Page 1
Operating manual
www.racom.eu
RACOMs.r.o. •Mirova1283•59231NoveMestonaMorave•CzechRepublic
Tel.:+420565659511•Fax:+420565659512•E-mail: racom@racom.eu
.
MG102i
GPRS/UMTS/HSPA+/LTE router
.
1.8
12/8/2017
Page 2
Page 3
Table of Contents
Important Notice .................................................................................................................................. 5
Getting started ..................................................................................................................................... 6
1. MG102i router ................................................................................................................................. 7
1.1. Introduction ........................................................................................................................... 7
1.2. Key features ......................................................................................................................... 7
1.3. Standards ............................................................................................................................. 8
2. MG102i in detail .............................................................................................................................. 9
3. Implementation notes .................................................................................................................... 11
3.1. Ethernet SCADA protocols ................................................................................................. 11
3.2. Serial SCADA protocols ..................................................................................................... 11
3.3. Network center ................................................................................................................... 11
3.4. VPN tunnels ....................................................................................................................... 11
4. Product .......................................................................................................................................... 12
4.1. Dimensions ......................................................................................................................... 12
4.2. Connectors ......................................................................................................................... 12
4.3. Indication LEDs .................................................................................................................. 16
4.4. Technical specifications ...................................................................................................... 18
4.5. Models offerings ................................................................................................................. 19
4.6. Accessories ........................................................................................................................ 20
5. Bench test / Step-by-Step guide ................................................................................................... 22
5.1. Connecting the hardware ................................................................................................... 22
5.2. Powering up your wireless router ....................................................................................... 22
5.3. Connecting MG102i to a programming PC ........................................................................ 22
5.4. Basic setup ......................................................................................................................... 23
6. Installation ..................................................................................................................................... 24
6.1. Mounting ............................................................................................................................. 24
6.2. Antenna mounting .............................................................................................................. 24
6.3. Power supply ...................................................................................................................... 24
7. Web Configuration ......................................................................................................................... 25
7.1. HOME ................................................................................................................................. 25
7.2. INTERFACES ..................................................................................................................... 26
7.3. ROUTING ........................................................................................................................... 69
7.4. FIREWALL .......................................................................................................................... 81
7.5. VPN .................................................................................................................................... 87
7.6. SERVICES ....................................................................................................................... 100
7.7. SYSTEM ........................................................................................................................... 126
7.8. LOGOUT .......................................................................................................................... 148
8. Command Line Interface ............................................................................................................. 149
8.1. General usage .................................................................................................................. 149
8.2. Print help .......................................................................................................................... 150
8.3. Getting config parameters ................................................................................................ 151
8.4. Setting config parameters ................................................................................................ 151
8.5. Updating system facilities ................................................................................................. 152
8.6. Manage keys and certificates ........................................................................................... 152
8.7. Getting status information ................................................................................................ 153
8.8. Scan ................................................................................................................................. 154
8.9. Sending e-mail or SMS .................................................................................................... 155
8.10. Restarting services ......................................................................................................... 155
8.11. Debug ............................................................................................................................. 155
8.12. Resetting system ............................................................................................................ 156
8.13. Rebooting system ........................................................................................................... 156
3© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 4
MG102i
GPRS/UMTS/HSPA+/LTE router
8.14. Running shell commands ............................................................................................... 157
8.15. CLI commands history .................................................................................................... 157
8.16. CLI–PHP ........................................................................................................................ 157
9. Troubleshooting ........................................................................................................................... 163
9.1. Common errors ................................................................................................................ 163
9.2. Messages ......................................................................................................................... 163
9.3. Troubleshooting tools ....................................................................................................... 163
10. Safety, environment, licensing ................................................................................................... 165
10.1. Safety instructions .......................................................................................................... 165
10.2. RoHS and WEEE compliance ........................................................................................ 166
10.3. EU Declaration of Conformity ......................................................................................... 167
10.4. Country of Origin ............................................................................................................ 168
10.5. Warranty ......................................................................................................................... 169
A. Glossary ...................................................................................................................................... 170
Index ................................................................................................................................................ 172
B. Revision History .......................................................................................................................... 175
List of Figures
1. Router MG102i UMTS and MG102i LTE ......................................................................................... 6
2.1. MG102i front and terminal panel .................................................................................................. 9
4.1. Dimensions in millimeters ........................................................................................................... 12
4.2. Antenna connectors SMA ........................................................................................................... 12
4.3. Eth RJ45 Plug - pin numbering .................................................................................................. 13
4.4. USB connector ........................................................................................................................... 13
4.5. Screw terminal ............................................................................................................................ 14
4.6. Reset button ............................................................................................................................... 15
4.7. Indication LEDs .......................................................................................................................... 16
4.8. DIN rail bracket ........................................................................................................................... 20
4.9. MG102i with DIN rail bracket ...................................................................................................... 21
10.1. EU Declaration of Conformity ................................................................................................. 167
10.2. Country of Origin declaration ................................................................................................. 168
List of Tables
4.1. Pin assignment Ethernet interface ............................................................................................. 13
4.2. USB pin description .................................................................................................................... 13
4.3. Pin assignment of screw terminal .............................................................................................. 14
4.4. Digital inputs levels ..................................................................................................................... 14
4.5. Digital outputs parameters ......................................................................................................... 14
4.6. Voltage Polarity connector misconnection Risks ........................................................................ 15
4.7. MG102is interfaces and status indicators .................................................................................. 16
4.8. RSSI ........................................................................................................................................... 17
4.9. ASU ............................................................................................................................................ 17
4.10. LED Colour ............................................................................................................................... 17
4.11. LED Colour ............................................................................................................................... 17
4.12. Technical specifications ............................................................................................................ 18
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.4
Page 5
Important Notice
Important Notice
Copyright
© 2017 RACOM. All rights reserved.
Products offered may contain software proprietary to RACOM s. r. o. (further referred to under the abbreviated name RACOM). The offer of supply of these products and services does not include or inply
any transfer of ownership. No part of the documentation or information supplied may be divulged to
any third party without the express written consent of RACOM.
Disclaimer
Although every precaution has been taken in preparing this information, RACOM assumes no liability
for errors and omissions, or any damages resulting from the use of this information. This document or
the equipment may be modified without notice, in the interests of improving the product.
Trademark
All trademarks and product names are the property of their respective owners.
Important Notice
• Due to the nature of wireless communications, transmission and reception of data can never be
guaranteed. Data may be delayed, corrupted (i.e. have errors), or be totally lost. Significant delays
or losses of data are rare when wireless devices such as the M!DGE/MG102i are used in an appropriate manner within a well‐constructed network. M!DGE/MG102i should not be used in situations
where failure to transmit or receive data could result in damage of any kind to the user or any other
party, including but not limited to personal injury, death, or loss of property. RACOM accepts no liability for damages of any kind resulting from delays or errors in data transmitted or received using
M!DGE/MG102i, or for the failure of M!DGE/MG102i to transmit or receive such data.
• Under no circumstances is RACOM or any other company or person responsible for incidental,
accidental or related damage arising as a result of the use of this product. RACOM does not provide
the user with any form of guarantee containing assurance of the suitability and fit for purpose.
• RACOM products are not developed, designed or tested for use in applications which may directly
affect health and/or life functions of humans or animals, nor to be a component of similarly important
systems, and RACOM does not provide any guarantee when company products are used in such
applications.
5© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 6
Getting started
Getting started
MG102i Wireless Routers will only operate reliably over the cellular network if there is a strong signal.
For many applications a flexible stub antenna would be suitable but in some circumstances it may be
necessary to use a remote antenna with an extension cable to allow the antenna itself to be positioned
so as to provide the best possible signal reception. RACOM can supply a range of suitable antennas.
1. Install the SIM card
Insert a SIM card into the SIM socket. Make sure the SIM is enabled for data transmission.
2. Connect the GSM/UMTS antenna
Fit a GSM/UMTS antenna. If needed, contact RACOM for suitable antennas and other details.
3. Connect the LAN cable
Connect one MG102i Ethernet port to your computer using an Eth cat.5 cable
4. Connect the power supply
Connect the power supply wires to the MG102i screw terminals. Enable the power supply.
5. Setting of IP address of the connected computer
By default the DHCP server is enabled, thus you can allow the Dynamic Host Configuration Protocol
(DHCP) on your computer to lease an IP address from the MG102i. Wait approximately 20 seconds
until your computer has received the parameters (IP address, subnet mask, default gateway, DNS
server).
As an alternative. you can configure a static IP address on your PC (e.g. 192.168.1.2/24) so that
it is operating in the same subnet as the MG102i. The MG102i default IP address for first Eth interface is 192.168.1.1, the subnet mask is 255.255.255.0.
6. Start setting up using web browser
Open a web browser such as Internet Explorer or Firefox. In the address field of the web browser,
enter default IP address of MG102i (i.e. http://192.168.1.1); initial screen will appear. Follow the
instructions and use the MG102i Web Manager to configure the device. For more details see
Chapter 7, Web Configuration.
Fig. 1: Router MG102i UMTS and MG102i LTE
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.6
Page 7
MG102i router
1. MG102i router
1.1. Introduction
Although MG102i wireless routers have been specifically designed for SCADA and telemetry, they are
well suited to variety of wireless applications. MG102i HW and SW are ready to maintain reliable and
secure connections from an unlimited number of remote locations to a central server. Both standard
Ethernet/IP and serial interfaces are available. Moreover, two digital inputs and two digital outputs can
be used for direct monitoring and control of application devices.
MG102i versatility is further enhanced by two independent Ethernet ports. These can be configured to
either support two independent LANs (e.g. LAN and WAN settings), or simply connect two devices
within one LAN (effectively replacing an Eth switch). MG102i software is based on proven components,
including an Embedded Linux operating system and standard TCP/IP communication protocols.
Combining MG102i with a M!DGE single-SIM router in one network is quite straightforward because
of fully compatible interface settings and behaviour on all HW interfaces.
MG102i and M!DGE cellular routers are from the same product family, shares the same source code
and setting of many feautres is identical.
M!DGE/MG102i together with RACOM RipEX radio router offers an unrivaled solution for combining
GPRS and UHF/VHF licensed radio in a single network. Even a single RipEX in the center of a MG102i
network allows for efficient use of addressed serial SCADA protocols.
1.2. Key features
Mobile Interface Parameters
• Mobile Connection options: HSPA+, HSDPA, HSUPA, UMTS, EDGE, GPRS, GSM and LTE
• Global connectivity
• Transparent hand-over between 2G and 3G or 2G, 3G and 4G
Power supply
• Input voltage: 10.2 – 57.6 VDC
• Max. power consumption: 6 W
Services /Networking
• Fallback Management
• Connection supervision, Automatic connection recovery
• Quality of Service (QoS)
• OpenVPN, IPsec, PPTP, GRE, Dial-In
• VRRP
• OSPF, BGP
• DHCP server, DNS proxy server, DNS update agent, NTP
• Telnet server, SSH server, Web server
• Device server, Protocol server, SDK
• Port Forwarding (NAPT), Firewall, Access Control Lists
• Modbus TCP - Modbus RTU conversion
7© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 8
MG102i router
Interfaces
• 5 Ethernet ports: LAN, WAN/LAN
• RS232
• 2× DI, 2× DO
• USB host
Diagnostic and Management
• Web interface, CLI available
• File configuration
• OTA SW update
• Advanced troubleshooting
• SMS remote control, SMS and E-mail notification
• SNMPv1/v2c/3
1.3. Standards
EN 301 489-1 V1.9.2EMC
EN 301 489-7 V1.3.1
EN 301 489-17 V2.2.1
EN 301 489-24 V1.5.1
EN 300 328 V1.8.1
EN 300 440-2 V1.4.1
EN 50 121-3-2:2006
EN 50 121-4:2006
EN 55022:2010
EN 55024:2010
EN 61 000-6-2:2005
EN 301511 V9.0.2Radio
EN 301893 V1.7.1
EN 60950-1 +A11:2006/2009Electrical Safety
+A1 +A12:2010/2011
EN 62311:2008
IP40IP rating
IEEE 802.3iETH
IEEE 802.3u
IEEE 802.3af
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.8
Page 9
2. MG102i in detail
MG102i in detail
Fig. 2.1: MG102i front and terminal panel
All MG102i Wireless Routers run MG102i Software. Software offers the following key features:
• Interfaces and Connection Management (Section 7.2, “INTERFACES”)
○ Dial-out (permanent, on switchover, distributed)
○ Link Supervision
○ Fallback to backup profile or SIM
○ SIM and PIN management
○ Automatic or manual network selection
○ Ethernet (LAN, WAN, bridging, IP passthrough, VLAN management)
○ USB (autorun, device server)
○ Serial port (login console, device server, protocol server, SDK)
○ Digital I/O
○ WiFi/WLAN
○ GNSS (with a valid GPS license)
• Routing (Section 7.3, “ROUTING”)
○ Static Routing
○ Extended Routing
○ Multipath Routes
○ Multicast
○ BGP
○ OSFP
○ Bridging
○ Mobile IP
○ Quality of Service (QoS)
• Security / Firewall (Section 7.4, “FIREWALL”)
○ NAPT / Port Forwarding
○ Stateful Inspection Firewall
○ Firewall
• Virtual Private Networking (VPN) (Section 7.5, “VPN”)
○ OpenVPN Server/Client
○ IPsec Peer
9© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 10
MG102i in detail
○ PPTP Server/Client
○ GRE Peer
○ Dial-in Server
• Services (Section 7.6, “SERVICES” )
○ SDK
○ NTP Server
○ DHCP Server
○ DNS Server
○ Dynamic DNS Client
○ E-mail Client
○ Notification via E-mail and SMS
○ SMS Client
○ SSH/Telnet Server
○ SNMP Agent
○ Web Server
○ Redundancy
○ Modbus TCP
• System Administration (Section 7.7, “SYSTEM”)
○ Configuration via Web Manager
○ Configuration via Command Line Interface (CLI) accessible via Secure Shell (SSH) and telnet
○ Batch configuration with text files
○ User administration
○ Troubleshooting tools
○ Over the air software update
○ Licensing (extra features)
○ Keys and certificates (HTTPS, SSH, OpenVPN, ...)
