Westermo MRD-3x0 User Manual

Web configuration

reference guide

6623-3201

MRD-310

MRD-330

Westermo Teleindustri AB • 2008

©

3G Cellular Modem / Router

Web configuration reference guide

www.westermo.com

2 6623-3201

Table of Contents

1   Basic Configuration ...................... 4

1.1   Configure the 3G Wireless interface .. 4

1.1.1  Network Configuration .......................... 5

1.1.2  Setting the SIM card PIN ........................ 5

1.1.3  Adding a Network 

  Connection Profile ...................................6

1.1.4  Enable the Wireless Connection .......... 9

1.1.5  Checking the Status of the 

  Connection ..............................................10

1.2   Configure the LAN interface and 

  DHCP Server .......................................... 12

1.2.1  Setting the IP Address ...........................12

1.2.2  Enabling DHCP ....................................... 12

1.3   Configure clients to use the 

  MRD-3xx ..................................................14

2   System Administration .............. 15

2.1   Administration ........................................15

2.2   System Information ................................17

2.3   Configuration Backup & Restore .......18

2.4   Firmware Upgrade ................................. 20

2.5   SNMP ........................................................22

2.6   GPIO .........................................................23

3   Wireless Interface Configuration 24

3.1   Network Configuration ........................25

3.1.1  Wireless Operating Mode ...................26

3.1.2  Operating Frequency Band .................. 27

3.1.3  Setting the SIM card PIN ...................... 27

3.2   Packet Mode Configuration ................. 29

3.2.1  Adding a Network Connection 

  Profile ........................................................29

3.2.2  Deleting a Profile....................................32

3.2.3  Editing a Profile .......................................33

3.2.4  Enable the Wireless Connection ........ 34

3.2.5  Checking the Status of the 

  Connection ..............................................35

3.3   Connection Management .....................39

3.3.1  Connection Establishment ................... 40

3.3.2  Connection Maintenance .....................42

3.3.3  Remote Poll Setup .................................43

3.3.4  Miscellaneous Options ..........................44

3.3.5  Connect on Demand ............................45

3.4   Circuit Switched Data (CSD) Mode..45

3.4.1  CSD Single Port......................................46

3.4.2  CSD Multiplexed .................................... 47

3.5   SMS Triggers ............................................50

3.5.1  Trigger configuration ............................. 50

3.5.2  Access Control .......................................52

3.5.2.1 Example: Default policy accept.........53

3.5.2.2 Example: Default policy to Drop .....54

4   Network ...................................... 56

4.1   LAN Interface .........................................56

4.1.1  Changing the IP Settings of the 

  LAN Interface .........................................56

4.1.2  Disabling the LAN Interface ................ 58

4.2   DHCP Server Configuration ...............59

4.3   Configuring clients to use the 

  MRD-3xx ..................................................60

4.4   Domain Name System (DNS) ............61

4.4.1  DNS Proxy ..............................................61

4.4.2  Manual DNS Configuration .................62

4.4.3  Dynamic DNS Client Configuration.. 62

5   Firewall ........................................ 64

5.1   Firewall Setup ..........................................64

5.1.1  Network Address and 

  Port Translation (NAPT) ......................65

5.1.2   Stateful Packet Inspection (SPI) ......... 65

5.1.3  Connection tracking options...............66

5.2   Access Control .......................................67

5.2.1  Accessing unit services from the 

  wireless port or VPN tunnels .............68

5.3   DoS Filters ............................................... 69

5.3.1  Enabling the Denial of Service filters 70

5.4   Custom Filters ........................................71

5.4.1  Description ..............................................71

5.4.2  New Custom Filter Options ...............72

5.4.3  Adding a new custom filter .................75

36623-3201

5.4.4  Editing a Custom Filter ......................... 79

5.4.5  Deleting a Custom Filter...................... 81

5.5   Port Forwarding .....................................83

5.5.1  Port Forward Options ..........................84

5.5.2  Adding a new port forward .................86

5.5.3  Editing a port forward .......................... 89

5.5.4  Deleting a port forward .......................91

5.6   Custom NAT ...........................................93

5.6.1  Description ..............................................93

5.6.2  Custom NAT Options ..........................94

5.6.3  Adding a new custom NAT .................97

5.6.4  Editing a Custom NAT .......................100

5.6.5  Deleting a Custom NAT ....................102

6   Virtual Private Network (VPN) 104

6.1   Secure Sockets Layer (SSL) VPN. ......105

6.1.1  SSL VPN Configuration .......................106

6.1.2  Connecting to a VPN Server .............110

6.2   Internet Protocol Security 

  (IPsec) VPN ............................................115

