NetComm Wireless NTC620002 3G M2M ROUTER PLUS User Manual
NetComm Wireless Limited 3G M2M ROUTER PLUS
User Manual
Usser Guiide NTC-620 00 Serie es – Inte elligentt M2M Routerr Copyright Copyright© 2013 NetCom mm Wireless Limited. All rights reserved. The information contained herein is proprietarry to NetComm Wireless. No part of this ddocument may be translated, transcribed, reproduced, in any fform, or by any means without prior writteen conssent of NetComm Wirreless. Note: This document is subject too change without nottice. Savee our environment Wheen this equipment hass reached the end off its useful life, it mustt be taken to a recyclling centre and proceessed separately from m domestic waste. The cardboard box, the pplastic contained in the packaging, and thhe parts that make upp this device can be recycled in accordance with regionally eestablished regulationns. Never dispose of this b subject to penaltiees or sanctions undeer the law. Instead, assk for disposal instrucctions from your munnicipal government. electronic equipment aloong with your househoold waste. You may be Please be responsible annd protect our environment. Thiis manual cov vers the follow wing productss: NetCComm Wireless NTC--6200-01 NetCComm Wireless NTC--6200-02 NetCComm Wireless Intelliggent M2M Router www.netcommwirelless.com DOCUMENT VVERSION DATE Initial documennt release Table 1 - Document Revisionn History Tabl T le of o Co onte entss Ove erview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Introduction .................................................................................................................................................................................................................................................................................................................................. 5 Target audience ........................................................................................................................................................................................................................................................................................................................... 5 Prerequisites ................................................................................................................................................................................................................................................................................................................................ 5 Notation ........................................................................................................................................................................................................................................................................................................................................ 5 Pro oduct int roducct ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Product overview ......................................................................................................................................................................................................................................................................................................................... 6 Package contents ........................................................................................................................................................................................................................................................................................................................ 6 Product features........................................................................................................................................................................................................................................................................................................................... 7 Phy ysical dimensiions and indiccat ors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Physical dimensionss ................................................................................................................................................................................................................................................................................................................... 8 LED indicators.............................................................................................................................................................................................................................................................................................................................. 9 Ethernet port LED indicators..................................................................................................................................................................................................................................................................................................... 10 Interfaces ................................................................................................................................................................................................................................................................................................................................... 11 Pla acement of t he e rout er . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Mounting options ....................................................................................................................................................................................................................................................................................................................... 12 Inst allat ion and conf igurat ion of t he Int elli gent M2M Rou ut er . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Powering the router .................................................................................................................................................................................................................................................................................................................... 17 Power consumption .................................................................................................................................................................................................................................................................................................................. 18 Installing the router .................................................................................................................................................................................................................................................................................................................... 18 Adv vanced conf ig gurat ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 St at a us . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Int ernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Data Connection ........................................................................................................................................................................................................................................................................................................................ 23 Connect on Demandd ................................................................................................................................................................................................................................................................................................................. 27 Operator Settings ....................................................................................................................................................................................................................................................................................................................... 31 SIM security settingss ................................................................................................................................................................................................................................................................................................................. 32 LAN ............................................................................................................................................................................................................................................................................................................................................ 36 Routing ....................................................................................................................................................................................................................................................................................................................................... 40 VPN ............................................................................................................................................................................................................................................................................................................................................ 50 Serrvices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Dynamic DNS............................................................................................................................................................................................................................................................................................................................. 64 Network time (NTP) .................................................................................................................................................................................................................................................................................................................... 65 Data stream manageer ............................................................................................................................................................................................................................................................................................................... 66 Watchdogs ................................................................................................................................................................................................................................................................................................................................. 67 SNMP ......................................................................................................................................................................................................................................................................................................................................... 70 TR-069 ........................................................................................................................................................................................................................................................................................................................................ 72 GPS ............................................................................................................................................................................................................................................................................................................................................ 73 SMS messaging ......................................................................................................................................................................................................................................................................................................................... 74 Diagnostics ................................................................................................................................................................................................................................................................................................................................ 78 Sending an SMS Diaagnostic Command ................................................................................................................................................................................................................................................................................... 81 Sys st em . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Log ............................................................................................................................................................................................................................................................................................................................................. 88 System Configuratioon ................................................................................................................................................................................................................................................................................................................ 92 ment .......................................................................................................................................................................................................................................................................................................... 99 HTTPS key managem SSH Key Managemeent............................................................................................................................................................................................................................................................................................................ 103 App pendix App pendix App pendix App pendix A: B: C: D: Tab bles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Devvice Mount ing Dimensions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Mou unt ing Brackett . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Deff ault Set t ings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Restoring factory deefault settings ........................................................................................................................................................................................................................................................................................... 111 Recovery mode ........................................................................................................................................................................................................................................................................................................................ 112 App pendix E: HTT TPS - Uploadin ng a self -signe ed cert if icat e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 App pendix F: RJ-4 45 connect or . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Saff et y and produ uct care . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 www.netcommwireless.com NetComm Wireeless Intelligent M2M Router NetComm Wireless Intelligent M2M Router www.netcommwireless.com Ove O ervie ew In ntroduc ction This document provides you all the informatioon you need to set upp, configure and use the NetComm Wireleess NTC-6200 Intelligent M2M Router. Ta arget a audienc ce This document is intendeed for system integrators or experienced hardware installers wwho understand teleccommunications terminology and conceptts. Prrerequ uisites Befoore continuing with the installation of your Intelligent M2M Routter, please confirm thhat have the followingg: A devvice with a working Etthernet network adappter. A webb browser such as Internet Explorer, Mozilla Firefox or Google Chrome. A flathhead screwdriver if field terminated power is required. Notation The following symbols arre used in this user guide: The followingg note requires attenntion. The followinng note provides a warning. The followinng note provides usefful information. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router Product introduction Product overview Penta-band 3G with quad-band 2G auto-fallback HSPA+ up to 14.4 Mbps DL Ethernet port with full passive Power over Ethernet (PoE) support (802.3af) (NTC-6200-01 only) RS232/RS422/RS485 Port and USB 2.0 OTG port Integrated ZigBee multipoint mesh wireless networking (NTC-6200-01 only) Built in GPS supporting an active or passive GPS Antenna via external SMA connector Three multi-purpose I/O ports One dedicated ignition input Internal diversity antennas with option for external main antenna (autosensing) Intelligent, Tri-Colour LED display for clear, easy to read modem status information Extensive device management with support for TR-069, Web GUI and full feature management with SMS Flexible mounting suitable for in-home use or industrial applications with built-in wall mount and DIN rail mounting options Package contents The NetComm Wireless Intelligent M2M Router package consists of: 1 x Intelligent M2M Router 2 x 3G antennas 1 x 1.5m yellow Ethernet cable 8P8C 1 x DIN rail mounting bracket 1 x six-way terminal block 1 x quick start guide and safety manual If any of these items are missing or damaged, please contact NetComm Wireless Support immediately. The NetComm Wireless Support website can be found at: http://support.netcommwireless.com. NetComm Wireless Intelligent M2M Router www.netcommwireless.com Prroduct feature es The NetComm Wireless NNTC-6200 Intelligent M2M Router is an M22M device designed by NetComm Wireleess to address the rappid growth in M2M deeployments. It has beeen designed to provvide price. Com mpatible with networkk worldwide, the Intelligent M2M Router caan be managed remootely even when it does not have an Internnet statee-of-the-art features aand versatility at an affordable connnection via the use off SMS diagnostics annd commands. The Intelligent M2M Routter includes many feaatures such as Dial on Demand which proovides a means to seeamlessly connect or disconnect the mobbile broadband conneection to conserve ussage; TR-0069 support for easy management of a grroup of Intelligent M2M Routers; and the aability to function as an a SSH server to secure communications.. Additionally, the open management systtem allowws you to expand thee feature set by produucing your own custoom software applicatiions. The NetComm Wireless Intelligent M2M Routeer meets the global demand for a reliablee and cost-effective M2M M device that succcessfully caters to maass deployment acrooss businesses. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router Physical dimensions and indicators Physical dimensions Below is a list of the physical dimensions of the Intelligent M2M Router. Figure 1 – Intelligent M2M Router Dimensions INTELLIGENT M2M ROUTER (WITHOUT EXTERNAL ANTENNAS ATTACHED) Length 143 mm Depth 107 mm Height 34 mm Weight 180g Table 2 - Device Dimensions NetComm Wireless Intelligent M2M Router www.netcommwireless.com LE ED ind dicatorss The Intelligent M2M Routter uses 7 LEDs to display the current sysstem and connection status. Figure 2 - Inte telligent M2M Router LED Indicators LEED ICON NAME Power COLOUR STATE DESCRIPTIOON Off Power off Double fflash Powering up On Power on On Power on in recoverry mode Slow flasshing Hardware error On Connected via WWA AN Blinking Traffic via WWAN Slow flasshing Connecting PDP On Registered network Slow flasshing Registering network Slow flasshing SIM PIN locked Fast flasshing SIM PUK locked On Can’t connect On 3G On 2G GPRS On GSM only (no GPRSS) Networrk Signal strength TTable 3 - LED Indicatoors Thee term “blinking” meanss that the LED may pulse, with the intervals thatt the LED is on and off nnot being equal. The term “flashing” means thaat the LED turns on andd off at equal intervals. www.netcommwireless.com NetComm Wireeless Intelligent M2M RRouter Signal strength LEDs The following table lists the signal strength range corresponding with the number of lit signal strength LEDs. NUMBER OF LIT LEDS SIGNAL STRENGTH All LEDs unlit < -109 dBm -109 dBm to -101dBm -101 dBm to -91 dBm -91 dBm to -85 dBm -85 dBm to -77 dBm > -77 dBm Table 4 - Signal strength LED descriptions LED update interval The signal strength LEDs update within a few seconds with a rolling average signal strength reading. When selecting a location for the router or connected or positioning an external antenna, please allow up to 20 seconds for the signal strength LEDs to update before repositioning. Ethernet port LED indicators The Ethernet port of the Intelligent M2M Router has two LED indicators on it. Figure 3 - Ethernet port LED indicators The table below describes the statuses of each light and their meanings. LED STATUS DESCRIPTION On There is a valid network link. Blinking There is activity on the network link. On The Ethernet port is operating at a speed of 100Mbps. Off The Ethernet port is operating at a speed of 10Mbps or no Ethernet cable is connected. Green Amber Table 5 - Ethernet port LED indicators description NetComm Wireless Intelligent M2M Router 10 www.netcommwireless.com In nterface es The following interfaces aare available on the Intelligent M2M Routeer: Figure 4 - Interfacess ITEM DESCRIPTION Main anttenna socket SMA female connector for main antenna. Auxiliaryy antenna socket SMA female connector for auxiliary antenna. GPS anteenna socket SMA female connector for GPS antenna. Six-way terminal block connector Connect power sourrce, ignition and I/O wires hhere. Power, ignition and I//O wires may be terminatedd on optional terminal blockk and connected to DC inpput jack. Refer to the diagram m and table on under Step 3 of the Installing your device section for correct wirinng of the terminal block. Opperates in the 8-40V DC range. Press and hold for leess than 5 seconds to rebooot to normal mode. Reset buutton Press and hold for 5 to 15 seconds to reboot too recovery mode. Press and hold for 15 to 20 seconds to reset thhe router to factory default settings. SIM cardd slot Insert SIM card heree. RJ45 PoE Ethernet port Connect one or seveeral devices via a network sswitch here. This port can also optionally receive Pow wer over Ethernet (802.3af PoE) in which case the DC C power supply can serve as a backup power source iff required (PoE available onn NTC-6200-01 only). Mini USBB 2.0 OTG port Provides connectivity for optional external storaage or a USB Ethernet donngle. Supplies up to 0.5A too connected device. Serial poort Female DB9 port supporting 9-wire RS-232, RSS-485 or RS-422 (software selectable). Table 6 – Interfacess www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 11 Plac P cem ment of tthe rou uter The two external high-peerformance antennas supplied with the rouuter are designed to provide optimum siggnal strength in a wide range of environmeents. If you find the signal strength is weaak, try a acceptable signall, try moving the routeer to a different placee or mounting it differrently. adjusting the orientation of the antennas. If yoou are unable to get an Note: When sselecting a location foor the router, allow att least 20 seconds foor the signal strength LEDs to update befoore