○ Legal Notice
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.10
Page 11
Implementation notes
3. Implementation notes
3.1. Ethernet SCADA protocols
SCADA equipment with an Ethernet protocol behaves as standard Ethernet equipment from a communications perspective. Thus the communication goes transparently through the GPRS/UMTS/LTE
network. The implementation requires heightened caution to IP addressing and routing. NAPT functionality should be used frequently.
3.2. Serial SCADA protocols
A SCADA serial protocol typically uses simple 8 or 16 bit addressing. The mobile network address
scheme is an IP network, where range is defined by the service provider (sometimes including individual
addresses, even in the case of a private APN). Consequently, a mechanism of translation between
SCADA and the IP addresses is required. To make matters worse, IP addresses may be assigned to
GPRS (EDGE, UMTS, etc.) devices dynamically upon each connection.
Please read Chapter 1 in the application note "SCADA serial protocols over GPRS routers"1which
describes how to efficiently solve this problem using RACOM routers.
3.3. Network center
In every network, the center plays a key role and has to be designed according to customer's requirements. Several possible solutions are described in the application note's Chapter 2 – M!DGE / MG102i
CENTER2.
3.4. VPN tunnels
Customer data security arriving through the mobile network is often very important. Private APN is the
basic security requirement, but not safe enough for such applications.
VPN tunnels solution is closely connected with the center and is also described in the given application
note3.
1
http://www.racom.eu/eng/products/m/midge/app/scada.html
2
http://www.racom.eu/eng/products/m/midge/app/midge-mg102i_centre.html
3
http://www.racom.eu/eng/products/m/midge/app/VPN_config.html
11© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 12
178
190
165
50
104
40
Product
4. Product
4.1. Dimensions
Fig. 4.1: Dimensions in millimeters
4.2. Connectors
4.2.1. Antenna SMA
Fig. 4.2: Antenna connectors SMA
MG102i uses SMA antenna connectors:
• Mob 1, Mob 2 for GSM/UMTS/LTE antenna connection (Mob 1 for 1st UMTS module, Mob 2 for
LTE as auxiliary second connector or for 2nd UMTS),
• GPS for GPS active or passive antenna,
• WLAN 1 and WLAN 2 for WiFi Antenna (WLAN 2 as auxiliary).
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.12
Page 13
4.2.2. Eth RJ45
Tab. 4.1: Pin assignment Ethernet
interface
Product
RJ-45
Socket
ETH (Ethernet 10Ba-
seT and 100BaseT)
signalpin
TX+1
TX−2
Fig. 4.3: Eth RJ45 Plug - pin numbering
RX+3
RX−6
4.2.3. USB
MG102i uses USB 1.1, Host A interface. USB interface is wired as standard:
Tab. 4.2: USB pin description
wiresignalUSB pin
red+5 V1
whiteData (−)2
greenData (+)3
blackGND4
Fig. 4.4: USB connector
4.2.4. Screw terminal
Screw terminal plug type Stelvio Kontek CPF5/15 or MRT3P/15V01 can be used.
13© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 14
Product
Fig. 4.5: Screw terminal
Tab. 4.3: Pin assignment of screw terminal
signalpin descriptionpin
1
2
V+ (12–48 V=)
GND
6
DO1:
7
8
DO2:
9
Tab. 4.4: Digital inputs levels
Ground internally connected with casing ground.V
Dual power input - not connected with pin 4: 12–48 VDC (–15%
+20%) = 10.2–57.6 VDC.
RS232 – RxD (receiving data)RxD3
RS232 – TxD (transmitting data)TxD4
RS232 – GND (ground)GND5
Digital output. Dry contact relay. Normally open with MG102i without
powering.
Digital output. Dry contact relay. Normally open with MG102i without
powering. See Section 7.2.7, “Digital I/O” for details.
Digital input 1 See Section 7.2.7, “Digital I/O”DI1−10
Digital input 1DI1+11
Digital input 2DI2−12
Digital input 2DI2+13
0 to 5.0 VDClogical level 0
7.2 to 40 VDClogical level 1
Note: Negative input voltage is not recognised.
Tab. 4.5: Digital outputs parameters
1 AMaximal continuous current
60 VDC, 42 VAC (Vrms)Maximal switching voltage
60 WMaximal switching capacity
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.14
Page 15
Tab. 4.6: Voltage Polarity connector misconnection Risks
Product
Plug pos.Plug pos.Plug pos.Plug pos.pin descriptionpin
1
GND
Explanatory notes for the table:
OK - Normal operation
DP - Damage possible
Nde - No damage expected
−V
OK
+
Nde
−−+V+ (12–48 V=)2
+
Nde
−RxD3
Dp [1]
+
Dp [1]
−−+TxD4
−+
+
Dp [1]
−GND5
Nde
+
Nde
−−+DO1-16
−+
+
Nde [2]
−DO1-27
Nde
+
Nde
−−+DO2-18
−+
+
Nde [3]
−DO2-29
Nde
+
Nde
−−+DI1−10
−+
+
OK [4]
−DI1+11
Nde
+
Nde
−−+DI2−12
−+
+
OK [4]
−−
OK
Dp [1]
Nde [2]
Nde [3]
Nde [4]
Nde [4]
−+DI2+13
[1] - If the applied voltage is > 15 V, damage is likely
[2] - If the relay is closed (normally open), the relay is damaged when current > 5 A
[3] - If the relay is closed (normally closed), the relay is damaged when current > 5 A
[4] - If the applied voltage is > 40 V, input circuit damage is likely
4.2.5. Reset button
The Reset button is placed close to the SIM holders and it is labeled
"Reset". Use a blunt tool with 1 mm in diameter (e.g. paper clip) to press
the button.
Keep it pressed for at least 3 seconds for reboot and at least 10 seconds
for a factory reset. The start of the factory reset is confirmed by all LEDs
lighting up for one second. The button can be released afterwards.
Note
If the button is being pressed at least 15 seconds until all
LED diodes blink red, the recovery procedure is started. The recovery image can be provided
on demand and a special procedure utilizing the TFTP transfer from your computer is required. Contact our technical support team for more details.
Fig. 4.6: Reset button
15© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 16
Product
4.3. Indication LEDs
Fig. 4.7: Indication LEDs
Tab. 4.7: MG102is interfaces and status indicators
FunctionStateLabel
Start up, maintenancegreen blinking
Status
Mob1
Mob2
VPN
WLAN WLAN connection is upon
GPS GPS is turned on and a valid NMEA stream is availableon
Voice
Ready (upper side banks description)green on
Ready (lower side banks description)orange on
Insufficient power supplyorange blinking
Mobile connection is being establishedblinking
Mobile connection is upon
Excellent GSM signalgreen
Medium GSM signalorange
Weak GSM signalred
VPN connection is upgreen on
VPN connection is being establishedgreen blinking
WLAN connection is being establishedblinking
Weak / Medium / Excellent WLAN signalred /orange / green
GPS is turned on, but a valid NMEA stream is not yet availableblinking
GPS is turned off and a valid NMEA stream is availableoff
A voice call is currently activeon
No voice call is activeoff
If lower side banks displayed
DO1
DO2
DI1
DI2
Closedon
Openedoff
Closedon
Openedoff
Input seton
Input not setoff
Input seton
Input not setoff
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.16
Page 17
WWAN RSSI/RSQ/ASU and LED colour
For Releases newer or equal to 4.0.40.102:
Tab. 4.8: RSSI
Product
n/acriticalbadweakmediumgoodexcellentDescription
GSM RSSI
[dBm]
UMTS RSSI
[dBm]
LTE RSRQ
[dB]
-59
or more
-68
or more
-49
or more
Tab. 4.9: ASU
Tab. 4.10: LED Colour
WLAN Link Quality and LED colour
-109 to -111-103 to -107-93 to -101-83 to -91-61 to -81
-111 to -114-106 to -110-96 to -104-86 to -94-70 to -84
-111 to -117-105 to -110-90 to -104-80 to -89-50 to -79
-113
or less
-116
or less
-118
or less
n/acriticalbadweakmediumgoodexcellentDescription
02 to 15 to 310 to 615 to 1126 to 1627 or moreGSM
02 to 15 to 310 to 615 to 1123 to 1624 or moreUMTS
2 or less9 to 315 to 1030 to 1640 to 3170 to 4171 or moreLTE
redorangegreenColour
34 to 070 to 3571 or moreSignal Level [%]
For Releases newer or equal to 4.0.40.102:
Tab. 4.11: LED Colour
[%]
Note
For LED description used in older firmware versions, see the previous manual version at
www.racom.eu1.
redredorangeorangegreengreenColour
criticalbadweakmediumgoodexcellentDescription
19 to 034 to 2049 to 3569 to 5089 to 7090 or moreWLAN Signal Quality
1
http://www.racom.eu/download/archiv-midge/free/3.8.40.xxx/midge-m-en.pdf
17© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 18
Product
4.4. Technical specifications
Tab. 4.12: Technical specifications
WCDMA, HSDPA, HSUPA, HSPA+ (3G): B1(2100), B2(1900), B5(850),
Mobile Interface
UMTS
B8(900)
GSM (2G): B2(1900), B3(1800), B5(850), B9(900)
Data rates: max. 14.4 Mbps Downlink / 5.76 Mbps uplink
LTE (4G): B1(2100), B2(1900), B3(1800), B5(850), B7(2600), B8(900),
B20(800), all bands withs diversity
Mobile Interface
LTE
Digital I/O
USB service interface
Antenna Interfaces
WCDMA, HSPA, HSPA+ (3G): B1(2100), B2(1900), B5(850), B8(900), all
bands withs diversity
GSM (2G): B2(1900), B3(1800), B5(850), B9(900)
Data rates up to 100 Mbps downlink / 50 Mbps uplink
5× Ethernet 10/100 Base-T, Auto MDX, 5× RJ45, bridged or routedEthernet
1× 3-wire RS232 on 13-pin screw terminal blockSerial Interface
0–5.0 VDC level 0
2 digital inputs
7.2–40 VDC level 1, maximum voltage 40 VDC
Relay outputs 1stNO, 2ndNC
Limiting continuous current 1 A
2 digital outputs
Max. switching voltage 60 VDC, 42 VAC (Vrms)
Max. switching capacity 60 W on 13-pin terminal block
USB host interface supporting memory devices
USB type A connector
50 ΩImpedance:
SMA femaleConnector:
10.2–57.6 VDC (12–48 VDC –15 % / +20 %)Input voltage:
Power Supply
Environmental Conditions
Power consumption:
For indoor use only, IP40
Metal casing, DIN rail mounting kit included
Vibration and shock hardening
Flat mountingMounting
190 W × 104 D × 40 H mm (7.48 × 4.09 × 1.57 in), ca. 610 g (1.35 lb)Dimensions / Weight
CE, FCCType Approval
Rx max. 1.9 W
Tx max. 6 W
–25 to +70 °C (–13 to +158 °F)Temperature range UMTS/WLAN:
–25 to +60 °C (–13 to +140 °F)Temperature range LTE:
0 to 95 % (non condensing)Humidity:
> 220.000 hours (> 25 years)MTBF (Mean Time Between Failure)
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.18
Page 19
Options
3G or LTE model
Product
GPS SW key
WLAN
Server License
Integrated GPS receiver with NMEA0183 data stream
Supported passive or active GPS antenna, SMA female connector
Integrated Wi-Fi 802.11 a/b/g/n client, Wi-Fi 802.11 b/g/n server for max.
128 clients
Antenna SMA female, antenna diversity
VoIP to GSM gatewayVoice Gateway SW key
Mobile IP VPN tunnelMobile IP SW key
Expansion SW key for increasing OpenVPN clients from 10 to 25 and
other features (see table Server extension).
Various antennas suitable for your application are availableAntennas
DIN rail bracketMounting kit
4.5. Models offerings
Ordering code (Part No’s)
Trade name: MG102i
Type (according internal module(s)): MG102i-U, MG102i-L, MG102i-2U
Code (according to next HW modules): e.g. MG102i-UW
MG102i - XXyy - zzz
XX – module type
FunctionalityModuleCode
GPRS/EDGE/UMTS/HSPAUMTSMG102i-U
GPRS/EDGE/UMTS/HSPA+/LTELTEMG102i-L
GPRS/EDGE/UMTS/HSPA2×UMTSMG102i-2U
yy – HW modules
empty – basic model (no HW module)
W – Wifi (Wireless Local Area Network) internal module (Part No. MG102i-HW-WLAN)
Note: The WLAN module for MG102i-2U or MG102i-L has to be always ordered together with
the GPS SW feature key.
zzz – SW feature keys
empty – empty no SW feature key
G – GPS receiver (Part No. MG102i-SW-GPS)
19© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 20
Product
M – MobileIP VPN tunnel option - see http://en.wikipedia.org/wiki/Mobile_IP for short explanation.
(Part No. MG102i-SW-Mobile IP)
S – Server extension
(Part No. MG102i-SW-Server Ext.)
Server extensionStandardFeature
3510DHCP reservations
3510Local host names
3520Napt rules
3520Firewall rules
1510Firewall address groups
2510OpenVPN clients
3010Static routes
–Mobile IP
–DynDNS server
V – Voice Gateway - receive VoIP packets from LAN and change it to calls to the GSM/UMTS
network and transform calls incoming from mobile network to the VoIP packets into the LAN.
(Part No. MG102i-SW-VoIP)
Code examples:
MG102i-U = UMTS
MG102i-UW = UMTS + WLAN
MG102i-L(G) = LTE+GPS
MG102i-LW(G)(S) = LTE + WLAN + GPS + Server extension
4.6. Accessories
4.6.1. DIN rail bracket
Fig. 4.8: DIN rail bracket
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.20
Page 21
Product
Fig. 4.9: MG102i with DIN rail bracket
DIN rail bracket
Installation bracket for DIN rail mounting. For usage details see chapter Mounting and chapter Dimensions.
21© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 22
Bench test / Step-by-Step guide
5. Bench test / Step-by-Step guide
Before starting to work with the HW please be sure that you have a SIM card enabled for data and you
have all the necessary information from the mobile operator (PIN, APN, login, passwd)
5.1. Connecting the hardware
5.1.1. Install the SIM card
Insert a SIM card into the SIM socket. If the router has two SIM card sockets, use the first one. Make
sure the SIM is enabled for data transmission.