6.2.1  General IPsec Configuration .............115

6.2.2  Adding an IPsec Tunnel .......................118

6.2.3  IPsec Configuration Example.............130

6.3   PPTP and L2TP .....................................138

6.3.1  Point-to-Point-Tunneling-Protocol ...138

6.3.2  Layer 2 Tunnel Protocol ......................139

6.3.3  PPTP and L2TP Configuration ..........140

6.3.4  Add a PPTP or L2TP Tunnel ..............141

6.3.5  PPTP Configuration Example ............143

6.4   Multiple VPN Tunnels ...........................147

6.5   Certificate Management .....................148

6.5.1  Add a Certificate ..................................149

6.5.2  Checking the Certificate Details ......151

6.5.3  Adding Further Certificates...............152

6.5.4  Deleting a Certificate ..........................154

7.2.2  Packet framer settings ........................160

7.3   Raw TCP Client/Server .......................162

7.3.1  Description ............................................162

7.3.2  Selecting the port function ................162

7.3.3  Configuring the port function ...........163

7.4   Raw UDP ...............................................166

7.4.1  Description ............................................166

7.4.2  Selecting the port function ................166

7.4.3  Configuring the port function ...........167

7.5   Unit Emulator .......................................169

7.5.1  Description ............................................169

7.5.2  Selecting the port function ................169

7.5.3  Configuring the port function ...........170

7.6   DNP3 IP-Serial Gateway ....................174

7.6.1  Description ............................................174

7.6.2  Selecting the port function ................175

7.6.3  Configuring the port function ...........176

7.7   Modbus IP-Serial Gateway .................180

7.7.1  Description ............................................180

7.7.2  Selecting the port function ................180

7.7.3  Configuring the port function ...........181

7.8   Telnet (RFC 2217) Server ..................183

7.8.1  Description ............................................183

7.8.2  Selecting the port function ................184

7.8.3  Configuring the port function ...........185

7.9   Phone Book ...........................................187

7.9.1  Description ............................................187

7.9.2  Phone Book Options ..........................188

7.9.3  Adding a new phone book entry .....189

7.9.4  Editing a phone book entry ...............192

7.9.5  Deleting a phone book entry ............193

8  AT Command set ..................... 195

7   Serial Server ............................. 156

7.1   Selecting a port function ....................156

7.2   Common configuration options .......158

7.2.1  Serial port settings ...............................158

4 6623-3201

1 Basic Configuration

The three sections below detail the steps needed to config­ure the MRD-3xx for basic packet mode functionality. For 
details on configuring the unit for Circuit Switched mode 
and for more advanced configuration refer to the Advanced 
Configuration section.

1.1 Configure the 3G Wireless interface

To access the configuration page for the 3G Wireless inter­face, click on Wireless. The Basic Wireless configuration page 
will be displayed as shown in Figure 1.

Figure 1: Wireless Interface Basic configuration.

56623-3201

1.1.1 Network Configuration

The Network Configuration section contains the settings for 
the operational mode and the frequency band of the unit, the 
default settings will usually be adequate to connect the unit to 
a packet based network.

1.1.2 Setting the SIM card PIN

The SIM card may have a PIN associated with it and may 
require the PIN to be entered before the unit can access the 
SIM. To set the SIM PIN click Setup. A dialog box as shown in

Figure 2 will be displayed.

Figure 2: SIM PIN control dialog.

Set the field marked Enter when requested to Yes and enter the 
PIN in the New PIN and Confirm PIN entry boxes. Then click 
the Set button to save the PIN.

Click "Set"
to complete

Figure 3: SIM PIN control dialog.

Set to "Yes"

Enter PIN in both
text boxes

6 6623-3201

1.1.3 Adding a Network Connection Profile

To access the wireless packet mode settings click on the 
Packet mode tab. The screen shown in Figure 4 will be displayed. 
The page shows the connection configuration details and is 
divided into two sections. The first section shows the current 
connection state and the selected profile and the second sec­tion lists the available profiles. A connection profile groups 
together the settings required to connect to a provider's 
network. The unit allows multiple profiles to be configured to 
allow quick changes to the network connection settings. For 
most applications only one profile is required.

Figure 4: Wireless Interface Packet mode settings

76623-3201

The 3G network provider will provide the items listed below 
which should be entered into the appropriate fields in the Add
new profile section as shown in Figure 5.

APN (Access Point Name)•
Dial string•
Authentication (None / PAP / CHAP)•
Username•
Password•

Note: In order to set a password click the check-box marked 
New. The password can now be entered in the text field. 
The password is visible as it is being typed so that it can be 
checked for errors prior to being set. Once set the password 
will no longer be visible.

