Microhard Systems VIP4GABGN20 LTE Ethernet Bridge / Serial Gateway User Manual 2 of 2

Microhard Systems Inc LTE Ethernet Bridge / Serial Gateway 2 of 2

Contents

User Manual 2 of 2

© Microhard Systems Inc. 101
4.0 Configuration
IP Protocol Config (Continued…)
SMS Transparent Mode: Serial data from the COM1 port can be send to one or multiple destinations via
SMS text messaging. SMS messages received by the VIP4G can also be sent to the COM1 port.
Message Max Size
Enter the maximum message size. Once the number of characters has been reached the
VIP4G will package the data up and send it as a SMS message to the number(s) specified.
[1….160]. The character timeout can be used to send messages more frequently by detecting
a pause in the incoming data.
Default: 160
Reply Timeout(s)
Enter a value for the Reply Timeout in seconds.
Default: 10
Access Control
By selecting Anonymous, the VIP4G will accept a SMS message from any number. If
Control Phone List is selected, only messages from the numbers in the Access Control List
will be accepted.
Default: Anonymous
Read SMS Control
Select Keep in SIM Card to save incoming SMS messages in the SIM card, select Delete to
delete messages once they have been output to serial port.
Default: Keep in SIM Card
Access Control Phone List
Messages can be sent to up to five (5) numbers, also, this list can be used to filter incoming
SMS messages (See Access Control)
Default: None
Image 4-5-3: Comport > SMS Transparent Mode
© Microhard Systems Inc. 102
4.0 Configuration
IP Protocol Config (Continued…)
GPS Transparent Mode: When in GPS Transparent Mode, GPS data is reported out the serial port at 1
second intervals. Sample output is shown below:
Image 4-5-4: Comport > GPS Transparent Mode
© Microhard Systems Inc. 103
4.0 Configuration
Image 4-6-1: I/O > Status
4.6 I/O
4.6.1 I/O > Status
The VIP4G has 4 status inputs, which can be used with various alarms and sensors for monitoring, telling
the modem when certain events have occurred, such as an intrusion alarm on a door, a temperature
threshold has been exceed, or a generator has failed, out of fuel. Also included are 4 outputs, that can be
used to drive external relays to remotely control equipment and devices.
Input Status
The WebUI will display the current state of each input. The I/O pins are all normally open so an open status
indicates that there is nothing connected to the input pins, or that an event has not occurred to trigger the
input. The inputs have a small wetting current (Vin) used to detect a contact closure, and prevent false
readings by any noise or intermittent signals, it has a threshold sensitivity of 1.8V.
Output Status
The WebUI will display the current state of each control output. Using the Output menu discussed in the
next section, a user can remotely control the status of the output pins.
© Microhard Systems Inc. 104
4.0 Configuration
Image 4-6-2: I/O > OUTPUT
4.6.2 I/O > OUTPUT
Each of the 4 Outputs can be controlled separately, allowing a user to remotely trigger an event.
The output pins on the VIP4G can be used provide output signals, which can be used to drive an external
relay to control an external device. Maximum recommended load for the Output Pin is 150mA @ 32 VDC
(Vin)
4.6.3 I/O > I/O Rules
Custom rules can be applied to the I/O behavior, such as setting a output after a specified time,
or an input or combination of inputs triggering output(s).
Image 4-6-3: I/O > I/O Rules
© Microhard Systems Inc. 105
4.0 Configuration
I/O Port Rule Define
Set the type of I/O rules to perform:
Disabled: Outputs have no logical connection to inputs.
Default Rules:
Each input has a logical connection to each output as follows:
Input 1 -> Output 1
Input 2 -> Output 2
Input 3 -> Output 3
Input 4 -> Output 4
Custom Rules:
User can make custom rules to trigger output states. Custom rules can
contain any of the following I/O rules:
A timer has finished counting down
A input signal has changed state
A combination of a input state and a timer.
Values (selection)
Disable
Default Rules
Custom Rules
Rule Name
Each I/O rule must have a unique name. This is for reference purposes and
has no effect on the rule itself.
Values (characters)
rule0
I/O Rule Mode
Define the parameters of the desired rule:
Use Timer Only: Once the programmed timer has expired, the defined
output state will be triggered.
Use Input States Only: The VIP4G will set puts as defined based on input
states.
Use Input States With Timer: A combination of inputs states and a timer
would trigger an output action when the input state if changed for more
than the specified time.
Values (selection)
Use Timer Only
Use Input States Only
Use Input States With
Timer
© Microhard Systems Inc. 106
4.0 Configuration
4.6.4 I/O > Accelerometer
The VIP4G has a internal Accelerometer, which can be configured to report events to a remote host based
on a specific physical activity.
Image 4-6-4: I/O > Accelerometer
Accelerometer Report
Enable or disable reporting by the Accelerometer. Values (selection)
Disable
Enable
Report Trigger Mode
Select reporting on event, timer or both. Values (selection)
Event
Timer
Event OR Timer
Interval
Set the time at which events will be reported if the timer feature is selected. Values (seconds)
120
Report Message
Select the types of events that cause a report to be sent. Values (selection)
ALL
Impact
Activity
Inactivity
© Microhard Systems Inc. 107
4.0 Configuration
Report Format Type
Select the format in which the report will be sent, TAIP or Text. Values (selection)
TAIP
Text
Remote IP
Enter the IP Address of the remote host. This is the address in
which the reports will be sent via UDP packets. Values (IP Address)
0.0.0.0
Remote PORT
Enter the UDP port number to send the reports. Values (Port)
20100
© Microhard Systems Inc. 108
4.0 Configuration
4.7 GPS
4.7.1 GPS > Location
Location Map
The location map shows the location on the VIP4G. The unit will attempt to get the GPS coordinates from
the built in GPS receiver, and if unsuccessful, will use the Cell ID location reported by the Cellular Carrier.
Image 4-7-1: GPS > Location Map
When using standalone GPS the specific coordinates are shown as in the above screenshot. If the VIP4G
is unable to locate GPS satellites, or if configured to use Embedded Carrier GPS, only the estimated
location of the VIP4G is shown with a radius drawn on the map.
© Microhard Systems Inc. 109
4.0 Configuration
4.7.2 GPS > Settings
The VIP4G can be polled fro GPS data via GPSD standards and/or provide customizable reporting to up to
4 different hosts using UDP or Email Reporting.
GPS data can also be reported to the COM1 serial port. For more information, refer to the COM1 > IP
Protocol Config > GPS Transparent Mode section.
Image 4-7-2: GPS > Settings
GPS Status
Enable or disable the GPS polling function of the VIP4G. Values
Disable / Enable
GPS Source
Select the data source for GPS data. Values
Stand Alone GPS
Embedded Carrier GPS
TCP Port
Specify the TCP port on the VIP4G where the GPS service is running and
remote systems can connect and poll for GPSD data. Values
2947
© Microhard Systems Inc. 110
4.0 Configuration
4.7.3 GPS > GPS Report
The VIP4G can provide customizable reporting to up to 4 hosts using UDP or Email Reporting.
Image 4-7-3: GPS > GPS Report
Report Define
Enable UDP and/or Email or disable GPS Reporting. Up to 4 reports can
be set up and configured independently. Values (selection)
Disable
UDP Report
Email Report
Time Interval
The interval timer specifies the frequency at which the GPS data is
reported in seconds. Values (seconds)
600
© Microhard Systems Inc. 111
4.0 Configuration
Message 1-4
The Message field allows customization of up to 4 different GPS messages
to be sent to the specified host.
None - Message is not used, no data will be sent
ALL - Sends all of the below
GGA - GPS Fix Data
GSA - Overall Satellite Data
GSV - Detailed Satellite Data
RMC - Recommended Min Data for GPS
VTG - Vector Track & Ground Speed
GPSGate - For use with GPSGate Tracking Software
Values (selection)
None
ALL NMEA
GGA
GSA
GSV
RMC
VTG
Latitude/Longitude
GPSGate UDP Protocol
Trigger Set
The trigger condition defines the conditions that must be met before a GPS
update is reported. If OR is chosen, the Repeater Timer OR the Distance
trigger conditions must be met before an update is sent. The AND
condition, requires that both the Repeat timer AND the Distance trigger
conditions be met before an update is sent.
Values (selection)
Only Timer
Timer AND Distance
Timer OR Distance
Distance Set
The distance parameter allows the GPS data to only be sent when a
specified distance has been traveled since the last report. Values (meters)
1000
UDP Remote IP / Port
This is the IP Address and port of the remote host in which the UDP
packets are to be sent. Values (Address/Port)
0.0.0.0 / 20175
Mail Subject
If an Email report is chosen, the subject line of the Email can be defined
here. Values (characters)
1000
Mail Server
If an Email report is to be sent, the outgoing mail server must be defined,
and the port number. Values (Address:port)
smtp.gmail.com:465
Username / Password
Some outgoing mail servers required username and password to prevent
an account being used for spam. Enter the login credentials here. Values (characters)
Username / password
Mail Recipient
Some outgoing mail servers require a username and password to prevent
an account being used for spam. Enter the login credentials here. Values (characters)
host@email.com
© Microhard Systems Inc. 112
4.0 Configuration
4.7.4 GPS > GpsGate
The VIP4G is compatible with GpsGate - GPS Tracking Software, which is a 3rd party mapping solution
used for various GPS services including vehicle and asset tracking The VIP4G can communicate with
GpsGate via Tracker Mode and TCP/IP. (UDP reporting can also send information to GpsGate, see the
GPS > Report - UDP Reports)
Image 4-7-4: GPS > GpsGate Tracker Mode
Mode Set
Enable GpsGate Tracker Mode or TCP modes. In tracker mode The VIP4G
and GpsGate software will communicate via TCP/IP, however if a
connection is not available it will attempt to use SMS messaging.
Values (selection)
Disable
Enable Tracker Mode
Enable TCP Send Mode
Server Command Channel
By default VIP4G and GpsGate will use TCP and SMS to ensure
communication between each other. It is also possible to specify TCP or
SMS communication only. Initial setup in Tracker mode must be via SMS.
Values (seconds)
TCP and SMS
TCP Only
SMS Only
TCP Alive Mode / Alive Time Interval
TCP alive mode will keep TCP connection alive if tracker is not enabled or
the tracker interval is too long. The default is 150 seconds. Values (seconds)
150
GpsGate - Tracker Mode
© Microhard Systems Inc. 113
4.0 Configuration
Setup Phone Filter
A phone number filter can be applied to prevent SMS commands not
intended for the VIP4G from being processed. Values (selection)
Disable: Accept All
Enable Filter
Motion Trigger
Use this parameter to enable or disable the motion trigger in the VIP4G. Values (selection)
Disable
Enable Motion Trigger
When GPS Invalid, Sending Data
Specify what happens when the GPS data is invalid, either use the last
valid position or do not use the last valid position. Values (selection)
Not Use Last Valid Position
Use Last Valid Position
GpsGate - TCP Mode
Send IO Status
When enabled, the VIP4G will send the current status of the Digital I/O
inputs and/or outputs to the GpsGate Server. Values (selection)
Disable
Send Input Status
Send Output Status
Send Input&Output Status
Image 4-7-5: GPS > GpsGate TCP Mode
© Microhard Systems Inc. 114
4.0 Configuration
Mode Set
Enable GpsGate Tracker Mode or TCP modes. In TCP Mode the VIP4G
will establish a connection with the GpsGate Server directly without the
SMS setup process. If the TCP connection is not available, the VIP4G will
continue to try to connect every few seconds.
Values (selection)
Disable
Enable Tracker Mode
Enable TCP Send Mode
Server Address / IP
Enter the IP Address of the server running the GpsGate application. Values (IP Address)
192.168.168.1
Server Port
Enter the TCP Port of the server running the GpsGate application. Values (Port)
30175
Server Interval
Define the interval at which the VIP4G will send data to the GpsGate
Server. Values (seconds)
60
Motion Distance
Set the motion threshold in which the VIP4G will be triggered to send
location data. Values (meters)
100
When GPS Invalid, Sending Data
Specify what happens when the GPS data is invalid, either use the last
valid position or do not use the last valid position. Values (selection)
Not Use Last Valid Position
Use Last Valid Position
Send IO Status
When enabled, the VIP4G will send the current status of the Digital I/O
inputs and/or outputs to the GpsGate Server. Values (selection)
Disable
Send Input Status
Send Output Status
Send Input&Output Status
© Microhard Systems Inc. 115
4.0 Configuration
4.7.5 GPS > Recorder
The VIP4G can be configured to record events based on time intervals, and/or an event trigger and store
them in non-volatile memory. These events can then be viewed within the WebUI, on a map, or sent to a
remote server in a number of different formats.
Image 4-7-6: GPS > GPS Recorder Service
Status
Use the Status parameter to enable the GPS recording functionality of the
VIP4G. The total number of records that can be recorded varies between
16,000 and 36,000, depending on the number of GPS parameters that are
recorded.
Values (selection)
Disable
Enable GPS Recorder
Time Interval
Define the interval at which the VIP4G will record GPS data. If there is no
valid data available at the specified time (i.e. no connected satellites), the
unit will wait until the next time valid information is received.