There are two reasons for installing the SIM card as the first task: a) the SIM card could be damaged
when inserted into the powered equipment, b) the information from SIM card are read only after a power
cycle.
5.1.2. Connect the GSM/UMTS antenna
Fit a GSM/UMTS antenna. For details see Section 4.6, “Accessories” or contact RACOM for suitable
antennas.
5.1.3. Connect the LAN cable
Connect one M!DGE/MG102i Ethernet port to your computer using an Eth cat.5 cable.
5.1.4. Connect the power supply
Connect the power supply wires to the M!DGE/MG102i screw terminals, ensuring correct polarity.
Switch on the power supply.
5.2. Powering up your wireless router
Switch on your power supply. The status LED flashes for a few seconds and after 8 seconds it starts
blinking to a green light. After approximately 30 seconds your router will have booted and will be ready;
the Status LED remains shining.
When the Mobile Connection is enabled the Connect LED starts blinking while connecting to the
GPRS/UMTS network – the color (green/orange/red) represents the signal strength (excellent, medium,
weak).
You’ll find the description of the individual LED states in Section 4.3, “Indication LEDs”.
5.3. Connecting MG102i to a programming PC
a. Please connect the Ethernet interfaces of your computer and MG102i.
b. If not yet enabled, please enable the Dynamic Host Configuration Protocol (DHCP) so that your
computer can lease an IP address from MG102i. Wait a moment until your PC has received the
parameters (IP address, subnet mask, default gateway, DNS server).
Alternative: Instead of using the DHCP, configure a static IP address on your PC (e.g.
192.168.1.10 mask 255.255.255.0) so that it is operating in the same subnet as the MG102i.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.22
Page 23
Bench test / Step-by-Step guide
The default IP addresses are:
• 192.168.1.1 for Eth1
• 192.168.1.1 for Eth2
• 192.168.1.1 for Eth3
• 192.168.1.1 for Eth4
• 192.168.5.1 for Eth5
The default subnet mask is 255.255.255.0 for all interfaces.
c. Start a Web Browser on your PC. Type the MG102i IP address in the address bar:
http://192.168.1.1
d. Please set a password for the admin user account. Choose something that is both easy to remember
and a strong password (such as one that contains numbers, letters and punctuation). The password
shall have a minimum length of 6 characters. It shall contain a minimum of 2 numbers and 2 letters.
Note
For security reasons, there is no default password.
e. Agree to the terms and conditions. The user is now obliged to accept our end user license agree-
ment during the initial MG102i setup.
5.4. Basic setup
The M!DGE/MG102i Web Manager can always be reached via the Ethernet interface. After successful
setup, Web Manager can also be accessed via the mobile interface. Any up to date web browser can
be used. Any web browser supporting JavaScript can be used. By default, the IP address of the Ethernet
interface is 192.168.1.1, the web server runs on port 80.
The minimum configuration steps include:
1. Defining the admin password
2. Entering the PIN code for the SIM card
3. Configuring the Access Point Name (APN)
4. Starting the mobile connection
Note
Router (M!DGE or MG102i) can be safely turned off by unplugging the power supply.
23© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 24
Installation
6. Installation
6.1. Mounting
M!DGE/MG102i Wireless Router is designed for a DIN rail mounting or on a panel using flat bracket.
Please consider the safety instructions in Chapter 10, Safety, environment, licensing.
6.2. Antenna mounting
M!DGE/MG102i Wireless Routers will only operate reliably over the GSM network if there is a strong
signal. For many applications the flexible stub antenna provided would be suitable but in some circumstances it may be necessary to use a remote antenna with an extended cable to allow the antenna itself
to be positioned so as to provide the best possible signal reception. RACOM can supply a range of
suitable antennas.
Beware of the deflective effects caused by large metal surfaces (elevators, machine housings, etc.),
close meshed iron constructions and choose the antenna location accordingly. Fit the antenna or
connect the antenna cable to the GSM antenna connector.
In external antennas the surge protection of coaxial connection would be required.
Note
Be sure that the antenna was installed according to the recommendation by the antenna
producer and all parts of the antenna and antenna holder are properly fastened.
6.3. Power supply
MG102i can be powered with an external power source capable of voltages from 10 to 55 Volts DC.
MG102i should be powered using a certified (CSA or equivalent) power supply, which must have a
limited and SELV circuit output.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.24
Page 25
Web Configuration
7. Web Configuration
7.1. HOME
This page gives you a system overview. It helps you when initially setting up the device and also
functions as a dashboard during normal operation.
The highest priority link which has been established successfully will become the so-called hotlink
which holds the default route for outgoing packets.
Detailed information about status of each WAN interface is available in a separate window.
25© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 26
Web Configuration
7.2. INTERFACES
Details for all physical connections are given in Section 4.2, “Connectors”.
7.2.1. WAN
Link Management
Each available item in the WAN Link Manager matches with the particular WAN interface - for adding
an item, the respective WAN interface must be set (e.g. LAN, WWAN).
In case a WAN link goes down, the system will automatically switch over to the next link in order of
priority (the priorities can be changed using the arrows on the right side of the window). A link can be
either established when the switch occurs or permanently to minimize link downtime.
1st priority: This link will be used whenever possible.
2nd priority: The first fallback technology.
Up to four priorities can be used.
Outgoing traffic can also be distributed over multiple links on a per IP session basis. Choose the option
"distributed" as an Operation Mode with the appropriate Weight.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.26
Page 27
Web Configuration
In the following example, the outgoing traffic will be distributed between LAN2 (80 %) and WWAN1 (20
%) links.
Note
This option is general and applies to all outgoing traffic. See section 7.3.3 Multiple Routes
for more detailed configuration.
We recommend using the permanent option for WAN links. However, in case of time-limited mobile
tariffs, the switchover option should be used.
After clicking on the WWAN "Edit" button, you can additionally set the "IP passthrough" option for the
LAN2 interface. The result is that the connected device over the LAN2 port will obtain M!DGE's/MG102i's
mobile IP address via DHCP. In another words, M!DGE/MG102i will be transparent for the connected
device and will only serve for the mobile connectivity. Typically, such connected device (e.g. firewall)
will not need any special configuration facing M!DGE/MG102i, it will just use its mobile IP address
(usually the public IP address).
Once established, a small subnet containing the cellular IP is created, by default the netmask is
255.255.255.248. This small subnet consists of a network and broadcast address as a regular subnet.
In some situations it may lead to unreachability of several remote hosts due to IP address overlapping.
If this is the case, user can manually configure the APN network, e.g. 10.203.0.0/255.255.128.0.
In any case, the M!DGE unit is reachable via the default gateway automatically obtained from
M!DGE/MG102i by DHCP. The gateway IP address is set as the first available IP address after the
specified APN address range. If not specified, it is the first usable IP within the /29 subnet.
Example: If the APN network is 10.203.0.0/25, the default gateway is set to 10.203.128.0. The web
interface is reachable via this IP address over the LAN2 interface.
Note
This option is configurable within WWAN links only. Remember that LAN1 cannot be
•
used as the port for the IP passthrough functionality.
• LAN10 is not usable within M!DGE/MG102i routers. Do not select it.
27© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 28
Web Configuration
Connection Supervision
Network outage detection can be used for switching between available WAN links and can be performed
by sending pings on each link to authoritative hosts. A link will be declared as down if all trials have
failed. The link will be considered up again if at least one host is reachable.
You may further specify an emergency action if no uplink can be established at all.
Configurable actions are:
• None
• Restart link services
• Reboot system
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.28
Page 29
Web Configuration
Link: The WAN link to be monitored (can be ANY for all configured links).
Mode: Specifies whether the link is monitored during the connection estab-
lishment or only when it is already up.
Primary host: Reference host one which will be used for checking IP connectivity
(via ICMP pings).
Secondary host: Reference host two which will be used for checking IP connectivity
(via ICMP pings). The test is considered successful if either the
primary or the secondary host answers.
Ping timeout: Time for which the system is waiting for the ping response. With
mobile networks the response time can be quite long (several
seconds) in special cases. You can check the typical response using
SYSTEM – Troubleshooting – Network Debugging – Ping. The first
response typically takes a longer time than the following ones in
GPRS/UMTS networks, the Ping timeout should be set to the longer
time than with the first response.
Ping interval: Time to wait before sending the next probe.
Retry interval (if ping failed): If the first trial fails, ping hosts in this modified interval until the ping
is successful or the maximum number of failed trials is reached.
Max. number of failed trials: The maximum number of failed ping trials until the ping check will
be declared as failed.
Emergency action: Configure the Emergency action which should be taken after the
maximum downtime is reached. Using "reboot" perfoms the system
reboot. The option "restart services" restarts all link-related applications including the modem reset. No action is done if the "none"
29© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 30
Web Configuration
option is set. Configure the maximum amount of downtime in minutes
for which the link could not be established.
Settings
The maximum segment size defines the largest amount of data of TCP packets (usually MTU minus
40). You may decrease the value in case of fragmentation issues or link-based limits.
MSS adjustment Enable or disable MSS adjustment on WAN interfaces.
Maximum segment size Maximum number of bytes in a TCP data segment.
7.2.2. Ethernet
M!DGE/MG102i routers ship with 2 (MG102i has 5) dedicated Ethernet ports (ETH1 and ETH2) which
can be linked via RJ45 connectors.
ETH1 usually forms the LAN1 interface which should be used for LAN purposes. Other interfaces can
be used to connect other LAN segments or for configuring a WAN link. The LAN10 interface will be
available as soon as a pre-configured USB Ethernet device has been plugged in (e.g. X5 Ethernet/USB
adapter).
Port Setup - Port Assignment
This menu can be used to individual assigning of Ethernet ports to LAN interfaces if you want to have
different subnets per port or to use one port as the WAN inteface.
If it is desired to have both ports in the same LAN you may assign them to the same interface. Please
note that the ports will be bridged by software and operated by running the Spanning Tree Protocol.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.30
Page 31
Web Configuration
Port Setup - Link Settings
Link negotiation can be set for each Ethernet port individually. Most devices support auto negotiation
which will configure the link speed automatically to comply with other devices in the network. In case
of negotiation problems, you may assign the modes manually but it has to be ensured that all devices
in the network utilize the same settings then.
31© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 32
Web Configuration
VLAN Management
M!DGE/MG102i routers support Virtual LAN according to IEEE 802.1Q which can be used to create
virtual interfaces on top of the Ethernet interface. The VLAN protocol inserts an additional header to
Ethernet frames carrying a VLAN Identifier (VLAN ID) which is used for distributing the packets to the
associated virtual interface. Any untagged packets, as well as packets with an unassigned ID, will be
distributed to the native interface. In order to form a distinctive subnet, the network interface of a remote
LAN host must be configured with the same VLAN ID as defined on the router. Further, 802.1P introduces
a priority field which influences packet scheduling in the TCP/IP stack.
The following priority levels (from the lowest to the highest) exist:
VLAN Priority LevelsParameter
Background0
Best Effort1
Excellent Effort2
Critical Applications3
Video (< 100 ms latency and jitter)4
Voice (< 10 ms latency and jitter)5
Internetwork Control6
Network Control7
IP Settings
Two individual tabs will be used when different LANs are set in the Port settings menu. Each of them
can be configured either in the LAN mode or in the WAN mode.
Note
The default IP addresses are as follows: 192.168.1.1/24 (LAN1) and 192.168.2.1/24 (LAN2).
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.32
Page 33
Web Configuration
Static configuration of M!DGE's/MG102i's own IP address and Subnet mask is available for the LAN
mode. The Alias IP address enables configuring the LAN inteface with a second IP address/subnet.
Note
Setting of the IP address is interconnected with the DHCP Server (if enabled) - menu the
SERVICES - DHCP Server menu.
33© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 34
Web Configuration
WAN mode enables the following possibilities:
DHCP client: The IP configuration will be retrieved from a DHCP server in the network. No further
configuration is required (you may only set MTU).
Static IP: IP configuration will be set manually. At least the Default gateway and the Primary
DNS server must be configured along with the IP address and subnet mask.
PPPoE: PPPoE is the preferred protocol when communicating with another WAN access
device (like a DSL modem).
Username: PPPoE user name to be used for authentication at the
access device.
Password: PPPoE password to be used for authentication at the
access device.
Service Name: Specifies the service name set of the access concentrat-
or. Leave it blank unless you have many services and
need to specify the one you need to connect to.
Access Concentrator
Name:
This may be left blank and the client will connect to any
access concentrator.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.34
Page 35
Web Configuration
7.2.3. Mobile
SIMs
The SIM page gives an overview about the available SIM cards, their assigned modems and the current
states. Once a SIM card has been inserted, assigned to a modem and successfully unlocked, the card
should remain in the ready and registered state. You may update the state in order to restart PIN unlocking and trigger another network registration attempt.
Configuration
A SIM card is generally assigned to a default modem but this may switch, for instance if you set up two
WWAN interfaces with one modem but different SIM cards. Close attention has to be paid when other
services (such as SMS or Voice) are operating on that modem as a SIM switch will affect their operation.
You can configure the following parameters:
35© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 36
Web Configuration
PIN protection Depending on the used card, it can be necessary to unlock the SIM with a
PIN code. Please check the account details associated with your SIM
whether the PIN protection is enabled.
PIN code The PIN code for unlocking the SIM card
PUK code The PUK code for unlocking the SIM card if the card was blocked due to
several wrong PIN attempts.
Default modem The default modem assigned to this SIM card.
Bands The list of allowed bands to which the unit can connect.
Preferred service The preferred service type to be used with this SIM card. Remember that the
link manager might change this in case of different settings. The default option
is "automatic", in areas with interfering base stations you can force a specific
type (e.g. 3G-only) in order to prevent any flapping between the stations
around.
Registration mode The default option is set to "all networks". You can limit the modem registration
to "packet-switched only" (e.g. no Dial-in Server) or "circuit-switched only"
option, which can be for example used for the Dial-in Server so one can use
PPP over the Circuit-Switched Networks (analog modem style).
Network selection LAI is a globally unique number that identifies the country, network provider
and LAC of any given location area. It can be used to force the modem to
register to a particular mobile cell in case of competing stations.