trying a different llocation or connectinng an external antennna. Mountin ng optio ons The Intelligent M2M Routter can be quickly annd easily mounted in a variety of locationss. Mo ounted fla at against th he wall Wheen mounted flat againnst the wall, the Intelligent M2M Router has a slimline form facttor. Use appropriatelyy sized screws in thee mounting holes provvided on the base off the unit. Figure 5 - W Wall mount - Flat agaainst the wall NetCComm Wireless Intelliggent M2M Router 12 www.netcommwirelless.com Pe erpendicullar to the wall If a large surface area is not available, there is the option of mounting the router perpeendicular to the wall. This T gives the router a small wall footprintt while remaining seccurely attached. Use apprropriately sized screwws in the mounting hooles provided on the back of the unit. Figure 6 - Waall mount - Perpendicu cular to the wall C Section DIIN Rail mo ount The Intelligent M2M Routter easily slides onto a C Section DIN rail so that it is horizontaally mounted. The DINN Rail mounting bracket is not required foor C Section DIN rail mounting. Figuree 7 - C Section DIN raiil mount To mount m the unit on a C--Section DIN rail, slidde it on as illustrated below: Figure 8 - Mounting the unit onn a DIN rail www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 13 Mounting bracket The provided mounting bracket provides additional methods of mounting the Intelligent M2M Router. To attach the mounting bracket, slide it onto the rear of the router as shown in the diagram below: Figure 9 - Sliding on the mounting bracket To remove the bracket, press the PUSH button and slide the router off the bracket: Figure 10 - Removing the mounting bracket NetComm Wireless Intelligent M2M Router 14 www.netcommwireless.com Ussing the m mounting brracket for wall moun nting By first attaching the DINN rail bracket to the wall, w the Intelligent M22M Router can be eassily attached and rem moved from the brackket. Figure 11 – Wal all mount - Mounted via ia DIN rail bracket Ussing the m mounting brracket for Top hat D DIN rail mo ounting The Intelligent M2M Routter may be vertically mounted to the wall with w the bracket by ssliding the bracket onnto a top hat DIN rail Figure re 12 - Top hat DIN railil mount Alterrnatively, you can attaach it to the DIN Rail by using the V bendd in the bracket as illuustrated below: Figurre 13 - Attaching the m mounting bracket to the t DIN rail using the V bend www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 15 Desk mount In situations where wall mounts and DIN rails are not required, you can simply place the Intelligent M2M Router on a desk using its rubber feet to prevent it from slipping. Figure 14 - Desk mount NetComm Wireless Intelligent M2M Router 16 www.netcommwireless.com Insta allation n an nd confiigurration of o th he In ntelllige ent M2M MR Routter Po owerin ng the router The Intelligent M2M Routter can be powered in one of three ways: 1. Power overr Ethernet (802.3af PooE) (available on the NTC-6200-01 only) 2. DC power iinput via 6-pin conneector (8-40V DC) 3. DC power iinput via field terminaated power source (88-40V DC) The green power LED onn the router lights up when a power sourcee is connected. Po ower over Ethernet (802.3af Po oE) (availaable on the e NTC-620 00-01 only)) Power over Ethernet (PoEE) is a method of connnecting network devvices through Etherneet cable where power and data are passeed along a single cabble. This may be a deesirable method of o have a single cable running to the Inttelligent M2M Router. powering the device if PooE is available, or if itt’s most convenient inn the desired installattion environment to only Therre are 5 power classees defined in the IEEEE 802.3-2005 standard, of which the Intel ligent M2M Router iss a class 3 device. CLASS CLASSIFICAATION CURRENT POW WER RANGE CLASS DEESCRIPTION 26-30 mA 6.49 – 12.95 W Mid power Tab able 7 - PoE power classses y router to a PoE innjector or PoE network switch using the bundled yellow Ethernnet cable 8P8C. To use PoE to power the Intelligent M2M Routter, simply connect your DC C power v via 6-pin co onnector The DC input jack can acccept power from a separately sold DC power supply. Both a standard temperaturre range DC power supply and an extendded temperature rangge DC power supply are available to purchase as accessories. To power the device via DC Power via the 6-ppin connector, removve the attached greenn terminal block from your router and connect the external DCC power supply to thee router’s green DC power jack. DC C power v via field terrminated power sou urce If an existing 8-40V DC ppower supply is availaable, you can insert the t wires into the suppplied terminal block to power your router. Use a No. 3 flatheadd screwdriver to tighten the terminal blocck s the polarity of the wires are correctlyy matched, as illustrated below. screws and secure the ppower wires, making sure Figure 155 - Locking Power Term minal Block TERMINAL www.netcommwireless.com DESCRRIPTION Positive wire for powerr. Ground wire. NetComm Wireeless Intelligent M2M Router 17 i I/O Dedicated terminal for ignition detection. Three terminals used for input/output detection. (Please refer to the User Guide). Table 8 - Locking power block pin outs Failover power support (NTC-6200-01 only) The Intelligent M2M Router includes support for connection of two power sources at the same time. When a PoE Ethernet cable is connected and DC power is also supplied to the DC input jack of the router, the router will source power exclusively from the PoE source. In the event that power from the PoE cable is lost, the router will automatically switch to source power from the DC input jack, without affecting the router’s operation. When PoE power is restored, the router automatically switches back to receive power from the PoE input source. Viewing power source information You can view the current power input mode in the Advanced status section of the device’s web user interface. This is useful for remotely monitoring the device. You can also use the Software Development Kit to access this information for advanced purposes (e.g. configuring SMS alerts to inform you of the power status of the router). To view the router’s power source information, log in to the router and expand the Advanced status box on the status page. See the Status section of this manual for more information on the status page. Power consumption To assist with power consumption planning, the following table summarises average power consumption during the various states of the Intelligent M2M Router under normal usage conditions. It’s important to note that this table serves as an indication only as the power consumed by the device is affected by many variables including signal strength, network type, and network activity. Average power consumption figures STATE POWER CONSUMPTION Powered on, idle and connected to packet data 1.2W Powered on, connected to packet data with average load 2.0W Powered on, connected to packet data with heavy traffic 4.0W Peak power draw at maximum 3G module transmission power 5.0W Table 9 - Average power consumption figures Installing the router After you have mounted the router and connected a power source, follow these steps to complete the installation process. 1. Connect equipment that requires network access to the Ethernet port of your router. This may be your computer for advanced configuration purposes, or your end equipment which requires data access via the Intelligent M2M Router. You can connect one device directly, or several devices using a network switch. If you’re using PoE as the power source, you need to connect any devices via an available data Ethernet port on your PoE power source (be it a PoE network switch or PoE power injector). 2. Ensure the external power source is switched on and wait 2 minutes for your Intelligent M2M Router to start up. To check the status of your router, compare the LED indicators on the device with those listed on page 8 of this guide. NetComm Wireless Intelligent M2M Router 18 www.netcommwireless.com Adv A vanc ced con nfig gura ation The Intelligent M2M Routter comes with precoonfigured settings thaat should suit most cuustomers. For advancced configuration, logg in to the web-basedd user interface of the router. To loog in to the web-baseed user interface routter: 1. Open a web browser (e.g. Internet Explorer, Firefox, Safari), type http://1 92.168.1.1 into the address bar and press Enter. The web-baased user interface log in screen is displayyed. Figure 16 – Log inn prompt for the web-bbased user interface 2. Enter the loogin username and password. If this is thee first time you are loggging in or you have not previously configgured the password ffor the “root” or “adm min” accounts, you caan use one of the default account details to log in. ADMIN MANAGER ACCOOUNT ROOT MANAGER ACCOUNT Username: addmin Useername: rooot Password: addmin Passsword: addmin Table 10 - M Management accountt login details Note: To acceess all features of thee router, you must use the root manager aaccount. For security reeasons, we highly recommend that you change the passwordds for the root and addmin accounts upon initial installation. Youu can do so by navigating to the System and then Administtration page. The Status page is displaayed when you log inn successfully. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 19 Status The status page of the web interface provides system related information and is displayed when you log in to the Intelligent M2M Router management console. The status page shows System information, LAN details, Cellular connection status, Packet data connection status and Advanced status details. You can toggle the sections from view by clicking the show or hide them. Extra status boxes will appear as additional software features are enabled (e.g. VPN connectivity). or buttons to Figure 17 - The Status page NetComm Wireless Intelligent M2M Router 20 www.netcommwireless.com ITEM DEFINITION System information System up time The current uptime of the router. Board version The hardware veersion of the router. Serial Number The serial numbber of the router. Software The software version number running on thhe router. Model The type of phone module and the firmwarre version of the module. Firmware version The firmware revvision of the phone modulee. IMEI The Internationaal Mobile Station Equipmennt Identity number used to uniquely identify a mobile device. LAN IP The IP address and subnet mask of the rouuter. MAC Address The MAC address of the router. Ethernet Port Status Displays the currrent status of the Ethernet port and its operating speeed. Cellular connection status SIM Status Displays the acttivation status of the router on the carrier network. Signal strength (dBm) The current signnal strength measured in d Bm Network registration statuus The status of thee router’s registration for thhe current network. Operator selection The mode used to select an operator netwwork. Current operator The current operator network in use. Roaming status The roaming staatus of the router. Allowed bands The bands to whhich the router may connecct. Current band The current band being used by the routerr. Coverage The mobile equipment identifier (MEID) of the router, a unique code for identifying devices on a CDMA network. WWAN Connection Statuus Profile name The name of thee active profile. Status The connection status of the active profile.. Default profile Indicates whether the current profile in usee is the default profile. WWAN IP The IP address assigned by the mobile bro roadband carrier network. DNS server The primary andd secondary DNS servers ffor the WWAN connection. APN The Access Poinnt Name currently in use. Connection uptime The length of tim me of the current mobile coonnection session. Advanced status Mobile country code The Mobile Country Code (MCC) of the rouuter. Mobile network code The Mobile Netw work Code (MNC) of the roouter. Signal quality (Ec/N0) A measurement of the portion of the receivved signal that is usable. This is the signal strength minus m the signal noise level.. Received signal code poower (RSCP) The power level of the signal on the currennt connection’s particular channel. Power input mode Displays whetheer power is currently being sourced from the PoE Ethernet port or from the DC innput jack (PoE available onn NTC-6200-01 only) HSUPA category Displays the HSUPA category (1-9) for thee current uplink HSDPA category Displays the HSDPA category (1-8) for thee current downlink. SIM ICCID The Integrated Circuit Card Identifier of thee SIM card used with the roouter, a unique number up to 19 digits in length. Primary scrambling codee (PSC) The Primary scrambling code for the curreent signal. DC input voltage Displays the currrent voltage of the power iinput source provided via the t DC Input jack Location area code (LACC) The ID of the cell tower grouping the curreent signal is broadcasting from. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 21 IMSI The International mobile subscriber identity is a unique identifier of the user of a cellular network. Cell ID A unique code that identifies the base station from within the location area of the current mobile network signal. Channel number (UARFCN) The channel number of the current 3G/2G connection. Table 11 - Status page item details NetComm Wireless Intelligent M2M Router 22 www.netcommwireless.com Interrnet The Internet section provvides configuration opptions for Wireless WAN, W LAN, Routing annd VPN connectivity. Data Co onnectio on The data connection pagge allows you to configure and enable/disable the connection profile. To access this page, click on the Networking menu, annd under the Wirelesss WAN menu, selectt the Dataa Connection item. Figure 118 – Data connectionn settings www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 23 ITEM DEFINITION Data connection Transparent Bridge (PPPoE) Toggles the transparent bridge function on and off. Profile name list Default Sets the corresponding profile to be the default gateway for all outbound traffic except traffic for which there are configured static route rules or profile routing settings. Status Toggles the corresponding profile on and off. If your carrier supports it, two profiles may be turned on simultaneously. APN The APN configured for the corresponding profile. Username The username used to log on to the corresponding APN. Roaming settings Allow data roaming When set to ON, the router will allow local devices to access the Wireless WAN network when the MachineLink 3G is roaming onto a foreign network. When set to OFF, the router will deny network access to data services when roaming onto a foreign network. This setting is ON by default. Table 12 - Data connection item details Connecting to the mobile broadband network The router supports the configuration of up to six APN profiles; these profiles allow you to configure the settings that the router will use to connect to the 2G/3G network and switch easily between different connection settings. For advanced networking purposes, you may activate a maximum of two profiles simultaneously (dependant on network support). When activating two connection profiles, you should avoid selecting two profiles with the same APN as this can cause only one profile to connect. Similarly, activating two profiles which are both configured to automatically determine an APN can cause a conflict and result in neither profile establishing a connection. We recommend that the two active connection profiles have differing, manually configured APNs to avoid connection issues and ensure smooth operation. Manually configuring a connection profile To manually configure a connection profile: 1. Click the Edit button corresponding to the Profile that you wish to modify. The data connection profile settings page is displayed. Figure 19 - Data connection profile settings NetComm Wireless Intelligent M2M Router 24 www.netcommwireless.com 2. Click the Prrofile toggle key to tuurn the profile on. Addditional settings appeear. Figure 20 - Dataa connection settings - Profile turned on 3. In the Profille name field, enter a name for the profilee. This name is only uused to identify the prrofile on the router. 4. Ensure thatt the Automatic APN selection toggle key is set to off. If it is noot, click it to toggle it to the off position. 5. In the APN field, enter the APN Name (Access Pointt Name) and if requireed, use the Usernam me and Password fieldds to enter your loginn credentials. 6. Next to Autthentication type, seleect the either CHAP or o PAP depending onn the type of authentiication used by your provider. 7. The Reconnnect delay field speccifies the number of seconds to wait betweeen connection attem mpts. The default settting of 30 seconds iss sufficient in most caases but you may modify it to wait up to 65535 seconds if you y wish. 8. The Reconnnect retries field speccifies the number of times to attempt to coonnect to the network if the router fails to establish a connectioon. It is set to 0 by deefault which causes the router to atttempt to reconnect inndefinitely. 9. The Metric value is used by routter to prioritise routess (if multiple are availlable) and is set to 200 by default. This valuue is sufficient in mosst cases but you mayy modify it if you are aware of the effect your changees will have on the service. 10. The MTU field allows you to modify the Maximum Transmission Unit usedd on the connection. Do not change this unless instructed to bby your carrier. 11. Use the NAAT Masquerading togggle key to turn NAT Masquerading on or off. NAT masquerading, also known simpply as NAT is a commmon routing feature which w allows multiple LAN devices to appear as a single WAN W IP via network address translation. Inn this mode, the routeer modifies network traffic sent and receivved to inform remote computers on the intternet behind the router actually originaated from the WAN IPP address of the routter’s internal NAT IP aaddress. This may bee disabled if a framedd that packetts originating from a machine route configguration is required and a local devices reqquire WAN IP addressses. 12. For advancced networking such as using dual simultaaneous PDP contextss, you may wish to coonfigure a particular profile to route only ccertain traffic via that profile by configuring a custom adddress and mask of traaffic to send via that profile. To do this, in the Profile routing seettings section, enter the Network addresss and Network mask of the remote network. If you do not want to use this featuure, or are unsure, please leave these fiellds blank, which will not designate any paarticular traffic to be rrouted via this profilee. For more informatioon on configuringg Profile routing settinngs, see the Setting a default gateway witth two active connecttion profiles example. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 25 13. Click the Save button when you have finished entering the profile details. Confirming a successful connection After configuring the packet data session, and ensuring that it is enabled, click on the Status menu item at the top of the page to return to the Status page. When there is a mobile broadband connection, the WWAN section is expanded showing the details of the connection and the Status field displays Connected. To see details on the connected session, you can click the Show data usage button. Figure 21 - Packet data connection status section NetComm Wireless Intelligent M2M Router 26 www.netcommwireless.com Connect t on De emand The connect on demand feature keeps the Paacket Data Protocol (PDP) context deactivvated by default while making it appear too locally connected ddevices that the routeer has a permanent attempts to esttablish a mobile broaadband data connection. connnection to the mobile broadband network. When a packet of innterest arrives or an SSMS wake-up commaand is received, the router Wheen the data connectioon is established, the router monitors traffic and terminates thee link when it is idle. Note: When interesting packets arrive, the recovery tim me for the wireless W WAN connection is appproximately 20-30 seeconds. Co onfiguring g Connect on Deman nd To configure Connect on demand: 1. Click the Networking menu item m from the top menu bar. 2. On the Connnect on demand pagge, click the Connectt on demand toggle key so that it is ON. Extra E options appear. See the following suub-sections for furtheer instructions. Figure 22 - Connnect on demand conffiguration options www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 27 Setting the router to dial a connection when traffic is detected on specific ports In some situations, you may wish to have the internet connection disabled except at times when outbound traffic to a particular external host’s port or range of ports is sent to the router. To use this feature, click Enable dial port filter and enter the port number or list of port numbers separated by commas. When you select this option, all outbound ICMP/TCP/UDP packets to any remote host on the specified port(s) will trigger the connection to dial. Note that when this feature is enabled, the options to ignore specific packet types are not available. Figure 23 – Dial on demand - Data activity triggered connection You can allow Microsoft network awareness (NCSI) traffic through but if you prefer that they do not trigger the connection, click the Ignore Microsoft network awareness (NCSI) traffic toggle key to set it to ON. Figure 24 - DIal on demand - Ignore NCSI traffic Excluding certain packet types from triggering the connection to dial Depending on your environment, you might prefer to exclude certain types of traffic passing through the router from triggering the data connection. You can tell the router to ignore outbound TCP, UDP or ICMP packets. When any of these options are checked the router will not dial a connection when that type of outbound destined data packet reaches the router from a locally connected device. Figure 25 – Dial on demand - Excluding IP protocols Excluding certain application types from triggering the connection to dial Some devices may generate general traffic as a part of normal operation which you may not want to trigger the data connection. You can set the router to ignore Domain Name System (DNS), Network Time Protocol (NTP) or Microsoft network awareness (NCSI) traffic from devices behind the router. When you check the box for these options, it tells the router to ignore the request from that application type and will not dial a connection when this data type is received. Figure 26 - Dial on demand - Excluding application types NetComm Wireless Intelligent M2M Router 28 www.netcommwireless.com Se etting time ers for conn nection an nd disconn nection The router has a numberr of timer settings which let you determine when a connection iis dialled and when it is disconnected. Figure 27 – Dial onn demand - Connect and an disconnect timers OPTION DESCRIPTION On data activity, stay online for at least When traffic as per the connfigured settings above apppear, the router will either continue to stay online, or dial a connection and will not disconnect it for the specified time periood (min. 1 minute, max. 1 hour). This timer is continuoously reset throughout the dduration of a dial-up sessioon, whenever data activity is detected mmatching the rules above. After connectingg, stay online for at least This timer configures the rrouter to not hang-up the connection for the specified time period after