ePACK User Manual . E210 and E220 Series Devices . Part Number PMD-00018 Revision C December 2020
Lantronix. Lantronix is a registered trademark of Lantronix, Inc. in the United States and other countries. Patented: www.lantronix.com/legal/patents/. Additional patents pending. Windows and Internet Explorer are registered trademarks of…
ePACK User Manual E210 and E220 Series Devices
Part Number PMD-00018 Revision C December 2020
Intellectual Property
© 2019-20 Lantronix, Inc. All rights reserved. No part of the contents of this publication may be transmitted or reproduced in any form or by any means without the written permission of Lantronix. Lantronix is a registered trademark of Lantronix, Inc. in the United States and other countries. Patented: www.lantronix.com/legal/patents/. Additional patents pending. Windows and Internet Explorer are registered trademarks of Microsoft Corporation. Firefox is a registered trademark of the Mozilla Foundation. Chrome is a trademark of Google Inc. All other trademarks and trade names are the property of their respective holders.
Warranty
For details on the Lantronix warranty policy, please go to our web site at www.lantronix.com/support/warranty/
Contacts
Lantronix, Inc. 7535 Irvine Center Drive, Suite 100 Irvine, CA 92618, USA Toll Free: 800-526-8766 Phone: 949-453-3990 Fax: 949-453-3995 Technical Support Online: www.lantronix.com/support/ Sales Offices For a current list of our domestic and international sales offices, go to the Lantronix web site at www.lantronix.com/about-us/contact/
Disclaimer
All information contained herein is provided "AS IS." Lantronix undertakes no obligation to update the information in this publication. Lantronix does not make, and specifically disclaims, all warranties of any kind (express, implied or otherwise) regarding title, noninfringement, fitness, quality, accuracy, completeness, usefulness, suitability or performance of the information provided herein. Lantronix shall have no liability whatsoever to any user for any damages, losses and causes of action (whether in contract or in tort or otherwise) in connection with the user's access or usage of any of the information or content contained herein. The information and specifications contained in this document are subject to change without notice.
ePack User Manual for E210 and E220 Series Devices
2
Open Source Software
Some applications are Open Source software licensed under the Berkeley Software Distribution (BSD) license, the GNU General Public License (GPL) as published by the Free Software Foundation (FSF), or the Python Software Foundation (PSF) License Agreement for Python 2.7.3 (Python License). Lantronix grants you no right to receive source code to the Open Source software; however, in some cases, rights and access to source code for certain Open Source software may be available directly from Lantronix' licensors. Your use of each Open Source component or software is subject to the terms of the applicable license. The BSD license is available at http://opensource.org/licenses. The GNU General Public License is available at http://www.gnu.org/licenses/. The Python License is available at http://cmpt165.csil.sfu.ca/Python-Docs/license.html. Your use of each Open Source component or software is subject to the terms of the applicable license.
OPEN SOURCE SOFTWARE IS DISTRIBUTED WITHOUT ANY WARRANTY, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SEE THE APPLICABLE LICENSE AGREEMENT FOR ADDITIONAL INFORMATION.
You may request a list of the open source components and the licenses that apply to them. Contact your regional Lantronix sales associate. www.lantronix.com/about-us/contact/
Revision History
Date
Rev. Comments
March 2017
2.2.0 --
February 2018
2.3
--
October 2019
A
Added Lantronix document part number, Lantronix logo,
branding, contact information, and links.
January 2020
B
Renamed document to ePack User Manual.
ePack firmware for E210 and E220 series devices, version 2.3
December 2020
C
Updated to ePack firmware release 3.7
For the latest revision of this product document, please check our online documentation at www.lantronix.com/support/documentation.
ePack User Manual for E210 and E220 Series Devices
3
Contents
1 About this Guide
8
1.1 Purpose and Audience _____________________________________________ 8
1.2 Summary of Chapters ______________________________________________ 8
1.3 Additional Documentation ___________________________________________ 9
2 Introduction
10
2.1 Product Features_________________________________________________ 11
2.1.1 E210 Series__________________________________________________ 11
2.1.2 E220 Series__________________________________________________ 12
3 Default Configuration
13
3.1 Web Admin Page ________________________________________________ 13
3.2 Wireless Access Point SSID ________________________________________ 13
3.3 Default Interface Configuration ______________________________________ 13
4 Web Administration Interface
14
4.1 Web Admin Interface______________________________________________ 14
4.2 Logging In ______________________________________________________ 15
4.3 Change Passwords After Initial Login _________________________________ 16
4.4 Logging Out _____________________________________________________ 17
5 Quick Setup
18
5.1 Quick Setup _____________________________________________________ 18
6 Status
20
6.1 Overview _______________________________________________________ 20
6.1.1 Status ______________________________________________________ 20
6.2 Firewall Status ___________________________________________________ 31
6.2.1 IPv4 Firewall _________________________________________________ 31
6.2.2 IPv6 Firewall _________________________________________________ 32
6.3 Routes _________________________________________________________ 33
6.4 System Log _____________________________________________________ 35
6.5 Kernel Log ______________________________________________________ 36
6.6 Processes ______________________________________________________ 36
6.7 Realtime Graphs _________________________________________________ 37
6.7.1 Load _______________________________________________________ 37
6.7.2 Traffic ______________________________________________________ 38
6.7.3 Wireless ____________________________________________________ 39
6.7.4 Connection __________________________________________________ 40
6.8 Load Balancing __________________________________________________ 42
6.8.1 Interface ____________________________________________________ 42
6.8.2 Detail _______________________________________________________ 42
6.8.3 Diagnostics __________________________________________________ 43
ePack User Manual for E210 and E220 Series Devices
4
6.8.4 Troubleshooting ______________________________________________ 43
7 System
44
7.1 System ________________________________________________________ 44
7.1.1 General Settings ______________________________________________ 44
7.1.2 Logging _____________________________________________________ 46
7.1.3 Time Synchronization __________________________________________ 48
7.1.4 Language and Style ___________________________________________ 48
7.2 Administration ___________________________________________________ 50
7.2.1 Router Password______________________________________________ 50
7.2.2 SSH Access _________________________________________________ 51
7.2.3 SSH-Keys ___________________________________________________ 53
7.3 Software _______________________________________________________ 54
7.3.1 Installed and Available Packages _________________________________ 54
7.3.2 OPKG Configuration ___________________________________________ 55
7.4 Startup _________________________________________________________ 56
7.4.1 Initscripts ____________________________________________________ 56
7.4.2 Local Startup _________________________________________________ 56
7.5 Scheduled Tasks_________________________________________________ 57
7.6 LED Configuration ________________________________________________ 57
7.6.1 Add/Edit LED Configuration _____________________________________ 58
7.7 Backup / Flash Firmware __________________________________________ 58
7.7.1 Actions _____________________________________________________ 58
7.7.2 Configuration_________________________________________________ 61
7.8 Custom Commands_______________________________________________ 62
7.8.1 Dashboard___________________________________________________ 62
7.8.2 Configure____________________________________________________ 63
7.9 Reboot _________________________________________________________ 64
VPN
65
8.1 IPSec (Internet Protocol Security)____________________________________ 65
8.1.1 Gateway to Gateway___________________________________________ 66
8.2 OpenVPN ______________________________________________________ 72
8.2.1 OpenVPN Instances ___________________________________________ 72
8.2.2 Edit OpenVPN Instance from Template ____________________________ 75
8.2.3 Edit OpenVPN Instance from Configuration File _____________________ 78
9 Services
79
9.1 Dynamic DNS ___________________________________________________ 80
9.1.1 Basic Settings ________________________________________________ 80
9.1.2 Advanced Settings ____________________________________________ 82
9.1.3 Timer Settings ________________________________________________ 83
9.1.4 Log File Viewer _______________________________________________ 84
9.2 Agents _________________________________________________________ 85
9.3 SD(HC)/MMC Card _______________________________________________ 86
9.4 D2sphere _______________________________________________________ 87
9.4.1 D2Sphere Configuration ________________________________________ 87
ePack User Manual for E210 and E220 Series Devices
5
9.5 DOTA _________________________________________________________ 88 9.5.1 Lantronix Server ______________________________________________ 88 9.5.2 Custom Server _______________________________________________ 90
9.6 Page Selector ___________________________________________________ 91 9.7 SMS___________________________________________________________ 91
9.7.1 SMS Configuration ____________________________________________ 91 9.7.2 Ethernet SMS ________________________________________________ 95 9.7.3 Live Message ________________________________________________ 97 9.8 Reporting Agent _________________________________________________ 98 9.8.1 Sending Data _______________________________________________ 100 9.8.2 Data Format ________________________________________________ 101 9.9 GPS __________________________________________________________ 103 9.9.1 Sample GPS Frames _________________________________________ 106 9.10 Keepalived_____________________________________________________ 112 9.10.1 General ___________________________________________________ 112 9.10.2 Keepalived Global ___________________________________________ 113 9.10.3 Tracking Scripts ____________________________________________ 115 9.10.4 Tracking Interfaces __________________________________________ 116 9.10.5 Tracking Processes _________________________________________ 117 9.10.6 Virtual IP __________________________________________________ 118 9.10.7 VRRP Instances ____________________________________________ 119 9.11 Last Gasp _____________________________________________________ 121 9.12 Serial _________________________________________________________ 122 9.12.1 Serial Configuration _________________________________________ 122 9.12.2 Serial Data Send Configuration ________________________________ 123 9.13 Service Actions _________________________________________________ 128 9.14 Events ________________________________________________________ 129 9.14.1 Event Management __________________________________________ 129 9.15 uHTTPd _______________________________________________________ 130 9.15.1 General Settings ____________________________________________ 130 9.15.2 Full Web Server Settings _____________________________________ 133 9.15.3 Advanced Settings __________________________________________ 135
10 Network
138
10.1 Interfaces______________________________________________________ 138
10.1.1 Interfaces Overview _________________________________________ 139
10.1.2 Interface Status _____________________________________________ 141
10.1.3 Interface Protocols __________________________________________ 142
10.1.4 CELLULAR Interface ________________________________________ 153
10.1.5 LAN Interface ______________________________________________ 155
10.1.6 WAN and WAN6 Interface ____________________________________ 158
10.1.7 WWAN and WWAN6 Interface _________________________________ 161
10.1.8 Add Virtual Interface _________________________________________ 163
10.2 Wireless_______________________________________________________ 166
10.2.1 Wireless Network Configuration ________________________________ 168
10.3 Switch ________________________________________________________ 176
10.4 DHCP and DNS_________________________________________________ 178
10.4.1 General Settings ____________________________________________ 179
ePack User Manual for E210 and E220 Series Devices
6
10.4.2 Resolv and Host Files ________________________________________ 181 10.4.3 TFTP Settings ______________________________________________ 182 10.4.4 Advanced Settings __________________________________________ 183 10.4.5 Static Leases_______________________________________________ 185 10.5 Hostnames ____________________________________________________ 186 10.6 Static Routes ___________________________________________________ 187 10.6.1 Static IPv4 Routes __________________________________________ 187 10.6.2 Static IPv6 Routes __________________________________________ 188 10.7 Diagnostics ____________________________________________________ 190 10.8 Firewall _______________________________________________________ 191 10.8.1 General Settings ____________________________________________ 191 10.8.2 Port Forwards ______________________________________________ 198 10.8.3 Traffic Rules _______________________________________________ 201 10.8.4 Custom Rules ______________________________________________ 204 10.9 Load Balancing _________________________________________________ 205 10.9.1 How it works _______________________________________________ 205 10.9.2 Globals ___________________________________________________ 206 10.9.3 Interfaces _________________________________________________ 207 10.9.4 Members __________________________________________________ 210 10.9.5 Policies ___________________________________________________ 212 10.9.6 Rules _____________________________________________________ 214 10.9.7 Notification ________________________________________________ 217
Appendix A. Wiring Diagrams
218
Appendix B. LED Behavior
219
Appendix C. List of Acronyms
223
ePack User Manual for E210 and E220 Series Devices
7
1 About this Guide
1.1 Purpose and Audience
This guide provides the information needed to configure and use the Lantronix E210 series and E220 series cellular routers. The E210 and E220 series rugged cellular routers are designed for IoT professionals for M2M and enterprise IoT applications requiring faultless connectivity.
The information in this document assumes the reader has working knowledge of networking technology and routing concepts.
1.2 Summary of Chapters
The remaining chapters in this guide include:
Chapter 2: Introduction 3: Default Configuration 4: Web Administration Interface 5: Quick Setup 6: Status 7: System
8: 9: Services
10: Network
Description
Describes the E210 and E220 series models.
Provides the default credentials for web interface user access, the default wireless access point credentials, and describes the default interface configuration.
Describes the web administration interface available for configuring the E2xx series routers.
The configuration chapters (5-10) provide detailed instructions for using the web interface.
Provides instructions for configuring the Quick Setup.
Provides overview of the router status pages.
Provides instructions for configuring the clock and logging settings, enabling SSH access and keys, changing the router password, enabling startup scripts, defining and scheduling cron jobs, customizing LED behavior, and executing custom shell commands,
Provides instructions for installing software packages, upgrading firmware, saving and restoring router configuration, rebooting the router.
Provides instructions for configuring and enabling OpenVPN and IPSec tunneling.
Provides instructions for enabling and configuring Dynamic DNS, Lantronix (D2Sphere) and custom (DOTA) device management servers, and high availability (using Keepalived) settings.
Provides instructions for enabling the MWAS agent, reporting agent, SMS with AT commands, GPS, and Last Gasp (E220 devices only),
Provides instructions for configuring serial port settings, software-configurable DIOs, HTTP/HTTPS server, and for starting, stopping, restarting available services.
Provides instructions for configuring the cellular, WAN, LAN, WWAN and wireless interfaces, routing, switch, DHCP and DNS, firewall, and load balancing settings.
Provides instructions for enabling the VLAN functionality (switch), defining hostname, and running network diagnostic commands from the web interface.
ePack User Manual for E210 and E220 Series Devices[Type here]
8
Chapter Appendix A. Wiring Diagrams Appendix B. LED Behavior Appendix C. List of Acronyms
1: About this Guide
Description Provides RS-485 wiring diagrams and power over ethernet (POE) diagram. Provides information about the E210 and E220 series device LED indicators and brief descriptions. Provides a glossary of acronyms of relevant protocols and terms.
1.3 Additional Documentation
Visit the Lantronix web site at https://www.lantronix.com/support/documentation for the latest documentation and the following additional documentation for this product series.
Document E210 Series Cellular Router Quick Start Guide E220 Series Cellular Router Quick Start Guide E210 Series User Guide
E220 Series User Guide
E210 Series Product Brief E220 Series Product Brief
Description
Provides hardware installation instructions, directions to connect the E210 series router, and network IP configuration information.
Provides hardware installation instructions, directions to connect the E220 series router, and network IP configuration information.
Provides E210 series accessories and part number information, product features and hardware description, hardware installation instructions, compliance statements and notices.
Provides E220 series accessories and part number information, product features and hardware description, hardware installation instructions, compliance statements and notices.
Provides E210 series router product overview information and specifications.
Provides E220 series router product overview information and specifications.
ePack User Manual for E210 and E220 Series Devices
9
2 Introduction
2: Introduction
With high-speed cellular (3G and beyond), WAN, LAN and Wi-Fi connectivity, the Lantronix e-series of routers are highly versatile, reliable and rugged routers designed for mission-critical M2M and enterprise applications requiring faultless connectivity. Cellular can be configured to be the primary connectivity mode or the WAN failover alternative to a wire line connection. They also support a wide range of advanced routing protocols and VPN configurations.
This manual covers the following products:
E210 Series*
E220 Series*
E213
E224
E214
E225
E214G
E225G Mk II
E215
E225 Lite
E218
E228
-
E228G Mk II
*Contact Lantronix Sales regarding additional models available subject to MOQ and other considerations
ePack User Manual for E210 and E220 Series Devices
10
2: Introduction
2.1 Product Features
MODEL
NAME
2.1.1 E210 Series
GEOGRAPHICAL AREA(S) / OPERATOR
CELLULAR
TYPE 1
BANDS 2
FALLBACK MODE(S) 1
BANDS 2
LOCATION
SERVICES
CERTIFICATIONS 3 COMPLETED | IN PROGRESS | UNDER
CONSIDERATION
FCS 4
ORDER
CODE
E215
EMEA; South-East Asia; South Asia
3G 1
8/1
2G 1
8/3
EN300328 | ETA, TEC
Aug. '18 E215F002S
E213
World
Australia & New Zealand; Thailand; Malaysia
E214
EMEA; Asia Pacific
China; Thailand; Indonesia; India
LTE-M1 5
12a/28/13/20/27/26b/8/3c/66d/25e/1
2G
28/5/8/3
3G 2
5/8/3/2
5/8/1
RCM;
LTE cat. 1
28/20/8/3/1/7 5/8/3/1; TDD 40/41f
3G 3; 2G 3
8/1; 8/3 Optional
CE 7 ETA, TEC | SRRC, CTA; Postel
TBD E213F102S
Aug. '18 E214F003S
E214F002S Dec. '18
E214F00CS
MIL-STD-810H 9
E214G
Verizon Wireless The Americas excl. Verizon Wireless
13/4
12/5/4/2
3G 3
N/A
5/4/2
FCC 8, Verizon Wireless FCC 8, PTCRB, AT&T Wireless; ISED
E214G001S Nov. '18
E214G000S
Brazil; Australia & New Zealand; Thailand
E218
LTE cat. 4
NTT docomo
E213
450 MHz operators
LTE-M1 6
E214G
USA & Canada Japan; South Korea
LTE cat. 1
E218
EMEA; Asia Pacific
LTE cat. 4
28/5/8/3/1/7 3G 3; 2G 3 5/8/1; 8/3 Optional
19/21/1
87 TBC/88 TBC/73/72/31/
12a/28/13/20/27/26b/8/3c/66d/25e/1
71/12/13/14/26(5)/66(4)/25(2)
18/5(19)/8/21/3/1/7
3G 3; 2G 3 28/20/8/3/1/7
N/A
8/1; 8/3 Optional
NBTC -
Postel FCC 8, PTCRB; ISED
JRF, JPA; KC CE; RCM; NCC
Mar. '19 E218F004S
May '19 E218F005S
tbd
E213F10ES
tbd
E214G10AS
tbd
E214G107S
tbd
E218F102S
Please consult us regarding the models or features shown in grey italics, which are subject to MOQ and other considerations
1 Uplink / Downlink maximum data rates - 2G: 1 85.6 / 236.8; or 2 236.8 / 236.8; or 3 236.8 / 296 kbps - 3G: 1 5.76 / 7.2; or 2 5.76 / 10.1; or 3 5.76 / 42.2 Mbps - LTE-M1 [NB1]: 375 / 300 [62.5 / 27.2] kbps updated to LTE-M2 [NB2]: 1,000 / 600 [140 / 120] kbps
- LTE cat. 1: 5 / 10 Mbps (FDD); 3.1 / 8.96 Mbps (TDD)
- LTE cat. 4: 50 / 150 Mbps (FDD); 35 / 130 Mbps (TDD)
2 Ranked by increasing frequencies a incl. North America's B17 b incl. KDDI's B18 as well as North America's B5, the latter c incl. NTT docomo's B19, itself incl. Japan's B6 (3G)
incl. Japan's B9 d incl. North America's B10, itself incl. North America's B4 e incl. North America's B2 f More precisely, B41's 2535 MHz ~ 2655 MHz subset, suited to China well
3 Please consult us, should any other certification be required 4 First customer shipment [date of] 5 23 dBm output power
6 26 dBm output power from 410 MHz to 467.5 MHz, 23 dBm otherwise 7 Based on compliance with RED; EN 60950-1; etc.
8 Also, Class I Division 2 for use in explosive atmospheres, as a factory option subject to MOQ and other considerations
9 by Switzerland's SGS
ePack User Manual for E210 and E220 Series Devices
11
2: Introduction
MODEL NAME
2.1.2 E220 Series
GEOGRAPHICAL AREA(S) OR OPERATOR
CELLULAR TYPE 1
E225 Lite EMEA; South-East Asia; South Asia
3G 1
E225G Mk II World
3G 1
EMEA; Asia Pacific
E228G Mk II Brazil; Australia & New Zealand
China; Thailand; Indonesia; India
E225
World
EMEA E224
Australia & New Zealand
Verizon Wireless 4
E228
The Americas 4
NTT docomo
LTE cat. 4 3G 1
LTE cat. 1
LTE cat. 4
BANDS 2
FALLBACK MODE(S) 1
BANDS 2
LOCATION SERVICES
8/1 2G 1
5/8/2/1
8/3
cf. 5/8/3/2 footnote 5
28/20/8/3/1/7 28/5/8/3/1/7 3G 3; 2G 3 5/8/3/1; TDD 40/41a
8/1; 8/3
5/8/1; 8/3
IZat gen. 8C gpsOne
8/1; 8/3
5/8/2/1
2G 1
5/8/3/2
20/8/3
2G 3
8/3
28/5/8/3
3G 2
13/4/2
5/8/1 N/A
cf. footnote 6
17/5/4/2
3G 3
5/2
19/21/1
N/A
CERTIFICATIONS COMPLETED | IN PROGRESS | UNDER
CONSIDERATION CE | ETA, TEC
-
CE CE RCM FCC, Verizon Wireless FCC, PTCRB, AT&T Wireless; ISED JRF, JPA
FCS 3
ORDER CODE
Sep. '16 E225FLZ2S
TBD
E225F00FS
E228G002S
Nov. '18 E228G004S
E228G00CS
Oct. '16 E225HPLFS
Apr. '17 E224HPL2S
Sep. '17 E224HPL3S
TBD
E228HPL1S
Nov. '16 E228HPLAS
May '17 E228HPL5S
Please consult us regarding the models or features shown in grey italics, which are subject to MOQ and other considerations
1 Uplink / Downlink maximum data rates - 2G: 1 85.6 / 236.8; or 236.8 / 2 236.8; or 3 296 kbps - 3G: 5.76 / 1 7.2; or 2 10.1; or 3 42.2 Mbps - LTE cat. 1: 5 / 10 Mbps (FDD); 3.1 / 8.96 Mbps (TDD)
- LTE cat. 4: 50 / 150 Mbps (FDD); 35 / 130 Mbps (TDD)
2 Ranked by increasing frequencies g More precisely, B41's 2535 MHz ~ 2655 MHz subset, suited to China well
3 First customer shipment [date of] 4 Each model is user-reconfigurable into the other model, i.e.
E228HPL1S into E228HPLAS and vice versa 5 SiRFstarV-based Concurrent GPS and GLONASS 6 Concurrent GPS, Galileo and either GLONASS (factory setting) or Beidou
Note · Except when explicitly mentioned, all the screenshots in this user guide are taken from a
Lantronix E228 unit.
ePack User Manual for E210 and E220 Series Devices
12
3 Default Configuration
3: Default Configuration
All usernames and passwords are case sensitive.
3.1 Web Admin Page
If you are running ePack firmware release 2.4.4 and above, the default factory passwords are:
User admin root
Default Password admin L@ntr0n1x
Table 3.1-1: Default Web Admin Page Credentials
Note · ePack firmware versions 2.4.4 and above require you to change the factory default
passwords before any other router configuration can be done. Both the admin and root passwords must be changed.
If you are running ePack firmware releases older than 2.4.4, the default factory passwords are:
User admin root
Default Password admin M@estroW1rele$$
Table 3.1-2: Default Web Admin Page Credentials
3.2 Wireless Access Point SSID
Parameter SSID WPA/WPA2 TKIP Key
Details Lantronix E21X - for E210 series devices Lantronix E22X - for E220 series devices W1rele$$
Table 3.2-1: Default Wi-Fi Credentials
3.3 Default Interface Configuration
Interface WAN (Ethernet)
LAN (Ethernet)
Cellular Wireless (LAN)
Details
Automatic (DHCP client) Priority source of Internet with Cellular backup
Active DHCP with starting IP address 192.168.1.100 with pool of 100 clients.
No PAP/CHAP authentication
Wi-Fi enabled as access point with SSID "Lantronix E21X" or "Lantronix E22X"
Table 3.3-1: Default Interface Configuration
ePack User Manual for E210 and E220 Series Devices
13
4: Web Administration Interface
4 Web Administration Interface
For installation and setup procedures, refer to the hardware manual for your device.
· Lantronix E210 Series Cellular Router User Guide · Lantronix E220 Series Cellular Router User Guide
4.1 Web Admin Interface
The Web admin interface allows the administrator and other authorized users to configure and manage the Lantronix E210 and E220 cellular routers using most web browsers (Firefox, Internet Explorer or Safari web applications with the latest browser updates). The following figure shows a typical web page:
Figure 4.1-1: Web Admin Interface
The web page has the following components: Options Groups of router settings to configure. Entry fields and options (content pane) Main content pane fields and options allow you to enter data and select options for the settings. Save/Apply/Reset Configuration
Save & Apply button Applies the changes on the web page and saves them to the router so that they will be there when the router is rebooted.
Apply unchecked button Use this if you are changing the interface parameters on which the session is active.
Save button Saves the changes on the web page without committing the changes. All saved configuration will be lost when the router is rebooted if they are not saved and applied.
ePack User Manual for E210 and E220 Series Devices
14
4: Web Administration Interface
Reset button Discards the unsaved changes on the form. Auto refresh indicator Allows you to switch on or off the browser auto-refresh setting. The autorefresh value is configured in System > System > Language and Style settings. Logout button Log off from the web interface.
4.2 Logging In
The admin user or root user can log into the Web admin interface. If your router is new, please inspect and set up the router as shown in the Lantronix E210 or E220 Series Cellular Router User Guides. Before logging in, make sure you have an active SIM card and a computer equipped with the following:
· Ethernet port or Wi-Fi connectivity and Internet service · Web browser Google Chrome, Mozilla Firefox, Internet Explorer or Microsoft Edge, Apple
Safari (with the latest updates installed) · DHCP client is enabled on the computer to obtain a valid IP Address from the router with LAN
IP address 192.168.1.1. See below for help.
To enable DHCP in Windows 8 or 10: 1. Access the active network. Go to Start > Control Panel > Network and Internet > Network and Sharing Center. Click the active network connection. The Network Connection Status dialog box appears. 2. From the Network Connection Status dialog, click Properties, select Internet Protocol Version 4 (TCP/IPv4) and click Properties to display the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box. 3. On the General tab of the IPv4 Properties dialog, select the following options: o Obtain an IP address automatically o Obtain DNS server address automatically
To log into the web interface: 1. Open a Web browser on the computer. 2. Enter the default LAN IP address http://192.168.1.1. The login screen is displayed.
ePack User Manual for E210 and E220 Series Devices
15
4: Web Administration Interface
Figure 4.2-1: Web Admin Login Page 3. Enter the admin username and password. If you are logging in for the first time after
installation or after factory reset, use the default credentials (hint: admin/admin). Note · If you are running ePack firmware version 2.4.4 and above, you will be required to
change the factory default passwords for both the admin and root users before you can do any other router configuration.
4.3 Change Passwords After Initial Login
Upon first login, you are directed to change the factory default passwords for both the admin user and the root user. Assuming that you logged in as "admin", you'll see the Change Initial Password page as shown below:
Figure 4.3-1: Change Initial Password 1. Enter the new password for "admin" user and then re-enter it to confirm it. 2. Click Save & Apply.
ePack User Manual for E210 and E220 Series Devices
16
4: Web Administration Interface
3. This will log you out and return to the login page automatically. 4. Log in as "root" user using the factory default password (hint: root/L@ntr0n1x). 5. The Change Initial Password page for the root user is displayed. As before, enter the new
password and re-enter it to confirm it. 6. Click Save & Apply. Note · You can log in to root user and change both admin and root password at the same time.
