ELTEC CYBOX LTE 2 Instruction sheet
CYBOX LTE 2
LTE ROUTER
CONFIGURATION MANUAL
Version: 1.0 for firmware V21.38.00 | Date: 23.09.2021
Contents
1 IMPORTANT INFORMATION 1
1.1 Revision 1
1.2 Disclaimer 1
1.2.1 Copyright 1
1.2.2 GPL Statement for CyBox Software 1
1.2.2.1 Disclaimer of Warrenty 2
1.2.2.2 Limitation of Liability 2
1.2.3 Regulatory Limits for Changes in Country and Transmit Power Settings 2
1.3 Known Issues 2
2 ABOUT THIS DOCUMENT 3
2.1 Information about Formatting 3
3 ABOUT THE CyBox LTE 2 3
4 HOW TO ACCESS THE CyBox LTE 2 4
4.1 IP Addresses of the CyBox LTE 2 4
4.2 Getting to the Web Interface 5
5 QUICK START GUIDE 6
5.1 Change Password 6
5.2 Change LAN IP address (Quick Guide) 6
5.2.1 Disabling IPv6 7
5.3 Example: Local Access Point 8
5.3.1 System Settings 8
5.3.2 Prepare WLAN Radio Interface 8
5.3.3 Connect radio0 to the Network 9
5.3.4 Connecting to WAN 10
5.4 Example: Connecting three VLANs to a server 10
5.4.1 Create the Management VLAN 11
5.4.2 Add two unmanaged VLANs 11
5.4.3 Configure and Enable the radio(s) 11
5.4.4 Attach the “Clients” VLAN to radio0 12
5.4.5 Attach the “Staff” VLAN to radio0 12
5.4.6 Check Configuration 13
5.4.7 Disable Unneeded Default Address 13
5.5 Example: Client Isolation within the Access Point 13
5.5.1 Isolate the Radio Clients 13
CYBOX LTE 2
i
5.5.2 Restrict Access to Local Ports to Specified Interfaces 14
6 THE WEB INTERFACE 15
6.1 Network 15
6.1.1 Interfaces 15
6.1.1.1 DHCP Server per Interface 15
6.1.1.2 Bridges 15
6.1.1.3 VLAN 17
6.1.1.4 LTE 17
6.1.1.4.1 Configuring LTE 18
6.1.1.4.2 LTE Troubleshooting 20
6.1.1.5 5G 20
6.1.2 WLAN 20
6.1.2.1 Channel, Wireless mode, HT mode, Power settings 21
6.1.2.2 Radio Band Configuration for Models with Antenna Combiner 22
6.1.2.3 JJPlus Radio Card Band Configuration 22
6.1.2.4 ESSID, WDS Mode, Client separation 23
6.1.2.5 Encryption 23
6.1.2.6 Hotspot 2.0 24
6.1.2.7 WLAN Clients test 25
6.1.2.8 Multi-AP Client Isolation 25
6.1.2.9 Connection Check 26
6.1.2.10 Access Point Scanning Service (Wireless Monitoring) 27
6.1.2.11 Client Counting Service 29
6.1.2.12 Rogue Access Point Detection Service 31
6.1.3 Multi-WAN Manager (MWAN3) 33
6.1.3.1 Capabilities 34
6.1.3.2 MWAN Test 35
6.1.3.2.1 Gateway 35
6.1.3.3 MWAN Status 35
6.1.3.4 MWAN Modem Interface Configuration 36
6.1.3.5 MWAN Members Configuration 38
6.1.3.6 MWAN Policies Configuration 39
6.1.3.7 MWAN Rules Configuration 40
6.1.3.8 MWAN Notification Configuration 40
6.1.4 LACP / Bonding 41
6.1.4.1 LACP configuration example 41
CYBOX LTE 2
ii
6.1.4.1.1 Create LACP interface 41
6.1.4.1.2 Setup IP / Netmask 42
6.1.4.1.3 Setup bonding Policy / add slave Interfaces 42
6.1.4.1.4 Setup Firewall 43
6.1.4.1.5 Check interface Status 44
6.1.4.2 LACP testing example 45
6.1.4.2.1 Test Setup 45
6.1.4.2.2 Test bonding bandwidth improvement 46
6.1.4.2.3 Test bonding reliability improvement 46
6.1.5 Global DHCP and DNS Settings 46
6.1.6 Firewall 47
6.1.7 OpenVPN 48
6.1.7.1 Configuration file generation on Windows 48
6.1.7.2 VPN interface setup – 3 methods 48
6.1.7.2.1 Copy Ready-to-use configuration with SCP 48
6.1.7.2.2 Upload configuration, certs, key-files with web interface 49
