M!DGEGPRS/UMTS/HSPA/LTE router
Contents
1. Administrative status Whether the Telnet service is enabled or disabled Server port The TCP port of the service usually 23 The following parameters can be applied to the SSH service Administrative status Whether the SSH service is enabled or disabled Server port The TCP port of the service usually 22 Disable password based login By turning on this option all users will have to authenticate by SSH keys which can be uploaded to the router 7 6 9 SNMP Agent MIDGE is equipped with a SNMP daemon supporting basic MIB tables such as ifTable plus additional enterprise MIBs to manage multiple systems MIDGE OID starts with 1 3 6 1 4 1 33555 10 prefix The corresponding VENDOR MIB can be downloaded from the router Once the SNMP agent is enabled SNMP traps are generated for the following conditions e Start up of the MIDGE e Shutdown of the MIDGE e VPN connected e VPN disconnected e Signal strength fell below Signal strength trap threshold 12 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Web Configuration Start up trap is implemented using the standard cold Start amp warm Start traps System shutdown trap is sent when the system is rebooted via the web interface reboot function or when the watchdog reboots the system MIDGE extensions contain support for Rebooting the device Updating to a new system software via FTP TFTP HTTP Updating to a new system configuration via FTP TFTP HTTP Getting WWAN GNSS WLA2. Web Configuration Required signal strength The mimimum required signal strength before the connection IP header compression Enable or disable Van Jacobson TCP IP Header Compression for PPP based connections This feature will improve TCP IP perform ance over slow serial links Has to be supported by your provider Software compression Enable or disable data compression for PPP based connections Software compression reduces the size of packets to improve throughput Has to be supported by your provider Client address Specify a fixed client IP address on the mobile interface MTU The Maximum Transmission Unit represents the largest amount of data that can be transmitted within one IP packet and can be defined for any WAN interface 7 2 4 USB Autorun This feature can be used to automatically perform a software config update as soon as an USB storage stick has been plugged in Following files must exist in the root directory of a FAT16 32 formatted stick e For authentication autorun key e Fora software update sw update img e Fora configuration update c fg lt SERIALNO gt zip or cfg zip HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Autorun Device Server WAN Link Management Settings USB Autorun Supenision This feature can be used to automatically perform a sottware coniig update as soon as an USB storage stick has been plugged in Ethernet The following fles must exist in the root d
3. Web Configuration em RACOM 93 Command Line Interface 8 Command Line Interface The Command Line Interface CLI offers a unified control interface to the router and can be used to get set configuration parameters apply updates restart services or perform other system tasks The CLI should be started using cli i command from system shell or when logging as root user A list of available commands can be displayed by running cli I It will be started automatically in interactive mode when logging in as admin user cli Command Line Utility 11h lt command gt cli 1 MIDGE Command Line Interface version 0 1 C Copyright RACOM 6 1 0 Czech Republic Enter help for a list of available commands or hit the TAB key for auto completion Ready to serve gt The CLI supports TAB completion that is expanding entered words or fragments by hitting the TAB key at any time This applies to commands but also to arguments and generally offers a convenient way for working on the shell Please note that each CLI session will perform an automatic logout as soon as a certain time of inactivity 10 minutes by default have been reached It can be turned off by the command no autologout The CLI can be exited by running exit 8 1 General Usage When operating the CLI in interactive mode each entered command will be executed by the RETURN key You can use the Left and Right keys to move the current point between en
4. printf nb config get network NTP server printer wae hs nb Contig Ssel nelwork NTP server 192 166 0 2 7 IE MO Contra Ger nerwork NT status Sa TOn printf and was not C nning pene aaa no Contra sel network NL status i 7 else printi and was running prince anes printf The NTP server is now running with IP address printf nb config get network NTP server 56 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration Running SDK In the SDK we are speaking of scripts and triggers which form jobs Any arena script can be uploaded to the router or imported by using dedicated user configuration packages You may also edit the script directly at the Web Manager or select one of our examples You will further have a testing section on the router which can be used to check your syntax or doing test runs Once uploaded you will have to specify a trigger that is telling the router when the script is to be ex ecuted This can be either time based e g each Monday or triggered by one of the pre defined system events e g wan up as described in Section 7 6 6 Events chapter With both a script and a trigger you can finally set up an SDK job now The test event usually serves as a good facility to check whether your job is doing well The admin section also offers facilities to troubleshoot any issues and control running jobs The SDK host sdkhost corres
5. 21 product Conformity 105 R redundancy 75 reset 84 ROHS 106 router 7 routing 38 RACOM s r o MIDGEGPRS UMTS HSPA LTE router 109 Index S safety instructions 105 serial port 34 server DHCP 63 dial in 53 DNS proxy 63 PPTP 52 SSH Telnet 71 web 74 services 54 SIM 30 SIM card 21 SMS 68 SNMP agent 72 software update 81 specification 17 standards 8 start 6 system 77 information 78 restart 79 setings 77 T technical specification 17 time amp region 77 troubleshooting 85 103 U update 81 USB 33 V VPN 46 W WAN 25 web configuration 24 WEEE 106 110 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Revision History Appendix B Revision History Revision 1 1 2012 10 09 1 XML version Revision 1 2 2012 12 07 Updated chapter 7 for FW version 3 6 40 x Revision 1 3 2012 12 12 Updated chapter 8 Command Line Interface RACOM s r o MIDGEGPRS UMTS HSPA LTE router 111
6. 7 7 7 Licensing This menu allows you to view and update the license status of your system Note that some features are disabled if no valid license is provided RACOM s r o MIDGEGPRS UMTS HSPA LTE router 91 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT License Installation system Settings Operation Upload license file Time amp Region Download license from URL system Information Restart License file Vybrat Authentication Authentication User Accounts Install Remote Authentication Software Update Licensing Status Manual 20 ftware Update Serial number 0002A9FFC32E Automatic Software Update License status Avalid license is installed Configuration Manual File Configuration o A IE A EN Automatic File Configuration ia n E A Factory Configuration GPS no unlicensed Troubleshooting GSM ma licensed Network Debugging LTE no unlicensed System Debugging a Aa Tech Support MOBILEIP ves unlicensed SERVER ves unlicensed Keys amp Certificates UMTS yes Licensing VOICE no unlicensed WELAN no unlicensed Availability means that the license should be able to aloow this funcionality for the actual HW 92 MIDGEGPRS UMTS HSPA LTE router RACOM s r o 7 8 LOGOUT Log out from Web Manager MIDGE Wireless Router Wireless Router Logout You are now logged out Goodbye To log in again please click here RACOM s r o MIDGEGPRS UMTS HSPA LTE router
7. Define a user name Enter password Define a password Password confirmation Confirm the password Remote Authentication A remote RADIUS server can be used to authenticate users This applies for the Web Manager and other services supporting and incorporating remote authentication 80 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT System Settings Time amp Region System Information Restart Authentication Authentication User Accounts Remote Authentication Software Update Manual Software Update Automatic Software Update Configuration Manual File Configuration Automatic File Configuration Factory Configuration Administrative status RADIUS server RADIUS secret Authentication port Accounting port Use for login 7 7 3 Software Update Automatic File Configuration otatus co enabled disabled Time of day 00 00 URL Last config update No result data available Defines whether remote authentication should be used RADIUS server address Secret used to authenticate against the RADIUS server Port used for authentication Port used for accounting messages This option enables remotely defined users to access the Web Manager Software upgrade from the last official software release to the current release published on www ra com eu is supported For further details please consult the release note
8. LOGOUT SDK Administration Job Management Testing DHCP Server DNS Server DynDNS E mail Events SMS SSH Telnet Server SNMP Agent Web Server Redundancy Administrative status Default DNS server 1 Default DNS server 2 DNS Server Administration Administrative status a enabled disabled DNS Server Configuration Default DNS server 1 Default DNS server 2 Current DNS servers 10 11 12 13 10 11 12 44 Static Hosts Hostname Address Apply Enabled or disabled The primary DNS server to be queried The secondary server which will be used in case the primary server is not available You may further configure static hosts for serving fixed IP addresses for various hostnames Please remember to point local hosts to the router s address for resolving them 7 6 4 Dynamic DNS Dynamic DNS client on this box is generally compatible with various DynDNS services on the Internet running by means of definitions by the DynDNS organization see www dyndns com for server imple mentations HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT SOK Administration Job Management Testing DHCP Server DHS Server DynONS E mail 64 DynDNS Administration Administrative status enabled disabled DynDNS Update Services Provider URL Host Status Apply MIDGEGPRS UMTS HSPA LTE router RACOM s r o Administrative status Web Configuration
9. SMS SSH Telnet Server Administrative status First lease address Last lease address Persistent leases DHCP options 7 6 3 DNS Server A A DHCP Server LAN Administrative status First lease address Last lease address Lease duration enabled fo disabled Show leases 192 168 2 100 192 166 2 199 7200 seconds Persistent leases E DHCP options a use default specify The Dynamic Host Configuration Protocol DHCP server can be en abled or disabled If enabled it will answer to DHCP requests from hosts in the LAN First address for DHCP clients Last address for DHCP clients By turning this option on router will remember to give leases even after a reboot It can be used to ensure the same IP addresses are assigned to a particular host By default DHCP will hand out the interface address as default gateway and DNS server address if not configured elsewhere It is possible to specify different addresses here The DNS server can be used to proxy DNS requests towards servers on the net which have for instance been negotiated during WAN link negotiation By pointing DNS requests to the router one can reduce outbound DNS traffic as it is caching already resolved names but it can be also used for serving fixed addresses for particular host names RACOM s r o MIDGEGPRS UMTS HSPA LTE router 63 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM
10. ready to rumble Factory Configuration Nov 38 68 17 24 midge user info link manager 12597 wanlinke turning up permanent link attempt 1 Troubleshooting Nov 38 68 17 24 midge user info link manager 12597 wanlinke acquired sime for carda Network Debugging Nov 38 68 17 24 midge user info link manager 12597 wanlinke acquired carde with sime ie ae Noy 38 68 17 24 midge user notice waan manager 4617 weane Configuration triggered ys ge sime with stype 6 Tech support Nov 38 68 17 24 midge user info link manager 12597 wanlinke sime state is unlocked Nov 38 66 17 24 midge user info link manager 12597 wanlink sime is ready Keys amp Certificates Nov 38 68 17 24 midge user info link manager 12597 wanlinke carde provides valid i service type hspa automatic required Licensing Nov 38 68 17 24 midge user notice link manager 12597 wanlinke starting to dial WWAN interface at 61 dBm Noy 38 88 17 24 midge user info link manager 12597 wanlinke trying to lock card weaned Nov 38 66 17 24 midge user notice surveyor 12781 Log level for surveyor set to 5 se Nov 38 86 17 24 midge user notice wwanmd 4687 wwan e link manager locked card HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT System Debugging system Settings Time amp Region system Information Restart Log Viewer Authentication Authentication User Accounts Remote Authentication Software Update Manual Software Update A
11. 10 Web Server Enable or disable the SNMP agent SNMP agent port A SNMP community string corresponding to the group that devices and management stations running SNMP belong to System maintainer contact information Location of the device The host where the traps will be sent to The port where the traps will be sent to A trap will be sent if signal strength falls below this threshold No further traps will be sent as long as signal strength is not higher than this value This page can be used to configure different ports for accessing the Web Manager via HTTP HTTPS We strongly recommend to use HTTPS when accessing the web service via a WAN interface as the communication will be encrypted and thus avoids any misuse of the system In order to enable HTTPS you would need to generate or upload a server certificate in the section SYSTEM Keys and Certificates 74 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Web Server Configuration SDK Administration HTTP port 80 Job Management Testing HTTPS port 443 DHCP Server DNS Server DynDNS E mail Events SMS SSH Telnet Server SNMP Agent Web Server Redundant HTTP port Web server port for HTTP connections HTTPS port Web server port for HTTPS connections 7 6 11 Redundancy This section can be used to set up a redundant pair of M DGEs or other systems
12. 20 10 2 57 6 VDC o Pt output Dry contact relay Normally open with MIDGE por a powering Digital output Dry contact relay Normally open with MIDGE without powering See section Section 7 2 6 Digital I O for detailes DE o Digital input 1 See section Section 7 2 6 Digital I O Tab 4 4 Digital inputs levels logical level O 0 to 5 6 VDC logical level 1 7 2 to 40 VDC Note Negative input voltage is not recognised Tab 4 5 Digital outputs parametres Maximal continuous current Maximal switching voltage 60 VDC 42 VAC Vrms 14 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Product 4 2 5 Reset button The Reset button is placed close to the screw terminal and it is labelled Reset Use a blunt tool with 1 mm in diameter e g paper clip to press the button Keep it pressed for at least 3 seconds for reboot and at least 10 seconds for a factory reset The start of the factory reset is confirmed by all LEDs lighting up for one second The button can be released afterwards 4 3 Indication LEDs Fig 4 6 Indication LEDs RACOM s r o MIDGEGPRS UMTS HSPA LTE router 15 Product Tab 4 6 MIDGEs interfaces and status indicators Label State Start up maintenance Status Right side description Left side description greenon VPN connection is up N green blinking VPN connection is enabled and not connected yellow off off Input not set yellow off Input
13. A oie dire a ci DeL 54 A A 17 AA e A ace deeetttes eo cotaenea acts 93 8 Command EME MENACE o leeds 94 81 General SACS aaa 94 RA O O CRETE aN ener 95 8 39 Getting Config Parameters iii A A A A eget 96 os Ao A 96 3 5 Getting Status O MAI Msi once E A ia 96 ARES 2106 6 EMANO SM O eee ener aie eer eek eee On aie eee ete ERR RE 97 6 1 Updating System Facille S A ei ee bette ea eee 98 070 IRESTAMING Se MIC Susini lic 98 AAA AA 99 A A 99 8 Was RUNING NC CONAM NS 99 A vee er men eee ne te E eee error eer ete 99 RACOM s r o MIDGEGPRS UMTS HSPA LTE router 3 MIDGE GPRS UMTS HSPA LTE router 9 rOUBDlESNOO Ns aiii 103 eis COMIN o Sulene ccs ek thet eon ener ds Sasha te aa 103 D2 MESAS oca 103 di ITOUDIeSHOO NOOO tancias siialas 104 10 Safety environment LICENSING oocccocccccnncccnoconnoconcnnononanonnnnnonnnonononnnnonannnnnnnonnnenannonaninaninnons 105 OA en MNS UCUN a E ee rn ott aE eT E et 105 190 2 Warranty A O set ooo A A 106 A A ee meee eee 107 DOOK ciate eter tate eter oe ene EE ee eee ee eee a 109 Du PROVISION FIIS OY cenaa ratte aetna dt ttt bade hare act ix all ab a a acatbied eases dae ass hatchet 111 List of Figures 1 Router MIDGE UMTS and MIDGE UTE na A ia 6 2 1 Front panel and terminal panel of MIDGE oooccocccocncocncocnnocncocncooncnnnnnnnnncnnncnnncnonnncnnnconnnononononoss 9 4 1 Dimensions in MiliMetres ocooccooncccnconccccnoniccnonnoncncnncnnnnnnnnnnononnnnanon
14. Networking VPN section Section 7 5 VPN o OpenVPN Client o PPTP Server o IPsec Peer o Dial in Server Services section Section 7 6 SERVICES o COM Server Tunneling of the serial line over IP Modbus RTU to Modbus TCP Gateway DHCP Server DNS Proxy Server Dynamic DNS Client E mail Client Notification via E mail and SMS O O O O MIDGE in detail SMS Client SSH Server SNMP Agent Telnet Server Unstructured Supplementary Service Data USSD Web Server GPS Daemon MG 102 xGx only e System Administration section Section 7 7 SYSTEM Configuration via Web Manager Configuration via Command Line Interface CLI accessible via Secure Shell SSH and telnet Batch configuration with text files User admnistration Troubleshooting tools Over the air software update O O O O O O 0 O O O O O 0 10 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Implementation Notes 3 Implementation Notes 3 1 Ethernet SCADA protocols SCADA equipment with an Ethernet protocol behave as standard Ethernet equipment from a commu nications perspective Thus the communication goes transparently through the GPRS UMTS LTE network The implementation requires a heightened caution to IP addressing and routing NAPT func tionality should be used frequently 3 2 Serial SCADA protocols A SCADA serial protocol typically uses simple 8 or 16 bit addressing The mobile network address scheme is an IP netwo
15. SIM The SIM card to be used for this WWAN interface Service type The required service type Please note that these settings supersede the general SIM based settings as soon as the link is being dialed HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Edit Interface WWAN1 WAN Mobile 3 Connection E Link Management Settings Supervision Connection settings load from database Ethemet a specify Port Settings Link Settings TIE Phone number Oe IP Settings gare Access point name oe Mobile P gprsa racom SIMS Authentication Siberian Interfaces E Usemame Serial Port Saree Digital IQ PP Generally the connection settings are derived automatically as soon as the modem has registered and the network provider has been found in our database Otherwise it will be required to configure the following settings Phone number The phone number to be dialed for 3G connections this commonly refers to be 99 1 For circuit switched 2G connections you can enter the fixed phone number to be dialed in international format e g 420xx Access point name The access point name APN being used Authentication The authentication scheme being used if required this can be PAP or and CHAP Username The username used for authentication Password The password used for authentication Furtheron you may configure the following advanced settings 32 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o