You may further initiate mobile network scan for getting networks in range
and assign a LAI manually.
Query
This page allows you to send a Hayes AT command to the modem. Besides the 3GPP-conforming AT
command set, further modem-specific commands can be applied which can be provided on demand.
Some modems also support to run Unstructured Supplementary Service Data (USSD) requests, e.g.
for querying the available balance of a pre-paid account.
WWAN Interfaces
This page can be used to manage your WWAN interfaces. The resulting link will pop up automatically
on the WAN Link Management page once an interface has been added. The Mobile LED will be
blinking during the connection establishment process and goes on as soon as the connection is up.
Refer to the troubleshooting section or log files in case the connection did not come up.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.36
Page 37
Web Configuration
The following mobile settings are required:
Modem The modem to be used for this WWAN interface
SIM The SIM card to be used for this WWAN interface
Preferred service The preferred service type
Please note that these settings supersede the general SIM based settings as soon as the link is being
dialed.
Generally, the connection settings are derived automatically as soon as the modem has been registered
and the network provider has been found in our database. Otherwise, it will be required to configure
the following settings:
Phone number The phone number to be dialed, for 3G+ connections this commonly refers
to be *99***1#. For circuit switched 2G connections you can enter the fixed
phone number to be dialed in the international format (e.g. +420xx).
Access point name The access point name (APN) being used
Authentication The authentication scheme being used, if required this can be PAP or/and
CHAP
Username The username used for authentication
Password The password used for authentication
Further on, you may configure the following advanced settings:
Required signal strength The minimum required signal strength before the connection is
dialed. It can be specified as the RSSI level in dBm units, or as the
Quality level in percent. See the "more info" button to see the exact
values.
Home network only Determines whether the connection should only be dialed when
registered to the home network.
Negotiate DNS Specifies whether the DNS negotiation should be performed and
the retrieved name-servers should be applied to the system.
37© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 38
Web Configuration
Call to ISDN This option must be enabled in case of 2G connections talking to
an ISDN modem.
Header compression Enables or disables Van Jacobson TCP/IP Header Compression
for PPP-based connections. This feature will improve TCP/IP performance over slow serial links. Has to be supported by your provider.
Data compression Enables or disables the data compression for PPP-based connec-
tions. Data compression reduces the packet size to improve
throughput. Has to be supported by your provider.
Client address Specifies a fixed client IP address on the mobile interface.
MTU The Maximum Transmission Unit represents the largest amount of
data that can be transmitted within one IP packet and can be defined
for any WAN interface.
7.2.4. WLAN
WLAN Management
In case your router is shipping with a WLAN (or Wi-Fi) module you can operate it either as client, access
point or managed mode. As a client it can create an additional WAN link which for instance can be
used as backup link. As access point, it can form another LAN interface which can be either bridged
to an Ethernet-based LAN interface or create a self-contained IP interface which can be used for routing
and to provide services (such as DHCP/DNS/NTP) in the same way like an Ethernet LAN interface
does.
If the administrative status is set to disabled, the module will be powered off in order to reduce the
overall power consumption. Regarding antennas, we generally recommend using two antennas for
better coverage and throughput. A second antenna is definitely mandatory if you want to achieve
higher throughput rates in 802.11n.
Configurable parameters for access-point and client mode:
Regulatory Domain Select the country the Router operates in.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.38
Page 39
Web Configuration
Number of antennas Set the number of connected antennas.
Antenna gain Specify the antenna gain for the connected antennas. Please refer to the
antennas datasheet for the correct gain value.
Important
Please be aware that any inappropriate parameters can lead to an infringement of conformity
regulations.
A WLAN client will automatically become a WAN link and can be managed as described in chapter
Section 7.2.1, “WAN”
Running as access point, you can further configure the following settings:
Operation type Specifies the desired IEE 802.11 operation mode, 802.11a can be used in the 5
GHz band, higher throughput in 20/40 MHz mode can be achieved with 802.11n.
Radio band Selects the radio band to be used for connections, depending on your module it
could be 2.4 or 5 GHz.
Bandwidth Specify the channel bandwidth operation mode.
Channel Specifies the channel to be used.
Data RateBandwidthFrequenciesStandard
54 Mbit/s20 MHz5 GHz802.11a
11 Mbit/s20 MHz2.4 GHz802.11b
54 Mbit/s20 MHz2.4 GHz802.11g
300 Mbit/s20/40 MHz2.4/5 GHz802.11n
39© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 40
Web Configuration
Prior to setting up an access point, it is always a good idea to run a network scan for getting a list
of neighboring WLAN networks and then choose the less interfering channel. Please keep in mind that
two adequate channels are required for getting good throughputs with 802.11n in the 40 MHz radio
band.
Running in client mode, you can select the network to which you want to connect to and enter the
required authentication settings. You may also perform a WLAN network scan and pick the settings
from the discovered information directly. The credentials can be obtained by the operator of your WLAN
access point.
Running in managed mode, the access-point can be controlled over CAPWAP (RFC 5415). It establishes
a layer-2 tunneling protocol to encrypt transmission of user data from connected stations. You can
configure the following settings:
Primary Access Controller Specifies the primary access controller.
Secondary Access Controller Specifies the secondary access controller.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.40
Page 41
Web Configuration
WLAN Configuration
Running in access point mode you can define up to 4 SSIDs with each running their own network
configuration. This section can be used to configure security-related settings.
SSID The network name (called SSID).
Security mode The desired security mode (such as WPA PSK), WPA (802.1x) can be used to
authenticate against a remote RADIUS server which can be configured in Section 7.7.2, “Authentication”.
WPA/WPA2 mixed mode WPA2 should be preferred over WPA1, running WPA/WPA2 mixed-mode
offers both.
WPA cipher The WPA cipher to be used, the default is to run both (TKIP and CCMP).
Passphrase The passphrase used for authentication.
Force PMF Enables Protected Management Frames.
41© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 42
Web Configuration
Hide SSID Hides the SSID.
Isolate clients Disables client-to-client communication.
Accounting Sets accounting profile.
The following security modes can be configured:
Off SSID is disabled
None No authentication, provides an open network.
WEP WEP (is nowadays discouraged).
WPA-PSK WPA-PSK (TKIP, CCMP) aka WPA-Personal/Enterprise, provides password-based
authentication.
WPA-RADI-USEAP-PEAP/MSCHAPv2, can be used to authenticate against a remote RADIUS server
which can be configured in Section 7.7.2, “Authentication”.
WPA-TLS EAP-TLS, performs authentication using certificates which can be configured in Sec-
tion 7.7.6, “Keys & Certificates”.
Running in the client mode, it is possible to connect to one ore more remote access-points. The system
will switch to the next network in the list in case one goes down and return to the highest prioritized
network as soon as it comes back.
SSID The network name (called SSID).
Priority The required WLAN priority.
Required signal strength Required signal strength to establish the connection.
Security mode The desired security mode.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.42
Page 43
Web Configuration
WPA/WPA2 mixed mode WPA2 should be preferred over WPA1, running WPA/WPA2 mixed-
mode offers both.
WPA cipher The WPA cipher to be used, the default is to run both (TKIP and
CCMP).
Identity The identity used for WPA-RADIUS and WPA-EAP-TLS.
Passphrase The passphrase used for authentication with WPA-PSK, otherwise
the key passphrase for WPA-EAP-TLS.
Force PMF Enables Protected Management Frames.
You can perform a WLAN network scan and pick the settings from the discovered information directly.
The authentication credentials have to be obtained by the operator of the remote access point.
WLAN IP Settings
This section lets you configure the TCP/IP settings of your WLAN network.
A client interface can be run over DHCP or with a statically configured address and default gateway.
The access point networks can be bridged to any LAN interface for letting WLAN clients and Ethernet
hosts operate in the same subnet. However, for multiple SSIDs we strongly recommend to set up
separated interfaces in routing-mode in order to avoid unwanted access and traffic between the inter-
43© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 44
Web Configuration
faces. The corresponding DHCP server for each network can be configured in afterwards as described
in Section 7.6.2, “DHCP Server”.
Network mode Choose whether the interface shall be operated bridged or in routing
mode.
Bridge interface If bridged, the LAN interface to which the WLAN network should be
bridged.
IP address / netmask In routing-mode, the IP address and netmask for this WLAN network.
7.2.5. USB
Administration
Enable or disable the USB administration. If enabled, any supported USB converter can be attached
and configured for example as another serial link (RS232, see Section 7.2.6, “Serial Port”).
Note
Supported modules are pl2303, ch341, ftdi (quad-channel adapter), asix, pegasus and rndis.
Following parameter can be configured:
• Enable hotplug (always enabled)
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.44
Page 45
Web Configuration
Click on the Refresh button in the tab Devices for displaying connected USB devices and add them
with by clicking on the plus sign.
Autorun
This feature can be used to automatically perform a software/config update as soon as an USB storage
stick has been plugged in. Following files must exist in the root directory of a FAT16/32 formatted stick:
• For authentication: autorun.key
• For a software update: sw-update.img
• For a configuration update: cfg-<SERIALNO>.zip or cfg.zip
Administrative status Enable or disable autorun feature.
Only allow enabled devices Check this if only enabled devices are allowed to proceed with
autorun.
45© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 46
Web Configuration
The autorun.key file must hold valid access keys to perform any actions when the storage device
is plugged in. The keys are made up of your admin password. They can be generated and downloaded.
You may also define multiple keys in this file (line-after-line) in case your admin password differs if
applied to multiple M!DGE/MG102i routers.
7.2.6. Serial Port
The serial protocol can function in various ways, configure it using the Edit button on the right. If the
USB Administration is enabled, an extra SERIAL2 (USB) is available.
Five possibilities are available:
None The serial port is not used at all.
Login console A possibility to control the unit via the CLI commands when connected to the
serial port (115200 8N1). There are no extra configuration parameters.
Device server Use this option to control the serial device via IP (transmit the data over the
cellular network, ...). See the details below.
Protocol server Special implementation of various serial protocols like Modbus, IEC101, DNP3, ...
See the details below.
SDK This option enables controlling the serial interface via the SDK scripts (similar
to C programming). See chapter SDK for more details.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.46
Page 47
Device Server
Web Configuration
Serial Port Settings: Configure the required RS232 parameters.
Physical protocol: Only RS232 is supported.
Baud rate: Specifies the baud rate of the COM port.
Data bits: Specifies the number of data bits contained in each frame.
Parity: Specifies the parity used with every frame that is trans-
mitted or received.
Stop bits: Specifies the number of stop bits used to indicate the end
of a frame.
Software flow
control:
Hardware flow
control:
Server Configuration: “Telnet” or “TCP raw”Protocol on IP port:
Port: The TCP port used by the application.
In XON/XOFF software flow control, either end can send
a stop (XOFF) or start (XON) character to the other end
to control the rate of incoming data.
While 3 wired connection is used with M!DGE/MG102i
hardware flow control is not available.
Timeout: Endless or numbered (in seconds).
47© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 48
Web Configuration
Allow remote control
(RFC 2217)
Show banner The option for displaying the banner of the connected
Allow clients from The option for limiting the access based on the host IP
Important
The UDP Device Server functionality has been moved into SDK only. The required script
for this functionality can be provided on demand.
Protocol Server
The port settings configuration is the same as with the Device Server - the section called “Device
Server” except the Advanced settings called MTU and Idle size.
MTU
An incoming frame is closed at this size even if the stream of bytes continues. Consequently, a permanent data stream coming to the serial interface results in a sequence of MTU-sized frames sent over
the network. The default value is set to 1400 bytes.
Telnet with the RFC 2217 extension.
serial device.
address.
Idle size
Received frames on COM are closed when the gap between bytes is longer than the Idle value. This
parameter defines the maximum gap (in milliseconds) in the received data stream. If the gap exceeds
this value, the link is considered idle, the received frame is closed and forwarded to the network.
The default Idle size differs based on the serial baud rate configuration. Remember that the default
Idle sizes are set to the minimal possible values:
msbps
120115200
6057600
3038400
2019200
109600
54800
52400
51200
5600
5300
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.48
Page 49
Web Configuration
Each SCADA protocol like Modbus, DNP3, IEC101, DF1 etc. has its unique message format, most
importantly its unique way of addressing the remote units. The following text is valid for all
M!DGE/MG102i/RipEX units (further in this the section called “Protocol Server” referred to as a "Unit")
- the special properties for mobile GPRS/UMTS networks (e.g. limitation of broadcasting) are mentioned
here. The basic task for the protocol server is to check whether a received frame is within the protocol
format and is not corrupted. Most of the SCADA protocols are using some type of Error Detection Code
(Checksum, CRC, LRC, BCC, etc.) for data integrity control, so each Unit calculates this code and
checks it against the received one.
GPRS/UMTS mobile network operates in IP environment, so the basic task for the Protocol server is
to convert SCADA serial packets to UDP datagrams. The Address translation settings are used to
define the destination IP address and UDP port. Then these UDP datagrams are sent to the
M!DGE/MG102i router, processed there and are forwarded as unicasts through the mobile network to
their destination. When the gateway defined in the Routing table belongs to the Ethernet LAN, UDP
datagrams are instead forwarded to the Ethernet interface. After reaching the gateway, the datagram
is forwarded according to the Routing table.
When the UDP datagram reaches its final IP destination, it should be in a M!DGE/MG102i or RipEX
router again. It is processed further according to its UDP port. It can be delivered to the Protocol server
where where the datagram is decapsulated and the data received on the serial interface of the source
unit are forwarded to COM. The UDP port can also be that of a Terminal server (RipEX) or any other
special protocol daemon on Ethernet like Modbus TCP etc. The datagram is then processed according
to the respective settings.
Note
All timeouts in the parameters described below are derived from the time when the packet
is sent into the COM driver, i.e. it includes the transfer time of the packet. Take this into
account especially when there is a low Baud rate set in the COM settings.
49© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 50
Web Configuration
Important
If configuring the Protocol server together with VPN tunnels the "Poll response control"
protocol specific parameter must be turned off.
Common parameters
For any SCADA protocol, the Transport protocol and the specific port can be chosen. The default values
is UDP port 8882. The unit listens on this port for incoming messages and forwards them to the Protocol
server itself.