6.1.7.2.3 Manual configuration with web interface 50
6.1.7.3 VPN host configuration (on console) 50
6.1.8 ICCP 52
6.1.8.1 Coupling Concept 52
6.1.8.2 SSID Usage 53
6.1.8.3 WLAN Encryption 53
6.1.8.4 Configurable Parameters 53
6.1.8.5 Configuration Hint Web Interface 55
6.1.8.6 VLAN over Wireless ICCP 56
6.1.8.6.1 Features and Restrictions 56
6.1.8.6.2 Examples 56
6.1.9 QoS 60
6.2 GPS 60
6.2.1 GPS activation 60
6.2.2 GPS status 60
6.2.3 SNMP for GPS 62
6.3 System 63
6.3.1 System Properties 63
6.3.2 Configuration Backups 63
6.3.3 Firmware Upgrade 64
CYBOX LTE 2
iii
6.3.4 Reboot 64
6.3.5 Reset Button 65
6.3.6 Emergency Mode 65
7 SNMP 67
7.1 SNMP Protocol Support 67
7.2 SNMP V3 Protocol Support 67
7.2.1 SNMP V3 Protocol Examples 68
7.3 SNMP Basic Functions 69
7.4 SNMP Read and Write Authorizations 69
7.5 SNMP Commands 70
7.6 SNMP Read (snmpwalk and snmpget) 71
7.6.1 Reading System Information 71
7.6.2 Reading SNMP Object Information 71
7.6.2.1 Readout current Network Device Order 72
7.6.2.2 Readout SSID / WIFI Interface Order 72
7.6.2.3 Readout Network Device to SSID Assignment 73
7.7 SNMP Write (snmpset) 74
7.7.1 Direct command 74
7.7.1.1 Reboot 74
7.7.2 Edit configuration using Object Identifier (OID) 74
7.7.2.1 Set a new IP address 74
7.7.2.2 Set a new SSID 74
7.7.2.3 Set a new Macfilter 75
7.7.3 Edit configuration parameters, create new fields and delete items 75
7.7.3.1 Set new Hostname 76
7.7.3.2 Creating a system configuration description text 76
7.7.3.3 Delete system configuration description text 77
7.8 SNMP Applications 77
7.8.1 SNMP Support for GPS 77
7.8.2 SNMP Support for Second GPS Source 79
7.8.3 SNMP Support for LTE 80
7.8.3.1 LTE SNMP Read Control 80
7.8.3.2 LTE SNMP Write Control 82
8 THE FLYING CONTROLLER MECHANISM 82
9 IPSecVPN / StrongSwan 82
9.1 IPSec Customized Configuration 83
CYBOX LTE 2
iv
9.2 IPSec default configuration 83
9.3 IPSec Secret configuration 84
9.4 IPSec Tunnel / Transport Connection 85
9.5 IPSec Crypto Proposal configuration 86
9.6 IPSec Firewall Custom Rules 87
9.7 IPSec Service Start 88
10 SSH / SERIAL CONSOLE 89
10.1 UCI Configuration 90
10.1.1 UCI configuration files 90
10.1.2 UCI Example 90
10.2 Other commands 91
11 SYSTEM MAINTENANCE 91
11.1 Remote Firmware Upgrade 91
11.1.1 Remote Firmware Upgrade without Config Change 91
11.1.2 Remote Firmware Upgrade with New Config 91
11.2 USB Possibilities 93
11.3 Status LED Blink Codes 94
12 APPENDIX: GPL LICENSE 95
13 APPENDIX: SNMP OID OVERVIEW 105
14 APPENDIX: DEFAULT FACTORY SETTINGS 107
CYBOX LTE 2
v
1 IMPORTANT INFORMATION
1.1 Revision
Internal version: 27f3a9f
Revision Changes Date
1.0 Initial version for this firmware 14.04.2021
1.2 Disclaimer
1.2.1 Copyright
© 2018-2021 ELTEC Elektronik AG. The information, data, and figures in this document including respective
references have been verified and found to be legitimate. In particular in the event of error they may, therefore,
be changed at any time without prior notice. The complete risk inherent in the utilization of this document or in
the results of its utilization shall be with the user; to this end, ELTEC Elektronik AG shall not accept any liability.