4.4 Logging Out
To log off the ePack web interface: Click the Logout button located in the upper left part of the web interface page. When logout is complete, the login screen is displayed.
ePack User Manual for E210 and E220 Series Devices
17
5 Quick Setup
5: Quick Setup
Quick Setup helps get the IP network port up and running so that you can configure other router settings. To skip the Quick Setup and directly configure the network settings including advanced settings, go to the Network tab.
5.1 Quick Setup
On the Quick Setup page, click Quick Setup. The Quick Setup > Network Setup page is displayed. Basic network parameters for LAN, WAN, Cellular, and Wireless LAN can be configured from the Network Setup page.
Figure 5.1-1 - Quick Setup > Network Setup page (E228 shown)
ePack User Manual for E210 and E220 Series Devices
18
5: Quick Setup
Parameters
Description
Local Area Network (LAN)
IPv4-Address
Enter an IPv4 Address for the LAN interface. This is the IP Address that must be used to access the Router.
The default LAN IPv4 Address is 192.168.1.1.
Ipv4-Netmask
Enter IPv4 Subnet Mask of the LAN interface. The default Netmask is 255.255.255.0
Wide Area Network (Wired WAN)
Protocol
Select the WAN protocol from the available options:
Manual - to set a static IP address. If selected, enter the IPv4 address, IPv4 netmask, IPv4 gateway, and DNS server.
Automatic to use DHCP server to acquire the IP address.
PPPoE (Point to Point Protocol over Ethernet). If selected, enter the user name and password.
The default WAN protocol is selected as Automatic.
Cellular
SIM 1 settings/SIM2 settings
Cellular SIM card settings for one or two SIM card slots, depending on the router model number.
APN
Access Point Name (APN) is the name of an access point for the cellular network data connection. Generally, the wireless cellular network operator will provide the APN to their end users.
Enter the APN provided by the cellular network operator.
PIN
SIM card Personal Identification Number (PIN) is used to lock the
card, preventing people from making unauthorized phone call or
accessing cellular data services.
Enter the PIN of the SIM card.
Authentication Type
The authentication method used for the cellular connection. If PAP, PAP/CHAP, or CHAP are selected, then username and password must be entered.
Username
Enter the PAP/CHAP user name.
Password
Enter the PAP/CHAP password.
Enable Roaming
Select to enable data roaming on the cellular interface of the router.
Wireless Network (LAN)
Disable
Select the check box to disable the Wireless interface. By default, the Wireless interface is enabled.
Mode
Displays the Wireless network (LAN) mode. Mode can be ap (access point) or client. To configure, go to Network > Wireless.
SSID
Enter the Service Set Identifier (SSID) name. Leave the field blank to use the default SSID value. The default SSID is Lantronix E21x for E210 series devices and Lantronix E22x for E220 series devices.
Encryption
Displays the type of encryption. To configure the encryption type, go to Network > Wireless.
Password
The default SSID password is W1rele$$.
Table 5.1-1: Quick Setup Network Configuration
ePack User Manual for E210 and E220 Series Devices
19
6 Status
6: Status
Status provides a summary view of the vital configurations of the router. It includes the following topics:
· Overview · Firewall · Routes · System Logs · Kernel Log · Processes · Real-Time Graphs · Load Balancing
6.1 Overview
Status > Overview
Overview page provides a listing of the important parameters of the router.
6.1.1 Status
Status > Overview > Status
Status Overview page outlines the configuration settings for the basic sub-modules of the router. It includes the following information:
· System · Cellular · Memory · Network · Active DHCP Leases · Wireless · Digital Input/Output · Dynamic DNS · MWAN Interfaces
ePack User Manual for E210 and E220 Series Devices
20
6.1.1.1 System
Status > Overview > Status The System group provides the router's model and software related information.
6: Status
Parameters Hostname Model PID
UbootVersion Architecture Firmware Version POE
Figure 6.1-1 System Status Overview
Description Name assigned to the router for addressing purposes. Model number of the router that is deployed. Display 35 characters long, unique Product Identification number (PID). Consider an example of PID E225-071102-HL8548-xxxxxxxxxxxxxx. It is composed of:
4 characters SKU: E225 6 characters UID: 071102 (WAN, GNSS, Wi-Fi, 2x LAN, SIM) 6 character Module Name: HL8548 14 characters Serial Number: xxxxxxxxxxxxxx. Comprises of HW/PCB version (01 to 99), Lot number (01 to 99), Production date (YYMMDD), Unit number (4 digits). U-Boot version number Architecture type Base Firmware Version number. Power Over Ethernet is available in E220 series where the router can be powered from a PSE-POE device over WAN port
ePack User Manual for E210 and E220 Series Devices
21
Parameters Module Firmware Kernel Version Local Time
Up Time
Load Average Reboot Cause IMEI/MEID (MEID is only available in CDMA / EVDO Routers)
6: Status
Description Modem firmware version The Linux Kernel version number on the router. Displays the day of the week, month, date, time and year configured on the router. The format is Day Month Date hh:mm:ss Year. The time is displayed in 24 hour clock format. Displays the time for which the router is up and running since last power ON. The format is hh:mm:ss. The time is displayed in 24 hour clock format. Average CPU load time over periods of 1, 5, and 15 minute averages.
Displays the last reboot cause and time whenever possible.
Displays 15 digit IMEI number or 14 digit MEID number.
An IMEI number (International Mobile Equipment Identity) is a 15 or 17 digit unique number to identify GSM or UMTS mobile devices. It is used to prevent call initiation from a misplaced or stolen GSM or UTMS device, even if someone swaps out the device's SIM card. A MEID number (Mobile Equipment Identifier) is used to identify a cell phone that utilizes the CDMA technology for wireless service. Note · We recommend you record the IMEI or MEID number and secure it
so that it can be quickly accessed in the event of theft or loss of the router.
Table 6.1-1: System Status Overview
ePack User Manual for E210 and E220 Series Devices
22
6.1.1.2 Cellular
Status > Overview > Status The Cellular group provides the status of the SIM card inserted in the router.
6: Status
Parameters Cellular Data Signal Strength
Network Status
Figure 6.1-2: Cellular Status Overview
Description Displays the status of the Cellular data. Status
Connected Data connected. Disconnected Data communication is not connected.. Displays the current signal strength. The signal strength range is 0 to 32. 0 113 dBm or less 1 111 dBm 2 to 30 109 to 53 dBm 31 51dBm or greater Note · Signal strength for a good cellular data connection must be 12 or
above.
Displays the registration status of the router on the current cellular network.
ePack User Manual for E210 and E220 Series Devices
23
Parameters
Operator Name Operator Number Operator Type Roaming Status
SIM Status
Active SIM IMSI
Configured Band Registered Band Temperature Iccid
6: Status
Description Registered Not Registered Name of the current cellular operator in use. Current cellular operator number Operator type The roaming status of the router: Home Roaming N/A Displays the availability of SIM card in SIM card slot. Error SIM card is not inserted. Ready SIM card is inserted. Displays the active SIM, SIM 1 or SIM 2. Present only for E210 series routers that have dual SIM support. Displays the IMSI Number. In case of UMTS, it is read from the SIM card. An International Subscriber Identity (IMSI) is 15 digit unique Mobile number associated with cellular network and used to acquire the details of the mobile for identifying the user of a cellular network. The configured radio frequency bands The registered radio frequency band Temperature in degrees Celsius Integrated circuit card id (ICCID) unique serial number that identifies the SIM card
Table 6.1-2: Cellular Status Overview
ePack User Manual for E210 and E220 Series Devices
24
6: Status
6.1.1.3 Memory
Status > Overview > Status The Memory group provides information about the Memory in KB available with the router.
Figure 6.1-3: Memory Status Overview
Parameters Total Available
Free Buffered
Cached
Description
Total available RAM memory. Total Memory is summation of used memory, free memory, buffered memory and cached memory.
Free RAM memory. The bar graph shows the amount of free memory as a percentage of the total memory.
Size of buffered memory. The bar graph shows the amount of buffered memory as a percentage of the total memory.
Size of cached memory. The bar graph shows the amount of cached memory as a percentage of the total memory.
Table 6.1-3: Memory Status Overview
Model E220LITE E220 E210
RAM size 64MB 128MB 128MB
Flash size 32MB 64MB 32MB
Table 6.1-4: E210 and E220 Devices RAM and Flash Size
ePack User Manual for E210 and E220 Series Devices
25
6: Status
6.1.1.4 Network
Status > Overview > Status The Network group provides the IPv4and IPv6 WAN status. The number of active connections is also displayed.
Parameters WAN
Cellular WWAN
Figure 6.1-4: Network Status Overview
Description Displays status of fixed-line WAN connection with following details:
IP IP Address of the WAN Interface. Gateway IP Address of the WAN Interface Gateway. DNS Two DNS IP Address; Primary DNS Server and Secondary DNS Server.
Note · In case of WAN Access Wi-Fi must be configured in client mode and
connected to an Access Point.
Displays status of Cellular network data connection with following details: IP IP Address of the Cellular Interface. Gateway IP Address of the Cellular Interface Gateway. DNS Two DNS IP Address; Primary DNS Server and Secondary DNS Server.
Displays status of Wi-Fi WWAN connection with following details: IP IP Address of the WWAN Interface. Gateway IP Address of the WWAN Interface Gateway. DNS Two DNS IP Address; Primary DNS Server and Secondary DNS Server.
Table 6.1-5: Network Status Overview
ePack User Manual for E210 and E220 Series Devices
26
6: Status
6.1.1.5 Active DHCP and DHCPv6 Leases
Status > Overview > Status Displays the information about the machines connected to router using a DHCP lease. This includes IPv4 as well as IPv6 connections.
Figure 6.1-5: Active DHCP Leases Status Overview
Parameters Host Name
IPv4 Address/IPv6 Address MAC Address DUID
Leasetime remaining
Description
Name of the device (laptop, mobile, etc.) that is connected to the router and has been leased an IPv4 address or an IPv6 address by the router's DHCP server.
IPv4 address or IPv6 address assigned to the device connected to the router.
Applies to IPv4: MAC address of the device connected to the router.
Applies to IPv6: DUID (Device Unique Identifier) of the device connected to the router.
The remaining time for which the device can use the DHCP server leased IPv4 Address.
Table 6.1-6: Active DHCP Leases Status Overview
6.1.1.6 Wireless
Status > Overview > Status
The Wireless Group describes the Wi-Fi network used by the router and the associated stations that are connected to the router over Wi-Fi.
ePack User Manual for E210 and E220 Series Devices
27
6: Status
Parameters Connection Name
Associated Stations Network MAC Address Host Signal/Noise RX Rate/Tx Rate
Disconnect
Figure 6.1-6: Wireless Status Overview
Description Displays the name of the connection and the details:
Type The wireless radio chipset Channel WiFi channel. Bitrate Data transfer rate SSID Service Set Identifier (SSID) that uniquely names a Wireless Local Area Network (WLAN) Mode Displays whether the WLAN interface is currently configured as an Access Point `Master' or as a Client of a higher order Wi-Fi network. Note · For Wi-Fi WAN (WWAN) operation this should be `Client'. BSSID Displays Basic Service Set Identification (BSSID); 24 bit MAC Address of Wireless device. Encryption Displays the data encryption method. Associations Displays the number of associated stations.
Mode and Name of the network to which the device is connected. MAC Address of the computers and/or devices that are connected. Host name of the associated station. Signal strength/noise in dBm The receive (RX) and transmission (TX) data rates of the associated client.
Displays data transfer rate (Mbit/s), channel bandwidth (MHz), Modulation and Coding Scheme index (MCS), and GI time (Guard Interval, for TX rate). Click this button to disconnect the associated station from the access point.
Table 6.1-7: Wireless Status Overview
ePack User Manual for E210 and E220 Series Devices
28
6: Status
6.1.1.7 Digital Input/Output
Status > Overview > Status The Status Overview page shows the state of the two digital input/output pins on the router. When the pins are LOW/OPEN, the status is Red and when the pins are HIGH/CLOSED, the status is Green.
Figure 6.1-7: Status DIO Pins
6.1.1.8 Dynamic DNS
Status > Overview > Status The status page displays the dynamic DNS IPv4 and IPv6 configuration.
Figure 6.1-8: Status Dynamic DNS
6.1.1.9 MWAN Interface
Status > Overview > Status Lantronix routers have multiple sources of internet and can switch seamlessly between them. The screenshot shows 3 sources of internet: WAN (Wired Ethernet), WWAN (Wi-Fi when used as a WAN instead of LAN) and Cellular. The MWAN Interface status page provides a view of all the available and connected WAN options. In the figure below, the interfaces marked in green are live and connected while the ones in red are disabled. For more information, refer to Network > Load Balancing.
ePack User Manual for E210 and E220 Series Devices
29
6: Status
Parameters Interface
Status
Figure 6.1-9: MWAN interfaces Status Overview
Description The type of interface. Can be wan, wwan, or cellular. Wan6 or wwan6 indicate IPv6 interfaces.
Shows whether the interface is Online (green), Offline, or Disabled (red). If the status is Online, the following details are displayed:
tracking active the interface is being tracked for internet availability by pinging the IP provided in its configuration section. tracking off the interface is not being tracked for internet availability by pinging the IP provided in its configuration section but deemed active if the interface is up and has an IP address. Uptime the duration in hours, minutes and seconds that the interface has been connected If the status is Offline, the following is displayed: Downtime The time that the interface has been down since the last retry. If the status is Disabled, no details are displayed.
Table 6.1-8: MWAN interfaces Status Overview
ePack User Manual for E210 and E220 Series Devices
30
6.2 Firewall Status
Status > Firewall Status
6.2.1 IPv4 Firewall
Status > Firewall Status > IPv4 Firewall
6: Status
Figure 6.2-1: Ipv4 Firewall Status
Parameters Hide empty chains Reset Counters Restart Firewall Rule Chain name and details Pkts Traffic Target Prot. In Out Source
Description Click to hide the chains that have no rules. Click to rest counters for Packets and Traffic. Click to reload the existing Firewall configuration of every interface. Displays the rule chain name, type, and policy details Displays the number of accepted packets. Displays the amount of traffic captured by the filter. Displays the target action for the traffic processed for a respective rule. Displays the name of all the protocols configured in the Firewall Rule. Input Interface Output Interface Displays the source IPv4 Address.
ePack User Manual for E210 and E220 Series Devices
31
Parameters Destination Options Comment
Description Displays the destination IPv4 Address. Displays option details Displays comment details
Table 6.2-1: IPv4 Firewall Status
6.2.2 IPv6 Firewall
Status > Firewall Status > IPv6 Firewall
6: Status
Figure 6.2-2: IPv6 Firewall Status
Parameters Hide empty chains Reset Counters Restart Firewall Pkts Traffic Target Prot. In Out
Description Click to hide the chains that have no rules. Click to rest counters Packets and Traffic. Click to reload the existing Firewall configuration of every interface. Displays the number of accepted packets. Displays the amount of traffic captured by the filter. Displays the target. Displays the name of all the protocols configured in the Firewall Rule. Input Interface Output Interface
ePack User Manual for E210 and E220 Series Devices
32
Parameters Source Destination Options Comment
6.3 Routes
Status > Routes
Description Displays the source IPv6 Address. Displays the destination IPv6 Address. Displays option details Displays comment details
Table 6.2-2: IPv6 Firewall Status
6: Status
Figure 6.3-1: Routes Status
Parameters
Description
ARP ARP table provides information about the peripherals connected on each interface
IPv4 Address
Displays the IPv4 Address.
MAC Address
Displays MAC Address of the peripheral device.
Interface
Displays the interface name connected to the peripheral device.
ePack User Manual for E210 and E220 Series Devices
33
Parameters
Description
Active IPv4 Routes Displays the active IPv4 network route information.
Network
Displays the network Type used by the active IPv4 routes.
Target
Displays the destination IPv4 Address.
IPv4 Gateway
Displays the IPv4 Address Gateway used for traffic routing.
Metric
Displays the metric assigned to the Interface.
Active IPv6 Routes Displays the active IPv6 network route information.
Network
Displays the network Type used by the active IPv4 routes.
Target
Displays the destination IPv6 Address.
IPv6 Gateway
Displays the IPv6 Address Gateway used for traffic routing.
Metric
Displays the metric assigned to Interface.
Table 6.3-1: Routes Status
6: Status
ePack User Manual for E210 and E220 Series Devices
34
6.4 System Log
Status > System Log
6: Status
The E210 and E220 series routers provide extensive logging capabilities for traffic, system, and network protection functions. Detailed log information and reports provide historical as well as current analysis of network activity to help identify security issues and reduce network abuse.
The router can either store logs locally or send logs to external syslog UDP servers for storage and archival purposes.
The network activities and traffic logs include:
· Firewall logs · Interface Activity logs · Administrator logs · User Authentication logs
The single syslog server allows for remote logging and can be configured from System > System > Logging.
Figure 6.4-1: System Logs
ePack User Manual for E210 and E220 Series Devices
35
6.5 Kernel Log
Status > Kernel log This log displays the Linux kernel log events.
6: Status
Figure 6.5-1: Kernel Log
6.6 Processes
Status > Processes This log displays a list of active Linux system processes and their resource usage.
Parameters PID Owner Command CPU usage %
Memory usage %
Hang up
Figure 6.6-1: Processes Status
Description Displays the Process identifier (PID) number associated with the process. Displays the task owner Displays the command name The CPU usage of the process, displayed as a percentage of the total available CPU resources. The amount of the system's working physical memory that the process is currently using, displayed as a percentage. Sends a hang up signal to terminate the process.
ePack User Manual for E210 and E220 Series Devices
36
Parameters Terminate Kill
6: Status
Description Sends a terminate signal to terminate the process. Sends a kill signal to immediately terminate the process and the process will not perform any cleanup operations.
Table 6.6-1: Processes Status
6.7 Realtime Graphs
Status > Realtime Graphs The Realtime graphs display router activities over different time intervals. The following graphs are provided: load average, interface traffic information for LAN, WAN, Tunnel and Wi-Fi interfaces, wireless usage, and connection-detailed information.
6.7.1 Load
Status Realtime Graphs > Load Graph shows past three minutes average CPU load and peak CPU load on the router.
Parameters Load
Figure 6.7-1: Real Time Load Graph
Description Graph shows the periodic average CPU load on the Router.
Details X axis Time Interval (1 minute) Y axis CPU Load (Percentage)
ePack User Manual for E210 and E220 Series Devices
37
6: Status
Parameters
Description Legends
Red 1 Minute Load Orange 5 Minute Load Yellow 15 Minute Load
Table 6.7-1: Real Time Load Graph
6.7.2 Traffic
Status > Realtime Graphs > Traffic
Traffic indicates the WAN side incoming and outgoing traffic on the router. The graphs display the average and peak data transfer for LAN, WAN, WLAN, WWAN, Tunnel and Cellular interfaces, color coded to indicate upload and download traffic.
The following figure shows the traffic graph for the eth0 interface:
Figure 6.7-2: Status Realtime traffic for eth0
For each graph, the time interval (1 minute) is shown on the x-axis and the traffic (in kB/s) is shown on the y-axis. Blue represents inbound traffic while green represents outbound traffic. The WAN interface shows average and peak WAN and cellular traffic.
ePack User Manual for E210 and E220 Series Devices
38
6: Status
6.7.3 Wireless
Status > Realtime Graphs > Wireless Wireless indicates the traffic on Wi-Fi irrespective of Wi-Fi being used as an access point (LAN) or Client (WAN). Wireless Graphs displays real time graph combined for Signal and Noise data transferred in real time. Colors differentiate Signal and Noise data rates. It also displays the Physical data transfer rate. In addition, it shows the average and peak Signal and Noise and Physical data rates individually.
Parameters WLAN Interface Signal
Figure 6.7-3: Real Time Wireless Traffic Graph
Description
Graph shows the periodic average of Signal and Noise on the Router. Details
X axis Time Interval (1 minute) Y axis Data Rate (Mbit/s) Legends Blue Signal Red Noise Green Physical Rate Table 6.7-2: Real Time Wireless Traffic Graph
ePack User Manual for E210 and E220 Series Devices
39
6: Status
6.7.4 Connection
Status > Realtime Graphs > Connection Connection graphs provide an overview of active network connections; those originating from the router and also those that are originating from LAN/WAN of the router.
Figure 6.7-4: Real Time Connection Traffic Graph
Parameters Protocol
Network Protocol Source
Description Graph shows the periodic average of data transfer using specific protocols on the Router using the active connections in real time.
Details X axis Time Interval (1 minute) Y axis Number of Active Connections
Legends Blue UDP Green TCP Red Other Protocols
Network connection type, IPv4 or IPv6. Name of the protocol used for routing data. Source IP Address and port number of an active connection.
ePack User Manual for E210 and E220 Series Devices
40
Parameters Destination Transfer
6: Status
Description Destination IP Address and port number of an active connection. Displays the total data transferred using the specific network connection. Table 6.7-3: Real Time Connection Traffic Graph
ePack User Manual for E210 and E220 Series Devices
41
6: Status
6.8 Load Balancing
Status > Load Balancing
6.8.1 Interface
Status > Load Balancing > Interface This status page shows the MWAN interfaces, where active interfaces are shown in green and disabled interfaces are shown in red.
Figure 6.8-1: MWAN Interface Status
6.8.2 Detail
Status > Load Balancing > Detail
Figure 6.8-2: MWAN Status Detail
ePack User Manual for E210 and E220 Series Devices
42
6: Status
6.8.3 Diagnostics
Status > Load Balancing > Diagnostics The MWAN Status Diagnostics page shows all configured interfaces in MWAN3 and allows you to run diagnostics commands on the specified MWAN interface. The results of the diagnostics are displayed below the task.
Figure 6.8-3: MWAN Status Diagnostics
6.8.4 Troubleshooting
Status > Load Balancing > Troubleshooting Load balancing troubleshooting page shows the output of IP commands to use for troubleshooting purposes.
Figure 6.8-4: MWAN Status Troubleshooting
ePack User Manual for E210 and E220 Series Devices
43
7 System
7: System
System allows configuration and administration of the router for secure local and remote management. Many system functions can be configured from the following menus:
· System · Administration · Software · Startup · Scheduled Tasks · LED configuration · Backup / Flash Firmware · Custom Commands · Reboot
7.1 System
System > System
This page provides basic system settings including time management, system log, synchronization, and UI theme settings.
7.1.1 General Settings
System > System > General Settings
The current date and time of the router's internal clock can be set locally to match the date/time of your computer's browser or the router can be configured to synchronize its internal clock with an NTP server so that logs show the precise time and router activities can happen at a precise time.
Parameters Local Time
Figure 7.1-1: System General Settings
Description Displays the local time of the user's computer. Sync the local time with browser or with an NTP server. Click Sync with browser button to synchronize router clock with the local computer browser. Click Sync with NTP-Server to synchronize the router clock with an NTP
ePack User Manual for E210 and E220 Series Devices
44
Parameters
Router Time Hostname Timezone
7: System
Description server. Note · The displayed time is dependent on the configuration of your local
computer that is being used as an NTP server.
Displays the current router time according to the configured time zone. Enter the Hostname for this router. Do not include period character "." in the hostname as only the string before the period will be used as the hostname. The configured Hostname appears on the Status > Overview page. Select time zone according to the geographical region in which router is deployed. The default time zone is UTC.
Table 7.1-1: System General Settings
ePack User Manual for E210 and E220 Series Devices
45
7: System
7.1.2 Logging
System > System > Logging
The router can capture and log system activity including interface connection status, internal debugging messages, critical and emergency logs. It can either store the logs locally and/or send them to an external UDP syslog server for storage and archival purposes. The system log buffer uses First In First Out (FIFO) mechanism.
Note · All the logs are lost on Router reboot.
SYSLOG is an industry standard protocol/method for collecting and forwarding messages from devices to a server running a syslog daemon usually via UDP Port 514. The syslog server on a remote computer accepts the log messages and stores them in files or prints them. Logging to a central syslog server facility helps in the aggregation of associated logs and alerts and provides protected long term storage. This is useful for incident handling, routine troubleshooting, and historical analysis.
Figure 7.1-2: System Log Configuration
Parameters System log buffer size External system log server
External system log server port External system log server
Description
Enter the size of the buffer in Kilobytes (KB) to save logs and status information details. The default System Log Buffer size is 64 KB.
Enter the IP Address of an External server system. This server will be used to save all the real time logs. The default IP Address of external log server is 0.0.0.0
Note · Enabling Remote Log features requires a Router to be
manually rebooted in all firmware versions below V2.2.0
Enter the Port number of an External UDP server system. UDP server is used to store the system logs The default port is 514.
UDP or TCP
ePack User Manual for E210 and E220 Series Devices
46
Parameters protocol Log output level
Cron log level
7: System
Description
Select the Log severity output level. Debug and Info levels are lower severity than Warning and Error levels and are more verbose. Selecting debug or info level will also include the higher severity messages.
Debug Logs will be used by The E2xx series router software developer for debugging the router application. These logs are not useful during operations. Info These logs provide normal operational information messages that are used for general purposes like reporting. Notice Provides alerts for peculiar events that are not an error. These logs help to identify potential issues. Since these logs do not indicate errors, immediate action may/may not be necessary. Warning A warning messages is displayed for a potential issue, indicating to take an action. An error may occur if no action is taken against the warning issued. Error Displays the logs indicating an error condition.
Note · For help with log errors, please contact Lantronix Technical
Support.
Critical Indicates failure in secondary system and must be corrected immediately. Alert Problems which should be corrected immediately. Emergency System is Unusable.
Select the minimum level for cron messages to be logged to syslog. Debug Helps you debug cron process which has failed during runtime. Normal Normal informational messages Warning Indicates some issues can happen or error could be generated in cron process.
Note · For help with Cron log warning messages, please contact
Lantronix Technical Support.
Table 7.1-2: Syslog Configurations
ePack User Manual for E210 and E220 Series Devices
47
7: System
7.1.3 Time Synchronization
System > System > Time Synchronization Select the method that the router uses to synchronize its internal clock. Note: · If all three methods are enabled, the order of precedence is GPS, then NTP, then GSM.
Figure 7.1-3: System Time Synchronization Configuration
Time Synchronization GPS Time Synchronization
For routers that support GPS. If enabled, the router will synchronize its internal clock using GPS.
Note · GPS Antenna will be needed for GPS time sync
Enable NTP client
If enabled, the router will synchronize its internal clock from an NTP server.
Note · If NTP Server is activated, the Router will update time every
60 minutes from the NTP Servers. · Enabling NTP Client consumes data.
GSM Time Synchronization
If enabled, the router will synchronize using GSM functionality.
Table 7.1-3: System Time Synchronization Configuration
7.1.4 Language and Style
System > System > Language and Style The language and style settings are used to control the look and feel of the web interface.
Figure 7.1-4: System Language and Style Configuration
ePack User Manual for E210 and E220 Series Devices
48
7: System
Parameters Language
Design
Auto refresh default pollinterval in seconds
Description
Default value is auto.
Default design of user interface is Rosy.
Set the auto refresh polling interval between 5 and 50 seconds. Default is 5 seconds.
Note · Auto refresh can be turned on or off using the Auto Refresh
button on the UI.
Table 7.1-4: Language and Style Configurations
ePack User Manual for E210 and E220 Series Devices
49
7: System
7.2 Administration
System > Administration The Administration page allows configuration of general router settings including the router password and settings for SSH access. the router. Various ports and login security can be configured using Administration submenu.
7.2.1 Router Password
System > Administration > Router Password This page allows you to change your login password at any time.
Parameters Password Confirmation
Figure 7.2-1: Change Router Password
Description Specify the new password. Confirm the new password. Table 7.2-1: Router Password Configuration
ePack User Manual for E210 and E220 Series Devices
50
7: System
7.2.2 SSH Access
System > Administration > SSH Access
The E2xx series routers integrate Dropbear which offers SSH network shell access and an integrated SCP (Secure Copy Protocol) server for file transfer. You can also set parameters for Dropbear instance for SSH Access. On the SSH-Keys page you can add public SSH-Keys (one per line) for SSH public-key authentication. By default, the remote SSH access over WAN is disabled. You can enable the remote SSH access from the web interface or alternately can send an SMS from a registered admin number to enable it. You are required to use the SSH keys displayed on the webpage for SSH access.