Values (seconds)
300
DI/DO Changed
The VIP4G can detect and report the current GPS info when a digital input
or output status changes, regardless of the time interval setting. Values (selection)
Record / Don’t Record
© Microhard Systems Inc. 116
4.0 Configuration
Speed
Select Record to include the current speed in the reported data. Values (selection)
Record / Don’t Record
Over Speed
Trigger a GPS record entry when the speed has exceeded the configured
threshold. A minimum of 30 Km/hr is required. Values (Km/hr)
120
Orientation
Select Record to record the current orientation when a GPS entry is
recorded. (Degree to North). Values (selection)
Record / Don’t Record
Orientation Changed
Record a GPS, regardless of the time interval, if the orientation of the unit
changes. (5 ~ 180: 180 = Disable) Values (5 ~ 180)
60
Carrier RSSI Level
Select Record to record the current 4G/Cellular RSSI level when a GPS
entry is recorded. (-dB). Values (selection)
Record / Don’t Record
Altitude
Select Record to record the current Altitude when a GPS entry is recorded
(meters). Values (selection)
Record / Don’t Record
© Microhard Systems Inc. 117
4.0 Configuration
4.7.6 GPS > Load Record
Data that has been recorded and saved by the VIP4G can then be viewed or sent to a remote server in
various formats. The data recorded can also be viewed directly by selecting “View Data” and the data can
be traced on a map (internet access required), by selecting “Trace Map”, or “Quick Trace. The
screenshots below show the raw data that can be viewed and the Trace Map/Quick Trace output.
Image 4-7-7: GPS > GPS Load Record
© Microhard Systems Inc. 118
4.0 Configuration
Record Time Range
Check the boxes next to the records listed above that are to be sent to the
server. Values (selection)
(no default)
Send Mode / Protocol
Specify the data format / protocol type for the data to be sent. Values (selection)
NMEA via UDP
NMEA via TCP
GpsGate via UDP
GpsGate via TCP
Plain Text via UDP
Plain Text via TCP
Server Address/IP
Enter the address or IP address of the remote server to which the data is to
be sent. Values (IP)
nms.microhardcorp.com
Server Port
Enter the UDP/TCP port number of the remote server to which the data is
to be sent. Values (Port)
30175
© Microhard Systems Inc. 119
4.0 Configuration
4.7.7 GPS > TAIP
The VIP4G has the ability to send GPS data in TAIP (Trimble ACSII Interface Protocol) format to up to 4
different TAIP servers. The following section describes the configuration parameters required to initialize
TAIP reporting.
Image 4-7-8: GPS > TAIP
TAIP service status
Enable or disable TAIP service on the VIP4G. The VIP4G can report TAIP
to up to 4 different hosts. Values (selection)
Enable / Disable
Remote TAIP Server
Enter the IP Address of the Remote TAIP Server. Values (IP Address)
0.0.0.0
Socket Type
Select the socket type that is used by the Remote TAIP server. Select TCP
or UDP, this will define how the connection (TCP) or data is sent (UDP) to
the server.
Values (selection)
UDP / TCP
Remote TAIP Port
Enter the TCP or UDP port number used on the Remote TAIP server. Values (TCP/UDP)
UDP / TCP
© Microhard Systems Inc. 120
4.0 Configuration
Message Type
Select between RPV and RLN message types.
RPV - Position/Velocity
RLN - Long Navigation Message
Values (selection)
RPV / RLN
Interval
Set the frequency at which TAIP messages are reported to the remote
server. The unit used is seconds, and the default value is 60 seconds. Values (seconds)
60
Vehicle ID
Set the Vehicle ID using 4 alpha-numeric characters. Values (chars)
0000
© Microhard Systems Inc. 121
4.0 Configuration
Image 4-8-1: Firewall > Status
4.8 Firewall
4.8.1 Firewall > Status
Firewall Status allows a user to see detailed information about how the firewall is operating. The All, Filter,
Nat, Raw, and Mangle options can be used to view different aspects of the firewall.
© Microhard Systems Inc. 122
4.0 Configuration
Image 4-8-2: Firewall > General
4.8.2 Firewall > General
The General Firewall settings allow users to enable or disable the firewall, and to decide which areas of the
modem to protect. The Firewall can also be reset to factory defaults from this area of the WebUI.
In a cellular device such as this, it is highly recommended to configure the firewall to protect any devices
connected to the modem, and to control data usage. This is especially important units set up with a public
IP address as the modem is effectively on the public internet and is susceptible to a wide range of threats
which may severely impact the data usage. This can be avoided by blocking all 4G/Cellular traffic and
setting up specific rules to either open only used ports, or even restrict access to specific IP/networks.
Firewall Status
When enabled, the firewall settings are in effect. When disabled, none of
the settings configured in the menu’s below have an effect, the modem is
“open” to anyone.
Values
Disable / Enable
WAN Remote Management
Allow remote management of the VIP4G on the WAN side using the WebUI
on port 80(HTTP), and 443 (HTTPS). If disabled, the configuration can only
be accessed from the LAN (or 4G if enabled)..
Values
Enable / Disable
4G Remote Management
Allow remote management of the VIP4G from the 4G side of using the
WebUI on port 80(HTTP), and 443 (HTTPS). If disabled, the configuration
can only be accessed from the LAN (or WAN if enabled)..
Values
Enable / Disable
For best practices and to
control data usage it is
critical that the firewall be
configured properly.
It is recommended to block
all incoming 4G/Cellular
traffic and create rules to
open specific ports and/or
use ACL lists to limit
incoming connections.
© Microhard Systems Inc. 123
4.0 Configuration
WAN Request
When Blocked the VIP4G will block all requests from devices on the WAN
unless specified otherwise in the Access Rules, MAC List, IP List
configurations. Access to ports 80 (HTTP) and 443 (HTTPS-if enabled), is
still available unless disabled in the WAN Remote Management option.
Values
Block / Allow
LAN to WAN Access Control
Allows or Blocks traffic from the LAN accessing the WAN unless specified
otherwise using the Access Rules, MAC, and IP List configuration. Values
Block / Allow
4G Request
When Blocked all requests from devices on the 4G (Wireless Carrier) side
will be blocked, unless specified otherwise in the Access Rules, MAC List,
IP List configurations. Access to ports 80 (HTTP) and 443 (HTTPS-if
enabled), is still available unless disabled in the 4G Remote Management
option.
Values
Block / Allow
LAN to 4G Access Control
Allows or Blocks traffic from the LAN accessing the 4G connection unless
specified otherwise using the Access Rules, MAC, and IP List
configuration.
Values
Block / Allow
Anti-Spoof
The Anti-Spoof protection is to create some firewall rules assigned to the
external interface (WAN & 4G/Cellular) of the firewall that examines the
source address of all packets crossing that interface coming from outside.
If the address belongs to the internal network or the firewall itself, the
packet is dropped.
Values
Enable / Disable
When 4G is set to ‘Allow’
the modem is open to
anyone, this is not
recommended as it may
impact data usage from
unwanted sources.
Packet Normalization
Packet Normalization is the normalization of packets so there are no
ambiguities in interpretation by the ultimate destination of the packet. The
scrub directive also reassembled fragmented packets, protecting some
operating systems from some forms of attack, and drops TCP packets that
have invalid flag combinations.
Values
Enable / Disable
© Microhard Systems Inc. 124
4.0 Configuration
Image 4-8-3: Firewall > Rules
4.8.3 Firewall > Rules
Once the firewall is turned on, rules configuration can be used to define specific rules on how local and
remote devices access different ports and services. MAC List and IP List are used for general access, and
are applied before rules are processed.
It is highly recommended to block as much traffic as possible from the modem, especially when using a
public IP address. The best security would to be to allow traffic only from trusted IP addresses, and only
the specific ports being used, and block everything else. Not configuring the firewall and the firewall rules
correctly could result in unpredictable data charges from the cellular carrier.
Rule Name
The rule name is used to identify the created rule. Each rule must have a
unique name and up to 10 characters can be used. Values (10 Chars)
characters
Action
The Action is used to define how the rule handles the connection request.
ACCEPT will allow a connection, while REJECT (error) and DROP
(quietly dropped), will refuse connections.
This is configured based on how the WAN/4G Request and LAN to
WAN/4G Access Control are configured in the previous menus.
Values (selection)
ACCEPT
DROP
REJECT
Source
Select the zone which is to be the source of the data traffic. WAN applies
to the WAN RJ45 connection, and 4G refers to the connection to the
cellular carrier. The LAN refers to local connections on the VIP4G
(Ethernet/WiFi).
Values
LAN / 4G / WIFI / WAN
None
Refer to Appendix D for an
example of how to set up a
firewall to block all
connections and then add
access to only specific IP’s
and Ports.
Appendix D: Firewall
Example
© Microhard Systems Inc. 125
4.0 Configuration
Source IPs
Match incoming traffic from the specified source IP range. Boxes accept
single IP Addresses without network masks, example: 192.168.1.0 to
192.168.1.255 represents all IP Addresses in the 192.168.1.0/24 network.
(Put same IP in both boxes for a single IP match.)
Values (IP Address)
192.168.0.0 to
192.168.0.0
Destination
Select the zone which is the intended destination of the data traffic. WAN
applies to the wireless connection to the cellular carrier and the LAN refers
to local connections on the VIP4G (Ethernet/WiFi)
Values (selection)
LAN / 4G / WIFI / WAN
None
Destination IPs
Match incoming traffic from the specified destination IP range. Boxes
accept single IP Addresses without network masks, example: 192.168.1.0
to 192.168.1.255 represents all IP Addresses in the 192.168.1.0/24
network. (Put same IP in both boxes for a single IP match.)
Values (IP Address)
192.168.0.0 to
192.168.0.0
Destination Port
Match incoming traffic directed at the given destination port or port range.
(To specify a port range use a From:To (100:200) format)
Values (port)
0
Protocol
The protocol field defines the transport protocol type controlled by the rule. Values
TCP
UDP
Both
ICMP
© Microhard Systems Inc. 126
4.0 Configuration
Image 4-8-4: Firewall > Port Forwarding
4.8.4 Firewall > Port Forwarding
The VIP4G can be used to provide remote access to connected devices. To access these devices a user
must define how incoming traffic is handled by the VIP4G. If all incoming traffic is intended for a specific
connected device, DMZ could be used to simplify the process, as all incoming traffic can be directed
towards a specific IP address.
In the case where there is multiple devices, or only specific ports need to be passed, Port forwarding is
used to forward traffic coming in from the WAN (Cellular) to specific IP Addresses and Ports on the LAN.
Port forwarding can be used in combination with other firewall features, but the Firewall must be enabled
for Port forwarding to be in effect. If the WAN Request is blocked on the General Tab, additional rules and/
or IP Lists must be set up to allow the port forwarding traffic to pass through the firewall.
IP-Passthrough (Carrier > Settings) is another option for passing traffic through the VIP4G, in this case all
traffic is passed to a single device connected to a RJ45 port on the VIP4G, The device must be set for
DHCP or have the WAN IP set as its static IP, as the VIP4G assigns the WAN IP to the device, and the
modem enters into a transparent mode, routing all traffic to the RJ45 port. This option bypasses all firewall
features of the VIP4G, as well as all other features of the VIP4G such as COM, VPN, GPS etc.
DMZ Mode
Enable or disable DMZ Mode. DMZ can be used to forward all traffic to a
specific IP address (DMZ Server IP) on the LAN. Values (selection)
Disable / Enable
If DMZ is enabled and an
exception port for the WebUI
is not specified, remote
management will not be
possible. The default port for
remote management is TCP
80.
© Microhard Systems Inc. 127
4.0 Configuration
Protocol
Select the type of transport protocol used. For example Telnet uses TCP,
SNMP uses UDP, etc. Values (selection)
External Port
Port number of incoming request (from 4G/WAN-side). Values (Port #)
2000
TCP / UDP / Both
Name
This is simply a field where a convenient reference or description is added
to the rule. Each Forward must have a unique rule name and can use up to
10 characters.
Values (10 chars)
Forward
Internal Server IP
Enter the IP address of the intended internal (i.e. on LAN side of VIP4G)
server. This is the IP address of the device you are forwarding traffic to. Values (IP Address)
192.168.2.1
Internal Port
Target port number of internal server on the LAN IP entered above. Values (Port #)
3000
Source
Select the source for the DMZ traffic, either 4G or from WAN. Values (selection)
4G / WAN
Exception Port
Enter a exception port number that will NOT be forwarded to the DMZ
server IP. Usually a configuration or remote management port that is
excluded to retain external control of the VIP4G.
Values (Port #)
443
DMZ Server IP
Enter the IP address of the device on the LAN side of the VIP4G where all
the traffic will be forwarded to. Values (IP Address)
192.168.100.100
DMZ Source
Select the source for the DMZ traffic, either 4G or from WAN. Values (selection)
4G / WAN
If the firewall is set to block
incoming traffic on the WAN
and/or 4G interfaces,
additional rules or IP/MAC
lists must be configured to
allow desired traffic access.
© Microhard Systems Inc. 128
4.0 Configuration
Image 4-8-5: Firewall > MAC-IP List
4.8.5 Firewall > MAC-IP List
MAC List configuration can be used to control which physical LAN devices can access the ports on the
VIP4G, by restricting or allowing connections based on the MAC address. IP List configuration can be used
to define who or what can access the VIP4G, by restricting or allowing connections based on the IP
Address/Subnet.
MAC-IP List can be used alone or in combination with LAN to WAN/4G Access Control to provide secure
access to the physical ports of the VIP4G.
Firewall MAC List Configuration
Rule Name
The Rule Name field is required to give the rule a convenient name for
reference. Each rule must have a unique name, up to 10 characters in
length.
Values (10 chars)
MAC_List
MAC Address
Specify the MAC Address to be added to the list. Must be entered in the
correct format as seen above. Not case sensitive. Values (MAC Address)
00:00:00:00:00:00
© Microhard Systems Inc. 129
4.0 Configuration
Firewall MAC List Configuration (Continued)
Action
The Action is used to define how the rule handles the connection request.
