Page 1
wienet v3 configuration
Cellular router
USER MANUAL
Doc.-No. BA001039
Updatet: 08/2016 (Rev. A)
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 1
Page 2
Contens
COPYRIGHT
This document is copyright-protected. The rights derived from this cop-
NOTE
Every effort has been made to ensure that the information contained in
is described in the respective purchase contract.
AT.TS@wieland-electric.com
http://www.wieland-electric.com
yright are reserved for Wieland Electric GmbH. Reproduction of this
document or parts of this document is only permissible within the limits of the statutory provision of the Copyright Act. Any modification or
abridgment of the document is prohibited without the express written
agreement of Wieland Electric GmbH.
this document was complete and accurate at the time of publishing.
Nevertheless, the authors retain the right to modify the information.
This customer document describes all the hardware units and functions
known at the present time. Descriptions may be included for units
which are not present at the customer site. The exact scope of delivery
Conformity
Information
55Technical
support
Adress
For more information regarding CE marking and Declaration of Conformity (DoC), please contact your local Wieland Electric customer service organization.
Up-to-date information concerning the product is available from the following websites:
http://www.wieland-electric.com/
http://eshop.wieland-electric.com/
Technical support
Industrial Automation -Electronics
Hotline:
+49 951 / 93 24-995
E-Mail:
Wieland Electric GmbH
Brennerstraße 10-14
96052 Bamberg
Phone: +49 (0) 9 51 93 24-0
Fax: +49 (0) 9 51 93 24-198
E-mail: info@wieland-electric.com
http://eshop.wieland-electric.com
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 2
Page 3
About this manual
1 About this manual........................................................................................ 6
1.1 Target groups and qualification of personnel ........................................................ 6
1.2 Structure of the manual ......................................................................................... 6
1.3 Presentation of safety-relevant information .......................................................... 6
2 Basic Information ......................................................................................... 7
3 Access to the Web Configuration ................................................................ 8
3.1 Preventing the domain disagreement message .................................................... 9
4 Status ......................................................................................................... 10
4.1 General Status ..................................................................................................... 10
4.1.1 Mobile Connection................................................................................... 10
4.1.2 Primary LAN, Secondary LAN, Tertiary LAN, WiFi .................................. 10
4.1.3 Peripheral Ports........................................................................................ 11
4.1.4 System Information ................................................................................. 11
4.2 Mobile WAN Status ............................................................................................. 11
4.3 WiFi...................................................................................................................... 14
4.4 WiFi Scan ............................................................................................................. 14
4.5 Network Status .................................................................................................... 16
4.6 DHCP Status ........................................................................................................ 17
4.7 IPsec Status ......................................................................................................... 18
4.8 DynDNS status .................................................................................................... 19
4.9 System Log .......................................................................................................... 19
5 Contents of Package .................................................................................. 21
5.1 LAN Configuration ............................................................................................... 21
5.2 VRRP Configuration ............................................................................................. 26
5.3 Mobile WAN Configuration ................................................................................. 28
5.3.1 Connection to Mobile Network ............................................................... 28
5.3.2 DNS Address Configuration..................................................................... 29
5.3.3 Check Connection to Mobile Network Configuration.............................. 29
5.3.4 Data Limit Configuration .......................................................................... 30
5.3.5 Switch Between SIM Cards Configuration .............................................. 30
5.3.6 PPPoE Bridge Mode Configuration .......................................................... 32
5.4 PPPoE Configuration ........................................................................................... 34
5.5 WiFi Configuration ............................................................................................... 35
5.6 WLAN Configuration ........................................................................................... 38
5.7 Backup Routes ..................................................................................................... 39
5.8 Firewall Configuration ......................................................................................... 41
5.9 NAT Configuration ............................................................................................... 44
5.10 OpenVPN Tunnel Configuration .......................................................................... 47
5.11 IPsec Tunnel Configuration.................................................................................. 51
5.12 GRE Tunnels Configuration ................................................................................. 54
5.13 L2TP Tunnel Configuration .................................................................................. 56
5.14 PPTP Tunnel Configuration .................................................................................. 58
5.15 DynDNS Client Configuration .............................................................................. 60
5.16 NTP Client Configuration ..................................................................................... 60
5.17 SNMP Configuration ............................................................................................ 61
5.18 SMTP Configuration ............................................................................................ 63
5.19 SMS Configuration .............................................................................................. 64
5.19.1 Sending SMS ......................................................................................... 66
5.20 Expansion Port Configuration .............................................................................. 69
5.21 USB Port Configuration ....................................................................................... 72
5.22 Startup Script ....................................................................................................... 75
5.23 Up/Down Script ................................................................................................... 76
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 4
Page 4
About this manual
5.24 Automatic Update Configuration ......................................................................... 77
6 Customization ............................................................................................. 80
6.1 User Modules ....................................................................................................... 80
7 Administration ............................................................................................ 82
7.1 Users .................................................................................................................... 82
7.2 Change Profile ...................................................................................................... 83
7.3 Change Password ................................................................................................ 83
7.4 Set Real Time Clock ............................................................................................. 83
7.5 Set SMS Service Center Address ......................................................................... 84
7.6 Unlock SIM Card .................................................................................................. 84
7.7 Send SMS............................................................................................................. 85
7.8 Backup Configuration ........................................................................................... 85
7.9 Restore Configuration .......................................................................................... 85
7.10 Update Firmware .................................................................................................. 86
7.11 Reboot .................................................................................................................. 86
8 Configuration in Typ. Situations ................................................................. 87
8.1 Access to the Internet from LAN ......................................................................... 87
8.2 Backed Up Access to the Internet from LAN ....................................................... 89
8.3 Secure Networks Interconnection or Using VPN ................................................. 93
8.4 Serial Gateway ..................................................................................................... 95
9 Recommended Literature ........................................................................... 96
5 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 5
1 About this manual
Danger!
Warning!
Attention!
Note!
DANGER
ATTENTION
NOTE
About this manual
Please read this section carefully before you use this manual and the
all the information required for commissioning and operation.
wienet
Router from Wieland. Here you will find
1.1 Target groups and qualification of personnel
Commissioning and installation of components for such types of installations must be considered.
Therefore, the system manual is targeted at the following:
• Those who can verify that they have the corresponding training and already have corresponding basic knowledge
• System integrators
• Electricians
1.2 Structure of the manual
As a guidance the overall table of contents is available in the manual at the beginning.
1.3 Presentation of safety-relevant information
Information that warns of personal injury or property damage are emphasized by safety instructions. Please read this
information carefully.
This operating manual uses various safety notices that are assigned according to the severity of a potential hazard:
Immediate or likely danger. Personal injury or death is possible.
Possible danger. Not heeding this warning can lead to minor injuries.
Damages to property is likely if these warnings are not heeded.
Supplementary information and useful tips, indirectly related to the safety of personnel or property.
"Danger" or "Warning" are strictly used for cases which present a risk to life or limb. Damage to property
only falls into these categories if there is also a risk of personal injury that corresponds to these levels.
WARNING
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 6
Page 6
Basic Information
This Configuration Manual describes:
2 Basic Information
Cellular routers
HSPA+, UMTS, EDGE or GPRS technology. Data transfer speed is up to 100 Mbit/s (download) and up to
50 Mbit/s (upload). The router is an ideal solution for wireless connection of traffic and security camera
systems, individual computers, LANs, automatic teller machines (ATM), other self-service terminals, lifts
and other machines.
Standard equipment of the router: Two Ethernet 10/100 ports, one USB 2.0 Host port, two binary inputs and one output (I/O connector). Two readers for 3 V and 1.8 V SIM cards, memory card reader for
microSD cards – maximum capacity of inserted card can be 64 GB (32 GB in case of SDHC cards).
Optional equipment of the router: The router can be equipped with WiFi module on customer’s request
(it is not possible to add it to the router later in the future). Other possible interfaces are: Three ports
SWITCH, serial line RS232, combined serial line RS232-RS485/422, combined Ethernet and serial lines
with stronger insulation RS232-RS485-ETH. The Router is supplied in a metal casing, based on the requirements of the customer. For details see the router’s Technical manual.
Configuration possibilities: Statistics about the router activities, signal strength, detailed system log,
etc. Creation of VPN tunnels using technologies IPSec, OpenVPN and L2TP for secure communications.
Functions such as DHCP, NAT, NAT-T, DynDNS, NTP, VRRP, control by SMS, backup primary connection and many other. Automatic check of PPP connection offering an automatic restart feature in case of
connection fail, hardware watchdog monitoring the status of the router. It’s possible to insert Linux
scripts for various actions. Several different configurations for one LTE wireless router and the option to
switch between them (e.g. via SMS, binary input status, etc.). Automatic upgrade configuration and firmware update from server. This allows mass reconfiguration of many routers at one time.
Ways of configuration: Routers can be configured via web browser or Secure Shell (SSH). Configuration via Web Browser is described in this Configuration Manual. Commands and scripts applicable in
configuration via SSH are described in Commands and Scripts for v2 and v3 Routers – Application Note
[1]. The standard and optional equipment and technical parameters of your router can be found in the
User’s Manual of your router. You can use additional software – communication VPN server WIE-Service24 [2].
• Configuration of the router item by item according to the web interface (chapters 3 to 6).
• Examples of these typical configurations of the router (chapter 7):
– Access to the Internet from LAN (Local Area Network) via mobile network
– Backed up access to the Internet (from LAN)
– Secure networks interconnection or using VPN (Virtal Private Network)
– Serial Gateway (connection of serial devices to the Internet)
wienet
WR-LTE v3 SL are designed for communication in mobile networks using LTE,
7 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 7
Access to the Web Configuration
Attention!
192.168.1.1
HTTPS
root
root
ATTENTION
3 Access to the Web Configuration
The cellular router will not operate unless the cellular carrier has been correctly configured and the account activated and provisioned for data communications. For mobile
technology carriers, a SIM card must be inserted into the router. Do not insert the SIM
card when the router is powered up.
You can monitor the status, configuration and administration of the router via the Web interface. To access the router over the web interface, enter http://xxx.xxx.xxx.xxx as URL into the browser where
xxx.xxx.xxx.xxx is the router IP address. The router’s default IP address is
via secured
https://192.168.1.1 syntax. When accessing for the first time, it will be necessary to install a security certificate. To prevent the domain disagreement message of your browser, follow the procedure described
in the following subchapter. Configuration may
.
protocol is available. That implies the adress of the router has to be in
be performed only by the user
and only access
with initial password
Example of the web configuration
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 8
Page 8
Access to the Web Configuration
Attention!
Change password
Note!
.
ATTENTION
NOTE
When you successfully enter login information on the login page, the web interface will be displayed. The
left side of the web interface
ization and Administration
Name and Location
are user-defined for each router.
For enhanced security, you should change the default password. If the router’s default password is set, the menu item
displays the router’s name, location and SNMP configuration (see 4.17). These fields
displays
of the router.
the menu. You will find links for the
is highlighted in red.
Status, Configuration, Custom-
If the green LED is blinking, you may restore the router to its factory default settings by pressing RST on
the rear panel. The configuration will be restored to the factory defaults and the router will reboot. (The
green LED will be on during the reboot.)
3.1 Preventing the domain disagreement message
Since the domain name in the certificate is the given MAC address of the router, it is necessary to access
the router via this domain name (use dash separators instead of colons). To enable this, add a DNS record in your DNS system:
• Edit
• Edit
• Configure your own DNS server
To access the router with MAC address 00:11:22:33:44:55 securely, type the address https://00-11-22-3344-55 in the web browser. When accessing for the first time, it will be necessary to install a security certificate.
If using self signed certificate, the files https_cert and https_key has to be uploaded into
/etc/certs directory of the router
/etc/hosts
C:\WINDOWS\system32\drivers\etc\hosts
(Linux/Unix OS)
(Windows OS)
9 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 9
4 Status
Item
Description
SIM Card
Identification of the SIM card
(Primary or Secondary)
Interface
Defines the interface
Flags
Displays network interface flags
IP Address
IP address of the interface
MTU
Maximum packet size that the equipment is able to transmit
Rx Data
Total number of received bytes
Rx Packets
Received packets
Rx Errors
Erroneous received packets
Rx Dropped
Dropped received packets
Rx Overruns
Lost received packets because of overload
Tx Data
Total number of sent bytes
Tx Packets
Sent packets
Tx Errors
Erroneous sent packets
Tx Dropped
Dropped sent packets
Tx Overruns
Lost sent packets because of overload
Uptime
Indicates how long the connection to mob. network is established
Item
Description
PoE PSE Status
• Disabled – PoE PSE is disabled in the
Primary LAN
or
Secondary LAN
con-
Undervoltage
Overcurrent
Idle
Class 0
Class 1
Class 2
Class 3
Class 4
PoE PSE Power
Power of PoE PSE [W]
PoE PSE Voltage
Voltage of PoE PSE [V]
PoE PSE Current
Current of PoE PSE [mA]
4.1 General Status
Status
A summary of basic information about the router and its activities can be invoked by selecting the
item. This page is also displayed when you login to the web interface. Information is divided into a
eral
separate blocks according to the type of router activity or the properties area –
mary LAN, Secondary LAN, Peripherals Ports and System Information
RS232-RS485-ETH version, there will be displayed a tertiary
there will be a WiFi block displayed, too.
LAN
. If the router is a SWITCH or
block. If the router is WiFi equipped,
Mobile Connection, Pri-
4.1.1 Mobile Connection
Gen-
4.1.2 Primary LAN, Secondary LAN, Tertiary LAN, WiFi
Items displayed in this part have the same meaning as items in the previous part. Moreover, the MAC
Address item shows the
ondary LAN – eth1, Tertiary LAN – eth2, WiFi – wlan0).
4.1 or 4.5). If the router is equipped with PoE PSE board, additional information can be found in the
mary LAN or Secondary LAN
MAC address
section (see table below for description).
figuration form.
•
ing voltage.
•
tive difference of the nominal current.
•
– PoE PSE is enabled, but currently not used.
