DL manuals
RACOM
Network Router
MG102i
Operating Manual

RACOM MG102i Operating Manual - 6. Installation

Other manuals for MG102i: Operating Manual

Manual is about: GPRS/UMTS/HSPA+/LTE router

Page of 175

Download

Print this page

Bookmark us

6. Installation

6.1. Mounting

M!DGE/MG102i Wireless Router is designed for a DIN rail mounting or on a panel using flat bracket.

Please consider the safety instructions in Chapter 10,

Safety, environment, licensing

6.2. Antenna mounting

M!DGE/MG102i Wireless Routers will only operate reliably over the GSM network if there is a strong

signal. For many applications the flexible stub antenna provided would be suitable but in some circum-

stances it may be necessary to use a remote antenna with an extended cable to allow the antenna itself

to be positioned so as to provide the best possible signal reception. RACOM can supply a range of

suitable antennas.

Beware of the deflective effects caused by large metal surfaces (elevators, machine housings, etc.),

close meshed iron constructions and choose the antenna location accordingly. Fit the antenna or

connect the antenna cable to the GSM antenna connector.

In external antennas the surge protection of coaxial connection would be required.

Note

Be sure that the antenna was installed according to the recommendation by the antenna

producer and all parts of the antenna and antenna holder are properly fastened.

6.3. Power supply

MG102i can be powered with an external power source capable of voltages from 10 to 55 Volts DC.

MG102i should be powered using a certified (CSA or equivalent) power supply, which must have a

limited and SELV circuit output.

Installation

« ‹ Prev 21 22 23 24 25 26 27 Next › »