Note
Only UDP protocol is currently implemented.
The parameters described in this section are typical of most protocols.
There is only a link to them in description of the respective Protocol.
Mode of Connected device
List box: Master, Slave
Default = Master
The typical SCADA application follows the Master–Slave scheme where the structure of the message
is different for the Master and Slave SCADA units. Because of that, it is necessary to set which type
of SCADA unit is connected to the Unit.
Important
For the SCADA Master, set Master, for the SCADA Slave, set Slave.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.50
Page 51
Web Configuration
• Master
TheSCADA Master always sends addressed messages to Slaves. Addressing is different for each
SCADA protocol, so this is one of the main reasons why an individual Protocol server in each Unit
for each SCADA protocol has to be used.
○ Broadcast
List box: On, Off
Default = Off
Some Master SCADA units send broadcast messages to all Slave units. SCADA applications
typically use a specific address for such messages. RipEX (Protocol utility) converts such messages into a customized IP broadcast and broadcasts it to all RipEX units resp. to all SCADA
units within the network.
Note
Broadcasts in the GPRS/UMTS network are not possible, thus setting of broadcast
functionality is not allowed with M!DGE/MG102i units.
If On, the address for broadcast packets in the SCADA protocol has to be defined:
■ Broadcast address format - List box Hex, Dec - format in which the broadcast address is
defined.
■ Broadcast address - address in the defined format (Hex, Dec)
○ Address translation
List box: Table, Mask
Default = Mask
In a SCADA protocol, each SCADA unit has a unique address, a "Protocol address". In a
GPRS/UMTS mobile network, each SCADA unit is represented by an IP address (typically that
of the ETH interface) and a UDP port (that of the protocol daemon or the COM port server to
which the SCADA device is connected via serial interface).
A translation between the "Protocol address" and the IP address & UDP port pair has to be
done. It can be done either via Table or Mask.
Hence, a SCADA message received from the serial interface is encapsulated into a UDP/IP
datagram, where the destination IP address and the destination UDP port are defined according
to the settings of the Address translation.
■ Mask
Translation using the Mask is simpler to set, however it has some limitations:
− all IP addresses used have to be within the same network, which is defined by this Mask
−the same UDP port is used for all the SCADA units, which results in the following:
− SCADA devices on all sites have to be connected to the same interface
− only one SCADA device can be connected to one COM port
• Base IP
Default = IP address of the ETH interface
When creating the IP destination address of UDP datagram, in which the serial SCADA
message received from COM is encapsulated, thi is created, this Base IP is taken as the
basis and only the part defined by the Mask is replaced by the 'Protocol address'.
• Mask
Default = 255.255.255.0
A part of the Base IP address defined by this Mask is replaced by the 'Protocol address'.
The SCADA protocol address is typically 1 byte, so Mask 255.255.255.0 is most frequently
used.
• UDP port (Interface)
List box: COM, Manual
51© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 52
Web Configuration
This UDP port is used as the destination UDP port in the UDP datagram in which the
serial SCADA packet received from COM1 is encapsulated. The default UDP port for
COM can be used or the UDP port can be set manually. If the destination IP address
belongs to a Unit and the UDP port is not assigned to COM (COM1(2) or to a Terminal
server in case of RipEX) or to any special daemon running in the destination address,
the packet is discarded.
Note
M!DGE/MG102i use UDP port 8882 for its COM port.
■ Table
The Address translation is defined in a table. There are no limitations such as when the Mask
translation is used. If there are more SCADA units on the RS485 (e.g. with RipEX COM2)
their interface, their “Protocol addresses” should be translated to the same IP address and
UDP port pair, where the multiple SCADA units are connected. There are 3 possibilities how
to fill in the line in the table:
− One "Protocol address" to one "IP address" (e.g.: 56 −−> 192.168.20.20)
− Range of "Protocol addresses" to one "IP address" (e.g.: 56 – 62 ===> 192.168.20.20)
− Range of "Protocol addresses" to range of "IP addresses" (e.g.: 56 – 62 ===> 192.168.20.20
– 26). One option is to write only the start IP and a dash, the system will add the end address
itself.
• Protocol address
This is the address which is used by the SCADA protocol. It may be set either in Hexadecimal or Decimal format according to the List box value.
Protocol address length can be 1 byte, but for the DNP3 and UNI protocols support 2
bytes addresses.
• IP
The IP address to which Protocol address will be translated. This IP address is used as
the destination IP address in the UDP datagram in which serial SCADA packet received
from COM is encapsulated.
• UDP port (Interface)
This is the UDP port number which is used as the destination UDP port in the UDP datagram in which the serial SCADA message, received from COM, is encapsulated.
• Note
You may add a note to each address up to 16 characters long for your convenience. (E.g.
“Remote unit #1”).
• Active
You may tick/un-tick each translation line in order to make it active/not active.
• Modify
Edit, Delete Add buttons allow to edit or to add or to delete a line. The lines can be sorted
using up and down arrows.
• Slave
The SCADA Slave typically only responds to Master requests, however in some SCADA protocols
it can communicate spontaneously.
Messages from the serial interface are processed in a similar way as the Master site, i.e. they are
encapsulated in UDP datagrams, processed by the router inside the M!DGE/MG102i unit and forwarded to the respective interface, typically to the mobile network.
○ Broadcast accept
List box: On, Off
Default = Off
If On, broadcast messages from the Master SCADA device to all Slave units are accepted and
sent to connected Slave SCADA unit.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.52
Page 53
Web Configuration
Important
Broadcasting is not supported with mobile networks.
PROTOCOLS IMPLEMENTED:
Within several protocols, parameter "Poll response control" can be set. Turn it off if using any kind of
port forwarding or VPN tunnels. Otherwise, it can be set to "On". More details about this parameter
can be found at UNI protocol description.
None
All received frames from the COM port as well as from the network are discarded.
Async link
The async link creates asynchronous link between two COM ports on different Units. Received frames
from COM are sent without any processing transparently to the mobile network to set the IP destination
and UDP port. Received frames from the mobile network are sent to the respective COM according to
the UDP port setting.
• Parameters
○ Destination IP
This is the IP address of the destination Unit.
○ UDP port (Interface)
This is the UDP port number which is used as the destination UDP port in the UDP datagram
in which the packet received from COM is encapsulated.
C24
C24 is a serial polling-type communication protocol used in Master–Slave applications.
Multiple C24 Masters can be used within one network and one Slave can be polled by more than one
Master.
Underlined parameters are described in Common parameters.
Mode of Connected device
Master
Address translation
Table
Mask
Slave
• Protocol frames
List box: 1C, 2C, 3C, 4C
Default = 1C
One of the possible C24 Protocol frames can be selected.
• Frames format
53© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 54
Web Configuration
List box: Format1, Format2, Format3, Format4, Format5
Default = Format1
One of the possible C24 Frames formats can be selected. According to the C24 protocol specification,
it is possible to set Frames formats 1–4 for Protocol frames 1C–3C and formats 1–5 for 4C.
Important
The Unit accepts only the set Protocol frames and Frames format combination. All other
combinations frames are discarded by the Unit and not passed to the application.
• Local ACK
List box: Off, On
Default = Off
Available for Protocol frame 1C only. When On, ACK on COM is send locally from this unit, not over
the mobile network.
Cactus
Cactus is a serial polling-type communication protocol used in Master–Slave applications.
Multiple Cactus Masters can be used within one network and one Slave can be polled by more than
one Master.
Underlined parameters are described in Common parameters.
Mode of Connected device
Master
Broadcast
Note: There is no the possibility to set Broadcast address, since
Cactus broadcast messages always have the address 0x00. Hence
when the Broadcast is On, packets with this destination are handled
as broadcasts. Broadcasting is not supported with mobile networks.
Address translation
Table
Mask
Slave
Broadcast accept
• Max gap timeout [ms]
Default = 30
The longest time gap for which a frame can be interrupted and still received successfully as one
frame. It should not be set below 10ms, while 15–40 ms should be OK for a typical Cactus protocol
device.
Comli
Comli is a serial polling-type communication protocol used by Master–Slave applications.
More Comli Masters can be used within one network and one Slave can be polled by more Masters.
Broadcasts packets are not used, so the configuration is using only some parameters described in
Common parameters.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.54
Page 55
Web Configuration
Mode of Connected device
Master
Address translation
Table
Mask
Slave
DF1
Only the full-duplex mode of DF1 is supported. Each frame in the Allen-Bradley DF1 protocol contains
the source and destination addresses in its header, so there is no difference between Master and Slave
in the full-duplex mode in terms of Unit configuration.
• Block control mode
List box: BCC, CRC
Default = BCC
According to the DF1 specification, either BCC or CRC for Block control mode (data integrity) can
be used.
• Broadcast
According to the DF1 specification, packets for the destination address 0xFF are considered
broadcasts. Broadcasts are not supported with the mobile network.
Address translation
Table
Mask
• Advanced parameters
○ ACK Locally
List box: Off, On
Default = On
If "On", ACK frames (0x1006) are not transferred over-the-air.
When the Unit receives a data frame from the connected device, it generates the ACK frame
(0x1006) locally. When the Unit receives the data frame from the mobile network, it sends the
frame to the connected device and waits for the ACK. If the ACK is not received within 1 sec.
timeout, Unit sends ENQ (0x1005). ENQ and ACK are not generated for broadcast packets.
DNP3
Each frame in the DNP3 protocol contains the source and destination addresses in its header, so there
is no difference between Master and Slave in terms of the M!DGE/MG102i configuration. The DNP3
allows both Master–Slave polling as well as spontaneous communication from remote units.
• Broadcast - Note: There is not the option to set the Broadcast address, since DNP3 broadcast
messages always have addresses in the range 0xFFFD – 0xFFFF. Broadcasting is not supported
by mobile networks, thus it is not possible to set the broadcast to On..
Address translation
Table
Mask
55© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 56
Web Configuration
IEC 870-5-101
IEC 870-5-101 is a serial polling-type communication protocol used by Master–Slave application.
More IEC 870-5-101 Masters can be used within one network and one Slave can be polled by more
Masters.
IEC 870-5-101 protocol configuration is using all parameters described in Common parameters.
Mode of Connected device
Master
Broadcast - only On, Off. Protocol broadcast address is not configurable, it is defined
by Address mode in Advance parameter (default 0xFF), but broadcasting is not allowed within mobile networks.
Address translation
Table
Mask
Slave
Broadcast accept
• Advanced parameters
○ Address mode
Even if IEC 870-5-101 is the standard, there are some users who have customized this standard
according to their needs. If addressed byte has been moved, M!DGE/MG102i/RipEX has to read
it at the correct frame position.
■ IEC101
Address byte location according to IEC 870-5-101 standard.
Broadcast from Master station is generated when address byte is 0xFF.
■ 2B ADDR
Two byte address (IEC 870-5-101 standard is 1 byte). The frame is 1 byte longer than the
standard one. There is the Intel sequence of bytes: low byte, high byte. Mask Address
translation has to be used, because Table one is limited to just one byte address length.
The Master station broadcast is generated when the low address byte is 0xFF and high address byte is also 0xFF.
■ TELEGYR
The Control byte in the standard IEC packet is omitted. The frame is 1 byte shorter than a
standard one. This is typically used in the Telegyr 805/809 protocol.
Broadcast from Master station broadcast is generated when the address byte is 0x00.
■ SINAUT
The sequence of Address byte and Control byte in the frame is swapped-over.
Master station broadcast is generated when the address byte is 0x00.
ITT Flygt
ITT Flygt is a serial polling-type communication protocol used in Master–Slave applications.
ITT Flygt protocol configuration uses all parameters described in Common parameters.
Mode of Connected device
Master
Broadcast
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.56
Page 57
Note: There is no possibility to set the Broadcast address, since ITT Flygt
broadcast messages always have the address 0xFFFF. Hence when the
Broadcast is On, packets with this destination are handled as broadcasts.
Broadcasting is not available with mobile GPRS/UMTS networks.
• First Slave Address
Default = 1
Slave addresses are not defined in the ITT Flygt protocol. However
Slave addresses have to be defined in the Unit network. This is the First
Slave address in decimal format.
• Number of Slaves
Default = 1
Since the ITT Flygt protocol Master (centre) polls the Slaves (remotes)
one by one without any addressing, the number of Slaves has to be
defined.
Address translation
Table
Mask
Web Configuration
Slave
Broadcast accept
• Wait timeout [ms]
Default = 5000
An ITT Flygt Slave sometimes sends the WAIT COMMAND (0x13) to its Master. The Unit does not
accept the next WAIT COMMAND (discards it), till the Wait timeout expires. The Recommended
value is in the 1–10 seconds range.
Modbus
Modbus RTU is a serial polling-type communication protocol used by Master–Slave application.
More Modbus Masters can be used within one network and one Slave can be polled by more Masters.
Modbus protocol configuration uses all parameters described in Common parameters.
Mode of Connected device
Master
Broadcast
Address translation
Table
Mask
Slave
Broadcast accept
Profibus
RipEX supports Profibus DP (Process Field Bus, Decentralized Periphery) the widest-spread version
of Profibus. The Profibus DP is supported even by M!DGE/MG102i, but it will work satisfactorily only
with mobile networks with very short transport delays, like LTE or UMTS. The Profibus protocol configuration uses all parameters described in Common parameters.
57© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 58
Web Configuration
Mode of Connected device
Master
Broadcast
Address translation
Table
Mask
Slave
Broadcast accept
RP570
RP570 is a serial polling-type communication protocol used in Master–Slave applications.
Multiple RP570 Masters can be used within one network and one Slave can be polled by more than
one Master.
Underlined parameters are described in Common parameters.
Mode of Connected device
Master
• Local simulation RB
List box: Off, On
Default = Off
The RP570 protocol Master very often transmits the RB packets (hold packets) solely to check
whether Slaves are connected. In order to minimize the mobile network payload, the Unit can be
configured to respond to these packets locally and not to transmit them to the Slaves over the mobile
network.
If On, the Unit responds to RB packets received from the RP 570 master locally over the COM interface. However from time to time (RB period) the RB packets are transferred over the network in
order to check whether the respective Slave is still on. When the RB response from the Slave to
this RB packet is not received over the mobile network within the set RB timeout, i.e. the respective
Slave is out of order, the central Unit stops local answering to RB packets from the master for the
respective Slave.
