CTEK Z4200 User manual

USER MANUAL
Ctek Z Series SkyRouter
Cellular Application Platform Models Z4200 Z4400 Z4550
(Release 6.00.05 and newer)
Ctek – Things That Move Data
.

10 October 2016
i
Table of Contents
TABLE OF CONTENTS I
1 INTRODUCTION 1
1.1 See Also 1
2 GETTING STARTED 1
2.1 Default Factory Settings 1
2.2 Administrative Access 2
3 WIRELESS NETWORK ACTIVATION – Z4550 4G/LTE 4
3.1 Prerequisites 4
3.2 Activation 5
3.3 Installing Radio Network Specific Firmware 5
3.4 APN Selection and Account Provisioning 5
For Legacy CDMA Carriers 5
For Legacy GSM Carriers 5
3.5 Dual-SIM Operation 6
User Interface Control 6
Default Switch Operation (dual SIM) 6
4 WIRELESS NETWORK ACTIVATION – Z4200 3G (CDMA/EVDO/1XRTT) 6
4.1 AT Commands 7
4.2 OTAP/OMA Activation 7
5 WIRELESS NETWORK ACTIVATION – Z4400 3G (GSM/UMTS/HSPA) 8
6 SECURITY 9
6.1 Change the Default User ID and Password 9
6.2 Security Settings 10
General Configuration 11
IP White List 11

10 October 2016
ii
SMS Management 11
White List Status (SMS) 11
SSH Access 11
Web Administration 11
6.3 Additional Security Features 11
Authlogread 11
Intrusion Detection 11
7 DEVICE PROFILE 12
7.1 Device Network Profile 12
Gateway 12
Client 12
7.2 Application Parameters 12
Location 12
Application Alarming 12
Application Logging 12
Email Configuration 12
Automation Display Groups 12
Dashboard Options 12
8 LOCAL INTERFACES 13
8.1 Overview 13
8.2 RS232/RS485 Ports 13
RS232 14
RS485 (TR1) 14
RS485 (TR2) 14
Console Port 14
8.3 RS232/RS485 Options 14
8.4 Ethernet Port Forwarding 15
8.5 Digital and Analog Inputs 15
Relay Input –(Digital Input) 15
Relay Output (Digital Output) 15
Analog Input 15
9 TUNNELING AND ENCRYPTION 15
9.1 GRE Tunneling 15
9.2 IPsec 15
10 TIME AND LOCATION SOURCE 16

10 October 2016
iii
10.1 Time Source 16
Cellular Network 16
Network Time Protocol (NTP) Server 16
GPS 16
10.2 Location Source 16
11 SKYCLOUD SERVICES 16
12 TOOLS 16
12.1 Flash Update Client 16
12.2 Backup and Restore 17
13 APPLICATIONS 17

10 October 2016
1
1 Introduction
Welcome to the Ctek SkyRouter User’s Guide. While the primary focus of this manual is the Z4550 4G/LTE model it also
documents variations in the user interface caused by different network technologies, CDMA for the Z4200 and HSPA for
the Z4400. These UI variations are focused on the activation and network provisioning aspects of the UI, all other
functions are common across these three models. Note that firmware release 6.00.05 and newer will provide support
for all three models based on the type of radio module installed.
The Z4550 is a cellular applications platform that provides 4G/LTE service on all North American networks with fallback
3G service appropriate for that network. This User’s Guide will explain the basic operation of the application platform
and router, and take you through the necessary settings to get your wireless application online securely. Additional
information concerning many of the advanced features of the Z4550 is found in TechNotes available at
www.ctekproducts.com.
1.1 See Also
TN034 – Geo-fencing with the SkyRouter
TN037 – Updating CK418 Flash Memory
TN039 - SkyRouter Serial Subsystem
TN040 - GRE and IPSec Tunneling
APN007 – Automation Control
2 Getting Started
2.1 Default Factory Settings
The Z4550 leaves the factory with the default settings defined in Figure 1. A Z4550 may be returned to its factory setting
at any time by depressing and holding the switch labeled default until the status LEDs begin a repetitive flashing routine,
approximately 10 seconds. Once the LED flashing sequence has begun, the unit should be rebooted (power-cycled) and
will return to service with the factory defaults in place.
Note – Z4550 units produced after approximately October 1, 2016 will be equipped with a dual-SIM feature. For both
dual-SIM operation and restoring factory defaults see dual-Sim section below.
Setting or Parameter
Factory Default
Administrative User ID
ctek *** Change after first login ***
Administrative password
ctek *** Change after first login ***
Administrative IP address
192.168.1.10
Network Configuration
Gateway
DHCP Server
Enabled
Administrative LAN and WAN port
Port 80 – See security section below