16. Software downgrade is not supported Software downgrade may lead to loss of configuration and inac cessibility of the device Manual Software Update This menu can be used to run a manual software update of the system RACOM s r o MIDGEGPRS UMTS HSPA LTE router 81 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Manual Software Update System Settings Time amp Region Update operation Upload image System Information Download from URL Restart Authentication Upload image Vybrat Authentication A A User Accounts Remote Authentication Upload Software Update Manual Software Update Automatic Software Update Update operation method being used You can upload the image download it from an URL or use the latest version from our server Update operation URL Server URL where the software update image should be downloaded from Supported protocols are TFTP HTTP S and FTP Automatic Software Update HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Automatic Software Update System Settings Status E enabled Time amp Region disabled System Information Time of day an Restart y 00 00 URL Authentication L Authentication Last software update No result data available User Accounts Remote Authentication Software Update Manual Software Update Automatic Software Update Status Enable disable automatic software
17. Upload Software Update Manual Software Update Automatic sofware Update Configuration Manual File Configuration Automatic File Configuration Factory Configuration In order to restore a particular configuration you can upload a configuration previously downloaded You can choose between missing configuration directives set to factory defaults or getting ignored that means potentially existing configuration directives will be kept at the system RACOM s r o MIDGEGPRS UMTS HSPA LTE router 83 Web Configuration Automatic File Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT System settings Time amp Region System Information Restart Authentication Authentication User Accounts Remote Authentication Software Update Manual Software Update Automatic Sofware Update Configuration Manual File Configuration Automatic File Configuration Factory Configuration Status Time of day URL Last config update Factory Configuration Automatic File Configuration Status enabled disabled Last config update No result data available Apply Enable disable automatic configuration update Time of day when the system will check for updates The server URL where the configuration file should be retrieved from supported protocols are HTTP s TFTP FTP Result of the last configuration update attempt This menu can be used to reset t
18. Web Configuration 7 4 2 NAPT HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Firewall Matching Statistics Firewall Administration Packets Description Mode Interface Source Destination Port s Rules 0 ALLOW WAN HTTP ALLOW WAN ANY ANY 80 NAPT 6 ALLOW WAN HTTPS ALLOW WAN ANY ANY 443 Administration 3 ALLOW WAN 85H ALLOW WAN ANY ANY 22 Inbound Rules See q E ace 0 ALLOW WAN TELNET ALLOW WAN ANY ANY 23 28 DENY WAN ALL DENY WAN ANY ANY ANY 1767 ALL OTHER ALLOW Back Refresh This page allows setting of the options for Network Address and Port Translation NAPT NAPT translates IP addresses or TCP UDP ports and enables communication between hosts on a private network and hosts on a public network It generally allows a single public IP address to be used by many hosts from the private LAN network Administration This menu can be used to configure the interfaces on which outgoing NAT will be performed HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT NAPT Administration dj RON This menu can be used to configure the interfaces on which outgoing NAT will be performed Rules MAT active NAT inactive HAPT A Administration WAN LAN a Inbound Rules LAM Culbound Rules ES PPPOE a MOBILE1 E TUNA TUN TUN TUNA TAF 1 TAP T Apply Inbound Rules Inbound rules can be used to modify the target section of IP packets and for instance forward a servic
19. When the inter packet delay is shorter than Max Latency Timeout all packets will be collected to a buffer for Max Packet Timeout After that time the buffer will be send out to the the Remote IP address fragmented according the Max Packet Size a burst of several packets in case that the content of the buffer is biggre than Max Packet Size Serial Port Setting HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT WAN Link Management Settings Supenision Ethemet Port Settings Link Settings IP Settings Mobile SIMs Interfaces USB Serial Port Digital O Physical protocol Baud rate Data bits Parity Stop bits Software flow control 36 Administration Device Server senal Por Settings Physical protocol R5232 Baud rate 115200 Data bits 9 data bits x Parity None stop bits 1 stop bit Software flow control None Hardware flow control None Apply Only RS232 is supported Specifies the baud rate of the COM port Specifies the number of data bits contained in each frame Specifies the parity used with every frame that is transmitted or re ceived Specifies the number of stop bits used to indicate the end of a frame In XON XOFF software flow control either end can send a stop XOFF or start XON character to the other end to control the rate of incoming data MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration Hardware flow control While
20. different SIM cards Close attention has to be paid when other services such as SMS or Voice are operating on that modem as a SIM switch will affect their operation 30 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Configuration Network WAN Link Management settings Supervisi n Configure SIM1 SIM state ready Ethemet Port Settings Default modem Mobile 4 Link Settings eS ee Sere eae 7 eee Mobile Sis PIN protection Interfaces 26 GSM only 3G UMTS first USB 36 UMTS only SMS gateway 26 36 GSMIUMTS only de Serial Port sericea specify Digital O Apply You can configure the following settings Default modem The default modem assigned to this SIM card Service type The default service type to be used with this SIM card Remember that the link manager might change this in case of different settings The default is to use automatic in areas with interfering base stations you can force a specific type e g 3G only in order to prevent any flapping between the stations around PIN protection Depending on the used card it can be necessary to unlock the SIM with a PIN code Please check the account details associated with your SIM whether PIN protection is enabled PIN code The PIN code for unlocking the SIM card SMS gateway The service center number for sending short messages It is generally retrieved aut
21. liable for any consequential loss or damage caused directly or indirectly through the use misuse function or malfunction of the equipment always subject to such statutory protection as may explicitly and unavoidably apply hereto 106 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Glossary Appendix A Glossary APN CE CS CSD DHCP DMZ DNS EDGE EMC FTP GPRS GSM GUI HSCSD HSDPA HSUPA HTML HW IP IPSec ISDN ISP LAN NAPT NAT POP Access Point Name Access Point Node Consumer Electronic Label by Consumer Electronic Association CEA www ce org Coding Scheme Circuit Switched Data Dynamic Host Configuration Protocol Demilitarized Zone Domain Name System Enhanced Data Service for GSM Evolution Electromagnetic compatibility File Transfer Protocol General Packet Radio Service Global Packet Radio Service Graphical User Interface High Speed Circuit Switched Data High Speed Downlink Packet Access High Speed Uplink Packet Access Hypertext Markup Language Hardware Internet Protocol Internet Protocol Security Integrated Services Digital Network Internet Service Provider Local Area Network Network Address Port Translation Network Address Translation Point of Presence POP POP3 Post Office Protocol Version 3 http www ce org RACOM s r o MIDGEGPRS UMTS HSPA LTE router 107 Glossary PPP RAS RoHS SIM SW TCP TFTP UDP UMTS URL VPN WEEE 108 Point to Point Protoco
22. name Password 7 6 6 Events E mail Client Administration E mail client status 5 enabled disabled E mail Client Configuration From e mail address Server address server port 25 Authentication method automatic Encryption none Username Password Administrative status of the E Mail client Enabled or disabled E Mail address of the sender SMTP server address SMTP server port typically 25 Choose the required authentication method to authenticate against the SMTP server User name for authentication Password for authentication By using the event manager you can notify one or more recipients by SMS or E Mail upon certain system events The messages will contain a description provided by you and a short system info 66 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Events Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT SDK Administration Job Management Testing DHCP Server DNS Server DynDNs E mail Events SMS SS5HTelnet Server SNMP Agent Web Server Redundancy Add Event Notification Send a E Mail SMS E Mail SMS E Mail address Description Category Event CALL m call incoming A call outgoing DDNS m ddns update failed F ddns update succeeded DIALIM F dialin down ial dialin up DIO F dio in1 off F dio in1 on F dio in2 off The default texts for a specific Event are as folows wan up wan down d
23. running HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT SDK Administration Job Management Testing DHCP Server DNS Server DynDNS E mail Administration Status Troubleshooting SDK Troubleshooting A detailed introduction to the scripting language can be found in the arena manual further system related functions are described in the SOK API documentation A set of script examples can be downloaded from here Select job SMS CONTROL ES This page can be used to control the SDK host and apply the following settings Parameter Administrative status Scheduling priority Maximum flash usage Description Specifies whether SDK scripts should run or not Specifies the process priority of the sdkhost higher priorities will speed up scheduling your scripts lower ones will have less impact to the host system The maximum amount of MBytes your scripts can write to the internal flash The status page informs you about the current status of the SDK It provides an overview about any finished jobs you can also stop a running job there and view the script output in the troubleshooting section where you will also find links for downloading the manuals and examples 58 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration Job Management HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Ae Name Script Trigger Administration m z Job Manage
24. snmpd SNMP daemon syslog Syslog daemon telnet Telnet server dropbear SoH Server vrrpd VRRP daemon usbipd USB IP daemon surveyor Supervision daemon 98 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Command Line Interface voiced Voice daemon apsa GPS daemon smsd SMS daemon 8 9 Resetting System The reset command can be used to reset the router back to factory defaults 8 10 Rebooting System The reboot command can be used to reboot the router gt reboot h Usage 8 11 Running Shell Commands The shell command can be used to execute a system shell and run any arbitrary application shell h lt cmd gt 8 12 CLI PHP CLI PHP an HTTP frontend to the CLI application can be used to configure and control the router re motely lt is enabled in factory configuration thus can be used for deployment purposes but disabled as soon as the admin account has been set up The service can later be turned on off by setting the cliphp status configuration parameter gt get cliphp status cliphp status 0 gt set cli php status 1 gt get cliphp status cliphp status 1 cliphp status 0 Service is disabled cliphp status 1 Service is enabled This section describes the CLI PHP interface for Version 2 the general usage is defined as follows RACOM s r o MIDGEGPRS UMTS HSPA LTE router 99 Command Line Interface Usage http s cli php lt keyl gt lt valuel gt amp lt key2 gt lt
25. to the customer The warranty does not cover custom modifications to software During the warranty period RACOM shall on its option fit repair or replace service faulty equipment always provided that malfunction has occurred during normal use not due to improper use whether deliberate or acci dental such as attempted repair or modification by any unauthorised person nor due to the action of abnormal or extreme environmental conditions such as overvoltage liquid immersion or lightning strike Any equipment subject to repair under warranty must be returned by prepaid freight to RACOM direct The serviced equipment shall be returned by RACOM to the customer by prepaid freight If circumstances do not permit the equipment to be returned to RACOM then the customer is liable and agrees to reim burse RACOM for expenses incurred by RACOM during servicing the equipment on site When equipment does not qualify for servicing under warranty RACOM shall charge the customer and be reimbursed for costs incurred for parts and labour at prevailing rates This warranty agreement represents the full extent of the warranty cover provided by RACOM to the customer as an agreement freely entered into by both parties RACOM warrants the equipment to function as described without guaranteeing it as befitting customer intent or purpose Under no circumstances shall RACOM s liability extend beyond the above nor shall RACOM its principals servants or agents be
26. wait before sending the next probe The maximum number of failed ping trials until the ping check will be declared as failed This menu can be used to individual assigning of each Ethernet port to a LAN interface in case you want to have different subnets per port or use one port as WAN interface RACOM s r o MIDGEGPRS UMTS HSPA LTE router 2 Web Configuration If it is desired to have both ports in the same LAN you may assign them to the same interface Please note that the ports will be bridged by software and operated by running the Spanning Tree Protocol HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Ethermet Port Settings WAN Link Management Network interface for Ethemet 1 LAN Settings as Supervision Network interface for Ethernet 2 LANZ Ethernet Part Settings _ Apply Link Settings IP Settings Link Settings HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Ethemet Link Settings WAN Link Management Link speed for Elhernel 1 auto negotiated Settings Supenision Link speed for Elhernel 2 Ethernet Port Settings Link Settings IP Settings Link negotiation can be set for each Ethernet port individually Most devices support autonegotiation which will configure the link speed automatically according to the existing devices in the network however manual setting of 10 basetT or 100 baseT and Half or Full duplex shall be set as well IP
27. web browser supporting JavaScript may be used By default IP address of the Ethernet interface is 192 168 1 1 the web server runs on port 80 MIDGE Wireless Router EP RACOM Wireless Router Login Please provide user name and password lo log in User name Password The minimum configuration steps usually include 1 Defining the admin password 2 Entering the PIN code for the SIM card 3 Configuring the Access Point Name APN 4 Starting the mobile connection 22 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Installation 6 Installation 6 1 Mounting MIDGE Wireless Router is designed for a DIN rail mounting or on a panel using flat bracket Please consider the safety instructions in Chapter 10 Safety environment licensing 6 2 Antenna mounting MIDGE Wireless Routers will only operate reliably over the GSM network if there is a strong signal For many applications the flexible stub antenna provided would be suitable but in some circumstances it may be necessary to use a remote antenna with an extended cable to allow the antenna itself to be positioned so as to provide the best possible signal reception RACOM can supply a range of suitable antennas Beware of the eflective effects caused by large metal surfaces elevators machine housings etc close meshed iron constructions and choose the antenna location accordingly Fit the antenna or connect the antenna cable to the GSM antenna connector In exte
28. x DES A snmpadmin 192 168 1 1 1 3 6 1 4 1 31496 10 40 12 0 The return value can be one of 1 succeeded 2 failed 3 inprogress 4 notstarted run software update snmpset v 3 u admin n authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 13 0 s http server directory get software update status snmpget v 3 u snmpadmin n authNoPriv a MD5 x DES A snmpadmin 192 168 1 1 1 3 6 1 4 1 31496 10 40 14 0 Return value can be either of 1 succeeded 2 failed 3 inprogress 4 notstarted RACOM s r o MIDGEGPRS UMTS HSPA LTE router 73 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT SDK Administration Job Management Testing DHCP Server DNS Server DynDNS E mail Events SMS SoHMelnet Sever SNMP Agent Web Server Redundancy SNMP agent status Listening Port Community Contact Location Trap target host Trap target port SNMP Agent Administration SMMP agent status 5 enabled disabled Download MIB SNMP Agent Configuration Operation mode w vi v2c v3 5 v3 only Listening port 161 Community public Contact Location Trap target host Trap target port 162 Mobile signal strength trap threshold 4413 ldbm Mobile signal strength trap reactivation 54 diary threshold Apply Signal strength trap threshold Signal strength trap reactivation threshold 7 6
29. 2 UDP ports 1995 2002 10 202 0 88 O Ej Administration ES Inbound Rules __ gt gt gt gt a gt gt gt gt gt gt gt gt gt gt gt aa Outbound Rules Description A meaningful description of this rule Incoming interface Outgoing interface on which matching packets are leaving the router Source address Source address of matching packets optional Protocol Used protocol of matching packets Ports Used UDP TCP port of matching packets Rewrite source address Address to which the source address of matching packets shall be rewritten Rewrite source port Port to which the source port of matching packets shall be rewritten RACOM s r o MIDGEGPRS UMTS HSPA LTE router 45 Web Configuration 7 5 VPN 7 5 1 OpenVPN Administration OpenVPN administrative status Enable or disable OpenVPN If enabled OpenVPN client configurations will be started whenever a WAN link has been established Server configurations will be started immediately after boot up HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT OpenvVPA Administration OpenVPN Administration OpenVPN administrative status enabled Tunnel Configuration disabled Client Management Restart on link change El IPsec Administration Apply Restat Configuration PPTP Server OpenVPN Status Dial in Server Tunnel 1 Server is running Tunnel 2 disabled Tunnel 3 disabled Tunnel 4 disabled Tunnel Con