•
•
•
•
•
of the corresponding router’s interface
Visible information depends on configuration (see
– Undervoltage, i.e. a lower voltage than the nominal operat-
– Overcurrent, i.e. a higher current than the permissible posi-
– Power level (classification unimplemented)
– Power level (very low power)
– Power level (low power)
– Power level (mid power)
– Power level (high power)
(Primary LAN – eth0, Sec-
Pri-
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 10
PoE PSE information
Page 10
Status
Peripheral
PortsItem
Description
Expansion Port 1
Expansion port fitted to the position 1 (
None
indicates that this position is
equipped with no port)
Expansion Port 2
Expansion port fitted to the position 2 (
Non
e indicates that this position is
equipped with no port)
Binary Input
State of binary input
Binary Output
State of binary output
Item
Description
Firmware Version
Information about the firmware version
Serial
Number Serial number of the router (in case of
N/A
is not available)
Profile
Current profile – standard or alternative profiles (profiles are used for example
to switch between different modes of operation)
Supply Voltage
Supply voltage of the router
Temperature
Temperature in the router
Time
Current date and time
Uptime
Indicates how long the router is used
Item
Description
Registration
State of the network registration
Operator
Specifies the operator’s network the router operates in
Technology
Transmission technology
PLMN
Code of operator
Cell
Cell the router is connected to
LAC
Location Area Code – unique number assigned to each location area
Channel
Channel the router communicates on
Signal Strength
Signal strength of the selected cell
Signal Quality
Signal quality of the selected cell:
CSQ
Cell Signal Quality, relative value is given by RSSI (dBm). 2–9 range means
means excellent.
Neighbours
Signal strength of neighboring hearing cells
Manufacturer
Module manufacturer
Model
Type of module
Revision
Revision of module
IMEI
IMEI (International Mobile Equipment Identity) number of module
ESN
ESN (Electronic Serial Number) number of module (for CDMA routers)
MEID
MEID number of module
ICCID
Integrated Circuit Card Identifier is international and unique serial
4.1.3 System Information
4.2 Mobile WAN Status
The Mobile WAN menu item contains current information about connections to the mobile network. The
(
first part of this page
router operates in. There is also information about the module, which is mounted in the router.
Mobile Network Information) displays basic information about mobile network the
• EC/IO for UMTS and CDMA (it’s the ratio of the signal received from the pi-
lot channel – EC – to the overall level of the spectral density, ie the sum of
the signals of other cells – IO)
• RSRQ for LTE technology (Defined as the ratio
• The value is not available for the EDGE technology
Marginal, 10–14 range means OK, 15–16 range means Good, 20–30 range
×
)
11 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Mobile Network Information
Page 11
Status
Note
Item
Description
Today
Today from 0:00 to 23:59
Yesterday
Yesterday from 0:00 to 23:59
This week
This week from Monday 0:00 to Sunday 23:59
Last week
Last week from Monday 0:00 to Sunday 23:59
This period
This accounting period
Last period
Last accounting period
Item
Description
Signal Min
Minimal signal strength
Signal Avg
Average signal strength
Signal Ma
Maximal signal strength
Cells
Number of switch between cells
Availability
Availability of the router via the mobile network (expressed as a percentage)
Note!
Item
Description
RX data
Total volume of received data
TX data
Total volume of sent data
Connections
Number of connection to mobile network establishment
NOTE
NOTE
!
Highlighted in red adjacent cells have a close signal quality, which means that there is imminence of frequent switching between the current and the highlighted cell. The next section of
this window displays information about the quality of the connection in each period.
Description of Periods
Mobile Network Statistics
Tips for
• Availability of connection to mobile network is information expressed as a percentage that is
calculated by the ratio of time when connection to mobile network is established to the time
when the router is turned on.
• After you place your cursor on the maximum or minimum signal strength, the last time when
the router reached this signal strength is displayed.
In the middle part of this page is displayed information about transferred data and number of connections
for both SIM cards (for each period).
Mobile Network Statistics
table:
Traffic Statistics
The last part
and problems in establishment.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 12
(Mobile Network Connection Log)
informs about the mobile network connection
Page 12
Status
Mobile WAN status
13 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 13
Status
Note!
Item
Description
hostapd state dump
Time the statistical data relates to
num_sta
Number of connected stations
num_sta_non_erp
Number of connected stations using 802.11b in 802.11g BSS connection
num_sta_no_short_slot_time
Number of stations not supporting the Short Slot Time
num_sta_no_short_preamble
Number of stations not supporting the Short Preamble
Item
Description
STA
MAC address of connected device (station)
AID
Identifier of connected device (1 – 2007). If 0 is displayed, the station
is not currently connected
Note!
Scanning can be performed only if the access point (WiFi AP) is off.
Item
Description
BSS
MAC address of access point (AP)
TSF
A Timing Synchronization Function (TSF) keeps the timers for all sta-
freq
Frequency band of WiFi network [kHz]
beacon interval
Period of time synchronization
capability
List of access point (AP) properties
signal
Signal level of access point (AP)
NOTE
NOTE
4.3 WiFi
This item is available only if the router is equipped with a WiFi module.
WiFi
After selecting the
(AP) and associated stations is displayed.
More detailed information is displayed for each connected client. Most of them has an internal character,
let us mention only the following:
item in the main menu of the web interface, information about WiFi access point
State Information about Access Point
State Information about Connected Clients
WiFi Status
4.4 WiFi Scan
This item is available only if the router is equipped with a WiFi module.
After selecting the
works and subsequent printing of results are invoked.
WiFi
Scan item in the menu of the web interface, scanning of neighbouring WiFi net-
tions in the same Basic Service Set (BSS) synchronized.
All stations shall maintain a local TSF timer.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 14
Page 14
Status
Item
Description
last seen
Last response time of access point (AP)
SSID
Identifier of access point (AP)
Supported rates
Supported rates of access point (AP)
DS Parameter set
The channel on which access point (AP) broadcasts
ERP
Extended Rate PHY – information element providing backward compatibility
Extended supported rates
Supported rates of access point (AP) that are beyond the scope of
eight rates mentioned in Supported rates item
RSN
Robust Secure Network – The protocol for establishing a secure communication through wireless network 802.11
Information about Neighbouring WiFi Networks
WiFi Scan
15 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 15
4.5 Network Status
Item
Description
eth0, eth1, eth2
Network interfaces (ethernet connection)
usb0
Active PPP connection to the mobile network – wireless module is
wlan0
WiFi interface
ppp0
PPP interface (e.g. PPPoE tunnel)
tun0
OpenVPN tunnel interface
ipsec0
IPSec tunnel interface
gre1
GRE tunnel interface
lo
Local loopback interface
Item
Description
HWaddr
Hardware (unique) address of networks interface
inet
IP address of interface
P-t-P
IP address second ends connection
Bcast
Broadcast address
Mask
Mask of network
MTU
Maximum packet size that the equipment is able to transmit
Metric
Number of routers, over which packet must go trought
RX
• packets – received packets
errors
dropped
overruns
frame
TX
• packets – transmit packets
errors
dropped
overruns
carrier
collisions
Number of collisions on physical layer
txqueuelen
Length of front network device
RX bytes
Total number of received bytes
TX bytes
Total number of transmitted bytes
Status
To view system information about the router operation, select the
upper part of the window displays detailed information about active interfaces:
connected via USB interface
Description of the interface in network status
Each of the interfaces shows the following information:
Network
item in the
Status
menu. The
•
•
•
•
•
•
•
•
Description of Information in Network Status
It is possible to read status of connection to mobile network from the network information.
If the connection to the mobile network is active, it will be shown in the system information as an usb0
interface. At the bottom, there is the Route Table displayed.
– number of errors
– dropped packets
– incoming packets lost because of overload
– wrong incoming packets because of incorrect packet size
– number of errors
– dropped packets
– outgoing packets lost because of overload
– wrong outgoing packets with errors resulting from the
physical layer
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 16
Page 16
Status
Item
Description
lease
Assigned IP address
starts
Time of assignation of IP address
ends
Time of termination IP address validity
hardware ethernet
Hardware MAC (unique) address
uid
Unique ID
client-hostname
Computer name
Note!
NOTE
Network Status
4.6 DHCP Status
Information about the DHCP server activity is accessible via
matic configuration of devices connected to the network managed router. DHCP server assigns IP address,
netmask, default gateway (IP address of router) and DNS server (IP address of router) to each device.
The DHCP status window displays the following information for each configuration:
DHCP status description
In the extreme case, the DHCP status can display two records for one IP address. That could
have been caused by resetting of network cards.
DHCP
item. The DHCP server provides auto-
17 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 17
Status
Note!
NOTE
DHCP status
Records in the DHCP status window are divided into two separate parts – Active DHCP
Leases (Primary LAN) and Active DHCP Leases (WLAN).
4.7 IPsec Status
Information on actual IPsec tunnel state can be called up in option IPsec in the menu.
After correct build the IPsec tunnel, status display
tus information. Other information has only internal character.
IPsec SA established
(highlighted in red) in IPsec sta-
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 18
Page 18
Status
Attention!
4.8 DynDNS status
The result of DynDNS record update (from the server www.dyndns.org) can be invoked pressing the
DynDNS item in the Status menu.
Following messages are possible when detecting the status of DynDNS record update:
• DynDNS client is disabled.
• Invalid username or password.
• Specified hostname doesn’t exist.
• Invalid hostname format.
• Hostname exists, but not under specified username.
• No update performed yet.
• DynDNS record is already up to date.
• DynDNS record successfully update.
• DNS error encountered.
• DynDNS server failure.
For correct function of DynDNS, SIM card of router must have public IP address assigned.
ATTENTION
4.9 System Log
In case of any connection problems it is possible to view the system log by pressing the
menu item. Detailed reports from individual applications running in the router are displayed. Use the
button to save the system log to a connected computer (the text file with the .log extension will be
Log
saved). The second button –
needed by support in one text file in the .txt format – statistical data, routing and process tables, system
log, configuration).
The default length of the system log is 1000 lines. After reaching 1000 lines the new file is created for
storing the system log. After completion of 1000 lines in the second file, the first file is overwritten with
the new one.
Output of the system log is done by the
S
behavior. Option "-
R
tion "syslog deamon is Linux OS, there has to be remote logging enabled (typically running "
the Windows OS, there has to be syslog server installed, e.g.
these options, the "/etc/init.d/syslog" script can be modified via SSH or lines can be added into
Script
" followed by hostname or IP address enables logging to a remote syslog daemon. (If the remote
(accessible in
" followed by decimal number sets the maximal number of lines in one log file. Op-
Configuration section
Save Report
– is used for creating detailed report (generates all information
Syslogd
program. It can be started with two options to modify its
Syslog Watcher
) according to figure.
). To start
System Log
syslogd -R
syslogd
with
Startup
Save
"). If it’s
19 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 19
Status
System Log
Example of logging into the remote daemon at 192.168.2.115:
Example program syslogd start with the parameter -r
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 20
Page 20
Contents of Package
Item
Description
DHCP Client
• disabled
enabled
DHCP server in LAN network.
IP address
Fixed set IP address of network interface ETH.
Subnet Mask
IP address of Subnet Mask.
Bridged
• no – router is not used as a bridge (default)
• yes – router is used as a bridge
Media type
• Auto-negation – The router automatically sets the best speed and
100 Mbps Full Duplex
100 Mbps Half Duplex
Mbps Full Duplex
Mbps Half Duplex
the half duplex mode.
PoE PSE
• enabled – The router provides power on the Ethernet cable
disabled
(default)
Default Gateway
IP address of router default gateway. If filled in, all packets not fitting
DNS server
IP address of DNS server of the router. All the DNS queries are for-
5 Contents of Package
5.1 LAN Configuration
Select the
LAN
menu item to enter the network configuration for the Ethernet ports.
tem is intended for the first ETH router’s interface (ETH0),
interface (ETH1).
Tertiary LAN
is for the SWITCH (3x Ethernet) or RS232- RS485-ETH expansion port
if installed, it is the ETH2 interface.
– The router does not allow automatic allocation IP address
from a DHCP server in LAN network.
•
duplex mode of communication according to the network’s possibilities.
•
the full duplex mode.
•
the half duplex mode.
• 10
the full duplex mode.
• 10
– The router allows automatic allocation IP address from a
– The router communicates at 100 Mbps, in
– The router communicates at 100 Mbps, in
– The router communicates at 10 Mbps, in
– The router communicates at 10 Mbps, in
Secondary
Primary
subi-
is for the second ETH router’s
•
the route table rules would have been sent to this adress.
warded to this address.
Configuration of the Network Interface
Default Gateway
The
Primary or Secondary LAN is selected by the Backup Routes system as a default route. (The backup
routes selection algorithm is described in section
DNS Server
There can be only one active bridge on the router at a time. Only the parameters
Subnet Mask
and
both interfaces (eth0, eth1) are added to the bridge. Other interfaces (wlan0 – wifi) can be added (or deleted) to (from) an existing bridge at any time. Moreover, the bridge can be created on demand for such
interfaces but not configured by their respective parameters.
The DHCP server assigns the IP address, default gateway IP address, and IP address of the DNS server to
the connected DHCP clients. If these values are filled-in by the user in the configuration form, they are
preferred.
are also supported on bridged interfaces (e.g. eth0 + eth1).
and
DNS Server
can be used to configure the bridge. The Primary LAN has the higher priority when
items are only used if the
– The router does not provide power on the Ethernet cable
Backup Routes
DHCP Client
). Since FW 5.3.0,
item is disabled, and if the
Default Gateway
and
DHCP Client, IP address
21 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 21
Contents of Package
Item
Description
Enable dynamic DHCP
leases
If checked, dynamic DHCP server enabled.
IP Pool Start
Start of IP addresses allocated to the DHCP clients.
IP Pool End
End of IP addresses allocated to the DHCP clients.
Lease time
Client can use the IP address for this amount of time in seconds.
Item
Description
Enable static DHCP leases
If checked, static DHCP server enabled.
MAC Address
MAC address of a DHCP client.
IP Address
Assigned IP address.
Note
NOTE
The DHCP server supports both static and dynamic assignment of IP addresses. In
assignment, the DHCP server will assign a client the next available IP address from the allowed IP address pool.
ents.
Static DHCP
assigns IP addresses that correspond to the MAC addresses of connected cli-
Configuration of Dynamic DHCP Server
Configuration of Static DHCP Server
Dynamic IP address
!
Do not overlap the static IP addresses with the addresses allocated by the dynamic DHCP
address pool. Otherwise, the network may function incorrectly.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 22
Page 22
Contents of Package
Example 1:
• The range of dynamic allocated addresses from 192.168.1.2 to 192.168.1.4.
• The address is allocated 600 second (10 minutes).
The network interface with dynamic DHCP server
Example 1 – LAN Configuration Page
23 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 23
Contents of Package
Example 2:
• The range of allocated addresses from 192.168.1.2 to 192.168.1.4.
• The address is allocated 10 minutes.
• Client with MAC address 01:23:45:67:89:ab has IP address 192.168.1.10.
• Client with MAC address 01:54:68:18:ba:7e has IP address 192.168.1.11.