10 October 2016
2
Setting or Parameter
Factory Default
Firewall Status
Enabled – See security section below
WAN Ping Response
Disabled – See security section below
NAT Traffic to WAN
Enabled – See security section below
XML Interface
Disabled – See security section below
IP White List
Disabled – See security section below
SMS Management
Disabled – See security section below
SMS White List
Disabled – See security section below
SSH (Secure Shell) Access
Disabled – See security section below
SSH User ID
root – See security section below
SSH Password
pass – See security section below
Enable HTTPS
Disabled – See security section below
Connection State (WAN)
Enabled
Relay Input (Trigger Input)
Disabled
Relay Output (Managed by Automation Control)
No
Time Source
Cellular Network
Location Source
GPS (Internal)
DNS Address Source
Acquire from Wireless Network
Auto Configure (radio firmware)
Disabled
Radio module firmware
Sprint - SWI9X15C_05.05.63.01 or newer
Figure 1
2.2 Administrative Access
All administration and configuration of the Z4550 is accomplished using the web UI, which can be accessed locally
throughout the Ethernet connection or over the air through the WAN connection after the unit is connected to a cellular
network.
To use the local interface connect a computer to the Z4550’s Ethernet port using a standard Ethernet cable. Using a web
browser connect to the login page using the administrative IP address and the default login and password. Once you are
successfully logged in the Quick Panel display shown in Figure 2 will be presented.

10 October 2016
3
Figure 2
The Quick Panel display presents an overview of the network and equipment status, and provides navigation to the
Administrative functions. The Quick Panel status information is a snapshot in time and must be refreshed to observe
changes in dynamic parameters such as network connections or signal strength. The Admin Main button on the Quick
Panel will display the main administrative screen as shown in Figure 3. Note that the main admin screen maintains the
Quick Panel’s status display, and offers navigation to all Z4550 SkyRouter administrative functions.

10 October 2016
4
Figure 3
3 Wireless Network Activation – Z4550 4G/LTE
Ctek’s Z4550 SkyRouter operates on North American LTE networks on bands 2, 4, 5, 13, 17, and 25 with fallback to the
appropriate 3G network for the selected carrier. The Z4550 will also operate globally on HSPA (UMTS) networks on
bands 1,2,4,5, and 8
3.1 Prerequisites
Before you start, you must have:
1. A cellular data account with your selected carrier
2. A SIM card issued by that carrier that conforms to the 2FF form factor
3. At least one antenna suitable for the bands that will be used
4. A source of DC power between 9 and 24VDC