30. 3 wired conection is used with M DGE hardware flow control is not available 7 2 6 Digital I O The Digital I O page displays the current status of the I O ports and can be used to turn output ports on or off You can apply the following settings HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Digital VO Pol Administration WAN Link Management OUT 1 T off turn on Settings oa Superision DUTZ a on tum off Ethernet bikes al Port Settings IN2 off Link Settings IP Settings Digital O Port Configuration Mobile OUT1 atter reboot default Sis Interfaces OUT after reboot default USB senal Fort Apply Digital 1 0 Besides on and off you may keep the status after reboot at default which corresponds to the default state as the hardware will be initialised at power up The digital inputs and outputs can also be monitored and controlled by SDK scripts RACOM s r o MIDGEGPRS UMTS HSPA LTE router 3 Web Configuration 7 3 ROUTING 7 3 1 Static Routes This menu shows all routing entries of the system which can consist of active and configured ones Netmasks can be specified in CIDR notation i e 24 expands to 255 255 255 0 HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Static Routes Extended Routes Bridging Mobile IP Administration Destination Netmask Gateway Interface Metric Flags 38 Stalic Routes This menu shows a
31. Aggressive mode has to be used when dealing with dynamic endpoint addresses It is however referred to be less secure compared to main mode as it reveals your identity to an eavesdrop per IKE encryption method IKE hash method IKE Diffie Hellman Group Use Perfect Forward Secrecy This feature heavily increases security as PFS avoids penetration of the key exchange protocol and pre vents compromising the keys negotiated earlier MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration Local ID Remote ID ESP encryption ESP hash Status Detection cycle sec Failure count Local ID Remote ID ESP encryption method ESP hash method Enable or disable Dead Peer Detection DPD will detect any broken IPSec connections in particular the ISAKMP tunnel and refresh the corresponding SAs Security Associations and SPls Security Payload Identifier for a faster re establishment of the tunnel Set the delay in seconds between Dead Peer Detection RFC 3 06 keep alives R_U_ THERE R_U_THERE_ACK that are sent for this connection default 30 seconds The number of unanswered DPD R_U_THERE requests until the IPsec peer is considered dead The router will then try to re establish a dead connection automatically HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT OpenVPN Administration Tunnel Configuration lPsec Administration Configuration IPsec Tunnel Configuration Mame Remot
32. Conditions Humidity O to 95 non condensing Overvoltage Category II Pollution ed Da Dimensions Weight 125 x 45 x 110 mm 450 g 1 Ibs Type Approval CE R amp TTE see EC Declaration of Conformity Antennas Various antennas suitable for your application are available Mounting kit Flat bracket mounting kit 18 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Product 4 5 Model offerings MIDGE GPRS EDGE UMTS HSPA router 2Eth RS232 2DI 2DO UMTS DIN rail holder included MIDGE LTE GPRS EDGE UMTS HSPA LTE router 2Eth RS232 2DI 2DO DIN rail holder included SW feature keys The SW feature key should be added to a new or running system via adding a licence menu SYSTEM Licensing see Section 7 7 7 Licensing Mobile IP This key allows building a MobilelP VPN tunnel See http en wikipedia org wiki Mo bile_IP for short explanation Server Ext OpenVPN server extension without this key the maximum number of connected clients shall reach 10 This key extends the number to 25 4 6 Accessories 4 6 1 F bracket Fig 4 7 Flat bracket Flat bracket Installation bracket for flat mounting For details on use see chapter Mounting and chapter Dimensions RACOM s r o MIDGEGPRS UMTS HSPA LTE router 19 Product 4 6 2 Demo case A rugged plastic case for carrying up to three RipEX s and one MIDGE 3G SCADA router It also contains all the accessories needed to perform an on site sig
33. DGEGPRS UMTS HSPA LTE router O RACOM s r o Troubleshooting 9 Troubleshooting 9 1 Common Errors With GPRS UMTS connection even if GSM signal good enough folowing Errors are common SIM missing Check status of SIM card on menu INTERFACES SIM Configuration and Insert re insert a SIM card and perform a power cycle PIN code required Insert the PIN code on menu INTERFACES SIM Configuration Connection not established or Insert the PIN code on menu INTERFACES SIM Configuration failed Connection not established or See the SYSTEM Troubleshooting Log Files Debug Log under failed Check APN phone number username password 9 2 Messages The Web Manager displays messages in the status bar in the footer of a web page HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Ethemet Connection Summary Description Administrative Status Operational Status Active Link Ethernet Mobile disabled down Ethemet enabled up OpenVPN enabled down IPs c disabled down PPTP Dial in disabled down Mobile Dial in disabled down 14 08 12 08 51 Software is already up to date 14 08 12 08 48 WanLinks Mobile has not been properly configured yet change There are three levels Green Action was succesful an informative message with several important actions informing about positive result Yellow Warning please consider the information Red Error command was not performed typically with recommen
34. EP RACOM RADIO DATA NETWORKS Operating manual GPRS UMTS HSPA LTE router 1 3 6 25 2013 RACOM s r o Mirova 1283 592 31 Nove Mesto na Morave Czech Republic Tel 420 565 659 511 Fax 420 565 659 512 E mail racomOracom eu Table of Contents MPORanE NOUS s 5 o Secs cement E de cect eectaeeun medina 6 EA IP te ee eR Ee ne ee ee eee eee ee cee ener T TANTO A A a E ela T Mee A E de tatate cuca te estadeetneateet T A o AAPP oe PR EE A 8 2 MDOE MOEA atts taal etes o id 9 3 MMIDISIME TATION NOTES sii cd 11 Js E Nemet SCADA DOLO Sada 11 32 Deblal SCADA Procol Sinad E AN A 11 Ss cai seyon a O A 11 24 VPN UNNES ca E a a a aa aeS 11 OIC a A E 12 dz le DIMENSIONS ai AA A dia 12 Ae COMMS ClOlS ai R a a a a O teeta eas 12 Ao MACON LED Soran e E E EEE ne ETE 15 AA Technical specificat ons onina e a a aaa ded Aena a Naaa 17 AO Mode OMGRINGS ees A Ai 19 EO ACCE O MES nat ere ae 19 5 Benen test Step DY Step GUIS 10 iia 21 51 CONMECING Ie Nara Ware canadian e dd tidad 21 5 2 Powering Up Your MIDE ita da 21 5 3 Connecting MIDGE to a programming PC csser a R 21 94 BaSe SEUD dt tl aia 22 A O 23 6 te MOUNN Y A A ES 23 o OUNI AAA A A A 23 0 39 Grounding aer eds da lisboa 23 A A 23 E Nep C nfiguratiON neesenca e dee 24 A eee bans een eet ladda de tant steetdcate ue cueea inns E renee 24 T 2 ANTERFACES rd dass 25 A A a A A een Reece 38 TA PIREWALG guasi E a db do 42 A A A ee eer ee eee 46 TO SERVICES siapus nse
35. ES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Modules Software System settings Time amp Region Mounted Modules System Information A R Restan Module Slot Description Mobile 1 1 Type emP70 12011404 Authentication Manufacturer huawei Authentication Model EM770WY User Accounts Revision 11 126 10 95 00 Remote Authentication IMEI 357789047067116 6CAP 0G5M 05 ES Software Update Manual Software Update Automatic Software Update IMEI 357789047067118 Mn r a eaha a a HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT System Modules System settings E Time amp Region Software Information O oo Software release 3 6 40 104 Restart Release date 2012 11 29 15 15 disdngtaciolada UBoot 3 6 0 103 Authentication m User Accounts SPL 3 6 0 100 Remote Authentication Software Update Manual Sinfhuavare lrvdote Restart This menu can be used to restart the system Any WAN links will be dropped RACOM s r o MIDGEGPRS UMTS HSPA LTE router 79 Web Configuration 7 7 2 Authentication Authentication HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Authentication System Settings Authentication method Authentication required m Time 4 Region mE System Information Allowed login methods hitp https telnet ssh Resta ae Apply Authentication Authentication User Accounts Remote Authentication This pag
36. Enabled or disabled HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Add DynDNS Service SDK Administration Provider dyndns org sd Job Management F l Testing Dynamic address derive from hotlink interface query CheckiP service at dyndns org DHCP Server DNS Server ET DynDNS Port 80 E mail Username Events Password SMS _ Apply Dynamic address Specifies whether the address is derived from the hot link or via an external service Hostname The host name provided by your DynDNS service e g mybox dyndns org Port The HTTP port of the service typically 80 Username The user name used for authenticating at the service Password The password used for authentication Please note that your RACOM router can operate as DynDNS service as well provided that you hold a valid SERVER license and have your hosts pointed to the DNS service of the router 7 6 5 E mail client The E Mail client can be used to send notifications to a particular E Mail address upon certain events or by SDK scripts RACOM s r o MIDGEGPRS UMTS HSPA LTE router 65 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT SDK Administration Job Management Tesimg DHCP Server DNS Server DynDNs E mail Events SMS SSH Telnet Server SNMP Agent Web Server Redundancy E mail client status From e mail address Server address Server port Authentication method User
37. LLOW WAN HTTPS ALLOW WAN ANY ANY 443 Administration 3 ALLOW WAN SSH ALLOW WAN ANY ANY a9 Inbound Rules Ex 0 0 ALLOW WAN TELNET ALLOW WAN ANY ANY 23 utbound Rules rr 28 DENY WAN ALL DENY WAN ANY ANY ANY 1767 ALL OTHER ALLOW Statistics presents numbers of packets for the individual rules Add Firewall Rule HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Add Firewall Rule Firewall E Administration Description SCADA address Rules Mode ALLOW MAPT ir ca Administration coming internace LAN Inbound Rules Source ee Outbound Rules JANY specify ae Address 192 168 141 222 Nelmask 255 255 255 255 Destination ANY LOCAL specify Protocol Any 1 Add rule Cancel Description A meaningful description about the purpose of this rule Mode Whether the packets of this rule should be allowed or denied Incoming interface Interface on which matching packets are received Source Source address of matching packets can be any or a source network host Destination The destination address of matching packets can be any local ad dressed to the system itself or specified by an address network Protocol Used IP protocol of matching packets Destination port s Destination port of matching packets You can specify a single port or a range of ports here Note that protocol must be set to UDP TCP when using port filters RACOM s r o MIDGEGPRS UMTS HSPA LTE router 43
38. Make sure the SIM is suitable for data transmission There are two reasons for installing the SIM card as the first task a the SIM card may be damaged when inserted into the powered equipment b the information from SIM card are read only after a power cycle 5 1 2 Connect the GSM UMTS antenna Fit a GSM UMTS antenna For details see section Section 4 6 Accessories or contact RACOM for sultable antennas 5 1 3 Connect the LAN cable Connect one MIDGE Ethernet port to your computer using an Eth cat 5 cable 5 1 4 Connect the power supply Connect the power supply wires to the MIDGE screw terminals Enable of the power supply 5 2 Powering up your MIDGE Switch on your power supply Status LED flashes for a few seconds and after 8 seconds it starts blinking to a green light After approximately 30 seconds your MIDGE will have booted and will be ready the Status LED remains shining on When the Mobile Connection is enabled the Connect LED starts blinking while connecting to the GPRS UMTS network the color green yellow red represents the signal strength excellent medium weak You ll find the description of the individual LED states in Section Section 4 3 Indication LEDs 5 3 Connecting M DGE to a programming PC a Please connect the Ethernet interfaces of your computer and MIDGE b If not yet enabled please enable the Dynamic Host Configuration Protocol DHCP so that your computer can lease an IP ad
39. Management The following list will be processed by order forwarding outgoing messages over the specified modem or dropping them Testing Messages which are not matching any of the rules below will be dispatched to the first available modem DHCP Server Number Mode m 420602561064 forward over Mobile1 Ej ES DNS Server FJ 420724326288 forward over Mobile1 E E DynDNS ry E mail SMS Filterin Events g The rules below can be used to drop any incoming messages before entering the system All others will ba allowed SMS Number Receiving Modem Mode Sor Telnet Server 420724326283 Mobile1 allow E E SNMP Agent E 420602561064 Mobile1 allow Ej E Web Server Phone numbers can also be specified by regular expressions here are some examples 12345678 Specifies a fixed number TL Specifies any numbers starting with 1 1 9 Specifies any numbers starting with 1 and ending with 9 A Specifies any numbers starting with either 1 or 2 Please note that numbers have to be entered in international format including a valid prefix On the other hand you can also define rules to drop outgoing messages for instance when you want to avoid using any expensive service or international numbers Both types of rules form a list will be processed by order forwarding outgoing messages over the specified modem or dropping them Messages which are not matching any of the rules below will be dispatched to the first available modem Filtering serves a concep
40. N DIO information Setting MIB values is limited to SNMPv3 and only the admin user is entitled to trigger the extensions Note O Attention must be paid to the fact that SNMP passwords have to be more than 8 characters long Shorter passwords will be doubled for SNMP e g admin01 becomes admin01ad min01 SNMP extensions can be read and triggered as follows To get system software version snmpget v 3 u admin n I authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 33555 10 40 1 0 To get a kernel version snmpget v 3 u admin n I authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 33555 10 40 2 0 To get a serial number snmpget v 3 u admin n I authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 33555 10 40 3 0 To restart the device snmpset v 3 u admin n authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 33555 10 40 10 0 i 1 To run a configuration update snmpset v 3 u admin n authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 33555 10 40 11 0 s http server directory REMARK config Update expects a zip file named lt serial number gt zip in the specified directory which contains at least a user config zip Supported protocols are TFTP HTTP s and FTP Specifying a username password or port is not yet supported get configuration update status snmpget v 3 u snmpadmin n authNoPriv a MD5
41. N server address optional for clients to switch over in case the primary address cannot be reached Secondary OpenVPN server port optional for clients The VPN device type which can be either TUN typically used for routed connections or TAP used for bridged networks Defines how the packets should be forwarded can be routed or bridged from or to a particular interface Required cipher mechanism used for encryption Enable or disable OpenVPN compression Can be used to send a periodic keep alive packet in order to keep the tunnel up despite inactivity By redirecting the gateway all packets will be directed to the VPN tunnel Please ensure that essential services Such as DNS or NTP RACOM s r o MIDGEGPRS UMTS HSPA LTE router 47 Web Configuration servers can be reached at the network behind the tunnel If in doubt create an extra static route pointing to the correct interface Protocol The OpenVPN tunnel protocol to be used Authentication You can choose between no authentication credential based where you have to specify a username and password and based on keys and certificates Note that keys certificates have to be created under SYSTEM gt Keys Certificates You may also upload files which you have generated on your host system Server Mode HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Tunnel i ff Tunnel 2 Tunnel 3 OpenVPN p P CE Tunnel 1 Configuralion Administration
42. P servers Run IP TCP UDP clients Access files of mounted media e g an USB stick Retrieve status information from the system Get or set configuration parameters 10 Write to syslog 11 Transfer files over HTTP FTP 12 Get system events Reboot system 13 Control the LEDs O OO oh The SDK API manual at menu SERVICES Administration Troubleshootings SDK API provides an overview but also explains all functions in detail Please note that some functions require the corresponding services e g E Mail SMS to be properly configured prior to utilizing them in the SDK Let s now pay some attention to the very powerful API function nb_ status It can be used to query the router s status values in the same manner as they can be shown with the CLI It returns a structure of variables for a specific section a list of available sections can be obtained by running cli status h By using the dump function you can figure out the content of the returned structure Dump current WAN status dump nb status wan The script will then generate lines like maybe these Struce Ly 4 WANLINK1 GATEWAY string 11 10 64 64 64 WANLINK1 STATE string 2 up WANLINK1 STATE UP SINCE string 19 2013 01 22 09 00 47 WANLINK1 DIAL ATTEMPTS Strang ib a D WANLINKS STATE string 8 disabled WANLINK1 DIAL SUCCESS Seino el A WANLINK1 ADDRESS Serine 107 LO add o WANLINK1 SERVICE TYPE string 4 hs
43. Settings Two individual windows will be used when different LAN is set in Port settings menu For each of them you can define whether LAN or WAN interface has to be used Note O The default IP address for LAN 1 interface is 192 168 1 1 24 for LAN2 192 168 2 1 24 28 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Web Configuration WAN Link Management Settings IP Settings LAN SUpenision Mode ae Ethernet WAN Port Settings Link Settings static Configuration IP Settings IP address 192 168 2 1 Mobile SIMs aS 255 255 255 0 Interfaces USB SETA Apply Static configuration of MIDGE s own IP address and Subnet mask is available for LAN mode Note Setting of the IP address is conected with the DHCP Server if enabled menu SERVICES DHCP Server HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT A 2 WAN Link Management Stie IP Settings LAN1 Supervision Mode LAN Ethernet ae Port Settings Link Settings WAN Mode DHCP client IP Settings e static IP PPPoE Mobile SIMs EA Stalic Configuration USB IP address 192 168 131 233 Serial Port subnet mask 255 255 255 0 Digital 1 0 ee Default gateway 192 168 131 254 Primary DNS server 192 168 0 29 Secondary ONS server MTU Apply WAN mode enables the following possibilities DHCP client means that the IP configuration will be retriev
44. T Traversal Configuration Enable or disable IPsec NAT Traversal is mainly used for connections which traverse a path where a router modifies the IP address port of packets HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Configuration of IPsec Tunnel 1 OpenVPN KE P Peec P Em Aadariatration roposal IPsec Proposal Networks Tunnel Configuration A Peer Information Psec l Peer address Administration Configuration Dead Peer Detection DPD PPTP Server Administrative status F Dial in Server Detection cycle 30 seconds Failure threshold 4 Remote server address Remote LAN address Remote LAN subnet mask NAT Traversal Preshared Key PSK IKE mode IKE encryption IKE hash IKE Diffie Hellman Group Perfect Forward Secrecy PFS 90 IP address or host name of IPsec peer responder server The remote private network provided by an IP address in dotted decimal notation The remote private network provided by a subnet mask in dotted decimal notation Enable or disable NAT Traversal NAT Traversal is mainly used for connections which traverse a path where a router modifies the IP address port of packets It encapsulates packets in UDP and therefore requires a slight overhead which has to be taken into ac count when running over small sized MTU interfaces The pre shared key PSK Choose a negotiation mode The default is main mode identity protection