The network interface with dynamic and static DHCP server
Example 2 – LAN Configuration Page
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 24
Page 24
Contents of Package
Example 3
• Default gateway IP address is 192.168.1.20
• DNS server IP address is 192.168.1.20
: The network interface with default gateway and DNS server
Example 3 - Network Topology
Example 3 – LAN Configuration Page
25 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 25
Contents of Package
Item
Description
Virtual Server IP Address
This parameter sets the virtual server IP address. This address must be
will use this address as their default gateway IP address.
Virtual Server ID
This parameter distinguishes one virtual router on the network from
this parameter.
Host Priority
The active router with highest priority set by the parameter Host Prior-
is not allowed
Item
Description
Ping IP Address
Destinations IP address for the Ping commands. IP Address can not be
specified as a domain name.
Ping Interval
Interval in seconds between the outgoing Pings.
Ping Timeout
Time in seconds to wait for a response to the Ping.
Ping Probes
Maximum number of failed ping requests
Note!
NOTE
5.2 VRRP Configuration
Select the VRRP menu item to enter the VRRP configuration. VRRP protocol (Virtual Router Redundancy
Protocol) allows you to transfer packet routing from the main router to a backup router in case the main
router fails. (This can be used to provide a wireless cellular backup to a primary wired router in critical
applications.) If the
Enable VRRP
is checked, you may set the following parameters.
the same for both the primary and backup routers. Devices on the LAN
another. The main and backup routers must use the same value for
ity, is the main router. According to RFC 2338, the main router should
have the highest possible priority – 255. The backup router(s) have a
priority in the range 1 – 254 (default value is 100). A priority value of 0
VRRP configuration
You may set the
sages for the cellular network. In some cases, the mobile WAN connection could still be active but the
router will not be able to send data over the cellular network. This feature is used to verify that data can
be sent over the PPP connection and supplements the normal VRRP message handling. The currently active router (main/backup) will send test messages to the defined
(Ping Interval)
vals
Ping command, it will retry up to the number of times specified by the
time, it will switch itself to a backup router until the PPP connection is restored.
The
Enable traffic monitoring
the PPP connection. When this parameter is set, the router will monitor the interface for any packets different from a ping. If a response to the packet is received within the timeout specified by the
Timeout
a response within the timeout period, it will attempt to test the mobile WAN connection using standard
Ping commands.
parameter, then the router knows that the connection is still active. If the router does not receive
Check connection
and wait for a reply
You may use the DNS server of the mobile carrier as the destination IP address for the test
messages (Pings).
flag in the second part of the window to enable automatic test mes-
Ping IP Address
(Ping Timeout
). If the router does not receive a response to the
Ping Probes
Check connection
option can be used to reduce the number of messages that are sent to test
at periodic time inter-
parameter. After that
Ping
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 26
Page 26
Contents of Package
Example of the VRRP protocol:
Topology of example VRRP configuration
Example of VRRP configuration – main router
Example of VRRP configuration – backup router
27 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 27
5.3 Mobile WAN Configuration
Item
Description
APN
Network identifier (Access Point Name)
Username
User name to log into the GSM network
Password
Password to log into the GSM network
Authentication
Authentication protocol in GSM network
PAP or CHAP
PAP
CHAP – it is used CHAP authentication method
IP Address
IP address of SIM card. The user sets the IP address, only in the case
IP address was assigned of the operator.
Phone Number
Telephone number to dial GPRS or CSD connection. Router as a default telephone number used *99***1 #.
Operator
This item can be defined PLNM preferred carrier code
Network type
• Automatic selection – router automatically selects transmission
select a specific method of data transmission (GPRS, UMTS, . . . )
PIN
PIN parameter should be set only if it requires a SIM card router. SIM
card is blocked in case of several bad attempts to enter the PIN.
MRU
Maximum Receiving Unit – It’s an identifier of maximum size of
data.
MTU
Maximum Transmission Unit – It’s an identifier of max. size of packet,
1500 B. Other settings may cause incorrect transmission of data.
Note!
NOTE
Contents of Package
Configuration of a connection to the mobile network can be invoked by selecting the
in the
Configuration
menu section.
Mobile WAN
item
5.3.1 Connection to Mobile Network
If the
Create connection to mobile network
connection after switching-on. Following items can be set up for every SIM card separately or as two
separate APNs to switch one SIM card between.
•
•
•
method according to the availability of transmission technology
•
Furthermore, according to the type of router
item is selected, the router automatically tries to establish
– authentication method is chosen by router
– it is used PAP authentication method
– it’s also possible to
packet, which is possible to receive in a given environment. Default
value is 1500 B. Other settings may cause incorrect transmission of
which is possible to transfer in a given environment. Default value is
Mobile WAN connection configuration
Tips for working with the
• If the size is set incorrectly, data transfer may not be succeeded. By setting a lower MTU
it occurs to more frequent fragmentation of data, which means higher overhead and also
the possibility of damage of packet during defragmentation. On the contrary, the higher
value of MTU can cause that the network does not transfer the packet.
• If the
• If the
• If the word blank is filled in the
IP address
when it is establishing the connection. If filled IP address supplied by the operator, router
accelerate access to the network.
APN
of the SIM card. If the PLMN (operator number format) is not in the list of APN, then default APN is "internet". The mobile operator defines APN.
field is not filled in, the operator automatically assigns the IP address
field is not filled in, the router automatically selects the APN by the IMSI code
Mobile WAN
APN
configuration form:
field, router interprets APN as blank.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 28
Page 28
Contents of Package
Attention!
Item
Description
Ping IP Address
Destinations IP address or domain name of ping queries.
Ping Interval
Time intervals between the outgoing pings.
Attention!
.
• If only one SIM card is plugged in the router (router has one slot for a SIM card),
router switches between the APN. Router with two SIM cards switches between SIM
cards.
• Correct PIN must be filled. For SIM cards with two APN’s there will be the same PIN
for both APN‘s. Otherwise the SIM card can be blocked by false SIM PIN.
Items marked with an asterisk must be filled in only if this information is required by the
operator (carrier).
In case of unsuccessful establishing a connection to mobile network is recommended to
check the accuracy of entered data. Alternatively, try a different authentication method
or network type.
5.3.2 DNS Address Configuration
The
DNS
Settings item is designed for easier configuration on the client side. When this item is set to the
get from opertor
value
secondary DNS server from the operator. By way of contrast, set manually option allows you to set IP
addresses of Primary DNS servers manually (using the
router makes an attempt to automatically get an IP address of the primary and
DNS Server
item).
ATTENTION
5.3.3 Check Connection to Mobile Network Configuration
If the
Check Connection
work is activated. Router will automatically send ping requests to the specified domain or IP address
Ping IP Address
(
be sent after ten seconds. If it fails to ping the IP address of three times in a row, the router terminates
the current connection and tries to establish new ones. Checking can be set separately for two SIM cards
or two APNs. As a ping address can be used an IP address for which it is certain that it is still functional
and is possible to send ICMP ping (e.g. DNS server of operator).
In the case of the
may be sent through any available interface. If you require each ping request to be sent through the network interface, which was created on the occasion of establishing a connection to the mobile operator, it
is necessary to set the
ing the connection to mobile network.
If the
Enable Traffic Monitoring
Ping IP Address and it will watch traffic in connection to mobile network. If this connection is without
traffic longer than the Ping Interval, then the router sends ping questions to the Ping IP Address.
item) in regular time interval (
item is set to
enabled or enabled + bind
Ping Interval
enabled
option ping requests are sent on the basis of routing table. Thus, the requests
Check Connection item to enabled + bind
Check connection to mobile network configuration
option is selected, then the router stops sending ping questions to the
, checking the connection to mobile net-
). In case of unsuccessful ping, a new one will
. The disabled variant deactivates check-
The enabling of Check connection to mobile network is necessary for uninterrupted and
lasting operation of the router
29 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
ATTENTION
Page 29
5.3.4 Data Limit Configuration
Item
Description
Data limit
With this parameter you can set the maximum expected amount of data
transmitted (sent and received) over GPRS in one billing period (month).
Warning Threshold
Parameter Warning Threshold
determine per cent of Data Limit in the
limit.
Accounting Start
Parameter sets the day of the month in which the billing cycle starts SIM
day.
Note!
Item
Description
Default SIM card
This parameter sets default APN or SIM card, from which it will try to
lish connection to mobile network via SMS message.
Backup SIM card
Defines backup APN or SIM card, that the router will switch the defining one of the following rules.
Note!
Item
Description
Switch to other SIM card
If connection to mobile network fails, then this parameter ensures
and is indicated by the loss of a connection to mobile network.
Switch to backup SIM card
In case that the roaming is detected this parameter enables switching
For proper operation, it is necessary to have enabled roaming on
your SIM card!
NOTE
NOTE
range of 50% to 99%, which if is exceeded, then the router sends SMS
in the form Router has exceeded
card used. Start of the billing period defines the operator, which gives
the SIM card. The router begin to count the transferred data since that
If parameters Switch to backup SIM card when data limit is exceeded and switch to default
SIM card when data limit isn’t exceeded (see next subsection) or Send SMS when datalimit
is exceeded (see SMS configuration) are not selected, the data limit will not count using the
oldest versions of wieland routers.
Contents of Package
(value of Warning Threshold
) of data
5.3.5 Switch Between SIM Cards Configuration
At the bottom of configuration it is possible to set rules for switching between two APN’s on the SIM
card, in the event that one SIM card is inserted or between two SIM cards, in the event that two SIM
cards are inserted.
establish the connection to mobile network. If this parameter is set to
none, the router launches in offline mode and it is necessary to estab-
Default and backup SIM configuration
If the parameter Backup SIM card is set to none, then the parameters
•
Switch to other SIM card when connection fails
•
Switch to backup SIM card when roaming is detected and switch to default SIM card
when home network is detected
•
Switch to backup SIM card when data limit is exceeded and switch to default SIM card
when data limit isn’t exceeded
switch the router to off-line mode.
when connection fails
when roaming is detected
and switch to default SIM
card when home network is
detected
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 30
switch to secondary SIM card or secondary APN of the SIM card. Failure of the connection to mobile network can occur in two ways. When
I start the router, when three fails to establish a connection to mobile
network. Or if it is checked Check the connection to mobile network,
to secondary SIM card or secondary APN of the SIM. If home network
is detected, this parameter enables switching back to default SIM
card.
Page 30
Contents of Package
Item
Description
Switch to backup SIM card
exceeded
This parameter enables switching to secondary SIM card or secondary
Switch to backup SIM card
This parameter enables switching to secondary SIM card or secondary
Switch to default SIM card
after timeout
This parameter defines the method, how the router will try to switch
back to default SIM card or default APN.
Item
Description
Initial timeout
The first attempt to switch back to the primary SIM card or APN shall
this parameter is from 1 to 10000 minutes.
Subsequent Timeout
In an unsuccessful attempt to switch to default SIM card, the router on
quent Timeout, range is from 1 to 10000 min.
Additive constants
Any further attempt to switch back to the primary SIM card or APN
and time defined
Example:
when data limit is exceeded
and switch to default SIM
card when data limit isn’t
when binary input is active
switch to default SIM card
when binary input isn’t active
The following parameters define the time after which the router attempts to go back to the default SIM
card or APN.
APN of the SIM card, when the data limit of default APN is exceeded.
This parameter also enables switching back to default SIM card, when
data limit is not exceeded.
APN of the SIM card, when binary input ‘bin0’ is active. If binary input
isn’t active, this parameter enables switching back to default SIM card.
Switch between SIM card configurations
be made for the time defined in the parameter Initial Timeout, range of
the second attempt to try for the time defined in the parameter Subse-
shall be made in time computed as the sum of the previous time trial
Switch between SIM card configurations
If parameter
Timeout
the primary SIM card or APN shall be carried out after 60 minutes. Switched to a failed second attempt
made after 30 minutes. Third after 50 minutes (30+20). Fourth after 70 minutes (30+20+20).
Switch to default SIM
– 60 min,
Subsequent Timeout 30 min and Additive Timeout
card after timeout is checked and parameters are set as follows: Initial
– 20 min, the first attempt to switch
31 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 31
Contents of Package
5.3.6 PPPoE Bridge Mode Configuration
If the
Enable PPPoE bridge mode
point over ethernet) is a network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside
Ethernet frames. Allows you to create a PPPoE connection from the device behind router. For example
from PC which is connected to ETH port router. The IP address of the SIM card will be alloted to PC.
The changes in settings will apply after pressing the
option selected, it activate the PPPoE bridge protocol PPPoE (point-to-
Apply
button.
Mobile WAN configuration
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 32
Page 32
Contents of Package
Example 1:
Example 2:
Example 3:
trolled on the address 8.8.8.8 in the time interval of 60 s for primary SIM card and on the address
www.google.com in the time interval 80 s for secondary SIM card. In the case of traffic on the router the
control pings are not sent, but the traffic is monitored.
SIM card after exceeding the data limits of 800 MB. Warning SMS is sent upon reaching 400 MB. The
start of accounting period is set to the 18th day of the month.
The figure below describes the situation, when the connection to mobile network is con-
Example 1 – Mobile WAN configuration
The following configuration illustrates the situation in which the router switches to a backup
Example 2 – Mobile WAN configuration
attempt to switch back to the default SIM card is executed after 60 minutes, the second after 40 minutes,
the third after 50 minutes (40+10) etc.
Primary SIM card is switched to the offline mode after the router detects roaming. The first
Example 3 – Mobile WAN configuration
33 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 33
5.4 PPPoE Configuration
Item
Description
Username
Username for secure access to PPPoE
Password
Password for secure access to PPPoE
Authentication
Authentication protocol in GSM network
PAP or CHAP
PAP
• CHAP – it is used CHAP authentication method
MRU
Maximum Receiving Unit – It is the identifier of the maximum size of
sion.
MTU
Maximum Transmission Unit – It is the identifier of the maximum size
transmission.
Note!
NOTE
Contents of Package
To enter the PPPoE configuration select the
selected, the router tries to establish PPPoE connection after switching-on. PPPoE (Point-to-Point over
Ethernet) is a network protocol, which PPP frames encapsulating to the Ethernet frames. PPPoE client to
connect devices that support PPPoE bridge or a server (typically ADSL router). After connecting the
router obtains the IP address of the device to which it is connected. All communications from the device
behind the PPPoE server is forwarded to industrial router.