Regardless of the applicability of respective copyrights, no portion of this document shall be copied, forwarded
or stored in a data reception system or entered into such systems without the express prior written consent of
ELTEC Elektronik AG, regardless of how such acts are performed and what system is used (electronic, mechanic,
photocopying, recording, etc.). All product and company names are registered trademarks of the respective
companies.
Our General Business, Delivery, Offer, and Payment Terms and Conditions shall otherwise apply.
1.2.2 GPL Statement for CyBox Software
This software product contains software covered by the GNU GPL (see below in this document), it may in addition
contain other parts covered by other licenses (such as LGPL). A list of all modules and their licenses (“FOSS” list)
is available on request (see link below). The source code of all GPL-covered modules can also be requested by
owners of the CyBox LTE 2-W/LTE (see link below).
For the GPL-covered parts this license is valid:
Copyright (c) 2014-2021, ELTEC Elektronik AG
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see
<https://www.gnu.org/licenses/>.
FOSS and sources are not included in the binary distribution in the products and in the product documentation
due to space limitations.
Use this link to request FOSS and sources, please send in your request by mail (handling fees for sources may
apply):
CYBOX LTE 2
1
ELTEC Elektronik AG
Galileo-Galilei-Str. 11
55129 Mainz
Germany
1.2.2.1 Disclaimer of Warrenty
There is no warranty for the program, to the extent permitted by applicable law. except when otherwise stated in
writing the copyright holders and/or other parties provide the program “as is” without warranty of any kind,
either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness
for a particular purpose. The entire risk as to the quality and performance of the program is with you. Should the
program prove defective, you assume the cost of all necessary servicing, repair or correction.
1.2.2.2 Limitation of Liability
In no event unless required by applicable law or agreed to in writhing will any copyright holder, or any other
party who modifies and/or conveys the program as permitted above, be liable to you for damages, including any
general, special, incidental or consequential damages arising out of the use or inability to use the program
(including but not limited to loss of data or data being rendered inaccurate or losses sustained by you or third
parties or a failure of the program to operate with any other programs), even if such holder or other party has
been advised of the possibility of such damages.
You should have received the following text in an “About” box (see Tab “System”) together with the product.
Here it is replicated for reference:
This software product contains software covered by the GNU GPL license.
A list of all modules and their licenses (“FOSS” list) is available on
request, as is the source code of all GPL-covered modules. For details
and GPL text, see the Software Configuration Manual, available on
<https://www.eltec.com>. In case of problems use the
mail (street) address below.
Request FOSS and sources with a mail to:
ELTEC Elektronik AG
Galileo-Galilei-Str. 11
55129 Mainz
Germany
1.2.3 Regulatory Limits for Changes in Country and Transmit Power Settings
Make sure that only persons with proper knowledge also in regulatory matters have access to the access point’s
configuration settings. They must be aware of the consequences of an improper setting of country and transmit
power (there may be additional settings). To do so, the standard configuration password must be changed
before the access point is deployed. This new password must be given to knowledgeable and responsible
persons only.
One example of a regulation affecting country selection is that in Germany, as of October 2016, the frequencies in
the range 5150 MHz - 5350 MHz must be used in closed rooms and similar environments only. For more
information please see www.bundesnetzagentur.de.
1.3 Known Issues
• When operating WLAN in 11ac mode, the transmit data rate is erroneously wrongly reported as 6 Mbit/s.
CYBOX LTE 2
2
2 ABOUT THIS DOCUMENT
This configuration manual is intended for system developers and integrators. It is not intended for end users. It
describes the firmware functions of the access point/router/gateway product family and provides information for
special applications and configurations of the product.
This manual is intended to guide through the configuration process of an Access Point/Router/Gateway (the
names of which are used interchangeably for this manual) for use in a train or bus. We tried to cover the main
aspects of this task, including
• Backup and restore of configurations
• Install new firmware versions
• Handling of IP addresses, DHCP, VLAN, VPN, firewall
• Configuration of WiFi and LTE
• MWAN configuration for multiple WAN connection
• ELTEC’s train coupling, wireless backbone protocol ICCP
• Remote administration via SNMP
• Scripting and UCI.