ACCEPT will allow a connection, while REJECT (error) and DROP (quietly
dropped), will refuse connections.
Values (selection)
ACCEPT
DROP
REJECT
Firewall IP List Configuration
Rule Name
The Rule Name field is required to give the rule a convenient name for
reference. Each rule must have a unique name, up to 10 characters in
length.
Values (10 chars)
IP_List
Source Address
Match incoming traffic from the specified source IP range. Boxes accept
single IP Addresses without network masks, example: 192.168.1.0 to
192.168.1.255 represents all IP Addresses in the 192.168.1.0/24 network.
(Put same IP in both boxes for a single IP match.)
Values (IP Address)
192.168.0.0 to
192.168.0.0
Action
The Action is used to define how the rule handles the connection request.
ACCEPT will allow a connection, while REJECT (error) and DROP (quietly
dropped), will refuse connections.
Values (selection)
ACCEPT / DROP / REJECT
Destination Address
Match incoming traffic from the specified destination IP range. Boxes
accept single IP Addresses without network masks, example: 192.168.1.0
to 192.168.1.255 represents all IP Addresses in the 192.168.1.0/24
network. (Put same IP in both boxes for a single IP match.)
Values (IP Address)
192.168.0.0 to
192.168.0.0
Source
Enter the specific zone that the IP List will apply to, 4G (Cellular), WAN ,
LAN (Ethernet, WiFi) or None (both). Values (Selection)
LAN / WAN / / WIFI / 4G /
NONE
© Microhard Systems Inc. 130
4.0 Configuration
Image 4-8-6: Firewall > Reset to Defaults
4.8.6 Firewall > Reset
To reset the firewall back to default settings and erase all rules, port forwards, and IP/MAC lists, use the
reset button see below:
© Microhard Systems Inc. 131
4.0 Configuration
Image 4-9-1: Router > RIPv2
4.9 Router
4.9.1 Router > RIPV2
The VIP4G is capable of providing and participating in RIPv2 (Routing Information Protocol v2), to
exchange routing information from attached devices. Static routes can also be added in the Network >
Routes menu.
RIPV2 Status
Enable or disable RIPV2 routing on the VIP4G. If enabled the VIP4G will
exchange routing information on the specified (interfaces) attached
networks.
Values (selection)
Enable / Disable
Authentication Type / Port / Password
Enable MD5 authentication on for the RIPV2 protocol. Also select the port
used for RIPV2, and the required password. Values (selection)
None
MD5
RIPV2 Network Announcement Configuration
Each attached network that is to participate with the RIPV2 exchange must
be specified here. Once added they participating networks are shown in the
list.
Values (Subnet/Length))
(no default)
© Microhard Systems Inc. 132
4.0 Configuration
Image 4-9-2: Router > OSPF
4.9.2 Router > OSPF
The VIP4G is also capable of providing and participating in OSPF (Open Shortest Path First), to exchange
routing information from attached devices. Static routes can also be added in the Network > Routes menu.
OSPF Status
Enable or disable OSPF routing on the VIP4G. If enabled the VIP4G will
exchange routing information on the specified (interfaces) attached
networks.
Values (selection)
Enable / Disable
OSPF Network Announcement Configuration
Each attached network that is to participate with the OSPF exchange must
be specified here. Once added they participating networks are shown in the
list.
Values (Subnet/Length))
(no default)
© Microhard Systems Inc. 133
4.0 Configuration
Image 4-10-1: VPN > Summary
4.10 VPN
4.10.1 VPN > Summary
A Virtual Private Network (VPN) may be configured to enable a tunnel between the VIP4G and a remote
network.. The VIP4G supports VPN IPsec Gateway to Gateway (site-to-site) tunneling, meaning you are
using the VIP4G to connect a tunnel to network with VPN capabilities (Another VIP4G or VPN capable
device). The VIP4G can also operate as a L2TP Server, allowing users to VPN into the unit from a remote
PC, and a L2TP Client.
© Microhard Systems Inc. 134
4.0 Configuration
Image 4-9-2: VPN > Gateway to Gateway
4.9.2 VPN > Gateway To Gateway (Site-to-Site)
A Gateway to Gateway connection is used to create a tunnel between two VPN devices such as
an VIP4G and another device (another VIP4G or Cisco VPN Router or another vendor…). The
local and remote group settings will need to be configured below to mirror those set on the other
VPN device.
Tunnel Name
Enter a name for the VPN Tunnel. Up to 16 different tunnels can be
created, each requiring a unique name. Values (chars)
tunnel1
© Microhard Systems Inc. 135
4.0 Configuration
Local Group Setup
Interface IP Address
Displays the IP address of the VIP4G, which is the local VPN Gateway. Values (IP Address)
Current IP Address
Next-hop Gateway IP
Next-hop Gateway means the next-hop gateway IP address for the local or
remote gateway participant's connection to the public network. Values (IP Address)
(no default)
Enable
Used to enable (checked) is disable (unchecked) the VPN tunnel. Values (checkbox)
Enable (Checked)
Local Security Gateway Type
Specify the method for identifying the router to establish the VPN tunnel.
The Local Security Gateway is on this router; the Remote Security
Gateway is on the other router. At least one of the routers must have either
a static IP address or a dynamic IP with server id to make a connection.
Values (selection)
IP Only
IP + Server ID
Dynamic IP + Server ID
IP Only: Choose this option if this router has a static WAN IP address. The WAN IP address appears
automatically. For the Remote Security Gateway Type, an extra field appears. If you know the IP address
of the remote VPN router, choose IP Address, and then enter the address.
IP + Server ID: Choose this option if this router has a static WAN IP address and a server id. The WAN IP
address appears automatically. For the Remote Security Gateway Type, an extra field appears. If you
know the IP address of the remote VPN router, choose IP Address, and then enter the address.
Dynamic IP + Server ID: Choose this option if this router has a dynamic IP address and a server id
(available such as @microhard.vpn). Enter the server id to use for authentication. The server id can be
used only for one tunnel connection.
Server ID
This option appears when the Local Security Gateway Type specifies that
the Server ID is required for the connection. The Server ID must be in the
format @name, where name can be anything. Both routers must know
each others names to establish a connection.
Values (IP Address)
(no default)
Group Subnet IP
Define the local network by specifying the local subnet. The local and
remote routers must use different subnets. Values (IP Address)
(no default)
© Microhard Systems Inc. 136
4.0 Configuration
Subnet IP Address
Define the remote network by specifying the local subnet. Values (IP Address)
(no default)
Subnet Mask
Specify the subnet mask of the remote network address. Values (IP Address)
255.255.255.0
Group Subnet Gateway
Enter the Gateway for the local group network. Values (IP Address)
(no default)
Remote Group Setup
Gateway IP Address
If the remote VPN router has a static IP address, enter the IP address of
the remote VPN Gateway here. Values (IP Address)
(no default)
Group Subnet Mask
Specify the subnet mask of the local network address. Values (IP Address)
255.255.255.0
Remote Security Gateway Type
Specify the method for identifying the router to establish the VPN tunnel.
The Local Security Gateway is on this router; the Remote Security
Gateway is on the other router. At least one of the routers must have either
a static IP address or a dynamic IP with server id to make a connection.
(See Local Group Setup for details)
Values (selection)
IP Only
IP + Server ID
Dynamic IP + Server ID
Server ID
This option appears when the Remote Security Gateway Type specifies
that the Server ID is required for the connection. The Server ID must be in
the format @name, where name can be anything. Both routers must know
each others names to establish a connection.
Values (IP Address)
(no default)
Next-hop Gateway IP
Next-hop Gateway means the next-hop gateway IP address for the local or
remote gateway participant's connection to the public network. Values (IP Address)
(no default)
© Microhard Systems Inc. 137
4.0 Configuration
Phase 1 SA Life Time
Select value to match the values required by the remote VPN router. Values
28800
Perfect Forward Secrecy (pfs)
Select value to match the values required by the remote VPN router. Values (selection)
Disable / Enable
Phase 1 Authentication
Select value to match the Phase 1 Authentication used by the remote VPN
router. Values (selection)
md5
sha1
Phase 1 Encryption
Select value to match the Phase 1 Encryption type used by the remote
VPN router. Values (selection)
3des
aes
aes128
aes256
IPsec Setup
Phase 1 DH Group
Select value to match the values required by the remote VPN router. Values (selection)
modp1024
modp1536
modp2048
Phase 2 DH Group
Select value to match the values required by the remote VPN router. Values (selection)
modp1024
modp1536
modp2048
Phase 2 Encryption
Select value to match the Phase 1 Encryption type used by the remote
VPN router. Values (selection)
3des
aes
aes128
aes256
© Microhard Systems Inc. 138
4.0 Configuration
Phase 2 Authentication
Select value to match the Phase 1 Authentication used by the remote VPN
router. Values (selection)
md5
sha1
Phase 2 SA Life Time
Select value to match the values required by the remote VPN router. Values
3600
Preshared Key
Set the Preshared Key required to authenticate with the remote VPN
router. Values (characters)
password
DPD Delay(s)
Dead Peer Detection is used to detect if there is a dead peer. Set the DPD
Delay (seconds), as required. Values (seconds)
32
DPD Timeout(s)
Set the DPD (Dead Peer Detection) Timeout (seconds), as required. Values (seconds)
122
DPD Action
Set the DPD action, hold or clear, as required. Values (seconds)
Hold
Clear
© Microhard Systems Inc. 139
4.0 Configuration
Image 4-10-3: VPN > Client to Gateway
4.10.3 VPN > Client To Gateway (L2TP Client)
The VIP4G can operate as a L2TP Client, allowing a VPN connection to be made with a L2TP Server.
Tunnel Name
Enter a name for the VPN Tunnel. Up to 16 different tunnels can be
created, each requiring a unique name. Values (chars)
tunnel1
Enable
Used to enable (checked) is disable (unchecked) the VPN tunnel. Values (checkbox)
Enable (Checked)
© Microhard Systems Inc. 140
4.0 Configuration
Local Interface IP Address
This will show the WAN or 4G IP Address used for the L2TP Interface. Values (IP Address)
Current IP
Remote Gateway IP Address
Enter the IP Address of the Remote Gateway that you wish to establish a
connection with. Values (IP Address)
none
Remote Server ID
Some servers require that you know the Server ID as well as the IP
address. Enter the Server ID of the remote router here. Values
none
Remote Subnet IP
In order to communicate with the devices on the other side of the tunnel,
the VIP4G must know which data to pass through the tunnel, to do this
enter the Remote Subnet network IP address here.
Values (IP Address)
none
Remote Subnet Mask
Enter the Remote Subnet Mask Values (IP Address)
none
Idle time before hanging up
Enter the Idle time (in seconds) to wait before giving up the PPP
connection. The default is 0, which means the time is infinite. (065535) Values (seconds)
0
Username
Enter the Username Values (chars)
0
Preshared Key
The preshared key is required to connect to the L2TP Server. Values (chars)
0
IPSec Setup - See previous sections for additional info.
© Microhard Systems Inc. 141
4.0 Configuration
Image 4-10-4: VPN > VPN Client Access
4.10.4 VPN > VPN Client Access
For VPN L2TP Server operation, users will be required to provide a username and password. Use VPN
Client Access to set up the required users.
Username
Enter a username for the user being set up.
Values (characters)
New Password
Enter a password for the use. Values (characters)
Confirm New Password
Enter the password again, the VIP4G will ensure that the password match. Values (IP Address)
© Microhard Systems Inc. 142
4.0 Configuration
Image 4-10-5: VPN > Certificate Management
4.10.5 VPN > Certificate Management
When using the VPN features of the VIP4G, it is possible to select X.509 for the Authentication Type. If that
is the case, the VIP4G must use the required x.509 certificates in order to establish a secure tunnel
between other devices. Certificate Management allows the user a place to manage these certificates.
© Microhard Systems Inc. 143
4.0 Configuration
Image 4-10-1: MultiWAN > Status
4.11 MultiWAN
4.11.1 MultiWAN > Status
The VIP4G is capable of having 2 WAN connections, one connected to the physical WAN port on the
VIP4G and the Cellular WAN connection to the wireless carrier. The MultiWAN section allows a user to
define how traffic uses these WAN’s.
The main purpose of the MultiWan feature is to use one network for a primary connection, such as a local,
wired ISP for broadband access, and if that connection fails or is offline, the VIP4G can automatically
switch to an alternate network connection such as the 4G/Cellular connection.
The Status menu gives an overview of both WAN connections and their configuration. WAN group 1 is the
wired WAN and WAN group 2 is the 4G/Cellular connection to a wireless carrier.
© Microhard Systems Inc. 144
4.0 Configuration
Image 4-10-2: MultiWAN > Settings
4.10.2 MultiWAN > Settings
The following section describes the parameters required for MultiWan for failover purposes. The
configuration for each interface in identical, so will only be described once.
Multi Wan status
Enable or disable the MultiWan service on the VIP4G.
To use MultiWAN, the WAN (wired) must be configured as independent in
the Network > WAN settings and/or the Wireless must be set to Client &
bound to the WIFI interface.
Values (selection)
Enable / Disable
Primary Connection
Define which connection is the primary network/internet connection for the
VIP4G. Normally this is the wired WAN connection to an ISP.