•
•
PPPoE
– it is used PAP authentication method
menu item. If the
– authentication method is chosen by router
Create PPPoE connection
option is
If setting bad packet size value (MRU, MTU), the transmission can be unsuccessful.
packet, which is possible to recese in given environment. Default value
is set to 1492 bytes. Other settings may cause incorrect data transmis-
of packet, which is possible to transfer in given environment. Default
value is set to 1492 bytes. Other settings may cause incorrect data
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 34
Page 34
Contents of Package
Attention!
Item
Description
Operating mode
WiFi operating mode:
access point (AP
station (STA)
ble connection via wifi network
SSID
Unique identifier of WiFi network
Broadcast SSID
Method of broadcasting the unique identifier of SSID network in beacon
Enabled
Zero length
Clear
original length is kept. Requests for sending beacon frame are ignored.
Probe Hidden SSID
Probes hidden SSID (only for station
(STA)
mode)
Country Code
Code of the country, where the router is used with WiFi. This code must be
bands in the particular country.
HW Mode
HW mode of WiFi standard the access point (AP) will support.
• IEE 802.11a+n
Channel
Channel where the WiFi AP is transmitting. Channels 12, 13 and 14 can be
code.
BW 40 MHz
Option for HW mode 802.11n that allows using of two standard 20MHz
mode.
WMM
Enables basic QoS for WiFi networks. This version doesn’t guarantee network throughput. It is suitable for simple applications requiring QoS.
Authentication
Provides access control of authorized users in WiFi network:
Open
Shared
WPA-PSK
WPA2-PSK
ATTENTION
5.5 WiFi Configuration
This item is available only if the router is equipped with a WiFi module.
The form for configuration of WiFi network can be invoked by pressing the
of the router web interface.
also possible to set the following properties:
Enable WiFi
check box at the top of this form is used to activate WiFi. It is
WiFi
item in the main menu
•
vices in station
•
data packets from the available access point (AP) and sends data from ca-
frame and type of response to a request for sending the beacon frame.
•
•
beacon frame are ignored.
•
entered in format ISO 3166-1 alpha-2. If country code isn’t specified and the
router has implemented no system to determine this code, it is used "US" as
default
If no
may come a pass a breach of regulatory rules for the using of frequency
• IEE 802.11b
• IEE 802.11b+g
• IEE 802.11b+g+n
• IEE 802.11a
– SSID is broadcasted in beacon frame
– Each SSID character in beacon frame is replaced by 0. However,
country
country
code is specified or is entered the wrong country code, then it
) – router becomes an access point to which other de-
(STA)
mode can be connected
– router becomes a client station, it means that receives
– Beacon frame does not include SSID. Requests for sending
code.
selected only in countries where they are allowed on the basis of country
channels simultaneously. Option is available in the STA mode also and it has
to be enabled in both – the AP and STA mode if using the high throughput
•
•
•
•
35 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
– authentication is not required (free access point)
– base authentication using WEP key
– authentication using better authentication method PSK-PSK
– authentication using AES encryption
Page 35
Contents of Package
Item
Description
Encryption
Type of data encryption in WiFi network:
None
WEP
TKIP
• AES – Improved encryption used for
WPA2-PSK
authentication
WEP Key Type
Type of WEP key for WEP encryption:
ASCII
• HEX – WEP key is entered in hexadecimal format
WEP Default Key
Specifies default WEP key
WEP Key 1-4
Items for different four WEP keys
WPA PSK Type
The type of encryption when WPA-PSK authenticating:
PSK File
WPA PSK
Key for WPA-PSK authentication. This key must be entered according to
256-bit secret
ASCII passphrase
PSK File
key, MAC address)
Access List
Determines a manner of Access/Deny list application:
Disabled
Accept
Deny
to the network
Accept/Deny List
Accept or Denny list of client MAC addresses that set network access.
Each MAC address is separated by new line.
Syslog Level
Communicativeness level when system writes to the system log
Verbose debugging
Debugging
Notification
• Warning – the lowest level of communicativeness
Extra options
Allows user to define additional parameters
•
•
•
•
• WEP key in ASCII format must be entered in quotes and must have
• WEP key in hexadecimal format must be entered using only hexadeci-
• 256-bit secret
• ASCII passphrase
•
– No data encryption
– Encryption using static WEP keys. This encryption can be
used for Shared authentication.
– Dynamic management of encryption keys which can be used
WPA-PSK
for
– WEP key is entered in ASCII format
the following lengths:
– 5 ASCII characters (40b WEP key)
– 13 ASCII characters (104b WEP key)
– 16 ASCII characters (128b WEP key)
mal digits and must the following lengths:
– 10 hexadecimal digits (40b WEP key)
– 26 hexadecimal digits (104b WEP key)
– 32 hexadecimal digits (128b WEP key)
and
WPA2-PSK
authentication.
the selected WPA-PSK type as follows:
•
•
converted into PSK
•
•
•
network
•
•
•
• Informational – default level of communicativeness which is used for
writing standard events
•
–
– Items mentioned in the Access/Deny list do not have access
WiFi configuration
– 64 hexadecimal digits
– from 8 to 63 characterswhich are subsequently
– absolute path to the file containing the list of pairs (PSK
– Access/Deny list is not used
Only items mentioned in the Access/Deny list have access to the
– the highest level of communicativeness
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 36
Page 36
Contents of Package
37 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 37
5.6 WLAN Configuration
Attention!
Item
Description
Operating Mode
WiFi operating mode:
access point (AP
station (STA)
(AP) and sends data from cable connection via
wifi network
DHCP Client
Activates/deactivates DHCP client
IP Address
Fixed set IP address of WiFi network interface
Subnet Mask
Subnet mask of WiFi network interface
Bridged
Activates bridge mode
yes
ignored. Instead, it takes setting of selected network interface (LAN).
Default Gateway
IP address of default gateway. When entering IP address of default gateway, all packets
for which the record was not found in the routing table are sent to this address.
DNS Server
Address to which all DNS queries are forwarded
Item
Description
IP Pool Start
Beginning of the range of IP addresses which will be assigned to DHCP clients
IP Pool End
End of the range of IP addresses which will be assigned to DHCP clients
Lease Time
Time in seconds for which the client may use the IP address
Contents of Package
This item is available only if the router is equipped with a WiFi module.
ATTENTION
The form for configuration of WiFi network and DHCP server functioning on this network can be invoked by
pressing the
the top of this form is used to activate WIFi LAN interface. It is also possible to set the following properties:
WLAN
item in the main menu of the router web interface.
Enable WLAN
•
station (STA) mode can be connected
•
ets from the available access point
• no – Bridged mode is not allowed (it’s default value). WLAN network is not con-
nected with LAN network of the router.
•
– Bridged mode is allowed. WLAN network is connected with one or more
LAN network of the router. In this case, the setting of most items in this table is
) – router becomes an access point to which other devices in
– router becomes a client station, it means that receives data pack-
interface check box at
Use
Enable dynamic DHCP
dresses using DHCP server. It is also possible to specify these values:
All changes in settings will apply after pressing the
leases item at the bottom of this form to enable dynamic allocation of IP ad-
Configuration of DHCP server
Apply
button.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 38
Page 38
Contents of Package
Attention!
ATTENTION
5.7 Backup Routes
Using the configuration form on the Backup Routes page can be set backing up primary connection by
other connections to internet/mobile network. For each back up connection can be defined a priority.
Own switching is done based on set priorities and state of the connection
ary LAN).
If
Enable backup routes switching
tings below. Namely according to status of enabling each of backup route (i.e.
option is checked, the default route is selected according to the set-
switching for Mobile WAN, Enable backup routes switching for PPPoE, Enable backup routes switching
for WiFi STA, Enable backup routes switching for Primary LAN or Enable backup routes switching for
Secondary LAN
enabled). In addition, network interfaces belonging to individual backup routes have checked a flag RUNNING. This check fixes for example disconnecting of an ethernet cable.
If you want to use connection to mobile WAN as one of the backup routes, it is necessary to enable Check Connection at Mobile WAN configuration to enable + bind option,
see chapter 4.3.1.
), according to explicitly set priorities and according to status of connection check (if it is
(for Primary LAN and Second-
Enable backup routes
39 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 39
Contents of Package
Item
Description
Priorit
Priority for the type of connection
Ping IP Address
Destination IP address of ping queries to check the connection
(address can not be specified as a domain name)
Ping Interval
The time intervals between sent ping queries
Backup Routes
Enable backup routes switching
If
backward compatibility mode. The default route is selected based on implicit priorities according to the
status of enabling settings for each of network interface, as the case may be enabling services that set
these network interfaces. Names of backup routes and corresponding network interfaces in order of implicit priorities:
• Mobile WAN (pppX, usbX)
• PPPoE (ppp0)
• WiFi STA (wlan0)
• Secondary LAN (eth1)
• Tertiary LAN (eth2)
• Primary LAN (eth0)
Example:
Secondary LAN is selected as the default route only if
checked on the
PPPoE
LAN and must not be enabled
page. To select the Primary LAN it is also necessary not to be entered
Mobile WAN
option is not checked, Backup routes system operates in the so-called
page, alternatively if
DHCP Client
for Secondary LAN.
Create connection to mobile network
Create PPPoE connection
option is not checked on the
IP address
option is not
for Secondary
All changes in settings will be applied after pressing the
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 40
Apply
button.
Page 40
Contents of Package
Item
Description
Source
IP address from which access to the router is allowed
Protocol
Specifies protocol for remote access:
all
TCP
UDP
ICMP – access is enabled for ICMP protocol
Target Port
The port number on which access to the router is allowed
Action
Type of action:
allow
• deny – access is denied
Item
Description
Source
IP address of source device
Destination
IP address of destination device
Protocol
Specifies protocol for remote access:
all
TCP
UDP
• ICMP – access is enabled for ICMP protocol
Target
Port The port number on which access to the router is allowed
Action
Type of action:
allow
• deny – access is denied
5.8 Firewall Configuration
The first security element which incoming packets must pass is check of enabled source IP addresses
and destination ports. It can be specified IP addresses from which you can remotely access the router
and the internal network connected behind a router. If the
checked (located at the beginning of the configuration form Firewall), this element is enabled and all incoming packets are checked against the table with IP addresses. This means that incoming packets will
be treated according rules specified in the table. It is possible to define up to eight rules for incoming
packets. There are the following parameters:
•
– access is enabled for all protocols
•
•
•
– access is enabled for TCP protocol
– access is enabled for UDP protocol
Enable filtering of incoming packets
item is
•
The following part of the configuration form defines the forwarding policy. If
warded packets
incoming packet is addressed to another network interface, it will forward the packet according the rules
defined in this second table. If the packet is alowed according to the table, it will be sent out according to
the routing table. If the forwarding rule does not exist, packet will be dropped.
In tables with rules it is possible to allow all traffic within the selected protocol (the rule specifies only a
protocol). Or you can create strict rules by specifying source and destination IP addresses and ports.
There is also the possibility to drop a packet whenever request for service which is not in the router
comes (check box named
cally without any information.
As a protection against DoS attacks (this means attacks during which the target system is flooded with
plenty of meaningless requirements) is used option named
limits the number of connections to five per second.
item is not checked, packets will be accepted automatically. If this item is checked and
•
•
•
•
Enable filtering of locally destinated packets
– access is allowed
Filtering of incoming packets
– access is enabled for all protocols
– access is enabled for TCP protocol
– access is enabled for UDP protocol
– access is allowed
Forwarding filtering
). The packet is dropped automati-
Enable protection against DoS attacks
Enabled filtering of for-
which
41 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 41
Contents of Package
Firewall configuration
Example of the firewall configuration:
The router has allowed the following access:
• from address 171.92.5.45 using any protocol
• from address 10.0.2.123 using TCP protocol on port 1000
• from address 142.2.26.54 using ICMP protocol
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 42
Page 42
Contents of Package
Topology of example firewall configuration
Example firewall configuration
43 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 43
Contents of Package
Item
Description
Public Port
Public port
Private Port
Private port
Type
Protocol selection
Server IP address
IP address which will be forwarded incoming data
Item
Description
Send all remaining incoming
By checking this item and setting the Default Server item it is possible
will be routed to the computer with the defined IP address.
Default Server
IP Address Send all incoming packets to this IP addresses.
Attention!
the redirect from HTTP to HTTPS proto-
col only
Item
Description
Enable remote HTTP access on port
This option sets the redirect from HTTP to HTTPS only (disabled in default configuration).
Enable remote HTTPS access on
If this item field and port number is filled in, then configura-
default configuration).
Enable remote SSH access on port
Choice this item and port number makes it possible to access
over SSH (disabled in default configuration).
Enable remote SNMP access on port
Choice this item and port number makes it possible to access
to SNMP agent (disabled in default configuration).
Masquerade outgoing packets
Choice Masquerade (alternative name for the NAT system)
item option turns the system address translation NAT.
5.9 NAT Configuration
To enter the Network Address Translation configuration, select the NAT menu item. NAT (Network address Translation / Port address Translation - PAT) is a method of adjusting the network traffic through
the router default transcript and/or destination IP addresses often change the number of TCP/UDP port
for walk-through IP packets. The window contains sixteen entries for the definition of NAT rules.
If necessary, you can set more than sixteen NAT rules – insert them into start up script (Startup Script
item in the Configuration section) by typing the following:
iptables -t nat -A napt -p tcp --dport [PORT\_PUBLIC] -j DNAT --to-destination
[IPADDR]:[PORT1\_PRIVATE]
Concrete IP address [IPADDR] and ports numbers [PORT_PUBLIC] and [PORT_PRIVATE] are filled up into
square bracket.
The following items are used to set the routing of all incoming traffic from the PPP to the connected
computer.
packets to default server
Enable the following options and enter the port number is allowed remote access to the router from the
Internet.
Enable remote HTTP access on port activates
ATTENTION
port
tion. To access the web configuration, always check the Enable remote HTTPS access
on port item. Never enable the HTTP item only to access the web configuration from the
Internet (configuration would not be accessible from the internet). Always check the
HTTPS item or HTTPS and HTTP items together (to set the redirect from HTTP).
. Router doesn’t allow unsecured HTTP protocol to access the web configura-
to put the router into the mode in which all incoming data from GPRS
Configuration of send all incoming packets
tion of the router over web interface is possible (disabled in
Remote access configuration
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 44
Page 44
Contents of Package
Example
1: Configuration with one connection equipment on the router.
Example 1 – Topology of NAT configuration
Example 1 – NAT configuration
45 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 45
Contents of Package
Example 2
In these configurations it is important to have marked choice of
default server
ment behind the router must have set
PING on IP address of SIM card.
, IP address in this case is the address of the device behind the router. Connected equip-
Default Gateway
: Configuration with more connected equipment.