Summary of MG102i

Page 1
Operating manual . Mg102i gprs/umts/hspa+/lte router . 1.8 12/8/2017 www.Racom.Eu racom s.R.O. • mirova 1283 • 592 31 nove mesto na morave • czech republic tel.: +420 565 659 511 • fax: +420 565 659 512 • e-mail: racom@racom.Eu.
Page 3: Table Of Contents
Table of contents important notice .................................................................................................................................. 5 getting started .......................................................................................................................
Page 4: List Of Figures
8.14. Running shell commands ............................................................................................... 157 8.15. Cli commands history .................................................................................................... 157 8.16. Cli–php ............................
Page 5: Important Notice
Important notice copyright © 2017 racom. All rights reserved. Products offered may contain software proprietary to racom s. R. O. (further referred to under the ab- breviated name racom). The offer of supply of these products and services does not include or inply any transfer of ownership. No part ...
Page 6: Getting Started
Getting started mg102i wireless routers will only operate reliably over the cellular network if there is a strong signal. For many applications a flexible stub antenna would be suitable but in some circumstances it may be necessary to use a remote antenna with an extension cable to allow the antenna...
Page 7: 1. Mg102I Router
1. Mg102i router 1.1. Introduction although mg102i wireless routers have been specifically designed for scada and telemetry, they are well suited to variety of wireless applications. Mg102i hw and sw are ready to maintain reliable and secure connections from an unlimited number of remote locations t...
Page 8: 1.3. Standards
Interfaces • 5 ethernet ports: lan, wan/lan • rs232 • 2× di, 2× do • usb host diagnostic and management • web interface, cli available • file configuration • ota sw update • advanced troubleshooting • sms remote control, sms and e-mail notification • snmpv1/v2c/3 1.3. Standards en 301 489-1 v1.9.2 e...
Page 9: 2. Mg102I In Detail
2. Mg102i in detail fig. 2.1: mg102i front and terminal panel all mg102i wireless routers run mg102i software. Software offers the following key features: • interfaces and connection management (section 7.2, “interfaces”) ○ dial-out (permanent, on switchover, distributed) ○ link supervision ○ fallba...
Page 10
○ pptp server/client ○ gre peer ○ dial-in server • services (section 7.6, “services” ) ○ sdk ○ ntp server ○ dhcp server ○ dns server ○ dynamic dns client ○ e-mail client ○ notification via e-mail and sms ○ sms client ○ ssh/telnet server ○ snmp agent ○ web server ○ redundancy ○ modbus tcp • system ad...
Page 11: 3. Implementation Notes
3. Implementation notes 3.1. Ethernet scada protocols scada equipment with an ethernet protocol behaves as standard ethernet equipment from a commu- nications perspective. Thus the communication goes transparently through the gprs/umts/lte network. The implementation requires heightened caution to i...
Page 12: 4. Product
4. Product 4.1. Dimensions 178 190 165 50 104 40 fig. 4.1: dimensions in millimeters 4.2. Connectors 4.2.1. Antenna sma fig. 4.2: antenna connectors sma mg102i uses sma antenna connectors: • mob 1, mob 2 for gsm/umts/lte antenna connection (mob 1 for 1st umts module, mob 2 for lte as auxiliary secon...
Page 13
4.2.2. Eth rj45 fig. 4.3: eth rj45 plug - pin numbering tab. 4.1: pin assignment ethernet interface eth (ethernet 10ba- set and 100baset) rj-45 socket signal pin tx+ 1 tx− 2 rx+ 3 rx− 6 4.2.3. Usb mg102i uses usb 1.1, host a interface. Usb interface is wired as standard: fig. 4.4: usb connector tab....
Page 14
Fig. 4.5: screw terminal tab. 4.3: pin assignment of screw terminal signal pin description pin ground internally connected with casing ground. V gnd 1 dual power input - not connected with pin 4: 12–48 vdc (–15% +20%) = 10.2–57.6 vdc. V+ (12–48 v=) 2 rs232 – rxd (receiving data) rxd 3 rs232 – txd (t...
Page 15
Tab. 4.6: voltage polarity connector misconnection risks plug pos. Plug pos. Plug pos. Plug pos. Pin description pin − − nde + ok − v gnd 1 ok + nde − − + v+ (12–48 v=) 2 − + dp [1] + dp [1] − rxd 3 dp [1] + dp [1] − − + txd 4 − + nde + nde − gnd 5 nde [2] + nde [2] − − + do1-1 6 − + nde + nde − do1...
Page 16: 4.3. Indication Leds
4.3. Indication leds fig. 4.7: indication leds tab. 4.7: mg102is interfaces and status indicators function state label start up, maintenance green blinking status ready (upper side banks description) green on ready (lower side banks description) orange on insufficient power supply orange blinking mo...
Page 17
Wwan rssi/rsq/asu and led colour for releases newer or equal to 4.0.40.102: tab. 4.8: rssi n/a critical bad weak medium good excellent description -113 or less -109 to -111 -103 to -107 -93 to -101 -83 to -91 -61 to -81 -59 or more gsm rssi [dbm] -116 or less -111 to -114 -106 to -110 -96 to -104 -8...
Page 18
4.4. Technical specifications tab. 4.12: technical specifications mobile interface umts wcdma, hsdpa, hsupa, hspa+ (3g): b1(2100), b2(1900), b5(850), b8(900) gsm (2g): b2(1900), b3(1800), b5(850), b9(900) data rates: max. 14.4 mbps downlink / 5.76 mbps uplink mobile interface lte lte (4g): b1(2100),...
Page 19: 4.5. Models Offerings
Options 3g or lte model integrated gps receiver with nmea0183 data stream supported passive or active gps antenna, sma female connector gps sw key integrated wi-fi 802.11 a/b/g/n client, wi-fi 802.11 b/g/n server for max. 128 clients antenna sma female, antenna diversity wlan voip to gsm gateway voi...
Page 20: 4.6. Accessories
M – mobileip vpn tunnel option - see http://en.Wikipedia.Org/wiki/mobile_ip for short explanation. (part no. Mg102i-sw-mobile ip) s – server extension (part no. Mg102i-sw-server ext.) server extension standard feature 35 10 dhcp reservations 35 10 local host names 35 20 napt rules 35 20 firewall rul...
Page 21
Fig. 4.9: mg102i with din rail bracket din rail bracket installation bracket for din rail mounting. For usage details see chapter mounting and chapter dimen- sions. 21 © racom s.R.O. – mg102igprs/umts/hspa+/lte router product.
Page 22
5. Bench test / step-by-step guide before starting to work with the hw please be sure that you have a sim card enabled for data and you have all the necessary information from the mobile operator (pin, apn, login, passwd) 5.1. Connecting the hardware 5.1.1. Install the sim card insert a sim card int...
Page 23: 5.4. Basic Setup
The default ip addresses are: • 192.168.1.1 for eth1 • 192.168.1.1 for eth2 • 192.168.1.1 for eth3 • 192.168.1.1 for eth4 • 192.168.5.1 for eth5 the default subnet mask is 255.255.255.0 for all interfaces. C. Start a web browser on your pc. Type the mg102i ip address in the address bar: http://192.1...
Page 24: 6. Installation
6. Installation 6.1. Mounting m!Dge/mg102i wireless router is designed for a din rail mounting or on a panel using flat bracket. Please consider the safety instructions in chapter 10, safety, environment, licensing. 6.2. Antenna mounting m!Dge/mg102i wireless routers will only operate reliably over ...
Page 25: 7. Web Configuration
7. Web configuration 7.1. Home this page gives you a system overview. It helps you when initially setting up the device and also functions as a dashboard during normal operation. The highest priority link which has been established successfully will become the so-called hotlink which holds the defau...
