 10 to 15 seconds.
3. Click on the Advanced button under the system heading. Click on Configuration Files to save and load configuration files between your computer and the MRM.
4. Click on the Advanced button under the system heading. CDMA/EvDO Modem activation/PRL upgrade. Currently, activation can be done for Sierra Wireless and Novatel Wireless modems only. Follow the instructions to perform the upgrade.
5. Click on the Advanced button under the System Configuration heading. Press Reboot to perform a software restart on the MRM.
Component
Description
MRM Unit
The running MRM unit to be upgraded
Ethernet cable
Ethernet cable to connect the MRM to the computer
Computer (Laptop or Desktop)
Computer used to initiate the upgrade
MRM firmware file
New MRM firmware file to send to the MRM.
7.2.1 Installing New Firmware on the MRM
This chapter discusses how to upgrade the firmware of the MRM.
7.2.1. Preparation
In order to upgrade the MRM firmware, it is assumed that the MRM unit is already configured for IP, Bisync, or SDLC operations, and is reachable via the IP protocol, either by a locally attached Ethernet cable, or over the wireless network.
7.2.2. Required Components
The components required for a firmware upgrade depend on if the upgrade is to be performed locally via Ethernet cable, or remotely over the wireless network.
7.2.3. Local Ethernet Upgrade using HTTP
Use of the HTTP Flash Upgrade method is more straight-forward and highly recommended. Use of Microsoft Internet Explorer 5.0 or later, or Mozilla Firefox 6.0 or later, is required, for support of browser file uploads.
Table 7.2.3 shows the components required to upgrade the MRM firmware, when performing the upgrade via a locally attached Ethernet cable.
Using your computer’s web browser, select the “Advanced” option from the “System Config” on menu at the left-hand side. The MRM-X3000 will present the “Flash Upgrade” screen (shown above in Figure 7.2.3). Enter the filename of the MRM flash file in the text field to the right of
“Filename” below the “HTTP Flash Upgrade” heading, or (recommended for ease) click the “Browse” button and use your Windows File Explorer to select the MRM flash file.
Select “Ignore Firmware Version Information” checkbox if you are downgrading.
Typically, you should NOT select “Revert to Factory Configuration” since you likely wish to maintain your existing configuration.
Then select “Start HTTP Upgrade”, and wait for the firmware upgrade to complete without
disruptions.
Note: Once the MRM firmware has been updated, go to “System Status” to verify that the
firmware has changed. See next page for System Status screen.
Component
Description
MRM Unit
The running MRM unit to be upgraded
Ethernet cable
Ethernet cable to connect the MRM to the computer
Computer (Laptop or Desktop)
Computer used to initiate the upgrade
TFTP or FTP Server
Program used to send the new flash file to the MRM.
MRM firmware file
New MRM firmware file to send to the MRM.
!! Warning: Do NOT power off or otherwise interrupt the MRM during this
process, as this will cause permanent damage to the unit which is not covered under warranty.
7.2.4. Local Ethernet Upgrade using TFTP or FTP
Table 7.2.4 shows the components required to upgrade the MRM firmware, when performing the upgrade via a locally attached Ethernet cable.
D
-
Figure 7.2.4 shows the topology required for a successful local upgrade. Use of these instructions require a Trendnet TU2ET100 USB-to-Ethernet adapter connected between the computer to the MRM-X3000 USB port. Alternatively, computer connection with MRM-X3000 Ethernet port requires alternative IP configuration which is dependent on your carrier’s static IP or dynamic IP, which is more complicated (contact GNCI for technical assistance).
Note: Once the MRM firmware has been updated, go to System Status” to verify that the firmware has changed.
See next page for System Status screen.
Current MRM Ethernet IP Address
10.30.0.1
Current MRM Ethernet IP mask
255.255.255.252
Computer IP address
10.30.0.2
Computer IP mask
255.255.255.252
Computer Gateway Setting
10.30.0.1
7.3.1. Local Upgrade IP addressing
Select an appropriate IP address, mask, and gateway for the computer connecting to the MRM, depending on the current IP settings on the MRM Ethernet port. Example:
Ensure that a ping from the computer to the MRM is successful prior to continuing to the next step.
Note: Some computers have built-in firewalls, which may need to be turned off or adjusted to permit FTP or TFTP traffic.