Example 2 – topology of NAT configuration
on the router. Connected device replies, while
Send all remaining incoming packets it
Example 2 – NAT configuration
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 46
Page 46
Contents of Package
Item
Description
Create
Enables the individual tunnels
Description
Displays the name of the tunnel specified in the configuration form of
the tunnel
Edit
Select to configure an OpenVPN tunnel
Item
Description
Description
Description (or name) of tunnel
Protocol
Protocol by which the tunnel will communicate.
UDP
TCP server
• TCP client – OpenVPN will communicate using TCP in client mode
UDP/TCP port
Port by which the tunnel will communicate.
Remote IP Address
IP address of opposite tunnel side (domain name can be used).
Remote Subnet
Network IP address of the opposite side of the tunnel.
Remote Subnet Mask
Subnet mask of the opposite side of the tunnel.
Redirect Gateway
Allows to redirect all traffic on Ethernet
Local Interface
IP Address
IP address of the local side of tunnel.
Remote Interface
IP Address
IP address of interface local side of tunnel.
Ping Interval
Parameter (in seconds) defines how often the router will send a message to the
remote end to verify that the tunnel is still connected.
Ping Timeout
Parameter which defines how long the router will wait for a response to the
ping (in seconds).
Ping Timeout must be larger than Ping Interval
.
Renegotiate Interval
Sets renegotiate period (reauthorization) of the OpenVPN tunnel. This parame-
tion to ensure the continued safety of the tunnel.
Max Fragment Size
Defines maximum packet size
In this example there is more equipment connected behind the router, using a Switch. Every device connected behind the router has its own IP address and this is the address to fill in the Server IP Address field
in the NAT configuration. These devices are all communicating on the port 80, but you can set the Port Forwarding in the NAT configuration – see Figure "Example 1 – Topology of NAT configuration" site 42 –
lic Port and Private Port
accessing 10.0.0.1:81 from the Internet and so on. If you send the ping request to the public IP address of
the router (10.0.0.1), the router will respond as usual (not forwarding). If you access the IP address 10.0.0.1
in the browser (it is port 80), nothing will happen – there is neither 80 port in Public Port list defined nor you
have checked the
ets to default server is not enabled, the attempt of connection will lead to failure
fields. It is now configured to access 192.168.1.2:80 socket behind the router when
Enable remote HTTP access on port 80. And since the Send all remaining incoming pack-
.
Pub-
5.10 OpenVPN Tunnel Configuration
Select the
ate a secure connection between two LANs. Up to four OpenVPN tunnels may be created.
OpenVPN
item to configure an OpenVPN tunnel. OpenVPN is a protocol which is used to cre-
Overview of OpenVPN tunnels
OpenVPN tunnels configuration
•
•
– OpenVPN will communicate using UDP
– OpenVPN will communicate using TCP in server mode
ter can be set only when
X.509 certificate
47 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
. After this time period, the router changes the tunnel encryp-
Authenticate Mode
is set to
username/password
or
Page 47
Contents of Package
Item
Description
Compression
Data compression:
none
LZO
tunnel ends.
NAT Rules
Applies NAT rules to the OpenVPN tunnel:
not applied
applied – NAT rules are applied to the OpenVPN tunnel.
Item
Description
Authenticate Mode
Sets authentication mode
none
Pre-shared secret
Username/password
X.509 Certificate (multiclient
X.509 Certificate (client)
X.509 Certificate (server) – enables X.509 authentication in server mode
Pre-shared Secret
Authentication using pre-shared secret can be used for all offered authentication mode.
CA Certificate
Auth. using CA Certificate can be used for username/password and X.509 Certificate modes.
DH Parameters
Protocol for exchange key DH parameters can be used for X.509 Certificate authentication in server mode.
Local Certificate
This authentication certificate can be used for X.509 Certificate authentication mode.
Local Private Key
Local private key can be used for X.509 certificate auth. mode.
Username
Authentication using a login name and password authentication can be used
for username/password mode.
Password
Authentication using a login name and password authentication can be used
for username/password mode.
Extra Options
Defines additional parameters of OpenVPN tunnel such as DHCP options etc.
Help in the router via SSH – run the openvpnd --help command.
•
•
•
•
•
•
•
•
•
•
– No compression is used.
– Lossless LZO compression. Compression has to be selected on both
– NAT rules are not applied to the OpenVPN tunnel.
– no authentication is set
– sets the shared key for both sides of the tunnel
– enables authentication using
Username and Password
mode
) – enables X.509 authentication in multiclient
– enables X.509 authentication in client mode
CA Certificate,
The changes in settings will apply after pressing the
Parameters are introduced by two dashes. For possible parameters see the
Apply
button.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 48
Page 48
Contents of Package
OpenVPN tunnel configuration
49 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 49
Example of the OpenVPN tunnel configuration:
Configuration
A
B
Protocol
UDP
UDP
UDP Port
1194
1194
Remote IP Address
10.0.0.2
10.0.0.1
Remote Subnet
192.168.2.0
192.168.1.0
Remote Subnet Mask
255.255.255.0
255.255.255.0
Local Interface IP Address
19.16.1.0
19.16.2.0
Remote Interface IP Address
19.16.2.0
19.18.1.0
Compression
LZO
LZO
Authenticate mode
none
none
Topology of OpenVPN configuration example
OpenVPN tunnel configuration:
Contents of Package
Example of OpenVPN configuration
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 50
Page 50
Contents of Package
Item
Description
Create
This item enables the individual tunnels.
Description
The name of the tunnel specified in the configuration of the tunnel.
Edit
Configuration IPsec tunnel.
Item
Description
Description
Name (description) of the tunnel
Remote IP Address
IP address of remote side of the tunnel. Domain name possible.
Remote ID
Identifier (ID) of remote side of the tunnel. It consists of two parts:
hostname
and
domain-name
(more information under the table).
Remote Subnet
IP address of a network behind remote side of the tunnel
Remote Subnet Mask
Subnet mask of a network behind remote side of the tunnel
Remote Protocol/Port
Specifies Protocol/Port of remote side of the tunnel. The general form is
pro-
ing protocol number only is possible, above mentioned format is preferred.
Local ID
Identifier (ID) of local side of the tunnel. It consists of two parts:
hostname
and
domain-name
(more information under the table).
Local Subnet
IP address of a local network
Local Subnet Mask
Subnet mask of a local network
Local Protocol/Port
Specifies Protocol/Port of a local network. The general form is
protocol/port
,
number only is possible, above mentioned format is preferred.
Encapsulation Mode
IPsec mode (the method of encapsulation) – choose tunnel (entire IP datagram is encapsulated) or transport (only IP header).
NAT traversal
If address translation is used between two end points of the tunnel, it needs
to enable
NAT Traversal
.
IKE Mode
Defines mode for establishing connection (
main or aggressive
). If the aggres-
We recommend not to use ag-
gressive mode due to a lower security!
IKE Algorithm
Way of algorithm selection:
auto
• manual – encryption and hash alg. are defined by the user
IKE Encryption
Encryption algorithm – 3DES, AES128, AES192, AES256
IKE Hash
Hash algorithm – MD5, SHA1, SHA256, SHA384 or SHA512
IKE DH Group
Diffie-Hellman groups determine the strength of the key used in the key ex-
curity, but requires more processing time.
5.11 IPsec Tunnel Configuration
IPsec tunnel configuration can be called up by option
tected (encrypted) connection of two networks LAN to the one which looks like one homogenous. In the
IPsec Tunnels Configuration window
are four rows, each row for one configured one IPsec tunnel.
Overview IPsec tunnels
IPsec item
in the menu. IPsec tunnel allows pro-
tocol/port
for example 17/1701 for UDP (protocol 17) and port 1701. Entering protocol
, for example 17/1701 for UDP (protocol 17) and port 1701. Enter-
sive mode is selected, establishing of IPsec tunnel will be faster, but encryption will set permanently on 3DES-MD5.
•
change process. Higher group numbers are more secure, but require additional time to compute the key. Group with higher number provides more se-
51 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
– encryption and hash alg. are selected automatically
Page 51
Contents of Package
Item
Description
ESP Algorithm
Way of algorithm selection:
auto
manual – encryption and hash alg. are defined by the user
ESP Encryption
Encryption algorithm – DES, 3DES, AES128, AES192, AES256
ESP Hash
Hash algorithm – MD5, SHA1, SHA256, SHA384 or SHA512
PFS
Ensures that derived session keys are not compromised if one of the
private keys is compromised in the future
PFS DH Group
Diffie-Hellman group number (see
IKE DH Group
)
Key Lifetime
Lifetime key data part of tunnel. The minimum value of this parameter
is 60 s. The maximum value is 86400 s.
IKE Lifetime
Lifetime key service part of tunnel. The minimum value of this parameter is 60 s. The maximum value is 86400 s.
Rekey Margin
Specifies how long before connection expiry should attempt to negoti-
and Key Lifetime parameters.
Rekey Fuzz
Percentage extension of Rekay Margin time
DPD Delay
Time after which the IPsec tunnel functionality is tested
DPD Timeout
The period during which device waits for a response
Authenticate Mode
Using this parameter can be set authentication:
Pre-shared key
X.509 Certificate – allows X.509 authentication in multiclient mode
Pre-shared Key
Shared key for both sides for Pre-shared key authentication
CA Certificate
Certificate for X.509 authentication
Remote Certificate
Certificate for X.509 authentication
Local Certificate
Certificate for X.509 authentication
Local Private Key
Private key for X.509 authentication
Local Passphrase
Passphrase for X.509 authentication
Extra Options
Use this parameter to define additional parameters of the IPsec tunnel,
for example secure parameters etc.
in front of FQDN must always be @
Note!
Note!
NOTE
NOTE
•
•
ate a replacement begin. Maximum value must be less than half of IKE
•
•
– encryption and hash alg. are selected automatically
– sets the shared key for both sides of the tunnel
IPsec tunnel configuration
IPsec supports the following types of identifiers (ID) of both tunnel sides (
• IP address (e.g. 192.168.1.1)
• DN (e.g. D=DE,W=Wieland,OU=TP,CN=A)
• FQDN (e.g. @director.wieland.com) –
• User FQDN (e.g. director@wieland.com)
The certificates and private keys have to be in PEM format. As certificate it is possible to use
only certificate which has start and stop tag certificate.
Random time, the new keys are re-exchanged after, is defined this way:
Remote ID and Local ID
Lifetime - (Rekey margin + random value in range (from 0 to Rekey margin * Rekey Fuzz/100))
By default, the repeated exchange of keys held in the time range:
• Minimal time: 1h - (9m + 9m) = 42m
• Maximal time: 1h - (9m + 0m) = 51m
When setting the times for key exchange is recommended to leave the default setting in
which tunnel has guaranteed security. When set higher time, tunnel has smaller operating costs and
smaller the safety. Conversely, reducing the time, tunnel has higher operating costs and higher safety of
the tunnel.
items):
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 52
Page 52
Contents of Package
The changes in settings will apply after pressing the
Apply
button.
53 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 53
IPsec tunnels configuration
Configuration
A
B
Remote IP Address
10.0.0.2
10.0.0.1
Remote Subnet
192.168.2.0
192.168.1.0
Remote Subnet Mask
255.255.255.0
255.255.255.0
Local Subnet
192.168.1.0
192.168.2.0
Local Subnet Mas:
255.255.255.0
255.255.255.0
Authenticate mode
pre-shared key
pre-shared key
Pre-shared key
test
test
Note!
Item
Description
Create
Enables the individual tunnels
Description
Displays the name of the tunnel specified in the configuration form
Edit
Configuration of GRE tunnel
NOTE
Example of the IPSec Tunnel configuration:
Contents of Package
Topology of example IPsec configuration
IPsec tunnel configuration:
Example IPsec configuration
5.12 GRE Tunnels Configuration
GRE is an unencrypted protocol.
To enter the GRE tunnels configuration, select the GRE menu item. The GRE tunnel is used for
connection of two networks to one that appears as one homogenous. It is possible to configure
up to four GRE tunnels. In the
one configured GRE tunnel.
GRE Tunnels Configuration
window are four rows, each row for
Overview GRE tunnels
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 54
Page 54
Contents of Package
Item
Description
Description
Description of tunnel.
Remote IP Address
IP address of the remote side of the tunnel
Local Interface IP Address
IP address of the local side of the tunnel
Remote Interface IP Address
IP address of the remote side of the tunnel
Remote Subnet
IP address of the network behind the remote side of the tunnel
Remote Subnet Mask
Mask of the network behind the remote side of the tunnel
Multicasts
Enables/disables multicast:
disabled
enabled – multicast enabled
Pre-shared Key
An optional value that defines the 32 bit shared key in numeric format,
packets. Using this key, the data do not provide a tunnel through
Attention!
ATTENTION
GRE tunnels configuration
•
•
through which the filtered data through the tunnel. This key must be defined on both routers as same, otherwise the router will drop received
GRE tunnel doesn’t connect itself via NAT.
– multicast disabled
GRE tunnel configuration
The changes in settings will apply after pressing the
Appl
y button.
GRE tunnel configuration
Example of the GRE Tunnel configuration:
55 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 55
Topology of GRE tunnel configuration
Configuration
A
B
Remote IP Address
10.0.0.2
10.0.0.1
Remote Subnet
192.168.2.0
192.168.1.0
Remote Subnet Mask
255.255.255.0
255.255.255.0
Note!
Item
Description
Mode
L2TP tunnel mode on the router side:
L2TP server
L2TP client – in case of client must be defined the IP address of the server
Server IP Address
IP address of server
Client Start IP Address
Start IP address in range, which is offered by server to clients
Client End IP Address
End IP address in range, which is offered by server to clients
Local IP Address
IP address of the local side of the tunnel
Remote IP Address
IP address of the remote side of the tunnel
Remote Subnet
Address of the network behind the remote side of the tunnel
Remote Subnet Mask
The mask of the network behind the remote side of the tunnel
Username
Username for login to L2TP tunnel
Password
Password for login to L2TP tunnel
NOTE
Contents of Package
Example GRE tunnel configuration
5.13 L2TP Tunnel Configuration
L2TP is an unencrypted protocol.
To enter the L2TP tunnels configuration, select the L2TP menu item. L2TP tunnel allows protected connection by password of two networks LAN to the one which it looks like one homogenous. The tunnels
are active after selecting Create L2TP tunnel.
•
fered by the server
•
– in the case of a server must be defined IP address range of-
The changes in settings will apply after pressing the Apply button.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 56
Page 56
Contents of Package
Configuration
A
B
Mode
L2TP Server
L2TP Client
Server IP Address
—
10.0.0.1
Client Start IP Address
192.168.1.2
—
Client End IP Address
192.168.1.254
—
Local IP Address
192.168.1.
