NetComm Wireless NWL1201 3G LIGHT INDUSTRIAL M2M ROUTER User Manual
NetComm Wireless Limited 3G LIGHT INDUSTRIAL M2M ROUTER
User Manual
Usser Guiide NWL-12 2 Series – 3G Liight Ind dustriall M2M Routerr Copyright Copyright© 2013 NetCom mm Wireless Limited. All rights reserved. The information contained herein is proprietarry to NetComm Wireless. No part of this ddocument may be translated, transcribed, reproduced, in any fform, or by any means without prior writteen conssent of NetComm Wirreless. Note: This document is subject too change without nottice. Savee our environment Wheen this equipment hass reached the end off its useful life, it mustt be taken to a recyclling centre and proceessed separately from m domestic waste. The cardboard box, the pplastic contained in the packaging, and thhe parts that make upp this device can be recycled in accordance with regionally eestablished regulationns. Never dispose of this b subject to penaltiees or sanctions undeer the law. Instead, assk for disposal instrucctions from your munnicipal government. electronic equipment aloong with your househoold waste. You may be Please be responsible annd protect our environment. Thiis manual cov vers the follow wing productss: NetCComm Wireless NWL-12-01 NetCComm Wireless NWL-12-02 NetCComm Wireless 3G Ligght Industrial M2M Rouuter www.netcommwirelless.com DOCUMENT VVERSION DATE Initial documennt release Table 1 - Document Revisionn History Tabl T le of o Co onte entss Ove erview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Introduction .................................................................................................................................................................................................................................................................................................................................. 5 Target audience ........................................................................................................................................................................................................................................................................................................................... 5 Prerequisites ................................................................................................................................................................................................................................................................................................................................ 5 Notation ........................................................................................................................................................................................................................................................................................................................................ 5 Pro oduct int roducct ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Product overview ......................................................................................................................................................................................................................................................................................................................... 6 Package contents ........................................................................................................................................................................................................................................................................................................................ 6 Product features........................................................................................................................................................................................................................................................................................................................... 7 Phy ysical dimensiions and indiccat ors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Physical dimensionss ................................................................................................................................................................................................................................................................................................................... 8 LED indicators.............................................................................................................................................................................................................................................................................................................................. 9 Ethernet port LED indicators..................................................................................................................................................................................................................................................................................................... 10 Interfaces ................................................................................................................................................................................................................................................................................................................................... 11 Pla acement of t he e rout er . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Mounting options ....................................................................................................................................................................................................................................................................................................................... 12 Inst allat ion and conf igurat ion of t he 3G Lig ght Indust rial M M2M rout er . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Powering the router .................................................................................................................................................................................................................................................................................................................... 18 Power consumption .................................................................................................................................................................................................................................................................................................................. 19 Installing the router .................................................................................................................................................................................................................................................................................................................... 19 Adv vanced conf ig gurat ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 St at a us . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Int ernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Data Connection ........................................................................................................................................................................................................................................................................................................................ 24 Connect on Demandd ................................................................................................................................................................................................................................................................................................................. 28 Operator Settings ....................................................................................................................................................................................................................................................................................................................... 32 SIM security settingss ................................................................................................................................................................................................................................................................................................................. 33 LAN ............................................................................................................................................................................................................................................................................................................................................ 37 Routing ....................................................................................................................................................................................................................................................................................................................................... 41 VPN ............................................................................................................................................................................................................................................................................................................................................ 51 Serrvices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Dynamic DNS............................................................................................................................................................................................................................................................................................................................. 65 Network time (NTP) .................................................................................................................................................................................................................................................................................................................... 66 Data stream manageer ............................................................................................................................................................................................................................................................................................................... 67 Watchdogs ................................................................................................................................................................................................................................................................................................................................. 69 SNMP ......................................................................................................................................................................................................................................................................................................................................... 72 TR-069 ........................................................................................................................................................................................................................................................................................................................................ 74 GPS ............................................................................................................................................................................................................................................................................................................................................ 75 SMS messaging ......................................................................................................................................................................................................................................................................................................................... 78 Diagnostics ................................................................................................................................................................................................................................................................................................................................ 82 Sending an SMS Diaagnostic Command ................................................................................................................................................................................................................................................................................... 85 Sys st em . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Log ............................................................................................................................................................................................................................................................................................................................................. 92 System Configuratioon ................................................................................................................................................................................................................................................................................................................ 96 ment ........................................................................................................................................................................................................................................................................................................ 103 HTTPS key managem SSH Key Managemeent............................................................................................................................................................................................................................................................................................................ 107 App pendix App pendix App pendix App pendix A: B: C: D: Tab bles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Devvice Mount ing Dimensions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Mou unt ing Brackett . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Deff ault Set t ings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Restoring factory deefault settings ........................................................................................................................................................................................................................................................................................... 116 Recovery mode ........................................................................................................................................................................................................................................................................................................................ 117 App pendix E: HTT TPS - Uploadin ng a self -signe ed cert if icat e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 App pendix F: RJ-4 45 connect or . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Saff et y and produ uct care . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router NetComm Wireless 3G Light Industrial M2M Router www.netcommwireless.com Ove O ervie ew In ntroduc ction This document provides you all the informatioon you need to set upp, configure and use the NetComm Wireleess NWL-12 3G Light Industrial M2M Routter. Ta arget a audienc ce This document is intendeed for system integrators or experienced hardware installers wwho understand teleccommunications terminology and conceptts. Prrerequ uisites Befoore continuing with the installation of your 3G Light Industrial M2M M Router, please cconfirm that have the following: A devvice with a working Etthernet network adappter. A webb browser such as Internet Explorer, Mozilla Firefox or Google Chrome. A flathhead screwdriver if field terminated power is required. Notation The following symbols arre used in this user guide: The followingg note requires attenntion. The followinng note provides a warning. The followinng note provides usefful information. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router Product introduction Product overview Penta-band 3G with quad-band 2G auto-fallback HSPA+ up to 14.4 Mbps DL Ethernet port with full passive Power over Ethernet (PoE) support (802.3af) (NWL-12-01 only) RS232/RS422/RS485 Port and USB 2.0 OTG port Integrated ZigBee multipoint mesh wireless networking (NWL-12-01 only) Built in GPS supporting an active or passive GPS Antenna via external SMA connector Three multi-purpose I/O ports One dedicated ignition input Internal diversity antennas with option for external main antenna (autosensing) Intelligent, Tri-Colour LED display for clear, easy to read modem status information Extensive device management with support for TR-069, Web GUI and full feature management with SMS Flexible mounting suitable for in-home use or industrial applications with built-in wall mount and DIN rail mounting options Package contents The NetComm Wireless 3G Light Industrial M2M Router package consists of: 1 x 3G Light Industrial M2M Router 2 x 3G antennas 1 x 1.5m yellow Ethernet cable 8P8C 1 x DIN rail mounting bracket 1 x six-way terminal block 1 x quick start guide and safety manual If any of these items are missing or damaged, please contact NetComm Wireless Support immediately. The NetComm Wireless Support website can be found at: http://support.netcommwireless.com. NetComm Wireless 3G Light Industrial M2M Router www.netcommwireless.com Prroduct feature es The NetComm Wireless NNWL-12 3G Light Inddustrial M2M Router iss an M2M device dessigned by NetComm Wireless to address the rapid growth in MM2M deployments. Itt has been designed to t 3G Light Industriaal M2M Router can bbe managed remotelyy even when it does not provvide state-of-the-art feeatures and versatilityy at an affordable price. Compatible with network worldwide, the havee an Internet connecttion via the use of SM MS diagnostics and commands. The 3G Light Industrial M M2M Router includes many features such as Dial on Demand wwhich provides a means to seamlessly coonnect or disconnectt the mobile broadband connection to consserve usage; TR-069 support for easy maanagement of a groupp of 3G Light Industri al M2M routers; and the ability to functionn as an SSH server too secure communications. Additionally, thhe openn management system allows you to expaand the feature set byy producing your owwn custom software appplications. The NetComm Wireless 33G Light Industrial M2M Router meets thee global demand for a reliable and cost-efffective M2M device that successfully catters to mass deploym ment across businessses. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router Phys P sica al diime ensio onss and indicato ors Ph hysicall dimen nsions Beloow is a list of the physsical dimensions of thhe 3G Light Industrial M2M Router. Figure 1 – 3G Lig ight Industrial M2M Router Dimensions 3G LIGHHT INDUSTRIAL M2M M ROUTER (WITHOUT EXXTERNAL ANTENNAAS ATTACHED) Length 140 mm Depth 103 mm Height 30 mm Weight Tabble 2 - Device Dimenssions NetCComm Wireless 3G Ligght Industrial M2M Rouuter www.netcommwirelless.com LE ED ind dicatorss The 3G Light Industrial M M2M Router uses 7 LEEDs to display the cuurrent system and co nnection status. Figure 2 - 3G Ligh ght Industrial M2M Rouuter LED Indicators LEED ICON NAME Power COLOUR STATE DESCRIPTIOON Off Power off Double fflash Powering up On Power on On Power on in recoverry mode Slow flasshing Hardware error On Connected via WWA AN Blinking Traffic via WWAN Slow flasshing Connecting PDP On Registered network Slow flasshing Registering network Slow flasshing SIM PIN locked Fast flasshing SIM PUK locked On Can’t connect On 3G On 2G GPRS On GSM only (no GPRSS) Networrk Signal strength TTable 3 - LED Indicatoors Thee term “blinking” meanss that the LED may pulse, with the intervals thatt the LED is on and off nnot being equal. The term “flashing” means thaat the LED turns on andd off at equal intervals. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M RRouter Signal strength LEDs The following table lists the signal strength range corresponding with the number of lit signal strength LEDs. NUMBER OF LIT LEDS SIGNAL STRENGTH All LEDs unlit < -109 dBm -109 dBm to -101dBm -101 dBm to -91 dBm -91 dBm to -85 dBm -85 dBm to -77 dBm > -77 dBm Table 4 - Signal strength LED descriptions LED update interval The signal strength LEDs update within a few seconds with a rolling average signal strength reading. When selecting a location for the router or connected or positioning an external antenna, please allow up to 20 seconds for the signal strength LEDs to update before repositioning. Ethernet port LED indicators The Ethernet port of the 3G Light Industrial M2M Router has two LED indicators on it. Figure 3 - Ethernet port LED indicators The table below describes the statuses of each light and their meanings. LED STATUS DESCRIPTION On There is a valid network link. Blinking There is activity on the network link. On The Ethernet port is operating at a speed of 100Mbps. Off The Ethernet port is operating at a speed of 10Mbps or no Ethernet cable is connected. Green Amber Table 5 - Ethernet port LED indicators description NetComm Wireless 3G Light Industrial M2M Router 10 www.netcommwireless.com In nterface es The following interfaces aare available on the 3G 3 Light Industrial M2M Router: Figure 4 - Interfacess ITEM DESCRIPTION Main anttenna socket SMA female connector for main antenna. Auxiliaryy antenna socket SMA female connector for auxiliary antenna. GPS anteenna socket SMA female connector for GPS antenna. Six-way terminal block connector Connect power sourrce, ignition and I/O wires hhere. Power, ignition and I//O wires may be terminatedd on optional terminal blockk and connected to DC inpput jack. Refer to the diagram m and table on under Step 3 of the Installing your device section for correct wirinng of the terminal block. Opperates in the 8-40V DC range. Press and hold for leess than 5 seconds to rebooot to normal mode. Reset buutton Press and hold for 5 to 15 seconds to reboot too recovery mode. Press and hold for 15 to 20 seconds to reset thhe router to factory default settings. SIM cardd slot Insert SIM card heree. RJ45 PoE Ethernet port Connect one or seveeral devices via a network sswitch here. This port can also optionally receive Pow wer over Ethernet (802.3af PoE) in which case the DC C power supply can serve as a backup power source iff required (PoE available onn NWL-12-01 only). Mini USBB 2.0 OTG port Provides connectivity for optional external storaage or a USB Ethernet donngle. Supplies up to 0.5A too connected device. Serial poort Female DB9 port supporting 9-wire RS-232, RSS-485 or RS-422 (software selectable). Table 6 – Interfacess www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 11 Plac P cem ment of tthe rou uter The two external high-peerformance antennas supplied with the rouuter are designed to provide optimum siggnal strength in a wide range of environmeents. If you find the signal strength is weaak, try a acceptable signall, try moving the routeer to a different placee or mounting it differrently. adjusting the orientation of the antennas. If yoou are unable to get an Note: When sselecting a location foor the router, allow att least 20 seconds foor the signal strength LEDs to update befoore trying a different llocation or connectinng an external antennna. Mountin ng optio ons The 3G Light Industrial M M2M router can be quuickly and easily mouunted in a variety of loocations. Mo ounted fla at against th he wall Wheen mounted flat againnst the wall, the 3G Liight Industrial M2M roouter has a slimline fform factor. Use apprropriately sized screw ws in the mounting hooles provided on the base of the unit. Figure 5 - W Wall mount - Flat agaainst the wall NetCComm Wireless 3G Ligght Industrial M2M Rouuter 12 www.netcommwirelless.com Pe erpendicullar to the wall If a large surface area is not available, there is the option of mounting the router perpeendicular to the wall. This T gives the router a small wall footprintt while remaining seccurely attached. Use apprropriately sized screwws in the mounting hooles provided on the back of the unit. Figure 6 - Waall mount - Perpendicu cular to the wall C Section DIIN Rail mo ount The 3G Light Industrial M M2M router easily sliddes onto a C Section DIN rail so that it is hhorizontally mounted. The DIN Rail mounting bracket is not reqquired for C Section DIN D rail mounting. Figuree 7 - C Section DIN raiil mount To mount m the unit on a C--Section DIN rail, slidde it on as illustrated below: Figure 8 - Mounting the unit onn a DIN rail www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 13 Mounting bracket The provided mounting bracket provides additional methods of mounting the 3G Light Industrial M2M router. To attach the mounting bracket, slide it onto the rear of the router as shown in the diagram below: Figure 9 - Sliding on the mounting bracket To remove the bracket, press the PUSH button and slide the router off the bracket: Figure 10 - Removing the mounting bracket NetComm Wireless 3G Light Industrial M2M Router 14 www.netcommwireless.com www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 15 Ussing the m mounting brracket for wall moun nting By first attaching the DINN rail bracket to the wall, w the 3G Light Induustrial M2M router caan be easily attachedd and removed from the bracket. Figure 11 – Wal all mount - Mounted via ia DIN rail bracket Ussing the m mounting brracket for Top hat D DIN rail mo ounting The 3G Light Industrial M M2M router may be veertically mounted to the t wall with the braccket by sliding the braacket onto a top hat DIN D rail Figure re 12 - Top hat DIN railil mount Alterrnatively, you can attaach it to the DIN Rail by using the V bendd in the bracket as illuustrated below: Figurre 13 - Attaching the m mounting bracket to the t DIN rail using the V bend NetCComm Wireless 3G Ligght Industrial M2M Rouuter 16 www.netcommwirelless.com De esk mountt In sittuations where wall m mounts and DIN rails are not required, youu can simply place thhe 3G Light Industrial M2M router on a deesk using its rubber feeet to prevent it from slipping. FFigure 14 - Desk mouunt www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 17 Installation and configuration of the 3G Light Industrial M2M router Powering the router The 3G Light Industrial M2M router can be powered in one of three ways: 1. Power over Ethernet (802.3af PoE) (available on the NWL-12-01 only) 2. DC power input via 6-pin connector (8-40V DC) 3. DC power input via field terminated power source (8-40V DC) The green power LED on the router lights up when a power source is connected. Power over Ethernet (802.3af PoE) (available on the NWL-12-01 only) Power over Ethernet (PoE) is a method of connecting network devices through Ethernet cable where power and data are passed along a single cable. This may be a desirable method of powering the device if PoE is available, or if it’s most convenient in the desired installation environment to only have a single cable running to the 3G Light Industrial M2M router. There are 5 power classes defined in the IEEE 802.3-2005 standard, of which the 3G Light Industrial M2M router is a class 3 device. CLASS CLASSIFICATION CURRENT POWER RANGE CLASS DESCRIPTION 26-30 mA 6.49 – 12.95 W Mid power Table 7 - PoE power classes To use PoE to power the 3G Light Industrial M2M router, simply connect your router to a PoE injector or PoE network switch using the bundled yellow Ethernet cable 8P8C. DC power via 6-pin connector The DC input jack can accept power from a separately sold DC power supply. Both a standard temperature range DC power supply and an extended temperature range DC power supply are available to purchase as accessories. To power the device via DC Power via the 6-pin connector, remove the attached green terminal block from your router and connect the external DC power supply to the router’s green DC power jack. DC power via field terminated power source If an existing 8-40V DC power supply is available, you can insert the wires into the supplied terminal block to power your router. Use a No. 3 flathead screwdriver to tighten the terminal block screws and secure the power wires, making sure the polarity of the wires are correctly matched, as illustrated below. Figure 15 - Locking Power Terminal Block NetComm Wireless 3G Light Industrial M2M Router 18 www.netcommwireless.com TERMINAL DESCRRIPTION Positive wire for powerr. Ground wire. Dedicated terminal for ignition detection. I/O Three terminals used foor input/output detection. (Please refer to the User Guuide). Table 8 - Locking power block ck pin outs Fa ailover pow wer suppo ort (NWL-1 12-01 only)) The 3G Light Industrial M M2M router includes support for connectioon of two power sourcces at the same timee. When a PoE Ethernet cable is connecteed and DC power is also a supplied to the DC will automatically switcch to source power frrom input jack of the router, thhe router will source power exclusively froom the PoE source. Inn the event that poweer from the PoE cablee is lost, the router wi D input jack, withouut affecting the routerr’s operation. When PoE P power is restoredd, the router automatically switches back to receive power fromm the PoE input source. the DC Viiewing pow wer source e informattion You can view the currentt power input mode inn the Advanced statuus section of the devi ce’s web user interfaace. This is useful for remotely monitoring the device. You can also use the Softwarre Deveelopment Kit to access this information for advanced purposes (e.g. configuring S MS alerts to inform you of the power statuus of the router). To view the router’s poweer source informationn, log in to the router and expand the Advaanced status box on the status page. Seee the Status section oof this manual for more information on the statuus page. Po ower c consum mption To assist with power consumption planning, the following table summarises average ppower consumption during the various states of the 3G Light Inndustrial M2M router under normal usage condditions. It’s important to note that this tablee serves as an indicaation only as the powwer consumed by the device is affected byy many variables inclluding signal strength, network type, and netwwork activity. Av verage pow wer consu umption fig gures STATE POWER CONSUMPPTION Powered on, idle and a connected to packet data 1.2W Powered on, connnected to packet dataa with average load 2.0W Powered on, connnected to packet dataa with heavy traffic 4.0W Peak power draw at maximum 3G moddule transmission powwer 5.0W Table 9 - Av Average power consum mption figures In nstallin ng the router Afterr you have mounted tthe router and conneected a power sourcee, follow these steps tto complete the instaallation process. 1. Connect eqquipment that requirees network access to the Ethernet port of yyour router. This mayy be your computer foor advanced configuuration purposes, or your y end equipment which requires daata access via the 3G G Light Industrial M2M M router. You can connnect one device dirrectly, or several devices using a network switch. If you’re using PoE as the power source, you need too connect any devicees via an available daata Ethernet port on your y PoE power sourrce (be it a PoE netwoork switch or PoE powwer injector). 2. Ensure the external power sourcce is switched on andd wait 2 minutes for yyour 3G Light Industrrial M2M router to staart up. To check the sstatus of your router, compare the LED indicators oon the device with thoose listed on page 8 of this guide. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 19 Adv A vanc ced con nfig gura ation The 3G Light Industrial M M2M Router comes with w preconfigured setttings that should sui t most customers. Foor advanced configurration, log in to the wweb-based user interfface of the router. To loog in to the web-baseed user interface routter: 1. Open a web browser (e.g. Internet Explorer, Firefox, Safari), type http://1 92.168.1.1 into the address bar and press Enter. The web-baased user interface log in screen is displayyed. Figure 16 – Log inn prompt for the web-bbased user interface 2. Enter the loogin username and password. If this is thee first time you are loggging in or you have not previously configgured the password ffor the “root” or “adm min” accounts, you caan use one of the default account details to log in. ADMIN MANAGER ACCOOUNT ROOT MANAGER ACCOUNT Username: addmin Useername: rooot Password: addmin Passsword: addmin Table 10 - M Management accountt login details Note: To acceess all features of thee router, you must use the root manager aaccount. For security reeasons, we highly recommend that you change the passwordds for the root and addmin accounts upon initial installation. Youu can do so by navigating to the System and then Administtration page. The Status page is displaayed when you log inn successfully. NetCComm Wireless 3G Ligght Industrial M2M Rouuter 20 www.netcommwirelless.com Statu S us The status page of the web interface providess system related information and is displaayed when you log in to the 3G Light Industrial M2M router maanagement console. The T status page showws System information, LAN details, Cellular connection status, Packeet data connection sttatus and Advanced status details. You can toggle the sectionns from view by clicking the buttoons to show or hide them. Extra status boxes will appear as addditional software feaatures are enabled (ee.g. VPN connectivityy). or Figgure 17 - The Status page www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 21 ITEM DEFINITION System information System up time The current uptime of the router. Board version The hardware version of the router. Serial Number The serial number of the router. Software The software version number running on the router. Model The type of phone module and the firmware version of the module. Firmware version The firmware revision of the phone module. IMEI The International Mobile Station Equipment Identity number used to uniquely identify a mobile device. LAN IP The IP address and subnet mask of the router. MAC Address The MAC address of the router. Ethernet Port Status Displays the current status of the Ethernet port and its operating speed. Cellular connection status SIM Status Displays the activation status of the router on the carrier network. Signal strength (dBm) The current signal strength measured in dBm Network registration status The status of the router’s registration for the current network. Operator selection The mode used to select an operator network. Current operator The current operator network in use. Roaming status The roaming status of the router. Allowed bands The bands to which the router may connect. Current band The current band being used by the router. Coverage The mobile equipment identifier (MEID) of the router, a unique code for identifying devices on a CDMA network. WWAN Connection Status Profile name The name of the active profile. Status The connection status of the active profile. Default profile Indicates whether the current profile in use is the default profile. WWAN IP The IP address assigned by the mobile broadband carrier network. DNS server The primary and secondary DNS servers for the WWAN connection. APN The Access Point Name currently in use. Connection uptime The length of time of the current mobile connection session. Advanced status Mobile country code The Mobile Country Code (MCC) of the router. Mobile network code The Mobile Network Code (MNC) of the router. Signal quality (Ec/N0) A measurement of the portion of the received signal that is usable. This is the signal strength minus the signal noise level. Received signal code power (RSCP) The power level of the signal on the current connection’s particular channel. Power input mode Displays whether power is currently being sourced from the PoE Ethernet port or from the DC input jack (PoE available on NWL-12-01 only) HSUPA category Displays the HSUPA category (1-9) for the current uplink HSDPA category Displays the HSDPA category (1-8) for the current downlink. SIM ICCID The Integrated Circuit Card Identifier of the SIM card used with the router, a unique number up to 19 digits in length. Primary scrambling code (PSC) The Primary scrambling code for the current signal. DC input voltage Displays the current voltage of the power input source provided via the DC Input jack Location area code (LAC) The ID of the cell tower grouping the current signal is broadcasting from. NetComm Wireless 3G Light Industrial M2M Router 22 www.netcommwireless.com IMSI The Internationaal mobile subscriber identitty is a unique identifier of thhe user of a cellular networrk. Cell ID A unique code that t identifies the base stattion from within the locationn area of the current mobilee network signal. Channel number (UARFCCN) The channel num mber of the current 3G/2G connection. Table 11 - Status page item m details www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M RRouter 23 Internet The Internet section provides configuration options for Wireless WAN, LAN, Routing and VPN connectivity. Data Connection The data connection page allows you to configure and enable/disable the connection profile. To access this page, click on the Networking menu, and under the Wireless WAN menu, select the Data Connection item. Figure 18 – Data connection settings NetComm Wireless 3G Light Industrial M2M Router 24 www.netcommwireless.com ITEM DEFINITION Data connection Transparent Bridge (PPPPoE) Toggles the trannsparent bridge function onn and off. Profile name list Default Sets the correspponding profile to be the deefault gateway for all outboound traffic except traffic foor which there are configurered static route rules or profile routing settings. Status Toggles the corresponding profile on and off. If your carrier supportss it, two profiles may be turned on simultaneously. APN The APN configured for the correspondingg profile. Username The username used u to log on to the corressponding APN. Roaming settings Allow data roaming When set to ON, the router will allow local devices to access the Wireeless WAN network when the MachineLink 3G is roamming onto a foreign network. When set to OFF, the router will deny network access to data seervices when roaming onto a foreign network. This setting is ON by default. Table 122 - Data connection ite tem details Co onnecting to the mobile broad dband netw work The router supports the cconfiguration of up too six APN profiles; theese profiles allow youu to configure the setttings that the router will w use to connect too the 2G/3G network and switch easily betwween different connecction settings. For advanced networkingg purposes, you mayy activate a maximum m of two profiles simu ltaneously (dependaant on network support). When activating ttwo connection profiles, you should avoidd seleccting two profiles withh the same APN as this can cause only one profile to connectt. Similarly, activatingg two profiles which are both configured too automatically deterrmine an APN can caause a confflict and result in neithher profile establishinng a connection. We recommend that thee two active connectioon profiles have differing, manually configgured APNs to avoid connection issues annd ensuure smooth operationn. Ma anually co onfiguring a connecttion profile To manually configure a connection profile: 1. Click the Eddit button correspondding to the Profile thaat you wish to modify.. The data connection profile settings pagge is displayed. Figure 19 - Data connection proofile settings www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 25 2. Click the Profile toggle key to turn the profile on. Additional settings appear. Figure 20 - Data connection settings - Profile turned on 3. In the Profile name field, enter a name for the profile. This name is only used to identify the profile on the router. 4. Ensure that the Automatic APN selection toggle key is set to off. If it is not, click it to toggle it to the off position. 5. In the APN field, enter the APN Name (Access Point Name) and if required, use the Username and Password fields to enter your login credentials. 6. Next to Authentication type, select the either CHAP or PAP depending on the type of authentication used by your provider. 7. The Reconnect delay field specifies the number of seconds to wait between connection attempts. The default setting of 30 seconds is sufficient in most cases but you may modify it to wait up to 65535 seconds if you wish. 8. The Reconnect retries field specifies the number of times to attempt to connect to the network if the router fails to establish a connection. It is set to 0 by default which causes the router to attempt to reconnect indefinitely. 9. The Metric value is used by router to prioritise routes (if multiple are available) and is set to 20 by default. This value is sufficient in most cases but you may modify it if you are aware of the effect your changes will have on the service. 10. The MTU field allows you to modify the Maximum Transmission Unit used on the connection. Do not change this unless instructed to by your carrier. 11. Use the NAT Masquerading toggle key to turn NAT Masquerading on or off. NAT masquerading, also known simply as NAT is a common routing feature which allows multiple LAN devices to appear as a single WAN IP via network address translation. In this mode, the router modifies network traffic sent and received to inform remote computers on the internet that packets originating from a machine behind the router actually originated from the WAN IP address of the router’s internal NAT IP address. This may be disabled if a framed route configuration is required and local devices require WAN IP addresses. 12. For advanced networking such as using dual simultaneous PDP contexts, you may wish to configure a particular profile to route only certain traffic via that profile by configuring a custom address and mask of traffic to send via that profile. To do this, in the Profile routing settings section, enter the Network address and Network mask of the remote network. If you do not want to use this feature, or are unsure, please leave these fields blank, which will not designate any particular traffic to be routed via this profile. For more information on configuring Profile routing settings, see the Setting a default gateway with two active connection profiles example. NetComm Wireless 3G Light Industrial M2M Router 26 www.netcommwireless.com 13. Click the Saave button when youu have finished entering the profile detailss. Co onfirming a successfful connec ction Afterr configuring the paccket data session, andd ensuring that it is enabled, click on the Status menu item at the top of the page to return to the Statuss page. When there iss a mobile broadband connnection, the WWAN ssection is expanded showing the details of o the connection andd the Status field dispplays Connected. To see details on the coonnected session, yoou can click the Showw data usagge button. Figure 21 - Paacket data connectionn status section www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 27 Connect t on De emand The connect on demand feature keeps the Paacket Data Protocol (PDP) context deactivvated by default while making it appear too locally connected ddevices that the routeer has a permanent attempts to esttablish a mobile broaadband data connection. connnection to the mobile broadband network. When a packet of innterest arrives or an SSMS wake-up commaand is received, the router Wheen the data connectioon is established, the router monitors traffic and terminates thee link when it is idle. Note: When interesting packets arrive, the recovery tim me for the wireless W WAN connection is appproximately 20-30 seeconds. Co onfiguring g Connect on Deman nd To configure Connect on demand: 1. Click the Networking menu item m from the top menu bar. 2. On the Connnect on demand pagge, click the Connectt on demand toggle key so that it is ON. Extra E options appear. See the following suub-sections for furtheer instructions. Figure 22 - Connnect on demand conffiguration options NetCComm Wireless 3G Ligght Industrial M2M Rouuter 28 www.netcommwirelless.com Se etting the rrouter to dial d a connection whe en traffic is i detected d on speciific ports In soome situations, you m may wish to have the internet connection disabled except at timmes when outbound traffic to a particular external host’s port oor range of ports is sent to the router. To use this feature, click Enable dial port filter and enter the port number or list of port numbeers separated by com mmas. When you seleect this option, all outbtbound ICMP/TCP/UDDP packets to any rem mote host on the specified porrt(s) will trigger the coonnection to dial. Notte that when this featture is enabled, the options to ignore speccific packet types aree not available. Figure 23 – Dial on ddemand - Data activity ty triggered connectionn You can allow Microsoft nnetwork awareness (NCSI) traffic through but if you prefer thatt they do not trigger the t connection, click the Ignore Microsoftt network awareness (NCSI) traffic togglee key to seet it to ON. Figure 24 - DDIal on demand - Ignoore NCSI traffic Ex xcluding c certain pac cket types from trigg gering the e connectio on to dial Depending on your envirronment, you might prefer to exclude certain types of traffic paassing through the roouter from triggering the t data connection. You can tell the router to ignore outboundd from a locally TCP, UDP or ICMP packeets. When any of thesse options are checkked the router will nott dial a connection when that type of outbound destined data ppacket reaches the router connnected device. Figure 25 – Dia ial on demand - Excludding IP protocols Ex xcluding c certain app plication ty ypes from triggering g the conn nection to d dial Som me devices may geneerate general traffic ass a part of normal opperation which you maay not want to trigger the data connectionn. You can set the rouuter to ignore Domain Name System (DNSS), Netwwork Time Protocol (NNTP) or Microsoft netwwork awareness (NCCSI) traffic from devicces behind the router. When you check the box for these optio ns, it tells the router to t ignore the requestt from that application type andd will not dial a conneection when this data type is received. Figure 26 - Dial oon demand - Excludingg application types www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 29 Setting timers for connection and disconnection The router has a number of timer settings which let you determine when a connection is dialled and when it is disconnected. Figure 27 – Dial on demand - Connect and disconnect timers OPTION DESCRIPTION On data activity, stay online for at least When traffic as per the configured settings above appear, the router will either continue to stay online, or dial a connection and will not disconnect it for the specified time period (min. 1 minute, max. 1 hour). This timer is continuously reset throughout the duration of a dial-up session, whenever data activity is detected matching the rules above. After connecting, stay online for at least This timer configures the router to not hang-up the connection for the specified time period after initially dialling the connection. This setting cannot be less than the keep online period above. This timer affects the connection only once per dial up session, at the beginning of the session. After hanging up, don’t redial for After a connection has been disconnected, you can tell the router to rest for a period of time before re-dialling. Disconnect regardless of traffic after Forces the router to disconnect the connection regardless of the traffic passing through it. The default setting is never. If you want to have the router dial a connection at regular intervals, use Connect regularly, every to specify the interval between dials. Setting this to never effectively disables this option. Connect regularly, every / Randomise connect frequency by up to The router also features the ability to randomise the time at which the first dial action is performed. This is useful in situations such as where you have numerous routers in an area where a power outage has occurred. Setting a random dial time helps to reduce network congestion when all the routers are powered on so they do not all try to connect simultaneously. When it is set to at least 2 minutes, you are able to configure the router to randomise the time it begins to dial. The randomised dial timer only affects the initial dial after the unit powers on or after the settings are saved. For example, if you configure the router to dial every 2 minutes with a randomised dial time of 1 minute, the router will dial the initial connection at a time greater than 2 minutes, but less than 3 minutes. After the first dial, the router will dial the connection exactly every 2 minutes. Table 13 - Connect on demand - Connect and disconnect timers descriptions Verbose mode The router provides the option of logging all the data activity which matches the settings for the Dial on demand feature for advanced troubleshooting purposes. To enable the logging of the Dial on demand feature, click the Enable verbose mode toggle key to switch it ON. See the System log section for more information. Figure 28 – Dial on demand - Verbose logging configuration NetComm Wireless 3G Light Industrial M2M Router 30 www.netcommwireless.com Ma anually co onnecting//disconnec cting Therre may be times when you need to either force a connection too be made or force a disconnection manuually. You can use thee Manual connect annd Manual disconnecct buttons to do this whenever necessary. Thee online status of the connection is displaayed above the buttonns. Figure 29 - Diaal on demand - Onlinee/Offline control Wheen you have finished cconfiguring the optioons for the Dial on demand feature, click thhe Save button at thee bottom to save your changes. SM MS Wake u up The router can also be wwoken up by means of o an SMS message using u the SMS diagnoostics feature by sending a zero byte classs 1 flash SMS. See ththe Diagnostics section for details on usinng the SMSS Wake up function. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 31 Operato or Settin ngs The Operator settings paage enables you to seelect which frequency band you will use ffor your connection and a enables you to sccan for available netwwork operators in youur area. Fi Figure 30 - Band settinngs p you are promptted to disable the data connection if it is Note: In ordeer to change the celluular band settings, thhe data connection mmust be disabled. Whhen you access this page, already activve. You may want to do this iif you’re using the rouuter in a country with multiple frequency nnetworks that may noot all support High Sppeed Packet Access (HSPA). You can select the router to onlyy connnect on the network ffrequencies that suit your y requirements. Use the Change band drrop down list to selecct the band you wish to t use. The following band settinngs options are availaable: All Baands GSM AAll WCDM MA All GSM 850 GSM 900 GSM 1800 GSM 1900 WCMDA 850 MA 900 WCDM MA 800 WCDM MA 1900 WCDM MA 2100 WCDM It is not necessary to chaange the default settinng of All bands in moost cases. In fact, loccking to a particular band b can cause connnection difficulties if thhe device is moved to t a location where thhe forceed band selection is no longer available. Wheen All bands is selecteed, the router attemppts to find the most suuitable band based oon the available netwworks for the inserted SIM card. The GSM All and the WCCDMA all options alloww you to force the deevice to lock to eitherr 2G networks only, or 3G networks only. Clickk the Save button to ssave and apply your selection. Op perator se ettings The operator settings feaature allows you perfoorm a scan of availabble networks, and to ooptionally lock to a particular network retuurned by the networkk scan. To scan for avvailable networks, set the and requires that the packet dataa session be disconneected prior to scanning. Seleect operator mode froom automatic to Manuual then click the scaan button. This operaation can take a few minutes NetCComm Wireless 3G Ligght Industrial M2M Rouuter 32 www.netcommwirelless.com Figgure 31 - Operator sett ttings A list of the detected 3G service carriers in yoour area is displayed. Figure re 32 - Detected operaator list Select the most appropriate 3G service from the t list shown and click Apply. Wheen Select operator moode is set to Automattic, the router selects the most appropriatee operator based on the inserted SIM carrd. This is the defaultt option and is sufficieent for most users. SIIM secu urity se ettings The SIM security settingss page can be used for f authenticating SIM M cards that have beeen configured with a security PIN. Un nlocking a PIN locke ed SIM If thee SIM card is locked,, you will receive a nootice when you accesss the Status page affter which you will bee directed to the PIN settings page to enteer the PIN. The PIN settings page lists thee statuus of the SIM at the toop of the page. If you are not redirected tto the PIN settings paage, to unlock the SIM: a) Click on thee Networking menu frrom the top menu baar, and then click SIMM security settings. Figure 33 - SI SIM security settings - SIM S PIN locked www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 33 b) Enter the PIN in the Current PINN field and then enterr it again in the Confirrm current PIN field to t confirm the PIN. c) member PIN option. This T feature allows thhe router to automaticcally send the PIN to the If you are pplacing the router in a remote, unattendedd location, you may wwish to check the Rem SIM each tiime the SIM asks for it (usually at power up). u This enables the SIM to be PIN locked (to prevent unauthoorised re-use of the SSIM elsewhere), whilee still allowing the rouuter to connect to the cellular service. When this ffeature is enabled, thhe PIN you enter when setting the Rememmber PIN feature is enncrypted and stored locally on the router. The next time the SIM asks the router forr the PIN, the rouuter decrypts the PINN and automatically sends it to the SIM witthout user interventioon. When this ffeature is disabled annd the SIM is PIN locked and the PIN musst be manually entereed via the router‘s configuration interface.. In situations where the t router will be unattendedd, this is not desirablee. Note: Selectt Remember PIN if yoou do not want to entter the PIN code eachh time the SIM is inseerted. d) Click the Saave button. If successsful, the router displaays the following screeen: En nabling/Diisabling SIIM PIN pro otection The security PIN protection can be turned on or off using the PIN protection toggle keyy. FFigure 34 - PIN Setting ngs NetCComm Wireless 3G Ligght Industrial M2M Rouuter 34 www.netcommwirelless.com Ch hanging th he SIM PIN N code PIN button and a enter the currentt PIN into the Current PIN and Confirm current PIN fields, thenn enter the desired PIN into the New PIN and If you would like to changge the PIN, click the Change Conffirm new PIN fields aand click the Save buutton. Figure 335 - PIN settings - Cha hange PIN Wheen the PIN has been cchanged successfully, the following screeen is displayed: Figure 36 - SIM ssecurity settings – PIN N unlock successful www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 35 Un nlocking a PUK locke ed SIM Afterr three incorrect attem mpts at entering the PIN, the SIM card beecomes PUK (Personnal Unblocking Key) locked and you are reequested to enter a P UK code to unlock it. Note: To obtain the PUK unlock coode, you must contacct Vodafone. You will be issued a PUKK to enable you to unllock the SIM and enteer a new PIN. Enter tthe new PIN and PUKK codes. Clickk the Save button whhen you have finishedd entering the new PIN and PUK codes. Figure 377 - SIM security - SIM PUK P locked NetCComm Wireless 3G Ligght Industrial M2M Rouuter 36 www.netcommwirelless.com LA AN LA AN configu uration The LAN configuration paage is used to configgure the LAN settingss of the router and to enable or disable DNNS Masquerading. Figure 338 – LAN configuration on settings The default IP of the Etheernet port is 192.168.1.1 with subnet maskk 255.255.255.0. To cchange the IP address or Subnet mask, enter e the new IP Addrress and/or Subnet mask m and click the Saave buttoon. Note: If you cchange the IP address, remember to rebooot the router and ennter the new IP addreess into your browser address bar. DN NS masquerad ding DNSS masquerading allowws the router to proxyy DNS requests from LAN clients to dynammically assigned DNSS servers. When enabled, clients on the ro router’s LAN can thenn use the router as a DNS server without needing too know the dynamicaally assigned cellular network DNS serverss. 3 Light Industrial MM2M router hands out its own IP address (e.g. 192.168.1.1) as the DNS server addrress to LAN clients. The With DNS masquerading ON, the DHCP serveer embedded in the 3G downstream clients then send DNS requests to the 3G Light Indusstrial M2M router whi ch proxies them to thhe upstream DNS serrvers. With DNS masquerading OFF, the DHCP servver hands out the upstream DNS server IPP addresses to downnstream clients directtly, so that downstreaam clients send DNS requests directly to the upsttream DNS servers wwithout being proxied by the 3G Light Induustrial M2M router. You may also override the DNS Masquerading option by specifyinng custom DNS Serveer IP addresses in the DHCP Server configuration mentioned iin the next section off this guide. In this caase the DHCP server assignss downstream devicees the manually configgured addresses andd the DNS Masqueraading option is ignoreed. In most cases, it is not neecessary to disable DNS D masquerading but b if you need to, clicck the DNS masquerrading toggle key to turn it OFF and then cclick the Save buttonn. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 37 DHCP The DHCP page is used to adjust the settings used by the router’s built in DHPC Server which assigns IP addresses to locally connected devices. DHCP relay configuration In advanced networks configurations where the 3G Light Industrial M2M Router should not be responsible for DHCP assignment, but instead an existing DHCP server is located on the Wireless WAN connection, the clients behind the 3G Light Industrial M2M Router are able to communicate with the DHCP server when DHCP relay is enabled. This enables the 3G Light Industrial M2M Router to accept client broadcast messages and to forward them onto another subnet. To configure the router to act as a DHCP relay agent click the DHCP relay toggle key to turn it ON and enter the DHCP server address into the DHCP server address field. DHCP relay is disabled by default. Figure 39 – DHCP relay configuration DHCP configuration You can manually set the start and end address range to be used to automatically assign addresses within, the lease time of the assigned address, the default domain name suffix, primary and secondary DNS server, the primary and secondary WINS server, as well as the advanced DHCP settings such as NTP, TFTP and Option 150/Option 160 (VoIP options). Figure 40 - DHCP configuration NetComm Wireless 3G Light Industrial M2M Router 38 www.netcommwireless.com OPTION DESCRIPTIO ON DHCP start range Sets the first IP address of thhe DHCP range DHCP end rannge Sets the last IP address of thhe DHCP range DHCP lease time (seconds) Thhe length of time in secondds that DHCP allocated IP addresses are valid Default domain name suffix Specifies the default domainn name suffix for the DHCPP clients. A domain name suffix enables users to acceess a local server, for exam mple, server1, without typing the full domaiin name server1.domain.coom DNS server 1 IP address Specifies the primary DNS ((Domain Name System) server’s IP address. DNS server 2 IP address Specifies the secondary DNNS (Domain Name System) server’s IP address. WINS server 1 IP address Specifies the primary WINS (Windows Internet Name Service) server IP address WINS server 2 IP address Specifies the secondary WINNS (Windows Internet Nam me Service) server IP addreess NTP server (OOption 42) Specifies the IP address of tthe NTP (Network Time Prootocol) server TFTP Server (OOption 66) Specifies the TFTP (Trivial FFile Transfer Protocol) serveer DHCP option 150 Thhis is used to configure Cissco IP phones. When a Cissco IP phone starts, if it is not n pre-configured with thee IP address and TFTP address, it sends a reequest to the DHCP server to obtain this information. Specify the string which w ll be sent as a reply to the option 150 request. DHCP option 160 Thhis is used to configure Poolycom IP phones. When a Polycom IP phone starts, iff it is not pre-configured witith the IP address and TFTP address, it seends a request to the DHCCP server to obtain this information. Specify the string which will be sent as a repply to the option 160 request. Enteer the desired DHCP options and click thee Save button. Ad ddress reserva ation list DHCCP clients are dynamically assigned an IPP address as they connnect, but you can reeserve an address for a particular device using the address reeservation list. Figure 41 – DHCP – Address resservation list To add a device to the adddress reservation lisst: 1. Click the +AAdd button. 2. In the Computer Name field enter a name for the devvice. 3. In the MACC Address field, enterr the device’s MAC adddress. 4. In the IP Adddress fields, enter thhe IP address that yoou wish to reserve forr the device. 5. If the Enablle toggle key is not set to ON, click it to swwitch it to the ON possition. 6. Click the Saave button to save thhe settings. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 39 Dynamic DHCP client list The Dynamic DHCP client list displays a list of the DHCP clients. If you want to reserve the current IP address for future use, click the Clone button and the details will be copied to the address reservation list fields. Remember to click the Save button under the Address reservation list section to confirm the configuration. Figure 42 - Dynamic DHCP client list NetComm Wireless 3G Light Industrial M2M Router 40 www.netcommwireless.com Routing Sta atic Static routing is the alternnative to dynamic rouuting used in more coomplex network scennarios and is used to facilitate communicaation between devicees on different networrks. Static routing involves conffiguring the routers inn your network with all the information neccessary to allow the ppackets to be forwardded to the correct destination. If you channge the IP address off one of the devices inn the staticc route, the route willl be broken. Figgure 43 - Static routing ng list me routes are added bby default by the routter on initialization suuch as the Ethernet suubnet route for routinng to a device on the Ethernet subnet. Som Ad dding Static Ro outes To add a new route to thee static routing list, click the +Add button.. The Static routes paage appears. 1. In the Route name field, type a name for the route soo that it can be identiified in the static routting list. 2. From the Network interface dropp down list, select thee interface for which you would like to creeate a static route. 3. In the Destiination IP address fieeld, enter the IP addrress of the destinatio n of the route. 4. In the IP suubnet mask field, enteer the subnet mask of o the route. 5. In the Gateway IP address field, enter the IP address of the gateway thatt will facilitate the rouute. 6. In the Metriic field enter the metrric for the route. The metric value is used by the router to priorritise routes. The loweer the value, the highher the priority. To givve the route the higheest priority, sett it to 0. 7. Click the Saave button to save yoour settings. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 41 Figure 44 - Adding a static route Active routing list Static routes are displayed in the Active routing list. Figure 45 - Active routing list Deleting static routes From the static routing list, click the icon to the right of the entry you wish to delete. Figure 46 - Deleting a static route NetComm Wireless 3G Light Industrial M2M Router 42 www.netcommwireless.com RIP RIP (Routing Information Protocol) is used forr advertising routes too other routers. Thus all the routes in the router’s routing table will be advertised to other nearby routerss. For example, the rooute for thhe router’s Ethernet ssubnet could be adveertised to a router on the PPP interface sidde so that a router onn this network will knoow how to route to a ddevice on the router’s Ethernet subnet. Sttatic routees must be added manually according to your requirements. See S Adding Static Rooutes. Note: Some rrouters will ignore RIPP. Figgure 47 - RIP configura ration To enable Routing Inform mation Protocol (RIP) 1. Click the RIP toggle key to switcch it to the ON positioon. 2. Using the VVersion drop down lisst, select the version of RIP that you wouldd like to use. 3. Select the interface for which yoou want RIP to apply. You can choose thee LAN interface, the WWAN interface or Both. 4. Click the Saave button to confirm m your settings. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 43 Re edundancy y (VRRP) configurati ion Virtuual Router Redundanccy Protocol (VRRP) iss a non-proprietary reedundancy protocol designed to increasee the availability of the default gateway seervicing hosts on the same subnet. This increeased reliability is acchieved by advertisingg a “virtual router” (an abstract representtation of master and backup routers actingg as a group) as a deefault gateway to thee host(s) instead of onne physsical router. Two or m more physical routers are then configured to stand for the virtu al router, with only onne doing the actual routing at any given tiime. If the current phhysical router that is routing the data on behalf of the virtual routerr fails, an arrangemennt is made for anotheer physical router to automatically replace it. The physical routeter that is currently forwarding data on behhalf of the virtual router is called the master routerr. Master routers have a priiority of 255 and backup router(s) can havve a priority betweenn 1 and 254. A virrtual router must use 00-00-5E-00-01-XX as a its (MAC) addresss. The last byte of thee address (XX) is the Virtual Router Identifier (VRID), which is ddifferent for each virtuual router in the netwoork. This address is used by oonly one physical rouuter at a time, and is the only way that othher physical routers can c identify the masteer router within a virtuual router. Figuure 48 - VRRP configur uration To configure VRRP, confiigure multiple devicees as follows and connnect them all via an Ethernet network swiitch to downstream devices. 1. Click the Redundancy (VRRP) toggle key to activatee VRRP. 2. In the Virtuaal ID field, enter an IDD between 1 and 2555. This is the VRRP IDD which is different foor each virtual router on the network. 3. In the Router priority field, enterr a value for the priority – a higher value iss a higher priority. 4. The Virtual IP address field is ussed to specify the VRRRP IP address – thiss is the virtual IP address that both virtual routers share. 5. Click the Saave button to save thhe new settings. Note: Configuuring VRRP changess the MAC address off the Ethernet port annd therefore if you waant to resume with thee web configuration yyou must use the neww IP address (VRRP IP) I or on a commannd prompt type: M address). arp –d(i.e. arp –d 192.168 8.1.1) to clear the arp cache.(old MAC NetCComm Wireless 3G Ligght Industrial M2M Rouuter 44 www.netcommwirelless.com Po ort Forward ding The Port forwarding list iss used to configure thhe Network Address Translation (NAT) rulles currently in effectt on the router. Figuure 49 – Port forwardin ing list The purpose of the port fforwarding feature is to allow mapping of inbound requests to a specific port on the WAN IP address too a device connectedd on the Ethernet inteerface. Ad dding a port fo orwarding rulle To create a new port forwwarding rule: 1. Click the +AAdd button. The port forwarding settings screen is displayed. 2. Use the Prootocol drop down list to select the type of protocol you want too use for the rule. Thee protocols selectionss available are TCP, UDP and All. 3. In the Sourrce IP Address field, enter e a “friendly” adddress that is allowed to access the router or a wildcard IP address (0.0.0.0) that alllows all IP addressess to access the routerr. 4. The Sourcee Port Range (From) and (To) fields are used u to specify the poort(s) on the source side s that are to be forwarded. This allowss you to send a rangee of consecutive port numbers byy entering the first in the range in the (Froom) field and the last in the range in the (TTo) field. To forward a single port, enter thhe port in the (From) field and repeat it in the (To) field. 5. In the Destiination network adresss field, enter the IP address of the client to which the traffic should be forwarded. 6. The Destinaation Port Range (Frrom) and (To) fields are a used to specify thhe port(s) on the destination side that are to be forwarded. If thhe Source port rangee specifies a single port then the deestination port may bee configured to any port. p If the Source poort range specifies a range of port numberrs then the Destinatioon port range must be the same as the Soource port range. 7. Click the Saave button to confirm m your settings. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 45 Figure 50 - Port forwarding settings To delete a port forwarding rule, click the button on the Port forwarding list for the corresponding rule that you would like to delete. NetComm Wireless 3G Light Industrial M2M Router 46 www.netcommwireless.com DM MZ The Demilitarized Zone (DMZ) allows you to configure all incomingg traffic on all protocools to be forwarded to t a selected device behind the router. Thhis feature can be used to avoid complex port a there is no filteringg of what traffic is alloowed and what is denied. forwarding rules, but it exxposes the device to untrusted networks as The DMZ configuration ppage is used to specify the IP Address of the device to use as the DMZ host. Figu gure 51 - DMZ configurration 1. Click the DMZ toggle key to turnn the DMZ function ON. 2. Enter the IPP Address of the device to be the DMZ hoost into the DMZ IP AAddress field. 3. Click the Saave button to save yoour settings. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 47 Router Firewall The Router firewall page is used to enable or disable the in-built firewall on the router. When enabled, the firewall performs stateful packet inspection on inbound traffic from the wireless WAN and blocks all unknown services, that is, all services not listed on the Services configuration page of the router. With respect to the other Routing options on the Networking page, the firewall takes a low priority. The priority of the firewall can be described as: DMZ > MAC/IP/Port filtering rules > MAC/IP/Port filtering default rule > Router firewall rules In other words, the firewall is of the lowest priority when compared to other manual routing configurations. Therefore, a MAC/IP/Port filtering rule takes priority in the event that there is a conflict of rules. When DMZ is enabled, MAC/IP/Port filtering rules and the router firewall are ignored but the router will still honour the configuration of the Remote router access control settings listed under Administration Settings. Figure 52 - Router Firewall toggle key NetComm Wireless 3G Light Industrial M2M Router 48 www.netcommwireless.com MA AC / IP / P Port filterin ng The MAC/IP/Port filter feaature allows you apply a policy to the traffic that passes througgh the router, both inbound and outboundd, so that network acccess can be controlleed. When the filter is except thosee listed in the “Currennt MAC / IP / Port filtering rules in effect” liist. Conversely, whenn the default rule is seet to enabbled with a default rule of “Accepted”, all connections will be allowed “Droopped”, all connections are denied exceppt for those listed in thhe filtering rules list. Figuree 53 - MAC / IP / Portt filtering Note: When enabling MAC / IP / Port filtering and settting the default rule too “Dropped”, you shoould ensure that you have first added a filltering rule which alloows at least one knowwn MAC/IP to acccess the router, otheerwise you will not bee able to access the uuser interface of the router without resettinng the router to factoory default settings. Crreating a M MAC / IP / Port filterring rule To create a filtering rule: 1. Click the M MAC / IP / Port filterinng toggle key to switcch it to the ON positioon. 2. Using the DDefault rule (inbound//forward) drop down list, select the defau lt action for the routeer to take when traffic reaches it. By defauult, this is configured to Accepted. If you change thiss to Dropped, you shoould first configure a filter rule that allows at least one device access to the router, otherwise you will effffectively be locked out o of the router. 3. Click the Saave button to confirm m the default rule. 4. In the Curreent MAC / IP / Port filttering rules in system m section, click the +AAdd button. Figure 54 - Curren ent MAC / IP/ Port filte tering rules in effect 5. Enter the details of the rule in thhe section that is dispplayed and click the SSave button. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 49 Figure 55 - MAC / IP / Port filtering settings OPTION DESCRIPTION Bound Use the drop down list to select the direction of the traffic for which you want to apply to the rule. Inbound refers to all traffic that is entering the router including data entering from the WAN and the LAN. Outbound refers to all traffic exiting the router including traffic leaving in the direction of the WAN and traffic leaving in the direction of the LAN. Forward specifies traffic that enters on the LAN or WAN side and is forwarded to the opposite end. Protocol Use the drop down list to select the protocol for the rule. You can have the rule apply to All protocols, TCP, UDP, UDP/TCP or ICMP. Source MAC Address Enter the MAC address in six groups of two hexadecimal digits separated by colons (:). e.g. 00:40:F4:CE:FA:1E Source IP Address Enter the IPv4 address that the traffic originates from and the subnet mask using CIDR notation. Destination IP Address Enter the IPv4 address that the traffic is destined for and the subnet mask using CIDR notation. Action Select the action to take for traffic which meets the above criteria. You can choose to Accept or Drop packets. When the default rule is set to Accept, you cannot create a rule with an Accept action since the rule is redundant. Likewise, if the default rule is set to Dropped you cannot create a rule with a Drop action. Comment [Optional] Use this field to enter a comment as a meaningful description of the rule. Table 14 - Current MAC / IP / Port filtering rules in effect 6. The new rule is displayed in the filtering rules list. You can edit the rule by clicking the Edit button or delete the rule by clicking the button. Figure 56 - Completed filtering rule NetComm Wireless 3G Light Industrial M2M Router 50 www.netcommwireless.com VPN A Virrtual Private Network (VPN) is a tunnel prooviding a private link between two networrks or devices over a public network. Dataa to be sent via a VPNN needs to be encappsulated and as suchh is geneerally not visible to thhe public network. The advantages of a VPNN connection includee: Data PProtection Accesss Control Data OOrigin Authenticationn Data IIntegrity Eachh VPN connection haas different configurattion requirements. Thhe following pages deetail the configuration options available foor the different VPN cconnection types. Note: The following descriptions are an overview of thhe various VPN optionns available. More deetailed instructions are available in separaate whitepapers on the NetComm Wirelesss website. IPS Sec IPSeec operates on Layerr 3 of the OSI model and a as such can prottect higher layered pprotocols. IPSec is used for both site to site VPN and Remote AAccess VPN. The 3G Light Industrial M2M routeer supports IPsec end points and can be configured with Site to Site VPN tunnels wwith third party VPN routers. Co onfiguring g an IPSec VPN From m the menu at the topp of the screen, click Networking and under the VPN section, cclick IPSec. A list of configured IPSec VPPN connections is dissplayed. Fig Figure 57 - IPSec VPN List Clickk the +Add button to begin configuring ann IPSec VPN connecttion. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 51 Figure 58 – IPSec profile edit NetComm Wireless 3G Light Industrial M2M Router 52 www.netcommwireless.com www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 53 The following table describes each of the fields of the IPSec VPN Connection Settings page. ITEM DEFINITION IPSec profile Enables or disables the VPN profile. Profile name A name used to identify the VPN connection profile. Remote IPSec server address The IP address of the IPSec server. Remote LAN address Enter the IP address of the remote network for use on the VPN connection. Remote LAN subnet mask Enter the subnet mask in use on the remote network. Local LAN address Enter the IP address of the local network for use on the VPN connection. Local LAN subnet mask Enter the subnet mask in use on the local network. Encapsulation type Select the encapsulation protocol to use with the VPN connection. You can choose ESP, AH or Any. IKE mode Select the IKE mode to use with the VPN connection. You can choose Main, Aggressive or Any. PFS Choose whether Perfect Forward Secrecy is ON or OFF for the VPN connection. IKE encryption Select the cipher type to use for the Internet Key Exchange. IKE hash Select the IKE Hash type to use for the VPN connection. The hash is used for authentication of packets for the key exchange. IPSec encryption Select the IPSec encryption type to use with the VPN connection. IPSec hash Select the IPSec hash type to use for the VPN connection. The hash is used for authentication of packets for the VPN connection. DH group Select the desired Diffie-Hellman group to use. Higher groups are more secure but also require longer to generate a key. DPD action Select the desired Dead Peer Detection action. This is the action to take when a dead Internet Key Exchange Peer is detected. DPD keep alive time Enter the time in seconds for the interval between Dead Peer Detection keep alive messages. DPD timeout Enter the time in seconds of no response from a peer before Dead Peer Detection times out. IKE re-key time Enter the time in seconds between changes of the encryption key. To disable changing the key, set this to 0. SA life time Enter the time in seconds for the security association lifetime. Select the type of key mode in use for the VPN connection. You can select from: Key mode Pre Shared Key RSA keys Certificates Pre-shared key The pre-shared key is the key that peers used to authenticate each other for Internet Key Exchange. Remote ID Specifies the domain name of the remote network. Local ID Specifies the domain name of the local network. Update Time Displays the last time the key was updated. Local RSA Key Upload Select the RSA key file for the local router here by clicking the Browse button. Remote RSA Key Upload Select the RSA key file for the remote router here by clicking the Browse button. Private key Passphrase The Private key passphrase of the router is the passphrase used when generating the router’s private key using OpenSSL CA. Key / Certificate Select the type of key or certificate to use for authentication. You can select Local private key, Local public certificate, Remote public certificate, CA certificate, CRL certificate. IPSec Certificate Upload Select the IPSec certificate to upload by clicking the Browse button. Table 15 - IPSec Configuration Items NetComm Wireless 3G Light Industrial M2M Router 54 www.netcommwireless.com Op penVPN OpenVPN is an open souurce virtual private neetwork (VPN) program m for creating point-too-point or server-to-m multi-client encryptedd tunnels between hoost computers. It can traverse network adddress w well through prroxy servers and cann run over TCP and UDP transslation (NAT) and fireewalls and allows autthentication by certificcate, pre-shared keyy or username and paassword. OpenVPN works transsports. Support for OOpenVPN is available on several operatingg systems, including Windows, Linux, Macc OS, Solaris, OpenBBSD, FreeBSD, NetBSSD and QNX. Co onfiguring g an Open VPN serve er From m the menu at the topp of the screen, click Networking and from m the VPN section on the left, click OpenVVPN. A list of configurred OpenVPN VPN cconnections is displayyed. Figu gure 59 - OpenVPN VPN PN List Clickk the +Add button forr the type of OpenVPN server/client you would w like to configuree. Op penVPN Se erver To configure an OpenVPN Server: 1. Click the OOpenVPN profile toggle key to switch it to the t ON position. 2. Type a nam me for the OpenVPN server profile you aree creating. 3. Use the Seerver port field to seleect a port number andd then use the drop ddown list to select a packet type to use for your OpenVPN Serrver. The default OpeenVPN port is 1194 annd default paccket type is UDP. 4. In the VPN network address and VPN network subnnet mask fields, enterr the IP address and network subnet mask to assign to your VPPN. This is ideally an internal IP address which differs from m your existing addresss scheme. 5. Next to Difffie-Hellman parameteers, click the Generatte DH button. This wiill create an encryptioon key to secure your OpenVPN connectiion. 6. Under Servver Certificates, enterr the required details. All fields must be coompleted. The Counttry field must consist of two characters onnly. When the details have been entered, click the Generaate CA certificate buttton to generate the Certificate Authority (CCA) certificate basedd on this information. 7. Under the SServer certificates seection, select the Authhentication type that yyou would like to usee for the OpenVPN Seerver. Note: The DDiffie-Hellman parameeters can take up to 10 1 minutes to generaate. Please be patientt. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 55 Certificate Authentication In the Certificate Management section, enter the required details to create a client certificate. All fields are required. When you have finished entering the details, click the Generate button. Figure 60 - OpenVPN server configuration – Certificate management When it is done, you can click the Download P12 button or the Download TGZ button to save the certificate file depending on which format you would like. If for some reason the integrity of your network has been compromised, you can return to this screen and use the Certificate drop down list to select the certificate and then press the Revoke button to disable it. Optional: To inform the OpenVPN server of the network address scheme of the currently selected certificate, enter the network address and network subnet mask in the respective fields and click the Set network information button. If you do not enter the remote subnet here, any packet requests from the server to the client will not be received by the client network because it is not aware of the remote client’s subnet. NetComm Wireless 3G Light Industrial M2M Router 56 www.netcommwireless.com Figure 61 – OpenVPN server proofile settings www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 57 Use ername / Passsword Authen ntication In the Username/Passwoord section, enter the username and password you would like tto use for authentication on the OpenVPN N Server. Click the Doownload CA certificatte button to save the ca.crt file. This file will need to be provided to the client. Note: If yoou wish to have moree than one client connnect to this OpenVPNN server, you must usse Certificate authenttication mode as Useername/Password only allows for a single client connectioon. Figure 62 - OpenVPPN Server – Usernamee / Password section Optioonal: To inform the OOpenVPN server of the network address scheme of the currenttly selected certificatte, enter the network address and networkk subnet mask in the respective fields andd clickk the Set Network Infoormation button. If yoou do not enter the reemote subnet here, aany packet requests from f the server to thee client will not be recceived by the client network because it is not aware of the remote cliennt’s subnet. Wheen you have finished eentering all the required information, clickk Save to finish configguring the OpenVPN server. Co onfiguring g an OpenV VPN Clien nt 1. Click the OOpenVPN profile toggle key to switch it to the t ON position. 2. In the Profille name field, type a name for the OpenVVPN client profile you are creating. 3. In the Serveer IP address field, tyype the WAN IP address of the OpenVPNN server. 4. Use the Seerver port field to seleect a port number andd then use the drop ddown list to select a packet type to use for the OpenVPN serveer. The default OpenVPN port is 1194 andd default paccket type is UDP. 5. If the Defauult gateway option is applied on the OpennVPN client page, thee OpenVPN server wiill enable connections to be made to otheer client networks connnected to it. If it is noot selected, thhe OpenVPN connecction allows for securee communication linkks between this routeer and the remote OpenVPN server only. 6. Use the Authentication type options to select the Autthentication type thatt you would like to usse for the OpenVPN client. NetCComm Wireless 3G Ligght Industrial M2M Rouuter 58 www.netcommwirelless.com Ce ertificate Auth hentication In the Certificate upload section at the bottom m of the screen, click the Browse button a nd locate the certificate file you downloadded when you configgured the OpenVPN server. When it has been seleccted, click the Upload button to send it too the router. Figure 63 - OOpenVPN client - Certtificate upload Use ername / Passsword Authen ntication Enteer the username and password to authenticate with the OpenVVPN server. Figure 64 - OpenVVPN Client - Usernamee/Password section Use the Browse button too locate the CA certifficate file you saved from f the OpenVPN Seerver and then presss the Upload button too send it to the routerr. Clickk the Save button to complete the OpenVVPN Client configuration. Co onfiguring g an OpenV VPN P2P Connection To configure an OpenVPN peer-to-peer connection: 1. Set the OpeenVPN profile toggle key to switch it to the ON position. 2. In the Profille name field, type a name for the OpenVVPN P2P profile you aare creating. 3. On the routter designated as thee master, leave the Server IP address fieldd empty. On the routter designated as the slave, enter the WAAN IP address of the master. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 59 Figure 65 - OpenVPN P2P mode settings 4. Use the Server port field to select a port number and then use the drop down list to select a packet type to use for the OpenVPN server. The default OpenVPN port is 1194 and default packet type is UDP. 5. In the Local IP Address and Remote IP Address fields, enter the respective local and remote IP addresses to use for the OpenVPN tunnel. The slave should have the reverse settings of the master. 6. Under the Remote network section, enter the network Address and network Subnet mask. The Network Address and Network Mask fields inform the Master node of the LAN address scheme of the slave. 7. Press the Generate button to create a secret key to be shared with the slave. When the timestamp appears, you can click the Download button to save the file to exchange with the other router. 8. When you have saved the secret key file on each router, use the Browse button to locate the secret key file for the master and then press the Upload button to send it to the slave. Perform the same for the other router, uploading the slave’s secret key file to master. 9. When they are uploaded click the Save button to complete the peer-to-peer OpenVPN configuration. NetComm Wireless 3G Light Industrial M2M Router 60 www.netcommwireless.com PP PTP-Clientt The Point-to-Point Tunnelling Protocol (PPTP) is a method for impleementing virtual privaate networks using a TCP and GRE tunneel to encapsulate PPPP packets. PPTP operates on Layer 2 of thhe OSI model and is includeed on Windows compputers. Co onfiguring g the PPTP Client To configure the PPTP client: 1. From the m menu bar at the top off the screen, click Neetworking and then froom the VPN section on the left side of thee screen, click PPTP client. The PPTP clieent list is displayed. Fig Figure 66 - PPTP clientt list 2. Click the +AAdd button to begin configuring a new PPPTP client profile. Thee PPTP client edit scrreen is displayed. Figur ure 67 - VPN PPTP clien ent edit www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 61 3. Click the Enable PPTP client toggle key to switch it to the ON position. 4. In the Profile name list, enter a profile name for the tunnel. This may be anything you like and is used to identify the tunnel on the router. 5. Use the Username and Password fields to enter the username and password for the PPTP account. 6. In the PPTP server address field, enter the IP address of the PPTP server. 7. From the Authentication type drop down list, select the Authentication type used on the server. If you do not know the authentication method used, select any and the router will attempt to determine the correct authentication type for you. There are 5 authentication types you can choose from: CHAP – uses a three way handshake to authenticate the identity of a client. MS-CHAP v1 – This is the Microsoft implementation of the Challenge Handshake Authentication Protocol for which support was dropped in Windows® Vista. MS-CHAP v2 - This is the Microsoft implementation of the Challenge Handshake Authentication Protocol which was introduced in Windows® NT 4.0 and is still supported today. PAP – The Password Authentication Protocol uses a password as a means of authentication and as such, is commonly supported. PAP is not recommended because it transmits passwords unencrypted and is not secure. EAP – Extensible Authentication Protocol. An Authentication protocol commonly used in wireless networks. 8. The metric value helps the router to prioritise routes and must be a number between 0 and 65535. The default value is 30 and should not be modified unless you are aware of the effect your changes will have. 9. The Use peer DNS option allows you to select whether the remote clients will use the Domain Name Server of the PPTP server. Click the toggle key to set this to ON or OFF as required. 10. NAT masquerading allows the router to modify the packets sent and received to inform remote computers on the internet that packets originating from a machine behind the router actually originated from the WAN IP address of the router’s internal NAT IP address. Click the toggle key to switch this to the ON position if you want to use this feature. 11. Set default route to PPTP sets all outbound data packets to go out through the PPTP tunnel. Click the toggle key to switch this to the ON position if you want to use this feature. 12. The Verbose logging option sets the router to output detailed logs regarding the PPTP connection in the System Log section of the router interface. 13. The Reconnect delay is the time in seconds that the router will wait before attempting to connect to the PPTP server in the event that the connection is broken. The minimum time to wait is 30 seconds so as to not flood the PPTP server with connection requests, while the maximum time to wait is 65335 seconds. 14. The Reconnect retries is the number of connection attempts that the router will make in the event that the PPTP connection goes down. If set to 0, the router will retry the connection indefinitely, otherwise the maximum number of times to retry cannot be greater than 65335. 15. Click the Save button to save the changes. The VPN will attempt to connect after your click Save. Click the Status button at the top left of the interface to return to the status window and monitor the VPN’s connection state. NetComm Wireless 3G Light Industrial M2M Router 62 www.netcommwireless.com GR RE tunnellling The Generic Route Encapsulation (GRE) protoocol is used in addition to Point-to-Point TTunnelling Protocol (PPPTP) to create VPNss (virtual private netwworks) between clientts and servers or betwween cliennts only. Once a PPTPP control session establishes the VPN tunnnel GRE is used to ssecurely encapsulatee the data or payload. Co onfiguring g GRE tunn nelling To configure GRE tunnelling: 1. From the m menu bar at the top off the screen, click Neetworking and then froom the VPN section on the left side of thee screen, click GRE. The GRE client list iss displayed. Fi Figure 68 - GRE client list 2. Click the +AAdd button to begin configuring a new GRRE tunnelling client pprofile. The GRE Cliennt Edit screen is displayed. Fig igure 69 – GRE client edit 3. Click the Ennable GRE Tunnel tooggle key to switch it to the ON position. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 63 4. In the Profile name, enter a profile name for the tunnel. This may be anything you like and is used to identify the tunnel on the router. 5. In the GRE server address field, enter the IP address of the GRE server. 6. In the Local tunnel address field, enter the IP address you want to assign the tunnel locally. 7. In the Remote tunnel address field, enter the IP address you want to assign to the remote tunnel. 8. In the Remote network address field, enter the IP address scheme of the remote network. 9. In the Remote network subnetmask field, enter the subnet mask of the remote network. 10. The TTL (Time To Live) field is an 8-bit field used to remove an undeliverable data packet from a network to avoid unnecessary network traffic across the internet. The default value of 255 is the upper limit on the time that an IP datagram can exist. The value is reduced by at least one for each hop the data packet takes to the next router on the route to the datagram’s destination. If the TTL field reaches zero before the datagram arrives at its destination the data packet is discarded and an error message is sent back to the sender. 11. The Verbose logging option sets the router to output detailed logs regarding the GRE tunnel in the System Log section of the router interface. 12. The Reconnect delay is the time in seconds that the router will wait before attempting to connect to the GRE server in the event that the connection is broken. The minimum time to wait is 30 seconds so as to not flood the GRE server with connection requests, while the maximum time to wait is 65335 seconds. 13. The Reconnect retries is the number of connection attempts that the router will make in the event that the GRE connection goes down. If set to 0, the router will retry the connection indefinitely, otherwise the maximum number of times to retry cannot be greater than 65335. 