• RB Net period [s]
Default = 10
The M!DGE/MG102i/RipEX responds to the RB packets locally and in the set RB period the RB
packets are transferred over the network.
• RB Net timeout [s]
Default = 10 (maximum=8190)
Whenever an RB packet is sent over the network, the set RB Net timeout starts. When the RB response from the remote unit (Slave) is not received within the timeout, i.e. the respective Slave is
out of order, the central Unit stops the local answering to RB packets from the master for the respective Slave.
Address translation
Table
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.58
Page 59
Web Configuration
Mask
Slave
Slave
• Local simulation RB
List box: Off, On
Default = Off
The RP570 Slave expects to receive RB packets from the Master. When the Local simulation RB
on the Master is On, the RB packets are transferred over the mobile network only in the RB Net
period (see the Master settings). The Local simulation RB has to be set the same (On or Off) on all
sites in the network, i.e. on the master as well as all Slaves.
If On, the Unit generates RB packets locally and transmits them over the COM interface in the RB
Request period and expects the RB response for each RB packet from the RP570 Slave within the
RB Response timeout. When the Unit does not receive the response(s) from the RP570 Slave, the
Unit does not respond to the RB packet from the Master, which it receives over the mobile networks.
• RB Request period [ms]
Default = 200 (maximum=8190)
M!DGE/MG102i/RipEX sends locally RB packets to the connected RTU in the set period.
• RB Response timeout [ms]
Default = 500 (maximum=8190)
The Unit expects a response to the RB packet within the set timeout. If it is not received, the Unit
does not respond to RB packets from the Master received over the mobile network.
• RTU address (Hex)
Default = 01
Active only when the Local simulation RB is On. The connected RTU’s address is supposed to be
filled in. This address (0x00-0xFF) is used in the RB packets generated locally in the
M!DGE/MG102i/RipEX and transmitted over the COM.
Siemens 3964(R)
The 3964 protocol is utilized by the Siemens Company as a Point-to-Point connection between two
controllers. Meanwhile it has become an industry standard that can be found on many devices as a
universal communications interface. 3964R is the same as 3964, in addition it only uses BCC (Block
Check Character). 3964(R) handle only the link layer (L2 in OSI model), hence Unit uses a similar way
to read “SCADA address” as in UNI protocol.
There is a handshake STX(0x02) – DLE(Ox10) at the start of communication and DLE+ETX – DLE at
the end. This handshake is performed by RipEX locally, it is not transferred over the RipEX network.
Communication goes as follows:
LocalRTU→STX→LocalRipex
LocalRipex→DLE→LocalRTU
LocalRTU→DATA+DLE+ETX+BCC→LocalRipex
LocalRipex→DATA→RemoteRipex*
LocalRipex→DLE→LocalRTU
RemoteRipex→STX→RemoteRTU
RemoteRTU→DLE→RemoteRipex
59© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 60
Web Configuration
RemoteRipex→DATA+DLE+ETX+BCC→RemoteRTU
RemoteRTU→DLE→RemoteRipex
* only this packet is transferred over the RipEX network, all the other ones are handled locally.
Underlined parameters are described in Common parameters.
Mode of Connected device
Master
• Address mode
List box: Binary (1 B), Binary (2B LSB first). Binary (2B MSB first).
Default = Binary (1 B)
M!DGE/MG102i/RipEX reads the Protocol address in the format and
length set (in bytes).
• Address position
Specify the sequence number of the byte, where the Protocol address
starts.
Note 1: 3964(R) protocol uses an escape sequence (control sequence)
for DLE (0x10), i.e. when 0x10 is in user data, 0x1010 is sent instead.
When the address position is calculated, the bytes added by the escape
sequence algorithm are not taken into account.
Note 2: The first byte in the packet has the sequence number 1, not 0.
Broadcast
Address translation
Table
Mask
Slave
Broadcast accept
• DLE timeout [ms]
Default = 1000 (min. 300, max. 8190)
M!DGE/MG102i/RipEX expects a response (DLE) from the connected device (RTU) within the set
timeout. If it is not received, the Unit repeats the frame according to the “Retries” setting.
• Retries [No]
Default = 3 (min. 0, max. 7)
When DLE timeout is „On“, and the DLE packet is not received from the connected device (RTU)
within the set DLE timeout, the Unit retransmits the frame. The number of possible retries is specified.
• Priority
List box: Low, High
Default = Low
When the equipment sends STX and receives STX instead of DLE, there is a collision, both devices
want to start communication. In such a case, one unit has to have priority. If the Priority is High, the
Unit waits for DLE. When it is Low, the Unit send DLE.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.60
Page 61
Web Configuration
Note: Obviously, two devices which are communicating together must be set so that one has High
priority and the other has Low.
• BCC
List box: On, Off
Default = On
BCC (Block Check Character) is a control byte used for data integrity control, it makes the reliability
higher. BCC is used by 3964R, 3964 does not use it.
The unit checks (calculates itself) this byte while receiving a packet on COM. Unit transmits DLE
(accepts the frame) only when the check result is OK. The BCC byte is not transferred over the
network, it is calculated locally in the end Unit and appended to the received data.
UNI
UNI is the "Universal" protocol utility designed by RACOM. It is supposed to be used when the application protocol is not in the Unit list. The key condition is that messages generated by the Master application device always contain the respective Slave address and that address (or its relevant part) position,
relative to the beginning of the message (packet, frame), is always the same (Address position).
Generally two communication modes are typical for the UNI protocol: In the first one, communication
always has to be initiated by the Master and only one response to a request is supported; in the second
mode, Master-Master communication or combination of UNI protocol with ASYNC LINK protocol and
spontaneous packet generation on remote sites are possible.
The UNI protocol is fully transparent, i.e. all messages are transported and delivered in full, without
any modifications.
Underlined parameters are described in Common parameters.
Mode of Connected device
Master
• Address mode
List box: Binary (1 B), ASCII (2 B), Binary (2B LSB first). Binary (2B
MSB first).
Default = Binary (1 B)
M!DGE/MG102i/RipEX reads the Protocol address in the format and
length set (in bytes).
The ASCII 2-byte format is read as 2-character hexadecimal representation of one-byte value. E.g. ASCII characters AB are read as 0xAB
hex (10101011 binary, 171 decimal) value.
• Address position
Specify the sequence number of the byte, where the Protocol address
starts. Note that the first byte in the packet has the sequence number
1, not 0.
• Address mask (Hex)
When the Address mode is Binary 2 bytes, a 16-bit value is read from
the SCADA protocol message according to the Address mode setting
(either the MSB or the LSB first), The resulting value is then bit-masked
by the Address mask and used as the input value for SCADA to IP ad-
61© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 62
Web Configuration
dress translation (e.g. via a table). The default value of the Address
mask is 0xFFFF, hence the full 16-bit value is used by default.
Example:
The Address mode is set to Binary (2B LSB first), the Address mask is
set to 7FF0 and the Address position is set to 2. The SCADA message
starts with bytes (in hex) 02 DA 92 C3 .. The 2-byte address is read as
0x92DA (note the LSB came first in the message), Then 0x7FF0 mask
is applied and the resulting value 0x12D0 (0x92DA & 0x7FF0) is used
as the input for the translation.
• Poll response control
List box: On, Off
Default = On
On – The Master accepts only one response per request and it must
come from the the specific remote to which the request was sent. All
other packets are discarded. This applies to the Master–Slave communication scheme.
Note: It may happen, that a response from a Slave (No.1) is delivered
after the respective timeout expired and the Master generates the request for the next Slave (No.2) in the meantime. In such a case the
delayed response from No.1 would have been considered as the response from No.2. When Poll response control is On, the delayed response from the Slave No.1 is discarded and the Master stays ready
for the response from No.2.
Off – The Master does not check packets incoming from the mobile
network - all packets are passed to the application. That allows e.g.
spontaneous packets to be generated at remote sites. This mode is
suitable for the Master–Master communication scheme or a combination
of the UNI and ASYNC LINK protocols.
Broadcast
Address translation
Table
Mask
Slave
Broadcast accept
7.2.7. Digital I/O
The Digital I/O page displays the current status of the I/O ports and can be used to turn output ports
on or off.
You can apply the following settings:
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.62
Page 63
Web Configuration
Besides on and off you may keep the status after reboot at default which corresponds to the default
state as the hardware will be initialized at power-up.
The digital inputs and outputs can also be monitored and controlled by SDK scripts.
63© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 64
Web Configuration
7.2.8. GNSS
Administration
The GNSS (GPS) page lets you enable or disable the GPS modules present in the system and can be
used to configure the daemon that can be used to share access to receivers without contention or loss
of data and to respond to queries with a format that is substantially easier to parse than the NMEA
0183 emitted directly by the GPS device.
We are currently running the Berlios GPS daemon (version 3.15), please navigate to http://gpsd.berlios.de for getting more information about how to incorporate it. The GPS values can also be queried
by the CLI and used in SDK scripts.
Note
A valid license key is required for running GPS.
Administrative status Enable or disable GPS reception.
Operation mode The operation mode, either standalone or assisted (for A-GPS, im-
proving the startup performance)
Antenna type The type of the connected GPS antenna, either active or passive.
Accuracy The desired accuracy in meters.
Fix frame interval The amount of time to wait between fix attempts
Server port The TCP port on which the daemon is listening for incoming connec-
tions.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.64
Page 65
Web Configuration
Allow clients from Specifies where clients can connect from, can be either every-
where or from a specific network.
Clients start Specifies how client reception is started upon connect. You can
specify on request, which typically requires an R to be sent, or
raw/super-raw mode which will transmit NMEA frames to the
client instantly. If the client supports the JSON format (i.e. newer
libgps is used) the json mode can be specified.
SUPL host/port (in case of AGPS)
APN Access point name (the same as for data transmission set for the
Note
Please consider to restrict access to the server port, either by a specifying a dedicated client
network or by using a firewall rule.
Position
This page shows the current position of the box together with a location map.
The SUPL host/port (IP, hostname) which provides us the information of GPS satellites via data transmission.
mobile connection).
Latitude The geographic coordinate specifying the north-south position.
Longitude The geographic coordinate specifying the east-west position.
Altitude The height above sea level of the current location.
65© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 66
Web Configuration
Location Name of the current location.
Satellites
This page provides you with a satellite view with some additional details.
In the HOME menu, under GNSS status, you can see the current status together with a lot of information
about satellites in range.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.66
Page 67
Web Configuration
Time of last fix The time when the GPS was updated for the last time.
Satellites in view The number of satellites in view as stated in GPGSV frames.
Speed The horizontal and vertical speed in meter per second as stated in
GPRMC frames.
Dilution of precision The dilution of precision as stated in GPGSA frames.
Satellites used The number of satellites used for calculating the position as stated in
GPGGA frames.
Further on, each satellite also comes with the following details:
PRN The PRN code of the satellite (also referred as satellite ID) as stated in GPGSA frames.
Elevation The elevation (up-down angle between the dish pointing direction) in degrees as stated
in GPGSV frames.
Azimuth The azimuth (rotation around the vertical axis) in degrees as stated in GPGSV frames.
SNR The SNR (Signal to Noise Ratio), often referred as signal strength.
Please note that the values are shown as calculated by the daemon, their accuracy might be suggestive.
67© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 68
Web Configuration
Supervision
Administrative status Enable or disable GNSS supervision.
Mode The mode of Supervision - what is validated.
Max. downtime The period of time without valid NMEA information after which an
emergency action will be taken.
Emergency action The corresponding emergency action. You can either let just restart the
server which also re-initializes GPS on the module or also reset the
module in severe cases. Please note that this might also have effect
any running WWAN/SMS services.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.68
Page 69
Web Configuration
7.3. ROUTING
7.3.1. Static Routes
This menu shows all routing entries of the system, which can consist of active and configured ones.
(Netmasks can be specified in CIDR notation, e.g. 24 expands to 255.255.255.0).
Destination: Destination network or host provided by IP addresses in dotted decimal.
Netmask: Subnet mask which forms, in combination with the destination, the network to be
addressed. A single host can be specified by a netmask of 255.255.255.255, a
default route corresponds to 0.0.0.0.
Gateway: The next hop which operates as gateway for this network (can be omitted on peer-
to-peer links).
Interface: Network interface on which a packet will be transmitted in order to reach the gateway
or network behind.
Metric: The routing metric of the interface (default 0). The routing metric is used by routing
protocols, higher metrics have the effect of making a route less favourable; metrics
are counted as additional costs to the destination network.
Flags: (A)ctive, (P)ersistent, (H)ost Route, (N)etwork Route, (D)efault Route
The flags obtain the following meanings:
Active The route is considered active, it might be inactive if the interface
for this route is not yet up
Persistent The route is persistent, which means it is a configured route,
otherwise it corresponds to an interface route
Host The route is a host route, typically the netmask is set to
255.255.255.255.
Network The route is a network route, consisting of an address and net-
mask which forms the subnet to be addressed
69© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 70
Web Configuration
Default Route The route is a default route, address and netmask are set to
0.0.0.0, thus matching any packet
You can check the corresponding routing via the "Route lookup" functionality. Just fill in the desired IP
address and click on the "Lookup" button. The detailed information about the chosen route will be displayed.
Note
The maximum number of manual static routes is 10. This number can be increased to 30
with a SERVER licence.
7.3.2. Extended Routes
Extended routes can be used to perform policy-based routing, they generally precede static routes.
Extended routes can be made up not only of a destination address/netmask but also a source address/netmask, incoming interface and the type of service (TOS) of packets.
Incoming interface The interface on which the packet enters the system
Source address The packet source address
Source netmask The packet source netmask
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.70
Page 71
Web Configuration
Destination address The packet destination address
Destination netmask The packet destination netmask
Protocol Protocol used (ANY, UDP or TCP)
Type of Service The ToS value within the packet header (possible values are any, normal-
service (0), minimize-cost (2), maximize-reliability (4), maximize-throughput
(8), minimize-delay (16))
Route to Specifies the target interface or gateway to where the packet should get
routed to. Check the "discard if down" option for discarding data if the Interface is down (e.g. nothing is connected).