—
Remote IP Address
—
—
Remote Subnet
192.168.2.0
192.168.1.0
Remote Subnet Mask
255.255.255.0
255.255.255.0
Username
username
username
Password
password
password
Example of the L2TP Tunnel configuration:
Configuration of the L2TP tunnel:
57 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Topology of example L2TP tunnel configuration
Example L2TP tunel configuration
Page 57
5.14 PPTP Tunnel Configuration
Note!
Item
Description
Mode
PPTP tunnel mode on the router side:
PPTP server
PPTP client
server
Server IP Addres
IP address of server
Local IP Address
IP address of the local side of the tunnel
Remote IP Address
IP address of the remote side of the tunnel
Remote Subnet
Address of the network behind the remote side of the tunnel
Remote Subnet Mask
The mask of the network behind the remote side of the tunnel
Username
Username for login to PPTP tunnel
Password
Password for login to PPTP tunnel
Note!
NOTE
NOTE
Contents of Package
PPTP is an unencrypted protocol.To enter the PPTP tunnels configuration, select the
item. PPTP tunnel allows protected connection by password of two networks LAN to the one
which it looks like one homogenous. It is a similar method of VPN execution as L2TP. The tunnels are active after selecting
•
•
The changes in settings will apply after pressing the Apply button.
Create PPTP
range offered by the server
PPTP tunnel configuration
tunnel.
– in the case of a server must be defined IP address
– in case of client must be defined the IP address of the
PPTP
menu
PPTP tunnel configuration
Firmware also supports PPTP passthrough, which means that it is possible to create a tunnel
through router.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 58
Page 58
Contents of Package
Configuration
A
B
Mode
PPTP Server
PPTP Client
Server IP Address
—
10.0.0.1
Local IP Address
192.168.1.1
—
Remote IP Address
—
—
Remote Subnet
192.168.2.0
192.168.1.0
Remote Subnet Mask
255.255.255.0
255.255.255.0
Username
username
username
Password
password
password
Example of the PPTP Tunnel configuration:
Topology of example PPTP tunnel configuration
Configuration of the PPTP tunnel:
Example PPTP tunel configuration
59 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 59
Contents of Package
Item
Description
Hostname
Third order domain registered on server www.dyndns.org
Username
Username for login to DynDNS server
Password
Password for login to DynDNS server
Server
If you want to use another DynDNS service than www.dyndns.org, then
uses the default server members.dyndns.org
Note!
Item
Description
Primary NTP Server Address
IP or domain address primary NTP server.
Secondary NTP Server Address
IP or domain address secondary NTP server.
Timezone
By this parameter it is possible to set the time zone of the router
Daylight Saving
Time Using this parameter can be defined time shift:
NOTE
5.15 DynDNS Client Configuration
With the DynDNS service you can access the router remotely using an easy to remember custom hostname. This client monitors the router’s IP address and update it whenever it changes. To make DynDNS
work it is necessary to have a public IP address (static or dynamic) and an active account at
www.dyndns.org (Remote Access service).
DynDNS client Configuration is accessible in the
custom domain (third-level) and account information defined in the configuration form.
enter the update server service to this item. If this item is left blank, it
DynDNS configuration
Example of the DynDNS client configuration with domain wieland.dyndns.org:
DynDNS
item in the menu. There has to be registered
Example of DynDNS configuration
To access the router’s configuration remotely it is neccessary to enable this in the NAT config-
uration (bottom part of the form), see chapter 4.9.
5.16 NTP Client Configuration
NTP client Configuration can be called up by option NTP item in the menu.
allows set the exact time to the router from the servers, which provide the exact time on the network.
By parameter
other devices in the LAN behind the router.
By parameter
server for other devices.
Enable local NTP
Enable local NTP
service router is set to a mode in which it operates as an NTP server for
service it is possible to set the router in mode, that it can serve as NTP
• No – time shift is disabled
• Yes – time shift is allowed
NTP
(Network Time Protocol)
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 60
Page 60
Contents of Package
Item
Description
Name
Designation of the router.
Location
Placing of the router.
Contact
Person who manages the router together with information how to con-
Note!
Item
Description
Username
User name
Authentication
Encryption algorithm on the Authentication Protocol that is used to ensure the identity of users.
Authentication Password
Password used to generate the key used for authentication.
Privacy
Encryption algorithm on the Privacy Protocol that is used to ensure confidentiality of data.
Privacy Password
Password for encryption on the Privacy Protocol.
NOTE
NTP configuration
Example of the NTP conf. with set primary (ntp.xxx.x) and secondary (tik.xxx.x) NTP server and with daylight saving time:
Example of NTP configuration
5.17 SNMP Configuration
To enter the
information about the router, eventually about the I/O inputs.
SNMP (Simple Network Management Protocol) provides status information about network elements
such as routers or end computers. v1, v2 and v3 are just different versions of the SNMP. In the version
v3 the communication is secured (encrypted), except of the notification messages (such as notifications
of events – Traps). To enable using of SNMP service, check the
Enabling SNMPv1/v2 is performed using the
fine a password for access to the SNMP agent (
At SNMPv1/v2 it is possible to define a different password for
Write
community (read and write). At SNMPv3 you can define two SNMP users. The first can
read only (
set up for every user separately. These are not identical with the router’s Web interface users,
just the SNMP access users.
The
Enable SNMPv3 access
rameters:
SNMP configuration
Read
), the second can read and write (
it is possible with SNMP agent v1/v2 or v3 configuration which sends
tact this person.
item allows you to enable SNMPv3. Then you must define the following pa-
Enable SNMP
SNMP agent configuration
Enable SNMPv1/v2
Community
access item. It is also necessary to de-
). Standard
Read
Write
). The items in the following table can be
agent item.
public
is predefined.
community (read only) and
SNMPv3 configuration
By choosing
Enabling
lation of the M-BUS port yet.
61 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Enable I/O
Enable M-BUS
extension it is possible to monitor binary inputs I/O on the router.
extension has no meaning at this time, since v3 routers doesn’t allow the instal-
Page 61
Item
Description
IP Address
IP address
Period
Period of sending statistical information (in minutes)
SNMP configuration (R-SeeNet)
OID
Description
.1.3.6.1.4.1.30140.2.3.1.0
Binary input BIN0 (values 0,1)
.1.3.6.1.4.1.30140.2.3.2.0
Binary output OUT0 (values 0,1)
.1.3.6.1.4.1.30140.2.3.3.0
Binary input BIN1 (values 0,1
Note!
NOTE
Every monitor value is uniquely identified by the help of number identifier
nary input and output the following range of OID is used:
Object identifier for binary input and output
All
wienet
1.3.6.1.4.1.30140.3.3) and power voltage (OID 1.3.6.1.4.1.30140.3.4).
v3 routers also provide information about internal temperature of the device (OID
Contents of Package
OID – Object Identifier
. For bi-
Example of SNMP configuration
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 62
Page 62
Contents of Package
Item
Description
SMTP Server Address
IP or domain address of the mail server.
SMTP Port
Port the SMTP server is listening on
Secure Method
none, SSL/TLS, or STARTTLS. Secure method has to be supported by the
SMTP server.
Username
Name to e-mail account.
Password
Password to e-mail account. Can contain special characters
and can not contain special characters “ $ & ’ ( ) ; < >
Own E-mail Address
Address of the sender
Note!
NOTE
Example of the MIB browser
It is important to set the IP address of the SNMP agent (router) in the field
entering the IP address it is possible to show the object identifiers in the MIB tree window.
The path to objects is:
iso org ! dod internet private enterprises wieland protocols
The path to information about router is:
iso org dod ! internet mgmt mib-2 system
Remote SNMP agent
5.18 SMTP Configuration
The item
SMTP
is used for configuring SMTP (Simple Mail Transfer Protocol) client for sending e-mails.
* + , - . / : = ? ! # % [ ] _ { } ~
SMTP client configuration
. After
Mobile operator can block other SMTP servers, then you can use only the SMTP server of op-
erator.
63 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 63
Contents of Package
Attention!
Item
Description
Send SMS on power up
Automatic sending of SMS messages after power up.
Send SMS on connect to
mobile network
Automatic sending SMS message after connection to mobile network.
Send SMS on disconnect to
Automatic sending SMS message after disconnection to mobile net-
Send SMS when datalimit
exceeded
Automatic sending SMS message after datalimit exceeded.
Send SMS when binary input
on I/O port (BIN0) is active
Automatic sending SMS message after binary input on I/O port (BIN0)
is active. Text of message is intended parameter BIN0.
Add timestamp to SMS
Adds time stamp to sent SMS messages. This stamp has a fixed format YYYY-MM-DD hh:mm:ss.
Phone Number 1
Telephone numbers for sending automatically generated SMS.
Phone Number 2
Telephone numbers for sending automatically generated SMS.
Phone Number 3
Telephone numbers for sending automatically generated SMS.
Unit ID
The name of the router that will be sent in an SMS.
BIN0 – SMS
SMS text message
ATTENTION
Example of the SMTP client configuration
E-mail can be sent from the Startup script (
connection. The command email is can be used with the following parameters:
-t receiver’s E-mail address
-s subject (has to be in quotation marks)
-m message (has to be in quotation marks)
-a attachment file
-r number of attempts to send email (default 2 attempts set)
Commands and parameters can be entered only in lowercase. Example of sending an email:
email –t name@domain.com –s "subject" –m "message" –a c:\directory\abc.doc –r 5
This command sends e-mail to address
message
"
" and attachment "abc.doc" right from the directory c:\directory\ and attempts to send 5 times.
Startup Script
name@domain.com
item in the
with the subject "subject", body message
Configuration section
) or via SSH
5.19 SMS Configuration
SMS configuration can be invoked by
fined in various events and states of the router. Sending of SMS can be configured in the first part of the
window:
mobile network
In the second part of the window it is possible to set function
bling it is possible to control the router by SMS message.
SMS
item in the
work.
Send SMS configuration
Configuration section
Enable remote control via SMS
. Sending of SMS can be de-
. After ena-
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 64
Page 64
Contents of Package
Item
Description
Phone Number 1
This control can be configured for up to three numbers. If is set
Ena-
leted. In the default settings this parameter is turned on.
Phone Number 2
This control can be configured for up to three numbers. If is set
Ena-
leted. In the default settings this parameter is turned on.
Phone Number 3
This control can be configured for up to three numbers. If is set
Ena-
leted. In the default settings this parameter is turned on.
Attention!
Note!
SMS
Description
go online sim 1
Switch to SIM1 card
go online sim 2
Switch to SIM2 card
go online
Switch router in online mode
go offline
connection termination
set out0=0
Set output I/O connector on 0
set out0=1
Set output I/O connector on 1
set profile std
Set standard profile
set profile alt1
Set alternative profile 1
set profile alt2
Set alternative profile 2
set profile alt3
Set alternative profile 3
reboot
Router reboot
get ip
Router send answer with IP address SIM card
Item
Description
Baudrate
Communication speed on expansion port 1
Item
Description
Baudrate
Communication speed on expansion port 2
Item
Description
TCP Port
TCP port the sending/receiving SMS messages will be allowed on.
NOTE
ble remote control via SMS
ble remote control via SMS
ble remote control via SMS
Control via SMS configuration
If no phone number is filled in, then it is possible to restart the router with the help of
SMS in the form of
numbers it is possible to control the router with the help of an SMS sent only from
these numbers. While filling up sign * it is possible to control the router with the help
of an SMS sent from any number.
reboot
from any phone number. While filling up one, two or three
, all incoming SMS are processed and de-
, all incoming SMS are processed and de-
, all incoming SMS are processed and de-
Control SMS message doesn’t change the router’s configuration. If the router is
switched to offline mode by the SMS message the router will be in this mode up to
next restart. This behavior is the same for all control SMS messages.
It is possible to send controls SMS in the form:
ATTENTION
Control SMS
Choosing Enable
SMS on the serial Port 1.
Choosing Enable
SMS on the serial Port 2.
Choosing Enable
SMS on the TCP port. SMS messages are sent with the help of standard AT commands.
65 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
AT-SMS
protocol on expansion port 1 and Baudrate it is possible to send/receive an
AT-SMS protocol on expansion port 2
AT-SMS protocol on TCP port
and enter the
and Baudrate it is possible to send/receive an
TCP port
it is possible to send/receive an
Page 65
Contents of Package
Note!
AT Command
Description
AT+CGMI
Returns the manufacturer specific identity
AT+CGMM
Returns the manufacturer specific model identity
AT+CGMR
Returns the manufacturer specific model revision identity
AT+CGPADDR
Displays the IP address of the ppp0 interface
AT+CGSN
Returns the product serial number
AT+CIMI
Returns the International Mobile Subscriber Identity number (IMSI)
AT+CMGD
Deletes a message from the location
AT+CMGF
Sets the presentation format of short messages
AT+CMGL
Lists messages of a certain status from a message storage area
AT+CMGR
Reads a message from a message storage area
AT+CMGS
Sends a short message from the device to entered tel. number
AT+CMGW
Writes a short message to SIM storage
AT+CMSS
Sends a message from SIM storage location value
AT+COPS?
Identifies the available mobile networks
AT+CPIN
Is used to query and enter a PIN code
AT+CPMS
Selects SMS memory storage types, to be used for short message operations
AT+CREG
Displays network registration status
AT+CSCA
Sets the short message service centre (SMSC) number
AT+CSCS
Selects the character set
AT+CSQ
Returns the signal strength of the registered network
AT+GMI
Returns the manufacturer specific identity
AT+GMM
Returns the manufacturer specific model identity
AT+GMR
Returns the manufacturer specific model revision identity
AT+GSN
Returns the product serial number
ATE
Determines whether or not the device echoes characters
ATI
Transmits the manufacturer specific information about the device
Example 1:
NOTE
5.19.1 Sending SMS
After establishing connection with the router via serial interface or Ethernet, it is possible to use AT commands for work with SMS messages.
The following table lists the commands that are supported by wieland routers. For other AT
commands OK response is always sent. There is no support for complex AT commands, in
such a case
ERROR
response is sent by router.
List of AT commands
After powering up the router, an SMS is sent to the defined phone number in the following format:
Router (Unit ID) has been powered up. Signal strength –xx dBm.
After connect to mobile network, an SMS is sent to the defined phone number in the following format:
Router (Unit ID) has established connection to mobile network. IP address xxx.xxx.xxx.xxx
After disconnect to mobile network, an SMS is sent to the defined phone number in the following format:
Router (Unit ID) has lost connection to mobile network. IP address xxx.xxx.xxx.xxx
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 66
SMS sending configuration.