14. Click the Save button to save the changes. The VPN will attempt to connect after your click Save. Click the Status button at the top left of the interface to return to the status window and monitor the VPN’s connection state. NetComm Wireless 3G Light Industrial M2M Router 64 www.netcommwireless.com Serv S vice es Dynamic c DNS The DDNS page is used to configure the Dynamic DNS feature of the router. A numbe r of Dynamic DNS hoosts are available from m which to select. Figuree 70 – Dynamic DNS settings Dynaamic DNS provides a method for the routeer to update an exterrnal name server withh the current WAN IP address. To configure dynamic DNNS: 1. Click the DDNS configuration tooggle key to switch it to the ON position. 2. From the Dynamic DNS drop doown list, select the Dyynamic DNS service that you wish to use. The available DDNSS services available aare: www.ddhs.org www.ddyndns.org www.ddyns.cx www.eeasydns.com www.jjustlinux.com www.oods.org www.ttzo.com www.zzoneedit.com 3. In the Userrname and Password fields, enter the logoon credentials for youur DDNS account. Ennter the password for the account again inn the Verify passwordd field. 4. Click the Saave button to save thhe DDNS configuratioon settings. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 65 Network time (NTP) The NTP (Network Time Protocol) settings page allows you to configure the 3G Light Industrial M2M router to synchronize its internal clock with a global Internet Time server and specify the time zone for the location of the router. This provides an accurate timekeeping function for features such as System Log entries and Firewall settings where the current system time is displayed and recorded. Any NTP server available publicly on the internet may be used. The default NTP server is 0.netcomm.pool.ntp.org. Figure 71 - NTP settings Configuring Timezone settings To configure time zone settings: 1. The Current time field shows the time and date configured on the router. If this is not accurate, use the Time zone drop down list to select the correct time zone for the router. If the selected zone observes daylight savings time, a Daylight savings time schedule link appears below the drop down list. Click the link to see the start and end times for daylight savings. 2. When you have selected the correct time zone, click the Save button to save the settings. Configuring NTP settings To configure NTP settings: 1. Click the Network time (NTP) toggle key to switch it to the ON position. 2. In the NTP service field, enter the address of the NTP server you wish to use. 3. The Synchronization on WWAN connection toggle key enables or disables the router from performing a synchronization of the time each time a mobile broadband connection is established. 4. The Daily synchronisation toggle key enables or disables the router from performing a synchronization of the time each day. 5. When you have finished configuring NTP settings, click the Save button to save the settings. NetComm Wireless 3G Light Industrial M2M Router 66 www.netcommwireless.com Data stre eam manager The data stream manageer provides you with the t ability to create mappings between innput ports and outputt ports (e.g. Serial Port, SMS, GPS, USB) aand performs any reqquired translation or data c contact NetCom m Wireless about our Software Developm ment proccessing by each virtual data tunnel. Custoomers interested in deeveloping their own aapplications to createe custom mappings can Kit. The data stream manageer provides a wide range of possibilities and expands upon simmple PAD functionality to include the forw warding and translatioon of data between any a of the inputs and outpputs of the router. Cerrtain accessories connnected via the USB port such as USB to Serial cables are alsso supported. For exaample, you could sennd the GPS data receeived by the module (in NMEEA format) through thhe built-in serial port or o out of the USB porrt using a USB to Serrial cable. The following is an example of how to configuure the router to sendd GPS data through thhe serial port: 1. Click the +AAdd button on the rigght side of the page. Fig igure 72 - Data stream m list 2. Click the Acctivate toggle key so that it is in the ON position. Fig igure 73 - Activate buttton 3. In the Data stream name field, enter e a name to identtify the mapping on tthe Data stream list. 4. Under the EEndpoint A section, use u the Type drop doown list to select GPSS. 5. Under the EEndpoint B section, use u the Type drop doown list to select Seriaal. Under the Serial port p settings section, use the drop down llists to select the apppropriate parameters for the serial pport output. The screeenshot below shows an a example of typicaal settings for this sceenario. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 67 Figure 74 - Data stream manager - GPS to Serial port example 6. Click the Save button to confirm your settings. The new data stream appears in the Data stream list. Table 16 - Data stream list entry NetComm Wireless 3G Light Industrial M2M Router 68 www.netcommwireless.com Watchdo ogs To access the Watchdoggs page, click the Services menu item, theen select the Watchddogs menu item on the left. Figuure 75 - Watchdogs Seettings Watcchdogs are features wwhich monitor the router for anomalies annd restart the router iff an anomaly occurs preventing its normaal operation. When coonfigured, the watchddogs feature transmitts conttrolled ping packets tto 1 or 2 user specifieed IP addresses to confirm an active connnection. If the watchddog does not receivee responses to the pinngs after a specified number of failures, it will rebooot the device in a lasst resort attempt to reestore connectivity. We recommend using caaution when implemeenting this feature in situations where the ddevice is intentionallyy offline for a particulaar reason, for exampple, when Dial-on-dem mand has been enabbled. This is because the watcchdog expects to be able a to access the innternet at all times, annd will always eventually reboot the routerr if access isn't restorred by the time the various timers expire and the fail f count is reached. d to the nature of tthe watchdog being a last resort standaloone backup mechanissm that it will continuue to do its job and reeboot the device evenn when the Dial-on-ddemand session is idlle, or It is due the mobile broadband coonnection is disabledd by the user. Therefoore, we recommendeed that you disable thhis feature if Dial-on-ddemand is configuredd or if the mobile broadband connection will be inntentionally disconneected on occasion. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 69 The watchdog works as ffollows: a) The router ssends 3 consecutive pings to the first desstination address at tthe interval specified in the Periodic Ping timer field. b) If all 3 pings to the first destination address fail, the router sends 3 conseecutive pings to the second destination adddress at the Periodicc Ping timer interval. c) If all 3 pings to the second desttination address fail, the t router sends 3 pi ngs to the first destinnation address using the Periodic Ping acccelerated timer interrval. d) If all 3 acceelerated pings to the first destination addrress fail, the router seends 3 pings to the second destination adddress at the Periodicc Ping accelerated timer interval. e) If all 3 acceelerated pings to the second destination address fail, the routeer registers this as a fail and returns to steep C. f) When the nnumber of failures reaaches the number coonfigured in the Fail ccount field, the routerr reboots. If any ping succeeds, the routerr returns to step A annd does not reboot. Note: The Peeriodic Ping timer shoould not be set to a value v of less than 2100 seconds to allow the router time to reconnect to the cellular nnetwork following a reboot. the periodic pping reset monitor, seet Fail count to 0. To disable Figuree 76 – Ping watchdog settings NetCComm Wireless 3G Ligght Industrial M2M Rouuter 70 www.netcommwirelless.com Co onfiguring g Periodic Ping settin ngs The Periodic Ping settinggs configure the routeer to transmit controlled ping packets to 2 specified IP addresses. If the router does not receive responnses to the pings, thee router will reboot. To configure the ping waatchdog: 1. In the First destination address field, enter a websitee address or IP addreess to which the router should send the first round of ping req uests. 2. In the Secoond destination addreess field, enter a webbsite address or IP adddress to which the router should send the second round of piing requests. 3. In the Perioodic Ping timer field, enter an integer betwween 300 and 65535 for the number of seeconds the router shoould wait between pinng attempts. Setting this to 0 disables thee ping watchdog ffunction. 4. In the Perioodic Ping acceleratedd timer field, enter an integer between 60 and 65535 for the nuumber of seconds thee router should wait bbetween acceleratedd ping attempts, i.e. pings to the second destination addreess. Setting this to 0 disables the ping wattchdog function 5. In the Fail ccount field, enter an integer between 1 annd 65535 for the nummber of times an acceelerated ping should fail before the router reboots. Setting this to 0 disables the pinng watchdog ffunction. Diisabling th he Periodic c Ping rese et function To disable the Periodic PPing reset function, seet Fail count to 0. Note: The trafffic generated by the periodic ping featuree is usually counted aas chargeable data usage. Please keep this in mind when seleecting how often to ping. Co onfiguring g a Periodiic reboot The router can be configured to automaticallyy reboot after a periodd of time specified inn minutes. While this is not necessary, it does ensure that in thee case of remote installations, the router will rebooot if some anomaly ooccurs. 1. In the Forcee reboot every field, enter the time in minutes between forced reboots. The defaultt value is 0 which disables the Periodic reeboot function. The minimum period betweeen reboots is 5 minutes while the maximum value is 655535 minutes. 2. If you have configured a forced reboot time, you cann use the Randomisee reboot time drop doown list to select a random reboot timer. RRandomising the rebooot time is useful for preventing a large number of deevices from rebootingg simultaneously andd flooding the networrk with connection attempts. The router wiill wait for the configuured Force reboot every time and thhen randomly reboot within w the configuredd Randomise reboot ttime. 3. Click the Saave button to save thhe settings. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 71 SNMP SNMP configuration The SNMP page is used to configure the SNMP features of the router. Figure 77 - SNMP configuration SNMP (Simple Network Management Protocol) is used to remotely monitor the router for conditions that may warrant administrative attention. It can be used to retrieve information from the router such as the signal strength, the system time and the interface status. To configure SNMP: 1. Click the SNMP toggle key to switch it to the ON position. 2. Enter Read-only community name and Read-write community name which are used for client authentication. Community names are used as a type of security to prevent access to reading and/or writing to the routers configuration. It is recommended that you change the Community names to something other than the default settings when using this feature. 3. Click the Save button to save any changes to the settings. The Download button displays the Management information base (MIB) of the router. The MIB displays all the objects of the router that can have their values set or report their status. The MIB is formatted in the SNMP-related standard RFC1155. NetComm Wireless 3G Light Industrial M2M Router 72 www.netcommwireless.com SN NMP traps SNM MP traps are messagees from the router to the Network Manageement System sent ass UDP packets. Theyy are often used to nootify the managementt system of any significant events such ass whetther the link is up or ddown. Co onfiguring g SNMP tra aps To configure SNMP trapss: 1. In the Trap destination field, entter the IP address to which SNMP data is to be sent. 2. In the Hearrtbeat interval field, enter the number of seeconds between SNMMP heartbeats. 3. Use the Traap persistence field too specify the time in seconds that an SNMMP trap persists. 4. Use the Traap retransmission tim me to specify the lenggth of time in secondss between SNMP trapp retransmissions. FFigure 78 - SNMP trapps To send a manual SNMPP Heartbeat, click the Send heartbeat button. When you have ffinished configuring the t SNMP traps, clickk the Save button to ssave the settings. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 73 TR R-069 To access the TR-069 coonfiguration page, clicck the Services menu item, then select thhe TR-069 menu item on the left. Figure re 79 - TR-069 configu guration The TR-069 (Technical RReport 069) protocol is a technical specificcation also known as CPE WAN Managem ment Protocol (CWMPP). It is a framework fofor remote management and autoconffiguration of end-userr devices such as customer-premises equuipment (CPE) and AAuto Configuration Seervers (ACS). It is parrticularly efficient in aapplying configuration updates across netwworks to multiple CPEEs. TR-0069 uses a bi-directioonal SOAP/HTTP-bassed protocol based on the application layeer protocol and provides several benefits for the maintenancee of a field of CPEs: Simplifies the initial configuration of a device during installation Enables easy restoration of o service after a factoory reset or replacemment of a faulty device Firmwware and software verrsion management Diagnnostics and monitoring Note: You muust have your own coompatible ACS infrastructure to use TR-0669.In order to accesss and configure the TR-069 settings you mmust be logged into thhe router as the root user. TR R-069 confi figuration To configure TR-069: 1. Click the Ennable TR-069 toggle key to switch it to the ON position. 2. In the ACS URL field, enter the Auto Configuration Server’s full domain nname or IP address. 3. Use the ACCS username field to specify the username for the Auto Configguration Server. 4. In the ACS password and Verifyy ACS password fieldds, enter the Auto Coonfiguration Server paassword. 5. In the Connnection Request Username field, enter thee username to use foor the connection requests. 6. In the Connnection Request Password and Verify passsword fields, enter thhe connection request password. 7. The inform message acts as a beacon to inform the ACS of the existencee of the router. Click the t Enable periodic ACS A informs toggle kkey to turn on the perriodic ACS inform messages. 8. In the Inform m Period field, enter the number of seconnds between the inforrm messages. 9. Click the Saave button to save thhe settings. NetCComm Wireless 3G Ligght Industrial M2M Rouuter 74 www.netcommwirelless.com GPS The built-in GPS module allows you to use loccation-based services, monitor field deplooyed hardware or findd your current locatioon. The GPS Status wwindow provides up to date information abbout location and tthe current GPS signal conditions (positioon dilution of precisioon (PDOP), horizontal dilution of precision (HDOP) and verticall dilution of precision (VDOP)) of the routeer. the current To use the GPS function, set the GPS operation toggle key to ON and click the Save bbutton. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 75 The Google map button provides a quick short cut to show your router’s current position on a map and because GPS positioning relies on accurate clock settings to obtain the correct information about your location, the Clock Sync button allows you to quickly set the router clock to the correct time. This ensures you will always have the correct GPS position information available. Mobile Station Based Assisted GPS configuration If you are not using a dedicated GPS antenna, you may use the nearby mobile base stations to triangulate your position. To do this, set the A-GPS toggle key to the ON position and use the drop down lists to configure the automatic retry options. Figure 80 - Mobile Stations Based Assisted GPS configuration options ITEM A-GPS Enable DESCRIPTION Enables or disables the mobile station based assisted GPS function. Maximum Retry Count Sets the maximum number of times the router should attempt to triangulate its position. Retry delay (minute) Sets the number of minutes the router should wait between attempts to triangulate its position. Automatic Update Period (day) Sets the number of days that the router should automatically update the A-GPS data. The maximum update period is 7 days. Table 17 - Mobile Station Based Assisted GPS configuration options Odometer NetComm Wireless 3G Light Industrial M2M Router 76 www.netcommwireless.com www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 77 SMS messaging The 3G Light Industrial M2M router offers an advanced SMS feature set, including sending messages, receiving messages, redirecting incoming messages to another destination, as well as supporting remote commands and diagnostics messages. Some of the functions supported include: Ability to send a text message via a CDMA network and store it in permanent storage. Ability to receive a text message via a CDMA network and store it in permanent storage. Ability to forward incoming text messages via a CDMA network to another remote destination which may be a TCP/UDP server or other mobile devices. Ability to receive run-time variables from the device (e.g. uptime) on request via SMS Ability to change live configuration on the device (e.g. network username) via SMS. Ability to execute supported commands (e.g. reboot) via SMS Ability to trigger the 3G Light Industrial M2M router to download and install a firmware upgrade Ability to trigger the 3G Light Industrial M2M router to download and apply a configuration file To access the SMS messaging functions of the 3G Light Industrial M2M router, click on the Services menu item from the top menu bar, and then select one of the options under the SMS messaging section on the left hand menu. Setup The Setup page provides the options to enable or disable the SMS messaging functionality and SMS forwarding functionalities of the router. SMS messaging is enabled by default. Figure 81 - General SMS Configuration NetComm Wireless 3G Light Industrial M2M Router 78 www.netcommwireless.com OPTION DEFINITION Geneeral SMS configuration SMSS messaging Toggles the SMS functionalityy of the router on and off. Messsages per page (10-50) The number of SMS messagees to display per page. Muust be a value between 10 and 50. Encooding scheme The encoding method used ffor outbound SMS messages. GSM 7-bit mode permits up to 160 characters peer message but drops to 500 characters if the message inccludes special characters. UCS-2 mode allows the seending of Unicode charactters and permits a message to bee up to 50 characters in lenngth. SMSS forwarding configuration Forwwarding Toggles the SMS forwarding function of the router on and off. Redirect to mobile Enter a mobile number as thee destination for forwardedd SMS messages. TCP address Enter an IP address or domaain name as the destinationn for forwarded SMS messaages using TCP. TCP port The TCP port on which to connnect to the remote destinaation. UDPP address Enter an IP address or domaain name as the destinationn for forwarded SMS messaages using UDP. UDPP port The UDP port on which to coonnect to the remote destination. Tabl ble 18 - SMS Setup Set ettings SM MS forward ding config guration Incoming text messages can be redirected too another mobile device and/or a TCP/UDDP message server. Re edirect to m mobile You can forward incominng text messages to a different destinationn number. This destinnation number can be another mobile phoone or a 3G router phhone number. For Example: If someone sends a text m message and Redireect to mobile is set to “+61412345678”, thhe text message is stoored on the router annd forwarded to “+61 412345678” at the saame time. To disable redirection to a mobile, clear the Redirect to mobile field and click the Savee button. Re edirect to T TCP / UDP P address You can also forward inccoming text messages to a TCP/UDP baseed destination. The TTCP or UDP server caan be any kind of pubblic or private server if the server acceptss incoming text-basedd messages. The TCP/UDP address caan be an IP address or domain name. The port number rangee is from 1 to 65535. Please refer to your TCP/UDP based SMSS server configurationn for which port to use. For Example: If someone sends a text m message and TCP address is set to “192.168.20.3” and TCP port is set to “2002”,, this text message is stored in the router aand forwarded to “1992.168.20.3” on port “20002” at the same time. To disable redirection to a TCP or UDP addreess, clear the TCP adddress and UDP addrress fields and click the Save button. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 79 New message The New message page can be used to send SMS text messages to a single or multiple recipients. A new SMS message can be sent to a maximum of 100 recipients at the same time. After sending the message, the result is displayed next to the destination number as “Success” or “Failure” if the message failed to send. By default, only one destination number field is displayed. Additional destination numbers may be added one at a time after entering a valid number for the current destination number field. To add a destination number, click the button and to remove the last destination in the list, click the button. Figure 82 - SMS - New Message Destination numbers should begin with the “+” symbol followed by the country calling code. To send a message to a destination number, enter the “+” symbol followed by the country calling code and then the destination number. For example: To send a message to the mobile destination number 0412345678 in Australia (country calling code 61), enter “+61412345678”. After entering the required recipient numbers, type your SMS message in the New message field. As you type your message, a counter shows how many characters you have entered out of the total number available for your chosen encoding scheme. When you have finished typing your message and you are ready to send it, click the Send button. NetComm Wireless 3G Light Industrial M2M Router 80 www.netcommwireless.com Inb box / Outb box The Inbox displays all recceived messages thaat are stored on the router while the Outboox displays all sent messages. Figure 83 - SMS Inboox FFigure 84 - SMS Outbbox ICON DESCRIPTION Forwward button. Click this buttton to open a new messag e window where you can forward the corresponding message to another recipiient. Repply button. Click this buttonn to open a new message wwindow where you can reply to the sender. Addd to White list. Click this button to add the sender’s mmobile number to the white list on the router. Delete button. Click this button to delete the correspondding message. Reffresh button. Click this buttoon to refresh the inbox or ooutbox to see new messages. Tabl ble 19 - Inbox/Outboxx icons www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 81 Diagnos stics The Diagnostics page is used to configure thee SMS diagnostics and command executtion configuration. Thhis allows you to channge the configurationn, perform functions remotely and check on o the MS commands. statuus of the router via SM To access the Diagnosticcs page, click on the Services menu item then select the SMSS menu on the left andd finally select Diagnostics beneath it. Figure 85 - SMS diagnnostics and commandd execution configurati tion SM MS diagnostics and command execution n configura ation The options on this pagee are described beloww. Enable remote d diagnostics an nd command execution Enabbles or disables the rremote diagnostics feeature. If this setting is enabled all incomiing text messages arre parsed and tested for remote diagnostiics commands. If rem mote diagnostics com mmands are found, the router executes thhose commands. Thiss feature is enabled by default. All remotee diagnostic commannds that are receivedd are stored in the Inbbox. Note: It is possible to adjust setttings and prevent youur router from functiooning correctly using remote diagnostics. If this occurs, you wiill need to perform a factory reset in orderr to mal operation. restore norm a a password whenn utilising this featuree to prevent unauthorised access. See thee White list descriptioon for more informatioon. We highly reecommended that yoou use the white list and NetCComm Wireless 3G Ligght Industrial M2M Rouuter 82 www.netcommwirelless.com On nly accept auth henticated SM MS messages Enabbles or disables checcking the sender’s phhone number againstt the allowed sender white list for incoming diagnostics and coommand execution SSMS messages. ming message against the If authentication is enableed, the router will cheeck if the sender’s nuumber exists in the wwhite list. If it exists, thhe router then checkss the password (if connfigured) in the incom passsword in the white listt for the correspondinng sending number. If they match, the diaagnostic or commandd is executed. If thee number does not exxist in the white list or the password does not match, the routeer does not execute the incoming diagnosstic or command in thhe SMS message. This is enabled by default and it is strongly addvised that you leavee this feature enabledd to maintain securityy. Sen nd Set comma and acknowle edgement rep plies The 3G Light Industrial M M2M router will autom matically reply to certaain types of comman ds received, such ass get commands, or execute commands. However replies from m the 3G Light Industtrial M router are optional wwith set commands and a the Wakeup com mmand. This option E nables or disables seending an acknowleddgment message afteer execution of a set command or SMS M2M Wakkeup command. If dissabled, the router doees not send any acknnowledgement after eexecution of a set coommand or SMS Wakeup command. All accknowledgment replies are stored in the Outbbox after they have bbeen sent. This can be useful to determine if a commandd was received and executed by the routeer. This option is disaabled by default. Sen nd acknowled dgement repllies to This option allows you to specify where to sennd acknowledgment messages after the eexecution of a set, orr exec command. f number is seleccted, the acknowledggement message will be sent to the numbber defined in the Fixeed number to send reeplies to field. If the ssender’s number is selected, the If a fixed acknnowledgement messaage will be sent to the number that the SM MS diagnostic or commmand message origginated from. The deffault setting is to use the sender’s number. Fix xed number to o send repliess to This field defines the desstination number to which w error messagess are sent after the exxecution of a get, set, or exec command. This field is only dispplayed when Send Error E SMS to is set to Fixed Number. Sen nd command error repliess Enabbles or disables the ssending of an error message resulting from the execution of a get, set, or exec com mmand. All error replies are stored in the Outbox after they haave been sent. Sen nd error repliies to Wheen Send Error SMS foor Get/Set/Exec Com mmand is set to ON, this option is used to specify where the errror SMS is sent. Use the radio buttons to select either Fixed Number or SMS Sendder Num mber. When set to SM MS Sender Number thhe router will reply to the originating numbber of the SMS diagnostic or command. When W set to Fixed Nu mber the router will send s the error messaages to the number specified iin the following field. Sen nd a maximum m number of You can set the maximum m number of acknowwledgement and errorr messages sent wheen an SMS diagnosticc or command is executed. The maximumm limit can be set perr hour, day, week or month. The router will send a maaximum of 100 repliess by default. The number of messagess sent is shown beloww the options. The total transmitted messaage count resets afteer a reboot or at the beginning of the time frame specified. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 83 White List for diagnostic or execution SMS The white list is a list of mobile numbers that you can create which are considered “friendly” to the router. If Only accept authenticated SMS messages is enabled in the diagnostics section, the router will compare the mobile number of all incoming diagnostic and command messages against this white list to determine whether the diagnostic or command should be executed. You may optionally configure a password for each number to give an additional level of security. When a password is specified for a number, the SMS diagnostic or command message is parsed for the password and will only be executed if the number and password match. Figure 86 - White list for diagnostic or execution SMS A maximum of 20 numbers can be stored on the router in the white list. To add a number to the white list, click the “+Add” button. Figure 87 – Adding a number to the SMS white list The White List numbers and passwords can be cleared by pressing the button to the right of each entry. To add a number to the white list, enter it in the Destination number field and optionally define a password in the Password field. When you have finished adding numbers click the Save button to save the entries. NetComm Wireless 3G Light Industrial M2M Router 84 www.netcommwireless.com Se ending g an SM MS Diag gnostic Comm mand Folloow the steps below too configure the routerr to optionally acceptt SMS diagnostic commmands only from auuthenticated senders and learn how to seend SMS diagnostic commands to the router. 1. Navigate too the Services > SMSS messaging > Diagnnostics page 2. Confirm thaat the Enable remote diagnostics and com mmand execution togggle key is set to the ON position. If it is seet to OFF click the tooggle key to switch it to the ON position. 3. If you wish to have the router onnly accept commands from authenticated senders, ensure thaat Only accept authennticated SMS messagges is set to the ON position. In the Whitee list for diagnosstic or execution SMSS messages section, click the +Add butto n and enter the sendder’s number in internnational format into thhe Destination numbeer field that appears. If you wish too also configure a passsword, enter the passsword in the Passwo word field corresponding to the destinationn number. 4. If you wouldd prefer to accept SM MS diagnostic commands from any sendeer, set the Only accept authenticated SMSS messages toggle kkey to the OFF positioon. Note: An alteernative method of addding a number to thhe white list is to sendd an SMS message to the router, navigatee to Services > SMS messaging > Inbox and then click the button next tto the message whicch corresponds to thee sender’s number. 5. Click the Saave button. Ty ypes of SM MS diagnosstic comma ands Therre are three types of ccommands that can be sent; execute, gett and set. The basic syntax is as follows: execuute COMMAND get VAARIABLE set VAARIABLE=VALUE If authentication is enableed, each command must m be preceded byy the password: MMAND PASSWORD execute COM PASSWORD get VARIABLLE PASSWORD set VARIABLE=VALUE The following are some eexamples of SMS diaggnostic commands: passwword6657 execute reboot get rsssi set appn1=testAPNvalue SM MS acknow wledgment replies The router automatically replies to get commaands with a value andd execute commandss with either a successs or error response. Set commands will oonly be responded too if the Send Set ment replies toggle keey is set to ON. If thee Send command erroor replies toggle key is set to ON, the router will send a reply if the command is coorrect but a variable or command acknowledgem valuee is incorrect, for exaample, due to misspeelling. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 85 SMS command format Generic Format for reading variables: get VARIABLE PASSWORD get VARIABLE Generic Format for writing to variables: set VARIABLE=VALUE PASSWORD set VARIABLE=VALUE Generic Format for executing a command: Execute COMMAND PASSWORD execute COMMAND Replies Upon receipt of a successfully formatted, authenticated (if required) command, the gateway will reply to the SMS in the following format: TYPE SMS CONTENTS get command “VARIABLE=VALUE” set command “Successfully set VARIABLE to VALUE” execute command “Successfully executed command COMMAND” NOTES Only sent if the acknowledgment message function is enabled Table 20 - SMS Diagnostic Command Syntax Where “VARIABLE” is the name of the value to be read Where “VARIABLE (x)” is the name of another value to be read Where “VALUE” is the content to be written to the “VARIABLE” Where “COMMAND” is a supported command to be executed by the device (e.g. reboot) Where “PASSWORD” is the password (if configured) for the corresponding sender number specified in the White List Multiple commands can be sent in the same message, if separated by a semicolon. For Example: get VARIABLE1; get VARIABLE2; get VARIABLE3 PASSWORD get VARIABLE1; get VARIABLE2 set VARIABLE=VALUE1 ; set VARIABLE2=VALUE2 PASSWORD set VARIABLE1=VALUE1; set VARIABLE2=VALUE2; set VARIABLE3=VALUE3 If required, values can also be bound by an apostrophe, double apostrophe or back tick. For Example: “set VARIABLE=’VALUE’” “set VARIABLE=”VALUE”” “set VARIABLE=`VALUE`” “get VARIABLE” NetComm Wireless 3G Light Industrial M2M Router 86 www.netcommwireless.com www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 87 A paassword (if required),, only needs to be sppecified once per SMS, but can be prefixeed to each commandd if desired. “PASSSWORD get Variable1”; “get VARIABLE22” “PASSSWORD set VARIABBLE1=VALUE1”; “sett VARIABLE2=VALUEE2” executes the remaininng command line afteer the If thee command sent includes the “reboot” coommand and has alreeady passed the whitte list password checck, the device keeps this password and ex rebooot with this same passsword. For Example: “PASSSWORD execute rebboot; getVariable1”; “get VARABLE2” “PASSSWORD execute rebboot; PASSWORD geet Variable1”; “get VAARABLE2” Note: Commands, variables and values are case senssitive. Lisst of valid command ds A list of valid commands which can be used in i conjunction with thhe execute commandd are listed below: “pdppcycle”, “pdpdown” and “pdpup” commaands can have a profile number suffix ‘x’ aadded. Without the suffix s specified, the command operates aggainst the default proofile configured on thhe profiile list page of the Weeb-UI. COMMANDD NAME DESCRRIPTION reboot Immediately performs a soft reboot. pddpcycle Disconnects (if connecteted) and reconnects the daata connection. If a profile number is selected in the ccommand, try to disconnecct/reconnect the specified profile in casee the profile is active. If no profile number is selected, try to disconnect/reconnecct the current active profilee. Reports an error if no profile number is selecteed and there is no currently activated profile. pddpdown Disconnects the PDP. Iff a profile number is selecteed in the command, the rouuter tries to disconnect thee specified profile in case the profile is active. If no profile number is selecteed, try to disconnect the cuurrent active profile. Reports an error if no profile nummber is selected and there is no currently activated profile. pddpup Reconnects the PDP. If a profile number is selecteed in the command, the rouuter tries to connect with the he specified profile. If no prrofile number is selected, the router triess to connect to the last active profile. The gateway will check the currently activaated profile and disconnecct this profile before executing the commandd. The router reports an errror if no profile number is seelected and there is no stoored last active profile number. facctorydefaults Performs a factory resett on the router. Performs a download annd install of a Firmware Upgrade (.cdi), Config File (.tar.gz) or a help documentt (.pdf) file. If the file is a firmware immage as in the case of a .ccdi file, the router will apply the recovery image first annd then the main firmware image. The download location is specified immmediately after the commannd and may be from an HTTTP or FTP source URL. If the file is a .tar.gz file, the router will apply the file as a configuration file update for the device and rebboot afterwards. doownload If the file is a .pdf, the roouter will assume this is a user u guide document and save s it to the router and maake the file available for vieewing via the help menu on the Web-UI. Note: If your download UURL includes any space characters, please encode these prior to transmission according to RFC1738, foor example: ftp://username:passwordd@serveraddress/directoryy%20with%20spaces/filenaame.cdi Note: Authenticated FTPP addresses may be used following the format as deffined in RFC1738, for exammple: ftp://username:passwordd@serveraddress/directoryy/filename.cdi Table 21 - List st of Valid SMS diagnoostic commands NetCComm Wireless 3G Ligght Industrial M2M Rouuter 88 www.netcommwirelless.com The following table lists vvalid variables where “x” is a profile numbber (1-6). If no profile is specified, variablees are read from or written to for the curreent active profile. If a profile is specified, variaables are read from oor written to for the sppecified profile number (‘x’). RDB VARIABLE NAAME SMS VARIABLE NAME READ/W WRIT DESCRRIPTION EXAM MPLE VALUE link.profile.1.enable Reaad: link.profile.1.appn (proofile no,atd#xxx,user,pass,,auth,iplocal,status) link.profile.1.useer 1,atatd#777,username,passworrd, chap,202.44.185.111,up profile link.profile.1.paass RW Profile link.profile.1.autth_type Writite: link.profile.1.iploocal (atdd#xxx, user, pass,auth) link.profile.1.staatus atd# d#777,username,password link.profile.1.useer username RW 3G username Gueest, could also return “null”” password RW 3G password Gueest, could also return “null”” link.profile.1.paass link.profile.1.autth_type authtype RW 3G Authentication type ”paap” or”chap” link.profile.1.iploocal wanip WAN IP addresss 2022.44.185.111 wwan.0.radio.innformation.signal_strength rssi 3G signal strength -655 dBm meid MEID number 0x000A1000021D003BB usage 3G data usage of current session “Rxx 500 bytes, Tx 1024 bytes, Total 1524 bytes” or “Rx 0 byte, Tx 0 bytete, Total 0 byte” when wwan down wanuptime Up time of current 3G session 1 ddays 02:30:12 or 0 days 00:00:00 when wwan down wwan.0.meid statistics.usagee_current statistics.usagee_current 10 /proc/uptime deviceuptime Device up time 1 ddays 02:30:12 11 wwan.0.system_network_status.current_bband band Current Frequency channel & band CHH:425 PCS-B Band Table 22 - List of SMS diagnostitics variables SM MS diagnostics exam mples The examples below dem monstrate various com mbinations of supporrted commands. Thiss is not an exhaustivee list and serves as an example of possibiilities only. DDESCRIPTION AUTTHENTICATION INPUT EXAMPLE Not requireed set username=’NetComm’ Required PASSWORD set usernname= ”NetComm” Not requireed set password= `NetCoomm` Required PASSWORD set passwword= `NetComm` Not requireed set authtype= ‘pap’ Required PASSWORD set authttype = pap Not requireed execute reboot Required PASSWORD execute reboot Not requireed get wanip Required PASSWORD get wanipp Not requireed get rssi Required PASSWORD get rssi Send SMS to channge the data connection ussername Send SMS to channge the data connection paassword Send SMS to channge the data connection authentication Send SMS to rebooot Send SMS to checck the WAN IP address Send SMS to checck the mobile signal strenggth www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 89 Not required get meid Required PASSWORD get meid Not required get band Required PASSWORD get band Not required execute pdpcycle Required PASSWORD execute pdpcycle Not required execute pdpdown Required PASSWORD execute pdpdown Not required execute pdpup Required PASSWORD execute pdpup Not required get wanip; get rssi Required PASSWORD get wanip; get rssi Not required set ssh.genkeys=1; set username=test; set auth=pap Required PASSWORD set ssh.genkeys=1; set username=test; set auth=pap Not required execute factorydefaults Required PASSWORD execute factorydefaults Not required get status Required PASSWORD get status Send SMS to retrieve the history of the session, including start time, end time and total data usage Not required get sessionhistory Required PASSWORD get sessionhistory Send SMS to configure the router to send syslog to a remote syslog server Not required set syslogserver Required PASSWORD set syslogserver Send SMS to wake up the router, turn on the default gateway and trigger the ‘connect on demand’ profile if in waiting state. Not required execute wakeup Required PASSWORD execute wakeup Send SMS to check the MEID number Send SMS to check the current band Send SMS to Disconnect (if connected) and reconnect the data connection Send SMS to disconnect the data connection Send SMS to connect the data connection Send multiple get command Send multiple set command Send SMS to reset to factory default settings Send SMS to retrieve status of router execute download http://download.com:8080/firmware_image.cdi Not required execute download http://download.com:8080/firmware_image_r.cdi Send SMS to perform firmware upgrade when firmware is located on HTTP server PASSWORD execute download http://download.com:8080/firmware_image.cdi Required PASSWORD execute download http://download.com:8080/firmware_image_r.cdi execute download ftp://username:password@download.com/firmware_image.cdi Not required execute download ftp://username:password@ download.com/firmware_image_r.cdi Send SMS to perform firmware upgrade when firmware is located on FTP server PASSWORD execute download ftp://username:password@ download.com/firmware_image.cdi Required PASSWORD execute download ftp://username:password@ download.com/firmware_image_r.cdi Not required set pppoe=0 Required PASSWORD set pppoe=0 Send SMS to turn on PPPoE and set dialstring and service name Not required set pppoe=1,atd#777, Test Required PASSWORD set pppoe=1,atd#777, Test Send SMS to retrieve the PPPoE status, currently configured dial string and service name Not required get pppoe Required PASSWORD get pppoe Not required set ledmode=10 Required PASSWORD set ledmode=10 Not required get ledmode Required PASSWORD get ledmode Not required get ssh.proto Required PASSWORD get ssh.proto Send SMS to turn off PPPoE Send SMS to set the LED mode timeout to 10 minutes Send SMS to retrieve the current LED mode Retrieve current SSH protocol NetComm Wireless 3G Light Industrial M2M Router 90 www.netcommwireless.com Not requireed set ssh.proto=1 Required PASSWORD set ssh.pproto=1 Not requireed get ssh.passauth Required PASSWORD get.ssh.ppassauth Not requireed set ssh.passauth=1 orr set ssh.passauth=0 Required PASSWORD set ssh.ppassauth=1 or PASSWORD set ssh.passauth=0 Not requireed execute ssh.genkeys Required PASSWORD execute ssh.genkeys Not requireed execute ssh.clearkeyss Required PASSWORD execute ssh.clearkeys Not requireed get MEID Select SSH protoccol Retrieve passwordd authentication status Enable/disable paassword authentication on host Generate set of puublic/private keys on the hoost Clear client publicc keys stored on host Retrieve the MEIDD of the router Required PASSWORD get MEIDD Table 23 - SM MS diagnostics exampple commands www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 91 System Log The Log pages are used to display or download the System log and IPSec logs on the router. System log The System Log enables you to troubleshoot any issues you may be experiencing with your 3G Light Industrial M2M router. To access the System Log page, click on the System menu. The System Log is displayed. Figure 88 - System log file Log file Use the Display level drop-down list to select a message level to be displayed. The message levels are described in the table below. To download the System log for offline viewing, right-click the Download button and choose Save as.. to save the file. To clear the System log, click the Clear button. The downloaded log file is in Linux text format with carriage return (CR) only at the end of a line, therefore in order to be displayed correctly with new lines shown, it is recommended to use a text file viewer which displays this format correctly (e.g. Notepad++). Log data is stored in RAM and therefore, when the unit loses power or is rebooted, it will lose any log information stored in RAM. To ensure that log information is accessible between reboots of the router there are two options: 1. Enable the Log to file option NetComm Wireless 3G Light Industrial M2M Router 92 www.netcommwireless.com 2. Use a remoote syslog server www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 93 Enable the log to file option When the router is configured to log to a file, the log data is stored in flash memory, making it accessible after a reboot of the router. Up to 512kb of log data will be stored before it is overwritten by new log data. Flash memory has a finite number of program-erase operations that it may perform to the blocks of memory. While this number of program-erase operations is quite large, we recommend that you do not enable this option for anything other than debugging to avoid excessive wear on the memory. Use a remote syslog server The router can be configured to output log data to a remote syslog server. This is an application running on a remote computer which accepts and displays the log data. Most syslog servers can also save the log data to a file on the computer on which it is running allowing you to ensure that no log data is lost between reboots. To configure the 3G Light Industrial M2M Router to output log data to a remote syslog server: 1. Click on the System menu from the top menu bar. The System log item is displayed. 2. Under the Remote syslog server section, enter the IP address or hostname of the syslog server in the IP / Hostname [:PORT] field. You can also specify the port number after the IP or hostname by entering a semi-colon and then the port number e.g. 192.168.1.102:514. If you do not specify a port number, the router will use the default UDP port 514. 3. Click the Save button to save the configuration. Figure 89 - System log ITEM DEFINITION All Display all system log messages. Debug Show extended system log messages with full debugging level details. Info Show informational messages only. Notice Show normal system logging information. Warning Show warning messages only. Error Show error condition messages only. Table 24 - System log detail levels NetComm Wireless 3G Light Industrial M2M Router 94 www.netcommwireless.com IPS Sec log The IPSec log section proovides the ability for you to download the log for the IPSec VPPN function. This can assist in troubleshoooting any problems yoou may have with thee IPSec VPN. Figure 90 - IPSec logg Use the Log level drop down list to specify the type of detail you want w to capture in thee log and then click the Save button. When you change the loggging level, any activve IPSec VPN tunnelss will be disconnected as a chhange in logging leveel requires the IPSec service to be restarteed. To download the IPSec loog, click the Downloaad IPSec log button and a you will be prommpted to save the file. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 95 Sy ystem C Config guration Se ettings bac ckup and restore The settings backup / resstore page is used too backup or restore thhe router’s configurattion or to reset it to faactory defaults. In ordder to view the settinggs page you must bee logged into the webb user dmin. The backup / restore functions caan be used to easily configure a large num mber of 3G Light Induustrial M2M router byy configuring one rouuter interrface as root usinng the password ad with your desired settingss, backing them up to a file and then restoring that file to multiiple 3G Light Industrial M2M routers. Figure 91 – Settings backup and a restore Bac ck up your ro outer’s configu uration Log in to the web configuuration interface, click on the System mennu and select Settinggs backup and restoree. If you want to password pprotect your backup configuration files, enter your password i n the fields under Saave a copy of currentt settings and click onn Save. If you don’t want w to password prootect yourr files, just click on Saave. The router will thhen prompt you to select a location to savve the settings file. Note: The folllowing conditions apply: It is NOT poossible to edit the contents of the file dowwnloaded; if you modiify the contents of thee configuration file in any way you will nott be able to restore it later. You may chhange the name of thhe file if you wish but the filename extensioon must remain as “.cfg” Resstore your ba ackup configu uration 1. In the web configuration interfacce click on the System menu and select SSettings backup and restore. 2. From the RRestore saved settings section, click on Brrowse or Choose a fiile and select the bacckup configuration file on your computer. 3. Click Restoore to copy the settinggs to the new 3G Light Industrial M2M rouuter. The router will apply a these settings and a inform you it will rreboot - click on OK.. Resstoring the ro outer’s factory y default confiiguration Clickk the Restore Defaultts button to restore thhe factory default connfiguration. The routeer asks you to confirm m that you wish to resstore factory default ssettings. If you wish to continue with the restooring of factory defauults, click OK. Note: All currrent settings on the roouter will be lost when performing a restorre of factory default settings. The device IP address will changge to 192.168.1.1 and the default usernam me root and ddefault password ad dmin will be configgured. NetCComm Wireless 3G Ligght Industrial M2M Rouuter 96 www.netcommwirelless.com Up pload To access the Upload paage, click on the Systtem menu, then System Configuration andd then Upload. The Upload page allows you to upload firmwaare files, HTTPS certificates or user createed application packaages to the 3G Light Industrial M2M routerr. When firmware files have been uploadeed, they can also be installedd from this page. PDFF files, such as this user guide may also bbe uploaded for acceess on the router’s heelp page. For more m information on aapplication developm ment, contact NetCom mm Wireless about o ur Software Development Kit. FFigure 92 - Upload pag age Up pdating the e Firmwarre The firmware update process involves first uppdating the recovery image firmware and then updating the main firmware image. Note: In ordeer to perform an updaate, you must be loggged into the router witth the root manager account (see the Advvanced configurationn section for more deetails). To update the 3G Light Inndustrial M2M Router’s firmware: 1. Power on thhe router as describeed in the Installing thee router section. 2. Log in to thhe router with the roott user account (See the t Advanced config uration section for deetails) 3. Select the SSystem item from thee top menu bar, selecct the System configuuration item from the menu on the left andd then select the Uplooad menu item. 4. Under the FFile uploads section, click the Browse buttton. Locate the recoovery firmware image file on your computeer and click Open. Thhe recovery image is named ntc_nwl12__x.xx.xx.x_r.cdi while the main system firm mware image is nameed ntc_nwl12_x.xx.xxx.x.cdi. 5. Click the Upload button. The firm mware image is uploaaded to the storage oon the router. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 97 Figure 93 - File upload 6. Repeat steps 4 and 5 for the main system firmware image. 7. The uploaded firmware images are listed in the Uploaded files section. Click the Install link next to the recovery image to begin installing the recovery firmware image and then click OK on the confirmation window that appears. Figure 94 - Uploaded files 8. The recovery firmware image is flashed and when it is complete, the router displays “The firmware update was successful” and returns to the main Upload screen. Figure 95 - Recovery firmware flash process NetComm Wireless 3G Light Industrial M2M Router 98 www.netcommwireless.com 9. Click the Innstall link to the right of o the main firmware image you uploadedd and then click OK to t confirm that you waant to continue with tthe installation. Note: Do not remove the power when w the router’s LEDDs are flashing as thiss is when the firmware update is in processs. 10. The installaation is complete wheen the countdown reaaches zero. The routeer attempts to redirecct you to the Status page. Figure 96 --– Installing main firm mware image 11. Hold down the reset button on the t router for 15-20 seconds to reboot andd restore the factory default settings of the router. See the Resstoring factory default settings section forr more information. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 99 Package manager The Package Manager page is used to provide details of any user installed packages on the router and allow them to be uninstalled. For more information on application development, contact NetComm Wireless about our Software Development Kit. Figure 97 – Software applications manager The Application name, Version number of the application, the architecture type and time of installation are all displayed. Clicking the Package details link will display a pop-up window with further details of the package. To uninstall any software applications, click the Uninstall link. NetComm Wireless 3G Light Industrial M2M Router 100 www.netcommwireless.com Ad dministratiion setting gs To access the Administraation Settings page, click c on the System menu m then the Adminnistration menu on thee left and then click on o Administration Setttings. The Administration settings page is used to enable or disable prottocols used for remotte access and configgure the passwords for the user accountss used to log in to thee router. Figur ure 98 - Administrationn page www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 101 OPTION DEFINITION Remote router access coontrol Enable HTTP Enable or disaable remote HTTP access to t the router. You can also set the port you would likee remote HTTP access to be available on. HTTP management port Enter a port nuumber between 1 and 65534 to use when accessing the router remotely. Enable HTTPS Enable or disaable remote HTTPS accesss to the router using a secuure connection. Remote HTTPS access pport Enter a port nuumber between 1 and 65534 to use when accessing the router remotely over a secure HTTPS connection. Enable Telnet Enable or disaable remote telnet (command line) access to the routeer. Enable SSH Enable or disaable Secure Shell on the router. Remote SSH Access Portrt Enter the port number for remote SSH acccess. Must be a port num ber between 1 and 65534.. Enable Ping Enable or disaable remote ping responses on the WWAN connectioon. Web User Interface accoount Username Use the drop down list to select the root or admin account to changge its web user interface password. Password Enter the desired web user interface passsword. Confirm password Re-enter the desired web user interface password. Telnet/SSH account Username Displays the Telnet/SSH.username. This may not be changed. Password Enter the desired Telnet/SSH password. Confirm password Re-enter the desired Telnet/SSH password. Table 25 - Ad Administration configuuration options To access the router’s coonfiguration pages reemotely: 1. Open a neww browser window annd navigate to the WAAN IP address and aassigned port number of the router, for example http://123.2099.130.249:8080 Note: You cann find the router’s WAAN IP address by clicking on the “Status” mmenu. The WWAN IPP field in the WWAN Connection Status seection shows the routeer’s WAN IP address. 2. Enter the ussername and passwoord to login to the rouuter and click Log in. Note: To perfoorm functions like Firm mware upgrade, deviice configuration bacckup and to restore and a reset the router too factory defaults, yoou must be logged in with the root manageer account. NetCComm Wireless 3G Ligght Industrial M2M Rouuter 102 www.netcommwirelless.com HTTPS key managem ment What is HTT TP Secure?? HTTP Secure or HTTPS iss the use of the HTTPP protocol over an SSSL/TLS protocol. It is used primarily to prootect against eavesdrropping of communiccation between a webb browser and the weeb t which it is connectted. This is especiallyy important when youu wish to have a secuure connection over a public network such as the internet. HTTTPS connections aree secured through thee use site to of ceertificates issued by ttrusted certificate autthorities such as VeriSign. When a web b rowser makes a connnection attempt to a secured web site, a ddigital certificate is sent to the browser soo that it can verify the authenticcity of the site using a built-in list of trustedd certificate authoritiees. Therre are two main differrences between how HTTPS and HTTP coonnections work: 1. HTTPS uses port 443 while HTTTP uses port 80 by deefault. 2. Over an HTTTPS connection, all data d sent and received is encrypted with SSL while over an HTTP connection, all data d is sent unencryppted. The encryption is achieveed through the use of o a pair of public andd private keys on bothh sides of the connecction. In cryptography, a key refers to a nuumerical value used by an algorithm to alter making the informatioon secure and visible only to those who haave the correspondinng key to recover (decrypt) the informationn. The public key is used u to encrypt inforrmation (encrypt it), m inforrmation and can be ddistributed freely. Thee private key is used to decrypt informatioon and must be secreet by its owner. Eachh 3G Light Industrial M2M router containss a self-signed digital certificate which is iddentical on all 3G Ligght Industrial M2M roouters. For a greater llevel of security, the router also supports geneerating your own uniqque key. Additionally, you may use third party p software to geneerate your own self-ssigned digital certificaate or purchase a siggned certificate from a trusted certificate authority and then uploadd those certificates too the router. Ge enerating your own self-signe ed certificaate To generate your own seelf-signed certificate: 1. Click the Syystem item from the top t menu bar, then Administration from thhe side menu bar andd then HTTPS key management. 2. Enter the ceertificate details using the appropriate fields. Each field must bbe completed in ordeer to generate a certificate. Figure 99 - Ge Generate self signed HTTTPS certificate Note: The CCountry field must conntain a code for the desired country from the list below. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 103 CODE COUNTRY COUNTRY CODE COUNTRY CODE COUNTRY AX Åland Islands ER Eritrea LS Lesotho SA Saudi Arabia AD Andorra ES Spain LT Lithuania SB Solomon Islands AE United Arab Emirates ET Ethiopia LU Luxembourg SC Seychelles AF Afghanistan FI Finland LV Latvia SE Sweden AG Antigua and Barbuda FJ Fiji LY Libya SG Singapore AI Anguilla FK Falkland Islands (Malvinas) MA Morocco SH St. Helena AL Albania FM Micronesia MC Monaco SI Slovenia AM Armenia FO Faroe Islands MD Moldova SJ Svalbard and Jan Mayen Islands AN Netherlands Antilles FR France ME Montenegro SK Slovak Republic AO Angola FX France, Metropolitan MG Madagascar SL Sierra Leone AQ Antarctica GA Gabon MH Marshall Islands SM San Marino AR Argentina GB Great Britain (UK) MK Macedonia SN Senegal AS American Samoa GD Grenada ML Mali SR Suriname AT Austria GE Georgia MM Myanmar ST Sao Tome and Principe AU Australia GF French Guiana MN Mongolia SU USSR (former) AW Aruba GG Guernsey MO Macau SV El Salvador AZ Azerbaijan GH Ghana MP Northern Mariana Islands SZ Swaziland BA Bosnia and Herzegovina GI Gibraltar MQ Martinique TC Turks and Caicos Islands BB Barbados GL Greenland MR Mauritania TD Chad BD Bangladesh GM Gambia MS Montserrat TF French Southern Territories BE Belgium GN Guinea MT Malta TG Togo BF Burkina Faso GP Guadeloupe MU Mauritius TH Thailand BG Bulgaria GQ Equatorial Guinea MV Maldives TJ Tajikistan BH Bahrain GR Greece MW Malawi TK Tokelau BI Burundi GS S. Georgia and S. Sandwich Isls. MX Mexico TM Turkmenistan BJ Benin GT Guatemala MY Malaysia TN Tunisia BM Bermuda GU Guam MZ Mozambique TO Tonga BN Brunei Darussalam GW Guinea-Bissau NA Namibia TP East Timor BO Bolivia GY Guyana NC New Caledonia TR Turkey BR Brazil HK Hong Kong NE Niger TT Trinidad and Tobago BS Bahamas HM Heard and McDonald Islands NF Norfolk Island TV Tuvalu BT Bhutan HN Honduras NG Nigeria TW Taiwan BV Bouvet Island HR Croatia (Hrvatska) NI Nicaragua TZ Tanzania BW Botswana HT Haiti NL Netherlands UA Ukraine BZ Belize HU Hungary NO Norway UG Uganda CA Canada ID Indonesia NP Nepal UM US Minor Outlying Islands CC Cocos (Keeling) Islands IE Ireland NR Nauru US United States CF Central African Republic IL Israel NT Neutral Zone UY Uruguay CH Switzerland IM Isle of Man NU Niue UZ Uzbekistan CI Cote D'Ivoire (Ivory Coast) IN India NZ New Zealand (Aotearoa) VA Vatican City State (Holy See) CK Cook Islands IO British Indian Ocean Territory OM Oman VC Saint Vincent and the Grenadines CL Chile IS Iceland PA Panama VE Venezuela CM Cameroon IT Italy PE Peru VG Virgin Islands (British) CN China JE Jersey PF French Polynesia VI Virgin Islands (U.S.) CO Colombia JM Jamaica PG Papua New Guinea VN Viet Nam CR Costa Rica JO Jordan PH Philippines VU Vanuatu CS Czechoslovakia (former) JP Japan PK Pakistan WF Wallis and Futuna Islands CV Cape Verde KE Kenya PL Poland WS Samoa CX Christmas Island KG Kyrgyzstan PM St. Pierre and Miquelon YE Yemen CY Cyprus KH Cambodia PN Pitcairn YT Mayotte CZ Czech Republic KI Kiribati PR Puerto Rico ZA South Africa DE Germany KM Comoros PS Palestinian Territory ZM Zambia DJ Djibouti KN Saint Kitts and Nevis PT Portugal COM US Commercial DK Denmark KR Korea (South) PW Palau EDU US Educational DM Dominica KW Kuwait PY Paraguay GOV US Government DO Dominican Republic KY Cayman Islands QA Qatar INT International DZ Algeria KZ Kazakhstan RE Reunion MIL US Military EC Ecuador LA Laos RO Romania NET Network EE Estonia LC Saint Lucia RS Serbia ORG Non-Profit Organization EG Egypt LI Liechtenstein RU Russian Federation ARPA Old style Arpanet EH Western Sahara LK Sri Lanka RW Rwanda NetComm Wireless 3G Light Industrial M2M Router 104 CODE www.netcommwireless.com www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 105 3. When you have entered all the required details, press the Generate button. The certificate takes several minutes to generate. When the certificate has been generated, you are informed that it has been successfully generated and installed. The web server on the router restarts and you are logged out of the router. Click OK to be taken back to the login screen. Figure 100 - New certificate successfully generated message NetComm Wireless 3G Light Industrial M2M Router 106 www.netcommwireless.com SS SH Key y Manag gemen nt Secuure Shell (SSH) is UNNIX-based command interface and network protocol used to ggain secure access too a remote computer, execute commandss on a remote machinne or to transfer files betwween machines. It waas designed as a replacement for Telnet and a other insecure reemote shell protocols which send informattion, including passwwords, as plain text. SSH uses RSA public keyy cryptography for booth connection and authentication. Two ccommon ways of usinng SSH are: word authentication too log on. Use aautomatically generatted public-private keyy pairs to encrypt thee network connectionn and then use passw p to perform the auuthentication and alloow users or programss to log in without usinng a password. Use a manually generatedd public-private key pair Figure 1101 - SSH Server Conffiguration SS SH Server C Configura ation To configure the SSH serrver settings: 1. Use the SSH Protocol drop dowwn list to select the prrotocol that you want to use. Protocol 2 is more recent and is considered more seccure. 2. Select the ttypes of authenticatioon you want to use byy clicking the Enablee password authentication and Enable keyy authentication togggle keys on or off. Notte that you may have both authenticattion methods on but you y may not turn them m both off. 3. Click the Saave button to confirm m your settings. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 107 Host key management SSH keys provide a means of identification using public key cryptography and challenge response authentication. This means that a secure connection can be established without transmitting a password, thereby greatly reducing the threat of someone eavesdropping and guessing the correct credentials. SSH Keys always come in pairs with one being a public key and the other a private key. The public key may be shared with any server to which you want to connect. When a connection request is made, the server uses the public key to encrypt a challenge (a coded message) to which the correct response must be given. Only the private key can decrypt this challenge and produce the correct response. For this reason, the private key should not be shared with those who you do not wish to give authorization. The Host key management section displays the current public keys on the router and their date and timestamp. These public keys are provided in different formats, including DSA, RSA and ECDSA. Each format has advantages and disadvantages in terms of signature generation speed, validation speed and encryption/decryption speed. There are also compatibility concerns to consider with older clients when using ECDSA, for example. Generating new keys The complete set of keys can be re-generated by selecting the Generate keys button. This key generation process takes approximately 30 seconds to complete. Downloading keys The Get keys button allows you to download the complete set of public and private keys while the Get public keys button will download only the set of public keys. Uploading your own key files Click the Upload keys button to upload your own public key to the router. Client key management The Client Key Management section is used for uploading the public key file of clients. To upload a client public key, click the Upload button, browse to the file and click Open. When the file is uploaded, it is examined for validity. If the key file is not a valid public key, it will not be uploaded. NetComm Wireless 3G Light Industrial M2M Router 108 www.netcommwireless.com LE ED operatiion mode The 7 front LED indicatorrs may be turned off after a a timeout periodd for aesthetic or powwer saving reasons. To T access the LED Operation Mode pagee, click the System menu, then Administraation on thhe left and finally seleect LED Operation Mode. Figure re 102 - LED Operationn Mode m of the LEDs on the front panel of thee router. To set the ligghts to operate at all times, set this to Alwa ways on. To set the lights to turn off after a The Mode drop down listt sets the operation mode speccified period, select TTurn off after timeoutt. When configured too turn off after timeouut, use the LED poweer off timer field to specify the time in minuutes to wait before turning off the LED indiccators. The LED Poweer Off Timer must be an integer between 1 and 65535. W the wait period expires, the LEDs wiill turn off. If the routeer is rebooted, the LEED power off timer is reset. The router will boot The wait period begins frrom the time the Savee button is clicked. When a wait for the configgured time before turrning off again. up and www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 109 Re eboot The reboot option in the SSystem section perfoorms a soft reboot of the router. This can bbe useful if you have made configuration changes you want too implement. To reeboot the router: 1. Click the Syystem menu item from m the top menu bar. 2. Click the Reboot button from thee menu on the left sidde of the screen. Figure re 103 - Reboot menuu option 3. The router ddisplays a warning thhat you are about to perform a reboot. If yyou wish to proceed, click the Reboot button then click OK on the confirmation winndow which appears. Figure re 104 - Reboot confirrmation Note: It can take up to 2 minutess for the router to reboot. Lo ogging outt To loog out of the router, cclick the icon at the top right corner of o the web user interfface. NetCComm Wireless 3G Ligght Industrial M2M Rouuter 110 www.netcommwirelless.com App A pend dix A: T Tables Tabble 1 - Document Revision History ............................ .......................................................................................................................................................................... 3 Tabble 2 - Device Dim mensions ................................................................................................................................................................................................................... 8 Tabble 3 - LED Indicaators........................................................................................................................................................................................................................... 9 Tabble 4 - Signal strength LED descripptions .......................................................................................................................................................................................... 10 Tabble 5 – Interfaces ................................................................................................................................................................................................................................ 11 Tabble 6 - PoE powerr classes .................................................................................................................................................................................................................. 18 Tabble 7 - Locking poower block pin ouuts ................................................................................................................................................................................................ 19 Tabble 8 - Average poower consumptioon figures..................................................................................................................................................................................... 19 Tabble 9 - Managemeent account login details ....................................................................................................................................................................................... 20 Tabble 10 - Status page item details ....................................................................................................................................................................................................... 23 Tabble 11 - Data connnection item detaails ............................................................................................................................................................................................... 25 Tabble 12 - Connect oon demand - Connnect and disconnect timers desc riptions ................................................................................................................................ 