initially ddialling the connection. Thiss setting cannot be less than the keep onlinne period above. This timeer affects the connection onnly once per dial up session on, at the beginning of the session. After hanging upp, don’t redial for After a connection has beeen disconnected, you can tell the router to rest for a period of time before re-diaalling. Disconnect regaardless of traffic after Forces the router to disconnnect the connection regardless of the traffic passingg through it. The default setetting is never. If you want to have the rouuter dial a connection at regular intervals, use Connecct regularly, every to specifify the interval between diaals. Setting this to never effectively disables this option. Connect regularrly, every / Randomise connect frequency by up to The router also features thhe ability to randomise the time t at which the first dial action is performed. This iss useful in situations such as a where you have numerous routers in an area where a power outage has occurred. Settingg a random dial time helps to reduce network congesstion when all the routers are powered on soo they do not all try to connnect simultaneously. When it is set to at least 2 minutes, you are able to configure the router to randomise the time it begins to dial. The randomised dial timer only affects the initial dial after the unitt powers on or after the setttings are saved. For example, if you configure the rouuter to dial every 2 minutess with a randomised dial time of 1 minute, the router will dial the initial connection at a time greater than 2 minutess, but less than 3 minutes. After the first dial, the router will dial the connnection exactly every 2 minnutes. Tablee 13 - Connect on dem mand - Connect and dis isconnect timers descr criptions Ve erbose mo ode The router provides the ooption of logging all the data activity which matches the settinggs for the Dial on dem mand feature for advanced troubleshootinng purposes. To enable the logging of thee Dial on demand feature, clickk the Enable verbose mode toggle key to switch it ON. See thee System log section for more information. Figure 28 – Dial onn demand - Verbose loogging configuration www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 29 Manually connecting/disconnecting There may be times when you need to either force a connection to be made or force a disconnection manually. You can use the Manual connect and Manual disconnect buttons to do this whenever necessary. The online status of the connection is displayed above the buttons. Figure 29 - Dial on demand - Online/Offline control When you have finished configuring the options for the Dial on demand feature, click the Save button at the bottom to save your changes. SMS Wake up The router can also be woken up by means of an SMS message using the SMS diagnostics feature by sending a zero byte class 1 flash SMS. See the Diagnostics section for details on using the SMS Wake up function. NetComm Wireless Intelligent M2M Router 30 www.netcommwireless.com Operato or Settin ngs The Operator settings paage enables you to seelect which frequency band you will use ffor your connection and a enables you to sccan for available netwwork operators in youur area. Fi Figure 30 - Band settinngs p you are promptted to disable the data connection if it is Note: In ordeer to change the celluular band settings, thhe data connection mmust be disabled. Whhen you access this page, already activve. You may want to do this iif you’re using the rouuter in a country with multiple frequency nnetworks that may noot all support High Sppeed Packet Access (HSPA). You can select the router to onlyy connnect on the network ffrequencies that suit your y requirements. Use the Change band drrop down list to selecct the band you wish to t use. The following band settinngs options are availaable: All Baands GSM AAll WCDM MA All GSM 850 GSM 900 GSM 1800 GSM 1900 WCMDA 850 MA 900 WCDM MA 800 WCDM MA 1900 WCDM MA 2100 WCDM It is not necessary to chaange the default settinng of All bands in moost cases. In fact, loccking to a particular band b can cause connnection difficulties if thhe device is moved to t a location where thhe forceed band selection is no longer available. Wheen All bands is selecteed, the router attemppts to find the most suuitable band based oon the available netwworks for the inserted SIM card. The GSM All and the WCCDMA all options alloww you to force the deevice to lock to eitherr 2G networks only, or 3G networks only. Clickk the Save button to ssave and apply your selection. Op perator se ettings The operator settings feaature allows you perfoorm a scan of availabble networks, and to ooptionally lock to a particular network retuurned by the networkk scan. To scan for avvailable networks, set the and requires that the packet dataa session be disconneected prior to scanning. Seleect operator mode froom automatic to Manuual then click the scaan button. This operaation can take a few minutes www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 31 Figure 31 - Operator settings A list of the detected 3G service carriers in your area is displayed. Figure 32 - Detected operator list Select the most appropriate 3G service from the list shown and click Apply. When Select operator mode is set to Automatic, the router selects the most appropriate operator based on the inserted SIM card. This is the default option and is sufficient for most users. SIM security settings The SIM security settings page can be used for authenticating SIM cards that have been configured with a security PIN. Unlocking a PIN locked SIM If the SIM card is locked, you will receive a notice when you access the Status page after which you will be directed to the PIN settings page to enter the PIN. The PIN settings page lists the status of the SIM at the top of the page. If you are not redirected to the PIN settings page, to unlock the SIM: a) Click on the Networking menu from the top menu bar, and then click SIM security settings. Figure 33 - SIM security settings - SIM PIN locked NetComm Wireless Intelligent M2M Router 32 www.netcommwireless.com b) Enter the PIN in the Current PINN field and then enterr it again in the Confirrm current PIN field to t confirm the PIN. c) member PIN option. This T feature allows thhe router to automaticcally send the PIN to the If you are pplacing the router in a remote, unattendedd location, you may wwish to check the Rem SIM each tiime the SIM asks for it (usually at power up). u This enables the SIM to be PIN locked (to prevent unauthoorised re-use of the SSIM elsewhere), whilee still allowing the rouuter to connect to the cellular service. When this ffeature is enabled, thhe PIN you enter when setting the Rememmber PIN feature is enncrypted and stored locally on the router. The next time the SIM asks the router forr the PIN, the rouuter decrypts the PINN and automatically sends it to the SIM witthout user interventioon. When this ffeature is disabled annd the SIM is PIN locked and the PIN musst be manually entereed via the router‘s configuration interface.. In situations where the t router will be unattendedd, this is not desirablee. Note: Selectt Remember PIN if yoou do not want to entter the PIN code eachh time the SIM is inseerted. d) Click the Saave button. If successsful, the router displaays the following screeen: En nabling/Diisabling SIIM PIN pro otection The security PIN protection can be turned on or off using the PIN protection toggle keyy. FFigure 34 - PIN Setting ngs www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 33 Changing the SIM PIN code If you would like to change the PIN, click the Change PIN button and enter the current PIN into the Current PIN and Confirm current PIN fields, then enter the desired PIN into the New PIN and Confirm new PIN fields and click the Save button. Figure 35 - PIN settings - Change PIN When the PIN has been changed successfully, the following screen is displayed: Figure 36 - SIM security settings – PIN unlock successful NetComm Wireless Intelligent M2M Router 34 www.netcommwireless.com Un nlocking a PUK locke ed SIM Afterr three incorrect attem mpts at entering the PIN, the SIM card beecomes PUK (Personnal Unblocking Key) locked and you are reequested to enter a PPUK code to unlock it. Note: To obtaain the PUK unlock coode, you must contacct Vodafone. You will be issued a PUKK to enable you to unllock the SIM and enteer a new PIN. Enter tthe new PIN and PUKK codes. Clickk the Save button whhen you have finishedd entering the new PIN and PUK codes. Figure 377 - SIM security - SIM PUK P locked www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 35 LA AN LA AN configu uration The LAN configuration paage is used to configgure the LAN settingss of the router and to enable or disable DNNS Masquerading. Figure 338 – LAN configuration on settings The default IP of the Etheernet port is 192.168.1.1 with subnet maskk 255.255.255.0. To cchange the IP address or Subnet mask, enter e the new IP Addrress and/or Subnet mask m and click the Saave buttoon. Note: If you cchange the IP address, remember to rebooot the router and ennter the new IP addreess into your browser address bar. DN NS masquerad ding DNSS masquerading allowws the router to proxyy DNS requests from LAN clients to dynammically assigned DNSS servers. When enabled, clients on the ro router’s LAN can thenn use the router as a DNS server without needing too know the dynamicaally assigned cellular network DNS serverss. M2M Routeer hands out its own IP address (e.g. 192.168.1.1) as the DNSS server address to LAN L clients. The With DNS masquerading ON, the DHCP serveer embedded in the Intelligent M Router which proxiies them to the upstreeam DNS servers. downstream clients then send DNS requests to the Intelligent M2M With DNS masquerading OFF, the DHCP servver hands out the upstream DNS server IPP addresses to downnstream clients directtly, so that downstreaam clients send DNS requests directly to the upsttream DNS servers wwithout being proxied by the Intelligent M22M Router. You may also override the DNS Masquerading option by specifyinng custom DNS Serveer IP addresses in the DHCP Server configuration mentioned iin the next section off this guide. In this caase the DHCP server assignss downstream devicees the manually configgured addresses andd the DNS Masqueraading option is ignoreed. In most cases, it is not neecessary to disable DNS D masquerading but b if you need to, clicck the DNS masquerrading toggle key to turn it OFF and then cclick the Save buttonn. NetCComm Wireless Intelliggent M2M Router 36 www.netcommwirelless.com DH HCP The DHCP page is used to adjust the settingss used by the router’ss built in DHPC Serveer which assigns IP addresses to locally connected devices. DH HCP relay con nfiguration In addvanced networks coonfigurations where the Intelligent M2M Router should not be rresponsible for DHCPP assignment, but insstead an existing DHHCP server is located on the Wireless WANN connnection, the clients beehind the Intelligent M2M M Router are ablee to communicate witth the DHCP server when w DHCP relay is enabled. This enabless the Intelligent M2M Router to accept clieent broaadcast messages andd to forward them onto another subnet. To configure the router too act as a DHCP relay agent click the DHCCP relay toggle key tto turn it ON and enter the DHCP server address into the DHCCP server address fieeld. DHCP relay is disabled by default. Figure 339 – DHCP relay conffiguration DH HCP configura ation You can manually set thee start and end addreess range to be used to automatically asssign addresses withinn, the lease time of the assigned address,, the default domain name suffix, primary and secoondary DNS server, thhe primary and secondary WINS server, as a well as the advancced DHCP settings such s as NTP, TFTP annd Option 150/Optionn 160 (VoIP options). Figuure 40 - DHCP configuuration www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 37 OPTION DESCRIPTION DHCP start range Sets the first IP address of the DHCP range DHCP end range Sets the last IP address of the DHCP range DHCP lease time (seconds) The length of time in seconds that DHCP allocated IP addresses are valid Default domain name suffix Specifies the default domain name suffix for the DHCP clients. A domain name suffix enables users to access a local server, for example, server1, without typing the full domain name server1.domain.com DNS server 1 IP address Specifies the primary DNS (Domain Name System) server’s IP address. DNS server 2 IP address Specifies the secondary DNS (Domain Name System) server’s IP address. WINS server 1 IP address Specifies the primary WINS (Windows Internet Name Service) server IP address WINS server 2 IP address Specifies the secondary WINS (Windows Internet Name Service) server IP address NTP server (Option 42) Specifies the IP address of the NTP (Network Time Protocol) server TFTP Server (Option 66) Specifies the TFTP (Trivial File Transfer Protocol) server DHCP option 150 This is used to configure Cisco IP phones. When a Cisco IP phone starts, if it is not pre-configured with the IP address and TFTP address, it sends a request to the DHCP server to obtain this information. Specify the string which will be sent as a reply to the option 150 request. DHCP option 160 This is used to configure Polycom IP phones. When a Polycom IP phone starts, if it is not pre-configured with the IP address and TFTP address, it sends a request to the DHCP server to obtain this information. Specify the string which will be sent as a reply to the option 160 request. Enter the desired DHCP options and click the Save button. Address reservation list DHCP clients are dynamically assigned an IP address as they connect, but you can reserve an address for a particular device using the address reservation list. Figure 41 – DHCP – Address reservation list To add a device to the address reservation list: 1. Click the +Add button. 2. In the Computer Name field enter a name for the device. 3. In the MAC Address field, enter the device’s MAC address. 4. In the IP Address fields, enter the IP address that you wish to reserve for the device. 5. If the Enable toggle key is not set to ON, click it to switch it to the ON position. 6. Click the Save button to save the settings. NetComm Wireless Intelligent M2M Router 38 www.netcommwireless.com Dy ynamic DHCP client list The Dynamic DHCP cliennt list displays a list of o the DHCP clients. If you want to reservee the current IP addreess for future use, click the Clone button aand the details will bee copied to the addreess member to click the Save S button under thhe Address reservatioon list section to conffirm the configurationn. reservation list fields. Rem Figuree 42 - Dynamic DHCP client list www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 39 Routing Static Static routing is the alternative to dynamic routing used in more complex network scenarios and is used to facilitate communication between devices on different networks. Static routing involves configuring the routers in your network with all the information necessary to allow the packets to be forwarded to the correct destination. If you change the IP address of one of the devices in the static route, the route will be broken. Figure 43 - Static routing list Some routes are added by default by the router on initialization such as the Ethernet subnet route for routing to a device on the Ethernet subnet. Adding Static Routes To add a new route to the static routing list, click the +Add button. The Static routes page appears. 1. In the Route name field, type a name for the route so that it can be identified in the static routing list. 2. From the Network interface drop down list, select the interface for which you would like to create a static route. 3. In the Destination IP address field, enter the IP address of the destination of the route. 4. In the IP subnet mask field, enter the subnet mask of the route. 5. In the Gateway IP address field, enter the IP address of the gateway that will facilitate the route. 6. In the Metric field enter the metric for the route. The metric value is used by the router to prioritise routes. The lower the value, the higher the priority. To give the route the highest priority, set it to 0. 7. Click the Save button to save your settings. NetComm Wireless Intelligent M2M Router 40 www.netcommwireless.com Figurre 44 - Adding a staticc route Active routing liist Static routes are displayeed in the Active routinng list. Figgure 45 - Active routing ng list De eleting static rroutes From m the static routing lisst, click the icoon to the right of the entry e you wish to deleete. Figure re 46 - Deleting a statitic route www.netcommwireless.com NetComm Wireeless Intelligent M2M RRouter 41 RIP RIP (Routing Information Protocol) is used forr advertising routes too other routers. Thus all the routes in the router’s routing table will be advertised to other nearby routerss. For example, the rooute for thhe router’s Ethernet ssubnet could be adveertised to a router on the PPP interface sidde so that a router onn this network will knoow how to route to a ddevice on the router’s Ethernet subnet. Sttatic routees must be added manually according to your requirements. See S Adding Static Rooutes. Note: Some rrouters will ignore RIPP. Figgure 47 - RIP configura ration To enable Routing Inform mation Protocol (RIP) 1. Click the RIP toggle key to switcch it to the ON positioon. 2. Using the VVersion drop down lisst, select the version of RIP that you wouldd like to use. 3. Select the interface for which yoou want RIP to apply. You can choose thee LAN interface, the WWAN interface or Both. 4. Click the Saave button to confirm m your settings. NetCComm Wireless Intelliggent M2M Router 42 www.netcommwirelless.com Re edundancy y (VRRP) configurati ion Virtuual Router Redundanccy Protocol (VRRP) iss a non-proprietary reedundancy protocol designed to increasee the availability of the default gateway seervicing hosts on the same subnet. This increeased reliability is acchieved by advertisingg a “virtual router” (an abstract representtation of master and backup routers actingg as a group) as a deefault gateway to thee host(s) instead of onne physsical router. Two or m more physical routers are then configured to stand for the virtu al router, with only onne doing the actual routing at any given tiime. If the current phhysical router that is routing the data on behalf of the virtual routerr fails, an arrangemennt is made for anotheer physical router to automatically replace it. The physical routeter that is currently forwarding data on behhalf of the virtual router is called the master routerr. Master routers have a priiority of 255 and backup router(s) can havve a priority betweenn 1 and 254. A virrtual router must use 00-00-5E-00-01-XX as a its (MAC) addresss. The last byte of thee address (XX) is the Virtual Router Identifier (VRID), which is ddifferent for each virtuual router in the netwoork. This address is used by oonly one physical rouuter at a time, and is the only way that othher physical routers can c identify the masteer router within a virtuual router. Figuure 48 - VRRP configur uration To configure VRRP, confiigure multiple devicees as follows and connnect them all via an Ethernet network swiitch to downstream devices. 1. Click the Redundancy (VRRP) toggle key to activatee VRRP. 2. In the Virtuaal ID field, enter an IDD between 1 and 2555. This is the VRRP IDD which is different foor each virtual router on the network. 3. In the Router priority field, enterr a value for the priority – a higher value iss a higher priority. 4. The Virtual IP address field is ussed to specify the VRRRP IP address – thiss is the virtual IP address that both virtual routers share. 5. Click the Saave button to save thhe new settings. Note: Configuuring VRRP changess the MAC address off the Ethernet port annd therefore if you waant to resume with thee web configuration yyou must use the neww IP address (VRRP IP) I or on a commannd prompt type: M address). arp –d(i.e. arp –d 192.168 8.1.1) to clear the arp cache.(old MAC www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 43 Port Forwarding The Port forwarding list is used to configure the Network Address Translation (NAT) rules currently in effect on the router. Figure 49 – Port forwarding list The purpose of the port forwarding feature is to allow mapping of inbound requests to a specific port on the WAN IP address to a device connected on the Ethernet interface. Adding a port forwarding rule To create a new port forwarding rule: 1. Click the +Add button. The port forwarding settings screen is displayed. 2. Use the Protocol drop down list to select the type of protocol you want to use for the rule. The protocols selections available are TCP, UDP and All. 3. In the Source IP Address field, enter a “friendly” address that is allowed to access the router or a wildcard IP address (0.0.0.0) that allows all IP addresses to access the router. 4. The Source Port Range (From) and (To) fields are used to specify the port(s) on the source side that are to be forwarded. This allows you to send a range of consecutive port numbers by entering the first in the range in the (From) field and the last in the range in the (To) field. To forward a single port, enter the port in the (From) field and repeat it in the (To) field. 5. In the Destination network adress field, enter the IP address of the client to which the traffic should be forwarded. 6. The Destination Port Range (From) and (To) fields are used to specify the port(s) on the destination side that are to be forwarded. If the Source port range specifies a single port then the destination port may be configured to any port. If the Source port range specifies a range of port numbers then the Destination port range must be the same as the Source port range. 7. Click the Save button to confirm your settings. NetComm Wireless Intelligent M2M Router 44 www.netcommwireless.com Figuree 50 - Port forwarding settings a port forwardinng rule, click the To delete www.netcommwireless.com button on the Portt forwarding list for thhe corresponding rulee that you would like to delete. NetComm Wireeless Intelligent M2M Router 45 DMZ The Demilitarized Zone (DMZ) allows you to configure all incoming traffic on all protocols to be forwarded to a selected device behind the router. This feature can be used to avoid complex port forwarding rules, but it exposes the device to untrusted networks as there is no filtering of what traffic is allowed and what is denied. The DMZ configuration page is used to specify the IP Address of the device to use as the DMZ host. Figure 51 - DMZ configuration 1. Click the DMZ toggle key to turn the DMZ function ON. 2. Enter the IP Address of the device to be the DMZ host into the DMZ IP Address field. 