Parameters Dropbear Instance Interface
Port
Password Authentication
Figure 7.2-2: SSH Access Configuration
Description
Select the interface. SSH listens only on the selected interface. Unspecified If this option is selected, SSH listens on all interfaces.
Provide listening port of the Dropbear instance. Default port is 22. Select to allow authentication using SSH password. The default option is disabled.
ePack User Manual for E210 and E220 Series Devices
51
Parameters Allow root logins Allow root logins with password Gateway ports Add Instance Delete
7: System
Description Select to allow root user logins to the router. Select to allow root logins and require a password.
Select to allow remote hosts to connect to local SSH forwarded ports. Click to add another SSH instance with the specified configuration. Click to delete the Interface. Table 7.2-2: SSH Access Configurations
ePack User Manual for E210 and E220 Series Devices
52
7.2.3 SSH-Keys
System > Admin > SSH-Key
7: System
Public SSH keys can be added one per line to authenticate with SSH public key authentication.
Public SSH keys are provided by default. They are configured on port 22. SSH from WAN network is disabled by default. To enable it, you must enable port 22 from the Network > Firewall page.
To add a new key, copy the public key from the Host system, paste it in the text box (see the figure below), and then click Add key.
Figure 7.2-3: SSH Key Administration
ePack User Manual for E210 and E220 Series Devices
53
7: System
7.3 Software
System > Software The Software page gives you access to manage software packages in the router. Lantronix has its own list of packages that can be downloaded from D2Sphere. For details on D2Sphere, please contact Lantronix Sales.
7.3.1 Installed and Available Packages
System > Software > Installed/Available/Updates The Software page displays the available packages, installed packages, or updates, on the Available, Installed, and Updates tabs, respectively.
Figure 7.3-1: Installed Software Packages
Parameters
Description
Available Memory, Package Filter, and Actions
Free space
Indicates the free and used space on the flash memory. The darker line represents the portion of free space.
Filter
Enter the keyword of the required package to search for it from package repository servers.
Download and install package Enter the exact name or URL of the package to be downloaded from package repository servers and install it. Click OK initialize installation.
Update lists
Click to update the package list from the package repository servers.
Upload Package
Click to upload a package file from your local drive.
Configure opkg
Click to modify the OPKG package manager configuration files, which provide the path to tell the router where to fetch the packages from. See Section 7.3.2 for more information.
Status Installed/Available/Update Package
Package name
Displays the name of package.
Version
Displays the version of package.
Size
Displays the size of the installed package.
Description
Displays the package description, if one has been provided.
Remove
Click to remove the package. On the confirmation page, select or clear the option to automatically remove unused dependencies.
Table 7.3-1: Software Installation and Package Details
ePack User Manual for E210 and E220 Series Devices
54
7: System
7.3.2 OPKG Configuration
System > Software
OPKG Configuration allows you to modify the following configuration files used by the OPKG package manager:
· opkg.conf This is the main configuration file. It provides the path from where the router should fetch and update the packages.
· customfeeds.conf This file is used to add your custom package repositories.
· distfeeds.conf This file is used to set the feeds. By default, it provides the path to the Lantronix packages on the D2Sphere server. All Lantronix packages may be updated from D2Sphere.com, however, you can add your own HTTP servers where you wish to upload your packages.
To modify the OPKG configuration, go to the System > Software page and click the Configure opkg button.
Figure 7.3-2: OPKG Configuration
ePack User Manual for E210 and E220 Series Devices
55
7: System
7.4 Startup
System > Startup
7.4.1 Initscripts
System > Startup > Initscripts Init scripts are run to start required processes during the boot process. Enable/Disable shows the current status and allows you to enable or disable the script. Newly enabled or disabled services take effect after the device reboots. Start, Restart, and Stop will perform the specified action on the process immediately.
Figure 7.4-1: Startup Initscripts
7.4.2 Local Startup
System > Startup > Local Startup The local startup file tells the router to run commands when the router boots, after the system init. It is empty by default and does nothing. To configure the local startup file, add commands in the editor before the line "exit 0" and click Save. Changes will take effect on the next reboot.
Figure 7.4-2: Local Startup Script
ePack User Manual for E210 and E220 Series Devices
56
7: System
7.5 Scheduled Tasks
System > Scheduled Tasks Use the system crontab to schedule tasks to run periodically at fixed times, dates, or intervals. Each line in the script is a single task that includes the time (minute, hour, day of month, month, day of week) and the command to execute.
Figure 7.5-1: Scheduled Tasks Crontab
7.6 LED Configuration
System > LED Configuration This section allows you to customize the behavior of the device LEDs. The LED Configuration page displays the LEDs that are present on the router, their default state, and the trigger event for the LED. LED entries are stored in the sys filesystem, more specifically the /sys/class/leds directory. The LED can be controlled by various system events, which is selected by the trigger option. To determine which triggers are available for an LED, refer to the trigger file of that LED. For a description of the E210 and E220 LEDs, see Appendix B. LED Behavior.
Figure 7.6-1: LED Configuration
ePack User Manual for E210 and E220 Series Devices
57
7: System
7.6.1 Add/Edit LED Configuration
Edit the LED configurations with care.
Parameter Name LED Name Default state
Trigger
Description
Displays the descriptive name of the LED.
Displays the LED name by function.
Displays the default state of the LED before the trigger. Options are On or Off.
Displays the trigger event that will toggle the LED state. Default-on defaulton. deprecated, use default = ON and trigger = None instead. Network Activity triggers netdev. The LED flashes with link status and/or send and receive activity (trigger mode) on the configured interface (device). None none. LED is always in default state (off). Can be used to set the LED to always On WiFi Activity triggers Options with "phy" prefix. The LED flashes on events in the physical interface rather than in the software network interface. Switch switch0. The LED is on if a link on one of the configured switch ports is established. If this option is selected, enter the Switch port mask and Switch speed mask (hexadecimal). Timer timer. The LED blinks with the configured on/off frequency. If this option is selected, enter the On-State Delay and Off-State Delay in milliseconds to indicate how long the LED should be On or Off. USB Device usbdevice or usbport. The LED turns On if USB device is connected. If this option is selected, choose the USB device name or USB port.
Table 7.6-1: LED Configuration
7.7 Backup / Flash Firmware
System > Backup / Flash Firmware
Backups should be run to keep the working configuration data. The backup file can used to restore configuration on the router or to configure a new router with the same settings.
The backup consists of all policies and all other user related information. After generating the backup, you need to upload the file to restore the backup.
Note · Configuration archive is not compatible between versions 2.x and 3.x.
7.7.1 Actions
System > Backup / Flash Firmware > Flash Operations
ePack User Manual for E210 and E220 Series Devices
58
7: System
Figure 7.7-1: Backup Restore and Flash Firmware
Parameters Backup/Restore Download Backup Reset to defaults
Restore backup
Description
Click Generate archive button to download a .tar archive file of the current configuration files.
Click Perform Reset button to reset the firmware to its default configurations. This is valid only with squashfs images.
Note The router can also be reset by pressing the reset button on the router. · Press and hold for more than 5 seconds for router to do a
factory reset. · Press and hold for more than one second but less than 5
seconds for router to reboot. · For any pressed or released event to be detected the
duration of the press/release event must be at least 200ms.
Click Upload archive button to upload a previously generated backup archive.
ePack User Manual for E210 and E220 Series Devices
59
Parameters Flash image Image
Description
7: System
Click Flash image button to upload a sysupgrade compatible image for replacing the running firmware.
When the binary image is loaded (.bin file), a file integrity check is done through the use of md5 algorithm. You should verify the md5 value with the one given along with the binary file.
When uploading the binary image, the UI will prompt to "Keep settings and retain the current configuration." This is selected by default. If you deselect it, the device configuration will be reset to factory setting after updating to the new firmware.
Avoid the "Keep settings" option when upgrading from version 2.x to 3.x or downgrading from 3.x to 2.x.
Table 7.7-1: Backup - Restore and Flash Operations
ePack User Manual for E210 and E220 Series Devices
60
7: System
7.7.2 Configuration
System > Backup / Flash Firmware > Flash Operations The custom files to be preserved during an upgrade should be added to the backup list text area, one per line.
Parameters Open list
Figure 7.7-2: Backup File List Configuration
Description Click to open the list of default files and directories that should be preserved during an upgrade. Add the custom or additional files in the text area, one per line. Table 7.7-2: Backup File Configurations
ePack User Manual for E210 and E220 Series Devices
61
7: System
7.8 Custom Commands
System > Custom Commands Write and execute custom shell commands from the web interface.
7.8.1 Dashboard
System > Custom Commands > Dashboard View and run the custom commands from the dashboard. You can also download or display the output.
Parameter Run Download Link
Figure 7.8-1: Custom Command Dashboard
Description Execute the command Download the custom command as a text file to the local drive. Access links to download or display the results. Table 7.8-1: Custom Command Dashboard
ePack User Manual for E210 and E220 Series Devices
62
7.8.2 Configure
System > Custom Commands > Configure Configure the custom commands that can be run on the dashboard.
7: System
Parameter Description Command
Custom arguments Public access Add Delete
Figure 7.8-2: Custom Commands Configuration
Description A short text description of the command. The command to execute on the shell terminal. To specify a file to be executed, the file must be copied to the /usr/sbin directory on the router. Files not in env PATH require the complete file path and should be executable. Check the box to allow user to provide additional command line arguments while running this command. Check the box to allow the command to be executed and the output downloaded without prior authentication. Click to add an instance of a custom command. Click to delete the custom command.
Table 7.8-2: Custom Commands Configuration
ePack User Manual for E210 and E220 Series Devices
63
7.9 Reboot
System > Reboot Router will be rebooted and will reload the configuration.
Note · Any unsaved configuration will be lost when the router is rebooted.
7: System
Figure 7.9-1: System Reboot
System > Reboot > Schedule Reboot Set a schedule to periodically reboot the router. Frequency can be set by time of day (hour and minute), day of week, and day of month. The scheduled item must be enabled in order for the reboot to be performed.
Figure 7.9-2: Schedule Reboot
ePack User Manual for E210 and E220 Series Devices
64
VPN
8: VPN
VPN
A Virtual Private Network (VPN) is a tunnel, carrying traffic of a private network from one endpoint system to another over a public network such as the Internet. The traffic of private network so carried over public network does not know about the existence of the intermediate hops between the two endpoints. Similarly, the intermediate hops are also not aware that they are carrying the network packets that are traversing the tunnel. The tunnel may optionally compress and/or encrypt the data, providing enhanced performance and some measure of security.
Note · The Lantronix E2xx routers support additional tunneling protocols. For L2TP, PPtP, or GRE
protocol configuration, please see Section 8.1.2 Interface Protocols.
8.1 IPSec (Internet Protocol Security)
VPN > IPSec
IP Security (IPSec) is a suite of protocols designed for cryptographically secure communication at the IP layer (layer 3). The router uses IPSec standard IPSec protocol to protect traffic. The identity of communicating users is checked with the user authentication based on Pre-shared keys or X.509 certificates.
The IPSec VPN instance can be started or stopped from the Web UI or by sending an SMS AT+VPN command. See Figure 9.6-2 for command syntax.
Figure 8.1-1: IPSec VPN Instance
IPSec is used for Gateway-to-Gateway VPN connection.
To create an IPSec interface instance: 1. Go to VPN > IPSec, and click Add. 2. Under Gateway to Gateway, click Add.
ePack User Manual for E210 and E220 Series Devices
65
8.1.1 Gateway to Gateway
8.1.1.1 General Settings
VPN > IPSec > Edit > General settings
8: VPN
Figure 8.1-2: IPSec General Configuration
Parameters Profile Name
Proto Type Enable Remote IPSec Gateway
Description Enter the Profile Name to identify the Gatewayto-Gateway IPSec VPN connection. Gateway to Gateway is the only available option. Check to enable the connection. Enter the remote WAN IP Address or domain name of the remote
ePack User Manual for E210 and E220 Series Devices
66
Parameters Remote Address Remote ID Method
Route
Policy Interface Local Address Local ID Key Mode
Preshared-Key
Cert. Key CA Cert.
8: VPN
Description IPSec Gateway server.
Enter the remote LAN IP Address and subnet of the remote IPSEC gateway server for use on the VPN connection.
Enter the ID of the remote network as configured on the remote IPSec gateway server..
Select the interface used to establish the tunnel. Static indicates that you will specify the interface to be used to establish the tunnel Auto uses the interface that is active from the Load Balancer (MWAN) policies
Available if Static is selected in Method field. Select the interface used to configure IPSec:
Wan Wifi Cellular
Available if Auto is selected in Method field. Select the MWAN policy to use.
Displays the IP address of the interface used for the VPN connection.
Enter the local network IP Address and subnet mask of the gateway for use on the VPN connection.
Enter the ID of the local gateway as configured on the remote IPSEC gateway server. Note: On the remote server, it may be displayed as "remote ID."
Select the type of Key mode in use for VPN connection: Pre shared Key X.509 certificate
This field is available if Pre shared Key is selected in the Key Mode field. Enter the Pre shared key. The peer uses the key to authenticate each other from Internet Key Exchange.
These fields are available if X.509 Certificate is selected in the Key Mode field. The certificate files must be uploaded to the directory listed in the field.
For example, to upload the Cert. file in the "etc/ipsec.d/certs/" folder, click Select file... to open the root directory. Navigate to and click "etc" to open the "etc folder.
ePack User Manual for E210 and E220 Series Devices
67
Parameters
Description
8: VPN
Navigate to the "ipsec.d" and "certs" folders in the same way.
In the "certs" folder, click Upload file... and select the cert file to be uploaded.
Single hop IP for watchdog Monitor interface ping failure
Repeat this procedure with the Key and CA Cert files.
Enter the IP address to be used for monitoring purposes. The application will ping the IP defined here and will restart the device if the ping fails. This could be the LAN IP address of the IPSEC gateway server.
Select Yes to ping the IP address defined in single hop IP for watchdog. Select No if you don't want the monitor interface to ping the single hop IP address. The default is No.
Table 8.1-1: IPSec General Configuration
ePack User Manual for E210 and E220 Series Devices
68
8.1.1.2 Advanced Settings
VPN > IPSec > Edit > Advanced settings Advanced Settings contains IPSec policies defined in the remote IPSec gateway server.
8: VPN
Parameters IKE Mode Key Exchange
IKE Encryption
Figure 8.1-3: IPSec Advanced Configuration
Description Select the mode that IKE protocol uses to authenticate and/or encrypt the peers.
Main Aggressive Select the mode of encryption key exchange between two communicating peers: IKEV1 IKEV2 The default mode of Internet Key Exchange is IKEV1. Select the cipher type to use for the internet key exchange (IKE): Any AES AES-128
ePack User Manual for E210 and E220 Series Devices
69
Parameters IKE Hash IKE DH Group
IPSec Encryption IPSec Hash
8: VPN
Description AES-192 AES-256 3DES DES The cipher type "Any" is the default IKE Encryption.
The IKE hash is used for authentication of packets for the key exchange. Select the IKE Hash type to use for VPN connection:
Any MD5 SHA1 SHA2 256 SHA2 384 SHA2 512 The hash type "Any" is the default IKE hash.
Select the desired Diffie-Hellman group to use: Any Group 1 (768) Group 2 (1024) Group 5 (1536) Group 14 (2048) Group 15 (3072) Group 16 (4096) Group 17 (6144) Group 18 (8192) Higher groups are more secure but also require longer to generate
key. The group "Any" is selected by default.
Select the type of IPSec encryption for VPN connection: Any AES AES-128 AES-192 AES-256 3DES DES
The cipher type "Any" is the default IPSec Encryption.
The IPSec hash is used for authentication of packets for the key exchange. Select the IPSec Hash type to use for VPN connection:
Any MD5 SHA1 SHA2 256 SHA2-384 SHA2-512 The hash type "Any" is the default IPSec hash.
ePack User Manual for E210 and E220 Series Devices
70
Parameters DH Group
DPD Keep Alive Time DPD Timeout IKE Re-key Time SA Life Time DPD Action
8: VPN
Description Select the desired Diffie-Hellman group to use:
Any Group 1 (768) Group 2 (1024) Group 5 (1536) Group 14 (2048) Group 15 (3072) Group 16 (4096) Group 17 (6144) Group 18 (8192)
Higher groups are more secure but also require longer to generate the key.
The group "Any" is selected by default. Enter the time in seconds for interval between Dead Peer Detection keep alive messages. Enter the time in seconds of no response from peer before Dead Peer Detection times out. Enter the time in seconds between changes of the encryption key. To disable changing the key, set it to 0. Enter the time in seconds for the security association lifetime. Select the desired Dead Peer Detection action. This action must be taken when a dead Internet Key Exchange Peer is detected.
Table 8.1-2: IPSec Advanced Configuration
ePack User Manual for E210 and E220 Series Devices
71
8: VPN
8.2 OpenVPN
OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections. It uses the OpenSSL library to provide encryption of both the data and control channels. OpenVPN can run over User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) transports, multiplexing created SSL tunnels on a single TCP/UDP port. OpenVPN fully supports IPv6 as protocol of the virtual network inside a tunnel and the OpenVPN applications can also establish connections via IPv6. It has the ability to work through most proxy servers (including HTTP) and is good at working through Network address translation (NAT) and getting out through firewalls. The server configuration has the ability to "push" certain network configuration options to the clients. These include IP addresses, routing commands, and a few connection options.
E210 and E220 series routers support OpenVPN client, server, and pass through.
8.2.1 OpenVPN Instances
VPN > OpenVPN
The OpenVPN client will attach itself to the configured OpenVPN server over any available WAN, LAN, or Cellular network interface. If the auto-connect function is enabled, OpenVPN will not only connect over available WAN but also switch between WANs when one WAN fails-over to another and also auto start on every reboot. The OpenVPN client must be enabled to be operational.
To create an OpenVPN instance, use the template based configuration or upload your own OVPN configuration file. The E210 and E220 routers come with pre-defined client templates and server templates.
Note · You must manually enter the DNS from Network > DHCP and DNS.
ePack User Manual for E210 and E220 Series Devices
72
8: VPN
Figure 8.2-1: OpenVPN Service Configuration
Parameters OpenVPN instances Enabled Started
Start/Stop
Description
Click Enabled to allow restarting of OpenVPN in case the router is rebooted.
Displays the status of OpenVPN instance, whether the instance is running or not. If the status is running, Yes is displayed along with Process ID (PID), else No.
Click to start or stop the OpenVPN instance.
Note: · The VPN instance can be started or stopped using SMS by
sending an SMS AT+VPN command. See Figure 9.6-2 for command syntax.
Port Protocol Tunnel Template based configuration
Displays the port number. This port is for communication between the server (listening) and client.
Displays the protocol used for communication. The available protocols are TCP and UDP. The default protocol is UDP.
Displays the type of networking interface to use for tunnel, via the TUN/TAP driver. Can be tun or tap. The default value is tun.
Create a VPN instance for client or server based on templates. After
ePack User Manual for E210 and E220 Series Devices
73
8: VPN
Parameters
OVPN configuration file upload
Description
adding the instance, you can edit its configuration.
Instance name select the OpenVPN instance
Select template select the client or server template to use as the basis for the instance.
Click Add to add the instance. After successful upload, the new OpenVPN instance will appear under the OpenVPN Instances section. You can modify the OpenVPN configuration directly in the web interface
Create a VPN instance using a configuration file. Select the OpenVPN instance name and then click Browse to locate the configuration file.
Click Upload to upload the selected file and create the configuration for the OpenVPN instance..
After successful upload, the new OpenVPN instance will appear under the OpenVPN Instances section. Click Edit to view and modify the configuration file in an editor and to optionally, add the user and password authentication credentials for the OpenVPN server.
Table 8.2-1: OpenVPN Service Configuration
ePack User Manual for E210 and E220 Series Devices
74
8.2.2 Edit OpenVPN Instance from Template
8: VPN
Figure 8.2-2: OpenVPN Service Configuration for Client Mode
ePack User Manual for E210 and E220 Series Devices
75
Parameters OpenVPN Client Verb nobind
comp_lzo Client remote
ca
Description
8: VPN
Select the output verbosity level. Higher the verbosity, higher will be the internal log details.
If selected, do not bind to local address and port If you want to run multiple VPN clients on the same host, it's advisable to select "nobind".
Select Yes to use fast lzo compression.
Check to enable the OpenVPN client mode and disable the OpenVPN server mode.
The IP address or host name of the remote server that the client will try to connect to. The client will attempt to connect in the order specified.
Upload the Certificate authority file. The certificate and key files are uploaded to the /etc/openvpn/ folder on the router using the web interface. For example, to upload the CA cert file: Click the icon next to "ca" to display the directory structure of the router.
Navigate to and click "etc" to select the "etc" folder.
Next, navigate to and select the "openvpn" folder.
Under /etc/openvpn/, click Upload file... and select the file to be uploaded.
Repeat this procedure with the other certificate and key files.
ePack User Manual for E210 and E220 Series Devices
76
8: VPN
Parameters dh
cert key Additional Field Add
OpenVPN Server verb
server_bridge comp_lzo keepalive
ca
dh cert key Additional Field Add
Description Upload the Diffie Hellman parameters file. This parameter is required only in Server mode. Upload the local certificate file Upload the local private key file Displays additional configuration parameters for the VPN instance or additional files that can be uploaded. Select the field and click Add.
Verbosity level of the output. Higher verbosity level will produce more detailed internal log output. Enter the IP Address and Subnet Mask for server mode Select Yes to use fast lzo compression. Server sends the keepalive packets to the client. Default is 10 60. Upload the Certificate authority file. The certificate and key files are uploaded to the /etc/openvpn/ folder on the router using the web interface. Please see the ca field in the OpenVPN Client section of this table for details describing the certificate upload procedure. Upload the Diffie Hellman parameters file Upload the local certificate file Upload the local private key file Displays additional configuration parameters for the VPN instance or additional files that can be uploaded. Select the field and click Add.
Table 8.2-2: OpenVPN Service Configuration
ePack User Manual for E210 and E220 Series Devices
77
8: VPN
8.2.3 Edit OpenVPN Instance from Configuration File
After uploading the OVPN configuration file, the new instance appears under OpenVPN Instances.
To edit the OpenVPN instance, click Edit. This displays the OVPN configuration file. You may also add the user and password authentication credentials for the OpenVPN server.
Figure 8.2-3: OpenVPN Edit Configuration File
ePack User Manual for E210 and E220 Series Devices
78
9 Services
9: Services
The E210 and E220 series routers are equipped with services complementing the routing features. These services include:
· Dynamic DNS · Agents · SD(HC)/MMC card · D2Sphere · DOTA · Page Selector · SMS · Reporting Agent · GPS · Keepalived · Last Gasp · Serial · Service Actions · Events · uHTTPd
ePack User Manual for E210 and E220 Series Devices
79
9.1 Dynamic DNS
Services > Dynamic DNS
9: Services
Dynamic DNS (Domain Name System) is a method of keeping a static domain/host name linked to a dynamically assigned public IP address allowing your server to be more easily accessible from various locations on the Internet.
This section lets you configure your DDNS service so that your router automatically updates your public IP to your DDNS provider. Before starting this configuration, you should already have registered a DNS name with a compatible DDNS service provider. Compatible DDNS providers are listed here: https://openwrt.org/docs/guide-user/services/ddns/client.
9.1.1 Basic Settings
Services > Dynamic DNS > Basic Settings
Figure 9.1-1: Dynamic DNS Basic Configuration
ePack User Manual for E210 and E220 Series Devices
80
9: Services
Parameters Enable
Lookup Hostname
IP address version DDNS Service Provider [IPv4/IPv6] Domain Username Password Use HTTP Secure Path to CA-certificate
Description
Select to enable Dynamic DNS. Clear to disable Dynamic DNS. Dynamic DNS allows the router to be reached with a fixed hostname while having a dynamically changing IP Address.
Name to identify the host that you want to use on DDNS server. This is the domain name that you registered with your DDNS service provider. The hostname is received from the dynamic DNS service provider.
Select the IP address version - IPv4 or IPv6.
Select the DDNS service provider from the drop down list.
The domain that you want to update. Usually the same as the lookup hostname.
Username of DDNS account. The username is received from the DDNS service provider.
Password of DDNS account. The password is received from DDNS service provider.
Select to use HTTPS with the DDNS provider. Otherwise, leave it unchecked.
This field is visible if HTTPS is selected. Enter the directory or file path of the ssl certs. To run HTTPS without verification of server certificates (insecure), enter IGNORE.
Table 9.1-1: Dynamic DNS Basic Configuration
ePack User Manual for E210 and E220 Series Devices
81
9.1.2 Advanced Settings
Services > Dynamic DNS > Advanced Settings
9: Services
Figure 9.1-2: Dynamic DNS Advanced Configuration
Parameters IP address source [IPv4/IPv6]
Description
Select the IP Address source: Network, Interface, URL, or Script and enter the appropriate configuration details. Network
Network (IPv4) - Select the software Interface name to read systems IPv4 address from. Interface Interface - Select the physical network interface from the available options URL URL to detect - Enter the URL to read systems IP address from. The source IP Address by default is URL.
ePack User Manual for E210 and E220 Series Devices
82
9: Services
Parameters
Force IP Version DNS-Server PROXY-Server Log to syslog Log to file
Description Event Network (IPv4) network on which the ddns updater scripts will be run Bind Network leave as "default" or select the network to use for communication Script Script - Enter the script path and file name. Event Network (IPv4) network on which the ddns updater scripts will be run
Select if you want to force the usage of either IPv4 or IPv6 only.
Enter DNS server domain name or IP address if you want to override the default DNS server to detect the registered IP. Enter IP address or FQDN.
Enter the proxy server to use for detection and updates. Format: [user:password@]proxyhost:port IPv6 address must be given in square brackets: [2001:db8::1]:8080
Select log level to save the logs in Syslog server, or select No logging to save only critical errors. Available options:
No logging, Info, Notice, Warning, Error. The default setting is Notice.
Select to allow the detailed messages to be written to a log file.
Table 9.1-2: Dynamic DNS Advanced Configuration
9.1.3 Timer Settings
Services > Dynamic DNS > Timer Settings
Figure 9.1-3: Dynamic DNS Timer Settings Configuration
ePack User Manual for E210 and E220 Series Devices
83
9: Services
Parameters Check Interval Force Interval
Error Retry Counter Error Retry Interval
Description
Specify the time interval after which the DDNS server should check and update the IP address of the router. Default is 10 minutes.
Specify the time interval after which the DDNS server should check for and force update the IP address of your server even if it is not changed. The Force Interval should be greater than the Check Interval. Default 72 hours.
The number of retries to attempt before the script stops execution. Default setting is 0 which indicates infinite retries.
Enter the time interval after which the router must retry to update the obtained WN IP address with the DNS name or the host name. Default 60 seconds.
Table 9.1-3: Dynamic DNS Timer Settings Configuration
9.1.4 Log File Viewer
Services > Dynamic DNS > Log File Viewer Click Read/Reread log file to display the Dynamic DNS service logs.
Figure 9.1-4: Dynamic DNS Log File Viewer
ePack User Manual for E210 and E220 Series Devices
84
9: Services
9.2 Agents
Services > Agents Agents are customized applications loaded on the router that communicate with a specific device/data management platform. By default, Lantronix Wireless Automation Server (MWAS) agent is loaded on the router, which facilitates bi-directional data communication between devices connected to the router (mainly using dynamic IP Address) and a centralized server through a kalkitech compatible MWAS server. [ Device/SCADA <=> Kalkitech(sever) ] <=> [ MWAS(agent) <=> Device/PLC ]
Parameters Agents Agents
Enable LAN IP/URL LAN PORT WAN IP/URL WAN PORT Enable WAN Backup IP
Figure 9.2-1: Agent Configuration
Description
Select the Agent from the dropdown list: MWAS Lantronix Wireless Acquisition System
Click to enable the selected agent. Enter the IP Address of remote/field device. Enter the Port number of remote/field device. Enter the IP Address of the M2M Gateway. Enter the Port number of the M2M Gateway. Click to enable the backup Gateway Server.