Values (selection)
WAN / 4G / WIFI
© Microhard Systems Inc. 145
4.0 Configuration
Health Monitor ICMP Timeout
This is the amount of time the Health Monitor will wait for a response from
the ICMP Host. Values (selection)
1, 2, 3, 4, 5, 10 (seconds)
Attempts Before WAN Failover
This is the number of attempts the VIP4G will attempt to reach the IMCP
host before going into failover and switching WAN interfaces. Values (selection)
1, 3, 5, 10, 15, 20
Attempts Before WAN Recovery
The VIP4G will continue to monitor the failed interface, even after failover
has occurred. This defines the number of successful attempts required
before recovering the failed interface.
Values (selection)
1, 3, 5, 10, 15, 20
Failover Traffic Destination
Select the interface to use once failover has occurred. Values (selection)
4G, WAN, Disable
Health Monitor ICMP Host
This is the IP Address or domain name of a valid reachable host that can
be used to determine link health. Values (Address)
8.8.8.8
Health Monitor Interval
This is the frequency at which the VIP4G will send ICMP packets to the
defined host to determine if the interface has failed. Values (selection)
5,10,20,30,60,120(sec.)
Disable
© Microhard Systems Inc. 146
4.0 Configuration
Image 4-12-1: Tools > Discovery
4.12 Tools
4.12.1 Tools > Discovery
Network Discovery
The Network discovery tool allows the VIP4G to send a broadcast to all VIP4G/VIP Series units on the
same network. Other units on the network will respond to the broadcast and report their MAC address, IP
address (With a hyperlink to that units WebUI page), description, firmware version, operating mode, and
the SSID (regardless of whether it was set to broadcast or not).
The discovery service can be a useful troubleshooting tool and can be used to quickly find and indentify
other units on the network. It can be disabled from the Network > sdpServer menu.
To begin, click the Start discovery network again button, the VIP4G will send out a broadcast message,
and will report back, by populating the network discovery screen as seen above. This will detect any VIP4G
or Microhard enabled devices on the local broadcast domain, regardless of the IP address or subnet. Once
devices are found, and if on a accessible subnet, the IP Address link can be used to automatically open a
web browser WebUI session with that unit.
© Microhard Systems Inc. 147
4.0 Configuration
Image 4-12-2: Tools > Netflow Report
4.12.2 Tools > Netflow Report
The VIP4G can be configured to send Netflow reports to up to 3 remote systems. Netflow is a tool that
collects and reports IP traffic information, allowing a user to analyze network traffic on a per interface basis
to identity bandwidth issues and to understand data needs. Standard Netflow Filters can be applied to
narrow down results and target specific data requirements.
Status
Enable / Disable Netflow Reporting. Values (selection)
Disable / Enable
Interface
Select between WAN ,4G/Cellular and LAN interfaces, or capture data from
all interfaces. Values (selection)
LAN / WAN / 4G / ALL
Source Address
The Source Address is the IP Address, of which data is to be collected and
analyzed. The default of 0.0.0.0 will collect and report information about all
addresses connected to the interface selected below.
Values (IP Address)
0.0.0.0
© Microhard Systems Inc. 148
4.0 Configuration
Remote Port
Enter the Remote Port number. Values (IP Address)
0
Filter expression
Filter expression selects which packets will be captured. If no expression is
given, all packets will be captured. Otherwise, only packets for which
expression is `true' will be captured. Example: tcp&&port 80
The “tcpdump” manual, available on the internet provides detailed expression syntax.
Values (chars)
(no default)
Remote IP
The Remote IP is the IP Address of the NetFlow collector where the flow
reports are be sent. Values (IP Address)
0.0.0.0
Version
Select the Netflow version format to use. V1, 5 and 7 are supported. Values (selection)
V1 / V5 / V7
© Microhard Systems Inc. 149
4.0 Configuration
Image 4-12-3: NMS Registration
4.12.3 Tools > NMS Settings
The Microhard NMS is a no cost server based monitoring and management service offered by Microhard
Systems Inc. Using NMS you can monitor online/offline units, retrieve usage data, perform backups and
centralized upgrades, etc. The following section describes how to get started with NMS and how to
configure the VIP4G to report to NMS.
To get started with NMS, browse to the Microhard NMS website, nms.microhardcorp.com, click on the
register button in the top right corner to register for a Domain (profile), and set up a Domain Administrator
Account.
© Microhard Systems Inc. 150
4.0 Configuration
Image 4-12-4: NMS Settings
Domain Name: A logical management zone for 3G or 4G devices will report to on NMS, the logged data
is separated from any other users that are using NMS. The Domain Name is required in every 3G or 4G
device for it to report to right zone. Under this user domain, one can create and manage sub-domain. The
sub-domain can only be created by the domain administrator, NOT by the NMS subscription page.
Domain Password: This password is used to prevent misuse of the domain. This needs to be entered
into each 3G or 4G device for it to report to right zone.
Email Address: The email address entered here will be the login username. During the registration stage,
a confirmation email will be sent by the NMS system for verification and confirmation to activate your
account.
Once confirmed, this account will be the administrator of the domain. The administrator can manage sub-
domain and user accounts that belong to this domain.
Once NMS has been configured, each VIP4G must be configured to report into NMS.
© Microhard Systems Inc. 151
4.0 Configuration
Default Settings
The default Settings link will reset the configuration form to the default factory values. The form still needs
to be submitted before any changes will occur.
NMS Server/IP
The default server address for NMS is nms.microhardcorp.com. The NMS
can also be hosted privately, and if that is the case, enter the address here. Values (IP/Name)
nms.microhardcorp.com
Domain Name / Password
This is the domain name and password that was registered on the NMS
website, it must be entered to enable reporting to the NMS system. Values (chars)
default
Carrier Location
Enable or Disable location estimation via carrier connection. When
enabled, the VIP4G will consume some data to retrieve location information
from the internet.
Values (chars)
Disable/Enable
Remote Port
This is the port to which the UDP packets are sent, and the NMS system is
listening on. Ensure this matches what is configured on NMS. The default
is 20200.
Values (UDP Port#)
20200
Network Management System (NMS) Configuration
NMS Report Setting
Report Status
Enable or Disable UDP reporting of data to the NMS system. Values (chars)
Enable NMS Report
Disable NMS Report
Interval(s)
The Interval defines how often data is reported to NMS. The more often
data is reported, the more data is used, so this should be set according to a
user’s data plan. (0 to 65535 seconds)
Values (seconds)
300
© Microhard Systems Inc. 152
4.0 Configuration
Information Selection
The VIP4G can report information about the different interfaces it has. By
default the VIP4G is set to send information about the Carrier, such as
usage and RSSI. Statistical and usage data on the Radio (WiFi), Ethernet
and Serial interfaces can also be reported.
The more that is reported, the more data that is sent to the NMS system,
be aware of data plan constraints and related costs.
Values (check boxes)
Ethernet
Carrier
Radio
COM
DI / DO
Status
The Web Service can be enabled or disabled. This service is used to
remotely control the VIP4G. It can be used to schedule reboots, firmware
upgrade and backup tasks, etc.
Values (chars)
Disable/Enable
Server Port
This is the port where the service is installed and listening. This port should
be open on any installed firewalls. Values (Port#)
9998
Webclient Setting
Server Type
Select between HTTPS (secure), or HTTP server type. Values (chars)
HTTPS/ HTTP
Username / Password
This is the username and password used to authenticate the unit. Values (seconds)
admin/admin
Interval
The Interval defines how often the VIP4G checks with the NMS System to
determine if there are any tasks to be completed. Carrier data will be
consumed every time the device probes the NMS system.
Values (min)
60
© Microhard Systems Inc. 153
4.0 Configuration
Image 4-12-5: Tools > Event Report
4.12.4 Tools > Event Report
4.12.4.1 Event Report > Configuration
Event Reporting allows the VIP4G to send periodic updates via UDP packets. These packets are
customizable and can be sent to up to 3 different hosts, and at a programmable interval. The event packet
can report information about the modem such as the hardware/ software versions, core temperature,
supply voltage, etc; carrier info such as signal strength (RSSI), phone number, RF Band; or about the WAN
such as if the assigned IP Address changes. All events are reported in binary.
Event Type
This box allows the selection of the type of event to be reported. The
default is disabled. If Modem_Event is selected, additional options appear
to the right and allow for customization of the event reported via Messages.
If Management is selected, additional check boxes appear below to select
the interfaces to report to the Microhard NMS system.
Values (selection)
Modem_Event
SDP_Event
Management
© Microhard Systems Inc. 154
4.0 Configuration
Remote IP
Enter the IP Address of a reachable host to send the UDP packets Values (IP Address)
0.0.0.0
Remote Port
Specify the UDP port number of the Remote IP Address.
*Default Port Numbers for Microhard NMS (20100 for modem events, 20200 for
Management)
Values (Port #)
20200
Interval Time(s)
This is the interval time in seconds, that the VIP4G will send the configured
UDP message to the Remote IP and Port specified. Values (seconds)
600
4.12.4.2 Event Report > Message Structure
Modem_event message structure
- fixed header (fixed size 20 bytes)
- Modem ID (uint64_t (8 bytes))
- Message type mask (uint8_t(1 byte))
- reserved
- packet length (uint16_t(2 bytes))
Note: packet length = length of fixed header + length of message payload.
Message type mask
Modem info - 2 bits
00 no
01 yes (0x1)
Carrier info - 2 bits
00 no
01 yes (0x4)
WAN Info - 2 bits
00 no
01 yes (0x10)
sdp_event message structure
- spd_cmd (1 byte(0x01))
- content length (1 byte)
- spd_package - same as spd response inquiry package format
Message Info Type
When Modem_Event is selected, up to three different payloads can be
selected. Values (seconds)
Modem
Carrier
WAN
© Microhard Systems Inc. 155
4.0 Configuration
4.12.4.3 Event Report > Message Payload
Modem info:
Content length - 2 BYTES (UINT16_T)
Modem name - STRING (1-30 bytes)
Hardware version - STRING (1-30 bytes)
Software version - STRING (1-30 bytes)
Core temperature - STRING (1-30 bytes)
Supply voltage - STRING (1-30 bytes)
Carrier info:
Content length - 2 BYTES (UINT16_T)
RSSI - 1 BYTE (UINT8_T)
RF Band - 2 BYTES (UINT16_T)
Service type - STRING (1-30 Bytes)
Channel number - STRING (1-30 Bytes)
SIM card number - STRING (1-30 Bytes)
Phone number - STRING (1-30 Bytes)
WAN Info:
Content length - 2 BYTES (UINT16_T)
IP address - 4 BYTES (UINT32_T)
DNS1 - 4 BYTES (UINT32_T)
DNS2 - 4 BYTES (UINT32_T)
Message Order:
Messages will be ordered by message type number.
For example,
If message type mask = 0x15, the eurd package will be equipped by header+modem information+carrier
information+wanip information.
If message type mask = 0x4, the eurd package will be equipped by header+carrier information.
If message type mask = 0x11, the eurd package will be equipped by header+modem infomation+wanip
infomation.
© Microhard Systems Inc. 156
4.0 Configuration
Image 4-12-6: Tools > Modbus Configuration
4.12.5 Tools > Modbus
4.12.5.1 Modbus > TCP Modbus
The VIP4G can be configured to operate as a TCP/IP or Serial (COM) Modbus slave and respond to
Modbus requests and report various information as shown in the Data Map.
Status
Disable or enable the Modbus service on the VIP4G. Values (selection)
Disable Service
Enable Service
TCP Mode Status
Disable or enable the Modbus TCP Connection Service on the VIP4G. Values (selection)
Disable
Enable
© Microhard Systems Inc. 157
4.0 Configuration
Port
Specify the Port in which the Modbus TCP service is to listen and respond
to polls. Values (Port #)
502
Active Timeout(s)
Define the active timeout in seconds. Values (seconds)
30
Slave ID
Each Modbus slave device must have a unique address, or Slave ID. Enter
this value here as required by the Modbus Host System. Values (value)
1
Coils Address Offset
Enter the Coils Address offset as required by the Master. Values (value)
0
Input Address Offset
Enter the Input Address offset as required by the Master. Values (value)
0
Register Address Offset
Enter the Register Address offset as required by the Master. Values (value)
0
Master IP Filter Set
It is possible to only accept connections from specific Modbus Master IP’s,
to use this feature enable the Master IP Filter and specify the IP Addresses
in the fields provided.
Values (selection)
Disable / Enable
© Microhard Systems Inc. 158
4.0 Configuration
4.12.5.2 Modbus > COM (Serial) Modbus
The VIP4G can also participate in serial based Modbus, to configure and view the serial Modbus settings,
the COM1 port must first be disabled in the Comport > Settings menu. Only the settings that are different
from TCP Modbus will be discussed.
COM Mode Status
Disable to select the Serial (COM) mode for the Modbus service. In RTU
mode, communication is in binary format and in ASCII mode,
communication is in ASCII format.
Values (selection)
Disable
Enable COM ASCII Mode
Enable COM RTU Mode
Data Mode
Determines which (rear of unit) serial interface shall be used to connect to
external devices: RS232, RS485, or RS422. This option applies only to
COM1. When an interface other than RS232 is selected, the DE9 port will
be inactive.
Values (selection)
RS232
RS485
RS422
Baud Rate
The serial baud rate is the rate at which the modem is to
communicate with the attached local serial device. Values (selection (bps))
921600
460800
230400
115200
14400
9600
7200
4800
57600
38400
28800
19200
3600
2400
1200
600
300
Data Format
This setting determines the format of the data on the serial port.