45. Tunnel Configuration Operation mode disabled Client Management client standard a server expert IPsec Administration Configuration server port 1194 PPTP Server Type tun Dial in Server Network mode ae cies bridged Interface LANI Cipher AF CBC Use compression El Use keepalive F Redirect gateway E Authentication cenificate based root certificate server cenrti icate and server key are missing Manage keys and certificates Capa Ese A server tunnel typically requires the following files e server conf OpenVPN configuration file e ca crt root certificate file e server crt certificate file e server key private key file e dh1024 pem Diffie hellman parameters file e adirectory with default name ccd containing client specific configuration files Note OpenVPN tunnels require a correct system time Please ensure that all NTP servers are reachable When using host names a working DNS server is required as well 48 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Web Configuration Client Management Once you have successfully set up an OpenVPN server tunnel you can manage and enable clients which can connect to your service the client s page also informs you about currently connected clients Further you can specify a fixed tunnel endpoint address of each client and its network behind You can also define routes to be pushed to each client if you want to redirect traffic for
46. a tiny system log server for Windows included in TFTP32 You can configure the behaviour of the status LEDs on the front panel of your device They are usually divided into two banks left for he digital IO port status or right for indication of the connection status You may configure toggle mode so that the LEDs periodically show both bank states See description of LEDs in section Sec tion 4 3 Indication LEDS Network Time Protocol NTP is a protocol for synchronizing the clocks of computer systems over packet switched variable latency data networks MIDGE can synchronize its system time with a NTP server If enabled time synchronization is usually triggered after a WAN link has come up but before starting any VPN connections Further time synchronizations are scheduled in the background every 60 minutes RACOM s r o MIDGEGPRS UMTS HSPA LTE router Tf Web Configuration System Settings Time amp Region System Information Restan Authentication Authentication User Accounts Remote Authentication Software Update Manual Software Update Aulomatic Software Update Configuration Manual File Configuration Aulomatic File Configuration Factory Configuration Troubleshooting Network Debugging Sarto Muhsin System Time Time synchronisation NTP server NTP server 2 optional Time zone Daylight saving changes HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT System Ti
47. app en pdf RACOM s r o MIDGEGPRS UMTS HSPA LTE router 11 Product 4 Product 4 1 Dimensions 10 Fig 4 1 Dimensions in milimetres 4 2 Connectors 4 2 1 Antenna SMA The UMTS model has one SMA an tenna connector The LTE model is equipped with two antenna connectors The ANT connect or above serves as a main antenna connection the second connector is auxiliary and serves for better commu nication with BTS diversity Fig 4 2 Antenna connectors SMA 12 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Product 4 2 2 2x Eth RJ45 Tab 4 1 Pin assignment Ethernet Interface RJ 45 ETH Ethernet 10Ba Socket seT and 100BaseT signal Fig 4 3 2x Eth RJ45 Plug pin numbering 4 2 3 USB M dge uses USB 1 1 Host A interface USB interface is wired as standard Tab 4 2 USB pin description 5 V red GND Fig 4 4 USB connector 4 2 4 Screw terminal Screw terminal plug type Stelvio Kontek CPF5 15 or MRT3P 15V01 can be used RACOM s r o MIDGEGPRS UMTS HSPA LTE router 13 Product Power L inputs 3 L Outputs 4 EA 12 ABV gt Fig 4 5 Screw terminal Tab 4 3 Pin assignment of screw terminal EN Ground internally connected with casing ground Dual power input not connected with pin 4 12 48 VDC 15 20 10 2 57 6 VDC a Ground internally connected with casing ground Dual power input not connected with pin 2 12 48 VDC 15
48. ax 0 0 KB s out E min 0 0 KB s avg 0 0 KB s max 0 0 KB s out E min 0 0 KB s avg 0 0 KB s max 0 0 KB s last 24 hours last 31 days reload graphs automatic reload is System Debugging Log files can be viewed downloaded and reset here Please study them carefully in case of any issues RACOM s r o MIDGEGPRS UMTS HSPA LTE router 8 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT System Debugging system Settings Time amp Region Select log m s 7 lo System Information 9 2 System logs Restart Boot logs 5 Script logs Authentication Number of lines to be displayed A all Authentication ape last 1000 lines Remote Authentication NOV 38 66 17 24 mi0ge 0aemon 1nto ansmasg 1zby1 read eTC MOsTs 3 aquresses Nov 38 68 17 24 midge user info link manager 12597 updated pinghosti 186 203 8 1 to Software Update 18 203 8 1 i Manual Software Update isa ae 17 24 midge user info link manager 12597 updated pinghost2 16 262 8 1 to Automatic Software Update Nov 38 68 17 24 midge user info link manager 12597 adding available wanlinks Nov 38 66 17 24 midge user err wanmd 4687 waang client id link manager already EA Configuration exists kicking it Manual File Configuration Nov 38 86 17 24 midge user info link manager 12597 wanlinke permanent link has been added type wean prio 1 a Eee CONTE Nov 38 68 17 24 midge user info link manager 12597
49. by running the Vir tual Router Redundancy Protocol VRRP among them A typical VRRP scenario defines a first host playing the master and another the backup device they both define a virtual gateway IP address which will be distributed by gratuitous ARP messages for updating the ARP cache of all LAN hosts and thus redirecting the packets accordingly A takeover will happen within approximately 3 seconds as soon as the partner is no longer reachable checked via multicast packets This may happen when one device is rebooting or the Ethernet link went down Same applies when the WAN link goes down In case DHCP has been activated please keep in mind that you will need to reconfigure the DHCP gateway address offered by the server and let them point to the virtual gateway address In order to avoid conflicts you may turn off DHCP on the backup device or even better split the DHCP lease range in order to prevent any lease duplication Note MIDGE assigns a priority of 100 to the master and 1 to the backup router Please adapt the priority of your third party device appropriately RACOM s r o MIDGEGPRS UMTS HSPA LTE router 19 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT SDK Administration Job Management Testing DHCP Server DNS Servar DynDNs E mail Fvents SMS SSH Telnet Server SNMP Agent Web Server Redundancy Administrative status Role VID Interface Vi
50. d an input field for optional arguments which can be used to perform test runs of your script or test dedicated portions of it Please note that you might need to quote argu ments as they will otherwise be separated by white spaces arguments schnick schnack schnuc k for i 0 i lt argc itt printf argv Sd s n argv i generates argv0 scriptname argvl schnick argv2 schnack argvs Y 6 Ci nu Gk In case of syntax errors arena will usually print error messages as follows indicating the line and pos ition where the parsing error occurred RACOM s r o MIDGEGPRS UMTS HSPA LTE router 61 Web Configuration scripts testrun 2 10 FATAL parse error unexpected expecting SDK Sample Application As an introduction you can step through a sample application namely the SMS control script which implements remote control over short messages and can be used to send a status of the system back to the sender The source code is listed in the appendix Once enabled you can send a message to the phone number associated with a SIM modem It generally requires a password to be given on the first line and a command on the second such as admin01 status We strongly recommend to use authentication in order to avoid any unintended access however you may pass noauth as argument to disable it You can then skip the first line containing the password Having a closer look to the script you
51. d for use in applications which may directly affect health and or life functions of humans or animals nor to be a component of similarly important systems and RACOM does not provide any guarantee when company products are used in such applications RACOM s r o MIDGEGPRS UMTS HSPA LTE router 5 Getting started Getting started MIDGE Wireless Routers will only operate reliably over the cellular network if there is a strong signal For many applications a flexible stub antenna would be suitable but in some circumstances it may be necessary to use a remote antenna with an extension cable to allow the antenna itself to be positioned so as to provide the best possible signal reception RACOM can supply a range of suitable antennas 1 2 Install the SIM card Insert a SIM card into the SIM socket Make sure the SIM is suitable for data transmission Connect the GSM UMTS antenna Fit a GSM UMTS antenna 1 If needed contact RACOM for suitable antennas and other details Connect the LAN cable Connect one MIDGE Ethernet port to your computer using an Eth cat 5 cable Connect the power supply Connect the power supply wires to the MIDGE screw terminals Enable the power supply Setting of IP address of the connected computer By default the DHCP server is enabled thus you can allow the Dynamic Host Configuration Protocol DHCP on your computer to lease an IP address from the MIDGE Wait aproximatelly 20 seconds until your computer has r
52. d inactive FPTP disabled inactive Dial In disabled inactive The highest priority link which has been established successfully will become the so called hotlink which holds the default route for outgoing packets Detailed information about status of each WAN interface is available in a separate window HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Summary WAN 4 Connection Details LAN Description Value Administrative state enabled Operational state up Link is up since 2012 11 21 10 29 11 IP address 192 168 131 233 Gateway 192 168 131 254 Transfer rate down up 363 Byte s 665 Byte s Data downloaded uploaded since 2012 10 26 19 23 02 4 34 MB 9 95 MB reset 24 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Summary Connection Details WWAN1 Description Value Administrative state enabled Operational state up Link is Up since 2012 11 21 10 30 04 Modem Mobile 1 SiM SIM1 ready Signal strength 77 dBm good Registration status registeredinHomeNetwork Service type HSPA Mobile network vodafone C2 Cell 41093 IP address 10 2048 3 Gateway 10 64 64 64 Transfer rate down up 46 Byte s 0 Byle s Data downloaded uploaded since 2012 11 21 10 20 18 492 bytes 144 bytes Rese 7 2 INTERFACES Details for all physical connections are given in section Section 4 2 Con
53. d to generally use the permanent option for WAN links However in case of time limited mobile tariffs the switchover option should be used Settings HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT TCP Maximum Segment Size WAN ul Mane ment The maximum segment size defines ihe largest amount of data of TCP packels usually MTU minus 40 You may decrease AS q the value in case of fragmentation issues or link based limits Settings SuUperision MSS adjustment a enabled Ethernet disabled Port Settings Link Settings IP Settings Maximum segment size 1360 Mobile SIMs Interfaces _ Apply The maximum segment size defines the largest amount of data of TCP packets usually MTU minus 40 You may decrease the value in case of fragmentation issues or link based limits MSS adjustment Enable or disable MSS adjustment on WAN interfaces Maximum segment size Maximum number of bytes in a TCP data segment Connection Supervision The connection supervision is used for switching between several connections if available In addition itis possible set an emergency action for case that no connection is available with maximal down time Actions are e None e Restart link services e Reboot system 26 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Link Supervision WAN a Network outage detection can be performed b
54. ded action which is required before the possible succesful action RACOM s r o MIDGEGPRS UMTS HSPA LTE router 103 Troubleshooting 9 3 Troubleshooting tools 9 3 1 Pinger Connection from the MIDGE router you can check using a build in pinger available in SYSTEM Troubleshooting Network Debugging Traceroute command is availablein the same menu for tracing the packets from the MIDGE router to the Host 9 3 2 Log Files Information about boot up process and about running proceses you can find in Linux like Logfiles menu SYSTEM Troubleshooting Log Files 104 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Safety environment licensing 10 Safety environment licensing 10 1 Safety Instructions The MIDGE MG102 Wireless Router must be used in compliance with any and all applicable interna tional and national laws and in compliance with any special restrictions regulating the utilisation of the communication module in prescribed applications and environments To prevent possible injury to health and damage to appliances and to ensure that all the relevant pro visions have been complied with use only the original accessories Unauthorized modifications or utilization of accessories that have not been approved may result in the termination of the validity of the guarantee The MIDGE MG102 Wireless Routers must not be opened Only the replacement of the SIM card is permitted Voltage at all connectors of t
55. dress from MIDGE Wait a moment until your PC has received the parameters IP address subnet mask default gateway DNS server How to do using Windows XP Start gt Connect To gt Show all connections gt Local Area Connection gt Right Click gt Properties gt Internet Protocol TCP IP gt Properties gt Obtain an IP address automatically RACOM s r o MIDGEGPRS UMTS HSPA LTE router 21 Bench test Step by Step Guide Alternative Instead of using the DHCP configure a static IP address on your PC e g 192 168 1 10mask255 255 255 0 so that it is operating in the same subnet as the MIDGE The factory default IP address is 192 168 1 1 The default subnet mask is 255 255 255 0 c Start a Web Browser on your PC Type the M DGE MG102 IP address in the address bar http 192 168 1 1 Please set a password for the admin user account Choose something that is both easy to remember and a strong password such as one that contains numbers letters and punctuation The password shall have a minimum length of 6 characters It shall contain a minimum of 2 numbers and 2 letters MIDGE Wireless Router e PRACOM Wireless Router Login Please provide user name and password lo log in User name Password 5 4 Basic Setup The MIDGE MG102 Web Manager can always be reached via the Ethernet interface After successful setup Web Manager can also be accessed via the mobile interface Any up to date web browser may be used Any
56. e or port to an internal host By doing so they will expose the service and make it reachable e g from the Internet You may also establish 1 1 NAT to a complete host 44000 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT NAPT Rules Inbound Set This menu can be used lo configure newark address porl translation rules for inbound packets Rules Description Interface Target Redirect to NAPT Rule 1 MOBILE 1 UDP ports 1000 2000 192 168 141 212 Administration Inbound Rules l Outbound Rules erar Description A meaningful description of this rule Incoming interface Interface from which matching packets are received Target address Destination address of matching packets optional Protocol Used protocol of matching packets Ports Used UDP TCP port of matching packets Redirect to Address to which matching packets shall be redirected Redirect port Port to which matching packets will be targeted Outbound Rules Outbound rules will modify the source section of IP packets and can be for instance used for 1 1 NAT HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT SSS NAPT Rules Outbound Firewall lt a This menu can be used to configure metwork address port translation rules for outbound packets Administration mg port pa Rules Description Interface Source Rewrite to NAPT Rule2 MOBILE 1 192 165 141 21
57. e C language will find an environment that is easy to dig in However feel free to contact us via suport racom eu and we will happily support you in finding a programming solution to your specific problem The Language The arena scripting language offers a broad range of POSIX functions like printf or open and provides together with tailor made API functions a simple platform for implementing any sort of applications to interconnect your favourite device or service with the router Here comes a short example This script prints short status and if the SMS section is setted properly the status will be send even to your mobile phone El Pine reyiccale gh A ola Gian fe printe cos status summaryiall printe aa PEINE E Please change the following number to your mobile phone number a nb sms send 420123450789 nb status summary all A set of example scripts can be downloaded directly from the router you can find a list of them in the appendix The manual at menu SERVICES Administration Troubleshootings SDK API gives a detailed introduction of the language including a description of all available functions SDK API Functions The current range of API functions can be used to implement the following features 94 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Web Configuration Send Retrieve SMS Send E mail Read Write from to serial device Control digital input output ports Run TCP UD
58. e Local Network 192 168 141 024 Remote Network Status a a Tunnel 7 10 207 0 123 10 207 0 0 24 down RACOM s r o MIDGEGPRS UMTS HSPA LTE router 91 Web Configuration 7 5 3 PPTP Point to Point Tunnelling Protocol PPTP is a method for implementing virtual private networks between two hosts PPTP is easy to configure and widely deployed amongst Microsoft Dial up networking servers However it is nowadays considered insecure When setting up a PPTP tunnel you would need to choose between server or client HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Tunnel 1 Tunnel 2 Tunnel 3 Tunnel 4 Se PPTP Tunnel 1 Configuration Administration Tunnel Configuration Operation mode gt disabled Client Management client IPsec Administration Tunnel Configuration Server listen address a ANY PPTP E Sa Administration Server address 192 163 141 213 Tunnel Configuration e AA Client address range 192 168 200 10 Dial in Server Username PPTP Password Apply to 192 169 200 13 HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Tunnel 1 Tunnel 2 Tunnel 3 Tunnel 4 wert f E PPTP Tunnel 1 Configuration Administration Tunnel Configuration Operation mode 5 disabled Client Management client o Server IPsec Administration Tunnel Configuration Server address 199 168 141 213 PPTP Usemame PPTP Administration Pas d Tunnel Configuration assword o Dia