Page 26: 7.2. Interfaces
7.2. Interfaces details for all physical connections are given in section 4.2, “connectors”. 7.2.1. Wan link management each available item in the wan link manager matches with the particular wan interface - for adding an item, the respective wan interface must be set (e.G. Lan, wwan). In case a wan...
Page 27
In the following example, the outgoing traffic will be distributed between lan2 (80 %) and wwan1 (20 %) links. Note this option is general and applies to all outgoing traffic. See section 7.3.3 multiple routes for more detailed configuration. We recommend using the permanent option for wan links. Ho...
Page 28
Connection supervision network outage detection can be used for switching between available wan links and can be performed by sending pings on each link to authoritative hosts. A link will be declared as down if all trials have failed. The link will be considered up again if at least one host is rea...
Page 29
Link: the wan link to be monitored (can be any for all configured links). Mode: specifies whether the link is monitored during the connection estab- lishment or only when it is already up. Primary host: reference host one which will be used for checking ip connectivity (via icmp pings). Secondary ho...
Page 30
Option is set. Configure the maximum amount of downtime in minutes for which the link could not be established. Settings the maximum segment size defines the largest amount of data of tcp packets (usually mtu minus 40). You may decrease the value in case of fragmentation issues or link-based limits....
Page 31
Port setup - link settings link negotiation can be set for each ethernet port individually. Most devices support auto negotiation which will configure the link speed automatically to comply with other devices in the network. In case of negotiation problems, you may assign the modes manually but it h...
Page 32
Vlan management m!Dge/mg102i routers support virtual lan according to ieee 802.1q which can be used to create virtual interfaces on top of the ethernet interface. The vlan protocol inserts an additional header to ethernet frames carrying a vlan identifier (vlan id) which is used for distributing the...
Page 33
Static configuration of m!Dge's/mg102i's own ip address and subnet mask is available for the lan mode. The alias ip address enables configuring the lan inteface with a second ip address/subnet. Note setting of the ip address is interconnected with the dhcp server (if enabled) - menu the services - d...
Page 34
Wan mode enables the following possibilities: dhcp client: the ip configuration will be retrieved from a dhcp server in the network. No further configuration is required (you may only set mtu). Static ip: ip configuration will be set manually. At least the default gateway and the primary dns server ...
Page 35
7.2.3. Mobile sims the sim page gives an overview about the available sim cards, their assigned modems and the current states. Once a sim card has been inserted, assigned to a modem and successfully unlocked, the card should remain in the ready and registered state. You may update the state in order...
Page 36
Pin protection depending on the used card, it can be necessary to unlock the sim with a pin code. Please check the account details associated with your sim whether the pin protection is enabled. Pin code the pin code for unlocking the sim card puk code the puk code for unlocking the sim card if the ...
Page 37
The following mobile settings are required: modem the modem to be used for this wwan interface sim the sim card to be used for this wwan interface preferred service the preferred service type please note that these settings supersede the general sim based settings as soon as the link is being dialed...
Page 38
Call to isdn this option must be enabled in case of 2g connections talking to an isdn modem. Header compression enables or disables van jacobson tcp/ip header compression for ppp-based connections. This feature will improve tcp/ip per- formance over slow serial links. Has to be supported by your pro...
Page 39
Number of antennas set the number of connected antennas. Antenna gain specify the antenna gain for the connected antennas. Please refer to the antennas datasheet for the correct gain value. Important please be aware that any inappropriate parameters can lead to an infringement of conformity regulati...
Page 40
Prior to setting up an access point, it is always a good idea to run a network scan for getting a list of neighboring wlan networks and then choose the less interfering channel. Please keep in mind that two adequate channels are required for getting good throughputs with 802.11n in the 40 mhz radio ...
Page 41
Wlan configuration running in access point mode you can define up to 4 ssids with each running their own network configuration. This section can be used to configure security-related settings. Ssid the network name (called ssid). Security mode the desired security mode (such as wpa psk), wpa (802.1x...
Page 42
Hide ssid hides the ssid. Isolate clients disables client-to-client communication. Accounting sets accounting profile. The following security modes can be configured: off ssid is disabled none no authentication, provides an open network. Wep wep (is nowadays discouraged). Wpa-psk wpa-psk (tkip, ccmp...
Page 43
Wpa/wpa2 mixed mode wpa2 should be preferred over wpa1, running wpa/wpa2 mixed- mode offers both. Wpa cipher the wpa cipher to be used, the default is to run both (tkip and ccmp). Identity the identity used for wpa-radius and wpa-eap-tls. Passphrase the passphrase used for authentication with wpa-ps...
Page 44
Faces. The corresponding dhcp server for each network can be configured in afterwards as described in section 7.6.2, “dhcp server”. Network mode choose whether the interface shall be operated bridged or in routing mode. Bridge interface if bridged, the lan interface to which the wlan network should ...
Page 45
Click on the refresh button in the tab devices for displaying connected usb devices and add them with by clicking on the plus sign. Autorun this feature can be used to automatically perform a software/config update as soon as an usb storage stick has been plugged in. Following files must exist in th...
Page 46
The autorun.Key file must hold valid access keys to perform any actions when the storage device is plugged in. The keys are made up of your admin password. They can be generated and downloaded. You may also define multiple keys in this file (line-after-line) in case your admin password differs if ap...
Page 47
Device server serial port settings: configure the required rs232 parameters. Physical protocol: only rs232 is supported. Baud rate: specifies the baud rate of the com port. Data bits: specifies the number of data bits contained in each frame. Parity: specifies the parity used with every frame that i...
Page 48
Allow remote control (rfc 2217) telnet with the rfc 2217 extension. Show banner the option for displaying the banner of the connected serial device. Allow clients from the option for limiting the access based on the host ip address. Important the udp device server functionality has been moved into s...
Page 49
Each scada protocol like modbus, dnp3, iec101, df1 etc. Has its unique message format, most importantly its unique way of addressing the remote units. The following text is valid for all m!Dge/mg102i/ripex units (further in this the section called “protocol server” referred to as a "unit") - the spe...
Page 50