The default is 8 data bits, No parity, and 1 Stop bit. Values (selection)
8N1
8N2
8E1
7E1
7O1
7E2
7O2
8O1
7N1
7N2
Image 4-12-7: Tools > Modbus Serial Configuration
© Microhard Systems Inc. 159
4.0 Configuration
4.12.5.3 Modbus > Modbus Data Map
Image 4-12-8: Tools > Modbus Data Map
© Microhard Systems Inc. 160
4.0 Configuration
Image 4-12-9: Tools > Web Socket Service
4.12.6 Tools > Websocket
The Websocket service is a feature of HTML5.0 or later. Web Socket is designed to be implemented in
web browsers and web servers to allow XML scripts to access the HTML web service with a TCP socket
connection.
It is mainly used for two purposes:
refreshing page information without refreshing the entire page to reduce network stream.
to integrate internet applications with xml to get required information in real time.
Currently we provide four types of information as configured:
GPS Coordinate Information
GPS NMEA Data
Carrier Information
Comport Data
Status
Enable or disable the web socket service in the VIP4G. Values (selection)
Enable / Disable
Web Socket Port
Enter the desired web socket TCP port number. The default is 7681, and
the valid range is 100 to 65535. Values (TCP port)
7681
© Microhard Systems Inc. 161
4.0 Configuration
Data Fresh Intervals
Enter in the time at which data is to be refreshed. The default is 10
seconds, the valid range is 2 to 65535 seconds. Values (seconds)
10
Connect Password
For added security a password can be required to connect to the web
socket service. To disable, leave this field blank. The default is disabled. Values
(blank)
Max Keep Time
This field determines how long the web socket is open once started/
enabled. The default is 60 mins, a value of zero means the service with
continue to run indefinitely.
Values (minutes)
60
GPS Coordinate
If enabled the VIP4G will report GPS coordinate data to the websocket. Values (selection)
Disable / Enable
GPS NMEA Data
If enabled the VIP4G will report GPS NMEA data to the websocket. Values (selection)
Disable / Enable
Carrier Information
If enabled the VIP4G will report carrier information to the websocket. Values (selection)
Disable / Enable
Comport Data
If enabled, and the COM1 port is configured for TCP Server, the comport
data will be reported to the web socket. Values (selection)
Disable / Enable
© Microhard Systems Inc. 162
4.0 Configuration
Image 4-12-10: Tools > Site Survey
4.12.7 Tools > Site Survey
Wireless Survey
The Wireless Survey feature will scan the available wireless channels for any other 802.11 wireless
networks in proximity to the VIP4G. The Survey will display the Channel number the other networks are
operating on, the MAC address, Encryption Type, Frequency and general signal level and quality
information. This can be useful for finding available networks, or troubleshooting connection and sensitivity
problems. If there are other networks operating on the same frequency, or a channel close to the one
chosen, it can then be decided to try to use another channel.
© Microhard Systems Inc. 163
4.0 Configuration
Image 4-12-11: Tools > Ping
4.12.8 Tools > Ping
Network Tools Ping
The Network Tools Ping feature provides a tool to test network connectivity from within the VIP4G unit. A
user can use the Ping command by entering the IP address or host name of a destination device in the
Ping Host Name field, use Count for the number of ping messages to send, and the Packet Size to modify
the size of the packets sent.
© Microhard Systems Inc. 164
4.0 Configuration
Image 4-12-12: Tools > TraceRoute
4.12.9 Tools > TraceRoute
Network TraceRoute
The Trace Route command can be used to provide connectivity data by providing information about the
number of hops, routers and the path taken to reach a particular destination.
© Microhard Systems Inc. 165
4.0 Configuration
Image 4-12-13: Tools > Traffic
4.12.10 Tools > Traffic
The Traffic menu shows a graphical display of the LAN traffic by day and month. It can be used to
determine when there are high and low periods of LAN traffic over a period of time.
© Microhard Systems Inc. 166
5.0 AT Command Line Interface
5.1 AT Command Overview
AT Commands can be issued to configure and manage the VIP4G, serial port (Serial), or by TCP/IP
(telnet).
5.1.1 Serial Port
To connect and access the AT Command interface on the VIP4G, a physical connection must be made on
the RS232 DB9 serial port labeled ‘Serial’. A terminal emulation program (Hyperterminal, Tera Term,
ProComm, Putty etc) can then be used to communicate with the VIP4G.
Image 5-1: Serial Port Settings
Default Settings:
Baud rate: 115200
Data bits: 8
Parity: None
Stop Bits: 1
Flow Control: None
Once communication is established, a login is required to access the AT Command interface, once logged
in, the AT Command Line Interface menu is displayed. Type “?” or Help to list the menu commands.
Default Settings:
VIP4G login: admin
Password: admin
Image 5-2: AT Command Window
© Microhard Systems Inc. 167
5.0 AT Command Line Interface
5.1.2 Telnet (TCP/IP)
Telnet can be used to access the AT Command interface of the VIP4G. The default port is TCP Port 23. A
telnet session can be made to the unit using any Telnet application (Windows Telnet, Tera Term,
ProComm etc). Once communication is established, a login is required to continue.
Image 5-3: Establishing a Telnet Session
A session can be made to the WAN IP Address (if allowed in the firewall settings) for remote configuration,
or to the local RJ45 interface (default IP: 192.168.168.1).
Once a session is established a login is required to continue. As seen in the Serial port setup, the default
login is admin, and the password is admin. Once verified, the AT Command Line Interface menu is shown
and AT Commands can now be issued. (Type “?” or Help to list the commands)
Image 5-4: Telnet AT Command Session
© Microhard Systems Inc. 168
5.0 AT Command Line Interface
5.2 AT Command Syntax
The follow syntax is used when issuing AT Commands on the VIP4G
- All commands start with the AT characters and end with the <Enter> key
- Microhard Specific Commands start with +M
- Help will list top level commands (ATL will list ALL available AT Commands)
- To query syntax of a command: AT+<command_name>=?
- Syntax for commands that are used only to query a setting:
AT<command_name>
- Syntax for commands that can be used to query and set values:
AT<command_name>=parameter1,parameter2, (Sets Values)
AT<command_name>? (Queries the setting)
Query Syntax:
AT+MLEIP=? <Enter>
+MLEIP: Command Syntax:AT+MLEIP=<IP Address>,<Netmask>,<Gateway>
OK
Setting a value:
AT+MLEIP=192.168.0.1,255.255.255.0,192.168.0.1 <Enter>
OK
Query a setting:
AT+MLEIP? <Enter>
+MLEIP: “192.168.0.1, “255.255.255.0”, “192.168.0.1”
OK
A screen capture of the above commands entered into a unit is shown below:
Image 5-5: Telnet AT Command Syntax
Once AT commands are entered, the changes are immediate.
ATO or ATA Exits the AT Command Line Interface.
© Microhard Systems Inc. 169
5.0 AT Command Line Interface
5.3 Supported AT Commands
AT
Command Syntax
Echo OK. AT <enter>
Description
Example
ATH
Command Syntax
Show a list of previously run commands. ATH <enter>
Description
Example
Input:
ATH <enter>
Response:
AT Command history: 1. ATH 2. ATL 3. ATH
Input:
AT <enter>
Response:
OK
AT&R
Command Syntax
Read modem profile to editable profile. (Reserved) AT&R <enter>
Description
Example
Input:
AT&R <enter>
Response:
OK
AT+TEST
Command Syntax
Echo TEST AT+TEST <enter>
Description
Example
Input:
AT+TEST <enter>
Response:
AT ECHO TEST:
:0
© Microhard Systems Inc. 170
5.0 AT Command Line Interface
AT&V
Command Syntax
Read modem active profile. AT&V <enter>
Description
Example
Input:
AT&V <enter>
Response:
&V:
hostname:VIP4G
timezone:MST7MDT,M3.2.0,M11.1.0
systemmode:gateway
time mode:sync
OK
AT&W
Command Syntax
Reserved. AT&W <enter>
Description
Example
Input:
AT&W <enter>
Response:
OK
AT+MREB
Command Syntax
Reboots the modem. AT+MREB <enter>
Description
Example
Input:
AT+MREB <enter>
Response:
OK. Rebooting...
© Microhard Systems Inc. 171
5.0 AT Command Line Interface
ATA
Command Syntax
Quit. Exits AT Command session and returns you to
login prompt. ATA <enter>
Description
Example
Input:
ATA <enter>
Response:
OK
IPn3G Login:
ATO
Command Syntax
Quit. Exits AT Command session and returns you to
login prompt. ATO <enter>
Description
Example
Input:
ATA <enter>
Response:
OK
IPn3G Login:
AT+CMGS
Command Syntax
Send SMS message. To send message CTRL+Z
must be entered, to exit, ESC. AT+CMGS=<Phone Number><CR>
text is entered <CTRL+Z/ESC>
Description
Example
Input:
AT+CMGS=4035553776 <enter>
4035553776 Test <ctrl+z>
Response:
OK
© Microhard Systems Inc. 172
5.0 AT Command Line Interface
AT+CMGR
Command Syntax
This command allows the application to read stored
messages. The messages are read from the SIM card
memory.
AT+CMGR=<index>
Description
Example
Input:
AT+CMGR=<index><enter>
Response:
+CMGR: <stat>,<oa>,,<dt>
<data>
OK
Parameters:
<index> Index in SIM card storage of the message
<stat> Status of Message in Memory (Text Mode)
“REC UNREAD” Received unread messages
“REC READ” Received read messages
<oa> Originator Address
String type
<dt> Discharge Time
String format: "yy/MM/dd,hh:mm:ss±zz" (year [00-99]/ month [01-12]/Day [01-31],
Hour:Min:Second and TimeZone [quarters of an hour])
<data> SMS User Data in Text Mode
String type
AT+CMGL
Command Syntax
This command allows the application to read stored
messages by indicating the type of the message to
read. The messages are read from the SIM card
memory.
AT+CMGL=<status>
Status:
0 - Lists all unread messages
1 - Lists all read messages
4 - Lists all messages
Description
Example
Input:
AT+CMGL=1 <enter>
Response:
AT+CMGL=1
+CMGL: 0,"REC READ","+14035553776",,"2013/10/04,11:12:27-06"
Test Message 1
+CMGL: 1,"REC READ","+14035553776",,"2013/10/04,11:12:53-06"
Test Message 2
+CMGL: 2,"REC READ","+14035553776",,"2013/10/04,11:13:06-06"
Another test message!
OK
© Microhard Systems Inc. 173
5.0 AT Command Line Interface
AT+CMGD
Command Syntax
This command handles deletion of a single message
from memory location <index>, or multiple
messages according to <delflag>.
AT+CMGD=<index>,<delflag>
delflag:
0 - Deletes the message specified in <index>
1 - Deletes all read messages
4 - Deletes all messages
Description
Example
Input:
AT+CMGD=0,4 <enter>
Response:
index=0 dflag=4
OK
AT+GMR
Command Syntax
Modem Record Information AT+GMR <enter>
Description
Example
Input:
AT+GMR <enter>
Response:
+GMR:
Hardware Version:v1.0.0 Software Version:v1.1.0 build 1060
Copyright: 2012 Microhard Systems Inc.
System Time: Mon Dec 2 16:03:51 2013
OK
AT+GMI
Command Syntax
Get Manufacturer Identification AT+GMI=<enter>
Description
Example
Input:
AT+GMI<enter>
Response:
+GMI: 2012 Microhard Systems Inc.
OK
© Microhard Systems Inc. 174
5.0 AT Command Line Interface
AT+CNUM
Command Syntax
Check modem’s phone number. AT+CNUM <enter>
Description
Example
Input:
AT+CNUM <enter>
Response:
+CNUM: "+15875558645"
OK
AT+CIMI
Command Syntax
Check modem’s IMEI and IMSI numbers. AT+CIMI <enter>
Description
Example
Input:
AT+CIMI <enter>
Response:
+CIMI: IMEI:012773002108403, IMSI:302720406982933
OK
AT+CCID
Command Syntax
Check modem’s SIM card number. AT+CCID=<enter>
Description
Example
Input:
AT+CCID<enter>
Response:
+CCID: 89302720401025355531
OK
© Microhard Systems Inc. 175
5.0 AT Command Line Interface
AT+MSYSI
Command Syntax
System Summary Information AT+MSYSI <enter>
Description
Example
Input:
AT+MSYSI <enter>
Response:
Carrier:
Carrier:
IMEI:012773002113114
SIMID:89302720401025355531
IMSI:302720406982933
Phone Num: +15878938645
Status: CONNECTED
Network: ROGERS
RSSI:WCDMA RSSI : 70
Temperature:51 degC
Ethernet Port:
MAC:00:0F:92:00:B3:3B
IP:192.168.168.1
MASK:255.255.255.0
Wan MAC:00:0F:92:01:B3:3B
Wan IP:0.0.0.0
Wan MASK:0.0.0.0
System:
Device:VIP4G_MKT
Product:VIP4G_WIFI_N
Image:VIP4G
Hardware:v2.0.0
Software:v1.1.6 build 1184-14
Copyright: 2012 Microhard Systems Inc.