59. e last two words on the line Delete the text from point to the end of the line Yank the top of the deleted text into the buffer at point Please note that it can be required to apply quotes when entering commands with arguments con taining whitespaces The following sections are trying to explain the available commands 8 2 Print Help The help command can be used to get the list of available commands when called without arguments otherwise it will print the usage of the specified command gt help Usage help lt command gt Available commands get Get config parameters set Set config parameters status Get status information send Send message or mail update Update system facilities restart Restart service reset Reset system to factory defaults reboot Reboot system RACOM s r o MIDGEGPRS UMTS HSPA LTE router 95 Command Line Interface shell Run shell command help Print help for command no autologout Turm ott auto Logout exit EXE 8 3 Getting Config Parameters The get command can be used to get configuration values not the current values gt get h Usage get hsvlc lt parameter gt lt parameter gt Options generate sourceable output validate config parameter use legacy syntax with amp separator show configuration sections can match a pattern See the following example for reading configuration DIO values gt get dio outl dio outl on gt ge
60. e offers a simple shortcut to only allow secure connections SSH HTTPS for managing the router User Accounts This page lets you manage the user accounts on the device By using this page you can manage the user accounts on the system The standard admin user is a built in power user that has permission to access the Web Manager and other administrative services and is used by several services as default user Keep in mind that the admin password will be also applied to the root user which is able to enter a system shell Any other user represents a user with lower privileges for instance it has only permission to view the status page or retrieve status values when using the CLI HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT User Accounts System Aare The user admin is a built in power user wilh administrative privileges The password defined for admin will also be applied Tima A Ragion to the root user which may be used for SSH or Telnel access Additional users created below have only permission lo System Information access the Dial in PPTP servers and the summary page Restan alae selection User Name Password Password confirmation Authentication Authentication acim User Accounts l ee Tatom heir Remote Authentication nee eee Create a new user File Configuration Automatic File Configuration Manual File Configuration Create Modify Delete Factory Conhguration User name
61. e used to move from one network to another while maintaining a permanent IP address and thus avoiding Extended Routes that running IP sessions including VPN tunnels must be reconnected Bridging i Administrative status node Mobile IP home agent Administration 5 disabled Primary home agent address Secondary home agent address optional Home address SPI 0 Authentication type prefix suffix md5 m Shared secret HEX x Lite time 1800 UDP encapsulation o enabled disabled Mobile network address optional Mobile network mask optional Ex Apply 40 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Web Configuration If MIP is run as node the following settings can be configured Primary home agent address The address of the primary home agent Secondary home agent address The address of the secondary fallback home agent Home address The permanent home address of the node which can be used to address the box SPI The Security Parameter Index SPI identifying the security context between a pair of nodes represented in 8 chars hex Authentication type The used authentication can be prefix suffix md5 or hmacmd5 Shared secret The shared secret used for authentication can be a 128 bit hex or ASCII string Life time The lifetime of security associations UDP encapsulation Specifies whether UDP encapsulation shall be used Mobile network address Optionally specifies a subnet which should be rout
62. eceived the parameters IP address subnet mask default gateway DNS server As an alternative you can configure a static IP address on your PC e g 192 168 1 2 24 so that it is operating in the same subnet as the MIDGE The MIDGE default IP address for first Eth interface is 192 168 1 1 the subnet mask is 255 255 255 0 Start setting up using web browser Open a web browser such as Internet Explorer or Firefox In the address field of the web browser enter default IP address of MIDGE i e http 192 168 1 1 initial screen will appear Follow the instructions and use the MIDGE MG102 Web Manager to configure the device For more datails see chap 7 Web Configuration Fig 1 Router MIDGE UMTS and MIDGE LTE MIDGEGPRS UMTS HSPA LTE router RACOM s r o MIDGE router 1 MIDGE router 1 1 Introduction Although MIDGE wireless routers have been specifically designed for SCADA and telemetry they are well suited to variety of wireless applications MIDGE HW and SW are ready to maintain reliable and secure connections from an unlimited number of remote locations to a central server Both standard Ethernet IP and serial interfaces are available Moreover two digital inputs and two digital outputs can be used for direct monitoring and control of application devices MIDGE versatility is further enhanced by two independent Ethernet ports These can be configured to either support two independent LANs e g LAN and WAN settings or s
63. ed from a DHCP server in the network Thus no further configuration is required RACOM s r o MIDGEGPRS UMTS HSPA LTE router 29 Web Configuration Static configuration allows you to set the IP parameters manually Not only IP address and Subnet mask but Default gateway and at least the Primary DNS server has to be set PPPoE is the preferred protocol when communicating with another WAN access device like a DSL modem User name PPPoE user name to be used for authentic ation at the access device Password PPPoE password to be used for authentica tion at the access device Service name Specifies the service name set of the access concentrator Leave it blank unless you have many services and need to specify the one you need to connect to Access concentrator This may be left blank and the client will name connect to any access concentrator 7 2 3 Mobile SIMs The SIM page gives an overview about the available SIM cards their assigned modems and the current state Once a SIM card has been inserted assigned to a modem and successfully unlocked the card should remain in state ready and the network registration status should have turned to registered You may update the state in order to restart PIN unlocking and trigger another network registration at tempt Configuration A SIM card is generally assigned to a default modem but this may switch for instance if you set up two WWAN interfaces with one modem but
64. ed to the box Mobile network mask The netmask for the optional routed network HOME INTERFACES ROUTING FIREWALL VFN SERVICES SYSTEM LOGOUT Mobile IP Static Routes a Es Mobile IP can be used to move from one network to another while maintaining a permanent IP address and thus avoiding that Extended Routes running IP sessions including VPN tunnels must be reconnected Bridging E Administrative status 5 node Mobile IF w home agent Administration disabled Home network address Home network mask Apply If MIP is run as home agent you will have to set up a home address and netmask first and configure various nodes afterwards which are made up of the following settings Home network address The home address of the network Home network mask The mask for the home network RACOM s r o MIDGEGPRS UMTS HSPA LTE router 41 Web Configuration 7 4 FIREWALL This router uses Linux s netfilter iptables firewall framework see http www netfilter org for more in formation It is set up of a range of rules which control each packet s permission to pass the router Packets not matching any of the rules are allowed by default 7 4 1 Firewall Administration The adminstration page can be used to enable and disable firewalling When turning it on a shortcut can be used to generate a predefined set of rules which allow administration over HTTP HTTPS SSH or TELNET by default but block any other packe
65. een taken in preparing this information RACOM assumes no liability for errors and omissions or any damages resulting from the use of this information This document or the equipment may be modified without notice in the interests of improving the product Trademark All trademarks and product names are the property of their respective owners Important Notice e Due to the nature of wireless communications transmission and reception of data can never be guaranteed Data may be delayed corrupted i e have errors or be totally lost Significant delays or losses of data are rare when wireless devices such as the MIDGE are used in an appropriate manner within a well constructed network MIDGE should not be used in situations where failure to transmit or receive data could result in damage of any kind to the user or any other party including but not limited to personal injury death or loss of property RACOM accepts no liability for damages of any kind resulting from delays or errors in data transmitted or received using MIDGE or for the failure of MIDGE to transmit or receive such data e Under no circumstances is RACOM or any other company or person responsible for incidental accidental or related damage arising as a result of the use of this product RACOM does not provide the user with any form of guarantee containing assurance of the suitability and applicability for its application e RACOM products are not developed designed or teste
66. ented in this user s manual 10 1 1 Declaration of Conformity comply with the relevant standards following the provisions of the Council Directive C E Racom declares that under our own responsability the products MIDGE Wireless Routers 1999 5 EC RACOM s r o MIDGEGPRS UMTS HSPA LTE router 105 Safety environment licensing 10 1 2 ROHS and WEEE compliance RoHS The MIDGE is fully compliant with the European Commission s RoHS Restriction of i Certain Hazardous Substances in Electrical and Electronic Equipment and WEEE compliant Waste Electrical and Electronic Equipment environmental directives Restriction of hazardous substances RoHS The RoHS Directive prohibits the sale in the European Union of electronic equipment containing these hazardous substances lead cadmium mercury hexavalent chromium polybrominated biphenyls PBBs and polybrominated diphenyl ethers PBDEs End of life recycling programme WEEE In accordance with the requirements of the council directive 2002 96 EC on Waste Electronical and Electronic Equipment WEEE ensure that at end of life you separate this product from other waste and scrap and deliver it to the WEEE collection system in O your country for recycling 10 2 Warranty RACOM supplied parts or equipment equipment is covered by warranty for inherently faulty parts and workmanship for a warranty period as stated in the delivery documentation from the date of dispatch
67. fact that factorization of large tion integers is difficult DSS DSA An encryption algorithm based on the discrete logarithm problem 90 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration Phrase A password used for protecting keys A single certificate can obtain the following ASN 1 attributes CN The certificate owner s common name mainly used to identify a host C The certificate owner s country usually a TLD abbreviation ST The certificate owner s state L The certificate owner s location C The certificate owner s country O The certificate owner s organization OU The name of the organizational unit to which the certificate issuer belongs E The certificate owner s email address Those attributes form a so called subject name mainly used for matching a certificate or when signing certificate requests Subject C CZ ST Czech Republic L Czech Republic O RACOM OU Networking CN midge emailAddress support racom eu Depending on your configuration keys and certificates may be used for particular services for instance if OpenVPN uses a certificate based authentication or if you want to access the Web Manager over HTTPS Please note that an accurate system time is needed prior to creating certificates as it influences the lifetime of a certificate The validity period is usually set to 10 years You can further revoke and invalidate client certificates again for instance if they have been compromised or lost
68. figuration The router supports a single server tunnel and up to 4 client tunnels You can specify tunnel parameters in standard configuration or upload an expert mode file which has been created in advance Refer to section OpenVPN Client Management to learn more about how to manage clients and generate the files Operation mode Choose client or server mode for this tunnel 46 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT OpenVPN Administration Tunnel Configuration IPsec Administration Configuration PPTP Server Dial in Server Client Mode Primary server address Primary server port Tunnel 1 Tunnel 2 Tunnel 4 Tunnel 1 Configuration Operation mode disabled client e standard server expert Primar server address Primary server port 1104 Secondary server address optional Secondary server port 1194 optional Type tun Network mode a routed bridged Interface LANI E Cipher BF CBC Use compression 52 Use keepalive F Redirect gateway E Protocol udp Authentication Apply _ Secondary server address Secondary server port Type Network mode Cipher Use compression Use keep alive Redirect gateway certiticate based credential based none Primary OpenVPN server address for clients OpenVPN server port 1194 by default Secondary OpenVP
69. g and resolving Restart your problem Authentication ES Authentication Jenna User Accounts Remote Authentication Software Update Manual Sofware Update Automatic Sofware Update Configuration Manual Fie Configuration Automatic File Configuration Factory Configuration Troubleshooting Network Debugging System Debugging Tech Support a e ne RACOM s r o MIDGEGPRS UMTS HSPA LTE router 89 Web Configuration 7 7 6 Keys amp Certificates The key and certificate page lets you generate required files for securing your services such as the HTTP and SSH server Keep in mind that you will need to create keys and certificates for OpenVPN in case of certificate based authentication You can also revoke and invalidate certificates again for instance if they have been compromised or lost HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Root CA ss OpenVPN 1 am Root CA Settings Time amp Region Root CA certificate View System Information Root CA key ae Non Y JEY Restart Authentication Authentication Erase User Accounts Remote Authentication Software Update 4 ad 42 16 ea fa ad e3 37 52 5f 43 ee da c7 gt 09 0e4 0e 09 11 42 3f d8 c5 79 dc 76 d68 98 ba 8b d3 1f f6 95 3d 2b 86 e3 95 d7 11 db 95 ce 3280 a6 b0 21 33 13 1a 1f8 85 6b 30 34 10 4f 6d 47 ica 97 f6 7e fe b4 b9 3c 3a 6f 3d 57 c4 d2 42 dc 5e f2 01 c6 66 dd 04 28 92 09 5c 1f d8 Manual Software Update Automatic Soft
70. gged out System reboot has been triggered System has been started SDK has been started SMS has been sent SMS has been received SMS report has been received A GSM call is coming in Outgoing GSM call is being established Dynamic DNS update succeeded Dynamic DNS update failed USB storage device has been added USB storage device has been removed System time has been updated test event This page lets you turn the SMS event notification service on and enable remote control via SMS Administration On RACOM routers it is possible to receive or send short messages SMS over each mounted modem depending on the assembly options Messages are received by querying the SIM card over a modem 68 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration so prior to that the required assignment of a SIM card to a modem needs to be specified on the SIMs page Please bear in mind in case you are running multiple WWAN interfaces sharing the same SIM that the system may switch SIMs during operation which will also result in different settings for SMS com munication Received messages are pulled from the SIMs and temporarily stored on the router but get cleared after a system reboot Please consider to consult an SDK script in case you want to process or copy them Sending messages heavily depends on the registration state of the modem and whether the provided SMS Center service works and may fail You may use the sms rep
71. gt status dio DIGITAL IO INFORMATION INL IN2 OUTI GUTZ 8 6 Sending E Mail or SMS The send command can be used to send a message via E Mail SMS to the specified address or phone number gt send h Name cli send Send message or mail Usage send h lt type gt lt dest gt lt msq gt OC ELOnS lt type gt type of message to be sent mail or sms RACOM s r o MIDGEGPRS UMTS HSPA LTE router 97 Command Line Interface lt dest gt lt msg gt destination of message mail address or phone number message to be sent 8 7 Updating System Facilities The update command can be used to perform various system updates gt update h Usage update hr lt software config license sshkeys gt lt URL gt Options reboot after update Available actions software contig license sshkeys Perform software update Update configuration Update licenses Install SSH authorized keys You may run update software latest to install the latest version 8 8 Restarting Services The restart command can be used to restart system services gt restart h Usage restart h lt service gt Available services link manager WAN links wwan manager WWAN manager wlan WLAN interfaces network Networking dnsmasq DNS DHCP server configd Configuration daemon firewall Firewall and NAPT lighttpd HTTP server openvpn OpenVPN connections 1psec IPsec connections pptp PPTP connections
72. he communication module is limited to SELV Safety Extra Low Voltage and must not be exceeded For use with certified CSA or equivalent power supply which must have a limited and SELV circuit output The MIDGE MG102 is designed for indoor use only Do not expose the communication module to extreme ambient conditions Protect the communication module against dust moisture and high temperature We remind the users of the duty to observe the restrictions concerning the utilization of radio devices at petrol stations in chemical plants or in the course of blasting works in which explosives are used Switch off the communication module when traveling by plane When using the communication module in close proximity of personal medical devices such as cardiac pacemakers or hearing aids you must proceed with heightened caution If it is in the proximity of TV sets radio receivers and personal computers M DGE MG102 Wireless Router may cause interference It is recommended that you should create an approximate copy or backup of all the important settings that are stored in the memory of the device You must not work at the antenna installation during a lightning Always keep a distance bigger than 40cm from the antenna in order to keep your exposure to electro magnetic fields below the legal limits This distance applies to Lambda 4 and Lambda 2 antennas Larger distances apply for antennas with higher gain Adhere to the instructions docum