Backup WAN IP/URL - Enter the IP Address of backup M2M Gateway. Backup WAN Port - Enter the Port number of backup M2M Gateway. Table 9.2-1: Agent Configurations
ePack User Manual for E210 and E220 Series Devices
85
9: Services
9.3 SD(HC)/MMC Card
Services > SD(HC)/MMC Card The E210 series devices provides one microSD-XC card slot that supports an SD(HC) card or MMC card for external file storage.
The SD(HC)/MMC card should be formatted before it is mounted in the E210 device.
Parameters MMC device Mount point
Auto mount
Options
Figure 9.3-1: SD(HC)/MMC Card
Description Enter the device name. Enter the mount point directory to the filesystem provided by the SD(HC)/MMC card, relative to the root directory. Select to mount the device automatically when the router boots. If unselected, the device must be mounted manually. Enter Linux mount options to be run when the device is mounted. Table 9.3-1: SD(HC)/MMC Card Configuration
ePack User Manual for E210 and E220 Series Devices
86
9: Services
9.4 D2sphere
Services > D2Sphere Lantronix D2SphereTM allows you to perform remote firmware updates for the E210 and E220 series devices. D2Sphere is a complete IoT platform to monitor, administrate, and operate devices over-theair. To learn more about D2Sphere and to register for an account, please visit https://www.d2sphere.com.
9.4.1 D2Sphere Configuration
/ Figure 9.4-1: D2Sphere Configuration
Parameters Enable IP/URL Port
Reporting Time (in minutes)
Description
Select the box to enable or disable management using D2Sphere management server.
Enter the IP address or URL provided while registering your device in the D2Sphere server.
Enter the D2Sphere listening port provided while registering your device in the D2Shpere server. Default port is 54444.
Enter the reporting interval (in minutes) value between 1 and 267840. Default value is 1440 minutes.
ePack User Manual for E210 and E220 Series Devices
87
Parameters Name Description Contact Location Latitude Longitude
9: Services
Description Enter D2Sphere administrator contact name Enter D2Sphere administrator description. Enter contact details such as mobile phone number. Enter contact location details such as street address. Enter server GPS coordinates in decimal degree format. Enter server GPS coordinates in decimal degree format. Figure 9.4-2: D2Sphere Configuration
9.5 DOTA
Services > DOTA DOTA (download over the air) will allow you to remotely update your firmware using the Lantronix server or your custom server.
9.5.1 Lantronix Server
Services > Dota > Lantronix Server This page allows you to check for available firmware and to upgrade or downgrade the firmware from the Lantronix D2Sphere server. The Lantronix server is configured at Services > D2Shpere.
Figure 9.5-1. Download over the Air (DOTA) using Lantronix server
Parameters Channel
Check for update Available Firmware
Description
Select the D2Sphere channel on which to look for the firmware update files. The options are Development, Beta, and Released. The default channel option is Released.
Click to check for available updates on D2Sphere.
Displays a list of firmware for the router that is available on the server. Select the firmware from this list and click Update now to
ePack User Manual for E210 and E220 Series Devices
88
Parameters Force Upgrade Upgrade/Downgrade
9: Services
Description upgrade or downgrade on the router. Check this box for forceful upgrade or downgrade of the router's firmware version. Click Update now to download the firmware selected in the Available Firmware list.
Table 9.5-1: DOTA for Lantronix Server
ePack User Manual for E210 and E220 Series Devices
89
9: Services
9.5.2 Custom Server
Services > Dota > Custom Server This page allows you to update the router firmware using a custom download over- the-air (DOTA) server.
Figure 9.5-2. Download over the Air (DOTA) for Custom Server Configuration
Parameters
Description
Update now
After setting the parameters on the Custom Server page, click Update now to download the firmware pointed to by the URL and the filename below.
Custom Server Settings
If the custom server is not configured, DOTA service will configure the D2Sphere server.
Protocol
Select HTTP or HTTPS as the protocol of the custom server.
URL/IP
Enter the URL or the IP address of the custom DOTA server. The entry must include http/https.
Filename
Enter the name of the router firmware file to be accessed for the update.
Username
Enter the server login username.
ePack User Manual for E210 and E220 Series Devices
90
Parameters Password Timeout in Minutes
Retries
9: Services
Description Enter the server login password. Enter the period of time to wait for the download to complete. The download process will be aborted after the timeout period expires. The default value is 10 minutes. Enter the number of retry attempts allowed to check and download the latest firmware file from the server. The default number of retries is 3.
Table 9.5-2: DOTA Custom Server Configuration
Note:
· DOTA update can also be triggered using SMS by sending the SMS AT+DOTA command after setting the custom server configuration from the Web UI (shown above) or by sending the AT+DOTASETTINGS command using SMS from a registered Mobile Number. See Figure 9.7-2 for syntax details.
9.6 Page Selector
This page allows a root user to hide certain pages from the admin user view.
9.7 SMS
Services > SMS
The SMS feature lets you send SMS messages to the router to request diagnostics information from the router, configure router settings, or initiate certain router actions such as DOTA upgrade or starting or stopping the VPN.
9.7.1 SMS Configuration
Services > SMS > SMS Configuration
You can configure up to four administrator mobile numbers to receive SMS messages containing router diagnostics information after a command is sent by SMS. The mobile number format is as follows: +<countrycode><phonenumber> You should include the preceding special character "plus (+)". Example: +9198xxxxxxxx
ePack User Manual for E210 and E220 Series Devices
91
9: Services
Parameters SMS Configuration Enable AT Enable SMS Administrator
Figure 9.7-1: SMS Configuration
Description
Enable remote SMS configuration. Enable remote AT commands using SMS Displays up to four Administrators configured to receive the diagnostics information of the router via SMS after an SMS command is sent. Note · If no number is configured then the router will accept SMS
from any number. For each administrator to be configured, enter the mobile number with country code. The format of mobile number must be: +<countrycode><phonenumber> with a preceding special character "plus (+)". Example: +9198xxxxxxxx
Table 9.7-1: SMS Service Configuration
ePack User Manual for E210 and E220 Series Devices
92
SMS AT Commands The following figure shows the supported SMS command syntax.
9: Services
Figure 9.7-2: SMS AT Commands The following table describes the command syntax:
# 1 2 3 4 5
Name Reboot Cell Diagnostics LAN Diagnostics WAN Diagnostics WAN Ping
6
LAN Ping
7
WWAN Ping
8
CELL Ping
Command Syntax AT+REBOOT=1 AT+CELLDIAG?
AT+LANDIAG? AT+WANDIAG? AT+WANPING=<IPA> Parameter:
IPA- IP address of the WAN interface to ping.
AT+LANPING=<IPA> Parameter:
IPA IP address of the LAN interface to ping AT+WWANPING=<IPA> Parameter:
IPA- IP address of the WAN interface to ping. AT+CELLPING=<IPA> Parameter:
ePack User Manual for E210 and E220 Series Devices
93
#
Name
9
Enable Remote Access
10
Hardware Information
11
Software Information
12
Start/Stop VPN
13
Install/Update IPK
14
Lan Settings
15
Dota Custom Settings
16
OPKG Configuration
Settings
17
Manage Digital Output
18
AT Command
9: Services
Command Syntax IPA- IP address of the WAN interface to ping.
AT+REMACC=<1/0> Parameter:
1/0 Set 1 to enable, set 0 to disable remote access
AT+HWI?
AT+SWI?
AT+VPN=<VPN Type>,<VPN Name>,<start/stop> Parameters:
VPN type Openvpn or ipsec VPN name VPN instance name Start/stop action to start or stop the vpn
AT+IPKDOTA=<Name of IPK file>,<install/upgrade/remove/autoremove> Parameters:
Name of IPK file IPK file name that OPKG will install, upgrade, or remove. install/upgrade/remove/autoremove action that OPKG will run
AT+IPLAN=<IPv4 address>,<SubnetMask> Parameters:
IPv4 address The IP address of the LAN interface Subnet mask Subnet mask of the LAN IP address
AT+DOTASETTINGS=<HTTP/HTTPS>,<Server URL>,<File name>,<Username>,<Password>,<Timeout>,<Retry> Parameters:
HTTP/HTTPS protocol of the custom server Server URL server URL, must include http: or htttps: File name name of the file to be accessed for the update Username server user name Password server password Timeout period of time to wait for the download to complete (minutes) Retry Parameters number of retry attempts to check and download the file from the server.
AT+OPKGSETTINGS=<Server URL> Parameter:
Server URL Enter the URL of the
AT#OUT=<GPO1/GPO2>,<OPEN/CLOSE> Parameters:
GPO1/GPO2 the pin to be configured OPEN/CLOSE Set OPEN for low, or CLOSE for high.
AT#ATCMD='<AT command string>',<Timeout> Description: The command passed in the AT command string will be sent directly to the internal GSM module. Parameters:
AT command string AT command such as AT+CSQ (signal quality) or AT+CREG? (to check the registration status of GSM module).
ePack User Manual for E210 and E220 Series Devices
94
9: Services
#
Name
19
DOTA Action
20
Cellular Settings
Command Syntax Timeout Timeout value should be an integer in seconds. If the timeout value is set to 0, don't wait for a response. Issue the command and leave it. Example: AT#ATCMD=AT+CSQ,5 - to check signal strength
AT+DOTA=<C/M>,<update/check>[,<released/beta/development>,< filename>] Parameters:
C/M C for custom server, M for D2Sphere update/check whether to update the router with the specified filename or to check for available updates released/beta/development the release channel on the D2Sphere server to use for the update/check filename filename of the package to use for the update
AT+IPGPRS=<1>,<Apn>,<Username>,<Password>,<AuthType>,<Data-Roam> Parameters:
1 or 1/2 SIM slot number. 1 slot is supported on E22x models. 2 slots are supported on E21x models only. Apn access point name provided by the cellular network provider Username username if auth type is pap, chap, or pap/chap Password password if auth type is pap, chap, or pap/chap Auth-type none, pap, pap/chap, or chap (the auth-type parameter is case sensitive, must be all lowercase) Data-Roam Enter 0 for disabled or 1 for enabled
Table 9.7-2: SMS AT Command Syntax
9.7.2 Ethernet SMS
Services > SMS > Ethernet SMS This service enables the device connected on LAN to initiate an SMS using Ethernet port.
Figure 9.7-3: Ethernet SMS Configuration
ePack User Manual for E210 and E220 Series Devices
95
Parameters SMS Configuration Enable Port
Description
9: Services
Check to enable the Ethernet SMS. Enter the port number. The port number range is from 0 to 65535. Table 9.7-3: Ethernet SMS Configuration
To send an SMS you need to open a TCP client connection on the LAN IP and configured port. Once the connection is created, issue the following commands: To send an SMS AT#SENDSMS=+<Mobile Number with Country Code><Message with CTRL+D>
To read an incoming SMS AT#READSMS=<ALL or SMS ID><Enter>
To delete an SMS AT#DELSMS=<ALL or SMS ID><Enter>
The internal SMS buffer is 10 messages meaning, 11th incoming SMS will be over written on the 1st SMS
ePack User Manual for E210 and E220 Series Devices
96
9: Services
9.7.3 Live Message
Services > SMS > Live Message Sends SMS from the web interface: You can also send SMS, read SMS and delete SMS from the web interface as shown in the screenshot below.
Figure 9.7-4: SMS Live Message Configuration
Note: · To activate the Live Message feature, you must first enable the Ethernet SMS feature. · To send SMS, add a # symbol preceding the phone number instead of the + symbol.
ePack User Manual for E210 and E220 Series Devices
97
9: Services
9.8 Reporting Agent
Services > Reporting Agent
The Reporting agent captures current information from the router on a periodic basis and sends it to a generic device management server using TCP/UDP/HTTP/HTTPS protocol. The information obtained from the router includes device information and the following groups:
· LAN · WAN · Cellular · Wi-Fi · GPS
Parameters Enable All Disable All LAN Parameters LAN
Figure 9.8-1. Reporting Agent (Cellular shown)
Description Select check box to enable all settings for all interfaces. Select check box to clear all settings for all interfaces.
Select to enable individual LAN settings. · Status · Uptime · IP
ePack User Manual for E210 and E220 Series Devices
98
Parameters WAN Parameters Cellular Parameters
Wi-Fi Parameters GPS Parameters
Description · Data usage
Select to enable individual WAN settings. · Status · Uptime · IP · Gateway · DNS · Data usage
Select to enable individual Cellular settings. · Status · Uptime · IP · Gateway · DNS · Data usage · RSSI · Roaming Status · Operator Name · Network Status · IMSI
Select to enable individual Wi-Fi settings. · Status · Uptime · IP · Gateway · DNS · Data usage · Wifi Client Info
Select to enable individual GPS settings. · Time · Latitude · Longitude · Altitude
Table 9.8-1: Reporting Agent Configuration
9: Services
ePack User Manual for E210 and E220 Series Devices
99
9: Services
9.8.1 Sending Data
Services > Reporting Agent > Enable data Send
The reporting agent sends captured data using any of the following protocols: TCP/UDP/HTTP/HTTPS. When sending data over TCP, you can define a custom string sequence for start of frame and end of frame. You can also configure a backup server. The router will send data to the backup server after three unsuccessful retries to the primary device management server. It will continue to send data to the backup server until the backup server fails or the device reboots.
Figure 9.8-2 Reporting Agent Enable Data Send (TCP)
Parameters Device Info Reporting Agents Enable Data Send Protocol
Description Select to allow reporting agent to retrieve device IMEI information.
Select the reporting agent. Generic agent is the default selection.
Select to enable data send.
Select the protocol used in the data transmission. Options are TCP, UDP, HTTP, or HTTPS. Depending on the protocol that you selected, the server fields will vary somewhat.
ePack User Manual for E210 and E220 Series Devices
100
9: Services
Parameters Starting string of the frame Ending string of the frame IP1/URL1 Port1 TCP Timeout Backup
Send Interval in Second
Description
When TCP is selected, a start of frame sequence can be used to indicate the first frame of the data sent by the reporting agent. This string must be less than 20 characters in length.
When TCP is selected, a start of frame sequence can be used to indicate the first frame of the data sent by the reporting agent. This string must be less than 20 characters in length.
Enter the IP address or the URL of the destination server.
Enter the port number (for TCP and UDP).
Enter the timeout in seconds to switch between primary and backup IP in case of connectivity failure. TCP user timeout value should be between 10 and 900 seconds.
This option is available when TCP protocol is selected. Select Backup check box to configure the backup TCP server.
IP2/URL2 Port2 The backup IP will be used after 3 failed attempts to send data to primary server. Reporting agent will continue to send data to backup server until the backup server fails or the device reboots.
The period of time between two data transmissions.
Table 9.8-2: Reporting Agent Data Send Configuration
9.8.2 Data Format
The following example shows the data format of the output considering all parameters selected in the interfaces and TCP protocol selected
@IMEI=352948070039411,Lan Status=Connected,Lan IP(IPv4)=192.168.1.1,Lan Uptime(Seconds)=329501,Lan TX bytes=572260469,Lan RX bytes=117212098,Wan Status=Connected,Wan IP(IPv4)=192.169.1.110,Wan Uptime(Seconds)=329389,Wan Gateway=192.169.1.1,Wan DNS=27.109.1.2 27.109.1.3,Wan TX bytes=75455301,Wan RX bytes=344481735,Cellular Status=Enabled,Cellular IP(IPv4)=,Cellular uptime(Seconds)=,Cellular Gateway=,Cellular DNS=,Cellular TX bytes=208,Cellular RX bytes=0,RSSI(ASU)=99,Roaming Status=N/A,Operator Name=N/A,Network Status=Not Registered,IMSI=ERROR,Wifi Status=Enabled,Wifi IP(IPv4)=192.169.2.116,Wifi Uptime(Seconds)=383,Wifi Gateway=192.169.2.1,Wifi DNS=192.169.2.1,Wifi TX bytes=14135074,Wifi RX bytes=34397774,Wifi Client Info={(MAC;IP;TX;RX)(6C:19:8F:0B:7A:78;192.169.2.1;305;5209)},Time(GMT)=,Latitude(d egree.mmsss)=,Longitude(degree.mmsss)=,Altitude(in meters)=,Model=E225LITE,Kernel Version=3.10.49,Local Time=Tue Mar 14 06:11:25 GMT 2017,System Uptime(Seconds)=329530,Firmware Version=Lantronix E220 2.2.0 RC8,DI1=,DO1=,DI2=,DO2=#
@IMEI=352948070039411, Lan Status=Connected, Lan IP(IPv4)=192.168.1.1, Lan Uptime(Seconds)=329501, Lan TX bytes=572260469,
ePack User Manual for E210 and E220 Series Devices
101
9: Services
Lan RX bytes=117212098,
Wan Status=Connected, Wan IP(IPv4)=192.169.1.110, Wan Uptime(Seconds)=329389, Wan Gateway=192.169.1.1, Wan DNS=27.109.1.2 27.109.1.3, Wan TX bytes=75455301, Wan RX bytes=344481735,
Cellular Status=Enabled, Cellular IP(IPv4)=x.x.x.x, Cellular uptime(Seconds)= abc, Cellular Gateway=y.y.y.y, Cellular DNS=z.z.z.z, Cellular TX bytes=xxx, Cellular RX bytes=yyy, RSSI(ASU)=22, Roaming Status=N/A, Operator Name=N/A, Network Status=Not Registered, IMSI=ERROR,
Wifi Status=Enabled, Wifi IP(IPv4)=192.169.2.116, Wifi Uptime(Seconds)=383, Wifi Gateway=192.169.2.1, Wifi DNS=192.169.2.1, Wifi TX bytes=14135074, Wifi RX bytes=34397774, WifiClientInfo={(MAC;IP;TX;RX)(6C:19:8F:0B:7A:78;192.169.2.1;305;5209)},
Time(GMT)=, Latitude(degree.mmsss)=, Longitude(degree.mmsss)=, Altitude(in meters)=,
Model=E225LITE, Kernel Version=3.10.49, Local Time=Tue Mar 14 06:11:25 GMT 2017, System Uptime(Seconds)=329530, Firmware Version=Lantronix E220 2.2.0 RC8,
DI1=, DO1=, DI2=, DO2=#
ePack User Manual for E210 and E220 Series Devices
102
9: Services
9.9 GPS
Services > GPS Some E210 and E220 series router models have a built-in GPS receiver that receives GPS data from GPS satellites for synchronizing the GPS time and position data.
Figure 9.9-1 Services > GPS enable data
The GPS data can be sent in NMEA data format to an external TCP/UDP/HTTP/HTTPS server on a real-time basis. You can also configure a backup server. The router will send data to the backup server after three unsuccessful attempts to the primary device management server. It will continue to send data to the backup server until the backup server fails or the device reboots.
ePack User Manual for E210 and E220 Series Devices
103
9: Services
Figure 9.9-2 GPS Service Configuration
Parameters GPS Parameters GPS Enable Time (GMT) Latitude (degree.mmsss) N/S-Indicator Longitude (degree.mmsss) E/W-Indicator Position-Fix-Indicator
Number of Satellites Used
HDOP Altitude (in meters) Status
Speed Course of Ground Protocol
Description
Select GPS Enable check box to display current GPS data. Time in hh:mm:ss Latitude in ddmm.mmmm N = North or S = South Longitude in ddmm.mmmm E = East or W=West Indicates the type of signal or technique used by the GPS receiver to determine its location.
0 Fix not available or invalid 1 GPS SPS Mode, fix valid 2 Differential GPS, SPS Mode, fix valid 3 to 5 Not supported 6 Dead Reckoning Mode, fix valid Number of satellites used to receive GPS signals. The range for the number of satellite used is 0 to 12. Horizontal Dilution of Precision (HDOP) indicates the relative accuracy of the horizontal position Altitude above mean sea level Displays the status. A = Data valid V = Data not valid Speed over ground in knots Track, or intended direction of travel
ePack User Manual for E210 and E220 Series Devices
104
9: Services
Parameters Enable Data Send Protocol IP1/URL1 Port1 Backup
Polling Interval (in seconds)
Send Interval (in seconds)
Description
Select Enable Data Send check box to send data to the selected server. It sends the GPS information in NMEA format.
Select the TCP protocol only.
Enter the primary IP Address.
Enter the Port Number.
Click to allow using of backup IP, in case sending of the data fails using primary IP Address. In case the backup IP Address fails, primary IP Address will be used. Three such trials will be executed.
IP2 Enter the backup IP Address. Port2 Enter the backup Port Number.
The period of time between the end of the timeout period or the completion of the network request and the next request for data on the network.
The period of time to wait between attempts to send GPS data using the primary IP address or backup IP.
Table 9.9-1: GPS Service Configuration
ePack User Manual for E210 and E220 Series Devices
105
9: Services
9.9.1 Sample GPS Frames
9.9.1.1 GSV Format
· $GPGSV,4,1,16,21,50,358,38,22,28,272,37,29,53,164,36,18,51,319,31*7E IMEI number is added at the start of every frame
Parameters MID GSV Parameters MID Number of Messages(1) Message Number(1) Satellites in View(1) Satellite ID
Elevation
Azimuth
SNR (C/N0)
.... Satellite ID
Elevation
Azimuth
SNR (C/N0)
Checksum <CR><LF>
Description
GSV Protocol Header Example $GPGSV Total number of GSV messages to be sent in this group Example 4 Message number in this group of GSV messages Example 1 16 Channel (Range 1 32) Example 21 Channel 1 (Maximum 90) Example 50 degrees Channel (True, Range 0 359) Example 358 degrees Range 0 -99, null when not tracking Example 38dBHz .... Channel 4 (Range 1 32) Example 18 Channel 4 (Maximum 90) Example 51 degrees Channel 4 (True, Range 0 - 359) Example 319 degrees Range 0 99, null when not tracking Example 31 dBHz *71 End of message termination
Table 9.9-2: GSV Data Format
(1)Depending on the number of satellites tracked, multiple messages of GSV data may be required. In some software versions, the maximum number of satellites reported as visible is limited to 12, even though more may be visible.
ePack User Manual for E210 and E220 Series Devices
106
9: Services
9.9.1.2 GGA Format
· $GPGGA,120133.0,1907.469671,N,07250.544473,E,1,05,1.0,43.1,M,-64.0,M,,*42
Parameters MID GGA Parameters MID UTC Time Latitude N/S-Indicator Longitude E/W-Indicator Position-Fix-Indicator
Satellite-Used
HDOP MSL Altitude Units Geoid Seperation
Units Age of Diff.Corr. Diff. Ref.Station ID Checksum <CR><LF>
Description
GGA Protocol Header Example $GPGGA Time in hhmms.sss Example 120133.0 Latitude in ddmm.mmmm Example 1907.469671 N = North or S = South Example N Longitude in ddmm.mmmm Example 07250.544473 E = East or W = West Example E Indicates
0 Fix not available or invalid 1 GPS SPS Mode, fix valid 2 Differential GPS, SPS Mode, fix valid 3 to 5 Not supported 6 Dead Reckoning Mode, fix valid Example 1 Number of satellite used to receive GPS signals. The range for the number of satellite used is 0 to 12. Example 05 Horizontal Dilution of Precision Example 1.0 Altitude in meters. Example 43.1 meters Example M meters Geoid-to-ellipsoid separation. Ellipsoid altitude = MSL Altitude + Geoid Separation Example -64.0 meters Example M meters Null fields when DGPS is not used.4 The units is sec. *42 End of message termination
Table 9.9-3: GGA Data Format
ePack User Manual for E210 and E220 Series Devices
107
9.9.1.3 VTG Format
· $GPVTG,0.0,T,0.3,M,0.0,N,0.0,K,A*20
9: Services
Parameters MID VTG Parameters MID Course Reference Course Reference Speed Units Speed Units Mode
Checksum <CR><LF>
Description
VTG Protocol Header Example $GPVTG Measured heading Example 0.0 degrees True Example T Measured heading Example 0.3 degrees Magnetic(1) Example M Measured horizontal speed Example 0.0 knots Knots Example N Measured horizontal speed Example 0.0 km/hr Kilometers per hour Example K Indicates
A Autonomous D DGPS E DR N Output Data Not Valid R Course Position(2) (3) (4) S Simulator Example A *20 End of message termination
Table 9.9-4: VTG Data Format
(1) CSR does not support magnetic declination. All "course over ground" data are geodetic WGS84 directions.
(2) Position was calculated based on one or more of the SVs having their states derived from almanac parameters, as opposed to ephemerides.
(3) This feature is supported in the GSD4e product only. (4) This feature is supported in the GSD4e product, version 1.1.0 and later.
ePack User Manual for E210 and E220 Series Devices
108
9: Services
9.9.1.4 RMC Format
· $GPRMC,120133.0,A,1907.469671,N,07250.544473,E,0.0,0.0,150915,0.3,W,A*1E
Parameters MID RMC Parameters MID UTC Time Status(1)
Latitude N/S-Indicator Longitude E/W-Indicator Speed Over Ground Course Over Ground
Date Magnetic Variation(2)
East/West Indicator(2) Mode
Checksum <CR><LF>
Description
RMC Protocol Header Example $GPRMC Time in hhmmss.sss Example 120133.0 A = Data valid V = Data not valid Example A Time in ddmm.mmmm Example 1907.469671 N = North or S = South Example N Longitude in ddmm.mmmm Example 07250.544473
E = East or W = West Example E Measured in knots. Example 0.0 True. Measured in degrees Example 0.0
Date in ddmmyy Example 150915 E = East or W = West Measured in degrees Example 0.3 W = West Example W
Indicates A Autonomous D DGPS E DR N Output Data Not Valid R Course Position(3) (4) (5) S Simulator
Example A *1E
End of message termination
Table 9.9-5: RMC Data Format
ePack User Manual for E210 and E220 Series Devices
109
9: Services
(1) A valid status is derived from all the parameters set in the software. This includes the minimum number of satellites required, any DOP mask setting, presence of DGPS corrections, etc. If the default or current software setting requires that a factor is met, and then if that factor is not met the solution will be marked as invalid. (2) CSR Technology Inc. does not support magnetic declination. All courses over ground data are geodetic WGS84 directions relative to true North. (3) Position was calculated based on one or more of the SVs having their states derived from almanac parameters, as opposed to ephemerides. (4) This feature is supported in the GSD4e product only. (5) This feature is supported in the GSD4e product, version 1.1.0 and later.
ePack User Manual for E210 and E220 Series Devices
110
9.9.1.5 GSA Format
· $GPGSA,A,3,18,20,21,22,29,,,,,,,,2.4,1.0,2.2*36
9: Services
Parameters MID GSA Parameters MID
Mode1
Description
GSA Protocol Header Example $GPGSA M Manual: Forced to operate in 2D or 3D mode A 2D Automatic: Allowed to automatically switch 2D/3D
Mode2
Satellite Used(1) Satellite Used(1) .... Satellite Used PDOP(2) HDOP(2) VDOP(2) Checksum <CR><LF>
Example A 1 Fix not available 2 2D (<4 SVs used) 3 3D (>3 SVs used) Example 3 SV on Channel 1 Example 18 SV on Channel 2 Example 20 .... SV on Channel 12 Position Dilution of Precision Example 2.4 Horizontal Dilution of Precision Example 1.0 Vertical Dilution of Precision Example 2.2 *33 End of message termination
Table 9.9-6: GSA Data Format (1) Satellite used in solution. (2) Maximum DOP value reported is 50. When 50 is reported, the actual DOP may be much larger.
ePack User Manual for E210 and E220 Series Devices
111
9: Services
9.10 Keepalived
Services > Keepalived
The Keepalived service (Keepalived is a Linux daemon that provides frameworks for load balancing and high availability of the servers connected to the router) uses Virtual Router Redundancy Protocol (VRRP) to check the health of load balanced routers and elect a router on the network that will serve a particular IP.