Not covered is a complete list of all functions and of all configuration elements in detail.
Information about mechanical and electrical installation of the access points is available in a separate
product-specific installation manual which can be downloaded from the Download Center at www.eltec.com.
2.1 Information about Formatting
In the following sections, text formatted like this refers to titles, tabs, boxes, menu names, group names, keys,
and other descriptive text on the web-based configuration user-interface (“LuCI”). They are grouped by “→”.
This markup is used for all navigation elements needed to access settings, independent from the elements used
to click on them or just for visual grouping.
A typewriter font is used for text typed in.
3 ABOUT THE CyBox LTE 2
The CyBox LTE 2 is a member of the CyBox family of robust wireless communication routers. It is particularly
designed to meet the requirements of rolling stock applications. It offers stable, secure, and broadband LTE
connections for train-to ground communication and high-speed internet.
The CyBox LTE 2 hosts up to two LTE interfaces or one Wi-Fi 5 interface combined with an LTE interface to boost
network efficiency and connect to client devices such as mobile phones. Country-specific LTE/Wi-Fi standards
are adopted for worldwide use in every type of train.
The CyBox LTE 2 firmware provides a convenient management interface via a web service. Besides global setup
parameters the open source software allows the configuration of the radio interfaces, such as channel selection,
SSID, encryption keys, and firewall setup. The access point and router configurations as well as the management
firmware can be updated remotely.
The firmware of the device is based upon Linux and OpenWRT/LEDE. For Open Source information see the
preface.
CYBOX LTE 2
3
4 HOW TO ACCESS THE CyBox LTE 2
The CyBox LTE 2 can be configured in several ways:
1. The graphical web interface
2. The command line interface via a SSH or serial connection, see 10 SSH / SERIAL CONSOLE
3. Using an USB stick (to update the firmware or apply a prepared configuration, see 11.2 USB Possibilities )
4. Using SNMP (see 7 SNMP )
4.1 IP Addresses of the CyBox LTE 2
By default, the CyBox LTE 2 is accessible through the following IP addresses (see figure The page Network →
Interfaces (default settings)):
•192.168.100.1 (LAN)
• An address obtained using DHCP (if possible LAN_DHCP)
• An address derived from the serial number (LAN_ALIAS)
• An address derived from the MAC of the first Ethernet port (LAN_MAC)
The LAN_ALIAS address is derived from the serial number (which is printed on the type plate) as follows
(Example Serial Number: EL303289):
1. Strip non-digits: 303289
2. Print as six-digit hex value: 0x04A0B9
3. Use the upper 8 bits for x, the middle for y and the lower for z: x=0x04 y=0xA0 z=0xB9
4. Convert x,y,z to decimal: x=4 y=160 z=185
5. The LAN_ALIAS address is 10.4.160.185
In a similar manner, the LAN_MAC address is derived from the MAC address of the first Ethernet interface, which
is printed on the type plate (example MAC 00:00:5B:04:AE:03):
1. Take the last three bytes: 04:AE:03
2. Use the upper 8 bits for x, the middle for y and the lower for z: x=0x04 y=0xAE z=0x03
3. Convert x,y,z to decimal: x=4 y=174 z=3
4. The LAN_MAC address is 10.4.174.4
You can delete unneeded network interfaces by clicking on the red “Delete” button in the web interface.
CYBOX LTE 2
4
The page Network → Interfaces (default settings)
4.2 Getting to the Web Interface
Before accessing the web interface, your computer must be connected to the Ethernet port LAN 1, and it must
be configured to use the same subnet as the CyBox LTE 2.
The web interface is accessible using HTTPS on the IP addresses listed in 4.1 IP Addresses of the CyBox LTE 2
(default: https://192.168.100.1/ in the subnet 192.168.100.0/24). It uses a self-signed SSL certificate. Your
browser should warn you about that. You can either accept the certificate or fall back to HTTP:
http://192.168.100.1/.
On the login web page, use username root and password root. Of course, you should 5.1 Change Password as
soon as possible.