Time: Thu Jun 18 13:25:34 2015
AT+MMNAME
Command Syntax
Modem Name / Radio Description. 30 chars. AT+MMNAME=<modem_name>
Description
Example
Input: (To set value)
AT+MMNAME=VIP4G_CLGY<enter>
Response:
OK
Input: (To retrieve value)
AT+MMNAME=?<enter>
Response:
+MMNAME: VIP4G_CLGY
OK
© Microhard Systems Inc. 176
5.0 AT Command Line Interface
AT+MLEIP
Command Syntax
Set the IP Address, Netmask, and Gateway for the
local Ethernet interface. AT+MLEIP=<IPAddress>, <Netmask>,
<Gateway>
Description
Example
Input:
AT+MLEIP=192.168.168.1,255.255.255.0,192.168.168.1 <enter>
Response:
OK
AT+MDHCP
Command Syntax
Enable/Disable the DHCP server running of the local
Ethernet interface. AT+MDHCP=<action>
0 Disable
1 Enable
Description
Example
Input:
AT+MDHCP=1 <enter>
Response:
OK
AT+MDHCPA
Command Syntax
Define the Starting and Ending IP Address (range)
assignable by DHCP on the local Ethernet interface. AT+MDHCPA=<Start IP>, <End IP>
Description
Example
Input:
AT+MDHCPA=192.168.168.100,192.168.168.200 <enter>
Response:
OK
© Microhard Systems Inc. 177
5.0 AT Command Line Interface
AT+MEMAC
Command Syntax
Retrieve the MAC Address of the local Ethernet
interface. AT+MEMAC <enter>
Description
Example
Input:
AT+MEMAC<enter>
Response:
+MEMAC: "00:0F:92:00:40:9A"
OK
AT+MSIP
Command Syntax
Set LAN static IP AT+MSIP=<static IP address> <enter>
Description
Example
Input:
AT+MSIP=192.168.168.1 <enter>
Response:
+MSIP: setting and restarting network...
OK
AT+MSCT
Command Syntax
Set LAN Connection Type. AT+MSCT=<Mode>
Mode:
0 DHCP
1 Static IP
Description
Example
Input:
AT+MSCT=1 <enter>
Response:
OK
© Microhard Systems Inc. 178
5.0 AT Command Line Interface
AT+MNTP
Command Syntax
Enable and define a NTP server. AT+MNTP=<status>,<NTP server>
Status:
0 Disable
1 Enable
Description
Example
Input:
AT+MNTP=1,pool.ntp.org<enter>
Response:
OK
AT+MPIPP
Command Syntax
Enable/Disable IP-Passthrough AT+MPIPP=<Mode>
Mode:
0 Disable
1 Ethernet
Description
Example
Input:
AT+MPIPP=1 <enter>
Response:
OK
AT+MCNTO
Command Syntax
Sets the timeout value for the serial and telnet
consoles. Once expired, user will be return to login
prompt.
AT+MCNTO=<Timeout_s>
0 - Disabled
0 - 65535 (seconds)
Description
Example
Input:
AT+MCNTO=300 <enter>
Response:
OK
© Microhard Systems Inc. 179
5.0 AT Command Line Interface
AT+MTWT
Command Syntax
Enable/Disable the Wireless Traffic Timeout. Unit
will reset if it does not see any traffic from the carrier
for the amount of time defined.
AT+MTWT=<Mode>[,<Interval_s>,<Reboot
Time Limit_s>]
Mode:
0 Disable
1 Enable
Reboot Time Limit:300-60000
Description
Example
Input:
AT+MTWT=1,1,300 <enter>
Response:
OK
AT+MRTF
Command Syntax
Reset the modem to the factory default settings
stored in non-volatile (NV) memory. Unit will reboot
with default settings.
AT+MRTF <action>
Action:
0 pre-set action
1 confirm action
OK
Description
Example
Input:
AT+MRTF=1 <enter>
Response:
OK
AT+MSCMD
Command Syntax
Enable/Disable the Wireless Traffic Timeout. Unit
will reset if it does not see any traffic from the carrier
for the amount of time defined.
AT+MSCMD=<Mode>[,<Filter Mode>[,<Phone
No.1>[,...,<Phone
No.6>]]]
Mode:
0 Disable
1 Enable SMS Command
Filter Mode:
0 Disable
1 Enable Phone Filter
OK
Description
Example
Input:
AT+MSCMD=1,1,403556767,4057890909<enter>
Response:
OK
© Microhard Systems Inc. 180
5.0 AT Command Line Interface
AT+MPWD
Command Syntax
Used to set or change the ADMIN password for the
VIP4G. AT+MPWD=<New password>,<confirm
password>
password: at least 5 characters
Description
Example
Input:
AT+MPWD=admin,admin<enter>
Response:
OK
AT+MDISS
Command Syntax
Configure discovery mode service used by VIP4G
and utilities such as “IP Discovery”. AT+MDISS=<Mode>
Mode:
0 Disable
1 Discoverable
Description
Example
Input:
AT+MDISS=1 <enter>
Response:
OK
AT+MIKACE
Command Syntax
Enable or Disable IMCP ICMP keep-alive check. AT+MIKACE=<Mode>
Mode:
0 Disable
1 Enable
Description
Example
Input:
AT+MIKACE=1<enter>
Response:
OK
© Microhard Systems Inc. 181
5.0 AT Command Line Interface
AT+MIKAC
Command Syntax
Set ICMP Keep-alive check parameters. AT+MIKAC=<host name>, <interval in
seconds>, <count>
Description
Example
Input:
AT+MIKAC=www.google.com,600,10<enter>
Response:
OK
AT+MDDNSE
Command Syntax
Enable/Disable DDNS. AT+MDDNSE=<Mode>
Mode:
0 Disable
1 Enable
Description
Example
Input:
AT+MDDNSE=0<enter>
Response:
OK
AT+MDDNS
Command Syntax
Select DDNS service provider, and login credentials
as required for DDNS services. AT+MDDNS=<service type>,<host>,<user
name>,<password>
service type:
0 changeip
1 dyndns
2 eurodyndns
3 hn
4 noip
5 ods
6 ovh
7 regfish
8 tzo
9 zoneedit
Description
Example
Input:
AT+MDDNS=0,user.dydns.org,user,password <enter>
Response:
OK
© Microhard Systems Inc. 182
5.0 AT Command Line Interface
AT+MEURD1
AT+MEURD2
AT+MEURD3
Command Syntax
Define Event Report UDP Report No.1/2/3. AT+MEURD1=<Mode>[,<Remote IP>,<Remote
Port>,<Interval Ti
me_s>]
Mode:
0 Disable
1 Moden Event Report
2 SDP Event Report
3 Management Report
Description
Example
Input:
AT+MIKAC=www.google.com,600,10<enter>
Response:
OK
AT+MNMSR
Command Syntax
Define NMS Report. AT+MNMSR=<Mode>[,<Remote Port>,<Interval
Time_s>]
Mode:
0 Disable
1 Enable NMS Report
Description
Example
Input:
AT+MNMSR=1,20200,300<enter>
Response:
OK
AT+MGPSR1
AT+MGPSR2
AT+MGPSR3
AT+MGPSR4
Command Syntax
Define GPS Report No.1/2/3/4. AT+MGPSR1=<Mode>[,<Remote IP>,<Remote
Port>,<Interval Ti
me_s>]
Mode:
0 Disable
1 Enable UDP Report
Description
Example
Input:
AT+MGPSR1=1,192.168.168.25,20175,600 <enter>
Response:
OK
© Microhard Systems Inc. 183
5.0 AT Command Line Interface
AT+MCTPS
Command Syntax
Enable/Disable the Comport serial port. This port is
located on the front of the VIP4G and is labelled as
the SERIAL port. It is disabled by default allowing it
to be used for Console/AT Commands. If enabled it
can be used for data.
AT+MCTPS=<Mode>
Mode:
0 Disable
1 Enable
Description
Example
Input:
AT+MCTPS=0<enter>
Response:
OK
AT+MCTBR
Command Syntax
Set Comport baud rate. AT+MCTBR=<Baud Rate>
Baud Rate:
0 300
1 600
2 1200
3 2400
4 3600
5 4800
6 7200
7 9600
8 14400
9 19200
10 28800
11 38400
12 57600
13 115200
Description
Example
Input:
AT+MCTBR=13<enter>
Response:
OK
© Microhard Systems Inc. 184
5.0 AT Command Line Interface
AT+MCTDF
Command Syntax
Set Comport data format AT+MCTDF=<data format>
Data Format:
0 8N1
1 8N2
2 8E1
3 8O1
4 7N1
5 7N2
6 7E1
7 7O1
8 7E2
9 7O2
Description
Example
Input:
AT+MCTDF=0<enter>
Response:
OK
AT+MCTDM
Command Syntax
Set Comport data mode. AT+MCTDM=<Data Mode>
Data Mode:
0 Seamless
1 Transparent
Description
Example
Input:
AT+MCTDM=1<enter>
Response:
OK
AT+MCTCT
Command Syntax
Set Comport character timeout. AT+MCTCT=<timeout_s>
Description
Example
Input:
AT+MCTCT=0<enter>
Response:
OK
© Microhard Systems Inc. 185
5.0 AT Command Line Interface
AT+MCTMPS
Command Syntax
Set comport maximum packet size. AT+MCTMPS=<size>
Description
Example
Input:
AT+MCTMPS=1024<enter>
Response:
OK
AT+MCTP
Command Syntax
Set Comport port priority. AT+MCTP=<Mode>
Mode:
0 Normal
1 Medium
2 High
Description
Example
Input:
AT+MCTP=0<enter>
Response:
OK
AT+MCTNCDI
Command Syntax
Enable/Disable Comport port no-connection data
intake. AT+MCTNCDI=<Mode>
Mode:
0 Disable
1 Enable
Description
Example
Input:
AT+MCTNCDI=1<enter>
Response:
OK
© Microhard Systems Inc. 186
5.0 AT Command Line Interface
AT+MCTMTC
Command Syntax
Set Comport modbus TCP configuration. AT+MCTMTC=<Status>, <Protection status>,
<Protection Key>
Status and Protection Status:
0 Disable
1 Enable
Description
Example
Input:
AT+MCTMTC=0,0,1234<enter>
Response:
OK
AT+MCTIPM
Command Syntax
Set the Comport serial port IP Protocol Mode. AT+MCTIPM=<Mode>
Mode:
0 TCP Client
1 TCP Server
2 TCP Client/Server
3 UDP Point to Point
4 UDP Point to Multipoint(P)
5 UDP Point to Multipoint(MP)
6 UDP Multipoint to Multipoint
7 SMTP Client
9 SMS Transparent Mode
11 GPS Transparent Mode
Description
Example
Input:
AT+MCTIPM=1<enter>
Response:
OK
AT+MCTTC
Command Syntax
Set Comport TCP Client parameters when IP
Protocol Mode is set to TCP Client. AT+MCTTC=<Remote Server IP>, <Remote
Server Port>, <Outgoing timeout_s>
Description
Example
Input:
AT+MCTTC=0.0.0.0,20002,60<enter>
Response:
OK
© Microhard Systems Inc. 187
5.0 AT Command Line Interface
AT+MCTTS
Command Syntax
Set COM2 TCP Server parameters when IP Protocol
Mode is set to TCP Server. AT+MCTTS=<Polling Mode>, <Polling
timeout_s>, <Local Listener Port>,
<Connection timeout_s>
Polling Mode:
0 Monitor
1 Multi-polling
Description
Example
Input:
AT+MCTTS=0,100,20002,300<enter>
Response:
OK
AT+MCTTCS
Command Syntax
Set COM2 TCP Client/Server parameters when IP
Protocol is set to TCP Client/Server mode. AT+MCTTCS=<Remote Server IP>, <Remote
Server Port>, <Outgoing timeout_s>, <Polling
Mode>, <Polling timeout_s>,<Local Listener
Port>, <Connection timeout_s>
Polling Mode:
0 Monitor
1 Multi-polling
Description
Example
Input:
AT+MCTCS=0.0.0.0,20002,60,0,100,20002,300<ent
er>
Response:
OK
AT+MCTUPP
Command Syntax
Set COM2 UDP Point-to-Point parameters when IP
Protocol is set to UDP Point-to-Point mode. AT+MCTUPP=<Remote Server IP>, <Remote
Server Port>, <Liste
ner Port>, <UDP timeout_s>
Description
Example
Input:
AT+MCTUPP=0.0.0.0,20002,20002,10<enter>
Response:
OK
© Microhard Systems Inc. 188
5.0 AT Command Line Interface
AT+MIS
Command Syntax
Module Input Status. AT+MIS
Description
Example
Input:
AT+MIS <enter>
Response:
+MIS: available input status
INPUT 1: 0 open
OK
AT+MOS
Command Syntax
Module Output Status. AT+MOS=<Mode>[,<Setting No.>,<Status>]
Mode:
0 All Output Status
1 Output Setting
Setting No.: 1, 2, 3, 4(if output available)
Status:
0 open
1 close
Description
Example
Input:
AT+MOS=0 <enter>
Response:
+MOS: available output status
OUTPUT 1: 0 open
OK
Input:
AT+MOS=1,1,1 <enter>
Response:
OK
© Microhard Systems Inc. 189
5.0 AT Command Line Interface
ATL <enter>
AT Commands available:
AT AT Echo OK
AT+TEST AT Echo TEST
ATH Show a list of previously run AT commands
ATL List all available AT commands
AT&R Reserved
AT&V Display modem active profile
AT&W Reserved
AT+MREB Reboot the modem
ATA Quit
ATO Quit
AT+CMGS Send SMS
AT+CMGR Read SMS with changing status
AT+CMGL List SMSs with changing status
AT+CMGD Delete SMSs
AT+GMR Modem Record Information
AT+GMI Get Manufacturer Identification
AT+CNUM Check Modem's Phone Number
AT+CIMI Check Modem's IMEI and IMSI
AT+CCID Check Modem's SIM Card Number
AT+MSYSI System summary information
AT+MMNAME Modem Name Setting
AT+MLEIP Set the IP address of the modem LAN Ethernet interface
AT+MDHCP Enable or disable DHCP server running on the Ethernet interface
AT+MDHCPA Set the range of IP addresses to be assigned by the DHCP server
AT+MEMAC Query the MAC address of local Ethernet interface
AT+MSIP Set LAN static IP
AT+MSCT Set LAN Connection Type
AT+MNTP Define NTP server
AT+MPIPP Enable or disable IP-Passthrough
AT+MCNTO Set console timeout
AT+MRTF Reset the modem to the factory default settings from non-volatile (NV) memory
AT+MTWT Enable or disable traffic watchdog timer used to reset the modem
AT+MSCMD Enable or disable system sms command service
AT+MDISS Set discovery service used by the modem
AT+MPWD Set password
AT+MIKACE Enable or disable ICMP keep-alive check
AT+MIKAC Set ICMP keep-alive check
AT+MDDNSE Enable or disable DDNS
AT+MDDNS Set DDNS
AT+MEURD1 Define Event UDP Report No.1
AT+MEURD2 Define Event UDP Report No.2
AT+MEURD3 Define Event UDP Report No.3
AT+MNMSR Define NMS Report
AT+MGPSR1 Define GPS Report No.1
AT+MGPSR2 Define GPS Report No.2
AT+MGPSR3 Define GPS Report No.3
AT+MGPSR4 Define GPS Report No.4
(Continued….)