3. Click the Save button to save your settings. NetComm Wireless Intelligent M2M Router 46 www.netcommwireless.com Ro outer Firew wall The Router firewall page is used to enable or disable the in-built firewall on the router. When enabled, the firewall performs stateeful packet inspectionn on inbound traffic from f the wireless WAAN and blocks all unknown sservices, that is, all seervices not listed on the Services configuuration page of the router. With respect to the other Routing options on the t Networking page, the firewall takes a low priority. The priority of the firewall cann be described as: DMZ > MAC/IP/Port filtering rulees > MAC/IP/Port filteering default rule > Roouter firewall rules In otther words, the firewaall is of the lowest prioority when comparedd to other manual rouuting configurations. Therefore, a MAC/IP/Port filtering rule takees priority in the evennt that there is a confflict of ruless. When DMZ is enabbled, MAC/IP/Port filteering rules and the roouter firewall are ignoored but the router wiill still honour the connfiguration of the Remmote router access coontrol settings listed under Adm ministration Settings. Figure 552 - Router Firewall tooggle key www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 47 MA AC / IP / P Port filterin ng The MAC/IP/Port filter feaature allows you apply a policy to the traffic that passes througgh the router, both inbound and outboundd, so that network acccess can be controlleed. When the filter is except thosee listed in the “Currennt MAC / IP / Port filtering rules in effect” liist. Conversely, whenn the default rule is seet to enabbled with a default rule of “Accepted”, all connections will be allowed “Droopped”, all connections are denied exceppt for those listed in thhe filtering rules list. Figuree 53 - MAC / IP / Portt filtering Note: When enabling MAC / IP / Port filtering and settting the default rule too “Dropped”, you shoould ensure that you have first added a filltering rule which alloows at least one knowwn MAC/IP to acccess the router, otheerwise you will not bee able to access the uuser interface of the router without resettinng the router to factoory default settings. Crreating a M MAC / IP / Port filterring rule To create a filtering rule: 1. Click the M MAC / IP / Port filterinng toggle key to switcch it to the ON positioon. 2. Using the DDefault rule (inbound//forward) drop down list, select the defau lt action for the routeer to take when traffic reaches it. By defauult, this is configured to Accepted. If you change thiss to Dropped, you shoould first configure a filter rule that allows at least one device access to the router, otherwise you will effffectively be locked out o of the router. 3. Click the Saave button to confirm m the default rule. 4. In the Curreent MAC / IP / Port filttering rules in system m section, click the +AAdd button. Figure 54 - Curren ent MAC / IP/ Port filte tering rules in effect 5. Enter the details of the rule in thhe section that is dispplayed and click the SSave button. NetCComm Wireless Intelliggent M2M Router 48 www.netcommwirelless.com Figure 55 - MAC / IP / Port filteering settings OPTION DESCRIPTIO ON Bound Use the drop down list to seelect the direction of the traaffic for which you want to apply a to the rule. Inbound rerefers to all traffic that is entering the roouter including data enterinng from the WAN and the LAN. L Outbound refers to all traffic exiting the router inccluding traffic leaving in the direction of thhe WAN and traffic leaving in the direction of the LAN. Forward specifies traffic that t enters on the LAN or WWAN side and is forwardedd to the oppposite end. Protocol Use the drop down list to seelect the protocol for the rule. You can have the rule apply to All protocols, TCP,, UDP, UDP/TCP or ICMP. Source MAC AAddress Enter the MAC address in siix groups of two hexadecim mal digits separated by co ons (:). e.g. 00:40:F4:CE:FFA:1E Source IP Adddress Enter the IPv4 address that tthe traffic originates from and a the subnet mask using CIDR notation. Destination IP Address Enter the IPv4 address that tthe traffic is destined for and the subnet mask using CIDR notation. Action Select the action to take for traffic which meets the aboove criteria. You can choosse to Accept or Drop packeets. When the default rule is set to Accept, wise, if the default rule is sett to Dropped you cannot create a rule with yoou cannot create a rule withth an Accept action since thhe rule is redundant. Likew a Drop action. Comment [O Optional] Use this field to eenter a comment as a meanningful description of the ruule. Table 14 - Currennt MAC / IP / Port filteering rules in effect 6. The new rule is displayed in thee filtering rules list. Yoou can edit the rule bby clicking the Edit button or delete the rule by clicking tthe button. Figuree 56 - Completed filter ering rule www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 49 VPN A Virrtual Private Network (VPN) is a tunnel prooviding a private link between two networrks or devices over a public network. Dataa to be sent via a VPNN needs to be encappsulated and as suchh is geneerally not visible to thhe public network. The advantages of a VPNN connection includee: Data PProtection Accesss Control Data OOrigin Authenticationn Data IIntegrity Eachh VPN connection haas different configurattion requirements. Thhe following pages deetail the configuration options available foor the different VPN cconnection types. Note: The following descriptions are an overview of thhe various VPN optionns available. More deetailed instructions are available in separaate whitepapers on the NetComm Wirelesss website. IPS Sec IPSeec operates on Layerr 3 of the OSI model and a as such can prottect higher layered pprotocols. IPSec is used for both site to site VPN and Remote AAccess VPN. The Inteelligent M2M Router suppports IPsec end pointts and can be configured with Site to Site VPN tunnels with thi rd party VPN routerss. Co onfiguring g an IPSec VPN From m the menu at the topp of the screen, click Networking and under the VPN section, cclick IPSec. A list of configured IPSec VPPN connections is dissplayed. Fig Figure 57 - IPSec VPN List Clickk the +Add button to begin configuring ann IPSec VPN connecttion. NetCComm Wireless Intelliggent M2M Router 50 www.netcommwirelless.com Figu gure 58 – IPSec profilee edit www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 51 NetComm Wireless Intelligent M2M Router 52 www.netcommwireless.com The following table descrribes each of the fieldds of the IPSec VPN Connection Settings page. ITTEM DEFINITION IPSec profile Enables or disabless the VPN profile. Profile name A name used to ideentify the VPN connection pprofile. Remote IPSec server adddress The IP address of thhe IPSec server. Remote LAN address Enter the IP address of the remote network forr use on the VPN connectioon. Remote LAN subnet massk Enter the subnet maask in use on the remote neetwork. Local LAN address Enter the IP address of the local network for u se on the VPN connection. Local LAN subnet mask Enter the subnet maask in use on the local netwwork. Encapsulation type Select the encapsulation protocol to use with tthe VPN connection. You can c choose ESP, AH or Any. IKE mode Select the IKE mode to use with the VPN connnection. You can choose Main, M Aggressive or Any. PFS Choose whether Peerfect Forward Secrecy is OON or OFF for the VPN connection. IKE encryption Select the cipher type to use for the Internet KKey Exchange. IKE hash Select the IKE Hashh type to use for the VPN coonnection. The hash is useed for authentication of pacckets for the key exchangee. IPSec encryption Select the IPSec encryption type to use with thhe VPN connection. IPSec hash Select the IPSec haash type to use for the VPN connection. The hash is used for authentication of packets for the VPN connecction. DH group Select the desired Diffie-Hellman group to usee. Higher groups are more secure but also require lonnger to generate a key. DPD action Select the desired Dead D Peer Detection actionn. This is the action to take when a dead Internet Keyy Exchange Peer is detecteed. DPD keep alive time Enter the time in seconds for the interval betwween Dead Peer Detection keep alive messages. DPD timeout Enter the time in seconds of no response fromm a peer before Dead Peer Detection times out. IKE re-key time Enter the time in seconds between changes oof the encryption key. To disable changing the key, seet this to 0. SA life time Enter the time in seconds for the security assoociation lifetime. Select the type of key mode in use for the VPNN connection. You can seleect from: Key mode Prre Shared Key RSSA keys Certificates Pre-shared key The pre-shared keyy is the key that peers usedd to authenticate each otheer for Internet Key Exchange. Remote ID Specifies the domain name of the remote netwwork. Local ID Specifies the domain name of the local netwo rk. Update Time Displays the last tim me the key was updated. Local RSA Key Upload Select the RSA key file for the local router heree by clicking the Browse button. Remote RSA Key Uploadd Select the RSA key file for the remote router heere by clicking the Browsee button. Private key Passphrase The Private key passsphrase of the router is thee passphrase used when generating the router’s private key using OpenSSL CAA. Key / Certificate Select the type of key or certificate to use for aauthentication. You can select Local private key, Locaal public certificate, Remotte public certificate, CA cerrtificate, CRL certificate. IPSec Certificate Upload Select the IPSec ceertificate to upload by clickiing the Browse button. Table 115 - IPSec Configuratiion Items www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 53 Op penVPN OpenVPN is an open souurce virtual private neetwork (VPN) program m for creating point-too-point or server-to-m multi-client encryptedd tunnels between hoost computers. It can traverse network adddress w well through prroxy servers and cann run over TCP and UDP transslation (NAT) and fireewalls and allows autthentication by certificcate, pre-shared keyy or username and paassword. OpenVPN works transsports. Support for OOpenVPN is available on several operatingg systems, including Windows, Linux, Macc OS, Solaris, OpenBBSD, FreeBSD, NetBSSD and QNX. Co onfiguring g an Open VPN serve er From m the menu at the topp of the screen, click Networking and from m the VPN section on the left, click OpenVVPN. A list of configurred OpenVPN VPN cconnections is displayyed. Figu gure 59 - OpenVPN VPN PN List Clickk the +Add button forr the type of OpenVPN server/client you would w like to configuree. Op penVPN Se erver To configure an OpenVPN Server: 1. Click the OOpenVPN profile toggle key to switch it to the t ON position. 2. Type a nam me for the OpenVPN server profile you aree creating. 3. Use the Seerver port field to seleect a port number andd then use the drop ddown list to select a packet type to use for your OpenVPN Serrver. The default OpeenVPN port is 1194 annd default paccket type is UDP. 4. In the VPN network address and VPN network subnnet mask fields, enterr the IP address and network subnet mask to assign to your VPPN. This is ideally an internal IP address which differs from m your existing addresss scheme. 5. Next to Difffie-Hellman parameteers, click the Generatte DH button. This wiill create an encryptioon key to secure your OpenVPN connectiion. 6. Under Servver Certificates, enterr the required details. All fields must be coompleted. The Counttry field must consist of two characters onnly. When the details have been entered, click the Generaate CA certificate buttton to generate the Certificate Authority (CCA) certificate basedd on this information. 7. Under the SServer certificates seection, select the Authhentication type that yyou would like to usee for the OpenVPN Seerver. Note: The DDiffie-Hellman parameeters can take up to 10 1 minutes to generaate. Please be patientt. NetCComm Wireless Intelliggent M2M Router 54 www.netcommwirelless.com Ce ertificate Auth hentication In the Certificate Manageement section, enter the required details to t create a client certtificate. All fields are required. When you have finished enterinng the details, click thhe Generate button. Figure Fi 60 - OpenVPN se server configuration – Certificate manageme ment w format you wouuld like. If for some reeason the integrity of your Wheen it is done, you can click the Download P12 button or the Doownload TGZ button tto save the certificatee file depending on which netwwork has been comprromised, you can retuurn to this screen andd use the Certificate drop down list to seleect the certificate andd then press the Revvoke button to disablee it. Optioonal: To inform the OOpenVPN server of the network address scheme of the currenttly selected certificatte, enter the network address and networkk subnet mask in the respective fields andd clickk the Set network infoormation button. If yoou do not enter the remote subnet here, anny packet requests from the server to the client will not be recceived by the client network because it is not aware of the remote cliennt’s subnet. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 55 Figure 61 – OpenVPN server profile settings NetComm Wireless Intelligent M2M Router 56 www.netcommwireless.com Use ername / Passsword Authen ntication In the Username/Passwoord section, enter the username and password you would like tto use for authentication on the OpenVPN N Server. Click the Doownload CA certificatte button to save the ca.crt file. This file will need to be provided to the client. Note: If yoou wish to have moree than one client connnect to this OpenVPNN server, you must usse Certificate authenttication mode as Useername/Password only allows for a single client connectioon. Figure 62 - OpenVPPN Server – Usernamee / Password section Optioonal: To inform the OOpenVPN server of the network address scheme of the currenttly selected certificatte, enter the network address and networkk subnet mask in the respective fields andd clickk the Set Network Infoormation button. If yoou do not enter the reemote subnet here, aany packet requests from f the server to thee client will not be recceived by the client network because it is not aware of the remote cliennt’s subnet. Wheen you have finished eentering all the required information, clickk Save to finish configguring the OpenVPN server. Co onfiguring g an OpenV VPN Clien nt 1. Click the OOpenVPN profile toggle key to switch it to the t ON position. 2. In the Profille name field, type a name for the OpenVVPN client profile you are creating. 3. In the Serveer IP address field, tyype the WAN IP address of the OpenVPNN server. 4. Use the Seerver port field to seleect a port number andd then use the drop ddown list to select a packet type to use for the OpenVPN serveer. The default OpenVPN port is 1194 andd default paccket type is UDP. 5. If the Defauult gateway option is applied on the OpennVPN client page, thee OpenVPN server wiill enable connections to be made to otheer client networks connnected to it. If it is noot selected, thhe OpenVPN connecction allows for securee communication linkks between this routeer and the remote OpenVPN server only. 6. Use the Authentication type options to select the Autthentication type thatt you would like to usse for the OpenVPN client. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 57 Certificate Authentication In the Certificate upload section at the bottom of the screen, click the Browse button and locate the certificate file you downloaded when you configured the OpenVPN server. When it has been selected, click the Upload button to send it to the router. Figure 63 - OpenVPN client - Certificate upload Username / Password Authentication Enter the username and password to authenticate with the OpenVPN server. Figure 64 - OpenVPN Client - Username/Password section Use the Browse button to locate the CA certificate file you saved from the OpenVPN Server and then press the Upload button to send it to the router. Click the Save button to complete the OpenVPN Client configuration. Configuring an OpenVPN P2P Connection To configure an OpenVPN peer-to-peer connection: 1. Set the OpenVPN profile toggle key to switch it to the ON position. 2. In the Profile name field, type a name for the OpenVPN P2P profile you are creating. 3. On the router designated as the master, leave the Server IP address field empty. On the router designated as the slave, enter the WAN IP address of the master. NetComm Wireless Intelligent M2M Router 58 www.netcommwireless.com Figure 65 - OpenVPN P2P modde settings 4. Use the Seerver port field to seleect a port number andd then use the drop ddown list to select a packet type to use for the OpenVPN serveer. The default OpenVPN port is 1194 andd default paccket type is UDP. 5. In the Locaal IP Address and Remote IP Address fields, enter the respecttive local and remotee IP addresses to usee for the OpenVPN tunnnel. The slave should have the reverse settings of tthe master. 6. Under the RRemote network secttion, enter the networrk Address and netwoork Subnet mask. The Network Address and a Network Mask fieelds inform the Masteer node of the LAN address sccheme of the slave. 7. Press the GGenerate button to crreate a secret key to be shared with the sllave. When the timesstamp appears, you can c click the Downloaad button to save thee file to exchange withh the other routerr. 8. When you hhave saved the secreet key file on each router, use the Browse button to locate the secret key file for thee master and then preess the Upload button to send it to the slaave. Perform thee same for the other router, uploading the slave’s secret key fille to master. 9. When they are uploaded click thhe Save button to complete the peer-to-ppeer OpenVPN configguration. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 59 PPTP-Client The Point-to-Point Tunnelling Protocol (PPTP) is a method for implementing virtual private networks using a TCP and GRE tunnel to encapsulate PPP packets. PPTP operates on Layer 2 of the OSI model and is included on Windows computers. Configuring the PPTP Client To configure the PPTP client: 1. From the menu bar at the top of the screen, click Networking and then from the VPN section on the left side of the screen, click PPTP client. The PPTP client list is displayed. Figure 66 - PPTP client list 2. Click the +Add button to begin configuring a new PPTP client profile. The PPTP client edit screen is displayed. Figure 67 - VPN PPTP client edit NetComm Wireless Intelligent M2M Router 60 www.netcommwireless.com 3. Click the Ennable PPTP client toggle key to switch it to the ON position. 4. In the Profille name list, enter a profile name for the tunnel. This may be aanything you like andd is used to identify thhe tunnel on the routeer. 5. Use the Ussername and Passwoord fields to enter the username and passsword for the PPTP acccount. 6. In the PPTPP server address field, enter the IP addreess of the PPTP serveer. 7. From the Authentication type drrop down list, select the t Authentication typpe used on the serveer. If you do not know the authentication mmethod used, select any a and the router wiill m: attempt to ddetermine the correcct authentication type for you. There are 5 authentication typess you can choose from CHAPP – uses a three way handshake to authennticate the identity of a client. MS-CHAP v1 – This is the Microsoft implementation of the Challengge Handshake Authenntication Protocol for which support was ddropped in Windows® ® Vista. implementaation of the Challengee Handshake Authenntication Protocol which was introduced inn Windows® NT 4.0 and a is still supported MS-CHAP v2 - This is the Microsoft todayy. mended because it PAP – The Password Authentication Protocol uses a password as a means of authenticaation and as such, is commonly supportedd. PAP is not recomm transm mits passwords unenncrypted and is not seecure. protocool commonly used in wireless networks. EAP – Extensible Authenticcation Protocol. An Authentication 8. The metric value helps the routeer to prioritise routes and must be a numbber between 0 and 655535. The default value is 30 and should nnot be modified unless you are aware of the effect your changes will have. 9. The Use peeer DNS option allowws you to select whethher the remote clientss will use the Domainn Name Server of the PPTP server. Click thhe toggle key to set this t to ON or OFF as required. 10. NAT masquuerading allows the router to modify the packets sent and receeived to inform remotte computers on the internet that packetss originating from a machine behind the roouter actually origginated from the WAN IP address of the router’s internal NAT IP address. Click thee toggle key to switchh this to the ON positition if you want to usee this feature. 11. Set default route to PPTP sets all a outbound data packets to go out throuugh the PPTP tunnel. Click the toggle key to switch this to the OON position if you waant to use this featuree. 12. The Verbosse logging option setss the router to outputt detailed logs regardding the PPTP connection in the System Log L section of the rouuter interface. 13. The Reconnnect delay is the timee in seconds that the router will wait beforre attempting to connnect to the PPTP server in the event that thhe connection is brokken. The minimum tim me to wait is 30 seconds so as to not flood the PPTP serveer with connection reqquests, while the maxximum time to wait is 65335 seconds. 14. The Reconnnect retries is the num mber of connection attempts that the routter will make in the evvent that the PPTP coonnection goes downn. If set to 0, the routeer will retry the conneection indefinitely,, otherwise the maxim mum number of timess to retry cannot be ggreater than 65335. 15. Click the Saave button to save thhe changes. The VPNN will attempt to connnect after your click Save. S Click the Status button at the top leftft of the interface to reeturn to the status winndow and monitoor the VPN’s connection state. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 61 GRE tunnelling The Generic Route Encapsulation (GRE) protocol is used in addition to Point-to-Point Tunnelling Protocol (PPTP) to create VPNs (virtual private networks) between clients and servers or between clients only. Once a PPTP control session establishes the VPN tunnel GRE is used to securely encapsulate the data or payload. Configuring GRE tunnelling To configure GRE tunnelling: 1. From the menu bar at the top of the screen, click Networking and then from the VPN section on the left side of the screen, click GRE. The GRE client list is displayed. Figure 68 - GRE client list 2. Click the +Add button to begin configuring a new GRE tunnelling client profile. The GRE Client Edit screen is displayed. Figure 69 – GRE client edit 3. Click the Enable GRE Tunnel toggle key to switch it to the ON position. NetComm Wireless Intelligent M2M Router 62 www.netcommwireless.com 4. In the Profille name, enter a proffile name for the tunnnel. This may be anytthing you like and is used u to identify the tuunnel on the router. 5. In the GRE server address fieldd, enter the IP addresss of the GRE server. 6. In the Locaal tunnel address fieldd, enter the IP addresss you want to assignn the tunnel locally. 7. In the Remote tunnel address field, enter the IP address you want to asssign to the remote tunnnel. 8. In the Remote network address field, enter the IP adddress scheme of thee remote network. 9. In the Remote network subnetm mask field, enter the subnet mask of the reemote network. 10. The TTL (TTime To Live) field is an a 8-bit field used to remove an undeliverrable data packet froom a network to avoidd unnecessary netwoork traffic across the internet. The default value of 255 is the upper limit on the time t that an IP datagram can exist. The vaalue is reduced by att least one for each hop h the data packet ttakes to the next routter on the route to thee datagram’ss destination. If the TTTL field reaches zeroo before the datagramm arrives at its destination the data packet is discarded and ann error message is seent back to the sendeer. 11. The Verbosse logging option setss the router to outputt detailed logs regardding the GRE tunnel in the System Log section of the router intterface. 