Note: The provider may not supply a username and password 
if network authentication is not required. In this case set the 
Authentication to None, leave the username blank and do not 
set a password.

Enter APN

Enter dial string

Set Authentication

Enter username

Enter password

Click "Update" 
to save profile

Figure 5: Adding a new profile.

8 6623-3201

Once the data has been entered click the Update button 
to add the profile. The screen will now change to show the 
added profile as shown in Figure 6. As this is the only profile 
entered it will be automatically selected as the current profile 
and the profile entry will be shaded green to indicate that it is 
the selected profile.

Figure 6: Profile added and selected.

96623-3201

1.1.4 Enable the Wireless Connection

To complete the configuration of the wireless connection, set 
the Connection state to Always connect and click the Update 
button to save the changes. Once the changes have been set, 
the MRD-3xx will initiate a 3G connection. Connection will 
normally take up to 30 seconds. Figure 7 shows the completed 
wireless configuration.

Figure 7: Completed wireless configuration.

10 6623-3201

1.1.5 Checking the Status of the Connection

To check the status of the connection select Status from the 
top level menu and then select Wireless from the second level 
menu. The Wireless status page will be displayed which will 
look similar to that shown in Figure 8. The status of the con­nection will change as the unit connects to the network, first 
it will report Checking then Connecting and finally Connected. To 
see the value changing the page will need to reload.

Figure 8: Wireless Status page.

Note: If the status is reported as Error then check that the 
profile settings have been entered correctly as shown in 
Section 3.2.1
Once connected the Status Alarms page should have no faults 
listed as shown in Figure 9

116623-3201

Figure 9: Status alarm page.

12 6623-3201

1.2 Configure the LAN interface and DHCP Server

To access the configuration page for the LAN interface and 
DHCP Server, select Network from the top level menu and

LAN from the sub menu. The LAN interface screen similar to 
Figure 10 will be shown.

Figure 10: LAN interface configuration.

1.2.1 Setting the IP Address

If it is desired to change the IP address of the LAN port, fol­low the steps below:

Enter the new IP address and netmask in the •
Interface Configuration table.
Click • Update to set the changes. Once the changes 
have been set, the IP address of the MRD-3xx Unit 
will change. Enter the new address in the browser 
on the PC. It will be necessary to login again, follow­ing the procedure described in the previous section.

1.2.2 Enabling DHCP

The DHCP server allows clients on the local network to 
be automatically allocated IP addresses from the MRD-310. 
The unit will also provide the clients with network settings 
like their default route and DNS servers. By default the 
DHCP server is disabled but if enabled it will be configured

136623-3201

to serve IP addresses in the range 192.168.2.210 through 

192.168.2.240, and the Default and Maximum lease times have 
been set to 1440 minutes. So if these values are consistent 
with the network that the MRD-310 is connected to, then the 
DHCP can be enabled by setting the Enabled field to Yes and 
clicking the Update button. 
If the standard settings are not applicable for the connected 
network, then refer to Figure 11 and follow the steps below, 
to configure the DHCP server:

Figure 11: DHCP configuration.

Set to "Yes" to 
enable DHCP server

Set the DHCP 
IP address range

Set the DHCP 
lease times

Click "Update" 
to save changes

Choose a group of available IP addresses on the •
local network. For example, if the IP address 
of the MRD-3xx is 192.168.2.200 with a net­mask of 255.255.255.0, a group chosen could be

192.168.2.210 to 192.168.2.240. This will provide 31 
addresses for clients.
Under the DHCP Server Configuration table, •

Set the o Enabled option to Yes.
Enter the first address of the group in the o
Start Address box.
Enter the last address of the group in the o
End Address box.
Enter a lease time for the o Default Lease
time.
Enter a lease time for the o Maximum Lease

time.

Click • Update to set the changes.

14 6623-3201

1.3 Configure clients to use the MRD-3xx

The MRD-3xx will act as a gateway for connections destined 
over the wireless interface. The default configuration will pro­vide Network Address Translation and firewalling to protect 
clients on the local network.

To configure clients to use the MRD-3xx as their gateway:

If the clients have a DHCP address allocated by the •
MRD-3xx, they will have learned the necessary set­tings. No further configuration is needed.
If clients have static IP addresses, set their default •
route and DNS server to the IP address of the 
MRD-3xx.

156623-3201

2 System Administration

The System Administration functions are accessed by selecting 
the System tab of the main menu.

2.1 Administration

To access the Administration features, select •
Administration from the System sub-menu, a page 
similar to that shown in Figure 12 will be displayed.