ATL
Command Syntax
Lists all available AT Commands. ATL <enter>
Description
Example
© Microhard Systems Inc. 190
5.0 AT Command Line Interface
AT+MCTPS Enable or disable com port
AT+MCTBR Set com port baud rate
AT+MCTDF Set com port data format
AT+MCTDM Set com port data mode
AT+MCTCT Set com port character timeout
AT+MCTMPS Set com port maximum packet size
AT+MCTP Set com port priority
AT+MCTNCDI Enable or disable com port no-connection data intake
AT+MCTMTC Set com port modbus tcp configuration
AT+MCTIPM Set com port IP protocol mode
AT+MCTTC Set com port tcp client configuration when IP protocol mode be set to TCP Client
AT+MCTTS Set com port tcp server configuration when IP protocol mode be set to TCP Server
AT+MCTTCS Set com port tcp client/server configuration when IP protocol mode be set to TCP Client/Server
AT+MCTUPP Set com port UDP point to point configuration when IP protocol mode be set to UDP point to point
AT+MIS Module Input status
AT+MOS Module Output status and setting
© Microhard Systems Inc. 191
Appendix A: Serial Interface
DCD Data Carrier Detect - Output from Module - When asserted (TTL low), DCD informs the DTE that a
communications link has been established with another MHX 920A.
RX Receive Data - Output from Module - Signals transferred from the MHX 920A are received by the DTE
via RX.
TX Transmit Data - Input to Module - Signals are transmitted from the DTE via TX to the MHX 920A.
DTR Data Terminal Ready - Input to Module - Asserted (TTL low) by the DTE to inform the module that it is
alive and ready for communications.
SG Signal Ground - Provides a ground reference for all signals transmitted by both DTE and DCE.
DSR Data Set Ready - Output from Module - Asserted (TTL low) by the DCE to inform the DTE that it is alive
and ready for communications. DSR is the module’s equivalent of the DTR signal.
RTS Request to Send - Input to Module - A “handshaking” signal which is asserted by the DTE (TTL low)
when it is ready. When hardware handshaking is used, the RTS signal indicates to the DCE that the host
can receive data.
CTS Clear to Send - Output from Module - A “handshaking” signal which is asserted by the DCE (TTL low)
when it has enabled communications and transmission from the DTE can commence. When hardware
handshaking is used, the CTS signal indicates to the host that the DCE can receive data.
Notes: It is typical to refer to RX and TX from the perspective of the DTE. This should be kept in mind when
looking at signals relative to the module (DCE); the module transmits data on the RX line, and receives
on TX.
“DCE” and “module” are often synonymous since a module is typically a DCE device.
“DTE” is, in most applications, a device such as a host PC.
Module
(DCE)
Signal
Host (e.g. PC)
(DTE)
1 DCD IN
2 RX IN
3 TX OUT
4 DTR OUT
5 SG
6 DSR IN
7 RTS OUT
8 CTS IN
Arrows denote the direction that signals are asserted (e.g., DCD
originates at the DCE, informing the DTE that a carrier is present).
The interface conforms to standard RS-232 signals, so direct connection
to a host PC (for example) is accommodated.
The signals in the asynchronous serial interface are described below:
© Microhard Systems Inc. 192
Appendix B: IP-Passthrough Example (Page 1 of 2)
By completing the Quick Start process, a user should have been able to log in and set up the VIP4G to
work with their cellular carrier. By completing this, the modem is ready to be used to access the internet
and provide mobile connectivity. However, a common application of the VIP4G is to access connected
devices remotely. In order to do this, the VIP4G must be told how to deal with incoming traffic, where to
send it to. To accomplish this there are three options :
- IP-Passthrough
- Port Forwarding
- DMZ (a type of Port Forwarding)
In this section we will talk about IP-Passthrough and how to configure the VIP4G and the connected
device/PC to work with IP-Passthrough. IP-Passthrough means that the VIP4G is transparent, and all
outside (WAN) traffic is simply sent directly to a single device connected to one of the physical LAN RJ-45
ports on the VIP4G (With exception of port 80, which is retained for remote configuration (configurable).
Also, any traffic that is sent to the RJ45 port is sent directly out the WAN port and is not processed by the
VIP4G.
IP-Passthrough is ideal for applications where only a single device is connected to the VIP4G, and other
features of the VIP4G are not required. When in passthrough mode, most features of the VIP4G are
bypassed, this includes the serial ports, the GPS features, VPN, the Firewall, and much more. The
advantage of IP-Passthrough is that the configuration is very simple.
In the example below we have a VIP4G connected to a PC (PC2). The application requires that PC1 be
able to access several services on PC2. Using Port Forwarding this would require a new rule created for
each port, and some applications or services may require several ports so this would require several rules,
and the rules may be different for each installation, making future maintenance difficult. For IP-
Passthrough, PC1 only needs to know the Public Static IP Address of the VIP4G, the VIP4G would then
automatically assign, via DHCP, the WAN IP to the attached PC2, creating a transparent connection.
Step 1
Log into the VIP4G (Refer to Quick Start), and ensure that DHCP is
enabled on the Network > LAN page.
Step 2
Since PC2 requires port 80 to be used as its Web server port, port
80 cannot be used on the VIP4G, by default it retains this port for
remote configuration. To change the port used by the VIP4G,
navigate to the System > Settings page as seen below. For this
example we are going to change it to port 8080. When changing
port numbers on the VIP4G, it is recommended to reboot the unit
before continuing, remember the new WebUI port is now 8080 when
you log back into the VIP4G. (e.g. 192.168.168.1:8080).
Cellular Network/
Internet
WAN IP: 74.198.186.193
(Cellular Carrier)
LAN IP: 74.198.186.1 (Used
for WebUI from LAN)
PC2: (DHCP)
WebServer running on port 80
Connected to RJ45
LAN Ethernet Port.
Wireless Cellular
Connection
PC1: Connected to
internet.
© Microhard Systems Inc. 193
Appendix B: IP-Passthrough Example (Page 2 of 2)
Step 3
Now IP-Passthrough can be enabled on the VIP4G. Under the
Carrier > Settings tab, IP-Passthrough can be found. To enable this
feature, select “Ethernet” from the drop down box. Once the changes
are applied, whichever device is physically connected to the LAN
RJ45 port, will dynamically be assigned the WAN IP Address. In this
example, this would be 74.198.186.193.
The default IP address of 192.168.168.1 on the LAN is no longer
available, but it is still possible to access and configure the VIP4G on
the LAN side, by using the X.X.X.1 IP Address, where the first 3
octets of the WAN IP are used in place of the X’s. (e.g.
74.198.186.1, and remember the HTTP port in this example was
changed to 8080).
Step 4
Attach the remote device or PC to the RJ45 port of the VIP4G. The end
device has to be set up for DHCP to get an IP address from the VIP4G (Or it
needs the carrier IP set as a static IP). In the test/example setup we can
verify this by looking at the current IP address. In the screenshot to the right
we can see that the Laptop connected to the VIP4G has a IP Address of
74.198.186.193, which is the IP address assign by the cellular carrier for the
modem.
Step 5 (Optional)
IP-Passthrough operation can also be verified in the VIP4G. Once IP-
Passthrough is enabled you can access the VIP4G WebUI by one of the
following methods:
Remotely on the WAN side (usually the internet), using the WAN
IP, and the port specified for HTTP operation (or, if enabled, by using the HTTPS (443) ports), in this
example with would be 74.198.186.193:8080.
On the LAN side, by entering in the first 3 octets of the WAN IP and .1 for the fourth, so in our example
74.198.186.1:8080.
Once logged in, navigate to the Carrier > Status page. Under
WAN IP Address it should look something like shown in the
image to the right, 74.198.186.193 on LAN.
Step 6
The last step is to verify the remote device can be accessed. In this example a PC is connected to the RJ45 port of the
VIP4G. On this PC a simple apache web server is running to illustrate a functioning system. On a remote PC, enter the
WAN IP Address of the VIP4G into a web browser. As seen below, when the IP Address of the VIP4G is entered, the
data is passed through to the attached PC. The screen shot below shows that our test setup was successful.
© Microhard Systems Inc. 194
Appendix C: Port Forwarding Example (Page 1 of 2)
By completing the Quick Start process, a user should have been able to log in and set up the VIP4G to
work with their cellular carrier. By completing this, the modem is ready to be used to access the internet
and provide mobile connectivity. However, one of the main applications of the VIP4G is to access
connected devices remotely. In order to do this, the VIP4G must be told how to deal with incoming traffic,
where to send it to. To accomplish this there are three options :
- IP-Passthrough
- Port Forwarding
- DMZ (a type of Port Forwarding)
In the previous section we illustrated how to use and setup IP-Passthrough. In this section we will talk
about port forwarding. Port forwarding is ideal when there are multiple devices connected to the VIP4G, or
if other features of the VIP4G are required (Serial Ports, Firewall, GPS, etc). In port forwarding, the VIP4G
looks at each incoming Ethernet packet on the WAN and by using the destination port number, determines
where it will send the data on the private LAN . The VIP4G does this with each and every incoming packet.
DMZ (a form of port forwarding) is useful for situations where there are multiple devices connected to the
VIP4G, but all incoming traffic is destined for a single device. It is also popular to use DMZ in cases where
a single device is connected but several ports are forwarded and other features of the VIP4G are required,
since in passthrough mode all of these features are lost.
Consider the following example. A user has a remote location that has several devices that need to be
accessed remotely. The User at PC1 can only see the VIP4G directly using the public static IP assigned by
the wireless carrier, but not the devices behind it. In this case the VIP4G is acting a gateway between the
Cellular Network and the Local Area Network of its connected devices. Using port forwarding we can map
the way that data passes through the VIP4G.
Step 1
Log into the VIP4G (Refer to Quick Start), and ensure that the Firewall is
enabled. This can be found under Firewall > General. Also ensure that that
sufficient Rules or IP lists have been setup to allow specific traffic to pass
through the VIP4G. See the Firewall Example in the next Appendix for
information on how to allow connections from an IP or to open ports. Once
that is complete, remember to “Submit” the changes.
Cellular Network/
Internet
VIP4G
WAN IP:
74.198.186.193
(Cellular Carrier)
LAN IP:
192.168.168.1
PC2: 192.168.168.20
Webserver on port 80
Wireless Cellular
Connection
PC1: Connected to
internet.
PLC/RTU: 192.168.168.30
Webserver on port 80
Modbus on port 502
IP Camera: 192.168.168.40
Webserver on Port 80
Wired or Wireless
Devices
© Microhard Systems Inc. 195
Appendix C: Port Forwarding Example (Page 2 of 2)
Step 2
Determine which external ports (WAN) are mapped to which internal IP Addresses and Ports (LAN). It is important to
understand which port, accessible on the outside, is connected or mapped to which devices on the inside. For this
example we are going to use the following ports, in this case it is purely arbitrary which ports are assigned, some
systems may be configurable, other systems may require specific ports to be used.
Description WAN IP External Port Internal IP Internal Port
VIP4G WebUI 74.198.186.193 80 192.168.168.1 80
PC2 Web Server 74.198.186.193 8080 192.168.168.20 80
PLC Web Server 74.198.186.193 8081 192.168.168.30 80
PLC Modbus 74.198.186.193 10502 192.168.168.30 502
Camera Web Server 74.198.186.193 8082 192.168.168.40 80
Notice that to the outside user, the IP Address for every device is the same, only the port number changes, but on the
LAN, each external port is mapped to an internal device and port number. Also notice that the port number used for the
configuration GUI for all the devices on the LAN is the same, this is fine because they are located on different IP
addresses, and the different external ports mapped by the VIP4G (80, 8080, 8081, 8082), will send the data to the
intended destination.
Step 3
Create a rule for each of the lines above. A rules does not need to
be created for the first line, as that was listed simply to show that
the external port 80 was already used, by default, by the VIP4G
itself. To create port forwarding rules, Navigate to the Firewall >
Port Forwarding menu. When creating rules, each rules requires
a unique name, this is only for reference and can be anything
desired by the user. Click on the Add Port Forwarding” button
to add each rule to the VIP4G.
Once all rules have been added, the VIP4G configuration should
look something like what is illustrated in the screen shot to the
right. Be sure to “Submit” the Port Forwarding list to the VIP4G.
For best results, reboot the VIP4G.