Important if configuring the protocol server together with vpn tunnels the "poll response control" protocol specific parameter must be turned off. Common parameters for any scada protocol, the transport protocol and the specific port can be chosen. The default values is udp port 8882. The unit liste...
Page 51
• master thescada master always sends addressed messages to slaves. Addressing is different for each scada protocol, so this is one of the main reasons why an individual protocol server in each unit for each scada protocol has to be used. ○ broadcast list box: on, off default = off some master scada...
Page 52
This udp port is used as the destination udp port in the udp datagram in which the serial scada packet received from com1 is encapsulated. The default udp port for com can be used or the udp port can be set manually. If the destination ip address belongs to a unit and the udp port is not assigned to...
Page 53
Important broadcasting is not supported with mobile networks. Protocols implemented: within several protocols, parameter "poll response control" can be set. Turn it off if using any kind of port forwarding or vpn tunnels. Otherwise, it can be set to "on". More details about this parameter can be fou...
Page 54
List box: format1, format2, format3, format4, format5 default = format1 one of the possible c24 frames formats can be selected. According to the c24 protocol specification, it is possible to set frames formats 1–4 for protocol frames 1c–3c and formats 1–5 for 4c. Important the unit accepts only the ...
Page 55
Mode of connected device master address translation table mask slave df1 only the full-duplex mode of df1 is supported. Each frame in the allen-bradley df1 protocol contains the source and destination addresses in its header, so there is no difference between master and slave in the full-duplex mode...
Page 56
Iec 870-5-101 iec 870-5-101 is a serial polling-type communication protocol used by master–slave application. More iec 870-5-101 masters can be used within one network and one slave can be polled by more masters. Iec 870-5-101 protocol configuration is using all parameters described in common parame...
Page 57
Note: there is no possibility to set the broadcast address, since itt flygt broadcast messages always have the address 0xffff. Hence when the broadcast is on, packets with this destination are handled as broadcasts. Broadcasting is not available with mobile gprs/umts networks. • first slave address ...
Page 58
Mode of connected device master broadcast address translation table mask slave broadcast accept rp570 rp570 is a serial polling-type communication protocol used in master–slave applications. Multiple rp570 masters can be used within one network and one slave can be polled by more than one master. Un...
Page 59
Mask slave slave • local simulation rb list box: off, on default = off the rp570 slave expects to receive rb packets from the master. When the local simulation rb on the master is on, the rb packets are transferred over the mobile network only in the rb net period (see the master settings). The loca...
Page 60
Remoteripex→data+dle+etx+bcc→remotertu remotertu→dle→remoteripex * only this packet is transferred over the ripex network, all the other ones are handled locally. Underlined parameters are described in common parameters. Mode of connected device master • address mode list box: binary (1 b), binary (...
Page 61
Note: obviously, two devices which are communicating together must be set so that one has high priority and the other has low. • bcc list box: on, off default = on bcc (block check character) is a control byte used for data integrity control, it makes the reliability higher. Bcc is used by 3964r, 39...
Page 62
Dress translation (e.G. Via a table). The default value of the address mask is 0xffff, hence the full 16-bit value is used by default. Example: the address mode is set to binary (2b lsb first), the address mask is set to 7ff0 and the address position is set to 2. The scada message starts with bytes ...
Page 63
Besides on and off you may keep the status after reboot at default which corresponds to the default state as the hardware will be initialized at power-up. The digital inputs and outputs can also be monitored and controlled by sdk scripts. 63 © racom s.R.O. – mg102igprs/umts/hspa+/lte router web conf...
Page 64
7.2.8. Gnss administration the gnss (gps) page lets you enable or disable the gps modules present in the system and can be used to configure the daemon that can be used to share access to receivers without contention or loss of data and to respond to queries with a format that is substantially easie...
Page 65
Allow clients from specifies where clients can connect from, can be either every- where or from a specific network. Clients start specifies how client reception is started upon connect. You can specify on request, which typically requires an r to be sent, or raw/super-raw mode which will transmit nm...
Page 66
Location name of the current location. Satellites this page provides you with a satellite view with some additional details. In the home menu, under gnss status, you can see the current status together with a lot of information about satellites in range. Mg102igprs/umts/hspa+/lte router – © racom s....
Page 67
Time of last fix the time when the gps was updated for the last time. Satellites in view the number of satellites in view as stated in gpgsv frames. Speed the horizontal and vertical speed in meter per second as stated in gprmc frames. Dilution of precision the dilution of precision as stated in gpg...
Page 68
Supervision administrative status enable or disable gnss supervision. Mode the mode of supervision - what is validated. Max. Downtime the period of time without valid nmea information after which an emergency action will be taken. Emergency action the corresponding emergency action. You can either l...
Page 69: 7.3. Routing
7.3. Routing 7.3.1. Static routes this menu shows all routing entries of the system, which can consist of active and configured ones. (netmasks can be specified in cidr notation, e.G. 24 expands to 255.255.255.0). Destination: destination network or host provided by ip addresses in dotted decimal. N...
Page 70
Default route the route is a default route, address and netmask are set to 0.0.0.0, thus matching any packet you can check the corresponding routing via the "route lookup" functionality. Just fill in the desired ip address and click on the "lookup" button. The detailed information about the chosen r...
Page 71
Destination address the packet destination address destination netmask the packet destination netmask protocol protocol used (any, udp or tcp) type of service the tos value within the packet header (possible values are any, normal- service (0), minimize-cost (2), maximize-reliability (4), maximize-t...
Page 72
7.3.4. Multicast multicast routing (mcr) can be configured and managed by a daemon. Only one mcr daemon can be used at a time. M!Dge/mg102i routers ship with two different mcr daemons to select from, depending on your de- pendencies: igmp proxy forwarding of multicast messages that are dynamically d...
Page 73
Group ip address of mcr group. Source source-ip of the packets. Incoming interface interface to listen on for messages of given group and source. Outgoing interface interface to forward the messages to. 7.3.5. Bgp the bgp tab allows to set up peerings of the m!Dge/mg102i router with other border gat...
Page 74
Disable when redundancy backup disables the bgp protocol when the router is set to slave mode by the vrrp redundancy protocol. The neighbors tab is used to configure all the bgp routers to peer with. Ip address ip address of the peer router. As number autonomous system number of the peer router (ava...