12. The Reconnnect delay is the timee in seconds that the router will wait beforre attempting to connnect to the GRE serveer in the event that thee connection is broken. The minimum tim me to wait is 30 seconds so as to not flood the GRE serverr with connection reqquests, while the maxximum time to wait is 65335 seconds. 13. The Reconnnect retries is the num mber of connection attempts that the routter will make in the evvent that the GRE connection goes down.. If set to 0, the router will retry the connecction indefinitely,, otherwise the maxim mum number of timess to retry cannot be ggreater than 65335. 14. Click the Saave button to save thhe changes. The VPNN will attempt to connnect after your click Save. S Click the Status button at the top leftft of the interface to reeturn to the status winndow and monitoor the VPN’s connection state. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 63 Services Dynamic DNS The DDNS page is used to configure the Dynamic DNS feature of the router. A number of Dynamic DNS hosts are available from which to select. Figure 70 – Dynamic DNS settings Dynamic DNS provides a method for the router to update an external name server with the current WAN IP address. To configure dynamic DNS: 1. Click the DDNS configuration toggle key to switch it to the ON position. 2. From the Dynamic DNS drop down list, select the Dynamic DNS service that you wish to use. The available DDNS services available are: www.dhs.org www.dyndns.org www.dyns.cx www.easydns.com www.justlinux.com www.ods.org www.tzo.com www.zoneedit.com 3. In the Username and Password fields, enter the logon credentials for your DDNS account. Enter the password for the account again in the Verify password field. 4. Click the Save button to save the DDNS configuration settings. NetComm Wireless Intelligent M2M Router 64 www.netcommwireless.com Network k time (NTP) The NTP (Network Time PProtocol) settings pagge allows you to configure the Intelligent M2M Router to synchhronize its internal cloock with a global Inteernet Time server andd specify the time zone for for features ssuch as System Log entries and Firewall settings where the cuurrent system time is displayed and recorrded. the location of the router.. This provides an acccurate timekeeping function Any NTP server availablee publicly on the interrnet may be used. Thhe default NTP serverr is 0.netcomm.pool.nntp.org. FFigure 71 - NTP setting ngs Co onfiguring g Timezone e settings To configure time zone settings: 1. The Currennt time field shows thee time and date configured on the router. If this is not accuratee, use the Time zonee drop down list to seelect the correct time zone for the router. If the selected zoone observes daylighht savings time, a Dayylight savings time scchedule link appearss below the drop dow wn list. Click the link too see the start and end times for daylight savings. 2. When you hhave selected the correct time zone, clickk the Save button to ssave the settings. Co onfiguring g NTP settings To configure NTP settings: 1. Click the Network time (NTP) tooggle key to switch it to the ON position. 2. In the NTP service field, enter thhe address of the NTTP server you wish to use. 3. The Synchrronization on WWANN connection toggle key k enables or disabl es the router from peerforming a synchronization of the time eaach time a mobile brooadband connection is establishedd. 4. The Daily ssynchronisation toggle key enables or disaables the router fromm performing a synchrronization of the time each day. 5. When you hhave finished configuuring NTP settings, click the Save button tto save the settings. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 65 Data stream manager The data stream manager provides you with the ability to create mappings between input ports and output ports (e.g. Serial Port, SMS, GPS, USB) and performs any required translation or data processing by each virtual data tunnel. Customers interested in developing their own applications to create custom mappings can contact NetComm Wireless about our Software Development Kit. To add a new data stream: 1. Click the +Add button on the right side of the page. Figure 72 - Data stream list 2. Click the Activate toggle key so that it is in the ON position. Figure 73 - Activate button 3. In the Data stream name field, enter a name to identify the mapping on the Data stream list. 4. Under the Endpoint A section, use the Type drop down list to select the input port. In the Mode drop down list, select the mode of the input port. If Endpoint A is set to Serial, use the displayed drop down lists to specify further parameters about the serial port settings and PAD settings if required. 5. Under the Endpoint B section, use the Type drop down list to select the output port. Use the Mode drop down list to select the mode of the output port. Enter any other details as required for the type of output you have selected. 6. Click the Save button to confirm your settings. NetComm Wireless Intelligent M2M Router 66 www.netcommwireless.com Watchdo ogs To access the Watchdoggs page, click the Services menu item, theen select the Watchddogs menu item on the left. Figuure 74 - Watchdogs Seettings Watcchdogs are features wwhich monitor the router for anomalies annd restart the router iff an anomaly occurs preventing its normaal operation. When coonfigured, the watchddogs feature transmitts conttrolled ping packets tto 1 or 2 user specifieed IP addresses to confirm an active connnection. If the watchddog does not receivee responses to the pinngs after a specified number of failures, it will rebooot the device in a lasst resort attempt to reestore connectivity. We recommend using caaution when implemeenting this feature in situations where the ddevice is intentionallyy offline for a particulaar reason, for exampple, when Dial-on-dem mand has been enabbled. This is because the watcchdog expects to be able a to access the innternet at all times, annd will always eventually reboot the routerr if access isn't restorred by the time the various timers expire and the fail f count is reached. d to the nature of tthe watchdog being a last resort standaloone backup mechanissm that it will continuue to do its job and reeboot the device evenn when the Dial-on-ddemand session is idlle, or It is due the mobile broadband coonnection is disabledd by the user. Therefoore, we recommendeed that you disable thhis feature if Dial-on-ddemand is configuredd or if the mobile broadband connection will be inntentionally disconneected on occasion. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 67 The watchdog works as ffollows: a) The router ssends 3 consecutive pings to the first desstination address at tthe interval specified in the Periodic Ping timer field. b) If all 3 pings to the first destination address fail, the router sends 3 conseecutive pings to the second destination adddress at the Periodicc Ping timer interval. c) If all 3 pings to the second desttination address fail, the t router sends 3 pi ngs to the first destinnation address using the Periodic Ping acccelerated timer interrval. d) If all 3 acceelerated pings to the first destination addrress fail, the router seends 3 pings to the second destination adddress at the Periodicc Ping accelerated timer interval. e) If all 3 acceelerated pings to the second destination address fail, the routeer registers this as a fail and returns to steep C. f) When the nnumber of failures reaaches the number coonfigured in the Fail ccount field, the routerr reboots. If any ping succeeds, the routerr returns to step A annd does not reboot. Note: The Peeriodic Ping timer shoould not be set to a value v of less than 2100 seconds to allow the router time to reconnect to the cellular nnetwork following a reboot. the periodic pping reset monitor, seet Fail count to 0. To disable Figuree 75 – Ping watchdog settings NetCComm Wireless Intelliggent M2M Router 68 www.netcommwirelless.com Co onfiguring g Periodic Ping settin ngs The Periodic Ping settinggs configure the routeer to transmit controlled ping packets to 2 specified IP addresses. If the router does not receive responnses to the pings, thee router will reboot. To configure the ping waatchdog: 1. In the First destination address field, enter a websitee address or IP addreess to which the router should send the first round of ping req uests. 2. In the Secoond destination addreess field, enter a webbsite address or IP adddress to which the router should send the second round of piing requests. 3. In the Perioodic Ping timer field, enter an integer betwween 300 and 65535 for the number of seeconds the router shoould wait between pinng attempts. Setting this to 0 disables thee ping watchdog ffunction. 4. In the Perioodic Ping acceleratedd timer field, enter an integer between 60 and 65535 for the nuumber of seconds thee router should wait bbetween acceleratedd ping attempts, i.e. pings to the second destination addreess. Setting this to 0 disables the ping wattchdog function 5. In the Fail ccount field, enter an integer between 1 annd 65535 for the nummber of times an acceelerated ping should fail before the router reboots. Setting this to 0 disables the pinng watchdog ffunction. Diisabling th he Periodic c Ping rese et function To disable the Periodic PPing reset function, seet Fail count to 0. Note: The trafffic generated by the periodic ping featuree is usually counted aas chargeable data usage. Please keep this in mind when seleecting how often to ping. Co onfiguring g a Periodiic reboot The router can be configured to automaticallyy reboot after a periodd of time specified inn minutes. While this is not necessary, it does ensure that in thee case of remote installations, the router will rebooot if some anomaly ooccurs. 1. In the Forcee reboot every field, enter the time in minutes between forced reboots. The defaultt value is 0 which disables the Periodic reeboot function. The minimum period betweeen reboots is 5 minutes while the maximum value is 655535 minutes. 2. If you have configured a forced reboot time, you cann use the Randomisee reboot time drop doown list to select a random reboot timer. RRandomising the rebooot time is useful for preventing a large number of deevices from rebootingg simultaneously andd flooding the networrk with connection attempts. The router wiill wait for the configuured Force reboot every time and thhen randomly reboot within w the configuredd Randomise reboot ttime. 3. Click the Saave button to save thhe settings. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 69 SNMP SNMP configuration The SNMP page is used to configure the SNMP features of the router. Figure 76 - SNMP configuration SNMP (Simple Network Management Protocol) is used to remotely monitor the router for conditions that may warrant administrative attention. It can be used to retrieve information from the router such as the signal strength, the system time and the interface status. To configure SNMP: 1. Click the SNMP toggle key to switch it to the ON position. 2. Enter Read-only community name and Read-write community name which are used for client authentication. Community names are used as a type of security to prevent access to reading and/or writing to the routers configuration. It is recommended that you change the Community names to something other than the default settings when using this feature. 3. Click the Save button to save any changes to the settings. The Download button displays the Management information base (MIB) of the router. The MIB displays all the objects of the router that can have their values set or report their status. The MIB is formatted in the SNMP-related standard RFC1155. NetComm Wireless Intelligent M2M Router 70 www.netcommwireless.com SN NMP traps SNM MP traps are messagees from the router to the Network Manageement System sent ass UDP packets. Theyy are often used to nootify the managementt system of any significant events such ass whetther the link is up or ddown. Co onfiguring g SNMP tra aps To configure SNMP trapss: 1. In the Trap destination field, entter the IP address to which SNMP data is to be sent. 2. In the Hearrtbeat interval field, enter the number of seeconds between SNMMP heartbeats. 3. Use the Traap persistence field too specify the time in seconds that an SNMMP trap persists. 4. Use the Traap retransmission tim me to specify the lenggth of time in secondss between SNMP trapp retransmissions. FFigure 77 - SNMP trapps To send a manual SNMPP Heartbeat, click the Send heartbeat button. When you have ffinished configuring the t SNMP traps, clickk the Save button to ssave the settings. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 71 TR R-069 To access the TR-069 coonfiguration page, clicck the Services menu item, then select thhe TR-069 menu item on the left. Figure re 78 - TR-069 configu guration The TR-069 (Technical RReport 069) protocol is a technical specificcation also known as CPE WAN Managem ment Protocol (CWMPP). It is a framework fofor remote management and autoconffiguration of end-userr devices such as customer-premises equuipment (CPE) and AAuto Configuration Seervers (ACS). It is parrticularly efficient in aapplying configuration updates across netwworks to multiple CPEEs. TR-0069 uses a bi-directioonal SOAP/HTTP-bassed protocol based on the application layeer protocol and provides several benefits for the maintenancee of a field of CPEs: Simplifies the initial configuration of a device during installation Enables easy restoration of o service after a factoory reset or replacemment of a faulty device Firmwware and software verrsion management Diagnnostics and monitoring Note: You muust have your own coompatible ACS infrastructure to use TR-0669.In order to accesss and configure the TR-069 settings you mmust be logged into thhe router as the root user. TR R-069 confi figuration To configure TR-069: 1. Click the Ennable TR-069 toggle key to switch it to the ON position. 2. In the ACS URL field, enter the Auto Configuration Server’s full domain nname or IP address. 3. Use the ACCS username field to specify the username for the Auto Configguration Server. 4. In the ACS password and Verifyy ACS password fieldds, enter the Auto Coonfiguration Server paassword. 5. In the Connnection Request Username field, enter thee username to use foor the connection requests. 6. In the Connnection Request Password and Verify passsword fields, enter thhe connection request password. 7. The inform message acts as a beacon to inform the ACS of the existencee of the router. Click the t Enable periodic ACS A informs toggle kkey to turn on the perriodic ACS inform messages. 8. In the Inform m Period field, enter the number of seconnds between the inforrm messages. 9. Click the Saave button to save thhe settings. NetCComm Wireless Intelliggent M2M Router 72 www.netcommwirelless.com GPS The built-in GPS module allows you to use loccation-based services, monitor field deplooyed hardware or findd your current locatioon. The GPS Status wwindow provides up to date information abbout location and tthe current GPS signal conditions (positioon dilution of precisioon (PDOP), horizontal dilution of precision (HDOP) and verticall dilution of precision (VDOP)) of the routeer. the current To use the GPS function, set the GPS operation toggle key to ON and click the Save bbutton. The Google map button pprovides a quick shoort cut to show your roouter’s current positioon on a map and beccause GPS positioninng relies on accurate clock settings to obttain the correct inforrmation about your loocation, the Clock Synnc button allows you to quickly set the rouuter clock to the correect time. This ensures you will always havve the correct GPS position information available. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 73 SMS messaging The Intelligent M2M Router offers an advanced SMS feature set, including sending messages, receiving messages, redirecting incoming messages to another destination, as well as supporting remote commands and diagnostics messages. Some of the functions supported include: Ability to send a text message via a CDMA network and store it in permanent storage. Ability to receive a text message via a CDMA network and store it in permanent storage. Ability to forward incoming text messages via a CDMA network to another remote destination which may be a TCP/UDP server or other mobile devices. Ability to receive run-time variables from the device (e.g. uptime) on request via SMS Ability to change live configuration on the device (e.g. network username) via SMS. Ability to execute supported commands (e.g. reboot) via SMS Ability to trigger the Intelligent M2M Router to download and install a firmware upgrade Ability to trigger the Intelligent M2M Router to download and apply a configuration file To access the SMS messaging functions of the Intelligent M2M Router, click on the Services menu item from the top menu bar, and then select one of the options under the SMS messaging section on the left hand menu. Setup The Setup page provides the options to enable or disable the SMS messaging functionality and SMS forwarding functionalities of the router. SMS messaging is enabled by default. Figure 79 - General SMS Configuration NetComm Wireless Intelligent M2M Router 74 www.netcommwireless.com OPTION DEFINITION Geneeral SMS configuration SMSS messaging Toggles the SMS functionalityy of the router on and off. Messsages per page (10-50) The number of SMS messagees to display per page. Muust be a value between 10 and 50. Encooding scheme The encoding method used ffor outbound SMS messages. GSM 7-bit mode permits up to 160 characters peer message but drops to 500 characters if the message inccludes special characters. UCS-2 mode allows the seending of Unicode charactters and permits a message to bee up to 50 characters in lenngth. SMSS forwarding configuration Forwwarding Toggles the SMS forwarding function of the router on and off. Redirect to mobile Enter a mobile number as thee destination for forwardedd SMS messages. TCP address Enter an IP address or domaain name as the destinationn for forwarded SMS messaages using TCP. TCP port The TCP port on which to connnect to the remote destinaation. UDPP address Enter an IP address or domaain name as the destinationn for forwarded SMS messaages using UDP. UDPP port The UDP port on which to coonnect to the remote destination. Tabl ble 16 - SMS Setup Set ettings SM MS forward ding config guration Incoming text messages can be redirected too another mobile device and/or a TCP/UDDP message server. Re edirect to m mobile You can forward incominng text messages to a different destinationn number. This destinnation number can be another mobile phoone or a 3G router phhone number. For Example: If someone sends a text m message and Redireect to mobile is set to “+61412345678”, thhe text message is stoored on the router annd forwarded to “+61 412345678” at the saame time. To disable redirection to a mobile, clear the Redirect to mobile field and click the Savee button. Re edirect to T TCP / UDP P address You can also forward inccoming text messages to a TCP/UDP baseed destination. The TTCP or UDP server caan be any kind of pubblic or private server if the server acceptss incoming text-basedd messages. The TCP/UDP address caan be an IP address or domain name. The port number rangee is from 1 to 65535. Please refer to your TCP/UDP based SMSS server configurationn for which port to use. For Example: If someone sends a text m message and TCP address is set to “192.168.20.3” and TCP port is set to “2002”,, this text message is stored in the router aand forwarded to “1992.168.20.3” on port “20002” at the same time. To disable redirection to a TCP or UDP addreess, clear the TCP adddress and UDP addrress fields and click the Save button. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 75 New message The New message page can be used to send SMS text messages to a single or multiple recipients. A new SMS message can be sent to a maximum of 100 recipients at the same time. After sending the message, the result is displayed next to the destination number as “Success” or “Failure” if the message failed to send. By default, only one destination number field is displayed. Additional destination numbers may be added one at a time after entering a valid number for the current destination number field. To add a destination number, click the button and to remove the last destination in the list, click the button. Figure 80 - SMS - New Message Destination numbers should begin with the “+” symbol followed by the country calling code. To send a message to a destination number, enter the “+” symbol followed by the country calling code and then the destination number. For example: To send a message to the mobile destination number 0412345678 in Australia (country calling code 61), enter “+61412345678”. After entering the required recipient numbers, type your SMS message in the New message field. As you type your message, a counter shows how many characters you have entered out of the total number available for your chosen encoding scheme. When you have finished typing your message and you are ready to send it, click the Send button. NetComm Wireless Intelligent M2M Router 76 www.netcommwireless.com Inb box / Outb box The Inbox displays all recceived messages thaat are stored on the router while the Outboox displays all sent messages. Figure 81 - SMS Inboox FFigure 82 - SMS Outbbox ICON DESCRIPTION Forwward button. Click this buttton to open a new messag e window where you can forward the corresponding message to another recipiient. Repply button. Click this buttonn to open a new message wwindow where you can reply to the sender. Addd to White list. Click this button to add the sender’s mmobile number to the white list on the router. Delete button. Click this button to delete the correspondding message. Reffresh button. Click this buttoon to refresh the inbox or ooutbox to see new messages. Tabl ble 17 - Inbox/Outboxx icons www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 77 Diagnos stics The Diagnostics page is used to configure thee SMS diagnostics and command executtion configuration. Thhis allows you to channge the configurationn, perform functions remotely and check on o the MS commands. statuus of the router via SM To access the Diagnosticcs page, click on the Services menu item then select the SMSS menu on the left andd finally select Diagnostics beneath it. Figure 83 - SMS diagnnostics and commandd execution configurati tion SM MS diagnostics and command execution n configura ation The options on this pagee are described beloww. Enable remote d diagnostics an nd command execution Enabbles or disables the rremote diagnostics feeature. If this setting is enabled all incomiing text messages arre parsed and tested for remote diagnostiics commands. If rem mote diagnostics com mmands are found, the router executes thhose commands. Thiss feature is enabled by default. All remotee diagnostic commannds that are receivedd are stored in the Inbbox. Note: It is possible to adjust setttings and prevent youur router from functiooning correctly using remote diagnostics. If this occurs, you wiill need to perform a factory reset in orderr to mal operation. restore norm a a password whenn utilising this featuree to prevent unauthorised access. See thee White list descriptioon for more informatioon. We highly reecommended that yoou use the white list and NetCComm Wireless Intelliggent M2M Router 78 www.netcommwirelless.com On nly accept auth henticated SM MS messages Enabbles or disables checcking the sender’s phhone number againstt the allowed sender white list for incoming diagnostics and coommand execution SSMS messages. ming message against the If authentication is enableed, the router will cheeck if the sender’s nuumber exists in the wwhite list. If it exists, thhe router then checkss the password (if connfigured) in the incom passsword in the white listt for the correspondinng sending number. If they match, the diaagnostic or commandd is executed. If thee number does not exxist in the white list or the password does not match, the routeer does not execute the incoming diagnosstic or command in thhe SMS message. This is enabled by default and it is strongly addvised that you leavee this feature enabledd to maintain securityy. Sen nd Set comma and acknowle edgement rep plies The Intelligent M2M Routter will automatically reply to certain typess of commands receiived, such as get com mmands, or execute commands. Howeveer replies from the Intelligent M2M Router are MS Wakeup command. If optioonal with set commannds and the Wakeup command. This option Enables or disablles sending an acknoowledgment message after execution of a set command or SM disabled, the router doess not send any acknoowledgement after exxecution of a set commmand or SMS Wakeuup command. All ackknowledgment replies es are stored in the Outbox after they havee beenn sent. This can be useful to determine if a commandd was received and executed by the routeer. This option is disaabled by default. Sen nd acknowled dgement repllies to This option allows you to specify where to sennd acknowledgment messages after the eexecution of a set, orr exec command. f number is seleccted, the acknowledggement message will be sent to the numbber defined in the Fixeed number to send reeplies to field. If the ssender’s number is selected, the If a fixed acknnowledgement messaage will be sent to the number that the SM MS diagnostic or commmand message origginated from. The deffault setting is to use the sender’s number. Fix xed number to o send repliess to This field defines the desstination number to which w error messagess are sent after the exxecution of a get, set, or exec command. This field is only dispplayed when Send Error E SMS to is set to Fixed Number. Sen nd command error repliess Enabbles or disables the ssending of an error message resulting from the execution of a get, set, or exec com mmand. All error replies are stored in the Outbox after they haave been sent. Sen nd error repliies to Wheen Send Error SMS foor Get/Set/Exec Com mmand is set to ON, this option is used to specify where the errror SMS is sent. Use the radio buttons to select either Fixed Number or SMS Sendder Num mber. When set to SM MS Sender Number thhe router will reply to the originating numbber of the SMS diagnostic or command. When W set to Fixed Nu mber the router will send s the error messaages to the number specified iin the following field. Sen nd a maximum m number of You can set the maximum m number of acknowwledgement and errorr messages sent wheen an SMS diagnosticc or command is executed. The maximumm limit can be set perr hour, day, week or month. The router will send a maaximum of 100 repliess by default. The number of messagess sent is shown beloww the options. The total transmitted messaage count resets afteer a reboot or at the beginning of the time frame specified. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 79 White List for diagnostic or execution SMS The white list is a list of mobile numbers that you can create which are considered “friendly” to the router. If Only accept authenticated SMS messages is enabled in the diagnostics section, the router will compare the mobile number of all incoming diagnostic and command messages against this white list to determine whether the diagnostic or command should be executed. You may optionally configure a password for each number to give an additional level of security. When a password is specified for a number, the SMS diagnostic or command message is parsed for the password and will only be executed if the number and password match. Figure 84 - White list for diagnostic or execution SMS A maximum of 20 numbers can be stored on the router in the white list. To add a number to the white list, click the “+Add” button. Figure 85 – Adding a number to the SMS white list The White List numbers and passwords can be cleared by pressing the button to the right of each entry. To add a number to the white list, enter it in the Destination number field and optionally define a password in the Password field. When you have finished adding numbers click the Save button to save the entries. NetComm Wireless Intelligent M2M Router 80 www.netcommwireless.com Se ending g an SM MS Diag gnostic Comm mand Folloow the steps below too configure the routerr to optionally acceptt SMS diagnostic commmands only from auuthenticated senders and learn how to seend SMS diagnostic commands to the router. 1. Navigate too the Services > SMSS messaging > Diagnnostics page 2. Confirm thaat the Enable remote diagnostics and com mmand execution togggle key is set to the ON position. If it is seet to OFF click the tooggle key to switch it to the ON position. 3. If you wish to have the router onnly accept commands from authenticated senders, ensure thaat Only accept authennticated SMS messagges is set to the ON position. In the Whitee list for diagnosstic or execution SMSS messages section, click the +Add butto n and enter the sendder’s number in internnational format into thhe Destination numbeer field that appears. If you wish too also configure a passsword, enter the passsword in the Passwo word field corresponding to the destinationn number. 4. If you wouldd prefer to accept SM MS diagnostic commands from any sendeer, set the Only accept authenticated SMSS messages toggle kkey to the OFF positioon. Note: An alteernative method of addding a number to thhe white list is to sendd an SMS message to the router, navigatee to Services > SMS messaging > Inbox and then click the button next tto the message whicch corresponds to thee sender’s number. 5. Click the Saave button. Ty ypes of SM MS diagnosstic comma ands Therre are three types of ccommands that can be sent; execute, gett and set. The basic syntax is as follows: execuute COMMAND get VAARIABLE set VAARIABLE=VALUE If authentication is enableed, each command must m be preceded byy the password: MMAND PASSWORD execute COM PASSWORD get VARIABLLE PASSWORD set VARIABLE=VALUE The following are some eexamples of SMS diaggnostic commands: passwword6657 execute reboot get rsssi set appn1=testAPNvalue SM MS acknow wledgment replies The router automatically replies to get commaands with a value andd execute commandss with either a successs or error response. Set commands will oonly be responded too if the Send Set ment replies toggle keey is set to ON. If thee Send command erroor replies toggle key is set to ON, the router will send a reply if the command is coorrect but a variable or command acknowledgem valuee is incorrect, for exaample, due to misspeelling. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 81 SMS command format Generic Format for reading variables: get VARIABLE PASSWORD get VARIABLE Generic Format for writing to variables: set VARIABLE=VALUE PASSWORD set VARIABLE=VALUE Generic Format for executing a command: Execute COMMAND PASSWORD execute COMMAND Replies Upon receipt of a successfully formatted, authenticated (if required) command, the gateway will reply to the SMS in the following format: TYPE SMS CONTENTS get command “VARIABLE=VALUE” set command “Successfully set VARIABLE to VALUE” execute command “Successfully executed command COMMAND” NOTES Only sent if the acknowledgment message function is enabled Table 18 - SMS Diagnostic Command Syntax Where “VARIABLE” is the name of the value to be read Where “VARIABLE (x)” is the name of another value to be read Where “VALUE” is the content to be written to the “VARIABLE” Where “COMMAND” is a supported command to be executed by the device (e.g. reboot) Where “PASSWORD” is the password (if configured) for the corresponding sender number specified in the White List Multiple commands can be sent in the same message, if separated by a semicolon. For Example: get VARIABLE1; get VARIABLE2; get VARIABLE3 PASSWORD get VARIABLE1; get VARIABLE2 set VARIABLE=VALUE1 ; set VARIABLE2=VALUE2 PASSWORD set VARIABLE1=VALUE1; set VARIABLE2=VALUE2; set VARIABLE3=VALUE3 If required, values can also be bound by an apostrophe, double apostrophe or back tick. For Example: “set VARIABLE=’VALUE’” “set VARIABLE=”VALUE”” “set VARIABLE=`VALUE`” “get VARIABLE” NetComm Wireless Intelligent M2M Router 82 www.netcommwireless.com www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 83 A paassword (if required),, only needs to be sppecified once per SMS, but can be prefixeed to each commandd if desired. “PASSSWORD get Variable1”; “get VARIABLE22” “PASSSWORD set VARIABBLE1=VALUE1”; “sett VARIABLE2=VALUEE2” executes the remaininng command line afteer the If thee command sent includes the “reboot” coommand and has alreeady passed the whitte list password checck, the device keeps this password and ex rebooot with this same passsword. For Example: “PASSSWORD execute rebboot; getVariable1”; “get VARABLE2” “PASSSWORD execute rebboot; PASSWORD geet Variable1”; “get VAARABLE2” Note: Commands, variables and values are case senssitive. Lisst of valid command ds A list of valid commands which can be used in i conjunction with thhe execute commandd are listed below: “pdppcycle”, “pdpdown” and “pdpup” commaands can have a profile number suffix ‘x’ aadded. Without the suffix s specified, the command operates aggainst the default proofile configured on thhe profiile list page of the Weeb-UI. COMMANDD NAME DESCRRIPTION reboot Immediately performs a soft reboot. pddpcycle Disconnects (if connecteted) and reconnects the daata connection. If a profile number is selected in the ccommand, try to disconnecct/reconnect the specified profile in casee the profile is active. If no profile number is selected, try to disconnect/reconnecct the current active profilee. Reports an error if no profile number is selecteed and there is no currently activated profile. pddpdown Disconnects the PDP. Iff a profile number is selecteed in the command, the rouuter tries to disconnect thee specified profile in case the profile is active. If no profile number is selecteed, try to disconnect the cuurrent active profile. Reports an error if no profile nummber is selected and there is no currently activated profile. pddpup Reconnects the PDP. If a profile number is selecteed in the command, the rouuter tries to connect with the he specified profile. If no prrofile number is selected, the router triess to connect to the last active profile. The gateway will check the currently activaated profile and disconnecct this profile before executing the commandd. The router reports an errror if no profile number is seelected and there is no stoored last active profile number. facctorydefaults Performs a factory resett on the router. Performs a download annd install of a Firmware Upgrade (.cdi), Config File (.tar.gz) or a help documentt (.pdf) file. If the file is a firmware immage as in the case of a .ccdi file, the router will apply the recovery image first annd then the main firmware image. The download location is specified immmediately after the commannd and may be from an HTTTP or FTP source URL. If the file is a .tar.gz file, the router will apply the file as a configuration file update for the device and rebboot afterwards. doownload If the file is a .pdf, the roouter will assume this is a user u guide document and save s it to the router and maake the file available for vieewing via the help menu on the Web-UI. Note: If your download UURL includes any space characters, please encode these prior to transmission according to RFC1738, foor example: ftp://username:passwordd@serveraddress/directoryy%20with%20spaces/filenaame.cdi Note: Authenticated FTPP addresses may be used following the format as deffined in RFC1738, for exammple: ftp://username:passwordd@serveraddress/directoryy/filename.cdi Table 19 - List st of Valid SMS diagnoostic commands NetCComm Wireless Intelliggent M2M Router 84 www.netcommwirelless.com The following table lists vvalid variables where “x” is a profile numbber (1-6). If no profile is specified, variablees are read from or written to for the curreent active profile. If a profile is specified, variaables are read from oor written to for the sppecified profile number (‘x’). RDB VARIABLE NAAME SMS VARIABLE NAME READ/W WRIT DESCRRIPTION EXAM MPLE VALUE link.profile.1.enable Reaad: link.profile.1.appn (proofile no,atd#xxx,user,pass,,auth,iplocal,status) link.profile.1.useer 1,atatd#777,username,passworrd, chap,202.44.185.111,up profile link.profile.1.paass RW Profile link.profile.1.autth_type Writite: link.profile.1.iploocal (atdd#xxx, user, pass,auth) link.profile.1.staatus atd# d#777,username,password link.profile.1.useer username RW 3G username Gueest, could also return “null”” password RW 3G password Gueest, could also return “null”” link.profile.1.paass link.profile.1.autth_type authtype RW 3G Authentication type ”paap” or”chap” link.profile.1.iploocal wanip WAN IP addresss 2022.44.185.111 wwan.0.radio.innformation.signal_strength rssi 3G signal strength -655 dBm meid MEID number 0x000A1000021D003BB usage 3G data usage of current session “Rxx 500 bytes, Tx 1024 bytes, Total 1524 bytes” or “Rx 0 byte, Tx 0 bytete, Total 0 byte” when wwan down wanuptime Up time of current 3G session 1 ddays 02:30:12 or 0 days 00:00:00 when wwan down wwan.0.meid statistics.usagee_current statistics.usagee_current 10 /proc/uptime deviceuptime Device up time 1 ddays 02:30:12 11 wwan.0.system_network_status.current_bband band Current Frequency channel & band CHH:425 PCS-B Band Table 20 - List of SMS diagnostitics variables SM MS diagnostics exam mples The examples below dem monstrate various com mbinations of supporrted commands. Thiss is not an exhaustivee list and serves as an example of possibiilities only. DDESCRIPTION AUTTHENTICATION INPUT EXAMPLE Not requireed set username=’NetComm’ Required PASSWORD set usernname= ”NetComm” Not requireed set password= `NetCoomm` Required PASSWORD set passwword= `NetComm` Not requireed set authtype= ‘pap’ Required PASSWORD set authttype = pap Not requireed execute reboot Required PASSWORD execute reboot Not requireed get wanip Required PASSWORD get wanipp Not requireed get rssi Required PASSWORD get rssi Send SMS to channge the data connection ussername Send SMS to channge the data connection paassword Send SMS to channge the data connection authentication Send SMS to rebooot Send SMS to checck the WAN IP address Send SMS to checck the mobile signal strenggth www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 85 Not required get meid Required PASSWORD get meid Not required get band Required PASSWORD get band Not required execute pdpcycle Required PASSWORD execute pdpcycle Not required execute pdpdown Required PASSWORD execute pdpdown Not required execute pdpup Required PASSWORD execute pdpup Not required get wanip; get rssi Required PASSWORD get wanip; get rssi Not required set ssh.genkeys=1; set username=test; set auth=pap Required PASSWORD set ssh.genkeys=1; set username=test; set auth=pap Not required execute factorydefaults Required PASSWORD execute factorydefaults Not required get status Required PASSWORD get status Send SMS to retrieve the history of the session, including start time, end time and total data usage Not required get sessionhistory Required PASSWORD get sessionhistory Send SMS to configure the router to send syslog to a remote syslog server Not required set syslogserver Required PASSWORD set syslogserver Send SMS to wake up the router, turn on the default gateway and trigger the ‘connect on demand’ profile if in waiting state. Not required execute wakeup Required PASSWORD execute wakeup Send SMS to check the MEID number Send SMS to check the current band Send SMS to Disconnect (if connected) and reconnect the data connection Send SMS to disconnect the data connection Send SMS to connect the data connection Send multiple get command Send multiple set command Send SMS to reset to factory default settings Send SMS to retrieve status of router execute download http://download.com:8080/firmware_image.cdi Not required execute download http://download.com:8080/firmware_image_r.cdi Send SMS to perform firmware upgrade when firmware is located on HTTP server PASSWORD execute download http://download.com:8080/firmware_image.cdi Required PASSWORD execute download http://download.com:8080/firmware_image_r.cdi execute download ftp://username:password@download.com/firmware_image.cdi Not required execute download ftp://username:password@ download.com/firmware_image_r.cdi Send SMS to perform firmware upgrade when firmware is located on FTP server PASSWORD execute download ftp://username:password@ download.com/firmware_image.cdi Required PASSWORD execute download ftp://username:password@ download.com/firmware_image_r.cdi Not required set pppoe=0 Required PASSWORD set pppoe=0 Send SMS to turn on PPPoE and set dialstring and service name Not required set pppoe=1,atd#777, Test Required PASSWORD set pppoe=1,atd#777, Test Send SMS to retrieve the PPPoE status, currently configured dial string and service name Not required get pppoe Required PASSWORD get pppoe Not required set ledmode=10 Required PASSWORD set ledmode=10 Not required get ledmode Required PASSWORD get ledmode Not required get ssh.proto Required PASSWORD get ssh.proto Send SMS to turn off PPPoE Send SMS to set the LED mode timeout to 10 minutes Send SMS to retrieve the current LED mode Retrieve current SSH protocol NetComm Wireless Intelligent M2M Router 86 www.netcommwireless.com Not requireed set ssh.proto=1 Required PASSWORD set ssh.pproto=1 Not requireed get ssh.passauth Required PASSWORD get.ssh.ppassauth Not requireed set ssh.passauth=1 orr set ssh.passauth=0 Required PASSWORD set ssh.ppassauth=1 or PASSWORD set ssh.passauth=0 Not requireed execute ssh.genkeys Required PASSWORD execute ssh.genkeys Not requireed execute ssh.clearkeyss Required PASSWORD execute ssh.clearkeys Not requireed get MEID Select SSH protoccol Retrieve passwordd authentication status Enable/disable paassword authentication on host Generate set of puublic/private keys on the hoost Clear client publicc keys stored on host Retrieve the MEIDD of the router Required PASSWORD get MEIDD Table 21 - SM MS diagnostics exampple commands www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 87 System Log The Log pages are used to display or download the System log and IPSec logs on the router. System log The System Log enables you to troubleshoot any issues you may be experiencing with your Intelligent M2M Router. To access the System Log page, click on the System menu. The System Log is displayed. Figure 86 - System log file Log file Use the Display level drop-down list to select a message level to be displayed. The message levels are described in the table below. To download the System log for offline viewing, right-click the Download button and choose Save as.. to save the file. To clear the System log, click the Clear button. The downloaded log file is in Linux text format with carriage return (CR) only at the end of a line, therefore in order to be displayed correctly with new lines shown, it is recommended to use a text file viewer which displays this format correctly (e.g. Notepad++). Log data is stored in RAM and therefore, when the unit loses power or is rebooted, it will lose any log information stored in RAM. To ensure that log information is accessible between reboots of the router there are two options: 1. Enable the Log to file option NetComm Wireless Intelligent M2M Router 88 www.netcommwireless.com 2. Use a remoote syslog server www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 89 Enable the log to file option When the router is configured to log to a file, the log data is stored in flash memory, making it accessible after a reboot of the router. Up to 512kb of log data will be stored before it is overwritten by new log data. Flash memory has a finite number of program-erase operations that it may perform to the blocks of memory. While this number of program-erase operations is quite large, we recommend that you do not enable this option for anything other than debugging to avoid excessive wear on the memory. Use a remote syslog server The router can be configured to output log data to a remote syslog server. This is an application running on a remote computer which accepts and displays the log data. Most syslog servers can also save the log data to a file on the computer on which it is running allowing you to ensure that no log data is lost between reboots. To configure the Intelligent M2M Router to output log data to a remote syslog server: 1. Click on the System menu from the top menu bar. The System log item is displayed. 2. Under the Remote syslog server section, enter the IP address or hostname of the syslog server in the IP / Hostname [:PORT] field. You can also specify the port number after the IP or hostname by entering a semi-colon and then the port number e.g. 192.168.1.102:514. If you do not specify a port number, the router will use the default UDP port 514. 3. Click the Save button to save the configuration. Figure 87 - System log ITEM DEFINITION All Display all system log messages. Debug Show extended system log messages with full debugging level details. Info Show informational messages only. Notice Show normal system logging information. Warning Show warning messages only. Error Show error condition messages only. Table 22 - System log detail levels NetComm Wireless Intelligent M2M Router 90 www.netcommwireless.com IPS Sec log The IPSec log section proovides the ability for you to download the log for the IPSec VPPN function. This can assist in troubleshoooting any problems yoou may have with thee IPSec VPN. Figure 88 - IPSec logg Use the Log level drop down list to specify the type of detail you want w to capture in thee log and then click the Save button. When you change the loggging level, any activve IPSec VPN tunnelss will be disconnected as a chhange in logging leveel requires the IPSec service to be restarteed. To download the IPSec loog, click the Downloaad IPSec log button and a you will be prommpted to save the file. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 91 Sy ystem C Config guration Se ettings bac ckup and restore The settings backup / resstore page is used too backup or restore thhe router’s configurattion or to reset it to faactory defaults. In ordder to view the settinggs page you must bee logged into the webb user dmin. The backup / restore functions caan be used to easily configure a large num mber of Intelligent M22M Router by configuuring one router with your interrface as root usinng the password ad desired settings, backingg them up to a file and then restoring that file to multiple Intelliggent M2M Routers. Figure 89 – Settings backup and a restore Bac ck up your ro outer’s configu uration Log in to the web configuuration interface, click on the System mennu and select Settinggs backup and restoree. If you want to password pprotect your backup configuration files, enter your password i n the fields under Saave a copy of currentt settings and click onn Save. If you don’t want w to password prootect yourr files, just click on Saave. The router will thhen prompt you to select a location to savve the settings file. Note: The folllowing conditions apply: It is NOT poossible to edit the contents of the file dowwnloaded; if you modiify the contents of thee configuration file in any way you will nott be able to restore it later. You may chhange the name of thhe file if you wish but the filename extensioon must remain as “.cfg” Resstore your ba ackup configu uration 1. In the web configuration interfacce click on the System menu and select SSettings backup and restore. 