Step 4
Configure the static addresses on all attached devices. Port forwarding required that all the attached devices have static
IP addresses, this ensure that the port forwarding rules are always correct, as changing IP addresses on the attached
devices would render the configured rules useless and the system will not work.
Step 5
Test the system. The devices connected to the VIP4G should be accessible remotely. To access the devices:
For the Web Server on the PC, use a browser to connect to 74.198.186:193:8080, in this case the same webserver is
running as in the IP-Passthrough example, so the result should be as follows:
To access the other devices/services: For the PLC Web Server: 74.198.186.193:8081, for the Camera
74.198.186.193:8082, and for the Modbus on the PLC telnet to 74.198.186.193:10502 etc.
© Microhard Systems Inc. 196
Appendix D: Firewall Example (Page 1 of 2)
By completing the Quick Start process, a user should have been able to log in and set up the VIP4G to
work with their cellular carrier. By completing this, the modem is ready to be used to access the internet
and provide mobile connectivity. However, one of the main applications of the VIP4G is to access
connected devices remotely. Security plays an important role in M2M deployments as in most cases the
modem is publically available on the internet. Limiting access to the VIP4G is paramount for a secure
deployment. The firewall features of the VIP4G allow a user to limit access to the VIP4G and the devices
connected to it by the following means
- Customizable Rules
- MAC and/or IP List
- ACL (Access Control List) or Blacklist using the above tools.
Consider the following example. An VIP4G is deployed at a remote site to collect data from an end device
such as a PLC or RTU connected to the serial DATA port (Port 20001 on the WAN. It is required that only
a specific host (Host A) have access to the deployed VIP4G and attached device, including the remote
management features.
Step 1
Log into the VIP4G (Refer to Quick Start). Navigate to the Firewall > General tab as shown below and ensure that the
Firewall is turned on by enabling the Firewall Status. Next block all WAN traffic by setting the 4G Request to Block,
and disable 4G Remote Management. Be sure to Apply the settings. At this point it should be impossible to access the
VIP4G remotely through its cellular connection.
VIP4G
WAN IP: 173.181.197.156
Local Device on TCP
Port 20001
Host A:
184.71.46.126
Host B:
84.53.23.12
Host C:
186.41.57.101
Firewall
© Microhard Systems Inc. 197
Appendix D: Firewall Example (Page 2 of 2)
Step 2
Under the Rules tab we need to create two new rules. A rule to enable Host A access to the Remote Management Port
(TCP Port 80), and another to access the device attached the to serial port (WAN TCP Port 20001).
After each rule is created be sure to click the ADD Rule button, once both rules are created select the Submit button to
write the rules to the VIP4G. The Firewall Rules Summary should look like what is shown below.
Step 3
Test the connections. The VIP4G should only allow connections to the port specified from the Host A. An alternate
means to limit connections to the VIP4G to a specific IP would have been to use the MAC-IP List Tool. By using Rules,
we can not only limit specific IP’s, but we can also specify ports that can be used by an allowed IP address.
Rule 1
Rule 2
© Microhard Systems Inc. 198
Appendix E: VPN Example (Page 1 of 2)
By completing the Quick Start process, a user should have been able to log in and set up the VIP4G to
work with their cellular carrier. By completing this, the modem is ready to be used to access the internet
and provide mobile connectivity. However, one of the main applications of the VIP4G is to access
connected devices remotely. In addition to Port Forwarding and IP-Passthrough, the VIP4G has several
VPN capabilities, creating a tunnel between two sites, allowing remote devices to be accessed directly.
VPN allows multiple devices to be connected to the VIP4G without the need to individually map ports to
each device. Complete access to remote devices is available when using a VPN tunnel. A VPN tunnel can
be created by using two VIP4G devices, each with a public IP address. At least one of the modems require
a static IP address. VPN tunnels can also be created using the VIP4G to existing VPN capable devices,
such as Cisco or Firebox.
Example: VIP4G to VIP4G (Site-to-Site)
Step 1
Log into each of the VIP4Gs (Refer to Quick Start), and ensure that the Firewall is enabled. This can be found under
Firewall > General. Also ensure that either WAN Request is set to Allow, which allows traffic to come in from the WAN,
or that sufficient Rules or IP lists have been setup to allow specific traffic to pass through the VIP4G. Once that is
complete, remember to “Apply” the changes.
Step 2
Configure the LAN IP and subnet for each VIP4G. The subnets must be different and cannot overlap.
Site A Site B
VIP4G
WAN IP Carrier
Assigned: A.B.C.D
VIP4G
WAN IP Carrier
Assigned: E.F.G.H
Site A Site B
© Microhard Systems Inc. 199
Appendix E: VPN Example (Page 2 of 2)
Step 3
Add a VPN Gateway to Gateway tunnel on each VIP4G.
Step 4
Submit changes to both units. It should be possible to ping and reach devices on either end of the VPN tunnel if both
devices have been configured correctly and have network connectivity.
Site A Site B
A.B.C.D E.F.G.H
Must Match!
© Microhard Systems Inc. 200
Appendix F: GRE Example
The following pages outline the different GRE configurations available for the VIP4G. This may be useful in
determining which fields are populated by showing a working example. Three different setups are shown:
General GRE (without IPsec), GRE over IPsec (Transport Mode) and GRE over IPsec (Tunnel Mode).
Appendix F Image 1: Network Configuration Example Topology
Prerequisites:
1. Firewall > General > WAN Request Allow (Not Recommened), OR add a specific firewall rules
(Recommened)
2. Add a route on PC-1: ip route add 192.168.169.0/24 via 192.168.168.1 dev eth0
Add a route on PC-2: ip route add 192.168.168.0/24 via 192.168.169.1 dev eth0
Example 1: General GRE (without IPsec)
© Microhard Systems Inc. 201
Appendix F: GRE Example
Example 2: GRE over IPsec (Transport Mode)
© Microhard Systems Inc. 202
Appendix F: GRE Example
Example 3: GRE over IPsec (Tunnel Mode)
© Microhard Systems Inc. 203
Appendix G: Firmware Recovery Procedure
In event that your unit becomes unresponsive it may be required to perform a firmware recovery procedure
outlined below:
1. Download and save firmware file in a local folder, for example C:\;
2. Separate the PC from the network and set IP to static:
192.168.1.1
255.255.255.0
3. Connect PC Ethernet port to the Ethernet port of the modem to be recovered
4. Start a ping on the PC
C:\>ping 192.168.1.39 -t
Pinging 192.168.1.39 with 32 bytes of data:
Request timed out.
Request timed out.
5. Power cycle modem while pressing and holding CFG(Config) button;
6. Release the CFG button when ping responded:
C:\>ping 192.168.1.39 -t
Pinging 192.168.1.39 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.1.39: bytes=32 time<1ms TTL=128
Reply from 192.168.1.39: bytes=32 time<1ms TTL=128
Reply from 192.168.1.39: bytes=32 time<1ms TTL=128
Reply from 192.168.1.39: bytes=32 time<1ms TTL=128
Note, If ping responds as shown above, then you can probably recover the unit, please proceed.
Otherwise, send the unit back for RMA.
7. Now use TFTP to push firmware file into the corrupted unit:
For example, on Windows XP using following command line:
tftp -i 192.168.1.39 put VIPn4G-v1_1_0-r1084-14.bin (or the file saved).
8. Wait until above command to successfully transfered the image, similar message should show
Transfer successful: xxxxxxx bytes in 5 seconds, nnnnnnn bytes/s, note the number might change for
different firmware file
Note, if you see message above, the unit will re-flash itself and reboot, otherwise call for help or send back
for RMA.
9. Wait for the unit to recover and reboot.
© Microhard Systems Inc. 204
Appendix H: Troubleshooting (FAQ)
Below is a number of the common support questions that are asked about the VIP4G. The purpose of the
section is to provide answers and/or direction on how to solve common problems with the VIP4G.
__________________________________________________________________
Question: Why can’t I connect to the internet/network?
Answer: To connect to the internet a SIM card issued by the Wireless Carrier must be installed and the
APN programmed into the Carrier Configuration of the VIP4G. For instructions of how to log into
the VIP4G refer to the Quick Start.
__________________________________________________________________
Question: What is the default IP Address of the VIP4G?
Answer: The default IP address for the LAN is 192.168.168.1.
__________________________________________________________________
Question: What is the default login for the VIP4G?
Answer: The default username is admin, the default password is admin.
__________________________________________________________________
Question: What information do I need to get from my wireless carrier to set up the VIP4G?
Answer: The APN is required to configure the VIP4G to communicate with a wireless carrier. Some
carriers also require a username and password. The APN, username and password are only
available from your wireless carrier.
Newer units may support an AUTO APN feature, which will attempt to determine the APN from a
preconfigured list of carriers and commonly used APN’s. This is designed to provide quick
network connectivity, but will not work with private APN’s. Success with AUTO APN will vary by
carrier.
________________________________________________________________
Question: How do I reset my modem to factory default settings?
Answer: If you are logged into the VIP4G navigate to the System > Maintenance Tab. If you cannot log in,
power on the VIP4G and wait until the status LED in on solid (not flashing). Press and hold the
CONFIG button until the unit reboots (about 8-10 seconds).
_________________________________________________________________
Question: I can connect the Carrier, but I can’t access the Internet/WAN/network from a connected PC?
Answer: Ensure that you have DHCP enabled or manually set up a valid IP, Subnet, Gateway and DNS
set on the local device.
__________________________________________________________________
Question: I connected a device to the serial port of the VIP4G and nothing happens?
Answer: In addition to the basic serial port settings, the IP Protocol Config has to be configured. Refer to
the Comport Configuration pages for a description of the different options.
© Microhard Systems Inc. 205
Appendix H: Troubleshooting
__________________________________________________________________
Question: How do I access the devices behind the modem remotely?
Answer: To access devices behind the VIP4G remotely, several methods can be used:
A. IP Passthrough - The VIP4G is transparent and the connected device can be access directly.
Refer to The IP-Passthrough Appendix for a detailed example of how this may be deployed.
B. Port Forwarding/DMZ - Individual external WAN ports are mapped to internal LAN IP’s and
Ports. See the Port-Forwarding Appendix for a detailed example.
C. VPN - A tunnel can be created and full access to remote devices can be obtained. Required
the use of multiple modems or VPN routers. See the VPN Appendix on an example of how to set
up a VPN.
_________________________________________________________________
Question: I have set up firewall rules and/or port forwarding rules but they do not work?
Answer: Ensure that the Firewall is Enabled. Even port forwarding requires that the firewall feature is
enabled. If the WAN/4G request is blocked (recommended), additional rules will need to be
created for any external request.
_________________________________________________________________
Question: I have Internet/4G access but I cannot ping the device remotely?
Answer: Ensure that the 4G/WAN request is enabled in the Firewall settings, or create a Firewall rule to
allow ping messages.
_________________________________________________________________
Question: I’m using IP-Passthrough but the serial ports won’t work?
Answer: When using IP-Passthrough, the WAN IP is assigned to the device connected to the Ethernet
port, all traffic is passed through to that device. As a result serials port will not work. The only
port not being passed through is the remote management port (default port 80), which can be
changed in the security settings.
_________________________________________________________________
Question: I’m using IP-Passthrough but the modem won’t take my Firewall settings?
Answer: When using IP-Passthrough, the 4G IP is assigned to the device connected to the Ethernet port,
all traffic is passed through to that device. As a result the firewall settings have no effect on the
unit, and is automatically disabled.
_________________________________________________________________
Question: I cannot get IP-Passthrough to work?
Answer: When using IP-Passthrough, the 4G IP is assigned to the device connected to the Ethernet port,
all traffic is passed through to that device. In order for IP-Passthrough to work, the connected
local device must have DHCP enabled, or the 4G IP set as a static IP in the end device.
© Microhard Systems Inc. 206
Appendix H: Troubleshooting
_________________________________________________________________
Question: Why does my modem reset every 10 minutes (or other time)?
Answer: There are a number of processes in the VIP4G that ensure that the unit is communicating at all
times, and if a problem is detected will reboot the modem to attempt to resolve any issues:
1. Traffic Watchdog - Detects if there is any Wireless Traffic between the VIP4G and the
Cellular Carrier. Will reboot modem when timer expires unless there is traffic. Carrier > Traffic
Watchdog.
2. Keepalive - Attempts to contact a configured host on a defined basis. Will reboot modem if
host is unreachable. Enabled by default to attempt to ping 8.8.8.8. May need to disable on
private networks, or provide a reachable address to check. Access via Carrier > Keepalive.
3. Local Device Monitor - The VIP4G will monitor a local device, if that device is not present the
VIP4G may reboot. Network > LocalMonitor.
_______________________________________________________________
Question: How do I set up VPN?
Answer: Refer to the VPN Appendix for an example.
_________________________________________________________________
Question: Why is the data usage on my modem so high?
Answer: Although it is impossible to answer that question without more detailed information about your
modem, and the devices/application you are using, there are a number of things to keep in mind:
1. Always setup and configure a Firewall on the modem, this is especially important if the modem
is using a publically accessible IP address.
2. Always change the default user/passwords.
3. Turn off any services that are not needed, such as GPS, Comports, SNMP, SSH, anything not
being used specifically in your application.
4. Use the Data Usage alerts to keep informed of daily and monthly data usage of the modem to
avoid surprises once the data bill arrives.
© Microhard Systems Inc. 207
150 Country Hills Landing NW
Calgary, Alberta
Canada T3K 5P3
Phone: (403) 248-0028
Fax: (403) 248-2762
www.microhardcorp.com

Navigation menu