Page 75
Ospf status specifies whether the ospf routing protocol is active. Redistribute connected routes redistribute routes to networks which are directly connected to the m!Dge/mg102i router. Redistribute local routes redistribute routes from the m!Dge/mg102i router’s own routing table. Redistribute bgp r...
Page 76
Key the key to be used for authentication. Key id the id of the key to be used for authentication (1-255). Cost the cost for sending packets via this interface. If not specified or set to 0, ospf defaults are used. Passive do not send out ospf packets on this interface. The networks tab defines the ...
Page 77
If mip is run as the mobile node, the following settings can be configured: primary home agent address: the address of the primary home agent secondary home agent address: the address of the secondary (fallback) home agent home address: the permanent home address of the node which can be used to add...
Page 78
If mip is run as home agent, you will have to set up a home address and netmask first and configure various nodes afterwards which are made up of the following settings: spi the home address of the network authentication type the mask for the home network. Shared secret the shared secret used for th...
Page 79
7.3.8. Quality of service (qos) m!Dge/mg102i routers are able to prioritize and shape certain kinds of ip traffic. This is currently limited on egress, which means that only outgoing traffic can be stipulated. The current qos solution is using stochastic fairness queueing (sfq) classes in combinatio...
Page 80
Upstream bandwidth: the available bandwidth for outgoing traffic. Ip to ping (primary) an ip, which answers icmp echo requests to determine the bandwidth of the link. Ip to ping (secondary) an ip, which answers icmp echo requests to determine the bandwidth of the link. When defining limits, you shou...
Page 81: 7.4. Firewall
Bandwidth: the maximum possible bandwidth for this queue in casethe total bandwidth of all queues exceeds the set upstream bandwidth of "qos interface parameters". Set tos the tos/diffserv value to set on matching packets. You can now configure and assign any services to each queue. The following pa...
Page 82
7.4.1. Firewall administration the administration page can be used to enable and disable firewalling. When turning it on, a shortcut can be used to generate a predefined set of rules which allow administration (over http, https, ssh or telnet) by default but block any other packets coming from the w...
Page 83
Add firewall rule description: a meaningful description about the purpose of this rule. Action: whether the packets of this rule should be allowed or denied. Log matches throw a syslog message if rule matches. Incoming interface: the interface on which matching packets are received. Outgoing interfa...
Page 84
7.4.2. Napt this page allows setting of the options for network address and port translation (napt). Napt translates ip addresses or tcp/udp ports and enables communication between hosts on a private network and hosts on a public network. It generally allows a single public ip address to be used by ...
Page 85
Inbound rules inbound rules can be used to modify the target section of ip packets and, for instance, forward a service or port to an internal host. By doing so, you can expose that service and make it available from the in- ternet. You may also establish 1:1 nat mapping for a single host using addi...
Page 86
Description: a meaningful description of this rule map: choosing whether the rule applies to the host or to the network. Outging interface: outgoing interface on which matching packets are leaving the router target the target address or network to which matching packets are destined. Source address/...
Page 87: 7.5. Vpn
7.5. Vpn 7.5.1. Openvpn administration openvpn administrative status: enable or disable openvpn. Restart on link change: if checked, the tunnel is restarted whenever any link changes the status. Multipath tcp enables openvpn multipath tcp support. If enabled, openvpn client configurations will be st...
Page 88
Client mode peer selection: specifies how the remote peer shall be selected, besides a single server you may configure multiple servers which can , in case of failures, either be selec- ted sequentially (i.E. Failover) or randomly (i.E. Load balancing). Server the remote server address or hostname p...
Page 89
Encryption: required cipher mechanism used for encryption. Use compression: enable or disable openvpn compression. Use keepalive: can be used to send a periodic keep alive packet in order to keep the tunnel up despite inactivity. Redirect gateway: by redirecting the gateway, all packets will be dire...
Page 90
• dh1024.Pem (diffie hellman parameters file), • a directory (with default name “ccd”) containing client-specific configuration files. Important openvpn tunnels require a correct system time. Please ensure that all ntp servers are reachable. When using host names, a working dns server is required as...
Page 91
7.5.2. Ipsec ipsec is a protocol suite for securing ip communications by authenticating and encrypting each packet of a communication session and thus establishing a secure virtual private network. Ipsec includes various cryptographic protocols and ciphers for key exchange and data encryption and ca...
Page 92
Restart on link change: if checked, the tunnel is restarted whenever any link changes the status. Note running nat-traversal makes ike using udp port 4500 rather than 500 which has to be taken into account when setting up firewall rules. Configuration general remote peer address: the ipsec peer/resp...
Page 93
Ike proposal racom routers support ikev1 or ikev2 authentication via the pre-shared keys (psk) or certificates within a public key infrastructure. Using psk requires the following settings: psk: the pre-shared key used local id type: the identification type for the local router which can be fqdn, us...
Page 94
Certificate authority and imported to the router after- wards. In the pki server mode the router represents the certificate authority and issues the certificates for remote peers. Negotiation mode: choose the negotiation mode (main, aggressive). The aggressive mode has to be used when dealing with d...
Page 95
Ipsec proposal encapsulation mode: only the tunnel encapsulation mode is enabled ipsec protocol: only the esp ipsec protocol is enabled encryption algorithm: the ike encryption method (3des, aes128, aes192, aes256, blowfish128, 192 and 256) authentication algorithm: the ike authentication method (md...
Page 96
When creating security associations, ipsec keeps track of routed networks within the tunnel. Packets are only transmitted when a valid sa with the matching source and destination network is present. Therefore, you may need to specify the networks behind the endpoints by applying the following settin...
Page 97
Listen address: specifies on which ip address should be listened for incoming client connections server address: the server address within the tunnel client address range: specifies a range of ip addresses assigned to each client username/password: the common username/password configuration once con...
Page 98
A client tunnel requires the following parameters to be set: server address: the address of the remote server username: the username used for authentication password: the password used for authentication 7.5.4. Gre the generic routing encapsulation (gre) is a tunneling protocol that can encapsulate ...
Page 99