10 October 2016
5
3.2 Activation
1. Insert the SIM card
2. Connect the DC power source to the Z4550 and power up
3. Connect a computer to the Z4550 using an Ethernet cable, a browser, and the default administrative IP address
4. On the Provisioning/Radio Update screen verify that the radio firmware is correct for the network you are using
5. If the firmware is correct, proceed to section 3.4, else see section 3.3
3.3 Installing Radio Network Specific Firmware
1. On the Provisioning/Radio Update screen, select the correct firmware for the network you are using
2. Press the Update Radio button – This process will take between 2 and 3 minutes to complete
3. The SVC and Link LEDs will begin an alternating green pattern
4. The Status button on the Radio Update screen will display the network firmware that is being loaded
5. After a 2 – 3 minute delay the Status button will indicate that the radio programming has completed
6. The LEDs will simultaneously blink green indicating that the programming was successful
7. If the programming step encountered a problem the LEDs will simultaneously blink red/yellow
8. Restart or power cycle the unit
3.4 APN Selection and Account Provisioning
Important Note – For the purposes of this manual, we divide the carriers (network operators) into two groups,
legacy CDMA carriers, e.g. Sprint and Verizon, and the legacy GSM group, which is comprised of all other networks. In
terms of provisioning the wireless account, especially APNs, these two groups present very different behaviors.
Legacy CDMA carriers use an over-the-air provisioning mechanism to “push” the appropriate APNs and settings to the
radio module when it connects to the network. Under normal operation, this process is automatic and there should be
no need to manually configure an APN. Legacy CDMA carriers currently use APN profile configuration (slot) 3 for the
operational APN.
Legacy GSM carriers do not use an over-the-air provisioning mechanism. You must enter the carrier provided APN in
APN profile configuration (slot) 1. Some legacy GSM carriers may also require you to enter a User Name, Password, and
authentication type along with the APN.
For Legacy CDMA Carriers
After the restart performed in step 8 of section 3.3 the unit will complete its reboot cycle, provision over the air, and wil l
obtain an IP address from the network, and light the Link LED. This process will take between 1 and two minutes. If the
Link LED is red it indicates an LTE connection, if the Link LED is green it indicates 3G connection.
For Legacy GSM Carriers
After the restart performed in step 8 of section 3.3 the unit will complete its reboot cycle. When the unit completes its
boot cycle reconnect with a browser. On the Wireless Interfaces screen enter the APN specified by your carrier.
Optionally, you may also need to enter a User Name, Password, and select an authentication type. When the required
information has been entered perform a restart or power cycle. When the unit completes its reboot cycle it will obtain

10 October 2016
6
an IP address from the network, and light the Link LED. This process will take between 1 and two minutes. If the Link
LED is red it indicates an LTE connection, if the Link LED is green it indicates 3G connection.
3.5 Dual-SIM Operation
User Interface Control
The dual-Sim feature is managed from the Wireless screen under the Interfaces section. To use this feature select the
desired SIM, update, and restart the unit. If the automatic radio configuration feature is enabled the unit will load the
appropriate radio module firmware after it has been restarted. See the Installing Radio Network Specific Firmw are
section above for visual indicators and timing considerations.
Default Switch Operation (dual SIM)
For units equipped with the dual-SIM feature the default settings switch performs both the restore factory defaults
function, and provides a secondary method of SIM selection.
To restore factory defaults press and hold the default switch until the Link and Service LEDs blink on and of
simultaneously, Link = red and Service = Yellow. As soon as this pattern is observed, release the default button and
restart or power cycle the unit. Factory defaults have been restored.
To select the alternate SIM, continue to depress the default switch until the LED pattern shifts to both the Link and
Service LEDs blink on and of simultaneously, both with green being displayed. At this point release the default switch
and either the Link or Service LED will come on steady green, indicating which SIM slot is currently selected. At this
point, a momentary closing (pressing) of the default switch will select the alternate SIM and indicate the selection on
either the Service or Link LED. This SIM selection operation may be repeated as many times as desired. When the correct
SIM is selected, the unit may be restarted or power cycled. Similar to the User Interface method descri bed above, if the
automatic radio configuration feature is enabled the unit will load the appropriate radio module firmware after it has
been restarted. See the Installing Radio Network Specific Firmware section above for visual indicators and timing
considerations.
4 Wireless Network Activation – Z4200 3G (CDMA/EVDO/1XRTT)
For CDMA models, the Provisioning function on the main menu serves two purposes. First, it provides a mechanism to
activate and provision the router on the wireless networks utilizing the OTAS mechanism. Secondly, it may be used as a
general interface to directly enter specific commands, known as AT commands, to the router’s radio module. The
following important notes apply:
Note – Before using the Wireless Activation Services Interface for any purpose, you must first disable the router’s WAN
interface. This is required because during normal operation the router has a data connection open with the radio
module which will cause OTA time outs and potentially other types of OTA failures.
To disable the router’s WAN interface (1) go to the Wireless Interface screen, (2) set the Wireless Connection pull down
on to disabled, (3) press update, and (4) perform restart of the unit on the main menu page.