73. he device to factory defaults Your current configuration will be lost This procedure can also be initiated by pressing and holding the Reset button for at least five seconds A successfully initiated factory reset can be noticed by all LEDs being turned on Factory reset will set the IP address of the first Ethernet interface back to 192 168 1 1 You will be able to communicate again with the device using the default network parameters You may store the currently running configuration as factory defaults which will reside active even when a factory reset has been initiated e g by your service staff Please ensure that this corresponds to a working configuration A real factory reset to the default settings can be achieved by restoring the ori ginal factory configuration and initiating the factory reset again 84 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT System settings Time amp Region System Information Restart Authentication Aulhentication User Accounts Remote Authentication Software Update Manual Software Update Automatic Software Update Configuration Manual File Configuration Aulomatic File Configuration Factory Configuration Factory Default Configuration You may store the currently running configuration as factory defaults which will reside active even when a factory reset has been initiated Store Ini
74. he packet Specifies the target interface or gateway to where the packet should get routed to Information about bridge status RACOM s r o MIDGEGPRS UMTS HSPA LTE router 39 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Curent Bridging Status Static Routes Bridge Interface Members Extended Routes LAN ETH1 Bridging ETH2 Mobile IF Ea Administration tempan 7 3 4 Mobile IP Mobile IP MIP can be used to enable a seamless switch between different WAN technologies Note A valid license key is required for running Mobile IP It boasts with very small outages during switchover while keeping all IP sessions alive which is being accomplished by communicating with the static public IP address of a home agent which will encapsulate the packets and send them further to the router Switching works by telling the home agent that the hotlink address has changed the agent will then re route that means encapsulate the packets with the new target address the packets transparently down to the box Our implementation supports RFC 3344 5177 3024 and 3519 and interoperability with Cisco has been verified However MIDGE routers can run as node and home agent which makes them able to replace expensive kits in the backbone for smaller scenarios HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Mobile IP Static Routes ae ne Mobile IP can b
75. implicitly defined on the serial port TCP or Telnet Configuration Port Time out HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT WAN Link Management Settings Supervision Ethernet Port Settings Link Settings IP Settings Mobile SIMs Interfaces USB Serial Port Digital WO UDP Configuration Local Port The TCP port that is used by this application Time out Administration Server Configuration Protocol on IP port UDP raw Protocol on serial port Serial raw UDP Configuration Local Port 2000 Remote IP 10 202 0 103 Remote Port 2000 Max Packet Size 1380 Max Packet Timeout 3000 Max Latency Timeout 10 Local UDP port RACOM s r o MIDGEGPRS UMTS HSPA LTE router Port Settings milliseconds in 10ms steps milliseconds in 10ms steps 35 Web Configuration Remote IP Remote Port Max Packet Size Max Packet Timeout Max Latency Timeout IP address of remote UDP port of remote Max lenght of packet If data is received on the serial line waits for more data for the configured time to prevent segmentation which would lead to inefficiency Limits the maximum latency if the above criteria are not fulfilled Conditions of sending a UDP packet to the Remote IP address Remote port e The serial data are comming with longer inter packet deley than Max Latency Timeout packet will be closed and send out to specified Remote IP address e
76. imply connect two devices within one LAN effectively replacing an Eth switch M DGE software is based on proven components including an Embedded Linux operating system and standard TCP IP communication protocols Combining MIDGE with an MG102 two SIM router in one network is quite straightforward because of fully compatible interface settings and behaviour on all HW interfaces Thanks to the compact size and versatility of MIDGE wireless routers prove indispensable in many SCADA and telemetry as well as POS ATM lottery and security surveillance applications MIDGE together with RACOM RipEX radio router offers an unrivalled solution for combining GPRS and UHF VHF licensed radio in a single network Even a single RipEX in the centre of a MIDGE network allows for efficient use of addressed serial SCADA protocols 1 2 Key Features Mobile Interface Parameters e Mobile Connection HSDPA HSUPA UMTS EDGE GPRS GSM and LTE e Global connectivity e Transparent hand over between 2G and 3G MIDGE UMTS or 2G 3G and 4G M IDGE LTE Power supply e Redundant dual power input pins e Input voltage 10 2 57 6 VDC e Max power consumption 5 W Services Networking e Fallback Management e Connection supervision e Automatic connection recovery e OpenVPN IPsec PPTP NAPT e VRRP e DHCP server DNS proxy server DNS update agent e Telnet server SSH server Web server e NTP e COM server Modbus gateway e Port Forwarding e Fire
77. io in1 on dio in2 on dio in1 off dio in2 off dio out1 on dio out2 on dio out1 off dio out2 off gps up gps down openvpn up openvpn down Ipsec up WAN link came up WAN link went down DIO IN1 turned on DIO IN2 turned on DIO IN1 turned off DIO IN2 turned off DIO OUT1 turned on DIO OUT2 turned on DIO OUT1 turned off DIO OUT2 turned off GPS signal is available GPS signal is not available OpenVPN connection came up OpenVPN connection went down IPsec connection came up RACOM s r o MIDGEGPRS UMTS HSPA LTE router Description A GSM call is coming in Outgoing GSM call is being established Dynamic DNS update failed Dynamic DNS update succeeded Dial ln connection went down Dial in connection came up DIO 141 tumed off DIO 1M1 turned on DIO IN tumed off 67 Web Configuration ipsec down pptp up pptp down dialin up dialin down mobileip up mobileip down system login failed system login succeeded system logout system rebooting system startup sdk startup sms sent sms received sms report received call incoming call outgoing ddns update succeeded ddns update failed usb storage added usb storage removed system time updated test 7 6 7 SMS IPsec connection went down PPTP connection came up PPTP connection went down Dial In connection came up Dial In connection went down Mobile IP connection came up Mobile IP connection went down User login failed User login succeeded User lo
78. irectory of a FAT16 32 tormatted stick Port Settings Link Settings For authentication autorun key download IP Settings Running a script autorun sft Mobile SIMs Performing a software update Sw updare img Interfaces Loading a configuration update cfy lt SERIAL gt zip of efg zip oe Administrative status inistrative status en se al Port disabled Digital O Apply Enable auto run feature Enable or disable auto run feature The autorun key file must hold valid access keys to perform any actions when the storage device is plugged in The keys are made up of your admin password They can be generated and downloaded You may also define multiple keys in this file line after line in case your admin password differs if applied to multiple MIDGE routers RACOM s r o MIDGEGPRS UMTS HSPA LTE router 39 Web Configuration Device Server HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Autorun WAN Link Management mi Satlings USB Device Server Superision The USB device server can be used to access attached USB devices over TCP IP Ethernet Link Settings gt disabled IP Settings Mobile Sis USB IP Devices Interfaces ld Manufacturer Device Type Attached USB Appl Refresh ame Se Apply As soon as the USB device server has been enabled you can refresh the discovered USB devices plugged in and attach them to the USB IP server Enabled device can now be exported to a remote host You
79. l Remote Access Service Dial in Networking PPP Restriction of hazardous substances Subscriber Identity Module Software Transmission Control Protocol Trivial File Transfer Protocol User Datagram Protocol Universal Mobile Telecommunications System Universal Resource Locator Virtual Private Network Waste Electrical and Electronic Equipment environmental directives MIDGEGPRS UMTS HSPA LTE router RACOM s r o Index A accessories 19 antenna GSM UMTS 21 mounting 23 autentication 80 B basic setup 22 C certificates 90 CLI 94 client e mail 65 Command Line Interface 94 configuration 24 conformity 105 connecting MIDGE 21 connectors Antenna SMA 12 ETH RJ45 13 screw terminal 13 USB 13 D declaration of conformity 105 demo case 20 digital I O 37 dimensions 12 dynamic DNS 64 E e mail 65 ethernet 27 event manager 66 F F bracket 19 factory reset 84 features 17 key features 7 file configuration 83 firewall 42 G glossary 107 grounding 23 H home 24 implementation notes 11 indication LEDs 15 information system information 78 installation 23 interfaces 25 IPsec 49 K keys 90 L LAN cable 21 LED 15 licensing 91 logout 93 menu firewall 42 home 24 interfaces 25 logout 93 routing 38 services 54 system 77 troubleshooting 85 VPN 46 mobile 30 models 19 O offerings 19 P power supply 23 connect
80. l in Server Apply A client tunnel requires the following paramters to be set Server address The address of the remote server Username The username used for authentication Password The password used for authentication 92 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Web Configuration 7 5 4 Dial in Server On this page you can configure the Dial in server in order to establish a data connection over GSM calls Thus one would generally apply a required service type of 2G only so that the modem registers to GSM only Naturally a concurrent use of mobile Dial Out and Dial In connection is not possible Note O The Dial in Server is not supported by the MIDGE MG102i LTE hardware HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Dial in Server Configuration OpenVPN Administration Administrative status enabled Tunnel Configuration a disabled Client M vent len anagemen Modem Mobilet dd Address range start 192 168 254 1 Administration Tunnel Configuration Address range size 3 PPTP Administration Tunnel Configuration Dial in Server Dial in Server Status Operational status disabled Administrative status Enabled disabled incoming call shall be shall not be answered Modem Specifies the modem on which calls can come in Address range start Start address of range of clients connecting to the dial in server Address range size Number of client addresses connecting to the
81. ll routing entres of the system which can consist of active and configured ones The flags are as follows Ajctive Persistent Host Route Njetwork Route Default Route Netmasks can be specified in CIDR notation Destination Netmask Gateway Interface Metric Flags 192 168 2 0 255 255 255 0 0 0 0 0 LAN 0 AN 10 64 64 64 299 299 259 259 0 0 0 0 WVAN g AH m 0 0 0 0 0 0 0 0 10 64 64 64 WWAN1 0 AD Y 172 16 0 0 255 255 0 0 192 166 131 254 LAN fo PN BB Destination network or host provided by IP addresses in dotted decimal Subnet mask which forms in combination with the destination the network to be addressed A single host can be specified by a netmask of 255 255 255 255 a default route corresponds to 0 0 0 0 The next hop which operates as gateway for this network can be omitted on peer to peer links Network interface on which a packet will be transmitted in order to reach the gateway or network behind The routing metric of the interface default 0 The routing metric is used by routing protocols higher metrics have the effect of making a route less favourable metrics are counted as additional costs to the destination network A ctive P ersistent H ost Route N etwork Route D efault Route The flags obtain the following meanings Active The route is considered active it might be inactive if the interface for this route is not yet up Persistent The route is persistent which means it is a configured ro
82. me Current system time 2013 05 07 08 11 04 Set time Time Synchronisation NTP server 10 202 0 1 NTP server 2 optional 10 203 0 1 Sync time from GPS Time zone Time zone UTC 01 00 Central Europe hi Daylight saving changes Fil Apply Sync It is possible set time manually the time shall be lost after a restart Host name of NTP server Host name of an optional second NTP server Time zone This option can be used to reflect daylight saving changes e g switching from summer to winter time depending on the selected time zone Sync will perform the time synchronisation immediatelly System Information System information page displays various details of your MIDGE Update of the page takes several seconds 78 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Modules Software System Settings Time amp Region System Information i iio aca tb Product name Wireless Router Restart Product type MIDGE Authentication Hardware version V2 3 Authentication User Accounts Serial number 000249PFCO32E Remote Authentication RAM 64 MB 22 79 MB free Software Update Flash 128 MB 22 36 MB available Manual Software Update System time 2012 11 30 00 38 53 Automatic Software Update J Uptime 6 31 Configuration Load average 0 01 0 03 0 08 Manual File Configuration Bittarmahe File HOME INTERFAC
83. ment SMS CONTROL SMS CONTROL SIMS RECEIVED E Testing A 0 DHCP Server DHS Server DynDNS HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Scripts Triggers sl has A Edit Script Administration Job Management Mame SMS CONTROL Testing Description SMS CONTROL DHCP Server Arguments DNS Server Action edit DynDNS F ad E mail select Events sms control are example ll SMS This script will execute commands received by SMS S5H Telnet Server SNMP Agent Apply Web Server RACOM s r o MIDGEGPRS UMTS HSPA LTE router 99 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT scripts SDK E Edit Tigger Administration 39 Job Management Name SMS RECEIVED Testing ee ee DHCP Server Type time based DNS Server a event based DNS A z E Isms received E mail Events Apply SMS sms received sms report received SoH Telneat Server ems sent oie system login failed ONMP Agent a system login succeeded Web Server system logout a system rebooting E Redundancy system startup teat This page can be used to set up scripts triggers and jobs It is usually a good idea to create a trigger first which is made up by the following parameters Name A meaningful name to identify the trigger Type The type of the trigger either time based or event based Condition Specifies the time condition for time based trigger
84. nal measurement complete application bench test or a functional demostration of both radiomodems and the 3G router During a field test units can be powered from the backup battery and external antenna can be connected to one of the RipEX units through the N connector on the case Fig 4 8 Demo case Contents e Brackets and cabling for installation of three RipEXes and one MIDGE units are not part of the delivery e 1x power supply Mean Well AD 155A 100 240 V AC 50 60 Hz 13 8 V DC e 1x Backup battery 12V 5Ah FASTON 250 e g Fiamm 12FGH23 e 1x Power cable European Schuko CEE 7 7 to IEC 320 C13 e 1x Ethernet patch cable 3 m UTP CAT 5E 2x RJ 45 e Quick start guide RipEX accessories e 3x Dummy load antennas e 1x L bracket 1x Flat bracket samples e 1x Fan kit e 1x X5 ETH USB adapter MIDGE accessories e Whip antenna 900 2100 MHz 2 2 dBi vertical e Externel dimensions 455 x 365 x 185 mm e Weight approx 4 kg excluding RipEXes and MIDGE 20 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Bench test Step by Step Guide 5 Bench test Step by Step Guide Before starting to work with the HW please be sure that you have a SIM card enabled for data and you have all the necessary information from the mobile operator PIN APN login passwd 5 1 Connecting the hardware 5 1 1 Install the SIM card Insert a SIM card into the SIM socket If the router has two SIM card sockets use the first one
85. nectors 7 2 1 WAN Link Management The item available in WAN Link Manager matches with enabled WAN interfaces for edding an item you have to set respective WAN interface e g Ethernet Mobile The priority you can change using arrows on the right side of the window HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT WAN Link Management pc al This list can be used to define and prioritize your WAN links a E In case a link goes down the system will automatically switch over to the next link in the priority list You can configure ge each link to be either established when the switch occurs or permanently in order to minimize link downtime Supenision Priority Interface Establishment Mode Ethemet ae Port Settings pa Sn permanent 4 Link Settings IP Settings ma WAWAN permanent E Mobile SIMs Apply 1st priority This link will be used whenever possible 2nd priority The first fallback technology You can keep it ready faster or establish it only when the fallback actually occurs Up to four priorities shall be used RACOM s r o MIDGEGPRS UMTS HSPA LTE router 25 Web Configuration Links are being triggered every 5 seconds and put to sleep for 30 seconds in case it was not possible to establish them within 30 seconds Hence it might happen that permanent links will be dialed in background and as soon as they got established replace lower priority links again We recommen
86. nnnnnnnnnnnnnnnnnanennncanenanennnons 12 4 2 ANENA CONNECTIONS S MA ile io 12 13 2 EAM re 40 UG DIA AUMDEANO api apa 13 44 USB CONNECCION ur ds 13 A o TO o Guvinaied sieashewnteuke swnerdouvantean sd wenousde ui Savaneae 14 A Or oe A a heats cuca o dea soeetetedaes a aa 15 Are A a ae rn ete ee eee 19 O Demo Case nl eisial 20 OGORIN O AR E E E E EE Eaa 23 List of Tables 4 1 Pin assignment Ethernet Interface oocococccconncocnoccnccocncnonnncnnnoncnonanonnnnonannnonnnonnnonaninnnnnnanoss 13 Ez USB Oils GES ChlOUlOM sit da 13 4 3 Pin assignment of screw terminal oocccccnccccnccccncocncconncnanocnnnnnonononnnnnnnonannnnnnnnnnnonannnnnnonaninnans 14 AA IO a INP VOS tl toco 14 os Digtal outputs Daramettes naa 14 4 6 MIDGEs interfaces and status indicators oocconcccoccconcconcconoconoconoonnnonnonononononononanonanonannnonnos 16 417 Technical SPECI CANONS ii A lid 18 4 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Important Notice Important Notice Copyright 2013 RACOM All rights reserved Products offered may contain software proprietary to RACOM s r o further referred to under the ab breviated name RACOM The offer of supply of these products and services does nat include or infer any transfer of ownership No part of the documentation or information supplied may be divulged to any third party without the express written consent of RACOM Disclaimer Although every precaution has b