Interface type the device type for this tunnel. If "tap" device is chosen, another paramet- er "bridge interface" must be configured with one lan port. Local tunnel address the local ip address of the tunnel local tunnel netmask the local subnet mask of the tunnel remote network the remote network a...
Page 100: 7.6. Services
7.6. Services 7.6.1. Sdk racom routers are shipping with a software development kit (sdk) which offers a simple and fast way to implement customer-specific functions and applications. It consists of: 1. An sdk host which defines the runtime environment (a so-called sandbox), that is, controlling acc...
Page 101
1. Send/retrieve sms 2. Send e-mail 3. Read/write from/to serial device 4. Control digital input/output ports 5. Run tcp/udp servers 6. Run ip/tcp/udp clients 7. Access files of mounted media (e.G. An usb stick) 8. Retrieve status information from the system 9. Get or set configuration parameters 10...
Page 102
.Wanlink1_type = string[4]: "wwan" .Wanlink1_passthrough = string[4]: "lan2" .Wanlink1_dial_failures = string[1]: "0" .Wanlink1_sim = string[4]: "sim1" .Wanlink1_registration_state = string[23]: "registeredinhomenetwork" .Wanlink1_interface = string[5]: "wwan1" .Wanlink1_data_downloaded = string[6]:...
Page 103
Running sdk in the sdk, we are speaking of scripts and triggers which form jobs. Any arena script can be uploaded to the router or imported by using dedicated user configuration packages. You may also edit the script directly at the web manager or select one of our examples. You also have a testing ...
Page 104
This page can be used to control the sdk host and apply the following settings: administrative status: specifies whether sdk scripts should run or not scheduling priority: specifies the process priority of the sdkhost, higher priorities will speed up scheduling your scripts, lower ones will have les...
Page 105
It is usually a good idea to create a trigger first which is made up by the following parameters: name: a meaningful name to identify the trigger type: the type of the trigger, either time-based or event-based condition: specifies the time condition for time-based triggers (e.G. Hourly) timespec: th...
Page 106
Action: you may either edit a script, upload it to the system or select one of the example scripts or an already uploaded script you are ready to set up a job afterwards, it can be created by using the following parameters: name: a meaningful name to identify the job trigger: specifies the trigger t...
Page 107
/* arguments : schnick schnack "s c h n u c k" */ for (i = 0; i printf (" argv %d: %s", i, argv [i]); } /* generates: * argv 0: /scripts/testrun * argv 1: schnick * argv 2: schnack * argv 3: s c h n u c k */ in case of syntax errors, arena will usually print error messages as follows (indicating t...
Page 108
• current ip address of the ppp interface • current ip address of the vpn interface (if enabled) disconnect terminates all wan connections (including vpn) reboot initiates a system reboot output 1 on switch digital output 1 on output 1 off switch digital output 1 off output 2 on switch digital outpu...
Page 109
Last lease address: last address for dhcp clients lease duration: number of seconds (30-86400) how long a given lease will be valid until it has to be requested again persistent leases: by checking this option, only static hosts will obtain the ip leases dhcp options: by default dhcp will hand out t...
Page 110
7.6.4. Ntp server this section can be used to individually configure the network time protocol (ntp) server function. Administrative status: enabled or disabled poll interval: defines the polling interval (64-4096 seconds) for synchronizing the time with the master clock servers allowed hosts: defin...
Page 111
Dynamic address: specifies whether the address is derived from the hotlink, outgoing interface address or via an external service. Usually, the hotlink option is used. Hostname: the host-name provided by your dyndns service (e.G. Mybox.Dyndns.Org) username: the user-name used for authenticating at t...
Page 112
Administrative status: e-mail client administrative status - enabled or disabled from address: sender e-mail address server address: smtp server address server port: smtp server port (typically 25) authentication: choose the required authentication method to authenticate against the smtp server encr...
Page 113
After configuring e-mail successfully, you can also test e-mail messages. 7.6.7. Events by using the event manager you can notify remote systems about system events. A notification can be sent using e-mail, sms or snmp traps. Events e-mail address the e-mail address to which the notification shall b...
Page 114
Phone number the phone number to which the notification shall be sent (sms service must be enabled) snmp host the snmp host or address to which the trap shall be sent snmp port the port of the remote snmp service username the username for accessing the remote snmp service password the password for a...
Page 115
Description event (id) category pptp connection went down pptp-down (407) pptp pptp connection came up pptp-up (406) system is now backup router redundancy-backup r e d u n d - ancy system is now master router redundancy-master sdk has been started sdk-startup (507) sdk sms has not been sent sms-not...
Page 116
Received messages are pulled from the sims and temporarily stored on the router but get cleared after a system reboot. Please consider to consult an sdk script in case you want to process or copy them. Sending messages heavily depends on the registration state of the modem and whether the provided s...
Page 117
Phone numbers can also be specified by regular expressions, here are some examples: +12345678 specifies a fixed number +1* specifies any numbers starting with +1 +1*9 specifies any numbers starting with +1 and ending with 9 +[12]* specifies any numbers starting with either +1 or 2 please note that n...
Page 118
Testing this page can be used to test whether sms sending in general or filtering/routing rules works. The maximum length per message part is limited to 160 characters, we also suggest to exclusively use characters which are supported by the gsm 7-bit alphabet. 7.6.9. Ssh/telnet server apart from th...
Page 119
Please note that these services will be accessible from the wan interface also. In doubt, please consider to disable or restrict access to them by applying applicable firewall rules. The following parameters can be applied to the telnet service: administrative status: whether the telnet service is e...
Page 120
Supported mibs parameter host-resources-mib (rfc2790) .1.3.6.1.2.25 snmp-framework-mib .1.3.6.1.6.3.10 snmpv2-smi (rfc2578) .1.3.6.1.6.3.11 lldp-mib .1.0.8802.1.1.2 lldp-ext-med-mib .1.0.8802.1.1.2.1.5.4795 vendor-mib .1.3.6.1.4.1.33555 the vendor-mib tables offer some additional information over th...
Page 121
Snmpset -v 3 -u admin -n "" -l authnopriv -a md5 -x des -a admin01admin01 192.168.1.1 1.3.6.1.4.1.33555.10.40.10.0 i 1 • to run a configuration update: snmpset -v 3 -u admin -n "" -l authnopriv -a md5 -x des -a admin01admin01 192.168.1.1 1.3.6.1.4.1.33555.10.40.11.0 s "http://server/directory" note ...
Page 122
Once the snmp agent is enabled, snmp traps can be generated using sdk scripts or can be triggered by various events (see the system → events menu). Snmp authentication when running in snmpv3, it is possible to configure the following authentication settings: authentication: defines the authenticatio...
Page 123
In order to enable https you would need to generate or upload a server certificate in the section system-keys and certificates. Administrative status: enable or disable the web server http port: web server port for http connections https port: web server port for https connections https certificate:...