In a typical configuration, VRRP groups two or more routers into a virtual router, where one router is the master (active) server and the other is the backup node. The master server has a higher priority than the backup server. The master server transmits multicast VRRP advertisement packets at regular intervals, and the backup servers listen for these advertisement packets. If the backup servers fail to receive three consecutive VRRP advertisements, the backup router with the highest priority becomes the new master router so that the system remains functional.
The configuration for the backup server will be similar to that of the master server, with the exception of the values for priority, state, and interface (depending on the system hardware configuration).
9.10.1 General
Services > Keepalived > General
Parameters General Detailed Log Syslog level
Figure 9.10-1 Keepalived General settings
Description
Select to enable detailed keepalived general/common logs. Set the log level from 0-4, with 4 being the most detailed. Table 9.10-1: Keepalived General Configuration
ePack User Manual for E210 and E220 Series Devices
112
9.10.2 Keepalived Global
Services > Keepalived > Keepalived Global This provides general settings for the Keepalived service.
9: Services
Figure 9.10-2: Keepalived Global Configuration
Parameters Keepalived Global Vrrp startup delay Global Router Id/name
Keepalived config file
Description
Enter the time in seconds to delay before starting VRRP. Enter the global router ID/name. A default name is provided, but you can modify it if you want. It doesn't have to be the hostname, but it must be unique for each device in a pool. Select the Keepalived configuration file. Settings in the configuration file will supersede settings configured on the Keepalived UI pages except for all scripts loaded in Tracking Scripts, and the User Notify settings in VRRP Instances.
ePack User Manual for E210 and E220 Series Devices
113
9: Services
Parameters
Remove configuration for Keepalived User Enable Script Security
Enable dynamic interfaces
Description The name of the script should match the ones in the configuration file settings.
Unlink the uploaded keepalived configuration so as to fill the configurations manually.
The user for script execution.
Select to prevent running any scripts that were configured to be run as root if any part of the path is writable by a non-root user.
Select to enable dynamic interfaces. Once enabled, next to Dynamic interfaces, select Allow or None
Table 9.10-2: Keepalived Global Configuration
ePack User Manual for E210 and E220 Series Devices
114
9: Services
9.10.3 Tracking Scripts
Services > Keepalived > Tracking Scripts This page is used to create blocks of tracking scripts that can be used by various Keepalived instances to be configured in the same router. Keepalived will run the tracking script to determine the health of the host and increase or decrease the priority of the router by the value of the weight.
Figure 9.10-3: Keepalived Tracking Scripts Configuration
Parameters Tracking Scripts Name of trackscript block Script
Remove script
Description
Enter the tracking script block name. Select the tracking script file to upload it to the router. The file is uploaded to the /usr/sbin/ folder. The script name should start with "keepalived_" and end with ".sh". Click to remove the tracking script.
ePack User Manual for E210 and E220 Series Devices
115
9: Services
Parameters TrackScript interval Weight
TrackScript pass count TrackScript fail count
Description
Enter the time interval between script invocations in seconds. Default is 1 second
Enter the weight to adjust the priority if the tracking script fails. Range is -253 to 253. Positive value will increase the priority. Negative value will decrease the priority. Setting it to zero (0) will ignore the weight, which means that any VRRP instance monitoring the script will transition to the fault state after the fail count number of consecutive failures of the script. A script returning 0 (zero) is success and everything else is fail.
Enter the required number of successes for OK transition.
Enter the required number of fails for NOK transition.
Table 9.10-3: Keepalived Tracking Scripts Configuration
9.10.4 Tracking Interfaces
Services > Keepalived > Tracking Interfaces
This page is used to configure which interfaces Keepalived will monitor. If a monitored interface fails, Keepalived will adjust the priority of the host according to the configured weight of the tracking interface.
Figure 9.10-4: Keepalived Tracking Interfaces Configuration
Parameters Tracking Interfaces Name of interface block
Description Enter the name of the tracking interface block
ePack User Manual for E210 and E220 Series Devices
116
9: Services
Parameters Interfaces
Weight
Description
Select the interface to monitor for changing the state of the router or decreasing the weight.
Enter the weight to adjust the priority if the interface is present or absent. Range is -253 to 253. Positive value will increase the priority. Negative value will decrease the priority. Default is 0 (zero), which means that the router will fail in case of the interface not running.
Table 9.10-4: Keepalived Tracking Interfaces Configuration
9.10.5 Tracking Processes
Services > Keepalived > Tracking Processes
This page is used to create tracking process blocks that Keepalived can use to monitor the health of the router. If the monitored process stops running, Keepalived will adjust the priority of the host according to the weight of the tracking process.
Note: · To monitor a process after you've added it, you must restart the Keepalived service manually.
Figure 9.10-5: Keepalived Tracking Processes Configuration
Parameters Tracking Processes Name of process block Process Weight
Description
Enter the name of the process block. Enter the name of the process to monitor for running state. Enter the weight to adjust the priority if the process is not running. Range is -253 to 253. Positive value will increase the priority. Negative value will decrease the priority. Default is 0 (zero), which
ePack User Manual for E210 and E220 Series Devices
117
9: Services
Parameters
Description means that the router will fail in case of the interface not running.
Table 9.10-5: Keepalived Tracking Processes Configuration
9.10.6 Virtual IP
Services > Keepalived > Virtual IP Configure the Virtual IP address for the VRRP instance.
Figure 9.10-6: Keepalived Virtual IP
Parameters Virtual IP Name of address block Virtual ipaddress
Physical device Scope of the virtual ip
Description
Enter the name of the address block. Enter the Virtual IP address and netmask that will be used by the virtual router. Select the device used for the virtual IP. Select the scope. Options include: global, site, link, host, nowhere.
Table 9.10-6: Keepalived Virtual IP Configuration
ePack User Manual for E210 and E220 Series Devices
118
9: Services
9.10.7 VRRP Instances
Services > Keepalived > VRRP Instances The VRRP instance is the individual instance of the VRRP protocol running on an interface to be monitored by Keepalived.
The General and Advanced settings define the VRRP instance. The User Notify settings allow Keepalived to run specified scripts when the router transitions from backup to master state or master to backup state.
Figure 9.10-7: Keepalived VRRP Instances (General Configuration)
ePack User Manual for E210 and E220 Series Devices
119
9: Services
Parameters
Description
VRRP Instances > General Settings
Enable
Click to enable the VRRP instance.
The VRRP instance defines and configures VRRP behavior to run on a specific interface.
Name of Instance
Enter a name for the VRRP instance.
Virtual Router ID
Enter the router ID. This number should be the same for all routers on the virtual router.
Unique number from 1 to 155.
Interface to look for
Select the interface that needs to be monitored for switching.
Virtual Router Priority
Enter the priority. The router with the highest priority will be the master.
Delay
Enter the interval in seconds that VRRP will wait between sending advertisement packets.
Default is 1 second.
Debug
Enter the debug level, from 1 to 4. Note: Debug level is not implemented yet by Keepalived.
Initial Virtual Router State
Select the initial virtual router state as MASTER or BACKUP.
This is for initial state only. As soon as the other routers in the virtual router group come up, an election will be held and the router with the highest priority will become MASTER.
Enable Authentication
Select to enable authentication. Authentication type can be PASS (suggested) or AH IPSec (not recommended).
PASS is a simple text password. This should be the same value on all machines in the virtual router. Only the first eight (8) characters are used.
Note: Authentication was removed from the VRRPv2 specification, and use of the option is non-compliant and can cause problems.
VRRP Instances > Advanced Settings
Virtual IPs
Enter the Virtual IP block. The router will assume this IP when it becomes Master and release it when it changes to Backup. Add blocks configured in Virtual IP.
Track Process
Enter the track process block that the VRRP instance will monitor. Add blocks configured in Tracking Process.
Track interface
Enter the track interface block that the VRRP instance will monitor. Add blocks configured in Tracking Interfaces.
Track Script
Enter the tracking script block that the VRRP instance will monitor. Add blocks configured in Tracking Scripts.
VRRP Instances > User Notify Settings
Notify master Script
Select the notify master script which will be run when the router becomes Master.
Remove master script
Remove the notify master script.
Notify backup Script
Select the notify backup script which will be run when the router becomes Backup.
Remove backup script
Remove the notify backup script.
Table 9.10-7: Keepalived VRRP Instances Configuration
ePack User Manual for E210 and E220 Series Devices
120
9: Services
9.11 Last Gasp
The Last Gasp feature is available on E220 series routers only. The Last Gasp feature sends a last gasp message to a mobile number to report the abrupt loss of power to the router. Last Gasp configuration includes a mobile number that Last Gasp will attempt to contact, and short text messages for power restore or power. Last Gasp is enabled by default.
Figure 9.11-1 Last Gasp (E220 series devices only)
Parameters Last Gasp Enable
Mobile Number
Power restore text Power failure text
Description
Select to enable last gasp. Enabled by default. Enter the mobile number that Last gasp will attempt to contact when power is lost. Enter the message for power restore. Enter the message for power failure.
Table 9.11-1: Last Gasp Configuration (E220 series devices only)
ePack User Manual for E210 and E220 Series Devices
121
9: Services
9.12 Serial
Services > Serial The E220 series router provides one RS-485 serial port, which can be configured in half-duplex or full-duplex mode by means of a switch on the E220 series hardware. The E210 router provides one RS-232 9-pin serial port. Optionally, the RS-232 port can be converted to an RS-485 port using the Snap CapTM SC485 add-on. The RS-485 port can be configured in halfduplex or full-duplex mode by means of a switch on the Snap Cap SC485 add-on. For wiring configuration details for the E220 series RS-485 in half-duplex mode, see Appendix A. Wiring Diagrams.
9.12.1 Serial Configuration
The Serial configuration parameters such as baud rate must be configured for the data connection to the serial port. The serial communication mode can be Transparent or Modbus RTU to Modbus TCP mode.
Figure 9.12-1: Serial Configuration
ePack User Manual for E210 and E220 Series Devices
122
Parameters Serial Configuration Path Is baudrate custom Baud Rate Data bit Parity
Stop bit
Timeout in Seconds Mode
Description
9: Services
The path to the serial device. The default path is "dev/ttyS1".
Select the box to add a custom baud rate between 2400 bps and 230400 bps in the Baud Rate field.
Select a baud rate from the list of pre-defined options or enter the custom baud rate between 2400 bps and 230400 bps. The default baud rate is 115200.
Select the number of data bits: The valid range is from 5 to 8. The default data rate is 8.
A parity bit is added to the end of the string of binary code that checks if the number of bits in the string with value one is even or odd. It is used for detecting error. Select the parity bit:
Odd Even None The default is None.
Select the number of stop bits: 1 2
The default stop bit is 1.
Enter the idle timeout in seconds for serial data completion.
Select the mode of serial communication: Transparent
Transparent mode of communication does not alter any data structure before or during the data communication. Modbus RTU to Modbus TCP: This mode converts the Modbus RTU data to/from RS485 to Modbus TCP before transmitting over TCP network.
Table 9.12-1: Serial Configuration
9.12.2 Serial Data Send Configuration
The Data Send configuration is used to select the protocol and serial operating mode settings. If the TCP protocol is selected, the router can operate in TCP server or TCP client mode. In TCP server mode, the router will listen on the local port for network communication from TCP clients on the LAN interface (type=internal) or the WAN interface (type=external). In TCP client mode, the serial device connects to a remote TCP server at a specified IP and port, or to a backup server, for the data transmission. The data from the serial port can be sent either via TCP or UDP using any of the available TCP interfaces.
The other protocol option is FTP, which allows the serial device to send a file to an FTP server. See Section 9.12.2.3 Data Send Configuration for FTP.
ePack User Manual for E210 and E220 Series Devices
123
9.12.2.1 TCP Server Mode Configuration
9: Services
Figure 9.12-2: Data Send Configuration Server Mode on WAN Interface
Figure 9.12-3: Data Send Configuration Server Mode on LAN Interface
Parameters Enable Protocol
Mode
Description Select the box to enable sending serial data Select the protocol.
For TCP, select TCP. For FTP transport, select FTP. Select the serial operating mode. Note:
ePack User Manual for E210 and E220 Series Devices
124
9: Services
Parameters
Description
· Server mode operation requires a public IP address on the external interface (WAN).
For TCP server mode, select Server. For TCP client mode, select Client
Type
This setting is available if TCP Protocol and Server Mode settings are selected.
Select External to listen for network connections on the WAN interface.
Select Internal to listen for network connections on the LAN interface.
External serial port listens on WAN interface
Port
Enter the WAN port to listen on.
Internal serial port listens on LAN interface
IP
Enter the IP address of the LAN interface to listen on
Port
Enter the port of the LAN interface to listen on
Table 9.12-2: Data Send Configuration - Server Mode
9.12.2.2 TCP Client Mode Configuration
Figure 9.12-4: Data Send Configuration Client Mode
ePack User Manual for E210 and E220 Series Devices
125
9: Services
Parameters Enable Protocol
Mode
IP Port Backup Server Enable Backup IP Backup Port Socket Timeout Enable Inactivity Timeout in Seconds
Description Select the box to enable sending serial data Select the protocol.
For TCP, select TCP. For FTP transport, select FTP. Select the serial operating mode. For TCP server mode, select Server. For TCP client mode, select Client Enter the IP address of the remote TCP server Enter the port of the remote TCP server Select the box to enable a backup TCP server Enter the IP address of the remote backup TCP server Enter the port of the remote backup TCP server Select the box to enable a socket timeout value. If Socket Timeout is enabled, enter the inactivity timeout value in seconds.
Table 9.12-3: Data Send Configuration - Client Mode
9.12.2.3 Data Send Configuration for FTP
Figure 9.12-5: Data Send Configuration FTP Protocol
ePack User Manual for E210 and E220 Series Devices
126
9: Services
Parameters Enable Protocol
File Name IMEI Date Format FTP Server Address FTP Server Port User Name Password Directory Path
Description Select the box to enable sending serial data. Select the protocol.
For TCP, select TCP. For FTP transport, select FTP. Enter the file name of the file to transmitted. Select the box to add the IMEI to the file name. Select the date format to be appended to the file name. Enter the IP address of the FTP server. Enter the port number of the FTP server. Enter the FTP server user name. Enter the FTP server password. Enter the directory path on the FTP server where the file will be placed.
Table 9.12-4: Data Send Configuration FTP Protocol
ePack User Manual for E210 and E220 Series Devices
127
9: Services
9.13 Service Actions
Services > Service Actions This page displays a list of all the available services and allows the administrator to manage system resources. You can start, stop, reload, or restart the service; and enable or disable automatic startup of the service when the device is rebooted. Note · Only perform service actions if you understand the outcome. Stopping or disabling certain
services could adversely affect the operation of the router and require a device reset.
Figure 9.13-1: Service Actions
ePack User Manual for E210 and E220 Series Devices
128
9: Services
9.14 Events
Services > Events E210 and E220 routers are equipped with two digital inputs/outputs (I/O). Digital inputs range is 3V to 24V and the same input pins are also available to be used as open collector digital output with maximum 200mA @ 24V. The Event Management page allows you to map actions to events respective to the digital I/Os.
9.14.1 Event Management
Services > Events
Figure 9.14-1: Event Service Configuration
Parameters Event Management Enable Event Action
Mobile Number/VPN Type
Text/VPN Name
Description
Click to enable the events
Select the event from the available options DIO is by default are pulled up to high voltage level.
Select the action from options. Close/Open digital Output # 1/2 to close or open the digital pin Start VPN start VPN Stop VPN stop VPN SMS to send the event details using the SMS. Switch Digital Output Change the state of Digital Output Reboot To reboot the router.
Enter the mobile number. The mobile number format must be: <countrycode><phonenumber>. If the action is to start or stop the VPN, then enter the type of the VPN such as ipsec, pptp, l2tp, or openvpn.
Enter the text message that will be sent to the configured mobile number in case of event occurs. If the action is to start or stop the VPN, then enter the VPN instance name.
Table 9.14-1: Event Service Configuration
ePack User Manual for E210 and E220 Series Devices
129
9: Services
9.15 uHTTPd
uHTTPd is the standard web server that runs the web interface and provides support for multiple instances, TLS (SSL), and other web server features.
9.15.1 General Settings
Services > uHTTPd > General Settings The uHTTPd Main instance is provided by default and is used for configuring the router. You can create new instances and configure the server settings by clicking the Add button.
Figure 9.15-1: uHTTPd Service General Settings Configuration
ePack User Manual for E210 and E220 Series Devices
130
9: Services
Figure 9.15-2: uHTTPd Self-signed Certificate Configuration
Parameters
Description
MAIN
HTTP listeners (address:port)
Either HTTP listener or HTTPS listener is required.
Enter the ports and addresses to listen on for HTTP access.
Use 0.0.0.0/[::] to bind to all devices present. Enter a specific IP address to restrict binding to a specific interface.
HTTPS listener (address: port)
Either HTTP listener or HTTPS listener is required.
Enter the ports and addresses to listen on for HTTPS access.
Use 0.0.0.0/[::] to bind to all devices present. Enter a specific IP address to restrict binding to a specific interface.
Redirect all HTTP to HTTPS
Select this option to redirect all HTTP to HTTPS.
Ignore private IPs on public interface
Select to ignore requests from private IP addresses (RFC1918) directed to the server's public IPs.
The default setting is to ignore the requests from private IPs.
HTTPS Certificate (DER Encoded)
Upload the HTTPS cert file. Click the icon to expand the directory structure (from root).
HTTPS Private Key (DER Encoded)
Upload the HTTPS private key file. Click the icon to expand the directory structure (from root).
Remove old certificate and key
Click to remove old certificate and key files
Remove configuration for certificate and key
Click to remove the cert, key, and configuration information.
Add
Click to add another instance.
uHTTPd Self-signed Certificate Parameters
Valid for # of Days
Enter the validity time (number of days) of the generated certificate. Default: 730 days
Length of key in bits
Enter the length of the generated RSA key in bits Default: 2048
Server hostname
Enter the server hostname covered by the certificate.
ePack User Manual for E210 and E220 Series Devices
131
Parameters
Country State Location
Description Default: Lantronix Country of the certificate issuer State of the certificate issuer Location/city of the certificate issuer
Table 9.15-1: uHTTPd Service General Configuration
9: Services
ePack User Manual for E210 and E220 Series Devices
132
9.15.2 Full Web Server Settings
Services > uHTTPd > Full Web Server Settings Full Web Server Settings provide additional configuration for the uHTTPd service.
9: Services
Figure 9.15-3: uHTTPd Service Full Web Server Configuration
Parameters MAIN Index page(s)
CGI filetype handler
Do not follow symlinks outside document root Do not generate directory listings
Description
Enter the index file to use for directories. Usually index.html or index.php. Enter the interpreter to associate with file endings in the cgi scripts directory. If selected, the http/https server will not follow symbolic links outside the document root. If selected the http/https server will not generate directory listings.
ePack User Manual for E210 and E220 Series Devices
133
9: Services
Parameters
Description
Aliases
Maps URL to filesystem locations outside the document root. Format should be /old/path=/new/path
Realm for Basic Auth
Enter the realm for basic authentication when prompting the client for credentials.
The default is "Lantronix", which is the local hostname.
Config file (e.g. for credentials for Basic Auth)
Enter the path of the configuration file for credentials for basic authentication and additional settings.
The server will not use HTTP authentication if this field is blank.
404 Error
Enter the virtual URL of file or CGI script to handle 404 (file not found) request. It must begin with a forward slash '/'.
uHTTPd Self-signed Certificate Parameters
Valid for # of Days
Enter the validity time (number of days) of the generated certificate. Default: 730 days
Length of key in bits
Enter the length of the generated RSA key in bits Default: 2048
Server hostname
Enter the server hostname covered by the certificate. Default: Lantronix
Country
Country of the certificate issuer
State
State of the certificate issuer
Location
Location/city of the certificate issuer
Table 9.15-2: uHTTPd Service Full Web Server Configuration
ePack User Manual for E210 and E220 Series Devices
134
9.15.3 Advanced Settings
Services > uHTTPd > Advanced Settings
9: Services
Figure 9.15-4: uHTTPd Service Advanced Configuration
ePack User Manual for E210 and E220 Series Devices
135
9: Services
Parameters
Description
MAIN
Document root
Enter the directory path to the server document root. By default the root is /www.
Path prefix for CGI scripts
Enter the prefix for CGI scripts, relative to the document root. Leave it blank to disable CGI support.
Virtual path prefix for LUA scripts
Enter the prefix for sending requests to the embedded LUA interpreter, relative to the document root. Leave it blank to disable LUA support.
Full real path to handler for Lua scripts
Enter the full path to the Lua handler script to initialize LUA runtime on server start. This field is required if Lua prefix is given, otherwise it's optional.
Virtual path prefix for ubus via Enter the URL prefix for ubus via JSON-RPC handler, relative to the
JSON-RPC integration
document root. Leave it blank to disable UBUS.
Override path for ubus socket Enter the override ubus socket path
Enable JSON-RPC CrossOrigin Resource Support
Select to enable CORS HTTP headers on JSON-RPC API. By default, this setting is disabled.
Disable JSON-RPC authorization via ubus session API
If selected, do not authenticate JSON-RPC requests against the UBUS session API.
By default the requests are authenticated.
Maximum wait time for Lua, CGI, or ubus execution
Enter the maximum wait time for CGI, LUA or ubus requests in seconds. If no output is generated within the timeout period, the requested executables are terminated.
Default is 60 seconds.
Maximum wait time for network activity
Enter the maximum wait time for network activity. If no network activity occurs within the timeout period, the requested executables are terminated and the connection is shut down.
Default is 30 seconds.
Connection reuse
Sets the time limit for connection reuse.
TCP Keepalive
Number of unanswered keep alive requests allowed. Default: 1
Maximum number of connections
Enter the maximum number of concurrent connections allowed. If the limit is reached, further TCP connection attempts are queued until the number of connections is below the limit.
Default: 100
Maximum number of script requests
Enter the maximum number of concurrent requests. If the limit is reached, further requests are queued until the number of requests drops below the limit.
Default: 6
Maximum wait time for rpc timeout in seconds per requests
Enter the maximum wait time for RPC timeout in seconds. Default: 55
uHTTPd Self-signed Certificate Parameters
Valid for # of Days
Enter the validity time (number of days) of the generated certificate. Default: 730 days
Length of key in bits
Enter the length of the generated RSA key in bits Default: 2048
ePack User Manual for E210 and E220 Series Devices
136
Parameters Server hostname
Country State Location
Description Enter the server hostname covered by the certificate. Default: Lantronix Country of the certificate issuer State of the certificate issuer Location/city of the certificate issuer
Table 9.15-3: uHTTPd Service Advanced Configuration
9: Services
ePack User Manual for E210 and E220 Series Devices
137
10 Network
10: Network
The ePack software provides the administrator several options to customize the Network configurations adhering to the organization's requirements. To configure the Network parameters, the following sub-sections are available:
· Interfaces · Wireless · Switch · DHCP and DNS · Hostnames · Static Routes · Diagnostics · Firewall · Load Balancing
10.1 Interfaces
Network > Interfaces
The Interfaces section provides the overview and status of the network interfaces for LAN, WAN, Cellular, and WWAN. It also provides the configuration parameters for each of these interfaces, which allow you to configure or update the protocol assignment, gateway metric, DNS configuration, bridge interface configuration, firewall zone assignment, and DHCP server configuration according to your requirements.
Additionally, from the Interfaces page, you can add new virtual interfaces, such as GRE, L2TP, PPP, or PPtP VPN instances.
The Network Interfaces section contains following pre-configured network interfaces:
· CELLULAR
· LAN
· WAN/WAN6
· WWAN/WWAN6
ePack User Manual for E210 and E220 Series Devices
138
10: Network
10.1.1 Interfaces Overview
Network > Interfaces This page provides a summary view of the interfaces on the router and general interface settings.
Figure 10.1-1: Interfaces Overview
Parameters Interfaces Overview Network
Status Actions
Description
Displays all the configured Network Interfaces. The default interfaces are: LAN, CELLULAR, WAN, WAN6, WWAN, WWAN6 In addition, it displays any custom interfaces that have been added. Note · When Wi-Fi is configured as Client, Interface WWAN will
become active.
Displays the status of the interface. See Section 10.1.2. Select the action to be taken for the interface.
Restart Connects the interface or reconnects the already
ePack User Manual for E210 and E220 Series Devices
139
10: Network
Parameters
Add new interface Global Network Options IPv6 ULA-Prefix Network Watchdog Enable
Time Wan as Lan Enable
Description started interface. Stop Stops the interface. Edit Allows you to edit the interface settings. Detete Deletes the interface. Note · Default interfaces have pre-defined configurations and
should not be deleted.
Click Add new interface to add a virtual interface. See Section 10.1.8.
Displays the IPv6 Unique Local Address (ULA)-Prefix
Select this box to enable or clear the box to disable the Network Watchdog. The network watchdog monitors the connectivity of all WAN (external network) interfaces. In the absence of connectivity resulting in Network down, the router resets itself. By default, the network watchdog is in enabled mode. If the network watchdog is enabled, enter the watchdog timeout in minutes.
Select the box to enable the WAN port to act as a LAN interface. This will provide two LAN interfaces on the router.
Table 10.1-1: Network Interfaces Overview
ePack User Manual for E210 and E220 Series Devices
140
10.1.2 Interface Status
10: Network
Figure 10.1-2: WAN Interface Status
The Interface Status displays the following details associated to interface:
· Protocol Displays the protocol assigned to the interface. · Uptime Displays the amount of time that the interface has been active since the last interface
connection/reconnection. The format is dd:hh:mm:ss, and is displayed in 24 hour clock format. Uptime is displayed for all active interfaces. · MAC-Address MAC Address of the physical interfaces.
Note · MAC Address is displayed for LAN, WAN, WWAN and OpenVPN interfaces.
· RX Amount of data received in bytes over an Interface. RX is displayed for all the interfaces for a particular session.
· TX Amount of data transmitted in bytes over an Interface. TX is displayed for all the interfaces for a particular session.
· IPv4 Displays IPv4 Address of the interface. · IPv6 Displays IPv6 Address of the interface.
ePack User Manual for E210 and E220 Series Devices
141
10: Network
10.1.3 Interface Protocols
The Protocol field on the Edit Interface > General Settings page allows assigning the protocol with respect to the router model number. Table 10.1-2 shows the available protocol options for each of the interfaces. When configuring an interface, please make sure that the protocol selection is appropriate for the interface.
Interface Protocols
LAN
WAN
WWAN
Cellular
Static Address
DHCP client
DHCPv6 client
GRE
L2TP
Unmanaged
PPP
PPPoE
PPtP
Cellular
QMI Cellular
Relay Bridge
Table 10.1-2: Network Interface Protocols
The protocols should be assigned to interfaces as shown in Table 10.1-2 based on how the user wants the interfaces to work. The interface requires additional selection or configuration of settings such as default gateway, gateway metric, DHCP server, and firewall zone to name a few. These settings may be mandatory, optional, or not used by the interface; the interface configuration depends on both the protocol selected as well as the organization's requirements.
Please review the following before configuring the LAN, WAN, and WWAN interfaces.
· If any two interfaces in Table 10.1-2 have the same protocol (for example, Static Address is assigned to LAN and WAN interfaces), the settings for configuring the interface will be nearly the same. For this reason, the protocols are described below. Refer to Sections 10.1.3.1 to 10.1.3.6 for descriptions of the protocol settings.