10 October 2016
7
Note – To insure a stable environment prior to executing an OTAP evolution the SkyRouter verifies that during the
previous two minute sample period the RSSI is greater than (smaller negative number) -99dBm, the SID has not changed,
and the unit has access to 1xRTT connectivity. 1xRTT is required for OTAP operations.
4.1 AT Commands
Selecting the AT Commands menu option presents a screen as shown below. AT commands are entered in the command
field and after submission the commands status string will be displayed in the response area.
Figure 4
4.2 OTAP/OMA Activation
Selecting the OTA Activation option presents the following screen. Please see notes above about the WAN interface and
network stability. Once the Activation function is selected a status button is available to follow the progress of the
activation based on responses from the wireless network.
Note – For Verizon Wireless an up-to-date PRL is downloaded for each activation. The activation can be performed
whenever a new PRL is available. For Sprint only an additional function is provided to load the latest PRL.

10 October 2016
8
Figure 5
5 Wireless Network Activation – Z4400 3G (GSM/UMTS/HSPA)
Activating a Z4400 on a GSM/HSPA network is performed by inserting a Subscriber Identification Module (SIM) In the
appropriate SIM connector and filling in information on the Wireless Interface screen that will have been provided by
the Network Operator or Carrier providing the SIM.
At a minimum, you will need to enter the APN provided into the Profile Name field on the Wireless Interface and in most
cases will also need to enter an Authentication Type (PAP, CHAP, or both).
Additional information that may be required is:
PDP Address – Seldom used
User Name – May be associated with the network or with an individual SIM
Password - May be associated with the network or with an individual SIM
SMSC Address
Email Gateway
In addition, a specific network ID may be entered to control unwanted roaming in specific areas.
If the Z4400 contains the dual-SIM feature two SIM cards may be installed and managed as described in section 3.5
above.

10 October 2016
9
6 Security
Properly configured, the Ctek Z4550 is the most secure cellular router available in the marketplace. However, the
security provided by the Z4550 is only as good as the thought given to its administration. Factory default settings disable
all of the Z4550’s access mechanisms with the exception of HTTP access on port 80.
6.1 Change the Default User ID and Password
NOTE - The default User ID and password for Ctek’s SkyRouters is well known. Failure to perform this step exposes the
user’s equipment to unauthorized access and tampering.
Select the User Accounts function. The screen shown in Figure 4 will be presented.
Figure 6
1. Select the Ctek login entry
2. Enter a new User ID
3. Enter a new password
4. Enter a confirming password
5. Check the Admin box
6. Press Update
7. When the unit is rebooted the new login information will be in effect

10 October 2016
10
6.2 Security Settings
Select the Security Preferences function. The screen shown in Figure 5 will be presented.
Figure 7

10 October 2016
11
General Configuration
Firewall Status - When enabled the firewall blocks all WAN traffic except for port 80 and the serial pad port if,
and only if the serial pad is active. Since an SMS command (TechNote TN009) can be used to temporarily open
ports for ad-hoc maintenance there are very few reasons to ever disable the firewall.
WAN Ping Response – When Disabled ICMP Ping requests will be ignored
NAT Traffic to WAN - Must be Enabled for normal operation
XML Interface: Can be enabled to open port 5070 for XML applications
IP White List
Enable to limit access to specified addresses or ranges of address. The White list applies to both WAN and LAN side
connections. If it is enabled, be sure to create an entry for LAN access.
IP Address (for white list) – specified as an address followed by a netmask in the Classless Inter-Domain Routing (CIDR)
format as in 192.168.1.0/24 to allow the entire class C range beginning at 192.168.1.0 for LAN administration
SMS Management
Enable to allow SMS management commands as defined in TechNote TN009
White List Status (SMS)
Enable to limit SMS access to specified phone numbers
SSH Access
Enable to allow SSH access from LAN, WAN, or both
Note – The SSH password can and should be changed if SSH is enabled
Note – For file transfers the Secure Copy (SCP) utility can be used with the same login credentials as SSH
Web Administration
Provides a mechanism to enable or disable HTTP access through the WAN, LAN, or both. Also provides a mechanism to
specify an IP port number other than 80 for HTTP access through the WAN, LAN, or both.
6.3 Additional Security Features
Authlogread
Using SSH the command line utility authlogread can be used to determine the last 20 login attempts since the unit was
last rebooted.
Intrusion Detection
If the Z4550 has the TCOPlus management option (APN001) installed, the intrusion detection feature under Tools/Wan
Management can be used to alarm 3 consecutive failed login attempts, and if desired to lockout any subsequent login
activity until the unit receives administrative attention.