87. not set 16 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Product 4 4 Technical specifications RACOM s r o MIDGEGPRS UMTS HSPA LTE router 17 Product Tab 4 7 Technical specifications Multimode HSDPA HSUPA UMTS EDGE GPRS and GSM 3G UMTS HSDPA HSUPA UMTS 850 900 1900 2100 MHz 2G EDGE GPRS GSM 850 900 1800 1900 MHz Data rates max 7 2 Mbps downlink 5 76 Mbps uplink Mobile Interface UMTS Multimode LTE HSPA UMTS EDGE GPRS GSM 4G LTE 800 900 1800 2100 2600 MHz Mobile Interface LTE 3G UMTS HSPA 900 2100 MHz 2G GSM GPRS EDGE 900 1800 1900 MHz Data rates up to 100 Mbps downlink 50 Mbps uplink Ethernet 2x Ethernet 10 100 Base T Auto MDX 2x RJ45 bridged or routed Serial Interface 1x 3 wire RS232 on 15 pin screw terminal block ae 0 5 6 VDC level 0 2 digital inputs 7 2 40 VDC level 1 maximum voltage 40 VDC Relay outputs 1 NO 2 NC Digital 1 0 Limiting continuous current 1 A 2 digital outputs Max switching voltage 60 VDC 42 VAC Vrms Maximum switching capacity 60 W on 15 pin ter minal block a USB host interface supporting memory devices USB service interface USB type A connector Antenna Interface Input voltage 10 2 57 6 VDC 12 48 VDC 15 20 Power Supply Rx max 3 2 W Power consumption Tx max 5 W For indoor use only IP40 Metal casing DIN rail mounting kit included e Temperature range 25 to 70 C 13 to 158 F Environmental
88. omatically from your SIM card but you may define a fix number here Network This page provides information about the current network status signal strength and the Local Area Identifier LAI to which the modem has been registered An LAI is a globally unique number that identifies the country network provider and LAC of any given location area It can be used to force the modem to register to a particular mobile cell in case of competing stations You may further initate mobile network scan for getting networks in range and assign a LAI manually Query This page allows you to send a Hayes AT command to the modem Besides the 3GPP conforming AT command set further modem specific commands can be applied which can be provided on demand Some modems also support to run Unstructured Supplementary Service Data USSD requests e g for querying the available balance of a pre paid account RACOM s r o MIDGEGPRS UMTS HSPA LTE router 31 Web Configuration WWAN Interfaces This page can be used to manage your WWAN interfaces The resulting link will pop up automatically on the WAN Link Management page once an interface has been added The Mobile LED will be blinking during the connection establishment process and goes on as soon as the connection is up Refer to the troubleshooting section or log files in case the connection did not come up The following mobile settings are required Modem The modem to be used for this WWAN interface
89. on Timeout 30 Software Update Manual Software Update Automatic Software Update Start Configuration Manual File Configuration Automatic File Configuration Factory Configuration Troubleshooting Network Debugging system Debugging Tech Support HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Network Debugging System Settings Time 4 Region System Information Restart tcpdump listening on wwan link type LINUX_SLL Linux cooked capture size 1500 bytes 14 packets received by filter Authentication packets dropped by kernel Authentication User Accounts Remote Authentication Captured 14 packets ping traceroute tcpdump darkstat Software Update anual Software Update Automatic Sofware Update Configuration danual File Configuration Automatic File Configuration Factory Configuration Troubleshooting Run again Download Network Debugging system Debugging Tech Support 86 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration graphs ost Graphs lan0 Running for 35 secs since 2012 11 30 16 08 19 UTC 0000 Total 64 115 bytes in 170 packets 227 captured 0 dropped in M min 0 1 KB s avg 0 2 KB s max 3 2 KB s in min 0 2 KB s avg 0 0 KB s max 0 2 KB s out E min 0 1KB s avg 0 9 KB s max 10 2 KB s out E min 0 9 KB s avg 0 0 KB s max 0 9 KB s in min 0 0 KB s ava 0 0 KB s max 0 0 KB s in min 0 0 KB s avg 0 0 KB s m
90. ort received event to figure out whether a message has been successfully sent Please do not forget that modems might register roaming to foreign networks where other fees may apply You can manually assign a fixed network by LAI in the SIMs section The relevant page can be used to enable the SMS service and specify on which it should operate HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Administration Routing Status Testing SDK Administration Job Management Administrative status enabled PeR 5 disabled DHCP Server Enabled modems Y Mobile1 SMS Administration DNS Server Apply DynDNS E mail Events SMS S5H Telnet Server SMS notification Sending SMS can be enabled or disabled Disabling sending SMS means that no notification via SMS will be performed SMS control Receiving SMS can be enabled or disabled Disabling receiving SMS means that controlling MIDGE via SMS will not be possible Routing amp Filtering By using SMS routing you can specify outbound rules which will be applied whenever message are sent On the one hand you can forward them to an enabled modem For a particular number you can for instance enforce messages being sent over a dedicated SIM RACOM s r o MIDGEGPRS UMTS HSPA LTE router 69 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Administration Status Testing rok l OMS Routing Administration Job
91. pa WANLINK1 TYPE string 4 wwan WANLINK1 DIAL FAILURES string 1 0 WANLINK1 REGISTRATION STATE stringl23 registeredInHomeNetwork WANLINK1 SIM Srring 4 2 SIMIL WANLINK1 INTERFACE string 5 wwan0 WANLINK3 STATE string 8 disabled WANLINK1 SIGNAL STRENGTH SUING o e S15 WANLINK4 STATE string 8 disabled WANDINK STATE Stringi disabled RACOM s r o MIDGEGPRS UMTS HSPA LTE router 55 Web Configuration In combination with the nb_config_set function it is possible to start a re configuration of any parts of the system upon status changes You may query possible sections and parameters again with the CLI cli get c network Showing configuration sections matching network network link network hostname network lanInterface network wlanInterface network wanInterface network DNS network DHCP network NTP network timezone network MSS cli get c network NTP Showing configuration sections matching network NTP network NTP status network NTP server network NTP serverZ network NTP gpstime Running the CLI in interactive mode you will be also able to step through possible configuration para meters by the help of the TAB key Here is an example how one might adopt those functions Check the current NTP server and set it to the IP address 192 168 0 2 and enable the NTP synchronization el printf The NTP server was previously using IP address
92. particular networks towards the server Finally you can generate and download all expert mode files to easily populate each client HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Networking Routes Cownload OpenVPN 3 a EA Client Management Administration Tunnel Configuration Enabled Client Connection info Chent Management RTUZid not connected IPSEC 5 A 476 not connected Administration E RTU176 Configuration l j clienta PPTP Server E Clienta Dial ln Server F Clients E Client C Client E Clients E Client E cl enti Apply Refresh 7 5 2 IPsec IPsec is primarily used for securing Internet communications by authenticating and or encrypting IP packets within a data stream IPsec includes various cryptographic protocols and ciphers for key ex change and data encryption and can be seen as one of the strongest VPN technologies in terms of security Administration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT IPsec Administration OpenvPH Administration IPsec administrative status ia enabled Tunnel Configuration disabled Propose NAT traversal IPsec P w Administration Configuration Apply PPTP Server IPsec Status Dial in Server Tunnel 1 Tunnel is down Tunnel 2 disabled Tunnel 3 disabled Tunnel 4 disabled RACOM s r o MIDGEGPRS UMTS HSPA LTE router 49 Web Configuration IPsec administrative status Propose NA
93. ponds to the daemon managing the scripts and their operations and thus avoiding any harm to the system In terms of resources it will limit CPU and memory for running scripts and also provide a pre defined portion of the available flash storage You may however extend it by external USB storage or depending on your model SD cards Files written to tmp will be hold in memory and will be cleared upon a restart of the script As your scripts operate in the sandbox you will have no access to tools on the system such as ifconfig Administration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Status Troubleshooting Sai SDK Administration Administration Job Management This kit provides a sandbox environment for running system jobs by means of self scnpted applications Tasting DHCP Server Administrative status o enabled disabled DNS Server Ema Maximum flash usage 3 3 15 MB Events Apply SMS RACOM s r o MIDGEGPRS UMTS HSPA LTE router 57 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT SDK Administration Job Management Testing DHCP Server DNS Server DynDNS E mail Events SMS SSH Telnet Server Administration Status Troubleshooting SDK Status SDK environment is active Finished Jobs Job Started Ended Exit Code SMS CONTROL 2012 11 29 17 53 00 2012 11 29 17 53 00 0 Clear Running Jobs There is no job currently
94. rk where range is defined by service provider sometimes including individual addresses even in the case of a private APN Consequently a mechanism of translation between SCADA and the IP addresses is required To make matters worse IP addresses may be assigned to GPRS EDGE UMTS etc devices dynamically upon each connection Please read the application note SCADA applications and MIDGE MG102 which describes how to efficiently solve this problem using RACOM routers 3 3 Centre of the network In every network the centre plays a key role and has to be designed according to customer s require ments Several possible solutions are described in the application note MIDGE MG102 CENTRE Application note 3 4 VPN tunnels security of customer s data arriving through the mobile network is often very important Private APN is the basic security requirement but not safe enough for such applications VPN tunnels solution is closely connected with the centre The solution is mentioned in application note MIDGE MG102 CENTRE Application note details for the elemental solution are described in the application note SCADA applications and MIDGE MG102 http hnilux racom cz 3004 download hw midge free cz midge app en pdf 2 http hnilux racom cz 3004 download hw midge free cz midge app en1 pdf y nttp nnilux racom cz 3004 download hw midge free cz midge app en1 pdf http nnilux racom cz 3004 download hw midge free cz midge
95. rnal antennas the surge protection of coaxial connection would be required Note Be sure that the antenna was installed according to the recommendation by the antenna producer and all parts of the antenna and antenna holder are properly fastened 6 3 Grounding Grounding screw has to be properly connected with cabinet grounding using a copper wire with minimal cross section of 4 mm Power 12 48V 7 Fig 6 1 Grounding 6 4 Power Supply MIDGE can be powered with an external power source capable of voltages from 10 to 55 Volts DC MIDGE should be powered using a certified CSA or equivalent power supply which must have a limited and SELV circuit output MIDGE is equipped with dual power supply connector it is possible to use two independent power supplies even with different voltage The ground terminals are connected together and they are con nected with the box grounding as well RACOM s r o MIDGEGPRS UMTS HSPA LTE router 23 Web Configuration 7 Web Configuration 7 1 HOME This page gives you a system overview lt helps you when initially setting up the device and also functions as a dashboard during normal operation MIDGE MIDGE EP RACOM HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Summary AVANT Connection Summary Description Administrative Status Operational Status Hotlink LANI LANA enabled up WANT enabled up OpenVPN disabled inactive IPsec disable
96. rtual gateway address 76 Redundancy Administrative status 2 enabled disabled jas master VID J 00 q Interface LAN Virtual gateway address 1192 168 2 10 Apply Administrative status Role of this system either master or backup The Virtual Router ID you can theoretically run multiple instances Interface on which VRRP should be performed Virtual gateway address formed by the participating hosts MIDGEGPRS UMTS HSPA LTE router RACOM s r o 7 7 SYSTEM 7 7 1 System Settings System Settings Time amp Region System Information Restart Authentication Authentication User Accounts Remote Authentication Sofware Update Manual Sofware Update Automatic Software Update Configuration Manual File Configuration Automatic File Configuration Factory Configuration Troubleshooting Network Debugging System Debugging Tech Support Keys amp Certificates Licensing Local host name Syslog redirect address LED Settings Time amp Region Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT System Settings Local hostname ma Syslog redirect address Syslog max filesize 1024 max 15360 kB Reboot delay 3 seconds LED Settings Banks to be displayed top 2 bottom bath toggle mode Apply The local host name of the system The host where system log messages should be forwarded to You can use for example
97. s Available services can be retrieved by running command restart arg0 h Examples RACOM s r o MIDGEGPRS UMTS HSPA LTE router 101 Command Line Interface http 192 168 1 1 cli php version 2 amp o0utput html amp usr admin amp pwd admin014command restart argU h http 192 168 1 1 cli php version 2 amp o0utput html amp usr admin amp pwd admin01l command restart amp arg0 link manager reboot Trigger system reboot Key usage command reboot Examples http 192 168 1 1 cli php version 2 amp o0utput html amp usr admin amp pwd admin01 amp command reboo reset Run factory reset Key usage command reset Examples http 192 168 1 1 cli php version 2 output html usr admin pwd admin01 amp command reset update Update system facilities Key usage command update arg0 lt facility gt amp argl lt URL gt NOTES 4 Available facilities can be retrieved by running command update amp argQ h Examples http 192 168 1 1 cli php version 2 output html usr admin amp pwd 127 admin01l command update arg0 software argl tftp 192 168 1 254 latest http 192 168 1 1 cli php version 2 amp o0utput html amp usr admin amp pwd admin01l command update arg0 configsargl tftp 192 168 1 254 user cont1g Zz1p http 192 168 1 1 cli php version 2 amp o0utput html amp usr admin amp pwd admin01 amp command update arg0 license gargl http 192 168 1 254 xxx lic 102 MI
98. s e g hourly Timespec The time specification which together with the condition specifies the time s when the trigger should be pulled Event The system event upon which the trigger should be pulled You can now add your personal script to the system by applying the following parameters Name A meaningful name to identify the script Description An optional description of the script Arguments An optional set of arguments passed to the script Supports quoting Action You may either edit a script upload it to the system or select one of the example scripts or an already uploaded script You are ready to set up a job afterwards it can be created by using the following parameters Name A meaningful name to identify the job Trigger Specifies the trigger that should launch the job Script Specifies the script to be executed 60 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration Arguments Defines arguments which can be passed to the script supports quoting they will precede the arguments you formerly may have assigned to the script itself Testing HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT SDK Testing SDK Administration 1 printf hello sin argv 1 Job Management i Testing DHCP Server DNS Server DynDNS E mail Events SIS SSH Telnet Server SNMP Agent Web Server Redundancy Arguments world Run Clear The testing page offers an editor an
99. server Dial in operational status Shows the actual status of the connection Besides the admin account you can configure further users in the user accounts section which shall be allowed to dial in Please note that Dial In connections are generally discouraged As they are im plemented as GSM voice calls they suffer from unreliability and poor bandwidth RACOM s r o MIDGEGPRS UMTS HSPA LTE router 99 Web Configuration 7 6 SERVICES 7 6 1 SDK Racom routers are shipping with a Software Development Kit SDK which offers a simple and fast way to implement customer specific functions and applications It consists of 1 An SDK host which defines the runtime environment a so called sandbox that is controlling access to system resources such as memory storage and CPU and by doing so catering for the right scalability 2 An interpreter language called arena a light weight scripting language optimized for embedded systems which uses a syntax similar to ANSI C but adds support for exceptions automatic memory management and runtime polymorphism on top of that 3 A RACOM specific Application Programming Interface API which ships with a comprehensive set of functions for accessing hardware interfaces e g digital IO ports GPS external storage media serial ports but also for retrieving system status parameters sending E Mail or SMS messages or simply just to configure the router Anyone reasonably experienced in th
100. t dio out2 dio out2 on 8 4 Setting Config Parameters The set command can be used to set configuration values gt set h Usage set hvl lt parameter gt lt value gt lt parameter gt lt value gt Options validate config parameter use legacy syntax with amp separator See the following example for setting configuration digital output values Both values will be off and both values will be also off after the next start up procedure gt set dio outl 0ff gt set dio out2 0ff 8 5 Getting Status Information The status command can be used to get various status information of the system 96 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Command Line Interface gt status h Usage status hs lt section gt OPTIONS 8 generate sourceable output Avallable sections config Current configuration summary Short status summary system System information license License information wwan WWAN module status wlan WLAN module status gnss GNSS GPS module status lan LAN interface status wan WAN interface status openvpn OpenVPN connection status 1psec IPsec connection status pptp PPTP connection status dialin Dial In connection status dio Digital 10 status neigh Neighborhood status location Current Location In the following example we read the current DIO values Remember that the current states do not correspond to the configuration values set with set dio out commands
101. t of firewalling incoming messages thus either dropping or allowing them on a per modem basis The created rules are processed by order and in case of matches will either drop or forward the incoming message before entering the system All non matching messages will be allowed Status The status page can be used to the current modem status and get information about any sent or received messages There is a small SMS inbox reader which can be used to view or delete the messages Please note that the inbox will be cleared each midnight in case it exceeds 512 kBytes of flash usage 70 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Administration Routing Status Testing SDK Administration Bee tee Job Management Modem Status Used Memory Sent Received Testin ese Mobile 1 idle 0 of 20 2 3 DHCP Server DNS Server Refresh DynDNS E mail Events SMS SSH Telnet Server Testing This page can be used to test whether SMS sending in general or filtering routing rules works The maximum length per message part is limited to 160 characters we also suggest to exclusively use characters which are supported by the GSM 7 bit alphabet HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Administration Routing Status Testing A Send SMS Administration Job Management Testing Phone number 420602561064 DHCP Server DNS Ser