Page 124
Note m!Dge/mg102i assigns a priority of 100 to the master and 1 to the backup router. Please adapt the priority of your third-party device appropriately. Administrative status: enable or disable redundancy role: role of this system (either master or backup) vid: the virtual router id (you can theore...
Page 125
Note this behaviour comes from the ripex functionality where udp is a preferred transport solution. In case of celullar networks, tcp might be a better solution. When implementing this solution into your network, you might configure modbus tcp on the remote m!Dge/mg102i (not a unit locally connected...
Page 126: 7.7. System
Port the port number for a transport protocol (8902 by default). Broadcast the broadcast is always disabled in cellular networks. Replace plc address if set, manually configure replacing the current plc with a configured modbus rtu address. Modbus tcp consists of the unit id field which can be chang...
Page 127
Redirect address specifies an ip address to which log messages should be redirected to. A tiny system log server for windows is included in tftp32 which can be provided if requested. In general, the unit comes with an internal flash device which can be used to store data or you can use the external ...
Page 128
Current system time: the current system time which can be synchronized agains a valid ntp server or set manually. If manually set, the time is lost after the reboot. Ntp server 1: the primary ntp server ip address or hostname ntp server 2 (optional): the optional secondary ntp server ip address or h...
Page 129
7.7.2. Authentication authentication this page offers a simple shortcut to allow only secure connections (ssh, https) for managing the router. If the option "secure authentication preferred" is set, users will be redirected to https but can still login via http/telnet. User accounts this page lets y...
Page 130
Role either admin or user. Old password enter the current password. New password enter a new password. Confirm new password enter a new password again to confirm correctness. Note when adding additional admin users you are required to provide the password of the default administrator. Remote authent...
Page 131
Update operation: the update operation method being used. You can upload the image or download it from the given url url: you can upload the image or download it from the given url. When issuing a software update, the current configuration (including files like keys/certificates) will be backuped. A...
Page 132
Automatic software update status: enable/disable automatic software update time of day: every day at this time m!Dge/mg102i will do a check for updates url: the server url where the software update package should be downloaded from. Supported protocols are tftp, http(s), and ftp firmware update this...
Page 133
7.7.4. Configuration configuration via the web manager becomes tedious for large volumes of devices. M!Dge/mg102i therefore offers automatic and manual file-based configuration to automate things. Once you have successfully set up the system you can back up the configuration and restore the system w...
Page 134
In order to restore a particular configuration you can upload a configuration previously downloaded or update configuration from the provided url link. You can choose between missing configuration directives stay the same as in the currently running configuration. Automatic updates status: enable/di...
Page 135
Factory configuration this menu can be used to reset the device to factory defaults. Your current configuration will be lost. This procedure can also be initiated by pressing and holding the reset button for at least 10 seconds. A successfully initiated factory reset can be noticed by all leds being...
Page 136
Define the remote host (ip address or hostname), number of packets and the packet size. The traceroute utility can be used to print the route to a remote host. Define the target host (ip or hostname), time-to-live (ttl - number of hops on the resulting route) and the timeout in seconds (max. Time to...
Page 137
Several basic protocols can be excluded from the resulting pcap file (http, https, telnet and ssh). Note the default number of received packets is set to 1000. For downloading the file, just click on the download button. The captured file can be also downloaded from the /tmp/ directory via the appro...
Page 138
After the utility initialization, it can be viewed in a separate window. Displaying graphs and individual host statistics are supported. System debugging log files can be viewed, downloaded and reset here. Please study them carefully in case of any issues. Mg102igprs/umts/hspa+/lte router – © racom ...
Page 139
Default debugging levels for individual daemons are as follows: • configd – 4 • watchdog – 4 • swupdate – 5 • wwan-managerc – 5 • led-manager – 5 139 © racom s.R.O. – mg102igprs/umts/hspa+/lte router web configuration.
Page 140
• event-manager – 5 • link-manager – 5 • wwanmd – 5 • surveyor – 5 • mobile-node – 4 • home-agent – 4 • voiced – 4 • smsd – 5 • sdkhost – 6 • qmid – 4 • ser2net – 4 • rrsp2 – 1 • rrsp21 - 1 • qosd – 0 you can change the values to suit your needs and you can reset the values into their defaults by pr...
Page 141
You can encrypt the techsupport file in order to secure the file against reading it without knowing the security key for decrypting the file. It is more secure way to send the techsupport file via nonsecure e- mail. The decrypting key is known by our support team only and cannot be provided to anybo...
Page 142
Root ca: the root certificate authority (ca) which issues certificates, its key can be used to certify it at trusted third party on other systems. Web server: the certificates for the web server required for running http over ssl (https). Ssh server: the dss/dsa keys for the ssh server. Ssh authoriz...
Page 143
Erase certificate: erase all keys and certificates associated with this section configuration this page provides some general configuration options which will be applied when operating with keys and certificates. If keys, certificates and signing requests are generated locally, the following setting...
Page 144
Signature the signature algorithm when signing certificates passphrase the passphrase for accessing/opening a private key please be aware of the fact, that the local random number generator (rng) provides pretty good ran- domness for most applications. If stronger cryptography is mandatory, we sugge...
Page 145
Request timeout: the max. Polling time in seconds for a certificate request. Id type it can be ip, email or dns. Password the password for the scep server. When enrolling certificates, the ca certificate will be initially fetched from the specified scep url using the getca operation. It will be show...
Page 146
Availability means that the licence can be applied to the current hardware. The valid license is active if the status "licensed" is displayed in the respective line. 7.7.8. Legal notice a dedicated gui page under system is pointing out that m!Dge/mg102i contains in part open source software that may...
Page 148: 7.8. Logout
7.8. Logout log out from web manager. Mg102igprs/umts/hspa+/lte router – © racom s.R.O. 148 web configuration.
Page 149: 8. Command Line Interface
8. Command line interface the command line interface (cli) offers a unified control interface to the router and can be used to get/set configuration parameters, apply updates, restart services or perform other system tasks. The cli should be started using cli -i command from system shell or when log...