Page 66
Contents of Package
Example 1:
Example 2
SMS configuration
: Configuration of sending SMS via serial interface on the PORT1.
67 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 67
Example 3:
Example 4
Contents of Package
Configuration of controlling the router via SMS from any phone number.
: Configuration of controlling the router via SMS from the two phone numbers.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 68
Page 68
Contents of Package
RS232
RS232-RS485/422
RS232-RS485-ETH
SWITCH
Item
Description
Baudrate
Applied communication speed.
Data Bits
Number of data bits.
Parity
Control parity bit
none
even
odd – will be sent with odd parity
Stop Bits
Number of stop bit.
Split Timeout
Time to rupture reports. If you receive will identify the gap between two charac-
Protocol
Protocol:
TCP
• UDP – communication using a unlinked protocol UDP
Mode
Mode of connection:
TCP
TCP
and TCP port
Server Address
In mode TCP client it is necessary to enter the Server IP address.
TCP Port
TCP/UDP port the communication is running on (for both modes).
Inactivity Timeout
Time period after which the TCP/UDP connection is interrupted in caseof inactivity
Item
Description
Keepalive Time
Time, after which it will carry out verification of the connection
Keepalive Interval
Waiting time on answer
Keepalive Probes
Number of tests
CD
Description
Active
TCP connection is on
Nonactive
TCP connection is off
5.20 Expansion Port Configuration
Configuration of the expansion port can be done via Expansion
menu.
• If the version of router is with the
needed (
• With the
pansion Port 1
• If the version of router is with the
cessible via
of ETH (ETH2 interface of the rouetr) via LAN item, the
• In case of
ured in the
In the upper part of the configuration window, the port can be enabled and type of the connected port is
shown in the
Expansion Port 2
item and configuration of RS485 or RS422 via
Expansion Port 1
LAN
item,
Port Type
item is not used).
version of router (3x Ethernet, ETH2 interface of the router), the port can be config-
Tertiary LAN
item. Other items are described in the table:
•
•
•
interface present, configuration of RS232 interface is accessible via
item, configuration of RS485 via
– will be sent without parity
– will be sent with even parity
interface, configuration of the Expansion Port 1 only is
interface, configuration of RS232 interface is ac-
column – see chapter 4.1.
Port 1
Expansion Port 2
Expansion Port 2
Tertiary LAN
or
Expansion Port 2
item.
column.
items in the
Ex-
item and configuration
ters, which is longer than the parameter value in milliseconds. Then all of the received data compiled and sent the message.
•
•
•
If the
Reject new connections
possible to establish multiple connections.
Check TCP connection
If
When item
using signal CD (DTR on the router) would be activated.
Use CD as indicator of the TCP connection
checked, the check of the connection would be activated.
– communication using a linked protocol TCP
server – router will listen to incoming requests about TCP connection
client – router will connect to a TCP server on the specified IP address
Expansion Port configuration – serial interface
item is ticked, all other connections are rejected. This means that it is not
Expansion Port configuration –
selected, indication of the TCP connection state
Check TCP connection
CD signal description
69 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 69
Contents of Package
DTR
Description server
Description client
Active
Router allows TCP connect. establishm.
Router starts TCP connection
Nonactive
Router does not permit TCP con. estab.
Router stops TCP connection
When item
CD (DTR on the router) would be activated.
The changes in settings will apply after pressing the
Use DTR as control of TCP connection
DTR signal description
selected, control of the TCP connection using signal
Apply
button.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 70
Expansion port configuration
Page 70
Contents of Package
Examples
Note!
NOTE
of the expansion port configuration:
Example 1 – expansion port configuration
Example 2 – expansion port configuration
All v3 routers provide a program called
via the serial line (router must be fitted with an expansion port RS232!). Getty displays the
prompt and after entering the username passes it on login program, which asks for a
password, verifies it and runs the shell. After logging in, it is possible to manage the system as well as a user is connected via SSH.
71 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
getty
which allows user to connect to the router
Page 71
5.21 USB Port Configuration
Item
Description
Baudrate
Applied communication speed.
Data Bits
Number of data bits.
Parity
Control parity bit:
none
even
odd – will be sent with odd parity
Stop Bits
Number of stop bit.
Split Timeout
Time to rupture reports. If you receive will identify the gap between two
all of the received data compiled and sent the message.
Protocol
Communication protocol:
TCP
UDP – communication using a unlinked protocol UDP
Mode
Mode of connection:
TCP server
TCP client
dress and TCP port
Server Address
In mode TCP client it is necessary to enter the Server IP address.
TCP Port
In both modes of connection it is necessary to specify the TCP port the
router will communicate on.
Inactivity Timeout
Time period after which the TCP/UDP connection is interrupted in case of
inactivity
Item
Description
Keepalive Time
Time, after which it will carry out verification of the connection
Keepalive Interval
Waiting time on answer
Keepalive Probes
Number of tests
CD
Description
Active
TCP connection is on
Nonactive
TCP connection is off
DTR
Description server
Description client
Active
The router allows a TCP connection
Router starts TCP connection
Nonactive
The router doesn’t allow a TCP conn.
Router stops TCP connection
Contents of Package
The USB port configuration can be activated by chosing the
tion can be done, if a USB/RS232 converter connected.
•
•
•
characters, which is longer than the parameter value in milliseconds. Then
•
•
•
•
– will be sent without parity
– will be sent with even parity
– communication using a linked protocol TCP
– router will listen to incoming requests about TCP connec-
tion
– router will connect to a TCP server on the specified IP ad-
USB Port
option in the menu. The configura-
USB port configuration 1
Reject new connections
If the
possible to establish multiple connections.
If the Check
When item
using signal CD (DTR on the router) would be activated.
When item
CD (DTR on the router) would be activated.
TCP connection
Use CD as indicator of the TCP connection
Use DTR as control of TCP connection
item is ticked, all other connections are rejected. This means that it is not
item is ticked, check of the established TCP connection is activated.
USB PORT configuration 2
selected, indication of the TCP connection state
CD signal description
selected, control of the TCP connection using signal
DTR signal description
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 72
Page 72
Contents of Package
Note!
NOTE
Supported USB/RS232 converters:
• FTDI
• Prolific PL2303
• Silicon Laboratories CP210×
The changes in settings will apply after pressing the
Apply
button.
USB configuration
73 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 73
Contents of Package
Examples
of USB port configuration:
Example 1 – USB port configuration
Example 2 – USB port configuration
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 74
Page 74
Contents of Package
Note!
Example
NOTE
5.22 Startup Script
In the window
scripts.
The changes in settings will apply after pressing the
Startup Script
it is possible to create own scripts which will be executed after all initial
Apply
button.
Change will take effect after shut down and turn on the router. This can be done in the
boot
item in the
logging on address 192.168.2.115 and limited to 100 entries listing.
of Startup script: When start the router, stop syslogd program and start syslogd with remote
Administration
section or by SMS message (see
SMS Configuration
).
Re-
75 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 75
5.23 Up/Down Script
Example
Contents of Package
In the window
script, which begins after establishing a PPP/WAN connection. In the item
which begins after lost a PPP/WAN connection.
The changes in settings will apply after pressing the
Up/Down Script
it is possible to create own scripts. In the item
Apply
button.
Up script
Down Script
is defined a
is defined script,
mation about establishing or loss a connection.
of UP/Down script: After establishing or lost a connection, the router sends an email with infor-
Example of Up/Down script
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 76
Page 76
Contents of Package
Item
Description
Source
Where the router will download the firmware and configuration from:
HTTP(S)/FTP(S) server
USB flash drive
Both
sources.
Base URL
Enter the base part of the domain or IP address to download the updates
or FTPS).
Unit ID
Name of configuration (name of the file without extension). If the Unit ID is
colon is used instead of a dot.)
Update
Hour Use this item to set the hour (range 1-24) when the automatic update
loaded and the router is restarted automatically to make it run.
Note!
Attention!
NOTE
5.24 Automatic Update Configuration
In the
Automatic update
the router to download the configuration and the newest firmware from the server automatically. The
configuration and firmware files are stored on the server. To prevent possible unwanted manipulation of
the files, downloaded file (tar.gz format) is controlled. At first, the format of the downloaded file is
checked. Then the type of architecture and each file in the archive (tar.gz file) is controlled.
Enable automatic update of configuration
By
Enable automatic update of firmware
By
item it is possible to set the automatic configuration update. This choice enables
it is possible to enable automatic configuration update.
it is possible to enable firmware update.
•
dress below. Used protocol is specified by that address: HTTP, HTTPS, FTP
or FTPS.
•
root directory of the connected USB device.
•
from. Specify the communication protocol by the address (HTTP, HTTPS, FTP
not filled, the MAC address of the router is used as the filename (the delimiter
will be performed every day. If the time is not specified, automatic update is
performed five minutes after turning on the router and then every 24 hours. If
the detected configuration file is different from the running one, it is down-
The
configuration file
and cfg extension. Hardware MAC
and it isn’t needed to enter this. By parameter
figuration name which will be download to the router. When using parameter
ware MAC address in configuration name will not be used.
The
extension.
firmware file
name consists of
name consists of the
– looking for the current firmware or configuration from both
Base URL
address
– Router finds current firmware or configuration in the
and
Unit ID
Base URL
– updates are downloaded from the Base URL ad-
, hardware MAC address of ETH0 interface
cfg
extension is connected automatically
enabled it defines the concrete con-
, the type of the router and the bin
Unit ID
, hard-
It is necessary to load both files (.bin and .ver) to the HTTP(S)/FTP(S) server. If only the bin
file is uploaded and the HTTP server sends the incorrect answer of
(instead of expected
nonexistent .ver file, then there is a risk that the router will download the
.bin file over and over again.
77 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
404 Not Found
) when the device tries to download the
200 OK
ATTENTION
Page 77
Contents of Package
Attention!
ATTENTION
The following examples find if there is a new firmware or configuration each day at 1:00 in the morning.
An example is for the
• Firmware: http://wieland-electric.com/wienet-v3-LTE.bin (not real adress!)
• Configuration file: http://wieland-electric.com/bamberg.cfg (not reals adress!)
wienet
WR-LTE v3 SL type of router.
Example of automatic update 1
The following examples find if there is a new firmware or configuration each day at 1:00 in the morning.
An example is for the
• Firmware: www.wieland-electric.com
• Configuration file: www.wieland-electric.com
wienet
Firmware update can cause incompatibility with the user modules. It is recommended
to update user modules to the most recent version. Information about the user module
and the firmware compatibility is at the beginning of the user module’s Application
Note.
WR-LTE v3 SL type of router with MAC address 00:11:22:33:44:55.
Example of automatic update 2
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 78
Page 78
Page 79
Customization
Module name
Description
MODBUS TCP2RTU
Provides a conversion of MODBUS TCP/IP protocol to MDBUS RTU protocol,
which can be operated on the serial line.
Easy VPN client
Provides secure connection of LAN network behind our router with LAN network behind CISCO router.
NMAP
Allows to do TCP and UDP scan.
Daily Reboot
Allows to perform daily reboot of the router at the specified time.
HTTP Authentication
Adds the process of authentication to a server that doesn’t provide this service.
BGP, RIP, OSPF
Add support of dynamic protocols.
PIM SM
Adds support of multicast routing protocol PIM-SM.
WMBUS Concentrator
Allows to receive messages from WMBUS meters and saves contents of these
messages to XML file.
pduSMS
Sends short messages (SMS) to specified number.
GPS
Allows router to provide location and time information in all weather, anywhere
more GPS satellites.
Pinger
Allows to manually or automatically verify the functionallity of the connection
between two network interfaces (ping).
IS-IS
Add support of IS-IS protocol.
6 Customization
6.1 User Modules
Configuration of user modules can be accessed by selecting the User Modules item. It is possible to add
new modules, delete them or switch to their configuration. Use the Browse button to select the user
module (compiled module has tgz extension). The module is added using the Add button.
Added module appears in the list of modules on the same page. If the module contains index.html or index.cgi page, module name serves as a link to this page. The module can be deleted using the
button.
Updating of the module can be done in the same way like adding a new module. Module with a higher
(newer) version will replace the existing module. The current module configuration is kept in same state.
Programming and compiling of modules are described in the programming guide.
Delete
Added user module
There are for example these user’s modules available. User modules can be downloaded from
www.wieland-electric.com or can be custom-programmed.
on or near the Earth, where there is an unobstructed line of sight to four or
User modules
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 80
Page 80
Customization
Attention!
ATTENTION
In some cases the firmware update can cause incompatibility with used user modules.
Some of them are dependent on the version of the Linux kernel (e.g.
Configuration
version.
Information about the user module and the firmware compatibility is at the beginning of the user module’s Application Note.
). It is recommended that you update user modules to the most recent
SmsBE
and
PoS
81 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 81
Administration
Note!
Button
Description
Lock
Locks user account. This user is not allowed to log in to the router (neither web
interface nor SSH)
Change Password
Allows to change password for corresponding user
Delete
Deletes corresponding user account
Attention!
.
Item
Description
Role
Defines type of user account
User
Admin – user with full permissions
Username
Username for logging into the web interface
Password
Password for logging into the web interface
Confirm Password
Confirms the password you specified above
Note!
NOTE
ATTENTION
NOTE
7 Administration
7.1 Users
This configuration form is not available for users with role User!
Users
Use
of this form contains overview of added users. The table below describes meaning of all buttons in this
block.
item in the
Administration
part of the main menu for managing user accounts. The first block
Users overview
Be careful! If you lock all accounts with permissions (role)
unlock these accounts! This also means that the Users item will be unavailable for all users, because all "admins" are locked and "users" don’t have sufficient permissions
Admin
, it will not be possible to
The second block contains configuration form which allows you to add new user. All items are described
in the table below.
•
•
Ordinary users are not able to access router via Telnet, SSH or SFTP. Read only FTP access
is allowed for these users.
– user with basic permissions
Add User
Users
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 82
Page 82
Administration
Example of usage profiles:
Attention!
ATTENTION
7.2 Change Profile
Up to three alternate router configurations or profiles can be stored in router non-volatile memory. You
can save the current configuration to a router profile through the
alternate profile to store the settings to and ensure that the
box is checked. The current settings will be stored in the alternate profile after the
profile
pressed. Any changes will take effect after restarting router through the
istrator or using an SMS message.
router such as PPP connection, VPN tunnels, etc. It is then possible to switch between these settings using the front panel binary input, an SMS message, or Web interface of the router.