· The LAN interface should use Static Address. On the LAN interface, the Gateway is not required and DHCP server is optional, It can be used if you want the router (DHCP server) to dynamically assign IP addresses to clients connecting to the LAN.
ePack User Manual for E210 and E220 Series Devices
142
10: Network
· WAN and WWAN interfaces should use either Static Address, DHCP client, or DHCPv6 client. WAN also supports using PPPoE protocol. On the WAN and WWAN interfaces with Static Address as the assigned protocol, gateway is required for external interface, but it is not used for internal use. On the WAN and WWAN interfaces, the DHCP server should be disabled ("Ignore interface" will be selected).
All the other protocols listed in Table 10.1-2 are supported after you add a virtual interface based on the requirement. For example, if an L2TP VPN is set up, a virtual interface with L2TP protocol should be used to configure the L2TP VPN connection. For descriptions on these protocols, see Section 10.1.8 Add Virtual Interface.
The physical or virtual interfaces can be set to Unmanaged, if no protocol is desired. This setting may be used to enumerate an interface for firewall purposes.
10.1.3.1 Static Address
The following table describes the Static Address protocol settings.
Parameters General Settings Protocol Bring up on boot IPv4 Address IPv4 Netmask IPv4 Gateway IPv4 broadcast Use Custom DNS servers IPv6 assignment length
Advanced Settings Use builtin IPv6 -management Force link
Description
Static Address Static configuration with fixed address and netmask
Allows the interface to be live after every reboot. Bring up on boot is checked by default.
Enter the IPv4 Address. This IP Address must be used to access the Router. The default IP Address is 198.162.1.1 for LAN.
Select the IPv4 Netmask.
Enter the IPv4 Address for Gateway.
Enter the IPv4 Address for broadcast.
Enter the IP address of the custom DNS server. Click the + button to add more DNS servers.
Select the IPv6 assignment length. Available Options
· 64 or 60 Assign a part of the given length of public IPv6prefix to this interface.
· disabled do not assign part of the prefix to this interface · --custom-- Assign a part of the given length of public IPv6-
prefix to this interface. IPv6 assignment length is disabled by default. If assignment length is disabled, enter the following:
IPv6 address - Enter the IPv6 Address. IPv6 gateway - Enter the IPv6 Address for Gateway. IPv6 routed prefix - Enter the public prefix to direct the client distribution to the router. If assignment length is 60, 64, or custom, enter the following: IPv6 assignment hint -Enter hexacimal subprefix ID for this instance to assign prefix parts. IPv6 suffix - Enter the IPv6 suffix.
Allows to use the built in IPv6 management configuration.
Select this option to assign interface properties regardless of the link
ePack User Manual for E210 and E220 Series Devices
143
10: Network
Parameters
Description being active or not. If not selected, items are assigned only after the link has become active. Default is not selected.
Override MAC address
Click to override the default MAC Address for the WAN Interface. On factory reset, it will be set to default MAC address.
Override MTU
Enter the number of bytes indicating the largest physical packet size that the network can transmit.
The default MTU size is 1500 bytes. Blank value represents auto MTU size
Use gateway metric
Enter the gateway metric. It ensures a separate routing entry for the respective interface in the main routing table.
The default metric is 5.
Physical Settings
Bridge Interfaces
Click to enable creating a bridge over multiple interfaces.
Enable STP Check to enable the Spanning Tree Protocol over the bridge.
Enable IGMP snooping Check to enable IGMP snooping on the bridge.
Interface
Select the interface to be configured.
Select more than one interface, if parameter creating a bridge over multiple interfaces is enabled.
Firewall Settings
Create/Assign firewall -zone
Select the firewall zone to be assigned to the interface.
Select unspecified or create to remove the interface or assign a new zone to the interface respectively.
Enter the name of the new zone in the text box and click Save & Apply button.
DHCP Server - DHCP Server is used only for LAN interfaces
DHCP > General Setup
Ignore Interface
Check to disable the DHCP interface.
Note · If DHCP server is disabled for the interface, all the LAN
devices connected to the router should have a static LAN IP configured.
Start
Lowest leased address as offset from the network address.
Example · If your LAN IP address is 192.168.1.1 and the parameter Start
is configured as 100, then the starting IP Address of the leased IP Address range is 192.168.1.100
Limit
Maximum number of leased addresses that can be configured.
Example · If your LAN IP Address is 192.168.1.1, the parameter Start is
configured as 100, and parameter Limit is configured as 150, then a total of 150 devices are configured. Thus the leased IP Address range is 192.168.1.100 to 192.168.1.249.
ePack User Manual for E210 and E220 Series Devices
144
10: Network
Parameters Lease time
Description
Remaining time until which the device can use the DHCP server leased IP Address.
Note · IP address allocated by the router will disappear from the
Wi-Fi / Overview / Associates stations list only after individual lease time for each IP expires.
DHCP > Advanced Settings Dynamic DHCP
Force IPv4-Netmask
DHCP-Options
Check to allocate DHCP IP addresses dynamically to the clients. When unchecked, service will be provided only to the clients having the static IP Address.
Check to override the current configured Server and use DHCP server.
Enter the IPv4 netmask. This netmask will override the netmask used by the clients. In normal scenario netmask is calculated from the subnet.
Define additional DHCP options
Example · "6,192.168.2.1, 192.168.2.2" which advertises different DNS
servers to clients.
DHCP > IPv6 Settings Router Advertisement-Service DHCPv6-Service NDP-Proxy DHCPv6-Mode
Always announce default router Announced DNS servers Announced DNS domains
Select the Router Advertisement-Service mode; disabled, server mode, relay mode, hybrid mode.
Select the DHCPv6-Service mode; disabled, server mode, relay mode, hybrid mode.
Select the NDP mode; disabled, server mode, relay mode, hybrid mode.
Select the DHCPv6-Service mode: Stateless Stateful Stateless + Stateful
Stateful only
If ticked Announce as default router even if no public prefix is available.
Add the DNS servers
Add the DNS domains.
Table 10.1-3: Static Address Protocol Settings
ePack User Manual for E210 and E220 Series Devices
145
10.1.3.2 DHCP Client
The following table describes the DHCP Client protocol settings.
10: Network
Parameters General Settings Protocol Bring up on boot
Hostname to send when requesting DHCP Advanced Settings Use builtin IPv6 -management Force link
Use broadcast flag
Use default gateway
Use DNS server advertised by peer
Use gateway metric
Client ID to send when requesting DHCP Vendor Class to send when requesting DHCP Override MAC address
Override MTU
Physical Settings Bridge Interfaces
Description
DHCP client Address and netmask are assigned by DHCP. Allows the interface to be live after every reboot. Bring up on boot is checked by default. Hostname of the router
Allows to use the built in IPv6 management configuration. Select this option to assign interface properties regardless of the link being active or not. If not selected, items are assigned only after the link has become active. Default is not selected. Check to use the broadcast flag. This flag is generally used by the ISP's. Click to configure a default gateway route. None of the gateway routes are configured by default. Allows advertising the DNS server address. Use DNS server advertised by peer for WAN interface is checked by default. If unchecked, the advertised DNS server addresses are ignored. Enter the gateway metric. The Load Balancer uses these Metric values to determine priority of a WAN. The default metric is 4. Enter the Client ID that shall be sent when requesting DHCP.
To allocate DHCP IP Addresses based on Vendor Class.
Click to override the default MAC Address for the WAN Interface. On factory reset, it will be set to default MAC address. Enter the number of bytes indicating the largest physical packet size that the network can transmit. The default MTU size is 1500 bytes. Blank value represents auto MTU size
Click to enable creating a bridge over multiple interfaces. Enable STP Check to enable the Spanning Tree Protocol over the bridge. Enable IGMP snooping Check to enable IGMP snooping on the bridge.
ePack User Manual for E210 and E220 Series Devices
146
10: Network
Parameters Interface
Firewall Settings Create/Assign firewall -zone
Description Select the interface to be configured. Select more than one interface if parameter creating a bridge over multiple interfaces is enabled.
Select the firewall zone to be assigned to the interface. Select unspecified or create to remove the interface or assign a new zone to the interface respectively. Enter the name of the new zone in the text box and click Save & Apply button.
Table 10.1-4: DHCP Client Protocol Settings
10.1.3.3 DHCPv6 Client
The following table describes the DHCPv6 Client protocol settings.
Parameters General Settings Protocol Bring up on boot Request IPv6-address Request IPv6-prefix of length
Advanced Settings Use builtin IPv6 -management Force link
Use default gateway Custom delegated IPv6 prefix Use DNS server advertised by peer
Client ID to send when requesting DHCP
Description
DHCPv6 Client Address and netmask are assigned by DHCP Allows the interface to be live after every reboot. Bring up on boot is checked by default. Enter the behavior for requesting addresses. Options are try (default), force, and disabled Enter the IPv6 address prefix length in bits. Options are:
Unspecified Automatic (default) disabled use if you want single IPv6 address for the AP without a subnet for routing 48, 52, 56, 60, 64 hinted prefix length custom enter custom prefix length
Allows to use the built in IPv6 management configuration. Select this option to assign interface properties regardless of the link being active or not. If not selected, items are assigned only after the link has become active. Default is not selected. Click to configure a default gateway route. None of the gateway routes are configured by default. Enter the custom IPv6 prefix to be used. Allows advertising the DNS server address. Use DNS server advertised by peer for WAN interface is checked by default. If unchecked, the advertised DNS server addresses are ignored. Enter the Client ID that shall be sent when requesting DHCP.
ePack User Manual for E210 and E220 Series Devices
147
10: Network
Parameters Override MAC address Override MTU
Physical Settings Bridge Interfaces
Interface
Firewall Settings Create/Assign firewall -zone
Description Click to override the default MAC Address for the WAN Interface. On factory reset, it will be set to default MAC address.
Enter the number of bytes indicating the largest physical packet size that the network can transmit. The default MTU size is 1500 bytes. Blank value represents auto MTU size
Click to enable creating a bridge over multiple interfaces. Enable STP Check to enable the Spanning Tree Protocol over the bridge. Enable IGMP snooping Check to enable IGMP snooping on the bridge.
Select the interface to be configured. Select more than one interface, if parameter creating a bridge over multiple interfaces is enabled.
Select the firewall zone to be assigned to the interface. Select unspecified or create to remove the interface or assign a new zone to the interface respectively. Enter the name of the new zone in the text box and click Save & Apply button.
Table 10.1-5: DHCPv6 Client Protocol Settings
10.1.3.4 PPPoE
The following table describes the PPPoE protocol settings.
Parameters General Settings Protocol Bring up on boot
PAP/CHAP username PAP/CHAP password Access Concentrator Service Name
Advanced Settings Use builtin IPv6 management Force link
Description
PPPoE Point to Point Protocol over Ethernet Allows the interface to be live after every reboot. Bring up on boot is checked by default. Enter the PAP/CHAP username. The default password is admin. Enter the PAP/CHAP password. Enter the access concentrator name. Enter the service name. Note · Access Concentrator name and Service Name gets auto
populated from PPPoE Access Point Router if they are not explicitly provided
Allows to use the built in IPv6 management configuration Select this option to assign interface properties regardless of the link being active or not.
ePack User Manual for E210 and E220 Series Devices
148
10: Network
Parameters
Obtain IPv6-Address Use default gateway Use DNS servers advertised by peer Use gateway metric LCP echo failure threshold LCP echo interval Host-Uniq tag content Inactivity timeout Override MTU Physical Settings Bridge Interfaces
Interface
Firewall Settings Create/Assign firewall -zone
Description If not selected, items are assigned only after the link has become active. This is the default.
Allow IPv6 negotiation on the PPP link
Select to use the default gateway. If unselected, no default route will be configured.
Select to use DNS servers advertised by peer, otherwise ignore advertised DNS servers.
Enter gateway metric.
Enter the number of LCP echo request failures allowed before considering the peer dead. Set to zero (0) to ignore failures.
The LCP echo interval in seconds. LCP echo failure threshold must be set, otherwise this value is ignored. Enter the custom Host-Uniq tag to be used.
Enter the inactivity timeout in seconds, Close the connection if the timeout is reached or enter zero (0) to ignore inactivity timeout.
Enter MTU size in bytes. The default is 1500 bytes.
Click to enable creating a bridge over multiple interfaces. Enable STP Check to enable the Spanning Tree Protocol over the bridge. Enable IGMP snooping Check to enable IGMP snooping on the bridge.
Select the interface to be configured. Select more than one interface, if parameter creating a bridge over multiple interfaces is enabled.
Select the firewall zone to be assigned to the interface. Select unspecified or create to remove the interface or assign a new zone to the interface respectively. Enter the name of the new zone in the text box and click Save & Apply button.
Table 10.1-6: PPPoE Protocol Settings
10.1.3.5 Cellular
The following table describes the Cellular protocol settings.
Parameters General Settings Protocol
Bring up on boot
Cellular Module Modem device
Description
Cellular - CDMA, UMTS, or GPRS connection using an AT-style 3G modem Allows the interface to be live after every reboot. Bring up on boot is checked by default. Displays the Cellular module Displays the cellular modem device
ePack User Manual for E210 and E220 Series Devices
149
10: Network
Parameters
Description
Service Type
Select the cellular service type to use or select Automatic to let the device use the best available network
IP Protocol
Select from IPv4, IPv4 + IPv6, or IPv6.
Advanced Settings
Use builtin IPv6 -management Allows to use the built in IPv6 management configuration.
Force link
Select this option to assign interface properties regardless of the link being active or not.
If not selected, items are assigned only after the link has become active.
Default is not selected.
Enable IPv6 negotiation on PPP link
Click to enable IPv6 negotiation on PPP link.
Modem init timeout
Enter the maximum wait time in seconds for the modem to become ready.
The default modem initiation timeout 20 seconds.
Use default gateway
Click to configure a default gateway route. None of the gateway routes are configured by default.
Use gateway metric
Enter the gateway metric. The default metric is 5.
Use DNS servers advertised by peer
For Cellular protocol only. Select the box to use DNS servers advertised by peer.
MTU Size/Override MTU
Enter the number of bytes indicating the largest physical packet size that the network can transmit.
The default MTU size is 1500 bytes. Blank value represents auto MTU size
Firewall Settings
Create/Assign firewall -zone
Select the firewall zone to be assigned to the interface.
Select unspecified or create to remove the interface or assign a new zone to the interface respectively.
Enter the name of the new zone in the text box and click Save & Apply button.
SIM Settings (E220 series) or SIM1/SIM2 Settings (E210 series)
APN
Enter the Access Point Name provided by the cellular network operator.
PIN
Enter the PIN of the SIM card
Authentication Type
Enter the authentication method used for the cellular connection. PAP, PAP/CHAP, CHAP (these require username and password) or None
Enable roaming
Enable data roaming on the cellular interface
Cid
Only on E220 series. Enter Cid value or leave as default
Table 10.1-7: Cellular Protocol Settings
ePack User Manual for E210 and E220 Series Devices
150
10: Network
10.1.3.6 QMI Cellular
The following table describes the QMI Cellular protocol settings.
Parameters General Settings Protocol Bring up on boot
Modem device PDP Type Service Type Primary SIM
Retries
Period after which the router will try and return to primary SIM
Routine switch to secondary SIM Advanced Settings Use builtin IPv6 -management Force link
Enable IPv6 negotiation on PPP link Modem init timeout
Use default gateway
Use gateway metric
MTU Size/Override MTU
Firewall Settings
Description
QMI Cellular USB modems using QMI protocol
Allows the interface to be live after every reboot. Bring up on boot is checked by default.
Displays the modem device
Enter the IP stack mode as IPv4, IPv6, or IPv4/IPv6 (dual stack)
Select the cellular service type to use or select Automatic to let the device use the best available network
Only available on E210 series devices that have dual SIM support. SIM1 or SIM2
Only available on E210 series devices that have dual SIM support. Enter the number of retry attempts to make on the primary SIM before switching to the secondary SIM in case of data connection failures. After the retry limit has been reached, the device will connect via the secondary SIM.
Only available on E210 series devices that have dual SIM support. Enter the number of minutes after failover to the secondary SIM that the router should wait before attempting to switch back to the primary SIM.
Enter the number of minutes after which the interface should switch from primary to secondary SIM.
Allows to use the built in IPv6 management configuration.
Select this option to assign interface properties regardless of the link being active or not. If not selected, items are assigned only after the link has become active. Default is not selected.
Click to enable IPv6 negotiation on PPP link.
Enter the maximum wait time in seconds for the modem to become ready. The default modem initiation timeout 20 seconds.
Click to configure a default gateway route. None of the gateway routes are configured by default.
Enter the gateway metric. The default metric is 5.
Enter the number of bytes indicating the largest physical packet size that the network can transmit. The default MTU size is 1500 bytes. Blank value represents auto MTU size
ePack User Manual for E210 and E220 Series Devices
151
10: Network
Parameters
Description
Create/Assign firewall -zone
Select the firewall zone to be assigned to the interface.
Select unspecified or create to remove the interface or assign a new zone to the interface respectively.
Enter the name of the new zone in the text box and click Save & Apply button.
SIM Settings (E220 series) or SIM1/SIM2 Settings (E210 series)
APN
Enter the Access Point Name provided by the cellular network operator.
PIN
Enter the PIN of the SIM card
Authentication Type
Enter the authentication method used for the cellular connection. PAP, PAP/CHAP, CHAP (these require username and password) or None
Enable roaming
Enable data roaming on the cellular interface
Cid
Only on E220 series. Enter Cid value or leave as default
Table 10.1-8: QMI Cellular Protocol Settings
ePack User Manual for E210 and E220 Series Devices
152
10: Network
10.1.4 CELLULAR Interface
Network > Interfaces > CELLULAR This page allows you to configure the Cellular interface parameters. Actual parameters may differ based on your router model number. When the Cellular interface is first enabled or when the router is factory reset, the router detects the GSM module and assigns the appropriate protocol. The protocol can be either Cellular for Sierra HL GSM modules or QMI Cellular for Sierra WP GSM modules. Interface configuration settings will vary depending on the assigned protocol. For descriptions of the Cellular protocol and QMI Cellular protocol settings, see Section 10.1.3.5 and Section 10.1.3.6, respectively.
To edit the interface: 1. Go to Network > Interfaces, select CELLULAR and click Edit.
2. Configure the interface settings respective to the router model number.
a. See Section 10.1.3.5 for Cellular or Section 10.1.3.6 for QMI Cellular protocol settings.
b. General Settings - Protocol should not be changed for the cellular interface.
c. Firewall Settings - Firewall zone should be set as WAN zone.
d. SIM Settings For E210 series models that support dual SIM, two SIM settings tabs will be displayed. See the figure below. For devices that support only a single SIM, one SIM Settings tab will be displayed.
3. Click Save.
4. On the Network Interfaces overview page, click Save & Apply to save the configuration on the router.
ePack User Manual for E210 and E220 Series Devices
153
10: Network Figure 10.1-3: Cellular Interface dual SIM Configuration (E214 shown)
ePack User Manual for E210 and E220 Series Devices
154
10: Network
10.1.5 LAN Interface
Network > Interface > LAN
This page allows you to configure the LAN interface with respect to the router model number. The LAN interface should use Static Address. Gateway is not required. DHCP server may be used to dynamically assign an IP address to clients connecting to the LAN. If DHCP server is disabled for the interface, all the LAN devices connected to the router should have a static LAN IP configured. DHCP Server The DHCP server maintains a database of available IP addresses and configuration information. When it receives a request from a client, the DHCP server determines the network to which the DHCP client is connected, and allocates an IP address or prefix appropriate for the client, and sends configuration information appropriate for that client. DHCP servers typically grant IP addresses to clients for a limited interval called a lease. DHCP clients are responsible for renewing their IP address before that interval has expired, and must stop using the address once the interval has expired, if they have not been able to renew it. DHCP is used for IPv4 and IPv6. While both versions serve the same purpose, the details of the protocol for IPv4 and IPv6 are sufficiently different that they should be considered separate protocols. The router acts as the DHCP server and assigns the IP Address to device(s) connected to the network.
Interface configuration settings are determined mainly by the protocol selection. For a description of the Static Address protocol settings, see Section 10.1.3.1.
ePack User Manual for E210 and E220 Series Devices
155
To edit the interface: 1. Go to Network > Interfaces, select LAN and click Edit.
10: Network
2. Configure the interface settings respective to the router model number.
a. See Section 10.1.3.1 for Static Address protocol settings.
b. General Settings Protocol should be Static Address for the LAN interface. Gateway is not required.
c. Physical Settings By default, the LAN interface bridges the eth0.1 and wlan0 physical interfaces.
d. Firewall Settings - Firewall zone should be set as LAN zone.
ePack User Manual for E210 and E220 Series Devices
156
10: Network
e. DHCP Server DHCP server may be used to assign IP address to clients connecting to the LAN. To enable the DHCP server, make sure that the check box "Ignore Interface" is not selected, and configure the other DHCP settings.
3. Click Save. 4. On the Network Interfaces overview page, click Save & Apply to save the configuration.
ePack User Manual for E210 and E220 Series Devices
157
10: Network
10.1.6 WAN and WAN6 Interface
Network > Interface > WAN or WAN6 This page allows you to configure the WAN and WAN6 interface parameters. WAN interface supports IPv4 or dual mode IPv4/IPv6. WAN6 interface supports IPv6 mode. Otherwise, the WAN and WAN6 interfaces provide similar functionality and are configured in a similar manner. The WAN or WAN6 interface will use either Static Address, DHCP client, DHCPv6 client, or PPPoE protocol. If you assign Static Address as the protocol, IPv4 gateway is required for external interface, but should not be used for internal use. DHCP server should be disabled. The interface configuration parameters will depend on the assigned protocol. For descriptions of the Static Address, DHCP Client, or PPPoE protocol settings, see Section 10.1.3.1, Section 10.1.3.2, or Section 10.1.3.4, respectively. For DHCPv6 Client, see Section 10.1.3.3.
To edit the interface: 1. Go to Network > Interfaces, select WAN and click Edit.
ePack User Manual for E210 and E220 Series Devices
158
10: Network
Figure 10.1-4: WAN Interface (Static Address)
2. Configure the interface settings respective to the router model number. a. See Section 10.1.3.1 for Static Address, Section 10.1.3.2 for DHCP client, or Section 10.1.3.4 for PPPoE protocol settings. b. General Settings To update the WAN protocol, select the protocol and click the Switch Protocol button. IPv4 gateway is required for external interface, but should not be used for internal use. c. Firewall Settings - Firewall zone should be set as WAN zone.
ePack User Manual for E210 and E220 Series Devices
159
10: Network
d. DHCP Server DHCP server should be disabled. Make sure to select "Ignore Interface."
3. Click Save. 4. On the Network Interfaces overview page, click Save & Apply to save the configuration.
ePack User Manual for E210 and E220 Series Devices
160
10: Network
10.1.7 WWAN and WWAN6 Interface
Network > Interface > WWAN or WWAN6
This page allows you to configure the WWAN and WWAN6 interface parameters. When the Wireless interface is configured as Client, the WWAN interface will become active. WWAN interface supports IPv4 or dual mode IPv4/IPv6. WWAN6 interface supports IPv6 mode. Otherwise, the WWAN and WWAN6 interfaces provide similar functionality and are configured in a similar manner. The WWAN or WWAN6 interface will use either Static Address, DHCP client, or DHCPv6 client protocol. On the WWAN interface, if you assign Static Address as the protocol, IPv4 gateway is required for external interface, but should not be used for internal use. DHCP server should be disabled. Interface configuration settings will vary depending on the assigned protocol. For descriptions of the Static Address, DHCP Client or DHCPv6 Client, see Section 10.1.3.1, Section 10.1.3.2, or Section 10.1.3.3, respectively.
To edit the interface: 1. Go to Network > Interfaces, select WWAN and click Edit.
2. Configure the interface settings respective to the router model number.
a. See Section 10.1.3.1 for Static Address or Section 10.1.3.2 for DHCP protocol settings.
b. General Settings To update the WWAN protocol, select the protocol and click the Switch Protocol button. If Static IP address protocol is selected, IPv4 gateway is required for external interface, but should not be used for internal use.
c. Advanced Settings - Similar to WAN DHCP settings, except the metric is fixed by default for other features to work as per requirement.
d. Firewall Settings - Firewall zone should be set as WAN zone.
e. DHCP Server DHCP server should be disabled. Make sure to select "Ignore Interface."
ePack User Manual for E210 and E220 Series Devices
161
10: Network
3. Click Save. 4. On the Network Interfaces overview page, click Save & Apply to save the configuration.
ePack User Manual for E210 and E220 Series Devices
162
10: Network
10.1.8 Add Virtual Interface
You can create a virtual network interface to configure a VPN tunnel that encapsulates data inside a transport protocol. GRE, L2TP, PPP, and PPtP, are examples of tunneling protocols that the ePack software supports. In general, virtual interfaces can also be used for other reasons, such as to configure a relay bridge to extend the wireless network or for VLANs (see Section 10.3 Switch).
Note · Adding a virtual interface may require complex configuration modifications in the load
balancer settings. For more details, please visit Lantronix Technical Support.
To add a new interface: 1. Go to Networks > Interfaces, and click Add new interface below the list of existing interfaces. 2. Enter the interface name. The name must include only alpha numeric characters and special character underscore ( _ ). 3. Select the protocol to assign to the interface 4. Click Create interface to create the interface. 5. Configure the interface settings relative to the selected protocol. a. The first field below the protocol selection is Bring up on boot. This is enabled by default and will start the interface when the router is booted. b. For the remaining configuration details, refer to Table 10.1-9: Tunnel Protocols Configuration. 6. Click Save to save the new interface. 7. Click Save & Apply to apply the configuration to the router.
Figure 10.1-5: Add New Interface
Protocol GRE
Parameters
GRE point-to-point tunnel over IPv4 General Settings
Bring up on boot Start the interface when the device is booted. Selected by default. Enable GRE tunnel Enable GRE on the interface. GRE Server Address Enter the WAN IP address or domain name of the remote GRE server. Local Address Enter the WAN IP address of the router
ePack User Manual for E210 and E220 Series Devices
163
Protocol L2TP PPP
10: Network
Parameters Local Tunnel Address Enter the local IP address of the router on the GRE tunnel Remote Tunnel Address Enter the remote IP address on the GRE tunnel Keepalive Interval (in minutes) The amount of time before sending a keepalive probe packet to check the connection Keepalive Retries The number of unanswered echo requests before considering the peer dead Interface Enter the interface to bind to GRE. GRE cannot move from one interface to another. It must be bound to a particular interface. Advanced Settings Use builtin IPv6 management - Allows to use the built in IPv6 management configuration Force link - Select this option to assign interface properties regardless of the link being active or not. If not selected, items are assigned only after the link has become active. This is the default. Firewall Settings Select the WAN zone as the firewall zone.
PPP over L2TP pseudowire tunnel General Settings
Bring up on boot Start the interface when the device is booted. Selected by default. L2TP Server Enter the public IP address of the VPN server for L2TP connection PAP/CHAP username Enter the PAP/CHAP username. The default password is admin. PAP/CHAP password Enter the PAP/CHAP password. Advanced Settings Advanced settings are similar to those of PPPoE with a few exceptions as noted below. See Section 10.1.3.6 for a description of the configuration. Keepalive Requests is similar to LCP echo failure threshold. Checkup Interval is similar to Inactivity timeout. L2TP does not include fields for LCP echo interval or Host-Uniq tag content. Firewall Settings Select the WAN zone as the firewall zone.
PPP protocol for dialup modem connections General Settings
Modem device Select the modem device from the list. PAP/CHAP username Enter the PAP/CHAP username. The default password is admin. PAP/CHAP password Enter the PAP/CHAP password. Advanced settings Advanced settings are similar to those of PPPoE. See Section 10.1.3.6 for a description of the configuration. Firewall Settings Select the WAN zone as the firewall zone.
ePack User Manual for E210 and E220 Series Devices
164
10: Network
Protocol PPtP
Parameters
Point to Point Tunneling Protocol (PPtP) VPN General Settings
VPN Server Enter the public IP Address or DNS name of the remote VPN Server for the PPTP connection. PAP/CHAP username Enter the PAP/CHAP username. PAP/CHAP password Enter the PAP/CHAP password. The default password is admin. Interface Select the interface that the device will use to initiate the PPtP connection. Unspecified use the active interface to make the connection. Advanced Settings Advanced settings are similar to those of PPPoE. See Section 10.1.3.6 for a description of the configuration. One additional setting is described below: Use mppe Select to enable encryption if this setting is enabled on the remote server. Firewall Settings Select the WAN zone as the firewall zone.