7.3.2 Local Upgrade Procedure
Component
Description
MRM Unit
A running MRM unit on the wireless network to be upgraded
Computer (Laptop or Desktop)
Computer used to initiate the upgrade
TFTP or FTP Server
Program used to send the new flash file to the MRM
MRM Flash file
New MRM flash file to send to the MRM.
1) Start TFTP or FTP server on the computer, with the new MRM flash file stored in an appropriate directory.
2) Telnet to the MRM device, and log on to the MRM with the current username and password.
3) From the # prompt, issue the following command:
For TFTP : netflash x.x.x.x filename Where x.x.x.x is the IP address of the TFTP computer and filename is the
filename of the new MRM flash file. Filenames are case sensitive.
For FTP: netflash -f x.x.x.x filename …where the -f operand specifies use of FTP, x.x.x.x is the IP address of the
TFTP or FTP server and filename is the filename of the new MRM flash file. Filenames are case sensitive.
The netflash routine saves the current MRM configuration, loads the new flash file, and then reboots.
!! Warning: Do NOT power off or otherwise interrupt the MRM during this
process, as this will cause permanent damage to the unit which is not covered under warranty.
7.3.3. Remote Firmware Upgrade
Table 7.3.3 shows the components required to upgrade the MRM firmware, when performing the upgrade over the wireless network.
Note: The MRM unit must be able to reach the computer over the network for the upgrade to be successful. Ensure that you are able to ping the MRM before initiating the upgrade.
Figure 7.3.3.0 shows a sample topology for a successful firmware upgrade over the wireless network.
Figure 7.3.3.0
7.4.1. Remote Upgrade IP addressing
Upgrading the firmware remotely assumes that both the MRM and the TFTP or FTP server are already configured with fixed IP addresses.
Note: Some computers have built-in firewalls, which may need to be turned off or adjusted to permit FTP or TFTP traffic.
7.1.1.1. Remote Upgrade Procedure
1) Start TFTP or FTP server on the computer, with the new MRM flash file stored in an appropriate directory.
Important Note ! The performance of the remote firmware upgrade over
the wireless network is much faster when using FTP, compared to the dramatically slower TFTP.
2) Telnet to the MRM device, and log on to the MRM with the current username and password.
3) From the # prompt, issue the following command :
For TFTP : netflash -I x.x.x.x y.y.y.y filename Where y.y.y.y is the IP address of the TFTP computer, x.x.x.x is the source IP
address of the MRM (usually the IPSec Local Private Address), and filename is the filename of the new MRM flash file. Filenames are case sensitive.
For FTP : netflash -f -I x.x.x.x y.y.y.y filename Where the -f operand specifies to use FTP, y.y.y.y is the IP address of the TFTP
computer, x.x.x.x is the source IP address of the MRM (usually the IPSec Local Private Address), and filename is the filename of the new MRM flash file. Filenames are case sensitive.
The netflash routine saves the current MRM configuration, loads the new flash file, and then reboots.
Monitoring Config
Event Logging
System Log Setup
System Log Level of Detail: Select the level of detail which will be posted to the MRM’s system log.
Increased detail decreases the duration of the log file. The converse is also true. Options are:
Show Last Entry on Top: Check this box if you would like system log posts to be displayed in reverse
chronological order (newest to oldest entries) from the top.
Enable 3G Wireless Stats Logging:
Radio Statistics Log Interval: Choose the interval between Radio Statistics (RSSI, channel, etc.) posts.
Note: See screen options on next page.
Other Options:
Log to Remote Server
Enable Remote Logging: Check this box to enable logging to a remote server. This is usually not
recommended.
Remote Server Level of Detail: Select the level of detail which will be posted to the remote system log.
Increased detail decreases the duration of the log file. The converse is also true.
Note: click on down arrows for alternative logging settings
Remote Server IP Address: Enter the IP address of the remote logging server.
Traffic Counter
WWAN Interface Byte Counter
[Clear Counter now] Button: Click this button to set the MRM’s Total byte counter to Zero (0).
Enable Monthly Counter Reset: Check this box if you would like the byte counter to reset monthly on a
given day (detailed in the next field).
Counter Reset Date: Day of the month on which the byte counter will reset (at 0000). For instance,
select 1 if you would like the counter to reset at 0000 on the 1st of each month. This is usually employed
to reset on the account statement date.