30 Tabble 13 - Current M MAC / IP / Port filteering rules in effect ..................................................................................................................................................................... 50 Tabble 14 - IPSec Configuration Items ................................................................................................................................................................................................... 54 Tabble 15 - SMS Setuup Settings .............................................................................................................................................................................................................. 79 Tabble 16 - Inbox/Outtbox icons ............................................................................................................................................................................................................... 81 Tabble 17 - SMS Diaggnostic Commandd Syntax ...................................................................................................................................................................................... 86 Tabble 18 - List of Vallid SMS diagnostic commands ............................................................................................................................................................................. 88 Tabble 19 - List of SM MS diagnostics vaariables ........................................................................................................................................................................................ 89 Tabble 22 - SMS diaggnostics example commands ................................................................................................................................................................................ 91 Tabble 23 - System loog detail levels ........................................................................................................................................................................................................ 94 Tabble 24 - Administrration configuratioon options ................................................................................................................................................................................. 102 Tabble 25 - LAN Manaagement Default Settings ................................................................................................................................................................................... 115 Tabble 26 - Web Interrface Default Setttings .......................................................................................................................................................................................... 115 Tabble 27 - Telnet Access...................................................................................................................................................................................................................... 115 Tabble 28 - RJ-45 connnector pin outs .................................................................................................................................................................................................... 120 www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 111 Appendix B: Device Mounting Dimensions The image below is at 100% scale and may be used as a template for mounting the device. All dimensions shown are in millimetres. Figure 105 - Device mounting dimensions NetComm Wireless 3G Light Industrial M2M Router 112 www.netcommwireless.com www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 113 Appendix C: Mounting Bracket The image below is at 100% scale and may be used as a template for mounting the bracket. All dimensions shown are in millimetres. Figure 106 - Mounting bracket NetComm Wireless 3G Light Industrial M2M Router 114 www.netcommwireless.com App A pend dix D: D Defa aultt Settting gs The following tables list thhe default settings foor the 3G Light Industtrial M2M router. LAN (MANAGEMENTT) Static IP Address: 192.168.1.1 Subneet Mask: 255.255.255.0 Default Gateway: 192.168.1.1 Table 26 - LLAN Management Deffault Settings ADMIN MANAGER ACCOOUNT ROOT MANAGER ACC COUNT Username: admiin Usernaame: root Password: admiin Passwword: admin Table 277 - Web Interface Defauult Settings Note: Thee admin manager acccount allows you to manage all settings off the router except fuunctions such as firmw ware upgrade, devicce configuration backkup and restore and reset to factory default settings, which are privileged only to the root manageer account. 3G LIGHT INDUSTTRIAL M2M ROUTERR TELNET ACCESS Username: root Password: admin TTable 28 - Telnet Acceess www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 115 Restoring factory default settings Restoring factory defaults will reset the 3G Light Industrial M2M router to its factory default configuration. You may encounter a situation where you need to restore the factory defaults on your 3G Light Industrial M2M router such as: You have lost your username and password and are unable to login to the web configuration page; You are asked to perform a factory reset by support staff. There are two methods you can use to restore factory default settings on your 3G Light Industrial M2M router: Using the web-based user interface Using the reset button on the interface panel of the router Using the web-based user interface To restore your router to its factory default settings, please follow these steps: 1. Open a browser window and navigate to the IP address of the router (default address is http://192.168.1.1). Login to the router using root as the User Name and admin as the password. 2. Click the System item from the top menu bar, then System configuration on the left menu and then click Settings backup and restore. 3. Under the Restore factory defaults section, click the Restore Defaults button. The router asks you to confirm that you wish to restore factory defaults. Click OK to continue. The router sets all settings to default. Click OK again to reboot the router. 4. When the Power light returns to a steady red, the reset is complete. The default settings are now restored. Using the reset button on the interface panel of the router Use a pen to depress the Reset button on the device for 15-20 seconds. The router will restore the factory default settings and reboot. When you have reset your 3G Light Industrial M2M router to its default settings you will be able to access the device’s configuration web interface using http://192.168.1.1 with username admin or root and password admin. NetComm Wireless 3G Light Industrial M2M Router 116 www.netcommwireless.com Recoverry mod de The 3G Light Industrial M M2M router features twwo independent operating systems, eachh with its own file systtems. These two systems are referred to aas 'Main' and 'Recovery'. It is always posssible m becomes damage d or corrupted (suchh as during a firmwaree upgrade failure). to usse one in order to resstore the other in the event that one system Bothh systems have Web interfaces that can be b used to manipulatee the other inactive syystem. The 3G Light Industrial M2M routeer starts up by defaullt in the Main system mode, however the router may be triggered to startt in recovery mode if desired. To start the router in recoovery mode: 1. Press and hhold the physical resset button on the interrface panel of the rouuter for 5 to 15 seconnds. When the LEDs on o the front panel chaange to amber and countdown in a sequeence, release the reset button. The router then boots into recovery mode. 2. In your browwser, navigate to httpp://192.168.1.1. The router’s recovery modde is hardcoded to use u this address regaardless of the IP addrress that was configuured in the main systeem. The router’ss recovery console iss displayed. Figuure 107 - Recovery coonsole The recovery console proovides limited functioonality. Basic status innformation is availab le, as well as accesss to the System log for troubleshooting. Thhe Application Installeer can be used to uppload f The Settings meenu provides the abil ity to reset the routerr to factory default seettings and install different firmwware, allowing you to roll back to a previouus firmware in the eveent that an upgrade fails. and the Reboot tab allowws you to perform a sooft reboot of the routeer. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 117 App A pend dix E: H HTT TPS Uplo U oad ding g a self--sign ned cert c ifica ate If you have your own selff-signed certificate orr one purchased elseewhere and signed bby a Certificate Authority, you can upload it to the 3G Light Ind ustrial M2M Router using u the Upload pagge. Note: Your keey and certificate filees must be named server.key and server.ccrt respectively otherrwise they will not work. To upload your certificatee: 1. Click on thee System item from thhe top menu bar. Froom the side menu barr, select System Connfiguration and then Upload. The file uploaad screen is displayeed. Fi Figure 108 - Upload paage 2. Click the Choose a File button and a locate your serveer certificate file and click Open. Figure re 109 - Browse for seerver.crt NetCComm Wireless 3G Ligght Industrial M2M Rouuter 118 www.netcommwirelless.com 3. Click the Upload button to beginn uploading it to the router. The file appeaars in the list of files stored on the router. Figure 1100 - Server certificate file fi uploaded 4. Repeat stepps 2 and 3 for the server key file. 5. Click the Innstall link next to the server.crt file then clicck OK on the promptt that is displayed. Thhe certificate file is installed. Repeat this ffor the key file. When each file is installed it is removed froom the list of stored files. Figure 1111 - Installing the serrver.crt file www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 119 Appendix F: RJ-45 connector The RJ-45 connector provides an interface for a data connection and for device input power using the pin layout shown below. Pin: Figure 112 -The RJ-45 connector PIN COLOUR SIGNAL (802.3AF MODE A) SIGNAL (802.3AF MODE B) White/Orange stripe Rx + Rx + DC + Orange Solid Rx - Rx - DC + White/Green stripe Tx + Tx + DC - Blue solid DC + unused White/Blue stripe DC + unused Green solid Tx - Tx - DC - White/Brown stripe DC - unused Brown solid DC - unused Table 29 - RJ-45 connector pin outs NetComm Wireless 3G Light Industrial M2M Router 120 www.netcommwireless.com Safe S ety and a pro odu uct care c e RF Expo osure Yourr device contains a trransmitter and a receeiver. When it is on, it receives and transmmits RF energy. Whenn you communicate with w your device, the ssystem handling youur connection controlss the power level at which your device transmits. This device meets the goovernment’s requirem ments for exposure to radio waves. This device is designed aand manufactured noot to exceed the emisssion limits for expossure to radio frequenccy (RF) energy set byy the Federal Commuunications Commissioon of the U.S. Governnment. This device complies withh FCC radiation expoosure limits set forth for f an uncontrolled e nvironment. To ensure compliance with RF R exposure guidelinees the device must be b used with a minimum of 20cm m separation from thee body. Failure to observe these instructioons could result in yoour RF exposure exceeeding the relevant guideline limits. Ex xternal anttenna Any optional external anttenna used for this traansmitter must be insstalled to provide a seeparation distance of o at least 20 cm from all persons and musst not be co-located or o operated in conjunnction with any other antenna or transmitter. Please consult the health annd safety guide of thee chosen antenna forr specific body separration guidelines as a greater distance of separation may be requuired for high-gain anntennas. Any external antenna gaiin must meet RF expoosure and maximum radiated output powwer limits of the appliccable rule section. Thhe maximum antennaa gain for this device as reported to the FCCC is: 0.2 dBi d (850MHz) and 2.77 dBi (1900MHz). CE C Apprroval This device has been tessted to and conformss to the regulatory reqquirements of the Eurropean Union and atttained CE Marking. The CE Mark is a confformity marking conssisting of the letters “CCE.” The CE Mark applies to the products regulateed by the central Euroopean health, safety and environmental protection legislation. The CE Mark is obliggatory for products itt applies to: the b allowed to sell their product in the Euroopean market. manufacturer affixes the marking in order to be The wireless device is appproved to be used inn the member states of the EU. NetCommm Wireless declares that the wireless devicce is in compliance wwith the essential reqquirements and other relevvant provisions of thee Radio and Telecommunications Terminaal Equipment Directivve 1999/5/EC (R&TTEE Directive). Compliannce with this directivee implies conformity to the following European Norm ms – N 60950 – Produuct Safety, EN 301 4889 EMC, EN301511 GSM G RF, EN301908 UMTS RF, EN 62311 SAR Technical requirement for radio equuipment. A notified body has determined that this device has properly demonstrated that thhe requirements of the directive have bee n met and has issuedd a favourable certificate of expert opinioon. As such the device will bear the notifieed bodyy number 0682 after the CE mark. The CE Marking is not a qquality mark. Foremoost, it refers to the saffety rather than to thee quality of the produuct. Secondly, CE Marking is mandatory foor the product it applies to whereas most quality markings are voluuntary. Markking: The product shaall bear the CE mark, the notified body nuumber(s) as depictedd to the right. CE06822. This product has also paassed the following ceertification standardss – CE SARS EN62311/EN50385 CE RF R – EN301511, EN301908-1/-2, CE EMC E – EN301489-1/-7/-24, EN55022/EN55024 CE Safety – EN60950 NOTTE: It is highly recomm mended that the device must be kept at leeast 20cm away fromm the human body. This is a regulatory requirement and applies to t all 3G capable devvices meeting standaard regulatory compliance such as the compliance standards listed above. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 121 FCC Statement FCC compliance Federal Communications Commission Notice (United States): Before a wireless device model is available for sale to the public, it must be tested and certified to the FCC that it does not exceed the limit established by the government-adopted requirement for safe exposure. FCC regulations § 15.19 (a)(3) This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. § 15.21 Changes or modifications not expressly approved by the party responsible for compliance could void the user‘s authority to operate the equipment. **************************************************************************************************************************** § 15.105 (b) This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: —Reorient or relocate the receiving antenna. —Increase the separation between the equipment and receiver. —Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. —Consult the dealer or an experienced radio/TV technician for help. RF Exposure Information (MPE) This equipment complies with radio frequency (RF) exposure limits adopted by the Federal Communications Commission for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20 cm between the radiator & your body. NetComm Wireless 3G Light Industrial M2M Router 122 www.netcommwireless.com IC C Regu ulationss: RSSS-Gen 7.1.3 This device complies withh Industry Canada liccense-exempt RSS standard(s). Operatioon is subject to the following two conditionns: (1) thhis device may not cause interference, annd (2) thhis device must acceept any interference, including interferencce that may cause unndesired operation off the device. appareil est cconforme aux CNR d''Industrie Canada appplicables aux appareeils radio exempts dee licence. L'exploitation est autorisée auxx deux conditions suivvantes: Le présent (1) l'appareil ne doit pas produire de brouillagge, et (2) l'utilisateur de l'apparreil doit accepter toutt brouillage radioélecctrique subi, même sii le brouillage est sussceptible d'en comprromettre le fonctionneement." ******************************************************************************************************************************** ICESS-003 CANN ICES-3(B)/ NMB-3(BB) ******************************************************************************************************************************** RSS-Gen 7.1.2 This radio transmitter hass been approved by Industry Canada to operate with the ante nna types listed beloow with the maximum permissible gain annd required antenna impedance for each antenna type indicated. AAntenna types not inccluded in this list, havving a gain greater thhan the maximum gaain indicated for that type, t are strictly prohhibited for use with thhis device. Anteenna types: Dipole Anteenna gain: 850MHz: 00.2dBi; 1900MHz: 2.77dBi ************************************************************************************************************************************* IC RF Exposure Statem ment (MPE) This equipment complies with w IC RSS-1 102 RF expo osure limits set s forth for an uncontrolleed environment. This equipment sho ould be installed and operrated with miinimum dista ance 20 cm between the radiator & yo our body. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 123 Electrical safety Accessories Only use approved accessories. Do not connect with incompatible products or accessories. Connection to a car Seek professional advice when connecting a device interface to the vehicle electrical system. Distraction Operating machinery Full attention must be given to operating the machinery in order to reduce the risk of an accident. Product handling You alone are responsible for how you use your device and any consequences of its use. You must always switch off your device wherever the use of a mobile phone is prohibited. Do not use the device without the clip-on covers attached, and do not remove or change the covers while using the device. Use of your device is subject to safety measures designed to protect users and their environment. Always treat your device and its accessories with care and keep it in a clean and dust-free place. Do not expose your device or its accessories to open flames or lit tobacco products. Do not expose your device or its accessories to liquid, moisture or high humidity. Do not drop, throw or try to bend your device or its accessories. Do not use harsh chemicals, cleaning solvents, or aerosols to clean the device or its accessories. Do not paint your device or its accessories. Do not attempt to disassemble your device or its accessories, only authorised personnel must do so. Do not use or install this product in extremely hot or cold areas. Ensure that the device is installed in an area where the temperature is within the supported operating temperature range (-20°C to 65°C) Do not use your device in an enclosed environment or where heat dissipation is poor. Prolonged use in such space may cause excessive heat and raise ambient temperature, which will lead to automatic shutdown of your device or the disconnection of the mobile network connection for your safety. To use your device normally again after such shutdown, cool it in a well-ventilated place before turning it on. Please check local regulations for disposal of electronic products. Do not operate the device where ventilation is restricted Installation and configuration should be performed by trained personnel only. Do not use or install this product near water to avoid fire or shock hazard. Avoid exposing the equipment to rain or damp areas. Arrange power and Ethernet cables in a manner such that they are not likely to be stepped on or have items placed on them. Ensure that the voltage and rated current of the power source match the requirements of the device. Do not connect the device to an inappropriate power source. Small children Do not leave your device and its accessories within the reach of small children or allow them to play with it. They could hurt themselves or others, or could accidentally damage the device. Your device contains small parts with sharp edges that may cause an injury or which could become detached and create a choking hazard. NetComm Wireless 3G Light Industrial M2M Router 124 www.netcommwireless.com Em mergency situationss This device, like any wireeless device, operatees using radio signalss, which cannot guaraantee connection in all a conditions. Thereffore, you must never rely solely on any wireless device for emergency communications. De evice heatting Yourr device may becomee warm during normaal use. Fa aulty an nd dam maged produccts Do not n attempt to disasseemble the device or its accessories. Onlyy qualified personnel must service or repaair the device or its acccessories. If your device or its accessories have been suubmerged in water punctured or subjecteed to a severe fall, doo not use until they haave been checked att an authorised servicce centre. www.netcommwireless.com NeetComm Wireless 3G Light Industrial M2M Router 125 Interference Care must be taken when using the device in close proximity to personal medical devices, such as pacemakers and hearing aids. Pacemakers Pacemaker manufacturers recommend that a minimum separation of 15cm be maintained between a device and a pacemaker to avoid potential interference with the pacemaker. Hearing aids People with hearing aids or other cochlear implants may experience interfering noises when using wireless devices or when one is nearby. The level of interference will depend on the type of hearing device and the distance from the interference source, increasing the separation between them may reduce the interference. You may also consult your hearing aid manufacturer to discuss alternatives. Medical devices Please consult your doctor and the device manufacturer to determine if operation of your device may interfere with the operation of your medical device. Hospitals Switch off your wireless device when requested to do so in hospitals, clinics or health care facilities. These requests are designed to prevent possible interference with sensitive medical equipment. Interference in cars Please note that because of possible interference to electronic equipment, some vehicle manufacturers forbid the use of devices in their vehicles unless an external antenna is included in the installation. Explosive environments Petrol stations and explosive atmospheres In locations with potentially explosive atmospheres, obey all posted signs to turn off wireless devices such as your device or other radio equipment. Areas with potentially explosive atmospheres include fuelling areas, below decks on boats, fuel or chemical transfer or storage facilities, areas where the air contains chemicals or particles, such as grain, dust, or metal powders. Blasting caps and areas Turn off your device or wireless device when in a blasting area or in areas posted turn off “two-way radios” or “electronic devices” to avoid interfering with blasting operations. NetComm Wireless 3G Light Industrial M2M Router 126 www.netcommwireless.com
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.6 Linearized : Yes Encryption : Standard V4.4 (128-bit) User Access : Print, Extract, Print high-res Author : Create Date : 2013:09:25 16:26:56+08:00 Modify Date : 2013:09:25 16:38:15+08:00 XMP Toolkit : Adobe XMP Core 4.2.1-c043 52.372728, 2009/01/18-15:08:04 Creator Tool : PScript5.dll Version 5.2.2 Metadata Date : 2013:09:25 16:38:15+08:00 Producer : Acrobat Distiller 9.0.0 (Windows) Format : application/pdf Creator : Title : Document ID : uuid:cfcb8204-2419-47cb-b61f-ebc647698321 Instance ID : uuid:6ac61f71-81b3-4dca-adbb-2ba8a0c2a2b7 Page Count : 126EXIF Metadata provided by EXIF.tools