Note: · Enabling PPtP will also enable a 20mins PPtP watchdog
which will reboot the router in absence of an active PPtP connection for a period of 20 mins.
Table 10.1-9: Tunnel Protocols Configuration
10.1.8.1 Relay Bridge
The Relay Bridge protocol provides an option to implement bridge behavior (on IPv4 only) to extend the wireless network. The virtual interface must have a local IPv4 address to access the bridge connection and relay between two networks.
ePack User Manual for E210 and E220 Series Devices
165
10: Network
10.2 Wireless
Network > Wireless
The Wireless interface on the router can work in different modes:
· Master mode as a Wi-Fi access point The router provides Internet to other host machines in its network over Wi-Fi. It can get Internet connection from WAN or cellular.
· Client mode as a Wi-Fi client The router will act as a client to existing wireless networks. The router will accept the Internet access through wireless access provided by another service provider and then distribute the access to the machines connected to the router on its LAN interface.
· WDS access point and WDS client modes Wireless Distribution System (WDS) allows the interconnection of access points in an IEEE 802.11 network. It allows you to bridge two routers (as WDS access points) wirelessly to extend the Wi-Fi network. WDS client mode allows a router to connect to a WDS access point. WDS with WPA-PSK, WPA2-PSK, WPAPSK/WPA2-PSK Mixed Mode encryption modes are supported.
· 802.11s mode The IEEE 802.11s amendment for mesh networking to the IEEE 802.11 Wireless LAN standard focuses on mechanisms for connecting wireless devices without having to set up infrastructure. The 802.11s mode allows interconnecting routers to implement a mesh network.
· Ad-hoc and Pseudo Ad-hoc (ahdemo) modes Ad-hoc mode is used to allow two stations to communicate directly without an intermediary. Pseudo ad-hoc (ahdemo) mode is a variant of ad-hoc mode. Ad-hoc and pseudo ad-hoc modes were used in earlier implementations of mesh networks, but have been succeeded by 802.11s mesh networks.
· Monitor mode this is a client mode setting in which the wireless interface will listen to all traffic, not just its own.
The router can act as master as well as client at the same time provided that the router's Wi-Fi client is connected to any AP.
Parameters Wireless Overview Status and Details
Figure 10.2-1: Wireless Overview
Description
Displays the following details: SSID A Service Set Identifier (SSID) is a public identifier of 32 characters that uniquely names a Wi-Fi connection.
ePack User Manual for E210 and E220 Series Devices
166
10: Network
Parameters
Scan
Restart Add Enable/Disable Edit Remove Associated Station Network MAC-Address Host Signal/Noise RX Rate/TX Rate
Description Mode Displays the mode of WLAN interface like Access Point Mode or Client Mode. BSSID Displays Basic Service Set Identification (BSSID); 24 bit MAC Address of Wireless Access Point. Encryption Displays the data encryption method. Channel Wi-Fi channel Tx-Power Transfer power limit Signal Strength Displays the signal strength in percentage Bitrate Data transfer rate Country country code
Click to scan and detect the available wireless connections. Scanning must be done when the router is changed from Master mode to client mode.
Click to restart the radio interface.
Click to add an new network instance.
Click to enable or disable the network instance.
Click to edit the network instance.
Click to remove the network instance.
Displays the SSID that the station is connected to.
Displays the MAC Address of the computers and/or devices that are connected to the router.
Displays the Host name of the computers and/or devices that are connected to the router.
Displays the signal strength in dBm. Noise in dBm.
Displays the data transfer rate at which the data is received. Data transfer rate at which the data is transmitted.
Table 10.2-1: Wireless Connection and Associated Stations Overview
ePack User Manual for E210 and E220 Series Devices
167
10: Network
10.2.1 Wireless Network Configuration
Network > Wireless > Add/Edit Wireless network configuration consists of device and interface settings. The wireless device settings specify radio properties such as channel, driver type and power. The wireless interface configuration defines the wireless network settings on top of the wireless device.
10.2.1.1 Device Configuration
Network > Wireless > Add/Edit The wireless device configuration parameters are shown in the top half of the Wireless Configuration page. The following figure shows an example of the device configuration settings.
General Setup
Figure 10.2-2: Wireless Device General Configuration (E228 device)
Parameters Status
Description
Displays the following details: Mode Displays the mode of the wireless interface. SSID A Service Set Identifier (SSID) is a public identifier of 32 characters that uniquely names a Wi-Fi connection. BSSID Displays Basic Service Set Identification (BSSID); 24 bit MAC Address of Wireless Access Point. Encryption Displays the data encryption method. Channel Displays the channel and frequency Tx-Power Displays the transmit power in dBm Signal/Noise Displays the signal strength and noise in dBm Bitrate/Country Displays the bit rate and country code
ePack User Manual for E210 and E220 Series Devices
168
10: Network
Parameters Wireless network is enabled
Operating Frequency /Channel
Maximum Transmit Power
Description
This field allows you to enable or disable the network. The label displays either "Wireless network is enabled" or "Wireless network is disabled." Click Enable or Disable to update the network operation status.
Choose the channel frequency and width from the drop down menu, or choose `auto', to select it automatically. Channels are defined in 5 MHz increments and are 20 MHz wide, so it's recommended to select 'auto' or to select channels that don't overlap with channels used by other access points in the immediate area of the access point that you are configuring. You may also add a custom channel.
Select the transmit power. The default selection is 20dBm or 100mW.
Table 10.2-2: Wireless Device General Configuration
Advanced Settings
Figure 10.2-3: Wireless Network Device Advanced Configuration
Parameters Country Code
Allow legacy 802.11b rates
Description
Choose the country code corresponding to the country where the router is operational. This ensures that the channels available in that country are enabled. You can choose driver default to allow the driver to make the selection. By choosing `00' (World), the router will select the appropriate channel in your country.
Select to allow 802.11b rates
ePack User Manual for E210 and E220 Series Devices
169
10: Network
Parameters Distance Optimization Fragmentation Threshold
RTS/CTS Threshold
Description
Displays the distance (in meters) of the farthest machine in your network from the router. Used to optimize the operation of the Wi-Fi network.
Default is auto.
Displays the Fragmentation threshold value (in number of bytes). Fine-tuning Fragmentation Threshold parameter can result in good throughput but a wrong value can result in low throughput. The range of values is 256 to 2346 bytes. In a noisy environment, a smaller value of Fragmentation Threshold may result in more efficient communication.
Default is off.
Displays the RTS/CTS threshold between 0 to 2347 bytes, typical value being 500. This setting is for advanced users. It prevents collision of wireless packets, particularly in case of hidden nodes or in a noisy environment.
Default is off.
Note · In case of access point setting, it is recommended not to use
RTS/CTS threshold.
Beacon Interval
Displays the interval between each of the beacons sent by the access point. Value is in milliseconds.
Default is 100.
Table 10.2-3: Wireless Device Advanced Configuration
10.2.1.2 Interface Configuration
Wireless > Add/Edit
The wireless interface configuration parameters are shown in the bottom half of the Wireless Configuration page. To configure the interface settings, first select the Mode. The Mode and your specific network requirements will determine how you configure the interface settings. In general, the wireless interface mode will be one of the following: access point (master), client, point-to-point or a mesh network. The wireless interface may also operate in monitor mode, in which it simply listens to all wireless traffic, not just its own.
Figure 10.2-4 shows the General Setup tab of the Wireless Interface configuration in Access Point (Master) mode.
Table 10.2-4 shows the configuration parameters for the General Setup tab for all modes. 802.11s general settings are described separately from the other mode settings.
The remaining Wireless Interface configuration settings are also described in this section.
ePack User Manual for E210 and E220 Series Devices
170
General Setup
10: Network
Figure 10.2-4: Wireless Interface General Configuration (Access Point mode)
Parameters
Description
Mode
Select the Wi-Fi Interface mode.
Available Options
Access Point router will act as an access point (master mode)
Client - router will act as a wireless client
Ad-Hoc point to point connection between two stations without an intermediary
802.11s used for mesh networking
Pseudo Ad-Hoc (ahdemo) variant of ad-hoc mode that provides a point to point connection between two stations without an intermediary
Monitor client mode setting where wireless interface will listen to all traffic, not just its own.
Access Point (WDS) used for bridging two routers as WDS access points wireleslly to extend the Wi-Fi network. WDS with WPA-PSK, WPA2-PSK, WPA-PSK/WPA2-PSK Mixed Mode encryption modes are supported.
Client (WDS) - WDS client mode allows a router to connect to a WDS access point.
The default mode is Access Point.
Mode: All modes except 802.11s
ESSID
Displays the device name assigned to the router.
The default name is Lantronix E22X for E220 series routers or Lantronix E21X for E210 series routers.
BSSID
This field is displayed for Client, Client (WDS), and Ad-Hoc modes only.
Basic Service Set Identifier (BSSID) - 48-bit MAC address for the access point of the BSS. This can be left blank.
ePack User Manual for E210 and E220 Series Devices
171
10: Network
Parameters Network Hide ESSID WMM Mode
Mode: 802.11s Mesh Id Network
Description
Select LAN for the Access Point or WWAN for Client Mode to configure the Router as LAN or WWAN respectively.
Select Hide ESSID, to hide ESSID when client machines scan for available Wi-Fi networks.
This field is displayed for Access Point and Access Point (WDS) only. Wi-Fi Multimedia (WMM) is a subset of the 802.11e wireless LAN (WLAN) specification that enhances quality of service (QoS) on a network by prioritizing data packets.
Note · 802.11n spec requires devices to support 802.11e (Quality
of Service [QoS] enhancements for wireless LAN) in order to use HT (High Throughput) link rates, i.e. higher than 54 Mbps. WMM's Traffic Identifier (TID) field is key to aggregation mechanisms, including block acknowledgement (block ACK), that enable 802.11n's high throughput rates.
Since WMM support is required for products to be certified for 802.11n, WMM comes enabled by default in all Wi-Fi Certified n APs and wireless routers. So even if you don't have any WMM-aware devices on your network, leave WMM enabled or you may find your clients connecting only at 54 Mbps rates.
Enter the Mesh ID to uniquely identify the Mesh BSS (Basic service set). This should be 0 to 32 byte ASCII string. The Mesh ID is similar to the SSID.
Select LAN to configure as a LAN network.
Table 10.2-4: Wireless Interface General Configuration
ePack User Manual for E210 and E220 Series Devices
172
Wireless Security
Allows you to configure the encryption mode for the wireless interface.
10: Network
Figure 10.2-5: Wireless Interface Wireless Security Configuration (Access Point mode)
Parameters Encryption
Cipher
Description
Select the Encryption mode for Wi-Fi network. Available Options
No Encryption WPA-PSK/WPA2-PSK Mixed mode WPA2-PSK WPA-PSK WEP Shared Key WEP Open System The default encryption mode is WPA-PSK/WPA2-PSK Mixed mode. Note: If 802.11s or Pseudo Ad-hoc mode is selected, the encryption mode should be set to No Encryption.
For all encryption modes except No Encryption. Select the cipher suitable to the Router.
ePack User Manual for E210 and E220 Series Devices
173
10: Network
Parameters
Key 802.11r Fast Transition
802.11w Management Frame Protection Enable key reinstallation (KRACK) countermeasures
Description Available Options
Auto Force CCMP (AES) Force TKIP Force TKIP and CCMP (AES) The default cipher is auto mode.
Enter the key respective to cipher type
This setting is displayed only if the interface is an Access Point. Select to enable fast roaming among access points that belong to the same Mobility Domain. This setting is disabled by default.
This setting is displayed if the interface is an Access Point or Client. Select the 802.11w MFP option. The options are Disabled, Optional, and Required. The default value is Disabled.
This setting is displayed only if the interface is an Access Point. Select to enable KRACK countermeasures. This setting is disabled by default.
Table 10.2-5: Wireless Interface Wireless Security Configuration
MAC-Filter
The MAC-Filter settings apply to the interface configuration only when Access point mode (or Access point -WDS) is selected.
Figure 10.2-6: Wireless Interface MAC-Filter Configuration (Access Point mode)
Parameters MAC-Address Filter
Description
MAC Address Filter is use to allow or block certain client MAC Addresses. Available Options
Disable Allow listed only If this option is selected, choose the client MAC Addresses to allow. Allow all except listed If this option is selected, choose the client MAC Addresses to block. This setting is disabled by default.
Table 10.2-6: Wireless Interface MAC Filter Configuration
ePack User Manual for E210 and E220 Series Devices
174
Advanced Settings
10: Network
Figure 10.2-7: Wireless Network Interface Advanced Configuration (Access Point mode)
Parameters Isolate Clients
Forward mesh peer traffic
RSSI threshold for joining
Description
This setting appears in Access Point or Access Point (WDS) mode only. Prevent wireless clients on the wireless network from interacting with each other.
This setting appears in 802.11s mode only. By default this setting is selected to enable the interface to forward mesh peer traffic. Clear the box to disable.
This setting appears in 802.11s mode only.
ePack User Manual for E210 and E220 Series Devices
175
10: Network
Parameters
Interface name Short Preamble DTIM Interval
Time interval for rekeying GTK Disable Inactivity Polling
Station inactivity limit
Maximum allowed Listen interval Disassociate on Low Acknowledgement
Description Set the minimum RSSI value that peer radios must have for the station establish a link with it. Other options: Enter 0 to ignore an RSSI threshold. Enter 1 to use the driver default.
Specifies a custom name for the Wi-Fi interface, which is otherwise automatically named.
Select to enable optional use of short preamble.
Displays the Delivery Traffic Indication Message (DTIM) period value which determines how often a beacon frame includes a DTIM. This option only impacts access point interfaces. Default is 2. Range is 1-255.
GTK rekey interval of WPA security in seconds. Default is 600.
Select to disable inactivity polling. Disabling the inactivity polling allows the router to disconnect stations based on inactivity timeout so that idle stations are more likely to be disconnected even if they are still in range of the access point.
Specify the station inactivity limit in seconds. If a station does not send anything within this time period, the router sends a request to verify whether it is still in range. If the request is not acknowledged, the station will be disassociated and de-authenticated. Default is 300 seconds.
Displays the number of beacon periods that stations are allowed to remain asleep. Default 65535
Select to enable or disable. Disassociate stations based on excessive transmission failures or other indications of connection loss. Availability depends on driver capabilities. Enabled by default.
Table 10.2-7: Wireless Network Interface Advanced Configuration
10.3 Switch
Network > Switch
The E210 and E220 routers provide a common default VLAN configuration that contains a single network interface (eth0), leading to a 5-port VLAN enabled switch that is virtually partitioned into a LAN and WAN network by using VLANs.
By default, VLAN functionality is enabled as shown by the check box in the image below.
Note · For assistance configuring the switch functionality, please contact Lantronix Technical
Support.
ePack User Manual for E210 and E220 Series Devices
176
10: Network Figure 10.3-1: Switch Configuration
ePack User Manual for E210 and E220 Series Devices
177
10: Network
10.4 DHCP and DNS
Network > DHCP and DNS
Dynamic Host Configuration Protocol (DHCP) is a network protocol that is used to configure network devices to communicate on an IP network. A DHCP client uses the DHCP protocol to acquire configuration information, such as an IP address, a default route, and one or more DNS server addresses from a DHCP server. The DHCP client then uses this information to configure its host. Once the configuration process is complete, the host is able to communicate on the network.
For more details about basic setup of DHCP server on the LAN side refer to Network > LAN > DHCP Server.
DHCP and DNS sub-sections allows you to configure the advanced options like custom DNS servers, custom lease files, advanced TFTP settings and MAC Address based IP Address allocation.
ePack User Manual for E210 and E220 Series Devices
178
10.4.1 General Settings
Network > DHCP and DNS > General Settings
10: Network
Figure 10.4-1: DHCP Server and DNS Forwarder General Configuration
Parameters Server Settings Domain required
Description
Check to allow forwarding of DNS request only if they have domain name.
ePack User Manual for E210 and E220 Series Devices
179
10: Network
Parameters Authoritative Local server
Local domain
Log queries DNS forwardings Rebind protection Allow localhost
Domain whitelist Local Service Only
Non-wildcard
Listen Interfaces Exclude Interfaces Active DHCP Leases Hostname
IPv4-Address MAC-Address Leasetime remaining
Active DHCPv6 Leases Hostname
IPv6-Address DUID
Leasetime remaining
Static Leases Hostname
MAC-Address IPv4-Address IPv6-Suffix (hex)
Description Check to authorize the DHCP in the local network. Enter the local server domain specification. These domain names are only resoled using DHCP or host files. Enter the local domain suffix appended to DHCP names and host file entries. Log the DNS request received in the syslog server. Enter the DNS Server names to forward the received DNS requests. Check to discard upstream RFC1918 responses Check to allow upstream responses in the 127.0.0.0/8 range, e.g. for RBL services Enter the list of domain name to allow RFC1918 responses. Select to accept DNS queries only from hosts whose address is on a local subnet. Select to bind only configured interface addresses, instead of the wildcard address. Restrict listening to the specified interfaces. Prevent listening on the specified interfaces.
Name of the device that is connected to the router and has been leased an IP Address by DHCP server. IPv4 Address assigned to the device connected to the router. MAC address of the device connected to the router. Remaining time until which the device can use the DHCP server leased IP Address.
Name of the device that is connected to the router and has been leased an IPv6 Address by DHCPv6 server. IPv6 Address assigned to the device connected to the router. DUID (Device Unique Identifier) of the device connected to the router Remaining time until which the device can use the DHCPv6 sever leased IPv6 Address.
Name of the device that is connected to the router and has been assigned a static IP Address. MAC address of the device connected to the router. IPv4 Address to be assigned to the device connected to the router. IPv6 Address to be assigned to the device connected to the router.
Table 10.4-1: General Configuration of DHCP Server and DNS-Forwarder
ePack User Manual for E210 and E220 Series Devices
180
10.4.2 Resolv and Host Files
Network > DHCP and DNS > Resolv and Host File
10: Network
Figure 10.4-2: DHCP and DNS Resolv and Host File Configuration
Parameters Use /etc/ethers Leasefile
Ignore resolve file Resolve file Ignore /etc/hosts Additional Hosts file
Description Check to use /etc/ethers for configuring the DHCP-Server.
Enter the directory path name where given DHCP-leases will be stored. Check to ignore the resolved file. Enter the local DNS file. Check to ignore the hosts file. Enter the additional host files.
Table 10.4-2: Resolv and Host File Configuration for DHCP and DNS
ePack User Manual for E210 and E220 Series Devices
181
10: Network
10.4.3 TFTP Settings
Network > DHCP and DNS > TFTP Settings This page provides settings to configure the router as a Trivial File Transfer Protocol (TFTP) server, which can be used to serve files for download to a remote TFTP client.
Figure 10.4-3: DHCP and DNS TFTP Configuration
Parameters Server Settings Enable TFTP server
Description
Check to enable TFTP server. By default, the TFTP server is in disabled.
TFTP server root Enter the Root directory for the files served using TFTP. Network boot image Enter the Filename of the boot image which is advertised to the clients.
Table 10.4-3: TFTP Configuration for DHCP and DNS
ePack User Manual for E210 and E220 Series Devices
182
10.4.4 Advanced Settings
Network > DHCP and DNS > Advanced Settings
10: Network
Figure 10.4-4: DHCP and DNS Advanced Configuration
ePack User Manual for E210 and E220 Series Devices
183
10: Network
Parameters Server Settings Suppress logging Allocate IP Sequentially
Filter private Filter useless
Localize queries Expand hosts No negative cache Additional Servers file Strict order All Servers Bogus NX Domain Override DNS server port
DNS query port
Max. DHCP leases
Max. EDNS0 packet size
Max. concurrent queries
Size of DNS query cache
Description
Suppress logging of the routine operation of DHCP. Errors and problems will still be logged.
Force DHCP server to allocate IP addresses sequentially, starting from the lowest available address. In this mode, clients that allow a lease to expire are more likely to move IP address.
Check to deny the reverse lookups for local networks.
Check to deny the requests that cannot be answered by public name servers. By default the request are forwarded.
Check to localize hostname depending on the requesting subnet if multiple IP Addresses are available.
Check to add local domain suffix to names served from hosts files.
Check to deny caching the negative replies, e.g. for non-existing domains.
List of DNS servers to forward requests to.
DNS servers will be queried in the order of the resolve file.
Select to query all upstream DNS servers.
Enter the hostname that supply bogus NX domain results.
Enter the listening port for inbound DNS queries. The default DNS server port is 53.
Enter the fixed source port number for outbound DNS queries. The default DNS query port is "any"
Enter the maximum number of allowed DHCP leases that are active. By default unlimited DHCP leases are allowed.
Enter the maximum allowed size of EDNS.0 UDP packets. The default EDNS.0 UDP packet size is 1280.
Enter the maximum number of concurrent DNS queries allowed. By default 150 concurrent DNS queries are allowed.
Enter the maximum number of cached DNS entries. By default, 150 DNS entries are cached. Maximum is 10000. A value of zero (0) means no caching.
Table 10.4-4: Advanced Configuration for DHCP and DNS
ePack User Manual for E210 and E220 Series Devices
184
10.4.5 Static Leases
Network > DHCP and DNS > Static leases
10: Network
Figure 10.4-5: DHCP and DNS Static Leases
Parameters Active DHCP Leases Hostname
IPv4-Address MAC-Address Leasetime remaining
Active DHCP6 Leases Hostname
IPv6-Address DUID
Description
Name of the device that is connected to the router and has been leased an IP Address by DHCP server. IPv4 Address assigned to the device connected to the router. MAC address of the device connected to the router. Remaining time until which the device can use the DHCP server leased IP Address.
Name of the device that is connected to the router and has been leased an IPv6 Address by DHCPv6 server. IPv6 Address assigned to the device connected to the router. DUID (Device Unique Identifier) of the device connected to the
ePack User Manual for E210 and E220 Series Devices
185
10: Network
Parameters
Leasetime remaining Static Leases Hostname MAC-Address IPv4-Address IPv6-Suffix (hex)
10.5 Hostnames
Network > Hostnames
Description router Remaining time until which the device can use the DHCPv6 sever leased IPv6 Address.
Name of the device that is connected to the router and has been assigned a static IP Address. MAC address of the device connected to the router. IPv4 Address to be assigned to the device connected to the router. IPv6 Address to be assigned to the device connected to the router.
Table 10.4-5: DHCP and DNS Static Leases
Parameters Host entries Hostname IP address
Figure 10.5-1: Hostnames Configuration
Description
Enter the Hostname. Enter the IP Address of the host. Table 10.5-1: Hostnames Configuration
ePack User Manual for E210 and E220 Series Devices
186
10: Network
10.6 Static Routes
Network > Static Routes You can configure the static routes to define the method for communication between two different networks located in two different domains.
10.6.1 Static IPv4 Routes
Network > Static Routes > Static IPv4 Routes
Figure 10.6-1: Static IPv4 Routes Configuration
Parameters General Settings Interface
Target
IPv4-Netmask IPv4-Gateway Advanced Settings Metric MTU
Route type
Description
Select the name of the logical interface assigned the static IPv4 Address. Enter the target host IPv4 Address or Network if the target is a network. Enter the IPv4 Netmask of the static route. Enter the IPv4 Gateway of the static route.
Enter the metric of the static route. Enter the number of bytes indicating the largest physical packet size that the network can transmit. The default MTU size is 1500 bytes. A blank value represents auto MTU size. Select the route type. Available options:
unicast route entry describes real paths to the desitnations
ePack User Manual for E210 and E220 Series Devices
187
10: Network
Parameters
Route table Source Address On-Link route
Description covered by the route prefix local destinations are assigned by this host. Packets are looped back and delivered locally. broadcast destinations are broadcast addresses. Packets are sent as link broadcasts. multicast special type used for multicast routing. unreachable these destinations are unreachable prohibit these destinations are unreachable. blackhole these destinations are unreachable. Packets are discarded silently. Local senders get an ENVAL error. anycast these destinations are anycast addresses assigned to this host.
Define the table ID to use for the route. The ID can be either a numeric table index ranging from 0 to 65535 or a symbolic alias declared in /etc/iproute2/rt_tables. The following special aliases are also recognized: local (255), main (254), default (253).
Specify the preferred source address when sending to destinations covered by the target.
If enabled, the gateway is on link even if the gateway doesn't match any interface prefix.
Table 10.6-1: Static IPv4 Routes Configuration
10.6.2 Static IPv6 Routes
Network > Static Routes > Static IPv4 Routes
Figure 10.6-2: Static IPv6 Routes Configuration
ePack User Manual for E210 and E220 Series Devices
188
Parameters General Settings Interface Target IPv6-Gateway Advanced Settings Metric MTU
Route type
Route table Source Address On-Link route
Description
10: Network
Select the logical interface assigned the static IPv6 Address.
Enter the target host IPv6 Address or Network CIDR if the target is a network.
Enter the IPv6 Netmask of the static route.
Enter the metric of the static route.
Enter the number of bytes indicating the largest physical packet size that the network can transmit. The default MTU size is 1500 bytes. Blank value represents auto MTU size
Select the route type. Available options:
unicast route entry describes real paths to the desitnations covered by the route prefix local destinations are assigned by this host. Packets are looped back and delivered locally. broadcast destinations are broadcast addresses. Packets are sent as link broadcasts. multicast special type used for multicast routing. unreachable these destinations are unreachable prohibit these destinations are unreachable. blackhole these destinations are unreachable. Packets are discarded silently. Local senders get an ENVAL error. anycast these destinations are anycast addresses assigned to this host.
Define the table ID to use for the route.
Specify the preferred source address when sending to destinations covered by the target.
If enabled, the gateway is on link even if the gateway doesn't match any interface prefix.
Table 10.6-2: Static IPv6 Routes Configuration
ePack User Manual for E210 and E220 Series Devices
189
10.7 Diagnostics
Network > Diagnostics
10: Network
Parameters Network Utilities Ping
Traceroute
Nslookup
Figure 10.7-1: Diagnostics Network Utilities
Description
IP Address or fully qualified domain name to be pinged. It determines network connection between Router and host on the network. The output shows if the response was received, packets transmitted and received, packet loss if any.
IP Address or fully qualified domain name It determines network connection between Router and host on the network. The output shows all the routers through which data packets pass on way to the destination system from the source system, maximum hops and Total time taken by the packet to return measured in milliseconds.
IP Address or fully qualified domain name that needs to be resolved. Name lookup is used to query the query the Domain Name Service for information about domain names and IP addresses. It sends a domain name query packet to a configured domain name system (DNS) server. If you enter a domain name, you get back the IP address to which it corresponds, and if you enter an IP address, then you get back the domain name to which it corresponds. In other words, it reaches out over the Internet to do a DNS lookup from an authorized name server, and displays the information in the user understandable format.
Table 10.7-1: Diagnostics Configuration
ePack User Manual for E210 and E220 Series Devices
190
10: Network
10.8 Firewall
Network > Firewall E210 and E220 routers follow a Zone Based firewall concept. Every interface of the E210 or E220 router, physical or virtual, needs to be assigned to a Firewall Zone, however one firewall zone can have multiple interfaces. By default, there are two zones, the LAN zone and WAN zone. You can create a new LAN or WAN zone either from the Firewall section or when you create an additional network interface. You can associate multiple interfaces to the Firewall Zones and define the rules of communication between them.