Figure 12: System Administration page.

16 6623-3201

The options available are:

Hostname •

Set the required hostname for the MRD-3xx.• 

Check time with NTP Server •

Set to Yes to synchronise the internal clock with a NTP 
server.

Timezone •

Specify the timezone for location of the MRD-3xx.

Manually set time •

Click button to set time manually.

Edit users and passwords •

Click button to edit users and passwords.

Timed reboot •

Specify a time in hours after which the MRD-3xx will 
automatically reboot. Set to 0 to disable automatic re­boot.

Reboot unit •

Click the Reboot button to immediately reboot the MRD­3xx.

176623-3201

2.2 System Information

The MRD-3xx System Information is accessed by selecting the 
System Information tab from the System sub-menu. An example 
of the System Information page is shown in Figure 13. The first 
section of the page lists the Model and serial number of the 
unit, plus the firmware and boot-loader version. The seconds 
part of the page lists the LAN MAC address the IMEI of the 
wireless module, wireless IMSI ant the wireless software ver­sion.

Figure 13: System Information page.

18 6623-3201

2.3 Configuration Backup & Restore

The configuration of the MRD-3xx can be saved as a file to a 
PC. This file can then be used to restore the configuration of 
the unit at some later time or used to configure multiple units 
with the same configuration. To access the configuration back­up restore options select Backup & Upgrade from the System 
sub-menu.  The Backup & Upgrade page will be displayed as 
shown in Figure 14.

Figure 14: Backup and Upgrade page.

To save the current configuration click on the link in the sec­tion titled Backup current configuration. A pop-up box similar to 
that shown in Figure 15 will be displayed, select Save to Disk 
and click OK and select a suitable location to save the file.

Figure 15: Save configuration.

196623-3201

To restore a configuration, click the Browse button in the sec­tion titled Restore a saved configuration select the configuration 
file, which should then be shown in the text box, as shown in 
Figure 16, click the Upload button to transfer the file to the 
MRD-3xx. Once the upload is complete, the MRD-3xx will 
need to be rebooted so the restored configuration can take 
affect. The details for performing a reboot can be found in the 
Administration section.

Figure 16: Restore configuration.

20 6623-3201

2.4 Firmware Upgrade

The MRD-3xx firmware can be upgraded via the web inter­face. To access the firmware upgrade page select Backup &
Upgrade from the System sub-menu, the Backup & Upgrade 
page will be displayed as shown in Figure 17.

Figure 17: Backup and Upgrade page.

To upgrade the MRD-3xx firmware click the Browse button in 
the section titled Upgrade MRD-3xx firmware then select the 
navigate to and select the upgrade file.

Figure 18: Select firmware upgrade file.

216623-3201

To upload the file to the MRD-3xx click the Upload button. 
The file will now be uploaded to the MRD-3xx  and, when it 
is complete, information on the upgrade file will be displayed, 
as shown in Figure 19. At this point the you can chose to can­cel the upgrade by clicking the Cancel Upgrade button.

Figure 19: Upload the upgrade file.

To proceed with the upgrade click the Upgrade button, the 
page will change to that shown in Figure 20. The firmware 
upgrade will now proceed.

Figure 20: Upload the upgrade file.

Note: The upgrade will take several minutes to complete 
after which the MRD-3xx will reboot, during this time the 
power to the MRD-3xx must not be removed.

22 6623-3201

2.5 SNMP

The MRD-3xx supports SNMP for network management of 
the unit. The SNMP configuration page can be accessed by 
selecting the SNMP tab of the System sub-menu.

Figure 21: The SNMP configuration page.

236623-3201

2.6 GPIO (MRD-330 only)

The MRD-330 has two general purpose digital inputs and two 
general purpose digital outputs, the options for these can be 
found by selecting GPIO on the System sub-menu.

Figure 22: The General Prupose I/O configutration page.

24 6623-3201

3 Wireless Interface Configuration

This section describes the 3G Wireless interface options of 
the MRD-3xx. The MRD-3xx supports two modes of opera­tion: packet mode and Circuit Switched Data (CSD) mode.

The Wireless menu contains the settings for the Wireless 
Interface. To display the settings, click on the Wireless tab on 
the top menu bar.

The subsections of the configuration are:

Network

Configure the operation mode, select the frequency band of 
operation and set the SIM PIN.

Packet mode

Configure the packet mode.

Connection Management

Advanced configuration of the network connection.

Circuit switched mode

Configure the circuit switched data mode.

SMS

Configure the Short Message Service (SMS) functionality of 
the unit.

Events

Configure the event reporting of the unit.