2. From the RRestore saved settings section, click on Brrowse or Choose a fiile and select the bacckup configuration file on your computer. 3. Click Restoore to copy the settinggs to the new Intelligent M2M Router. Thee router will apply theese settings and inforrm you it will reboot - click on OK. Resstoring the ro outer’s factory y default confiiguration Clickk the Restore Defaultts button to restore thhe factory default connfiguration. The routeer asks you to confirm m that you wish to resstore factory default ssettings. If you wish to continue with the restooring of factory defauults, click OK. Note: All currrent settings on the roouter will be lost when performing a restorre of factory default settings. The device IP address will changge to 192.168.1.1 and the default usernam me root and ddefault password ad dmin will be configgured. NetCComm Wireless Intelliggent M2M Router 92 www.netcommwirelless.com Up pload To access the Upload paage, click on the Systtem menu, then System Configuration andd then Upload. The Upload page allows you to upload firmwaare files, HTTPS certificates or user createed application packaages to the Intelligentt M2M Router. When firmware files have been b uploaded, they can also be installed from thiss page. PDF files, such as this user guidee may also be uploadded for access on thee router’s help page. For more m information on aapplication developm ment, contact NetCom mm Wireless about o ur Software Development Kit. FFigure 90 - Upload pag age Up pdating the e Firmwarre The firmware update process involves first uppdating the recovery image firmware and then updating the main firmware image. Note: In ordeer to perform an updaate, you must be loggged into the router witth the root manager account (see the Advvanced configurationn section for more deetails). To update the Intelligent M2M Router’s firmwaare: 1. Power on thhe router as describeed in the Installing thee router section. 2. Log in to thhe router with the roott user account (See the t Advanced config uration section for deetails) 3. Select the SSystem item from thee top menu bar, selecct the System configuuration item from the menu on the left andd then select the Uplooad menu item. 4. Under the FFile uploads section, click the Browse buttton. Locate the recoovery firmware image file on your computeer and click Open. Thhe recovery image is named ntc_nwl12__x.xx.xx.x_r.cdi while the main system firm mware image is nameed ntc_nwl12_x.xx.xxx.x.cdi. 5. Click the Upload button. The firm mware image is uploaaded to the storage oon the router. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 93 Figure 91 - File upload 6. Repeat steps 4 and 5 for the main system firmware image. 7. The uploaded firmware images are listed in the Uploaded files section. Click the Install link next to the recovery image to begin installing the recovery firmware image and then click OK on the confirmation window that appears. Figure 92 - Uploaded files 8. The recovery firmware image is flashed and when it is complete, the router displays “The firmware update was successful” and returns to the main Upload screen. Figure 93 - Recovery firmware flash process NetComm Wireless Intelligent M2M Router 94 www.netcommwireless.com 9. Click the Innstall link to the right of o the main firmware image you uploadedd and then click OK to t confirm that you waant to continue with tthe installation. Note: Do not remove the power when w the router’s LEDDs are flashing as thiss is when the firmware update is in processs. 10. The installaation is complete wheen the countdown reaaches zero. The routeer attempts to redirecct you to the Status page. Figure 94 --– Installing main firm mware image 11. Hold down the reset button on the t router for 15-20 seconds to reboot andd restore the factory default settings of the router. See the Resstoring factory default settings section forr more information. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 95 Package manager The Package Manager page is used to provide details of any user installed packages on the router and allow them to be uninstalled. For more information on application development, contact NetComm Wireless about our Software Development Kit. Figure 95 – Software applications manager The Application name, Version number of the application, the architecture type and time of installation are all displayed. Clicking the Package details link will display a pop-up window with further details of the package. To uninstall any software applications, click the Uninstall link. NetComm Wireless Intelligent M2M Router 96 www.netcommwireless.com Ad dministratiion setting gs To access the Administraation Settings page, click c on the System menu m then the Adminnistration menu on thee left and then click on o Administration Setttings. The Administration settings page is used to enable or disable prottocols used for remotte access and configgure the passwords for the user accountss used to log in to thee router. Figur ure 96 - Administrationn page www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 97 OPTION DEFINITION Remote router access coontrol Enable HTTP Enable or disaable remote HTTP access to t the router. You can also set the port you would likee remote HTTP access to be available on. HTTP management port Enter a port nuumber between 1 and 65534 to use when accessing the router remotely. Enable HTTPS Enable or disaable remote HTTPS accesss to the router using a secuure connection. Remote HTTPS access pport Enter a port nuumber between 1 and 65534 to use when accessing the router remotely over a secure HTTPS connection. Enable Telnet Enable or disaable remote telnet (command line) access to the routeer. Enable SSH Enable or disaable Secure Shell on the router. Remote SSH Access Portrt Enter the port number for remote SSH acccess. Must be a port num ber between 1 and 65534.. Enable Ping Enable or disaable remote ping responses on the WWAN connectioon. Web User Interface accoount Username Use the drop down list to select the root or admin account to changge its web user interface password. Password Enter the desired web user interface passsword. Confirm password Re-enter the desired web user interface password. Telnet/SSH account Username Displays the Telnet/SSH.username. This may not be changed. Password Enter the desired Telnet/SSH password. Confirm password Re-enter the desired Telnet/SSH password. Table 23 - Ad Administration configuuration options To access the router’s coonfiguration pages reemotely: 1. Open a neww browser window annd navigate to the WAAN IP address and aassigned port number of the router, for example http://123.2099.130.249:8080 Note: You cann find the router’s WAAN IP address by clicking on the “Status” mmenu. The WWAN IPP field in the WWAN Connection Status seection shows the routeer’s WAN IP address. 2. Enter the ussername and passwoord to login to the rouuter and click Log in. Note: To perfoorm functions like Firm mware upgrade, deviice configuration bacckup and to restore and a reset the router too factory defaults, yoou must be logged in with the root manageer account. NetCComm Wireless Intelliggent M2M Router 98 www.netcommwirelless.com HTTPS key managem ment What is HTT TP Secure?? HTTP Secure or HTTPS iss the use of the HTTPP protocol over an SSSL/TLS protocol. It is used primarily to prootect against eavesdrropping of communiccation between a webb browser and the weeb t which it is connectted. This is especiallyy important when youu wish to have a secuure connection over a public network such as the internet. HTTTPS connections aree secured through thee use site to of ceertificates issued by ttrusted certificate autthorities such as VeriSign. When a web b rowser makes a connnection attempt to a secured web site, a ddigital certificate is sent to the browser soo that it can verify the authenticcity of the site using a built-in list of trustedd certificate authoritiees. Therre are two main differrences between how HTTPS and HTTP coonnections work: 1. HTTPS uses port 443 while HTTTP uses port 80 by deefault. 2. Over an HTTTPS connection, all data d sent and received is encrypted with SSL while over an HTTP connection, all data d is sent unencryppted. The encryption is achieveed through the use of o a pair of public andd private keys on bothh sides of the connecction. In cryptography, a key refers to a nuumerical value used by an algorithm to alter making the informatioon secure and visible only to those who haave the correspondinng key to recover (decrypt) the informationn. The public key is used u to encrypt inforrmation (encrypt it), m inforrmation and can be ddistributed freely. Thee private key is used to decrypt informatioon and must be secreet by its owner. Eachh Intelligent M2M Rouuter contains a self-ssigned digital certificaate which is identical on all Intelligent M2M M Routers. For a greaater level of security, the router also suppports generating yourr own unique key. Additionally, you may use third paarty software to geneerate your own self-siigned digital certificaate or purchase a signed certificate from a trusted certificate authority and then upload those certificates to the rrouter. Ge enerating your own self-signe ed certificaate To generate your own seelf-signed certificate: 1. Click the Syystem item from the top t menu bar, then Administration from thhe side menu bar andd then HTTPS key management. 2. Enter the ceertificate details using the appropriate fields. Each field must bbe completed in ordeer to generate a certificate. Figure 97 - Ge Generate self signed HTTTPS certificate Note: The CCountry field must conntain a code for the desired country from the list below. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 99 CODE COUNTRY COUNTRY CODE COUNTRY CODE COUNTRY AX Åland Islands ER Eritrea LS Lesotho SA Saudi Arabia AD Andorra ES Spain LT Lithuania SB Solomon Islands AE United Arab Emirates ET Ethiopia LU Luxembourg SC Seychelles AF Afghanistan FI Finland LV Latvia SE Sweden AG Antigua and Barbuda FJ Fiji LY Libya SG Singapore AI Anguilla FK Falkland Islands (Malvinas) MA Morocco SH St. Helena AL Albania FM Micronesia MC Monaco SI Slovenia AM Armenia FO Faroe Islands MD Moldova SJ Svalbard and Jan Mayen Islands AN Netherlands Antilles FR France ME Montenegro SK Slovak Republic AO Angola FX France, Metropolitan MG Madagascar SL Sierra Leone AQ Antarctica GA Gabon MH Marshall Islands SM San Marino AR Argentina GB Great Britain (UK) MK Macedonia SN Senegal AS American Samoa GD Grenada ML Mali SR Suriname AT Austria GE Georgia MM Myanmar ST Sao Tome and Principe AU Australia GF French Guiana MN Mongolia SU USSR (former) AW Aruba GG Guernsey MO Macau SV El Salvador AZ Azerbaijan GH Ghana MP Northern Mariana Islands SZ Swaziland BA Bosnia and Herzegovina GI Gibraltar MQ Martinique TC Turks and Caicos Islands BB Barbados GL Greenland MR Mauritania TD Chad BD Bangladesh GM Gambia MS Montserrat TF French Southern Territories BE Belgium GN Guinea MT Malta TG Togo BF Burkina Faso GP Guadeloupe MU Mauritius TH Thailand BG Bulgaria GQ Equatorial Guinea MV Maldives TJ Tajikistan BH Bahrain GR Greece MW Malawi TK Tokelau BI Burundi GS S. Georgia and S. Sandwich Isls. MX Mexico TM Turkmenistan BJ Benin GT Guatemala MY Malaysia TN Tunisia BM Bermuda GU Guam MZ Mozambique TO Tonga BN Brunei Darussalam GW Guinea-Bissau NA Namibia TP East Timor BO Bolivia GY Guyana NC New Caledonia TR Turkey BR Brazil HK Hong Kong NE Niger TT Trinidad and Tobago BS Bahamas HM Heard and McDonald Islands NF Norfolk Island TV Tuvalu BT Bhutan HN Honduras NG Nigeria TW Taiwan BV Bouvet Island HR Croatia (Hrvatska) NI Nicaragua TZ Tanzania BW Botswana HT Haiti NL Netherlands UA Ukraine BZ Belize HU Hungary NO Norway UG Uganda CA Canada ID Indonesia NP Nepal UM US Minor Outlying Islands CC Cocos (Keeling) Islands IE Ireland NR Nauru US United States CF Central African Republic IL Israel NT Neutral Zone UY Uruguay CH Switzerland IM Isle of Man NU Niue UZ Uzbekistan CI Cote D'Ivoire (Ivory Coast) IN India NZ New Zealand (Aotearoa) VA Vatican City State (Holy See) CK Cook Islands IO British Indian Ocean Territory OM Oman VC Saint Vincent and the Grenadines CL Chile IS Iceland PA Panama VE Venezuela CM Cameroon IT Italy PE Peru VG Virgin Islands (British) CN China JE Jersey PF French Polynesia VI Virgin Islands (U.S.) CO Colombia JM Jamaica PG Papua New Guinea VN Viet Nam CR Costa Rica JO Jordan PH Philippines VU Vanuatu CS Czechoslovakia (former) JP Japan PK Pakistan WF Wallis and Futuna Islands CV Cape Verde KE Kenya PL Poland WS Samoa CX Christmas Island KG Kyrgyzstan PM St. Pierre and Miquelon YE Yemen CY Cyprus KH Cambodia PN Pitcairn YT Mayotte CZ Czech Republic KI Kiribati PR Puerto Rico ZA South Africa DE Germany KM Comoros PS Palestinian Territory ZM Zambia DJ Djibouti KN Saint Kitts and Nevis PT Portugal COM US Commercial DK Denmark KR Korea (South) PW Palau EDU US Educational DM Dominica KW Kuwait PY Paraguay GOV US Government DO Dominican Republic KY Cayman Islands QA Qatar INT International DZ Algeria KZ Kazakhstan RE Reunion MIL US Military EC Ecuador LA Laos RO Romania NET Network EE Estonia LC Saint Lucia RS Serbia ORG Non-Profit Organization EG Egypt LI Liechtenstein RU Russian Federation ARPA Old style Arpanet EH Western Sahara LK Sri Lanka RW Rwanda NetComm Wireless Intelligent M2M Router 100 CODE www.netcommwireless.com www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 101 3. When you have entered all the required details, press the Generate button. The certificate takes several minutes to generate. When the certificate has been generated, you are informed that it has been successfully generated and installed. The web server on the router restarts and you are logged out of the router. Click OK to be taken back to the login screen. Figure 98 - New certificate successfully generated message NetComm Wireless Intelligent M2M Router 102 www.netcommwireless.com SS SH Key y Manag gemen nt Secuure Shell (SSH) is UNNIX-based command interface and network protocol used to ggain secure access too a remote computer, execute commandss on a remote machinne or to transfer files betwween machines. It waas designed as a replacement for Telnet and a other insecure reemote shell protocols which send informattion, including passwwords, as plain text. SSH uses RSA public keyy cryptography for booth connection and authentication. Two ccommon ways of usinng SSH are: word authentication too log on. Use aautomatically generatted public-private keyy pairs to encrypt thee network connectionn and then use passw p to perform the auuthentication and alloow users or programss to log in without usinng a password. Use a manually generatedd public-private key pair Figure 999 - SSH Server Confifiguration SS SH Server C Configura ation To configure the SSH serrver settings: 1. Use the SSH Protocol drop dowwn list to select the prrotocol that you want to use. Protocol 2 is more recent and is considered more seccure. 2. Select the ttypes of authenticatioon you want to use byy clicking the Enablee password authentication and Enable keyy authentication togggle keys on or off. Notte that you may have both authenticattion methods on but you y may not turn them m both off. 3. Click the Saave button to confirm m your settings. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 103 Host key management SSH keys provide a means of identification using public key cryptography and challenge response authentication. This means that a secure connection can be established without transmitting a password, thereby greatly reducing the threat of someone eavesdropping and guessing the correct credentials. SSH Keys always come in pairs with one being a public key and the other a private key. The public key may be shared with any server to which you want to connect. When a connection request is made, the server uses the public key to encrypt a challenge (a coded message) to which the correct response must be given. Only the private key can decrypt this challenge and produce the correct response. For this reason, the private key should not be shared with those who you do not wish to give authorization. The Host key management section displays the current public keys on the router and their date and timestamp. These public keys are provided in different formats, including DSA, RSA and ECDSA. Each format has advantages and disadvantages in terms of signature generation speed, validation speed and encryption/decryption speed. There are also compatibility concerns to consider with older clients when using ECDSA, for example. Generating new keys The complete set of keys can be re-generated by selecting the Generate keys button. This key generation process takes approximately 30 seconds to complete. Downloading keys The Get keys button allows you to download the complete set of public and private keys while the Get public keys button will download only the set of public keys. Uploading your own key files Click the Upload keys button to upload your own public key to the router. Client key management The Client Key Management section is used for uploading the public key file of clients. To upload a client public key, click the Upload button, browse to the file and click Open. When the file is uploaded, it is examined for validity. If the key file is not a valid public key, it will not be uploaded. NetComm Wireless Intelligent M2M Router 104 www.netcommwireless.com LE ED operatiion mode The 7 front LED indicatorrs may be turned off after a a timeout periodd for aesthetic or powwer saving reasons. To T access the LED Operation Mode pagee, click the System menu, then Administraation on thhe left and finally seleect LED Operation Mode. Figure re 100 - LED Operationn Mode m of the LEDs on the front panel of thee router. To set the ligghts to operate at all times, set this to Alwa ways on. To set the lights to turn off after a The Mode drop down listt sets the operation mode speccified period, select TTurn off after timeoutt. When configured too turn off after timeouut, use the LED poweer off timer field to specify the time in minuutes to wait before turning off the LED indiccators. The LED Poweer Off Timer must be an integer between 1 and 65535. W the wait period expires, the LEDs wiill turn off. If the routeer is rebooted, the LEED power off timer is reset. The router will boot The wait period begins frrom the time the Savee button is clicked. When a wait for the configgured time before turrning off again. up and www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 105 Re eboot The reboot option in the SSystem section perfoorms a soft reboot of the router. This can bbe useful if you have made configuration changes you want too implement. To reeboot the router: 1. Click the Syystem menu item from m the top menu bar. 2. Click the Reboot button from thee menu on the left sidde of the screen. Figure re 101 - Reboot menuu option 3. The router ddisplays a warning thhat you are about to perform a reboot. If yyou wish to proceed, click the Reboot button then click OK on the confirmation winndow which appears. Figure re 102 - Reboot confirrmation Note: It can take up to 2 minutess for the router to reboot. Lo ogging outt To loog out of the router, cclick the icon at the top right corner of o the web user interfface. NetCComm Wireless Intelliggent M2M Router 106 www.netcommwirelless.com App A pend dix A: T Tables Tabble 1 - Document Revision History ............................ .......................................................................................................................................................................... 3 Tabble 2 - Device Dim mensions ................................................................................................................................................................................................................... 8 Tabble 3 - LED Indicaators........................................................................................................................................................................................................................... 9 Tabble 4 - Signal strength LED descripptions .......................................................................................................................................................................................... 10 Tabble 5 – Interfaces ................................................................................................................................................................................................................................ 11 Tabble 6 - PoE powerr classes .................................................................................................................................................................................................................. 17 Tabble 7 - Locking poower block pin ouuts ................................................................................................................................................................................................ 18 Tabble 8 - Average poower consumptioon figures..................................................................................................................................................................................... 18 Tabble 9 - Managemeent account login details ....................................................................................................................................................................................... 19 Tabble 10 - Status page item details ....................................................................................................................................................................................................... 22 Tabble 11 - Data connnection item detaails ............................................................................................................................................................................................... 24 Tabble 12 - Connect oon demand - Connnect and disconnect timers desc riptions ................................................................................................................................ 29 Tabble 13 - Current M MAC / IP / Port filteering rules in effect ..................................................................................................................................................................... 49 Tabble 14 - IPSec Configuration Items ................................................................................................................................................................................................... 53 Tabble 15 - SMS Setuup Settings .............................................................................................................................................................................................................. 