10.8.1 General Settings
Network > Firewall > General Settings
Concept of zone based Firewall A zone section groups one or more interfaces and serves as source or destination for forwarding, rules, and redirects. Masquerading (NAT) of outgoing traffic is controlled on a per zone basis. Note that masquerading is defined in the outgoing interface.
· INPUT rules for a zone describe what happens to traffic trying to reach the router itself through an interface in that zone.
· OUTPUT rules for a zone describe what happens to traffic originating from the router itself going through an interface in that zone.
· FORWARD rules for a zone describe what happens to traffic passing between different interfaces in that zone.
By default, there are 2 zones which are already created in the Router, LAN Zone and WAN Zone. All traffic from LAN to WAN has no restrictions but all incoming traffic on WAN side is blocked unless a port forwarding rule is set or unless a particular port is opened.
Drop vs Reject
DROP
· less information is exposed · less attack surface · client software may not cope well with it (hangs until connection times out) · may complicate network debugging (where was traffic dropped and why)
REJECT
· may expose information (like the ip at which traffic was actually blocked) · client software can recover faster from rejected connection attempts · network debugging easier (routing and firewall issues clearly distinguishable)
ePack User Manual for E210 and E220 Series Devices
191
10: Network
Figure 10.8-1: Firewall Zones General Configuration
Parameters
Description
General Settings
Enable SYN-flood protection
Check to enable SYN-flood protection. SYN-flood protection will enable spamming detection and block whenever there is a spam attack.
Drop invalid packet
Check to drop the invalid packets that are not matching any active connection.
Input
Select to accept or reject the inbound traffic to all the interfaces.
Output
Select to accept or reject the outbound traffic from all the interfaces.
Forward
Select to accept or reject the forwarded traffic from all the interfaces.
Zones (Applies to configured zone)
Zone Forwarding
Select the zones between which the Zone forwarding rule will be applicable.
Input
Select to accept or reject the inbound traffic to all the configured zones.
Output
Select to accept or reject the outbound traffic from all the configured zones.
ePack User Manual for E210 and E220 Series Devices
192
Parameters Forward
Masquerading
10: Network
Description Select to accept or reject the forwarded traffic from all the configured zones. Check to allow IP Masquerading. Table 10.8-1: General Configuration for Firewall Zone
10.8.1.1 Add/Edit Firewall Zone
Network > Firewall > General Settings > Add/Edit
General Settings
Figure 10.8-2: Firewall Zone General Configuration
ePack User Manual for E210 and E220 Series Devices
193
10: Network
Parameters Static IPv4 Routes Name Input
Output
Forward
Masquerading MSS clamping Covered networks
Inter-Zone Forwarding Allow forward to destination zones Allowed forward from source zones
Description
Enter the name of the zone. Select to accept, reject or drop the inbound traffic to all the configured zones. Select to accept, reject or drop the outbound traffic from all the configured zones. Select to accept, reject or drop the forwarded traffic from all the configured zones. Check to allow IP Masquerading. Check to allow MSS clamping. Select the network interfaces that must be included in the zone configuration.
Select to allow or deny forwarding traffic to the configured destination zone. Select to allow or deny forwarding traffic from the configured source zone.
Table 10.8-2: General Configuration for Firewall Zone (LAN)
ePack User Manual for E210 and E220 Series Devices
194
Advanced Settings
10: Network
Figure 10.8-3: Firewall Advanced Configuration
Parameters Covered devices Covered subnets Restrict to address family
Restrict Masquerading to given source subnets Restricts Masquerading to given destination subnets
Description
List of raw network device names attached to this zone
List of IP subnets attached to this zone.
Select IP Address family for configuring firewall for LAN zone from available options. Available Options
IPv4 IPv6 IPv4 and IPv6
Enter the source subnet to which the masquerading must be restricted.
Enter the destination subnet to which the masquerading must be restricted.
ePack User Manual for E210 and E220 Series Devices
195
10: Network
Parameters Enable logging on this zone
Description Check to enable logging of all the activities on the Zone.
Table 10.8-3: Advanced Configuration for Firewall Zone (LAN)
Conntrack Settings
Figure 10.8-4: Firewall Conntrack Configuration
Parameters Allow "invalid" traffic
Automatic helper assignment
Description
Select to allow invalid traffic. More specifically, when selected, no rules can be installed that reject forwarded traffic with conntrack state equal to invalid. Disabled by default.
Automatically assign conntrack helpers for the zone.
Table 10.8-4: Firewall Conntrack Configuration
ePack User Manual for E210 and E220 Series Devices
196
Extra iptables arguments
10: Network
Figure 10.8-5: Firewall IPtables arguments configuration
Parameters Extra source arguments
Extra destination arguments
Description
Extra arguments passed directly to iptables for source classification rules.
Extra arguments passed directly to iptables for destination classification rules
Table 10.8-5: Firewall iptables arguments configuration
ePack User Manual for E210 and E220 Series Devices
197
10: Network
10.8.2 Port Forwards
Network > Firewall > Port Forwards By default, all WAN side ports are closed. Port forwarding allows remote computers to connect to a specific computer or service within the LAN by opening the WAN port and redirecting the connection (and data) on that port to an internal LAN IP and port. .
Parameters Match
Forward to Enable
Figure 10.8-6: Firewall Port Forwards
Description Displays the WAN TCP/UDP ports for matching the conditions before forwarding it to LAN device. Displays the destination IP Address to which the traffic must be forwarded. Check to enable the Port Forwarding rule. Table 10.8-6: Firewall Port Forwards
ePack User Manual for E210 and E220 Series Devices
198
10: Network
10.8.2.1 Add Port Forwarding Rule
All the WAN side ports on the E210 and E220 routers are closed by default. For any WAN side connection to reach the internal LAN, a port-forwarding rule must be configured that maps the WAN port to an internal LAN IP Address and port. Also, the router provides advanced port-forwarding configurations, where in addition to WAN port; the WAN IP Address can be mapped with LAN IP Address and LAN port.
Figure 10.8-7: Firewall Port Forwards General Configuration
Parameters
Description
Port Forwards General Settings
Name
Enter the name of the Port Forwarding Rule.
Protocol
Select the protocol. Available options:
TCP TCP + UDP UDP ICMP unspecified custom
Source Zone
Specify the traffic source zone. This must refer to one of the firewall zones, usually WAN.
External Port
Enter the WAN port of the external network.
ePack User Manual for E210 and E220 Series Devices
199
10: Network
Parameters
Description
Destination zone
Specify the traffic destination zone. This must refer to one of the firewall zones, usually LAN.
Internal IP address
Enter the LAN IP address of the internal network.
Internal port
Enter the LAN port number of the internal network.
Port Forwards Advanced Settings
Source MAC Address
The rule will match incoming traffic from the specified source mac address.
Source IP Address
The rule will match incoming traffic from the specified source IP address.
Source port
The rule will match incoming traffic from the specified source port number.
External IP Address
Enter the external IP address of the router.
Enable NAT Loopback
Enable NAT loopback to allow one machine on the LAN network to access another machine on the LAN through the external IP address of the router
Extra arguments
Passes additional arguments to iptables. Should be used with care.
Table 10.8-7: Port Forwarding Configuration for Firewall Zone
ePack User Manual for E210 and E220 Series Devices
200
10: Network
10.8.3 Traffic Rules
Network > Firewall > Traffic Rules Traffic rules allow or restrict access to specific ports or hosts. Rule actions can be configured to accept, drop, or reject traffic. When configuring rules, if source and destination are given, the rule matches forwarded traffic. If only source is given, the rule matches incoming traffic. If only destination is given, the rule matches outgoing traffic. If neither source nor destination are given, the rule defaults to an outgoing traffic rule.
Figure 10.8-8: Firewall Zone Traffic Rules
Parameters
Description
Traffic Rules
These rules define policies for traffic communication between the different zones, primarily used for traffic shaping.
Name
Displays the name of the Traffic Rule.
Match
Displays the details of the Traffic Rule configuration and the conditions in which the rule is applicable.
Action
Action to be taken on the traffic when the rule conditions are satisfied. Indicates whether the rule is for incoming, forwarded, or outgoing traffic.
Enable
Check to enable the Traffic Rule.
Add
Click to Add a new traffic rule.
Table 10.8-8: Traffic Rule Overview for Firewall Zone
ePack User Manual for E210 and E220 Series Devices
201
10.8.3.1 Add Traffic Rule
Traffic rules can be used to achieve the following results:
· Block / redirect generic data types for example: ICMP, DHCP requests etc. · Block certain MAC addresses on the LAN side · Block communication with one or more public IP addresses · Block communication with all except one or more IP address · Open specific ports on WAN side · DMZ rules and zone creation
10: Network
Figure 10.8-9: Firewall Traffic Rules General Configuration
Parameters General Settings Name Protocol
Source zone Source address Source port Destination zones
Description
Enter the name of the traffic rule. Select the Protocol from the available options. Available Options
TCP Allows only TCP traffic to the open port UDP Allows only UDP traffic to the open port TCP+UDP Allows both TCP and UDP traffic to the open port Select the traffic source zone. This is usually WAN zone. Match incoming traffic from the specified source IP address Match incoming traffic from the specified source port Select the destination firewall zone. If specified the rule applies to
ePack User Manual for E210 and E220 Series Devices
202
10: Network
Parameters
Destination address
Destination port Action
Advanced Settings Restrict to address family Source MAC address Extra arguments Time Restrictions Week Days Month Days Start Time (hh.mm.ss) Stop Time (hh.mm.ss) Start Date (yyyy-mm-dd) Stop Date (yyyy-mm-dd) Time in UTC
Description forwarded traffic, otherwise it is treated as an input rule. Match incoming traffic directed to the specified destination IP address. If no destination zone is specified, the rule is treated as an input rule. Match incoming traffic directed to the specified destination port. Sets the target parameter to indicate the firewall action. Options include:
Accept Reject Drop Mark Notrack.
Enter the protocol family to generate iptables rules for. Options include: ipv4, ipv6, or any. Match incoming traffic from the specified MAC address. Enter extra arguments to pass to iptables. This can be used to specify additional match options.
If specified, only match traffic during the given days of the week. If specified, only match traffic during the given days of the month. Specify a time to start matching traffic. Specify a time to stop matching traffic. Specify a date to start matching traffic. Specify a date to stop matching traffic. Select to interpret all time values as UTC time instead of local time.
Table 10.8-9: Firewall Traffic Rule Configuration
ePack User Manual for E210 and E220 Series Devices
203
10: Network
10.8.4 Custom Rules
Network > Firewall > Custom Rules The shell script allows you to add customized rules for Firewall. Commands are executed after the firewall is restarted immediately after the default ruleset has been loaded.
Figure 10.8-10: Firewall Custom Rules Configuration
ePack User Manual for E210 and E220 Series Devices
204
10: Network
10.9 Load Balancing
Network > Load Balancing
Load balancing is a mechanism that enables balancing traffic between various links. It distributes traffic among various links, optimizing utilization of all the links to accelerate performance and cut operating costs. The order of Interface priority depends on the metric assigned to the interface.
10.9.1 How it works
Load balancing is determined by the load metric i.e. weight. Each link is assigned a relative weight and the router distributes traffic across links in proportion to the ratio of weights assigned to individual link. This weight determines how much traffic will pass through a particular link relative to the other links.
Administrator can set the metric weight and define how the traffic should be directed to providers to best utilize their bandwidth investments. Weight can be selected based on:
· Link capacity (for links with different bandwidth) · Link/Bandwidth cost (for links with varying cost)
Note · The default configuration of the load balancer is in Failover Mode with the highest priority
given to WAN, followed by WWAN and then followed by Cellular.
Concept of MWAN
Since E series have multiple sources of Internet, one or more sources of Internet could be used at the same time. Using one source of Internet and failing over to another one by defining priorities is called Failover. Once the source with a higher priority is online, the same will be used as a primary source of internet
Priority can be defined by setting the Metric. the lower the metric, the higher the priority.
When to failover and when to rollback is dependent on which interfaces are online and which ones are offline. Online and offline interface status is based on the PING responses to a particular server at a particular time interval. You can speed up the failover by sending PING packets in a shorter interval and you can add reliability by adding multiple server candidates.
Load Balancing is where two or more sources of Internet are used at the same time and the load which is essentially the connections is split between the multiple interfaces in the ratio of their weights assigned.
E Series provides a feature called WAN affinity where a particular source IP, Destination IP or a data type can be bound to a particular interface. For this, you need to set rules and apply the rules to a particular policy. However you need to first have appropriate members which correspond to physical interfaces in a particular policy.
In summary:
· Members correspond to individual interfaces where you can set metric and weight · Policy consists of a member or group of members · Rules are to be applied to a policy
ePack User Manual for E210 and E220 Series Devices
205
10.9.2 Globals
Network > Load Balancing > Globals
10: Network
Figure 10.9-1: MWAN Interface Globals Configuration
Parameters Firewall mask Logging Update Interval
Routing table lookup
Description Enter the firewall mask value in hexadecimal, starting with 0x.
Select to enable global firewall logging and select the log level.
Enter the update interval for the interface routing table. Default is 5 seconds.
Enter an additional routing table to be scanned for connected networks
Table 10.9-1: MWAN Interface Globals Configuration
ePack User Manual for E210 and E220 Series Devices
206
10.9.3 Interfaces
Network > Load Balancing > Interfaces
10: Network
Figure 10.9-2: MWAN Interfaces
Parameters Interface Enabled Tracking Method Tracking Source Tracking reliability
Ping interval
Interface down
Interface up
Metric
Error
Description
Name of the available Interface.
Displays the Interface status is enabled or disabled.
Displays the method used to track the interface.
Displays the tracking source is address or interface.
Displays the number of tracking IP Addresses. The acknowledgement/responses from these tracking IP Addresses are considered to determine the Interface as up/down.
Displays the time in seconds between sending two successive ping packets.
Displays the number of consecutive failed attempts after which the interface is declared offline.
Displays the number of consecutive successful pings after which the interface is declared online.
Metric assigned to the Interface from the Advanced Interface Configuration Settings page.
Displays if an error has occurred during the Interface configuration. Error messages are displayed as warnings.
Table 10.9-2: MWAN Interface
Note · Configuring a large number of Tracking IP Addresses, a high Ping count, or a low Ping
interval time will result in faster switchover but will consume more data. For more details on load balancing, visit the Lantronix Technical Support website.
ePack User Manual for E210 and E220 Series Devices
207
10.9.3.1 Edit Interface
Network > Load Balancing > Interfaces
10: Network
Figure 10.9-3: MWAN Interface Edit Configuration
ePack User Manual for E210 and E220 Series Devices
208
10: Network
Parameters Enabled
Initial State
Internet Protocol Tracking hostname or IP address Tracking method Tracking source Tracking reliability Ping count Ping size Max TTL
Check link quality Ping timeout
Description
Enable the Interface. No Interface do not participate in Load Balancing. Yes Interface is enabled and can connect to Internet. Once enabled it can be tracked using ping configuration.
Offline traffic goes via this interface only if the load balancer has checked the connection first. Online the interface is marked as online immediately. Default is Online
Displays the internet protocol of the interface as IPv4 or IPv6.
IP Address to which the ping requests are sent from the interface to determine if the interface is up or down. Leave the field blank to assume the interface is always online.
Select the tracking method in use. Default is ping.
Select the tracking source to use. Options are Interface or Address
Enter the number of responses that must be received from tracking IP Addresses to consider the Interface as up.
Enter the number of ping packets that will be sent. The default ping count is 5.
Size of the ping request in bytes. Default value is 56.
Displays the Max Time to Live (Max TTL) timer value to be included in the packets that tells the recipient how long to hold or use the packet before expiring or discarding the packet or data.
Select to check link quality otherwise leave box unselected.
Enter the time to wait for a response to ping request sent before declaring the interface unreachable. The wait time is in seconds. The default value depends on the interface used. Cellular will have different values to reduce data consumption.
Ping interval Interface down Interface up Metric
Specifies the time in seconds between sending ping packets. The default ping interval is 5 seconds.
The number of consecutive failed attempts after which the interface is declared down. The default value depends on the interface used. Cellular will have different values to reduce data consumption.
The number of consecutive successful attempts to determine the reliability of the network connection through the interface. The default value depends on the interface used. Cellular will have different values to reduce data consumption.
Displays the Interface Metric. The route with least metric is considered as best route. The default metric assigned to the interface is 1. For load balancing between two interfaces, both the interfaces must have the same metric value on the Member configuration page.
Table 10.9-3: MWAN Interface Edit Configuration
ePack User Manual for E210 and E220 Series Devices
209
10.9.4 Members
Network > Load Balancing > Members Members correspond to individual interfaces where you can set metric and weight.
10: Network
Parameters Member Interface Metric
Weight Add
Figure 10.9-4: MWAN Interface Members
Description Displays the Interface member notation number. Displays the name of the interface. Displays the metric assigned to the interface.
The interface with the lowest metric has the highest priority and all data is always routed through it. Note · If two or more interfaces have same metric configured and
that metric is lowest compared to other interfaces, then the data/load is balanced and data/load is distributed among the two interfaces in the ratio of the respective weight.
Displays the weight assigned to the interface. Members with the same metric will distribute load based on the weight value. Enter the name of the new interface to be added.
Table 10.9-4: MWAN Interface Members
ePack User Manual for E210 and E220 Series Devices
210
10.9.4.1 Add/Edit Member
Network > Load Balancing > Members
10: Network
Figure 10.9-5: MWAN Interface Members Configuration
Parameters Interface Metric
Weight
Description
Select the name of the interface.
Enter the Interface Metric. The route with lowest metric is considered as best route. For load balancing between two interfaces, both the interfaces must have the same metric value.
Enter the Interface Weight. The default metric assigned to the interface is 2. For load balancing between two interfaces, both the interfaces must have the same metric value. The route with higher weight carries more traffic. Also the connections will be distributed amongst the interfaces with the same weight and not the actual data traffic
Table 10.9-5: MWAN Interface Members Configuration
ePack User Manual for E210 and E220 Series Devices
211
10: Network
10.9.5 Policies
Network > Load Balancing > Policies
Policies define how traffic is routed through the different WAN interfaces. Policy consists of a member or group of members. If a policy has one member, traffic will only go out through that member. If a policy more than one member, members within the policy with a lower metric have precedence and are used first. Members with the same metric will be load balanced based on the assigned weights values. Policy can also be configured to use one member and then fail over to another.
Parameters Policy
Members assigned Last resort Errors Add
Figure 10.9-6: MWAN Interface Policy
Description Name of the policy. The name must be 15 characters or less, and may contain characters A-Z, a-z, 0-9, _ and no spaces. Policies must not share the same name as configured interfaces, members or rules. Interface members to which the policy is applied. Displays the failover routing behavior when all WAN policy members are offline. . Displays if an error has occurred during the Policy configuration. Error messages are displayed as warnings. Add a new policy
Table 10.9-6: MWAN Interface Policy
ePack User Manual for E210 and E220 Series Devices
212
10.9.5.1 Add/Edit Policy
Network > Load Balancing > Policies
10: Network
Figure 10.9-7: MWAN Interface Policy Configuration
Parameters Member used
Last Resort
Description
Select the interface to apply the policy on traffic passing through the interface
Select the failover routing behavior when all WAN policy members are offline. . Available options:
unreachable (reject) blackhole (drop) default (use main routing table)
Table 10.9-7: MWAN Interface Policy Configuration
ePack User Manual for E210 and E220 Series Devices
213
10: Network
10.9.6 Rules
Network > Load Balancing > Rules A rule specifies what traffic to match and what policy to assign for that traffic. The web UI also lists key points to consider when configuring rules as shown in the figure below..
Parameters Rule Source address Source port Destination address Destination port Protocol Policy assigned Errors
Add
Figure 10.9-8: MWAN Interface Rules
Description Displays the rule name. Displays the Source IP Address. Displays the Source Port number. Displays the Destination IP Address. Displays the Destination Port number. Displays the protocols on which the rule is applicable. Policy to be applied to the rule. Displays if an error has occurred during the rule configuration. Error messages are displayed as warnings. Enter the name of the new rule and click Add. Continue configuring the rule parameters. Table 10.9-8: MWAN Interface Rules
ePack User Manual for E210 and E220 Series Devices
214
10.9.6.1 Add/Edit Rule
Network > Load Balancing > Rules
10: Network
Figure 10.9-9: MWAN Interface Rules Configuration
Parameters Source address Source Port Destination address Destination port Protocol Sticky
Sticky timeout
Description Enter the Source IP Address.
Enter the Source Port number.
Enter the Destination IP Address.
Enter the Destination Port number.
Select the protocols on which the rule is applicable.
Select Yes to allow traffic from the same source IP address within the timeout limit to use the same WAN interface as the previous session. Otherwise, select No.
Enter the stickiness timeout value in seconds. If no value is entered, this defaults to 600.
ePack User Manual for E210 and E220 Series Devices
215
Parameters IPset
Logging Policy assigned
10: Network
Description Enter the name of the IPset rule. IPset lets you route traffic over WAN interfaces based on a set of IP addresses. When the ipset option is configured, the rule will match traffic directed at the given destination IP address to the ipset set. Select Yes to enable firewall logging. The global load balancing logging setting must also be enabled. Otherwise, select No. Policy to be applied to the rule.
Table 10.9-9: MWAN Interface Rules Configuration
ePack User Manual for E210 and E220 Series Devices
216
10.9.7 Notification
Network > Load Balancing > Notification
10: Network
Figure 10.9-10: MWAN Notification
ePack User Manual for E210 and E220 Series Devices
217
Appendix A. Wiring Diagrams
RS485 Wiring diagram
Half Duplex (Left) RS485 Full Duplex (Right)
10: Network
Power over Ethernet
ePack User Manual for E210 and E220 Series Devices
218
Appendix B. LED Behavior
10: Network
Ethernet Port LEDs
The ethernet port LEDs on the side panels of the E210 and E220 devices indicate link and activity status for WAN and LAN connections.
LED Color
State and Description
Amber LED (Link indicator)
Solid ON
When light is on, this LED indicates valid link detection.
Green LED (Activity indicator)
Blinking ON
When light is blinking, this LED indicates traffic or data activity on the port.
Top Panel LEDs for E220 Series
The top panel of the E220 devices features 6 LEDs to indicate critical system information.
Name Alert
Color and State OFF
Red ON
Description
No alert, device is running smoothly
Hardware fault (high temperature or problem with module), Cellular Module reboot, Linux Kernel booting
ePack User Manual for E210 and E220 Series Devices
219
Name Power Signal Network Activity WI-FI
10: Network
Color and State
Description
OFF
Power off
Green ON OFF Amber Flashing Amber ON OFF Amber Flashing Amber ON OFF Amber Flashing Amber ON
Power on
No signal (CSQ=0 to 5, 97, 98, 99)
Weak signal (CSQ > 6 to 12)
Strong signal (CSQ >12)
Not registered on a cellular network.
Registered on a roaming cellular network
Registered on home cellular network
Cellular data service is not connected
Data Transfer over Cellular Network
Cellular data service is connected
OFF
Wi-Fi network is inactive
Blue Flashing Blue ON
Traffic on Wi-Fi network
Wi-Fi network is up and activated
Top Panel LEDs for E210 Series
The top panel of Lantronix E210 Series Routers features 7 LEDs to indicate critical system information.
ePack User Manual for E210 and E220 Series Devices
220
10: Network
Name Alert Power SIM in use Signal
Network Activity
Color and State OFF Red ON OFF
Description
No alert, device is running smoothly
Hardware fault (high temperature or problem with module), Cellular Module reboot, Linux Kernel booting
Power off
Green ON On
Power on SIM 1
Flashing OFF Amber Flashing Amber ON OFF Amber Flashing Amber ON OFF
SIM 2
No signal (CSQ=0 to 5, 97, 98, 99) Weak signal (CSQ > 6 to 12) Strong signal (CSQ >12)
Not registered on a cellular network.
Registered on a roaming cellular network
Registered on home cellular network
Cellular data service is not connected
ePack User Manual for E210 and E220 Series Devices
221
Name WI-FI
10: Network
Color and State Amber Flashing Amber ON OFF
Description Data Transfer over Cellular Network Cellular data service is connected
Wi-Fi network is inactive
Blue Flashing Blue ON
Traffic on Wi-Fi network
Wi-Fi network is up and activated
ePack User Manual for E210 and E220 Series Devices
222
Appendix C. List of Acronyms
10: Network
Acronym 2G 3G AES AP Client CHAP CSQ DHCP
DIO DMZ
DNS
DynDNS, DDNS
EDGE
GPRS
GPS GSM HT Physical mode ICMP
IGMP
IKEv1 and IKEv2 IP Sec
ISP
Description
2nd Generation
3rd Generation
Advanced Encryption Standard
Access Point Client
Challenge handshake protocol is used by PPP to authenticate users and can be used with many VPNs.
Cellular Signal Strength (CSQ). It ranges from 0 to 32.
Dynamic Host Configuration Protocol (DHCP) is a standardized networking protocol used on Internet Protocol (IP) networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services.
Digital Input/Output
In computer security, a DMZ or Demilitarized Zone is a physical or logical sub network that contains and exposes an organization's external-facing services to a larger and un-trusted network, usually the Internet.
Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network
Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DNS configuration of its configured hostnames, addresses or other information.
Enhanced Data rates for GSM Evolution (EDGE) is a digital mobile phone technology that allows improved data transmission rates as a backward-compatible extension of GSM.
General packet radio service (GPRS) is a packet oriented mobile data service on the 2G and 3G cellular communication system's global system for mobile communications
Global Positioning Satellite
Global system for mobile communications
High Throughput Physical Mode
Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages
Internet Group Management Protocol is a communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships
Internet Key Exchange (version 1 or version 2) is an encryption key exchange mode used between two peers.
Internet Protocol Security is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session
Internet service provider
ePack User Manual for E210 and E220 Series Devices
223
Acronym L2TP LAN LED LLTD
M2M MAC address
MD5
MTU
MWAN NAT
NTP
PAP
PPP PPPoE PPTP PSK QoS RF Rx SCP SHA1/SHA2 SIM SMS SPI SSH SSID STP
TCP
10: Network
Description Layer Two Transport Protocol
Local Area Network
Light emitting diode
Link Layer Topology Discovery is a proprietary Link Layer protocol for network topology discovery and quality of service diagnostics
Machine to machine
Media access control address is a unique identifier assigned to network interfaces for communications on the physical network segment
MD5 is a message digest algorithm used as a checksum to verify data integrity
Maximum transmission unit of a communications protocol of a layer is the size (in bytes) of the largest protocol data unit that the layer can pass onwards
multiple WAN interface
Network address translation is a methodology of modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another.
Network Time Protocol is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks
Password authentication protocol is a password based protocol used by PPP (point to point protocol) to authenticate users and can be used with many VPNs. PAP is considered less secure than CHAP or some other authentication protocols.
Point to Point Protocol
Point-to-Point Protocol over Ethernet
Point-to-Point Tunneling Protocol
Pre-shared key
Quality of Service
Radio Frequency
Reception
Secure Copy Protocol
Secure Hash Algorithm is an encryption cipher type
Subscriber identity module
Short Message Service
Serial Peripheral Interface
Secure Shell
Service set identification
Spanning Tree Protocol is a network protocol that prevents loops when switches or bridges are interconnected through multiple paths.
Transmission Control Protocol
ePack User Manual for E210 and E220 Series Devices
224
Acronym TKIP Tx UDP VPN VRRP WAN WPA/WPA2
10: Network
Description Temporal Key Integrity Protocol Transmission User Datagram Protocol Virtual private network Virtual Router Redundancy Protocol Wide Area network Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are security protocols for wireless networks. WPA uses Temporal Key Integrity Protocol (TKIP) for encrypted data transfer and Extensible Authentication Protocol (EAP) for authorizing users. The more secure WPA2 requires using the stronger encryption method Advanced Encryption Standard. (AES).
ePack User Manual for E210 and E220 Series Devices
225
Adobe PDF Library 20.13.106