10 October 2016
12
7 Device Profile
The Device Profile screen performs two key functions. First, it is used to configure the Z4550’s LAN for either network
gateway or network client operation. Second, it is used to configure a number of parameters used by SkyRouter reside nt
applications for alarming, reporting, and formatting the dashboard display.
7.1 Device Network Profile
Gateway
In the Gateway mode of operation the Z4550 SkyRouter connects with the cellular network, obtains an IP address from
the cellular network, and routes traffic to and from LAN side connections using Network Address Translation (NAT).
Gateway mode is the default method of operation.
Client
The Client mode of operation allows the Z4550 to be connected, via Ethernet to an enterprise or home network. In this
mode of operation, the Z4550 can be set up to operate either as a DHCP client or with a static address on an established
network. Client mode can be a useful tool for loading updates or applications since in the client mode of operation
traffic moves through the corporate network instead of over the wireless network.
7.2 Application Parameters
Location
The location name that will be displayed on the dashboard, on SkyCloud, and in reports and alarms
Application Alarming
Enables or disables alarms, selects alarm delivery mechanisms, assigns email addresses and phone numbers for alarm
delivery, and assigns GPS/Location coordinates to alarms
Application Logging
Enables or disables application logging, enables or disables log deliver via email, selects a log delivery schedule, and
assigns email addresses of log recipients
Email Configuration
The Z4550 has a resident POP3 email server that is used to deliver alarms and logs. This panel is used to configure the
SkyRouter with email account information. This set up should be identical to setting up any email client such as Outlook
or Thunderbird.
Automation Display Groups
This panel is used to assign names to the display groups shown on the automation dashboard
Dashboard Options
This function is used to configure the number (1-5) of named display groups that will appear on a single row of the
dashboard.

10 October 2016
13
8 Local Interfaces
8.1 Overview
Figures 6 and 7 below show the location of local interfaces, indicators, and controls found on the Z4550 SkyRouter.
Figure 8
Figure 9
8.2 RS232/RS485 Ports
The RS232/RS485 screen is used to configure the physical (electrical and timing) characteristics of the serial ports. The
serial ports can be connected to the TCP/UDP PAD function for WAN transmission. See tN039 for details on Serial PAD
settings. Level 2 (link level) settings for this port are made using the RS232/RS485 Ports screen.

10 October 2016
14
RS232
A complete RS232 connection is provided on pins 6 – 10 of the bottom connector block. This is a Data Communication
Equipment (DCE) type connection. Connections to a Data Terminal Equipment (DTE) device on a typical DB9 connector
are shown in figure 8 below.
Figure 10
RS485 (TR1)
A general-purpose RS485 connection is provided on pins 13 and 14 of the top connector block. The TR1 connection can
be connected to the serial (TCP/UDP/PPP) pad function (TN039), and is used to support RS485 Modbus controllers that
interface with Ctek’s Automation Control application. See Application Note APN008 for details on interfacing to Modbus
controllers using Automation Control.
Level 2 (link level) settings for this port are made using the RS232/RS485 Ports screen.
RS485 (TR2)
The TR2 RS485 connection is reserved for, and programmed by the Automation Control application
Console Port
A two-wire RS232 type connection of type DCE is provided by on pins 19 and 20 of the top connector block.
8.3 RS232/RS485 Options
The screens under this function are used to configure the serial (TCP/UDP/PPP) pad function. For details see TechNote
TN039.