SNMP Configuration
8.1.1.3 SNMP
8.1.1.3. Configuring SNMP Move to SNMP screen
8.1.1.4 SNMP Trap Configuration
This section discusses the MRMs configuration and implementation of SNMP Traps.
8.1.1.5. MRM Implementation of SNMP Setup
The MRM uses SNMP Traps for reporting status and alarms. SNMP generic traps are used to report all Up/Down events for Bisync, SDLC, DSP,
QLLC, Ethernet TCP/IP, and Radio Reception (RSSI) information. Generic traps are augmented with text strings for more specific information on the Up/Down event, and is always preceded by the MRM Nodename. Two specific generic traps are used, shown below in table X.X.X.2
Table X.X.X.2 SNMP Generic Traps
SNMP OID
Trap Name
Version Supported
.1.3.6.1.6.3.1.1.5.3
Link Down
V1 & V2
.1.3.6.1.6.3.1.1.5.4
Link Up
V1 & V2
Special Note for Trap 11:
Trap 11 is a trap sent on a configurable time interval for reporting general status of the MRM. The additional text of trap 11 will vary depending on the current RSSI value, the current serial protocol status, or the current Ethernet IP status.
8.1.1.6 Configuring SNMP Set up and SNMP Trap Set up under the
Monitoring Config Tab in the browser
Check the Enable SNMP and Traps by checking the SNMP Setup box. Leave unchecked if SNMP will not be used.
Proceed to SNMP Read Community String (Labeled Public) Proceed to SNMP Write Community String (Labeled Private) Proceed to Listen on Interface(s) Proceed to Only Reply to IP Address or Network
Press Next button to proceed to Step 2. Selecting Reset resets the values in your computers browser, not the configuration values in the MRM.
8.1.1.7 SNMP Trap Setup
Set the SNMP traps to your Host SNMP server IP address
Background logging messages are Syslog messages which will write to the system log at pre-configured intervals, the current receive level of the modem (RSSI), and current status of legacy protocols. To enable background logging, check the box labeled Enable SNMP as shown above, and indicate the time/ frequency of this logging in minutes, by selecting the appropriate interval in the drop down box.
These messages will be written to the local syslog (default), and can also be sent to a remote syslog server.
Additionally, the MRM can be configured to send alerts due to significant changes in the receive signal level (RSSI), to the local or remote syslog.
To enable this feature, check the appropriate Alert Logging boxes under the SNMP Trap Setup section of the Monitoring Config screen.
Table 8.1.1.7
SNMP Parameter
Default
Description
SNMP Server IP address
blank
Enter the IP Address of the SNMP server.
Dest. is across IPSec Tunnel
unchecked
If using IPSec, and the SNMP server is part of the host location private IP network, this box must be checked to ensure a correct source IP address for the SNMP packet.
SNMP Version
V2
Select V1 or V2 from drop down box.
Serial Port L1 Trap
unchecked
Check the checkbox to enable Serial port Up/Down traps
Bisync/SDLC L2 Trap
unchecked
Check the checkbox to enable Serial L2 Up/Down traps
X25.DSP/QLLC L3 Trap
unchecked
Check the checkbox to enable DSP/QLLC Up/Down traps
Ethernet Device Up/Down
unchecked
Check the checkbox to enable Ethernet Up/Down traps. You will also need to enter an IP address of the Locally Attached Device.
Ethernet Link State
checked
Check to enable Ethernet port traps
Warn on low RSSI
unchecked
Check the checkbox to send RSSI warning as defined in hostname/logging configuration.
Send Periodic Status Updates
checked
Check to send periodic trap 11 status messages at the configured interval.
Include RF Byte Count
checked
Include the RF TX/RX byte count in the trap 11 message.
Status Update Interval
15
Select interval to send trap 11 status messages in increments selected in drop down box.
IP address of Locally Attached IP Device
blank
Enter the IP address of the Ethernet connected device for Ethernet Up/Down messages
Selecting Reset resets the values in your computers browser, not the configuration values in the MRM. Select Apply to save this configuration. The below example shows a screen shot of inbound MRM SNMP traps being received at an SNMP station. All eleven MRM traps are shown.
CPE Monitoring
You can configure the MRM-X3000 to monitor an attached IP device.
Check “Enable and enter the IP address of the device to be monitored.
Note: In ATM deployments this IP address will always be the IP address of the ATM.