7.3.3. Multipath Routes
Multipath routes perform weighted IP-session distribution for particular subnets across multiple interfaces.
At least two interfaces must be defined to establish the Multipath routing. Additional interfaces can be
added by pressing the "plus" sign.
Target network/netmask The target network for which the Multipath routing will be applied
Interface The interface for the selected path
Weight Interface weight in relation to the others (e.g. values 4 and 1 for two
paths will result in 80 and 20 % of distribution)
Nexthop Nexthop address to be used as a default gateway for the selected in-
terface
71© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 72
Web Configuration
7.3.4. Multicast
Multicast routing (MCR) can be configured and managed by a daemon. Only one MCR daemon can
be used at a time.
M!DGE/MG102i routers ship with two different MCR daemons to select from, depending on your dependencies:
IGMP proxy Forwarding of multicast messages that are dynamically detected on a given interface
to another interface.
Static routes List of MCR rules to forward messages of dedicated source and group from a given
interface to another.
Disabled Disable routing of multicast messages.
IGMP proxy
IGMP proxy which is able to maintain multicast groups on a particular interface and distribute incoming
multicast packets towards the downstream interfaces on which hosts have joined the groups.
Administrative status Specifies whether multicast routing is active.
Incoming interface The upstream interface on which multicast groups are joined and on
which multicast packets come in.
Distribute to Specifies the downstream interfaces to which multicast packets will be
forwarded.
Static Routes
Routes multicast messages in different directions depending on their origin and group based on a given
set of MCR rules:
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.72
Page 73
Web Configuration
Group IP address of MCR group.
Source Source-IP of the packets.
Incoming interface Interface to listen on for messages of given group and source.
Outgoing interface Interface to forward the messages to.
7.3.5. BGP
The BGP tab allows to set up peerings of the M!DGE/MG102i router with other Border Gateway Protocol
enabled routers.
BGP status Specifies whether the BGP routing protocol is active.
AS number The number of the autonomous system to which the M!DGE/MG102i
router belongs (available range: 1 - 4294967295).
Redistribute connected routes Redistribute routes to networks which are directly connected to the
M!DGE/MG102i router.
Redistribute local routes Redistribute routes from the M!DGE/MG102i router’s own routing
table.
Redistribute OSPF routes Redistribute routes learned via the OSPF routing protocol.
73© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 74
Web Configuration
Disable when redundancy backup Disables the BGP protocol when the router is set to slave mode by
the VRRP redundancy protocol.
The neighbors tab is used to configure all the BGP routers to peer with.
IP address IP address of the peer router.
As number Autonomous system number of the peer router (available range 1 - 4294967295).
Password Password for authentication with the peer router. If left blank authentication is disabled.
Multihop Allow multiple hops between this router and the peer router instead of requiring the
peer to be directly connected.
The Networks tab allows to add IP network prefixes that shall be distributed via BGP in addition to the
networks that are redistributed from other sources as defined on the general tab.
Prefix Prefix of the network to be distributed.
Prefix length Length of the prefix to be distributed.
7.3.6. OSPF
The OSPF tab allows the M!DGE/MG102i router to be added to a network of OSPF routers.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.74
Page 75
Web Configuration
OSPF status Specifies whether the OSPF routing protocol is active.
Redistribute connected routes Redistribute routes to networks which are directly connected to the
M!DGE/MG102i router.
Redistribute local routes Redistribute routes from the M!DGE/MG102i router’s own routing
table.
Redistribute BGP routes Redistribute routes learned via the BGP routing protocol.
Redistribute default route Redistribute the routers default route.
Disable when redundancy backup Disables the OSPF protocol when the router is set to slave mode
by the VRRP redundancy protocol.
The interfaces tab is used to define OSPF specific settings for the IP interfaces of the router. If no
settings are defined for a specific interface, default settings will be used.
Interface The name of the interface for which settings shall be defined.
Authentication The authentication protocol to be used on the interface to authenticate OSPF
packets.
75© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 76
Web Configuration
Key The key to be used for authentication.
Key ID The ID of the key to be used for authentication (1-255).
Cost The cost for sending packets via this interface. If not specified or set to 0, OSPF
defaults are used.
Passive Do not send out OSPF packets on this interface.
The networks tab defines the IP networks to be handled in OSPF as well as to which routing area they
belong.
Prefix Prefix of the network.
Prefix length Length of the prefix.
Area Routing area to which this interface belongs (0-65535, 0 means backbone).
7.3.7. Mobile IP
Mobile IP (MIP) can be used to enable a seamless switch between different WAN technologies.
Note
A valid license key is required for running Mobile IP.
It boasts with very small outages during switchover while keeping all IP sessions alive which is being
accomplished by communicating with the static public IP address of a home agent which will encapsulate
the packets and send them further to the router. Switching works by telling the home agent that the
hotlink address has changed, the agent will then re-route (that means encapsulate the packets with
the new target address) the packets transparently down to the box.
Our implementation supports RFC 3344, 5177, 3024 and 3519 and interoperability with Cisco has been
verified. However, M!DGE/MG102i routers can run as node and home agent which makes them able
to replace expensive kits in the backbone for smaller scenarios.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.76
Page 77
Web Configuration
If MIP is run as the Mobile node, the following settings can be configured:
Primary home agent address: The address of the primary home agent
Secondary home agent address: The address of the secondary (fallback) home agent
Home address: The permanent home address of the node which can be used to
address the box
SPI: The Security Parameter Index (SPI) identifying the security context
between a pair of nodes (represented in 8 chars hex)
Authentication type: The used authentication, can be prefix-suffix-md5 or hmac-md5
Shared secret: The shared secret used for authentication, can be a 128-bit hex or
ASCII string
Life time: The lifetime of security associations in seconds
MTU: Maximum transmission unit in bytes
UDP encapsulation: Specifies whether UDP encapsulation shall be used
Mobile network address: Optionally specifies a subnet which should be routed to the box
Mobile network mask: The netmask for the optional routed network
77© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 78
Web Configuration
If MIP is run as home agent, you will have to set up a home address and netmask first and configure
various nodes afterwards which are made up of the following settings:
SPI The home address of the network
Authentication type The mask for the home network.
Shared secret The shared secret used for the mobile node authentication at the home
agent. This can be either a 128-bit hexadecimal value or a random length
ASCII string.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.78
Page 79
Web Configuration
7.3.8. Quality of Service (QoS)
M!DGE/MG102i routers are able to prioritize and shape certain kinds of IP traffic. This is currently limited
on egress, which means that only outgoing traffic can be stipulated. The current QoS solution is using
Stochastic Fairness Queueing (SFQ) classes in combination with Hierarchy Token Bucket (HTB) qdiscs.
Its principle of operation can be summarized as ceiling the max. throughput per link and shaping traffic
by reflecting the specified queue priorities. In general, the lowest priority number of a queue gets most
out of the available bandwidth.
In case of demands for other class or qdisc algorithms please contact our support team in order to
evaluate the best approach for your application.
QoS Administration
The administration page can be used to enable and disable QoS.
QoS Classification
The classification section can be used to define the WAN interfaces on which QoS should be active.
Interface: The WAN interface on which QoS should be active.
Bandwidth congestion: The bandwidth congestion method. In case of the auto option, the
system will try to apply limits in a best-effort way. However, it is suggested to set fixed bandwidth limits as they also offer a way of tuning
the QoS behaviour.
79© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 80
Web Configuration
Upstream bandwidth: The available bandwidth for outgoing traffic.
IP to ping (primary) An IP, which answers ICMP echo requests to determine the bandwidth
of the link.
IP to ping (secondary) An IP, which answers ICMP echo requests to determine the bandwidth
of the link.
When defining limits, you should consider bandwidth limits which are at least possible as most shaping
and queues algorithms will not work correctly if the specified limits cannot be achieved. In particular,
any WWAN interfaces operating in a mobile environment are suffering variable bandwidths, thus rather
lower values should be used.
In case an interface has been activated, the system will automatically create the following queues:
high: A high priority queue which may hold any latency-critical services (such as VoIP).
default: A default queue which will handle all other services.
low: A low priority queue which may hold less-critical services for which shaping is intended.
Each queue can be configured as follows:
Name: The name of the QoS queue.
Priority: A numerical priority for the queue, lower values indicate higher priorities.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.80
Page 81
Web Configuration
Bandwidth: The maximum possible bandwidth for this queue in casethe total bandwidth of all queues
exceeds the set upstream bandwidth of "QoS Interface Parameters".
Set TOS The TOS/DiffServ value to set on matching packets.
You can now configure and assign any services to each queue. The following parameters apply:
Interface: The QoS interface of the queue
Queue: The QoS queue to which this service shall be assigned
Source: Specifies a network address and netmask used to match the source address
of packets
Destination: Specifies a network address and netmask used to match the destination (target)
address of packets
Protocol: Specifies the protocol for packets to be matched
Type of Service: Specifies the ToS/DiffServ for packets to be matched
7.4. FIREWALL
This router uses Linux’s netfilter/iptables firewall framework (see http://www.netfilter.org for more information). It is set up of a range of rules which control each packet’s permission to pass the router.
Packets, not matching any of the rules, are allowed by default.
81© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 82
Web Configuration
7.4.1. Firewall
Administration
The administration page can be used to enable and disable firewalling. When turning it on, a shortcut
can be used to generate a predefined set of rules which allow administration (over HTTP, HTTPS, SSH
or TELNET) by default but block any other packets coming from the WAN interface. Please note that
the specified rules are processed by order, that means, traversing the list from top to bottom until a
matching rule is found. If there is no matching rule found, the packet is allowed.
Administrative status: Enable or disable packet filtering.
Allow WAN administration: This option will predefine the rules for services on the WAN link as
follows (TCP ports 80, 443, 22 and 23):
Address / Port Groups
This menu can be used to form address or port groups which can be later used for firewall rules in order
to reduce the number of rules.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.82
Page 83
Add Firewall Rule
Web Configuration
Description: A meaningful description about the purpose of this rule.
Action: Whether the packets of this rule should be allowed or denied.
Log matches Throw a syslog message if rule matches.
Incoming interface: The Interface on which matching packets are received.
Outgoing interface: The interface on which matching packets are received.
Source: Source address of matching packets. Possible values are "ANY", "LOCAL"
(addressed to the system itself), "Group" or "Specify" (specified by an
address/netmask).
Destination: The destination address of matching packets, can be "ANY", "LOCAL"
(addressed ... itself), "Group" or "Specify (specified by address/netmask).
Protocol: Used IP protocol of matching packets.
Destination port(s): Destination port of matching packets. You can specify a single port or a
range of ports here. Note that protocol must be set to UDP/TCP when
using port filters.
Transparent Firewall
M!DGE/MG102i can be configured with its Ethernet interfaces being bridged. In this case, the transparent
firewall functionality can be configured to limit reachability of individual hosts connected to
M!DGE/MG102i based on their MAC addresses, i.e. units connected to ETH1 cannot communicate to
units connected to ETH2.
83© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 84
Web Configuration
7.4.2. NAPT
This page allows setting of the options for Network Address and Port Translation (NAPT). NAPT
translates IP addresses or TCP/UDP ports and enables communication between hosts on a private
network and hosts on a public network. It generally allows a single public IP address to be used by
many hosts from the private LAN network.
Administration
The administration page lets you specify the interfaces on which masquerading will be performed. NAT
will hereby use the address of the selected interface and choose a random source port for outgoing
connections and thus enables communication between hosts from a private local area network towards
hosts on the public network.
Interface The outgoing interface on which connections will be masqueraded.
Source address The source address or network from which matching packets are masqueraded.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.84
Page 85
Web Configuration
Inbound Rules
Inbound rules can be used to modify the target section of IP packets and, for instance, forward a service
or port to an internal host. By doing so, you can expose that service and make it available from the Internet. You may also establish 1:1 NAT mapping for a single host using additional outbound rules.
Note
The rules are processed by order, that means, traversing the list from top to bottom until a
matching rule is found. If there is no matching rule found, the packet will pass as is.
Description: A meaningful rule description
Incoming interface: Interface from which matching packets are received
Source The source address or network from which matching packets are received.
Map: Choosing whether the rule applies to the host or to the network.
Target address: Destination address of matching packets (optional)
Target port(s): Used UDP/TCP port range of matching packets
Redirect to: Address to which matching packets will be redirected
Redirect port: Port to which matching packets will be targeted
Outbound Rules
Outbound rules will modify the source section of IP packets and can be used to establish 1:1 NAT
mappings but also to redirect packets to a specific service.
85© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 86
Web Configuration
Description: A meaningful description of this rule
Map: Choosing whether the rule applies to the host or to the network.
Outging interface: Outgoing interface on which matching packets are leaving the router
Target The target address or network to which matching packets are
destined.
Source address/ports: Source address/ports of matching packets (if Map is set to "host")
Source network/netmask: Source network/netmask of matching packets (if Map is set to
"network")
Rewrite to address/port: Address/port to which the source address/port of matching packets
will be rewritten to
Rewrite to network/netmask: Network/netmask to which the source network/netmask of matching
packets will be rewritten to
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.86
Page 87
Web Configuration
7.5. VPN
7.5.1. OpenVPN
Administration
OpenVPN administrative status: Enable or disable OpenVPN.
Restart on link change: If checked, the tunnel is restarted whenever any link changes the
status.
Multipath TCP Enables OpenVPN multipath TCP support.
If enabled, OpenVPN client configurations will be started whenever a WAN link has been established.
Server configuration will be started immediately after after the bootup.
Tunnel Configuration
The router supports a single server tunnel and up to 4 client tunnels. You can specify tunnel parameters
in standard configuration or upload an expert mode file which has been created in advance. Refer to
section the section called “Client Management” to learn more about how to manage clients and generate
the files.
Operation mode: Choose the client or server mode for this tunnel
Note
M!DGE/MG102i can be running up to 4 OpenVPN tunnels in the Client mode, but only one
tunnel in the Server mode.
87© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 88
Web Configuration
Client Mode
Peer selection: Specifies how the remote peer shall be selected, besides a single server you
may configure multiple servers which can , in case of failures, either be selected sequentially (i.e. failover) or randomly (i.e. load balancing).