256623-3201

3.1 Network Configuration

The Wireless Network options are used to set the operat­ing mode, select the frequency band of operation and set the 
SIM PIN. To display the Network page select Wireless from the 
main menu, the Network page is the default page displayed, it 
should appear similar to that of Figure 23.

Figure 23: Wireless Network configuration.

26 6623-3201

3.1.1 Wireless Operating Mode

The MRD-3xx support two modes of operation, packet mode 
and Circuit Switched Data (CSD) mode. In packet mode the 
MRD-3xx acts as a TCP/IP unit and router, data can be routed 
between the LAN ports and the Wireless port and the serial 
server is used to interface the serial ports to the packet inter­face of the network. Circuit Switched Data mode is similar 
to tradition dial-up unit, in this mode one serial port of the 
MRD-3xx is connected to the Wireless interface, once con­nected all data coming into the Wireless port is directed to 
the serial port and all data received by the serial port is trans­mitted to the Wireless interface.

To set the mode of the MRD-3xx select Wireless from the 
main menu and Network from the Sub-menu then select either 
Packet mode (HSDPA/GPRS) or Circuit switched mode from 
the drop-down menu adjacent to Operating mode, once the 
mode has been selected click the Update button the commit 
the change. Figure 24 displays the MRD-3xx operating mode 
options.

Figure 24: Wireless Network operating mode options.

276623-3201

3.1.2 Operating Frequency Band

The MRD-3xx is capable of operating on several frequencies 
and using the GSM or UMTS (3G) protocols. By default the 
MRD-3xx is set to operate on all bands, this means that when 
powered on the MRD-3xx will start to search for available 
networks, when a network is found it will check if the SIM 
is valid for that network and if so attempt to connect to it. 
If it cannot connect to the network it will then move to the 
next network and try again. The search will start using UMTS 
(3G) if the network list is exhausted without finding a valid 
network the MRD-3xx will then attempt to connect using 
GSM. Using the options available for the frequency band it is 
possible to restrict the band and protocol search to a limited 
number, this may mean a quicker connection time and it also 
means that the MRD-3xx will not connect in an unexpected 
mode. Frequency band selection shows the available frequency 
band options.

3.1.3 Setting the SIM card PIN

The SIM card will have a PIN associated with it, if PIN check­ing is enabled on the SIM then in order for the unit to access 
the SIM, the PIN will need to be set in the unit. To set the 
SIM PIN click Setup a dialog box as shown in Figure 26 will be 
displayed.

Click "Set"
to complete

Set to "Yes"

Enter PIN in both
text boxes

Figure 26: SIM PIN control dialog.

28 6623-3201

Set the field marked Enter when requested to Yes and enter the 
PIN in the New PIN and Confirm PIN entry boxes. 
Then click the Set button to save the PIN.

Figure 27: SIM PIN control dialog.

296623-3201

3.2 Packet Mode Configuration

The packet mode options are described in this section.

3.2.1 Adding a Network Connection Profile

To access the wireless packet mode settings select Wireless 
from the main menu then select the Packet mode tab from the 
sub-menu, the screen shown in Figure 28 will be displayed. The 
page shows the connection configuration details and is divided 
into two sections. The first section shows the current connec­tion state and the selected profile. The second section lists the 
available profiles. To add a new profile, click Add a new profile 
and a screen similar to Figure 29 will be displayed.  A connec­tion profile groups together the settings required to connect 
to a provider's network, the MRD-3xx allows multiple pro­files to be configured to allow quick changes to the network 
connection settings. For most applications only one profile is 
required.

Figure 28: Wireless Interface Packet mode settings.

30 6623-3201

The 3G network provider will provide the items listed below 
which should be entered into the appropriate fields in the Add
new profile section as shown in Figure 29.

APN (Access Point Name)•
Dial string•
Authentication (None / PAP / CHAP)•
Username•
Password•

Figure 29: Adding a new profile.

Enter APN

Enter dial string

Set Authentication

Enter username

Enter password

Click "Update" 
to save profile

Note: In order to set a password click the check-box marked 
New, the password can now be entered in the text field. The 
password is visible as it is being typed so that it can be 
checked for errors prior to being set, once set the password 
will no longer be visible.

Note: The provider may not supply a username and password 
if network authentication is not required, in this case set the 
Authentication to None, leave the username blank and do not 
set a password.

Once the data has been entered click the Update button 
to add the profile. The screen will now change to show the 
added profile as shown in Figure 30, as this is the only profile 
entered it will be automatically selected as the current profile 
and the profile entry will be shaded green to indicate that it is 
the selected profile.