75 Tabble 16 - Inbox/Outtbox icons ............................................................................................................................................................................................................... 77 Tabble 17 - SMS Diaggnostic Commandd Syntax ...................................................................................................................................................................................... 82 Tabble 18 - List of Vallid SMS diagnostic commands ............................................................................................................................................................................. 84 Tabble 19 - List of SM MS diagnostics vaariables ........................................................................................................................................................................................ 85 Tabble 22 - SMS diaggnostics example commands ................................................................................................................................................................................ 87 Tabble 23 - System loog detail levels ........................................................................................................................................................................................................ 90 Tabble 24 - Administrration configuratioon options ................................................................................................................................................................................... 98 Tabble 25 - LAN Manaagement Default Settings ................................................................................................................................................................................... 110 Tabble 26 - Web Interrface Default Setttings .......................................................................................................................................................................................... 110 Tabble 27 - Telnet Access...................................................................................................................................................................................................................... 110 Tabble 28 - RJ-45 connnector pin outs .................................................................................................................................................................................................... 115 www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 107 Appendix B: Device Mounting Dimensions The image below is at 100% scale and may be used as a template for mounting the device. All dimensions shown are in millimetres. Figure 103 - Device mounting dimensions NetComm Wireless Intelligent M2M Router 108 www.netcommwireless.com App A pend dix C: M Mou unting Brac B ckett The image below is at 1000% scale and may be b used as a templatee for mounting the brracket. All dimensionns shown are in millim metres. Figuure 104 - Mounting brracket www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 109 App A pend dix D: D Defa aultt Settting gs The following tables list thhe default settings foor the Intelligent M2M M Router. LAN (MANAGEMENTT) Static IP Address: 192.168.1.1 Subneet Mask: 255.255.255.0 Default Gateway: 192.168.1.1 Table 24 - LLAN Management Deffault Settings ADMIN MANAGER ACCOOUNT ROOT MANAGER ACC COUNT Username: admiin Usernaame: root Password: admiin Passwword: admin Table 255 - Web Interface Defauult Settings Note: Thee admin manager acccount allows you to manage all settings off the router except fuunctions such as firmw ware upgrade, devicce configuration backkup and restore and reset to factory default settings, which are privileged only to the root manageer account. INTELLIGENTT M2M ROUTER TELLNET ACCESS Username: root Password: admin TTable 26 - Telnet Acceess NetCComm Wireless Intelliggent M2M Router 110 www.netcommwirelless.com Restorin ng facto ory deffault settings Resttoring factory defaultss will reset the Intelliggent M2M Router to its factory default connfiguration. You may encounter a situationn where you need to restore the factory deefaults on your Intelligent M2M M Router such as: You have lost your username and password annd are unable to loginn to the web configurration page; You aare asked to perform a factory reset by support staff. Therre are two methods yyou can use to restoree factory default settings on your Intellige nt M2M Router: Usingg the web-based userr interface t interface panel of the router Usingg the reset button on the Ussing the we eb-based user interrface To reestore your router to its factory default setttings, please follow these steps: 1. Open a broowser window and naavigate to the IP addrress of the router (deefault address is http:://192.168.1.1). Loginn to the router using r root as the User Name and admin n as the passwoord. 2. Click the System item from the top menu bar, then System configuration on the left menu andd then click Settings backup and restore. 3. Under the RRestore factory defauults section, click thee Restore Defaults buutton. The router askss you to confirm that you y wish to restore faactory defaults. Clickk OK to continue. Thee router sets all settings to defaultt. Click OK again to reboot the router. 4. When the PPower light returns to a steady red, the resset is complete. The ddefault settings are now n restored. Ussing the re eset button n on the intterface paanel of the router Use a pen to depress thee Reset button on thee device for 15-20 seconds. The router wi ll restore the factory default settings and reboot. Wheen you have reset youur Intelligent M2M Roouter to its default setttings you will be ablee to access the devicce’s configuration web interface using httpp://192.168.1.1 with username admin or roo ot and password a admin. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 111 Recovery mode The Intelligent M2M Router features two independent operating systems, each with its own file systems. These two systems are referred to as 'Main' and 'Recovery'. It is always possible to use one in order to restore the other in the event that one system becomes damaged or corrupted (such as during a firmware upgrade failure). Both systems have Web interfaces that can be used to manipulate the other inactive system. The Intelligent M2M Router starts up by default in the Main system mode, however the router may be triggered to start in recovery mode if desired. To start the router in recovery mode: 1. Press and hold the physical reset button on the interface panel of the router for 5 to 15 seconds. When the LEDs on the front panel change to amber and countdown in a sequence, release the reset button. The router then boots into recovery mode. 2. In your browser, navigate to http://192.168.1.1. The router’s recovery mode is hardcoded to use this address regardless of the IP address that was configured in the main system. The router’s recovery console is displayed. Figure 105 - Recovery console The recovery console provides limited functionality. Basic status information is available, as well as access to the System log for troubleshooting. The Application Installer can be used to upload and install different firmware, allowing you to roll back to a previous firmware in the event that an upgrade fails. The Settings menu provides the ability to reset the router to factory default settings and the Reboot tab allows you to perform a soft reboot of the router. NetComm Wireless Intelligent M2M Router 112 www.netcommwireless.com App A pend dix E: H HTT TPS Uplo U oad ding g a self--sign ned cert c ifica ate If you have your own selff-signed certificate orr one purchased elseewhere and signed bby a Certificate Authority, you can upload it to the Intelligent M22M Router using the Upload page. Note: Your keey and certificate filees must be named server.key and server.ccrt respectively otherrwise they will not work. To upload your certificatee: 1. Click on thee System item from thhe top menu bar. Froom the side menu barr, select System Connfiguration and then Upload. The file uploaad screen is displayeed. Fi Figure 106 - Upload paage 2. Click the Choose a File button and a locate your serveer certificate file and click Open. Figure re 107 - Browse for seerver.crt www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 113 3. Click the Upload button to begin uploading it to the router. The file appears in the list of files stored on the router. Figure 108 - Server certificate file uploaded 4. Repeat steps 2 and 3 for the server key file. 5. Click the Install link next to the server.crt file then click OK on the prompt that is displayed. The certificate file is installed. Repeat this for the key file. When each file is installed it is removed from the list of stored files. Figure 109 - Installing the server.crt file NetComm Wireless Intelligent M2M Router 114 www.netcommwireless.com App A pend dix F: R RJ-45 5 co onnecto or The RJ-45 connector proovides an interface foor a data connection and a for device input power using the pin layout shown below. Pin: Figure re 110 -The RJ-45 connnector PIIN COLOUUR SIGNAAL (802.3AF MODE A) SIGNAAL (802.3AF MODE BB) White/Oraange stripee Rx + Rx + DC + Orange Solid Rx - Rx - DC + White/Greenn stripe Tx + Tx + DC - Blue solid DC + unused White/Blue stripe DC + unused Green soolid Tx - Tx - DC - White/Brownn stripe DC - unused Brown soolid DC - unused Taable 27 - RJ-45 connec ector pin outs www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 115 Safety and product care RF Exposure Your device contains a transmitter and a receiver. When it is on, it receives and transmits RF energy. When you communicate with your device, the system handling your connection controls the power level at which your device transmits. This device meets the government’s requirements for exposure to radio waves. This device is designed and manufactured not to exceed the emission limits for exposure to radio frequency (RF) energy set by the Federal Communications Commission of the U.S. Government. This device complies with FCC radiation exposure limits set forth for an uncontrolled environment. To ensure compliance with RF exposure guidelines the device must be used with a minimum of 20cm separation from the body. Failure to observe these instructions could result in your RF exposure exceeding the relevant guideline limits. External antenna Any optional external antenna used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operated in conjunction with any other antenna or transmitter. Please consult the health and safety guide of the chosen antenna for specific body separation guidelines as a greater distance of separation may be required for high-gain antennas. Any external antenna gain must meet RF exposure and maximum radiated output power limits of the applicable rule section. The maximum antenna gain for this device as reported to the FCC is: 0.2 dBi (850MHz) and 2.7 dBi (1900MHz). CE Approval This device has been tested to and conforms to the regulatory requirements of the European Union and attained CE Marking. The CE Mark is a conformity marking consisting of the letters “CE.” The CE Mark applies to the products regulated by the central European health, safety and environmental protection legislation. The CE Mark is obligatory for products it applies to: the manufacturer affixes the marking in order to be allowed to sell their product in the European market. The wireless device is approved to be used in the member states of the EU. NetComm Wireless declares that the wireless device is in compliance with the essential requirements and other relevant provisions of the Radio and Telecommunications Terminal Equipment Directive 1999/5/EC (R&TTE Directive). Compliance with this directive implies conformity to the following European Norms – N 60950 – Product Safety, EN 301 489 EMC, EN301511 GSM RF, EN301908 UMTS RF, EN 62311 SAR Technical requirement for radio equipment. A notified body has determined that this device has properly demonstrated that the requirements of the directive have been met and has issued a favourable certificate of expert opinion. As such the device will bear the notified body number 0682 after the CE mark. The CE Marking is not a quality mark. Foremost, it refers to the safety rather than to the quality of the product. Secondly, CE Marking is mandatory for the product it applies to whereas most quality markings are voluntary. Marking: The product shall bear the CE mark, the notified body number(s) as depicted to the right. CE0682. This product has also passed the following certification standards – CE SAR- EN62311/EN50385 CE RF – EN301511, EN301908-1/-2, CE EMC – EN301489-1/-7/-24, EN55022/EN55024 CE Safety – EN60950 NOTE: It is highly recommended that the device must be kept at least 20cm away from the human body. This is a regulatory requirement and applies to all 3G capable devices meeting standard regulatory compliance such as the compliance standards listed above. NetComm Wireless Intelligent M2M Router 116 www.netcommwireless.com FC CC Sta atement FC CC compliiance Fedeeral Communicationss Commission Notice (United States): Befoore a wireless devicee model is available for f sale to the public, it must be tested andd certified to the FCCC that it does not excceed the limit established by thhe government-adoppted requirement for safe s exposure. FC CC regulattions § 155.19 (a)(3) This device complies withh part 15 of the FCC Rules. Operation is subject to the followinng two conditions: (1) This device may noot cause harmful interrference, and (2) thiss device must acceptt any interrference received, inccluding interference that t may cause undeesired operation. § 155.21 Changes or modificationss not expressly approoved by the party ressponsible for compliaance could void the user‘s authority to operate the equipment.. ******************************************************************************************************************************** § 155.105 (b) This equipment has beenn tested and found too comply with the limits for a Class B digittal device, pursuant to t part 15 of the FCC Rules. These limits aare designed to provide reasonable proteection against harmful interferennce in a residential innstallation. This equippment generates, usees and can radiate raadio frequency energgy and, if not installedd and used in accorddance with the instrucctions, munications. Howeveer, there is no guaranntee that interferencee will not occur in a paarticular installation. IIf this equipment doees cause harmful may cause harmful interfference to radio comm interrference to radio or teelevision reception, which w can be determined by turning the e quipment off and on, the user is encouragged to try to correct tthe interference by one or more of the followwing measures: —Reeorient or relocate thee receiving antenna. —Inccrease the separation between the equippment and receiver. —Coonnect the equipmennt into an outlet on a circuit different from that to which the receeiver is connected. —Coonsult the dealer or aan experienced radioo/TV technician for heelp. RF Exposure Infformation (MP PE) This equipment compliess with radio frequency (RF) exposure limitts adopted by the Fedderal Communicationns Commission for ann uncontrolled enviroonment. This equipmeent should be installeed and operated with minimum distance 20 cm between the radiator & your body. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 117 IC Regulations: RSS-Gen 7.1.3 This device complies with Industry Canada license-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device. Le présent appareil est conforme aux CNR d'Industrie Canada applicables aux appareils radio exempts de licence. L'exploitation est autorisée aux deux conditions suivantes: (1) l'appareil ne doit pas produire de brouillage, et (2) l'utilisateur de l'appareil doit accepter tout brouillage radioélectrique subi, même si le brouillage est susceptible d'en compromettre le fonctionnement." **************************************************************************************************************************** ICES-003 CAN ICES-3(B)/ NMB-3(B) **************************************************************************************************************************** RSS-Gen 7.1.2 This radio transmitter has been approved by Industry Canada to operate with the antenna types listed below with the maximum permissible gain and required antenna impedance for each antenna type indicated. Antenna types not included in this list, having a gain greater than the maximum gain indicated for that type, are strictly prohibited for use with this device. Antenna types: Dipole Antenna gain: 850MHz: 0.2dBi; 1900MHz: 2.7dBi **************************************************************************************************************************** IC RF Exposure Statement (MPE) This equipment complies with IC RSS-102 RF exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20 cm between the radiator & your body. NetComm Wireless Intelligent M2M Router 118 www.netcommwireless.com Electrica al safetty Ac ccessoriess Onlyy use approved acceessories. Do not n connect with incoompatible products or accessories. Co onnection to a car Seekk professional advicee when connecting a device interface to thhe vehicle electrical ssystem. Distracti ion Op perating m machinery Full attention must be givven to operating the machinery in order too reduce the risk of ann accident. Prroduct handliing You alone are responsiblle for how you use yoour device and any consequences of its uuse. You must always switch ooff your device whereever the use of a mobbile phone is prohibitted. Do not use the device without the clipp-on covers attachedd, and do not removee or change the covers whilee using the device. UUse of your device is subject to safety meaasures designed to pprotect users and theeir environment. Alwaays treat your device and its accessories with care and keep it in a clean and dustt-free place. Do not n expose your devicce or its accessories to open flames or lit tobacco products. Do not n expose your devicce or its accessories to liquid, moisture or high humidity. Do not n drop, throw or try to bend your device or its accessories. Do not n use harsh chemiccals, cleaning solventts, or aerosols to cleaan the device or its a ccessories. Do not n paint your device or its accessories. Do not n attempt to disasseemble your device orr its accessories, onlyy authorised personnnel must do so. Do not n use or install this pproduct in extremelyy hot or cold areas. Ennsure that the devicee is installed in an areea where the temperaature is within the suppported operating temperature range (-200°C to 65°CC) Do not n use your device inn an enclosed enviroonment or where heatt dissipation is poor. Prolonged use in succh space may cause excessive heat and raise ambient tempeerature, which will leaad to automatic shutdown of yoour device or the discconnection of the moobile network connecction for your safety. To T use your device normally again after suuch shutdown, cool it in a well-ventilated place befoore turning it on. Please check local regulaations for disposal off electronic products. Do not n operate the devicce where ventilation iss restricted Instaallation and configuraation should be perfoormed by trained perssonnel only. Do not n use or install this pproduct near water too avoid fire or shock hazard. Avoid expossing the equipment too rain or damp areas. Arrange power and Etherrnet cables in a manner such that they are not likely to be steppped on or have item ms placed on them. Ensuure that the voltage aand rated current of thhe power source mattch the requirementss of the device. Do noot connect the devicee to an inappropriate power source. Sm mall childrren Do not n leave your devicee and its accessories within the reach of small children or alloww them to play with it.. Theyy could hurt themselvves or others, or could accidentally damage the device. Yourr device contains small parts with sharp edges that may causee an injury or which ccould become detachhed and create a chooking hazard. www.netcommwireless.com NetComm Wireeless Intelligent M2M Router 119 Emergency situations This device, like any wireless device, operates using radio signals, which cannot guarantee connection in all conditions. Therefore, you must never rely solely on any wireless device for emergency communications. Device heating Your device may become warm during normal use. Faulty and damaged products Do not attempt to disassemble the device or its accessories. Only qualified personnel must service or repair the device or its accessories. If your device or its accessories have been submerged in water punctured or subjected to a severe fall, do not use until they have been checked at an authorised service centre. Interference Care must be taken when using the device in close proximity to personal medical devices, such as pacemakers and hearing aids. Pacemakers Pacemaker manufacturers recommend that a minimum separation of 15cm be maintained between a device and a pacemaker to avoid potential interference with the pacemaker. Hearing aids People with hearing aids or other cochlear implants may experience interfering noises when using wireless devices or when one is nearby. The level of interference will depend on the type of hearing device and the distance from the interference source, increasing the separation between them may reduce the interference. You may also consult your hearing aid manufacturer to discuss alternatives. Medical devices Please consult your doctor and the device manufacturer to determine if operation of your device may interfere with the operation of your medical device. Hospitals Switch off your wireless device when requested to do so in hospitals, clinics or health care facilities. These requests are designed to prevent possible interference with sensitive medical equipment. Interference in cars Please note that because of possible interference to electronic equipment, some vehicle manufacturers forbid the use of devices in their vehicles unless an external antenna is included in the installation. Explosive environments Petrol stations and explosive atmospheres In locations with potentially explosive atmospheres, obey all posted signs to turn off wireless devices such as your device or other radio equipment. Areas with potentially explosive atmospheres include fuelling areas, below decks on boats, fuel or chemical transfer or storage facilities, areas where the air contains chemicals or particles, such as grain, dust, or metal powders. Blasting caps and areas Turn off your device or wireless device when in a blasting area or in areas posted turn off “two-way radios” or “electronic devices” to avoid interfering with blasting operations. NetComm Wireless Intelligent M2M Router 120 www.netcommwireless.com
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.6 Linearized : Yes Encryption : Standard V4.4 (128-bit) User Access : Print, Extract, Print high-res Author : Create Date : 2013:09:27 18:57:14+08:00 Modify Date : 2013:09:27 19:13:13+08:00 XMP Toolkit : Adobe XMP Core 4.2.1-c043 52.372728, 2009/01/18-15:08:04 Creator Tool : PScript5.dll Version 5.2.2 Metadata Date : 2013:09:27 19:13:13+08:00 Producer : Acrobat Distiller 9.0.0 (Windows) Format : application/pdf Creator : Title : Document ID : uuid:e50bc7e9-e059-4941-aabf-46f767a27d58 Instance ID : uuid:5c6bf126-5135-4841-8ef4-58c14db28649 Page Count : 120EXIF Metadata provided by EXIF.tools