Once connected, you can navigate through the different tabs to start configuration. A few rules apply:
•To apply and also save your configuration, click on the button Save & Apply on the bottom-right corner
of most pages. Not clicking on this button will discard your modifications.
• Saved configurations will be kept after a reboot.
• If IP addresses are changed, the Access Point must be addressed under the new URL in the browser.
CYBOX LTE 2
5
5 QUICK START GUIDE
This chapter describes the steps to configure standard access point operation. The device must be electrically
connected (see installation manual). Factory default settings are used.
This chapter shows some common use-cases and an exemplary implementation for each.
When the CyBox LTE 2 configuration requires deep changes, e.g. for a new use-case, there is some risk that
previous (maybe meanwhile forgotten) settings get into conflict with the new configuration. Thus it is
recommended to start the configuration from factory default settings. Pressing the hardware reset switch for
more than 5 seconds will restore the factory settings.
The web interface provides the same function: System → Backup / Flash Firmware → Perform reset.
For all below configuration examples, the following initial situation is assumed:
• CyBox LTE 2 is running
• CyBox LTE 2 has been reset to factory defaults, the IP address is 192.168.100.1
• Default Root-User password: ‘root’
• Operator workstation and CyBox LTE 2 are connected via Ethernet
• Workstation browser is logged-in to the CyBox LTE 2 web interface
•Operator is additionally logged in to CyBox LTE 2 via SSH (if available, a serial console terminal would be
preferable).
In the following examples [square brackets] are used to indicate actions not requiring operator interaction
because they happen automatically or have already been done (mentioning them here might be useful for
checking configuration is on the right way).
5.1 Change Password
The password should be changed first to avoid legal consequences as described in the preface. The default
user/password is‘root’/’root’. To change it, go to System → Administration, type new password and click
Save.
Change Password
5.2 Change LAN IP address (Quick Guide)
The factory default IP address 192.168.100.1 must be changed to meet your network topology. Open Network →
Interfaces and click the Edit button of the LAN interface. Modify the IP address (IPv4 address field), or
change the Protocol field to DHCP client, then click on Save & Apply. To regain access to the web
interface, you must type the new IP address in your browser.
CYBOX LTE 2
6
LAN Configuration Example
5.2.1 Disabling IPv6
The custom helper script under System → Custom Commands → Dashboard will modify the network /
firewall configuration to disable all IPv6 network traffic. Normally all network interfaces have an automatic IPv6
address applied. If your environment has no need for IPv6 network traffic, you should use this script in early
configuration steps, to remove every IPv6 address setup form network interfaces and to remove IPv6 firewall
rules. Note that the Run button has to be executed twice. The first time is only for user information. The
configuration modification is permanent.
CYBOX LTE 2
7
Disable network IPv6 support – first run
5.3 Example: Local Access Point
As a first step, a simple access point is configured. The wired Ethernet and the wireless radios form an isolated
local domain where the CyBox LTE 2 provides DHCP services. Finally the example in „LAN IP Address“ shows how
to set a new static IP address. In Network > Interfaces → LAN → Protocol you can configure the DHCP client setup
to obtain an IP address from a DHCP server in your network. The access point and its clients become part of
another local domain where DHCP, DNS, and a gateway are provided, connecting the CyBox LTE 2 and its clients
to higher-level networks.
5.3.1 System Settings
• Select System → System (yes, two System tabs nested).
•In box System Properties select tab General Settings: adjust the entries as needed; button
Sync with browser is useful for cases where no NTP server is available. Tabs Logging and
Language and Style may be ignored for now.
• In the tab Time Synchronization: adjust the entries if needed.
• Click button Save & Apply
5.3.2 Prepare WLAN Radio Interface
CYBOX LTE 2
8
•Select Network → Wireless: this shows the wireless controllers radio0 and radio1 with some software
buttons
• Select tab radio0: Unknown “OpenWrt” or click the Edit button of radio0
• In box Device Configuration:
• Select tab Advanced Settings
• In drop-down menu Country Code, select the country of the current location
• Select tab General Setup
• In drop-down menu Mode, select a mode, usually Nor AC
• In drop-down menu Channel, select a channel (or auto)
• If needed, select an appropriate value in drop-down menu Transmit Power
• In box Interface Configuration:
• [Select tab General Setup]
• Enter an arbitrary ESSID (will be quoted below as “WLssid”)
• [Mode: select Access Point]
• [Field Network: activate checkbox lan]
• [Field Network: clear checkbox create]
• If needed, activate checkbox Hide ESSID
• Select tab Wireless Security
• In drop-down menu Encryption, select as needed
• In drop-down menu Cipher, select auto unless a specific algorithm is required
• Enter encryption Key at least 8 characters
• Click button Save & Apply
• Select Network → Wireless
• For radio0, click button Enable
At this point, the radio interface should become visible to possible WLAN clients and vice versa. Probably clients
need to be prompted to scan for available wireless networks. Then, those clients will become visible in tab
Network, tab WiFi, box Associated Stations.