9.1.1 Diagnostics
9.1.1.1 System Log
9.1.12. Accessing the System Log
Click on the System Log button Under the Diagnostics Tab to display the contents of the system log.
There are two System Log options available through the web interface:
1. System Log History
2. Live System Log Events (Note: This requires Adobe Flash and will create additional traffic while active. It does not work with HTTPS over WWAN)
Press Clear to clear the system log, and Refresh to display the most recent syslog activity.
Port Status:
9.1.3 Accessing the Ports and Connections Screen
Click on the Ports and connections button to display the current status of all physical and logical ports in the MRM.
9.1.4 Routing Tables and Firewall Status
9.1.4.1. Accessing the Routing and Firewall Screen
Click on the Routing and Firewall Button to view the current routing table and firewall rules.
9.1.5. Accessing the System Status Screen
Click on the System Status Button to view the system status including running processes, memory, CPU information and interrupts.
System Status
10.1.1. MRM Technical Specifications
Interfaces
1 x 10/100M Ethernet
1 x SYNC RS-232 DB25 UP TO 128 kbps (MRM-L3000 only, with ULSSC cable)
USB 2.0
Protocol Support
TCP/IP
BISYNC 3270 & DSP ((MRM-L3000 only)
SDLC (MRM-L3000 only)
FTP
TFTP
SNMP
SYSLOG
XOT
Security
IPSec
IKE
3DES
AES
IP Packet filtering
IP NAT
Environmental
Operation temperature range: 0˙ C to 40˙ C
Humidity 0% to 95% non-condensing
Dimensions
10.3cm x 7.4cm x 2.5cm (4.1” x 2.9” x 1”)
10.1.1 General
Table 10.1.1 shows the technical specifications of the MRM. Table 10.1.1
10.1.2 Front Panel LED’s MRM-X3000 Hardware Overview
Signal Strength LEDs WWAN Status LED
11. Glossary of Acronyms
1xRTT 1 x Radio Transmission Technology (CDMA) AES Advanced Encryption Standard APN Access Point Name AS Autonomous System ASYNC Asynchronous BGP Border Gateway Protocol BISYNC Binary Synchronous CDMA Code Division Multiple Access CTS Clear To Send DLCI Data Link Connection Identifier DPD Dead Peer Detection DTE Data Terminal Equipment DTR Data Terminal Ready EDGE Enhanced Data rates for GSM Evolution (GSM) EvDO Evolution Data Optimized (CDMA) FCC Federal Communications Commission FTP File Transfer Protocol GNCI Global Net Commerce, Inc. GSM Global System for Mobiles GRE Generic Routing Encapsulation GSM Global System for Mobile Communications HPAD Host Packet Assembler/Disassembler ICMP Internet Control Message Protocol IKE Internet Key Exchange Protocol IP Internet Protocol IPSec Internet Protocol Security Protocol ISAKMP Internet Security Association and Key Management Protocol LAN Local Area Network LLC2 Logical Link Control (2) MRM Multi Radio Modem
NAT Network Address Translation
Figure Number
Title
Page Number
1
About This Guide
4
2
System Overview
4
3
MRM X-3000 Configuration
10
4
MRM Installation
18
5
MRM Status and Monitoring
20
6
MRM Network Configuration
22
7
MRM System Configuration
25
8
MRM SNMP
39
9
MRM Diagnostics
45
10
MRM Technical Specifications
48
11
Glossary of Acronyms
49
NRZ Non Return to Zero NRZI Non Return to Zero Inverted NTP Network Time Protocol OID Organization Identifier OSPF Open Shortest Path First PCMCIA Personal Computer Memory Card International Association PSK Pre-Shared Key QLLC Qualified Logical Link Control RF Radio Frequency RFC Request for Comments RSSI Receive Signal Strength Indication RTS Request To Send SDLC Synchronous Data Link Control SIM Subscriber Identity Module SNMP Simple Network Management Protocol SYSLOG System Log TCP Transmission Control Protocol TFTP Trivial File Transfer Protocol TPAD Terminal Packet Assembler/Disassembler UDP User Datagram Protocol ULSSC USB Legacy Synchronous Serial Converter UMTS Universal Mobile Telecommunications System (GSM) USB Universal Serial Bus UTC Universal Time Clock VPN Virtual Private Network XOT X.25 over TCP
List of Figures
Loading...