Server The remote server address or hostname
Port The remote server port (1194 by default)
Interface type: The VPN device type which can be either TUN (typically used for routed
connections) or TAP (used for bridged networks)
Protocol: The OpenVPN tunnel protocol to be used.
Network mode: Defines how the packets should be forwarded, can be routed or bridged from
or to a particular interface. You can also set the MTU for the tunnel.
Authentication: You can choose between credential-based (where you have to specify a
username and password) and certificate-based options. Note that keys/certificates have to be created in the SYSTEM -> Keys & Certificates menu. You
may also upload files which you have generated on your host system.
HMAC digest: HMAC is commonly used message authentication algorithm (MAC) that uses
a data string, a secure has algorithm, and a key, to produce a digital signature.
OpenVPN's HMAC usage is to first encrypt a packet, then HMAC the resulting
ciphertext. If OpenVPN receives a packet with a bad HMAC, it drops this
packet. HMAC usually adds 16 or 20 Bytes per packet.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.88
Page 89
Web Configuration
Encryption: Required cipher mechanism used for encryption.
Use compression: Enable or disable OpenVPN compression.
Use keepalive: Can be used to send a periodic keep alive packet in order to keep the tunnel
up despite inactivity.
Redirect gateway: By redirecting the gateway, all packets will be directed to the VPN tunnel.
Please ensure that essential services (such as DNS or NTP servers) can be
reached via the network behind the tunnel. If in doubt, create an extra static
route pointing to the correct interface.
Negotiate DNS If enabled, the system will use the nameservers which have been negotiated
over the tunnel.
Allow duplicates Allow multiple clients with the same common name to concurrently connect.
Verify certs Check peer certificate against local CRL.
Server Mode
A server tunnel typically requires the following files:
• server.conf (OpenVPN configuration file),
• ca.crt (root certificate file),
• server.crt (certificate file),
• server.key (private key file),
89© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 90
Web Configuration
• dh1024.pem (Diffie Hellman parameters file),
• a directory (with default name “ccd”) containing client-specific configuration files.
Important
OpenVPN tunnels require a correct system time. Please ensure that all NTP servers are
reachable. When using host names, a working DNS server is required as well.
Client Management
Once you have successfully set up an OpenVPN server tunnel, you can manage and enable clients
connecting to your service. Currently connected clients can be seen on this page, including the connect
time and IP address. You may kick connected clients by disabling them.
In the Networking section you can specify a fixed tunnel endpoint address for each client. Please note
that, if you intend to use a fixed address for a particular client, you would have to apply fixed addresses
to the other ones as well.
You may specify the network behind the clients as well as the routes to be pushed to each client. This
can be useful for routing purposes, e.g. in case you want to redirect traffic for particular networks towards
the server. Routing between the clients is generally not allowed but you can enable it if desired.
Finally, you can generate and download all expert mode files for enabled clients which can be used to
easily populate each client.
Operating in server mode with certificates, it is possible to block a specific client by revoking a possibly
stolen client certificate (see Keys & Certificates).
Note
The downloaded expert mode file needs to be unzipped and then individual client expert
files can be uploaded to the respective routers.
Note
See the OpenVPN configuration1example in our Application notes.
1
http://www.racom.eu/eng/products/m/midge/app/vpn/OpenVPN.html
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.90
Page 91
Web Configuration
7.5.2. IPsec
IPsec is a protocol suite for securing IP communications by authenticating and encrypting each packet
of a communication session and thus establishing a secure virtual private network.
IPsec includes various cryptographic protocols and ciphers for key exchange and data encryption and
can be seen as one of the strongest VPN technologies in terms of security.
It uses the following mechanisms:
AH Authentication Headers (AH) provide connectionless integrity and data origin authentication for
IP datagrams and ensure protection against replay attacks.
ESP Encapsulating Security Payloads (ESP) provide confidentiality, data-origin authentication, con-
nectionless integrity, an anti-replay service and limited traffic-flow confidentiality.
SA Security Associations (SA) provide a secure channel and a bundle of algorithms that provide the
parameters necessary to operate the AH and/or ESP operations. The Internet Security Association
Key Management Protocol (ISAKMP) provides a framework for authenticated key exchange.
Negotiating keys for encryption and authentication is generally done by the Internet Key Exchange
protocol (IKE) which consists of two phases:
IKE phase 1 IKE authenticates the peer during this phase for setting up an ISAKMP secure asso-
ciation. This can be carried out by either using main or aggressive mode. The main
mode approach utilizes the Diffie-Hellman key exchange and authentication is always
encrypted with the negotiated key. The aggressive mode just uses hashes of the preshared key and therefore represents a lesssecure mechanism which should generally
be avoided as it is prone to dictionary attacks.
IKE phase 2 IKE finally negotiates IPSec SA parameters and keys and sets up matching IPSec
SAs in the peers which is required for AH/ESP later on.
Administration
IPsec administrative status: Enable or disable IPsec
Propose NAT Traversal: NAT-Traversal is mainly used for connections which traverse a path
where a router modifies the IP address/port of packets. It encapsulates packets in UDP and therefore requires a slight overhead which
has to be taken into account when running over smallsized MTU
interfaces.
91© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 92
Web Configuration
Restart on link change: If checked, the tunnel is restarted whenever any link changes the
status.
Note
Running NAT-Traversal makes IKE using UDP port 4500 rather than 500 which has to be
taken into account when setting up firewall rules.
Configuration
General
Remote peer address: The IPsec peer/responder/server IP address or host name
Administrative status: Enable or disable Dead Peer Detection. DPD will detect any broken
IPSec connection, in particular the ISAKMP tunnel, and refresh the
corresponding SAs (Security Associations) and SPIs (Security Payload
Identifiers) for a faster tunnel re-establishment.
Detection cycle: Set the delay (in seconds) between Dead Peer Detection (RFC 3706)
keepalives (R_U_THERE, R_U_THERE_ACK) that are sent for this
connection (default 30 seconds)
Failure threshold: The number of unanswered DPD R_U_THERE requests until the IPsec
peer is considered dead (the router will then try to re-establish a dead
connection automatically)
Action: The action when a DPD enabled peer is declared dead. Hold (default)
means the eroute is put into the hold status, while clear means the
eroute and SA will both be cleared. Restart means that the SA will be
immediately renegotiated.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.92
Page 93
IKE Proposal
Web Configuration
RACOM routers support IKEv1 or IKEv2 authentication via the pre-shared keys (PSK) or certificates
within a public key infrastructure.
Using PSK requires the following settings:
PSK: The pre-shared key used
Local ID Type: The identification type for the local router which can be FQDN,
username@FQDN or IP address
Local ID: The local ID value
Peer ID type: The identification type for the remote router
Peer ID: The peer ID value
Note
When using certificates you would need to specify the
Operation mode. When run as the PKI client you can
create a Certificate Signing Request (CSR) in the certificates section which needs to be submitted at your
93© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 94
Web Configuration
Certificate Authority and imported to the router afterwards. In the PKI server mode the router represents the
Certificate Authority and issues the certificates for remote
peers.
Negotiation mode: Choose the negotiation mode (main, aggressive). The aggressive
mode has to be used when dealing with dynamic endpoint addresses, but it is referred to be less secure compared to the main
mode as it reveals your identity to an eavesdropper.
Encryption algorithm: The IKE encryption method (3DES, AES128, AES192, AES256)
Authentication algorithm: The IKE authentication method (MD5, SHA1, SHA2-256)
IKE Diffie-Hellman group: The IKE Diffie-Hellman group (2, 5 and 16-21)
SA life time: The Security Association lifetime
Perfect forward secrecy (PFS): This feature heavily increases security as PFS avoids penetration
of the key-exchange protocol and prevents compromising the keys
negotiated earlier.
Using Public Key Infrastructure requires similar settings, but the Operation mode must be configured.
Operation mode
Mode can be set either to "server" or "client". As a "server" and once you have successfully set up an
IPsec tunnel, you can manage and enable clients connecting to your service. It is possible to generate
and download expert mode files for enabled clients which can be used to easily populate each client.
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.94
Page 95
IPsec Proposal
Web Configuration
Encapsulation mode: Only the tunnel encapsulation mode is enabled
IPsec protocol: Only the ESP IPsec protocol is enabled
Encryption algorithm: The IKE encryption method (3DES, AES128, AES192, AES256,
blowfish128, 192 and 256)
Authentication algorithm: The IKE authentication method (MD5, SHA1, SHA256, SHA384,
SHA512)
SA life time: The Security Association lifetime in seconds
Perfect forward secrecy (PFS) Specifies whether Perfect Forward Secrecy (PFS) should be used.
This feature increases security as PFS avoids penetration of the
key-exchange protocol and prevents compromisation of previous
keys.
Force encapsulation: Force UDP encapsulation for ESP packets even if no NAT situation
is detected.
Networks
95© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 96
Web Configuration
When creating Security Associations, IPsec keeps track of routed networks within the tunnel. Packets
are only transmitted when a valid SA with the matching source and destination network is present.
Therefore, you may need to specify the networks behind the endpoints by applying the following settings:
Local network address: The address of your Local Area Network (LAN)
Local network mask: The netmask of your LAN
Peer network address: The address of the remote network behind the peer
Peer network mask: The netmask of the remote network behind the peer
NAT address: Optionally, you can apply NAT (masquerading) for packets coming
from a different local network. The NAT address must reside in the
network previously specified as the local network.
Note
Since the firmware 3.7.40.103, the maximum number of networks for individual IPsec tunnels
has increased from 4 to 10.
Note
See the IPsec configuration example2in our Application notes.
7.5.3. PPTP
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks
between two hosts. PPTP is easy to configure and widely deployed amongst Microsoft Dial-up networking
servers. However, due to its weak encryption algorithms, it is nowadays considered insecure but it still
provides a straightforward way for establishing tunnels. When setting up a PPTP tunnel, you would
need to choose between server or client.
2
http://www.racom.eu/eng/products/m/midge/app/vpn/IPsec.html
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.96
Page 97
Web Configuration
Listen address: Specifies on which IP address should be listened for incoming client
connections
Server address: The server address within the tunnel
Client address range: Specifies a range of IP addresses assigned to each client
Username/password: The common username/password configuration
Once configured, individual clients can be configured with different credentials and IP addresses.
97© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 98
Web Configuration
A client tunnel requires the following parameters to be set:
Server address: The address of the remote server
Username: The username used for authentication
Password: The password used for authentication
7.5.4. GRE
The Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety
of network layer protocols inside virtual point-to-point links over IP. GRE is defined in RFC 1701, 1702
and 2784. It does not provide encryption nor authorization but can be used on an address-basis on
top of other VPN techniques (such as IPsec) for tunneling purposes.
The following parameters are required for setting up a tunnel:
Peer address The remote peer IP address
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.98
Page 99
Web Configuration
Interface type The device type for this tunnel. If "tap" device is chosen, another paramet-
er "Bridge interface" must be configured with one LAN port.
Local tunnel address The local IP address of the tunnel
Local tunnel netmask The local subnet mask of the tunnel
Remote network The remote network address of the tunnel
Remote netmask The remote subnet mask of the tunnel
In general, the local tunnel address/netmask should not conflict with any other interface addresses.
The remote network/netmask will result in an additional route entry in order to control which packets
should be encapsulated and transferred over the tunnel.
7.5.5. Dial-in Server
On this page you can configure the Dial-in server in order to establish a data connection over GSM
calls. Thus, one would generally apply a required service type of 2G-only, so that the modem registers
to GSM only. Naturally, a concurrent use of mobile Dial-Out and Dial-In connection is not possible.
Note
The Dial-in Server is not supported by the M!DGE/MG102i LTE hardware.
Administrative status Enabled/disabled - incoming call shall be /shall not be answered
Modem Specifies the modem on which calls can come in
Address range start: Start address of range of clients connecting to the dial-in server
Address range size: Number of client addresses connecting to the server
Dial-in operational status: Shows the current status of the connection
Besides the admin account you can configure further users in the user accounts section. which shall
be allowed to dial-in. Please note that Dial-In connections are generally discouraged. As they are implemented as GSM voice calls, they suffer from unreliability and poor bandwidth.
99© RACOM s.r.o. – MG102iGPRS/UMTS/HSPA+/LTE router
Page 100
Web Configuration
7.6. SERVICES
7.6.1. SDK
RACOM routers are shipping with a Software Development Kit (SDK) which offers a simple and fast
way to implement customer-specific functions and applications. It consists of:
1. An SDK host which defines the runtime environment (a so-called sandbox), that is, controlling
access to system resources (such as memory, storage and CPU) and, by doing so, catering for
the right scalability.
2. An interpreter language called arena, a light-weight scripting language optimized for embedded
systems, which uses a syntax similar to ANSI-C but adds support for exceptions, automatic memory
management and runtime polymorphism on top of that.
3. A RACOM-specific Application Programming Interface (API), which ships with a comprehensive
set of functions for accessing hardware interfaces (e.g. digital IO ports, GPS, external storage
media, serial ports) but also for retrieving system status parameters, sending E-Mail or SMS
messages or simply just to configure the router.
Anyone, reasonably experienced in the C language, will find an environment that is easy to dig in.
However, feel free to contact us via <support@racom.eu> and we will happily support you in finding
a programming solution to your specific problem.
The Language
The arena scripting language offers a broad range of POSIX functions (like printf or open) and provides,
together with tailor-made API functions, a simple platform for implementing any sort of applications to
interconnect your favourite device or service with the router.
Here comes a short example:
/* This script prints short status and if the SMS section is setted properly, the status ►
will be send even to your mobile phone :-)
*/
printf("------------------------------");
printf("\n\n");
printf(nb_status_summary(all));
printf("\n\n");
printf("------------------------------");
/* Please change the following number to your mobile phone number
*/
nb_sms_send("+420123456789", nb_status_summary(all));
A set of example scripts can be downloaded directly from the router, you can find a list of them in the
appendix. The manual at menu SERVICES-Administration-Troubleshooting-SDK API gives a detailed
introduction of the language, including a description of all available functions.
SDK API Functions
The current range of API functions can be used to implement the following features:
MG102iGPRS/UMTS/HSPA+/LTE router – © RACOM s.r.o.100
Loading...