10 October 2016
15
8.4 Ethernet Port Forwarding
In the gateway mode of operation (see section 5.1) the Z4550 SkyRouter routes data to and from the wireless network
IP connection to a class C range of local (private) IP addresses available on the RJ45 Ethernet connector. To accomplish
this the Port Forwarding screen allows you to forward WAN side IP traffic arriving on a specific IP Port to a specific Port
at a designated LAN side address. In addition, this screen also allows you to make a named (advertised) service available
over the WAN interface.
Each forwarding rules consists of the following field:
Service Name – A name that will be associated with a service advertised on the Quick Panel of the WAN
interface
Forwarding From – The inbound (WAN side) port number managing the traffic
Local Port – The port number on the LAN side that the traffic will be routed to
Local IP – The IP address on the LAN side that the traffic will be routed to. Must be part of the class C range
defined in the Ethernet Interface screen.
Advertise – Yes or no
Protocol – TCP, UDP, or both
Enable – Make the rule active (Yes/No)
8.5 Digital and Analog Inputs
Relay Input – (Digital Input)
A digital input is provided on pin 17 of the top connector block. The digital input can be used as a conventional digital
input under automation control logic, or to trigger an alarm via SMS. When used to generate an SMS message the
destination phone number is entered on this screen.
Relay Output (Digital Output)
A digital output is provided on pin 3 of the bottom connector block. If desired pin 4 (Source) can be used to provide a
5VDC level connected through a 10K ohm pull-up resistor.
The digital output can be managed under automation control, via SMS, or through SkyRout er web screens.
Analog Input
An analog input is provided on pin 18 of the top connector block. It operates on a 0 - 5VDC input range and provides 10
bit A/D conversion. The analog input is accessible through automation control.
9 Tunneling and Encryption
9.1 GRE Tunneling
The Z4550 SkyRouter supports 2 concurrent GRE tunnels. See TechNote TN040 for detailed setup information.
9.2 IPsec
The Z4550 SkyRouter supports 8 concurrent IPsec tunnels. See TechNote TN040 for detailed setup information.

10 October 2016
16
10 Time and Location Source
10.1 Time Source
The Time Source screen allows the user to select from one of three mechanisms to synchronize the time reference on an
individual Z4550 SkyRouter.
Cellular Network
The SkyRouter retrieves and synchronizes to time provided by the cellular network
Network Time Protocol (NTP) Server
The SkyRouter retrieves and synchronizes to time provided by an NTP server. An IP address field for the NTP server is
provided on the screen.
GPS
The SkyRouter retrieves and synchronizes to time provided by the GPS or GLONASS constellation. This option requires
that GPS be enabled on the Location Source screen.
10.2 Location Source
The SkyRouter’s location source can be set to originate from the built-in GPS/GLONASS receiver, or by using user defined
coordinates. User defined coordinates are especially useful for stationary installations hat may not want to incur the
expense of a GPS antenna.
The Location Source screen also supports the creation of two geo-fences. Geo-fencing applications are covered in detail
in TechNote TN034.
11 SkyCloud Services
The SkyCloud Services screen serves two related purposes. It provides a method of selecting a Dynamic Domain Name
Service (DDNS) for the Z4550. Secondly, it is used to configure the unit for operation on Ctek’s cloud base d visual access
and management system, SkyCloud. See Technical Information Bulletin TIB006 for details.
12 Tools
The Z4550 comes standard with two tools installed.
12.1 Flash Update Client
The Flash Update client provides a mechanism to load over-the-air firmware update and to enable additional
applications on the SkyRouter. The Flash Update client can be configured for periodic (daily/weekly/monthly) updates,
or to perform the updates ad-hoc when the user initiates an update request.
Other manuals for Z4200
1
This manual suits for next models
2
Table of contents
Other CTEK Network Router manuals