Profiles can be used to switch between different modes of operation of the
Change profile
Change Profile
Copy settings from current profile to selected
Reboot
menu item. Select the
Apply
button is
menu in the web admin-
7.3 Change Password
You may change the router password using the
twice. The new password will be saved after pressing the
The default password is root. It is strongly recommended that you change the password
during initial setup for higher security.
Only the first 8 characters of the password are used for the authentication. Longer passwords are meaningless. This is the standard Unix Crypt mechanism. It won’t be possible to enable the remote access to
the router (in NAT) until the change of the password is done.
Change Password
Apply
button.
menu item. Type the new password
7.4 Set Real Time Clock
The internal clock of the router can be altered by selecting the
time can be manually set by changing the Date and
a NTP server. This would require you to enter the IP address or domain name of the NTP Server and click
Apply
to set the clock.
Time
Set
Real
Time Clock
items. The clock can also be adjusted by using
menu item. Date and
83 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 83
Administration
Attention!
Attention!
Attention!
ATTENTION
ATTENTION
ATTENTION
7.5 Set SMS Service Center Address
The
wienet
The SMS service center phone number is normally programmed into the SIM card by the carrier and
does not need to be manually entered. However, in some cases, it may be necessary to set the phone
number of the SMS service center in order to send SMS messages. This parameter cannot be set if the
SIM card already contains the SMSC information. The phone number can be entered with or without an
international prefix. For example: +49 xxx xxx xxx. If you are unable to send or receive SMS messages,
contact your carrier to find out if this parameter is required. This parameter is provisioned automatically
by the carrier on CDMA networks and does not need to be manually entered.
v3 routers do not support the
Set SMS service center address
option.
7.6 Unlock SIM Card
The
wienet
You may lock the SIM card with a 4-8 digit PIN (Personal Identification Number) code to prevent unauthorized use of the SIM card. The PIN code must be entered each time that the SIM card is powered up.
The wienet v3 cellular router supports the use of a SIM card with a PIN number. Enter the PIN number
into the SIM PIN field on the configuration page and select
Access to the SIM card is blocked if the PIN code is incorrectly entered 3 times. Contact
your SIM card provider if it has been blocked.
v3 routers do not support the
Unlock SIM
Card option.
Apply
.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 84
Page 84
Administration
Attention!
.
ATTENTION
7.7 Send SMS
The
wienet
You can send an SMS message from the router to test the cellular network. To send an SMS message,
select Send SMS from the configuration menu. Enter the phone number and text of the message into the
text boxes and click the Send button. It may take a few seconds to send the message.
The maximum length of the SMS is 160 characters. (To send longer messages, install the pduSMS user
module).
v3 routers do not support the Send SMS option
It is also possible to send an SMS message using an HTTP request in the form:
GET/send_exec.cgi?phone=%2B420712345678&message=Test HTTP/1.1
Authorization: Basic cm9vdDpyb290
The HTTP request will be sent to TCP connection on router port 80. Router sends an SMS message with
Test
text "
word" coded by BASE64.
". SMS is sent to phone number "
420712345678
". Authorization is in the format "user:pass-
7.8 Backup Configuration
You may save the current router configuration to a file using the
ministration
date.
section
). It is recommended that you save the current configuration before a firmware up-
Backup Configuration
menu item (
Ad-
7.9 Restore Configuration
You may restore the router configuration from a file using the
istration
section
).
Restore Configuration
menu item (
Admin-
85 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 85
7.10 Update Firmware
Attention!
Attention!
ATTENTION
ATTENTION
Administration
Select the
ware into the router. To load new firmware, browse to the new firmware file and press the
to begin the update.
Do not turn off the router during the firmware update. The firmware update can take up
to five minutes to complete.
Update Firmware
menu item to view the current router firmware version and load new firm-
Update
button
During the firmware update, the router will show the following messages. The progress is shown in the
form of adding dots (’.’).
After the firmware update, the router will automatically reboot.
Uploading firmware intended for a different device can cause damage to the router.
Starting with FW 5.1.0, mechanism to prevent multiple startup of firmware update is added. Firmware
update can cause incompatibility with the user modules. It is recommended that you update user modules to the most recent version. Information about the user module and the firmware compatibility is at
the beginning of the user module’s Application Note.
7.11 Reboot
To reboot the router select the
Reboot
menu item and then press the Reboot button.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 86
Page 86
Configuration in Typ. Situations
does not need any configuration
LAN
configuration
8 Configuration in Typ. Situations
Although wieland routers have wide variety of usage, they are used in these typical situations mostly. In
this chapter, there are four examples of router’s configuration in the typical situations. Examples include
the configuration of all items needed for router to work properly in that situation.
8.1 Access to the Internet from LAN
There is topology of this easy example shown on the figure above. To connect to the Internet via mobile
network the SIM card with the data tarif has to be available from the operator. This basic router’s function
(Primary SIM card), attach the antenna to the ANT connector and connect the computer (or switch and
computers) to the router’s ETH0 interface (LAN). Wait a moment after turning on the router. It will connect to the mobile network and the Internet signalized by LEDs on the front panel of the router (WAN and
DAT). Additional configuration can be done in the LAN and Mobile WAN items in the Configuration section of the web interface.
192.168.1.1. This can be changed (after login to the router) in the
see figure 82. In this case there is no need of any additional configuration, DHCP server is also enabled
by factory default (so the first connected computer will get the 192.168.1.2 IP address etc.). Other configuration possibilities are described in the chapter 4.1.
The factory default IP adress of the eth0 router’s interface is in the form of
in this case. It is sufficient to put the SIM card into the SIM1 slot
LAN
item in the
Configuration
section,
87 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 87
Access to the Internet from LAN –
Mobile WAN
Configuration
Configuration in Typ. Situations
LAN
configuration
item in the Configuration section, see fig.. In this case (depending on the SIM card) the configuration
form can be blank, just make sure that
tory default). For more details, see chapter 4.3.1.
Access to the Internet from LAN – Mobile
Connection to the mobile network can be configured in the Mobile WAN
Create connection to mobile network
WAN
configuration
on the top is checked (fac-
To check whether the connection is working properly, go to
formation about operator, signal strength etc. is available. At the bottom, the message
cessfully established
network interface usb0 (mobile connection). IP address from operator, route table etc. can be found here.
Internet is accessible from LAN now.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 88
will be written out. In the
Network
Mobile WAN
item there is information about a newly created
item in the
Status
section. In-
Connection suc-
Page 88
Configuration in Typ. Situations
8.2 Backed Up Access to the Internet from LAN
In the situation on the fig. 84 it’s necessary to configure all the connections to the Internet in items
for Ethernet,
sible to configure the priorities of backup routes in the
WLAN
and
WiFi
for WiFi connection and
Backed up access to the Internet –
Mobile WAN
Backup Routes
for mobile connection. Then it is pos-
LAN
configuration
item.
LAN
89 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 89
Configuration in Typ. Situations
LAN
configuration
WLAN
and
WiFi
configuration
Mobile
WAN
configuration
the previous situation. The ETH1 interface on the front panel of the router is used for connection to the
Internet. It can be configured in Secondary
ues as in the fig. 85 – here static IP address, default gateway and DNS server are configured. Changes
will take effect clicking on the
ter.
fig. 86. Check the
ent and fill in the default gateway and DNS server for accessing the Internet. Click the Apply button to
confirm the changes. For details see chapter 4.6.
Configure connection to a WiFi network in the WiFi item, see fig. 87. Here check the
in the data for connection (
configuration see 4.5 chapter.
To verify successful WiFi connection, see Status section,
There will be wpa_state=COMPLETED written out if connected successfully.
In the
LAN
Enable WLAN
SSID
item –
Apply
Primary LAN
LAN
button. Detailed configuration of
It’s necessary to enable wlan0 network interface in the
interface, set the
, security, password) and confirm clicking the
– you can leave the factory default configuration as in
. Connect the cable to the router and set appropriate val-
LAN
is described in the 4.1 chap-
Operating Mode to station (STA),
enable the DHCP cli-
Apply
WiFi
item.
WLAN
Enable WiFi
button. For detailed
item, see
and fill
Backed up access to the Internet –
the SIM1 slot and attach the antenna to the ANT connector as in previous situation (depending on used
SIM card). For using the system of backup routes it’s necessary to enable check of connection in the
bile WAN
operator’s DNS server or any other surely available server and time interval of the check. For detailed
configuration see chapter 4.3.1.
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 90
item, see fig.. Set the
To configure the mobile connection it is sufficient to insert the SIM card into
Check connection option to enabled + bind
WLAN
configuration
Mo-
and fill in an IP adress of e.g.
Page 90
Configuration in Typ. Situations
Backed up access to the Internet –
WiFi
configuration
Backed up access to the Internet –
91 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Mobile WAN
configuration
Page 91
Configuration in Typ. Situations
Backup Routes
configuration
nection has the highest priority in this situation. In case of failure, the second priority has WiFi wlan0 network interface, and then the mobile connection – usb0 network interface. See fig. for corresponding settings of the
backup routes switching
up the priorities. Click the
Backup Routes
item. Then enable backup routes switching at every backup route used and set
Finally configure the priorities of the backup routes. The eth1 wired con-
item. System of backup routes has to be activated by checking the
Apply
button to confirm the changes. For detailed configuration see chapter 4.7.
Enable
Backed up access to the Internet – Backup Routes configuration
The router configured this way now serves to computers in LAN for backed up access to the Internet.
Status
You can verify the configured network interfaces in the
should see active network interfaces eth0 (connection to LAN), eth1 (wired connection to the Internet),
wlan0 (WiFi connection to the Internet) and usb0 (mobile connection to the Internet). IP adresses and
other data are included. At the bottom you can see the
when e.g. wired connection fails or cable disconnected (default route changes to wlan0). And the same –
if WiFi is not available, the mobile connection will be used.
Backup routes are working even if not activated in the
network interfaces set as factory default. These priorities are different from the ones desired in this situation, see chapter 4.7.
Route Table
Backup Routes
section in the
and corresponding changes of it
item, but with implicit priorities of
Network
item. There you
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 92
Page 92
Configuration in Typ. Situations
8.3 Secure Networks Interconnection or Using VPN
Secure networks interconnection – topology of the example
VPN (Virtual Private Network) is a secured (encrypted) and authenticated (verified) connection of two
LANs into one, so it performs as one homogenous LAN. LANs are connected over public untrusted network (Internet), see fig. 90. In wienet routers you can use more ways (protocols) for this reason:
•
OpenVPN
•
IPsec
You can create also non-encrypted tunnels:
IPsec you can use GRE or L2TP tunnel to create VPN.
There is an example of OpenVPN tunnel in the fig.. These are the prerequisites for this example:
knowledge of the opposite router IP address, knowledge of the opposite network IP address (not necessary) and knowledge of the pre-shared secret (key). To create the OpenVPN tunnel it is necessary to configure the
(it is also configuration item in the web interface of the router), see chapter 4.10,
(it is also configuration item in the web interface of the router), see chapter 4..
Mobile WAN
and
OpenVPN
GRE, PPTP
items in the
and
L2TP
Configuration
with wienet router. In combination with
section.
93 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 93
Configuration in Typ. Situations
Mobile WAN
configuration
OpenVPN
configuration
situations (router connects itself after inserting the SIM card into SIM1 slot and attaching the antenna to
the ANT connector), configuration is accessible in the
chapter 4.3.1), where mobile connection has to be enabled.
two possible tunnels and enable it checking the Create 1st
protocol and port (according to the data about opposite side of the tunnel or Open VPN server). Fill in the
public IP address of the opposite side of the tunnel including the remote subnet and mask (not necessary). Important items are
ends has to be filled in. In this situation the
thentication Mode
Apply
button. For detailed configuration see chapter 4.10.
item and insert the secret (key) into the field. Confirm the configuration clicking the
The mobile connection can be configured the same way as in the previous
is accessible in the
Local
and
Remote Interface IP Address
Configuration
Configuration
section in the
OpenVPN
pre-shared secret
was know, so choose this option in the
section, the
OpenVPN
tunnel. It’s necessary to fill in the
where the interfaces of the tunnel’s
Mobile WAN
item. Choose one of
item (see
Au-
Secure networks interconnection –
In the
Status
section,
with the IP addresses of the tunnel’s ends set. Successful connection can be verified in the
where Initialization Sequence Completed should be written out. Networks are now intercon-
nected – it can be verified by the ping program also (ping between tunnel’s endpoints IP addresses from
one of the routers, console is accessible via SSH).
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 94
Network
item, you can verify the activated network interface tun0 for the tunnel
OpenVPN
configuration
System Log
Page 94
Configuration in Typ. Situations
Mobile
WAN
configuration
Expansion Port 1
configuration
8.4 Serial Gateway
Serial Gateway – topology of the example
With the serial gateway you can enable the serial line communicating devices to access the internet or
another network. These devices (meters, PLC, etc.) can upload and download the useful data then. The
situation is depicted in the fig.. The wienet router has to have serial interface (port) RS232 or RS232RS485/422 or RS232-RS485-ETH installed to serve as a serial gateway. Configuration is done in the Mo-
WAN
and
bile
section of the web interface. In this situation the router is equipped with the RS232 interface (port).
SIM1 slot at the back of the router and attach the antenna to the ANT connector at the front. No extra
configuration is needed (depending on the SIM card used), for more details see chapter 4.3.1.
Expansion Port 1
tion,
1 access over TCP/UDP
uation). Important are
work and internet can be configured. The TCP protocol is chosen in this situation and the router will work
as the server listening on the 2345 TCP port. Confirm the configuration clicking the Apply button.
Expansion Port 1
item. It’s necessary to enable the RS232 port checking the
. It is possible to edit the serial communication parameters (not needed in this sit-
Protocol
items (or
is the same as in the previous situations. Just insert the SIM card into the
The interface RS232 (port) can be configured in the
Expansion Port 2
for RS422 and RS485) in the
Configuration
Configuration
sec-
Enable expansion port
, Mode and
Port
items where parameters of communication out to the net-
95 Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
Page 95
Recommended Literature
[1]
Serial Gateway – konfigurace Expansion Port 1
To communicate with the serial device (PLC), connect from the PC (in fig. 92 labeled as SCADA) as a TCP
client to the IP address 10.0.6.238, port 2345 (public IP address of the SIM card used in the router, corresponding to the usb0 network interface). Devices can now communicate. To check the connection, go to
System Log (
Status section
) and look for the
TCP connection established
message.
9 Recommended Literature
see Wieland website at: www.wieland-electric.com
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016 96
Loading...