Page 150: 8.2. Print Help
Action key sequence move back a character. Ctrl-b move forward to the end of the next word. Alt-f move back to the start of the current or previous word. Alt-b clear the screen leaving the current line at the top of the screen, with an argument given refresh the current line without clearing the scr...
Page 151
> help usage: help [] available commands: get get config parameters set set config parameters update update system facilities cert manage keys and certificates status get status information scan scan networks send send message, mail, techsupport or ussd restart restart service debug debug system res...
Page 152
Set [-hv] = [=..] options: -v validate config parameter see the following example for setting configuration digital output values. Both values will be "off" and both values will be also "off" after the next start-up procedure. > set dio.Out1=off > set dio.Out2=off 8.5. Updating system facilities the...
Page 153
8.7. Getting status information the status command can be used to get various status information of the system. > status -h usage: status [-hs] options: -s generate sourceable output available sections: summary short status summary info system and config information config current configuration syst...
Page 154: 8.8. Scan
> status dio === digital io information === in1: off in2: on out1: on out2: off 8.8. Scan the scan command can be used to scan the mobile network for the possible networks. Note that the active mobile connection will be deactivated during the scan procedure. > scan -h usage: scan [-hs] options: -s g...
Page 155: 8.10. Restarting Services
8.9. Sending e-mail or sms the send command can be used to send a message via e-mail/sms to the specified address or phone number. > send -h usage: send [-h] options: type of message to be sent (mail, sms, techsupport, ussd) destination of message (mail-address, phone-number or argument) message to ...
Page 156: 8.12. Resetting System
> debug -h usage: debug [-hr] [-l ] options: -l set debug level -r reset debug level available debug targets: system scripts configd watchdog swupdate led-manager event-manager surveyor mobile-node home-agent voiced smsd sdkhost ser2net qosd gpsd rrsp2 rrsp21 link-manager wwanmd wwan-manager 8.12. R...
Page 157: 8.16. Cli–Php
> reboot -h usage: reboot [-h] 8.14. Running shell commands the shell command can be used to execute a system shell and run any arbitrary application. > shell -h usage: shell [-h] [] 8.15. Cli commands history the history command displays the history of cli commands entered on the unit. > history 1 ...
Page 158
Available keys: output output format ( html, plain ) usr username to be used for authentication pwd password to be used for authentication commandv command to be executed arg0..Arg31 arguments passed to commands notes: the commands correspond to cli commands as seen by 'cli −l', the arguments (arg0....
Page 159
Get – get configuration parameter key usage: command=get&arg0=[&arg1=..] examples: http://192.168.1.1/cli.Php?Version=2&output=html&usr=admin&pwd= admin01&command=get&arg0=config.Version http://192.168.1.1/cli.Php?Version=2&output=html&usr=admin&pwd= admin01&command=get&arg0=openvpn.Status&arg1=snmp...
Page 160
Reboot - trigger system reboot key usage: command=reboot examples: http://192.168.1.1/cli.Php?Version=2&output=html&usr=admin&pwd=admin01&command=reboot reset - run factory reset key usage: command=reset examples: http://192.168.1.1/cli.Php?Version=2&output=html&usr=admin&pwd=admin01&command=reset u...
Page 161
Examples: http://192.168.1.1/cli.Php?Version=2&output=html&usr=admin&pwd=admin01 &command=send&arg0=sms&arg1=\%2b123456789&arg2=test send - send e-mail key usage: command=send&arg0=mail&arg1= notes: the address has to be a valid e−mail address such as abc@abc.Com (the at−sign can be encoded with \%4...
Page 162
Examples: http://192.168.1.1/cli.Php?Version=2&output=html&usr=admin&pwd=admin01& command=send&arg0=ussd&arg1=0&arg2=\%2a100\%23 mg102igprs/umts/hspa+/lte router – © racom s.R.O. 162 command line interface.
Page 163: 9. Troubleshooting
9. Troubleshooting 9.1. Common errors with gprs/umts connection (even if gsm signal is good enough) following errors are common: sim missing check the sim card status in the interfaces → sims menu, turn off the unit, insert/re-insert the sim card and power up the unit again pin code required insert ...
Page 164
9.3.2. Log files information about boot-up process and about running processes can be found in the linux-like log files, see the system→ troubleshooting → system debugging menu. Mg102igprs/umts/hspa+/lte router – © racom s.R.O. 164 troubleshooting.
Page 165: 10.1. Safety Instructions
10. Safety, environment, licensing 10.1. Safety instructions the m!Dge/mg102i wireless router must be used in compliance with any and all applicable interna- tional and national laws and in compliance with any special restrictions regulating the utilization of the communication module in prescribed ...
Page 166
10.2. Rohs and weee compliance the m!Dge/mg102i is fully compliant with the european commission‟s rohs (restriction of certain hazardous substances in electrical and electronic equipment) and weee (waste electrical and electronic equipment) environmental directives). Restriction of hazardous substan...
Page 168: 10.4. Country Of Origin
10.4. Country of origin country of origin declaration manufacturer: racom address: mirova 1283, 592 31 nove mesto na morave, czech republic vat no: cz46343423 we, the manufacturer, hereby declare that country of origin of all the gsm products and its accessories is the czech republic, eu. Nove mesto...
Page 169: 10.5. Warranty
10.5. Warranty racom-supplied parts or equipment ("equipment") is covered by warranty for inherently faulty parts and workmanship for a warranty period as stated in the delivery documentation from the date of dispatch to the customer. The warranty does not cover custom modifications to software. Dur...
Page 170: Appendix A. Glossary
Appendix a. Glossary apn access point name / access point node ce conformity of equipment according to eu rules cs coding scheme csd circuit switched data dhcp dynamic host configuration protocol dmz demilitarized zone dns domain name system edge enhanced data service for gsm evolution emc electroma...
Page 171
Ras remote access service (dial-in networking ppp) rohs restriction of hazardous substances sim subscriber identity module sw software tcp transmission control protocol tftp trivial file transfer protocol udp user datagram protocol umts universal mobile telecommunications system url universal resour...
Page 172: Index
Index a accessories, 20 antenna gsm/umts, 22 mounting, 24 authentication, 129 b basic setup, 23 brc com, 51 c certificates, 141 cli, 149 client e-mail, 111 com protocols, 48 command line interface, 149 configuration, 25 conformity, 167 connecting mg102i, 22 connectors antenna sma, 12 eth rj45, 13 sc...
Page 173
Protocolserver, 48 r redundancy, 123 reset, 135 rohs, 166 router, 7 routing, 69 s safety instructions, 165 serial port, 46 server dhcp, 108 dial-in, 99 dns proxy, 109 pptp, 96 ssh/telnet, 118 web, 122 services, 100 sim, 35 sim card, 22 sms, 115 snmp agent, 119 software update, 130 specification, 18 ...
Page 174
174.
Page 175
Appendix b. Revision history 2012-10-09 revision 1.0 1st xml version 2013-10-09 revision 1.1 added section the section called “protocol server” 2014-03-26 country of origin revision 1.2 added section section 10.4, “country of origin” 2014-04-09 revision 1.3 complete manual revision for fw version 3....