102. tered characters or use the Up and Down keys to search the history of entered commands Pressing CTRL c twice or CTRL d on an empty command line will exit the CLI List of supported key sequences CTRL a Move to the start of the current line CTRL e Move to the end of the line CTRL f Move forward a character 94 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Command Line Interface CTRL b Move back a character ALT f Move forward to the end of the next word ALT b Move back to the start of the current or previous word Clear the screen leaving the current line at the top of the screen with an argument CTRL I given refresh the current line without clearing the screen CTRL p Fetch the previous command from the history list moving back in the list CTRL n Fetch the next command from the history list moving forward in the list Move to the first line in the history CTRL s Session will be frozen CTRL q Reactivate frozen session Delete character at point or exit CLI if at the beginning of the line Drag the character before point forward moving point forward as well If point is at the end of the line then this transposes the two characters before point CTRL r Search backward starting at the current line and moving up through the history Move to the end of the input history Drag the word before point past the word after point moving point over that word as well If point is at the end of the line this transposes th
103. tiate Factory Reset This operation will reset all settings to factory defaults Your current configuration will be lost You may consider backing up the current configuration prior to running a reset Reset 7 7 5 Troubleshooting Network Debugging Various tools reside on this page for further analysis of potential configuration issues HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT System Settings Time amp Region System Information Restart Authentication Authentication User Accounts Remote Authentication Software Update Manual Software Update Automatic Software Update Configuration Manual File Configuration Automatic File Configuration Factory Configuration Troubleshooting Network Debugging System Debugging Tech Support RACOM s r o MIDGEGPRS UMTS HSPA LTE router Network Debugging traceroute tcpdump darkstat The ping utility can be used to verify whether a remote host can be reached wa IP Host 10 203 0 1 Packet count 5 Packet size A0 a Start 85 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Network Debugging System Settings Time 4 Region System Information Restar traceroute tcpdump darkstat The traceroute utility can be used to print the route packets trace to a remote host Authentication Target host 192 168 02 Authentication User Accounts Time To Live 3 Remote Authenticati
104. tput html amp usr admin amp pwd admin01 amp command status arg0 h http 192 168 1 1 cli php version 2 amp 0utput html amp usr admin amp pwd admin01l amp command status arg0 summary http 192 168 1 1 cli php version 2 amp 0utput html amp command status get Get configuration parameter Key usage command get amp arg0 lt config key gt amp argl lt config key gt Examples http 192 168 1 1 cli php version 2 amp o0utput html amp usr admin amp pwd admin0l amp command get arg0 config version http 192 168 1 1 cli php version 2 o0utput html usr admin pwd admin01 amp command get arg0 openvpn status argl snmp status amp arg2 ipsec status set Set configuration parameter Key usage command set amp arg0 lt config key gt amp sargl lt config value gt arg2 lt config key gt amp arg3 lt config value gt NOtes 7 In contrast to the other commands this command requires a set of tuples because of the reserved char 1 e arg0 key0 argl val0 arg2 keyl arg3 vall arg4 key2 arg5 val2 etc Examples http 192 168 1 1 cli php version 2 amp o0utput html amp usr admin amp pwd admin01 amp command set arg0 snmp status argl 1 http 192 168 1 1 cli php version 2 amp o0utput html amp usr admin amp pwd admin01 amp command set arg0 snmp status gargl 0 amp arg2 openvpn status arg3 1 restart Restart a system service Key usage command restart arg0 lt service gt Note
105. ts coming from the WAN interface HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Firewall Administration Firewall Administration Administrative status a enabled Rules m disabled gia Allow WAN administration Adminisiatiin IOW VY administration N Inbound Rules Outbound Rules Apply Administrative status Enable or disable packet filtering Allow WAN administration This option will predefine the rules for services on the WAN link as follows HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Firewall Rules Firewall AiO This menu can be used to control the packets passing the device and targeting its services cea z Packels which are not matching any of the rules below will be ALLOWED ppe Description Mode Interface Source Destination Port s dr n ALLOW WAN HTTP ALLOW WAN ANY ANY 80 Fa Inbound Rules MM Ej ALLOW WAN HTTPS ALLOW WAN ANY ANY 443 D E Outbound Rules 7 Ef ALLOW WAN S3H ALLOW WAN ANY ANY 22 Ej n t ALLOW WAN TELNET ALLOW WAN ANY ANY 23 E LJ DENY WAN ALL DENY WAN ANY ANY ANY Ej ma F Clear Statistics 42 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Web Configuration Statistics HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT E Firewall Matching Statistics Firewall Administration Packets Description Mode Interface Source Destination Port s Rules 0 ALLOW WAN HTTP ALLOW WAN ANY ANY 30 NAPT G A
106. update Time of day Every day at this time MIDGE will do a check for updates URL The server URL where the software update package should be down Last software update 82 loaded from Supported protocols are TFTP HTTP s and FTP Result of the last software update attempt MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration 7 7 4 Configuration Configuration via the Web Manager becomes tedious for large volumes of devices M DGE therefore offers automatic and manual file based configuration to automate things Once you have successfully set up the system you can back up the configuration and restore the system with it afterwards You can either upload a single configuration file cfg or a complete package zip containing the configur ation file and a packed version of other essential files such as certificates Manual File Configuration This section can be used to download the currently running system configuration including essential files such as certificates HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Configuration Download System setings Curent configuration Time 4 Region System Information Restarl Download Configuration Upload Authentication PEE Configuration mode missing config directives will be replaced with factory defaults User Accounts missing config directives will be ignored Remote Authentication New configuration file Vybrat
107. ute otherwise it corresponds to an interface route Host The route is a host route typically the netmask is set to 259 255 255 255 Network The route is a network route consisting of an address and net mask which forms the subnet to be addressed MIDGEGPRS UMTS HSPA LTE router RACOM s r o Default Route 7 3 2 Extended Routing Web Configuration The route is a default route address and netmask are set to 0 0 0 0 thus matching any packet Extended routes can be used to perform policy based routing they generally precede static routes Extended routes can be made up not only of a destination address netmask but also a source ad dress netmask incoming interface and the type of service TOS of packets HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Static Routes Extended Routes Bridging Mobile IP Administration Source address Source netmask Destination address Destination netmask Incoming interface Type of service Route to 7 3 3 Bridging Add Extended Route Source address Source netmask Destination address Destination netmask Incoming interface ANY Type of service Route to Interface Gateway Interface LANA Gateway Apply The source address of a packet The source address of a packet The destination address of a packet The destination address of a packet The interface on which the packet enters the system The TOS value within the header of t
108. utomatic Software Update event manager link manager Configuration wwanmd Manual File Configuration surveyor Automatic File Configuration mobile node Factory Configuration home agent voiced Troubleshooting Network Debugging System Debugging Tech Support 88 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Web Configuration Default debugging levels for individual daemons are as follows e configd O e watchdog 4 e ser2net 4 e swupdate 5 e led manager 5 e event manager 5 e link manager 6 e wwanmd 5 e surveyor 95 e mobile node 4 e home agent 4 e voiced 4 e smsd 5 e sdkhost 5 Tech Support You can generate and download a tech support file here We strongly recommend providing this file when getting in touch with our support team either by e mail or via our online support form as it would significantly speed up the process of analyzing and resolving your problem Note For both direct E mail and Online support form a connection to the Internet has to be avail able HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Tech Support System Settings You can generate and download a tech support file here Time amp Region We strongly recommend to provide this when getting in touch with our support team System Information either by E Mail or via our online support form as it would significantly speed up the process of analyzin
109. value2 gt lt keyN gt lt valueN gt Available keys output Output format html plain usr Username to be used for authentication pwd Password to be used for authentication commandV Command to be executed arg0ecargs Arguments passed to commands Notes The commands correspond to CLI commands as seen by cli 1 the arguments arg arg31 will be directly passed to the cli application Thus an URL containing the following sequence command get argU admin passwordsargl admin debug arg2 admin access will lead to cli being called as cli get admin password admin debug admin access It supports whitespaces but please be aware that any special characters in the URL must be specified according to RFC1738 which usually done by common clients such as wget lynx curl Response The returned response will always contain a status line in the format lt return gt 3 lt msg gt with return values of OK if succeeded and ERROR if failed Any output from the commands will be appended Examples OK status command successful ERROR authentication failed status Display status information Key usage command status sargU lt section gt Notes Available sections can be retrieved by running command statustargU h System status can be displayed without authentication 100 MIDGEGPRS UMTS HSPA LTE router RACOM s r o Command Line Interface Examples http 192 168 1 1 cli php version 2 amp o0u
110. ver Tensa Test message No 12345 DynDNS E mail Events SMS SSH Telnet Server SNMP Agent Web Server send 7 6 8 SSH Telnet Server Apart from the Web Manager the SSH and Telnet services can be used to log into the system Valid users include root and admin as well as additional users as they can be created in the User Accounts section Please note that a regular system shell will only be provided for the root user the CLI will be launched for any other user whereas normal users will only be able to view status values the admin user will obtain privileges to modify the system RACOM s r o MIDGEGPRS UMTS HSPA LTE router 71 Web Configuration HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Telnet Server Configuration SDK Administration Administralive status enabled Job Management disabled Testing Pana A nnn psi Server port 23 DHCP Server DNS Server DynDNS SSH Serwer Administration E mail Administrative status enabled disabled Events Server port 99 SMS Disable password based login F sSsHiTelnet Server a ooo Upload authorized keys Vybrat Upload SNMP Agent i Upload Web Server Apply Redundancy Apply Please note that these services will be accessible from the WAN interface also In doubt please consider to disable or restrict access to them by applying applicable firewall rules The following parameters can be applied to the Telnet service
111. wall Access Control Lists RACOM s r o MIDGEGPRS UMTS HSPA LTE router T MIDGE router Interfaces e 2 Ethernet ports LAN WAN LAN e RS232 e 2x DI 2x DO e USB host Diagnostic and Management e Web interface CLI available e File configuration e OTA SW update e Advanced troubleshooting e SMS remote control SMS and E mail notification e SNMP 1 3 Standards EMC EN 301 489 1 V1 7 1 EN 301 489 7 V1 3 1 EN 61 000 6 2005 EN 50 121 3 2 2006 EN 50 121 4 2006 Electrical Safety EN 60950 1 2006 IP rating IP40 ETH IEEE 802 31 IEEE 802 3u IEEE 802 3af 8 MIDGEGPRS UMTS HSPA LTE router RACOM s r o MIDGE in detail 2 MIDGE in detail Led LJ rs N J 7 A N v x 7 2 gt 4 7 5 a J Fig 2 1 Front panel and terminal panel of MIDGE All MIDGE MG102 Wireless Routers run MIDGE MG102 Software Software offers the following key features RACOM s r o MIDGEGPRS UMTS HSPA LTE router Interfaces and Connection Management section Section 7 2 INTERFACES o Dial out on demand permanent o Connection Monitoring o Fallback to backup profile or SIM o SIM and PIN management o Automatic or manual network selection Routing section Section 7 3 ROUTING o Static Routing o NAPT Port Forwarding Security Firewall section Section 7 4 FIREWALL o NAPT Port Forwarding o Access Control Lists o Stateful Inspection Firewall Virtual Private
112. ware Update Configuration Manual File Configuration af e9 a6 6c 2a 08 7f 8b b7 60 ba 67 03 aa 00 Automatic File Configuration ab f 93 bb 10 4b 25 b db 69 5c 53 8e c2 87 Factory Configuration db 72 aa 84 6b ac 7e e b4 be 55 bd b 63 1 a5 6b e2 1b 09 93 77 6b ad 82 68 0d 31 8e 20 Troubleshooting 65 df Network Debugging Exponent 65537 x16001 System Debugging Signature Algorithm shalWithRSAEncryption Tech Support b2 247 b6 53183148 16 10 24 83 57 147 bf 2c 3d eb 4a d 20 6b 81 02 68d 4e 2f d0 4a 68c 36 93 ad df 81 27 54 6a Keys amp Certificates f6 c7 5d 6b 80 9b 93 46 1e 4c c8 ef c7 4c c1 8d 69 3a eb d8 09 d8 87 3c 4f 47 b1 78 7e 21 a1 4b 1f 9c 67 31 Licensing a6 66 5c 9b aa 08 2f 0 04 04 4b f6 d4 21 78 41 64 81 380 c3 ab 9b 5e 28 db 6b 05 a5 01 68 22 22 ed d a5 el m b3 24 28 4d 20 4f 08 21 2a 02 5c eb 062 3d 56 b6 11 c4 The following terms are used Root CA The root Certificate Authority CA which issues certificates its key can be used to certify it at trusted third party on other systems Certificate Corresponds to a digital certificate which uses a signature to bind a public key with an identity Key Corresponds to an either public or private key CSR Certificate Signing Request which can be used to sign a certificate by a third party authority P12 PKCS12 container format which can include certificates and keys protected by password RSAThe certificate owner s loca An encryption algorithm based on the
113. will need an additional driver on the remote site and further installation instructions which we can provide on demand 7 2 5 Serial Port HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT WAN Serial Port Administration Link Management Settings Serial port is used by login console Supenision 5 device server H SDK Ethernet Port Settings Link Settings IP Settings Mobile Sis Interfaces USB Serial Port Digital 110 Three possibilities are availble e login console for enabling serial console serial console is mentioned especially for maintenance reasons in case that the web interface should not be used from any reason e device server or e SDK for more about this possibility see chapter SDK 34 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o Device Server HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT WAN Link Management Sailings Super sion Ethernet Port Settings Link Settings IP Settings Mobile SIMs Interfaces USB Serial Port Server status Protocol on IP port Protocol on serial port Administration Port Settings Server Contiguration Protocol on IP port Telnet Protocol on se al port serial raw TCP Configuration Port 2000 Time out e endless a numbered 600 Apply Enable or disable serial device server Telnet UDP raw or TCP raw Web Configuration seconds The protocol
114. will see that you will also be able to restrict the list of permitted senders Please inspect the system log for troubleshooting any issues The following commands are supported status A SMS with the following information will be returned e Signal strength e Mobile connection state up down e current IP address of the mobile interface e current IP address of the VPN interface if enabled connect This will initiate a Dial out connection over GSM UMTS and the VPN connection if enabled and trigger sending an SMS with the following information e current IP address of the PPP interface e current IP address of the VPN interface if enabled disconnect terminates all WAN connections including VPN reboot Initiates a system reboot output 1 on Switch digital output 1 on output 1 off Switch digital output 1 off output 2 on Switch digital output 2 on output 2 off Switch digital output 2 off A response to the status command typically looks like System MIDGE midge 0002A9FFC32E WAN1 WWAN1 is up 10 204 8 3 Mobilel HSPA 65 dBm LAI 23003 DIO INl off IN2 0ff OUTl off OUT2 on 62 MIDGEGPRS UMTS HSPA LTE router O RACOM s r o 7 6 2 DHCP Server Web Configuration This section can be used to individually configure a DHCP service for each LAN interface HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT SDK Administration Job Management Testing DHCP Server DNS Server DynDNS E mall Events
115. y sending pings on each link to authontative hosts A link will be declared as Settings a down in case all trials have failed and only as up if al least one host can be reached Supervisi n Administratwe status enabled Ethemet disabled Port Settings Link Settings IP Settings Primary host 10 203 1 100 Mobile secondary hast 10 202 1 100 optional Interfaces Ping timeout 5000 miliseconds USB Ping interval 0 seconds Serial Port Max number of failed trials 5 Digital 1 0 You may further specify an emergency action in case no uplink can be established at all Maximum downtime 30 minutes Emergency action none Supervision status Primary host Secondary host Ping Timeout Ping interval Max number of failed trials 7 2 2 Ethernet Port Settings restart link services amp reboot system Enable or disable connection supervision Reference host 1 which will be used for checking IP connectivity done via ICMP pings Reference host which will be used for checking IP connectivity done via ICMP pings The test is considered successful if either host 1 or 2 answers Time for which the system is waiting for ping response With mobile networks the response should last even several seconds in some cases You can check the typical response using SYSTEM Troubleshooting Network Debugging Ping The first response is typically longer in GPRS UMTS networks the timeout should be longer than this time Time to
Download Pdf Manuals
Related Search