5.3.3 Connect radio0 to the Network
• Select tab Network tab Interfaces tab LAN
• In box Common Configuration
• Select tab Physical Settings:
•Bridge interfaces: activate checkbox
• [Enable STP: clear checkbox Spanning Tree Protocol on this bridge]
• [Interface : activate checkbox Ethernet Adapter: “eth0”]
•Interface : activate checkbox Wireless Network: Master “<SSID>”
• [Interface : clear checkbox Custom Interface]
CYBOX LTE 2
9
• In box DHCP Server
• Select tab General Setup
• Clear checkbox Disable DHCP for this interface
• If needed, modify more things in tab General Setup and tab Advanced Settings
• Click button Save & Apply
Now the CyBox LTE 2 connects the Ethernet and all WLAN clients in the local domain 192.186.100.0 and provides
a local DHCP service, but there is not yet an uplink to a gateway.
5.3.4 Connecting to WAN
As a goal, the CyBox LTE 2 shall integrate its clients via Ethernet in a higher-level network. DHCP, DNS, and
gateway services are supposed to be available in that net.
• Select tab Network tab Interfaces tab LAN
• In section Common Configuration:
• In drop-down menu Protocol, select DHCP Client
• Click button Switch Protocol
• Click button Save & Apply
This terminates the local domain 192.186.100.0. Now connect the CyBox LTE 2 via Ethernet to the gateway
domain, restart the CyBox LTE 2 (use hardware reset switch) and reconnect the WLAN clients.
5.4 Example: Connecting three VLANs to a server
In this use-case the access point provides 3 VLAN interfaces:
• one for management access via wired Ethernet, using a static IP address
• an unmanaged WLAN access for “clients”, no encryption
• another unmanaged WLAN access for “staff” members, encrypted, optional hidden SSID
The access point is connected via Ethernet to a server (or a host computer, called CCU in the illustration below)
providing DHCP, DNS, and gateway services. Starting from factory defaults, apply system settings as described in
section 7.2.1 (if needed).
CYBOX LTE 2
10
Network Topology with Three VLANs
5.4.1 Create the Management VLAN
Create a new Ethernet interface (eth0.100) and give it the name “vlan100”. Make it a full-valued net host by
assigning a static address and a gateway.
• Select tab Network tab Interfaces
• Click button Add new interface
• Enter Name of new interface: “vlan100”
• [Select Protocol of the new interface: Static address]
• [Clear checkbox “Create a bridge over multiple interfaces”]
• Enter name of Custom Interface: “eth0.100”
• Click button Submit
• [page VLAN100 opens]
• [Tab Network tab Interfaces tab VLAN100 tab General Setup]
• Enter IPv4 address “10.0.1.128”
• Select IPv4 netmask 255.255.255.0
• Enter IPv4 gateway “10.0.1.1”
• Click button Save & Apply
5.4.2 Add two unmanaged VLANs
We create 2 more Ethernet interfaces eth0.101 and eth0.102 with names vlan101 and vlan102, resp.
• Network Interfaces: Add new interface → Name of new interface: “vlan101”
• Protocol of new interface: Unmanaged
• [Clear Create a bridge over multiple interfaces]
• Custom Interface: “eth0.101 “
• Submit
• [page VLAN101 opens]
• Click button Save & Apply
Do the same for “vlan102” and “eth0.102”.
5.4.3 Configure and Enable the radio(s)
You are free which interface to assign to which radio. If both radios are to be used then this section (7.3.3) must
be done for radio1 as well.
• Select tab Network –> tab WiFi –> tab radio0 (or click button Edit for radio0)
• In box Device Configuration:
• Select tab Advanced Settings
• Select Country Code
• Select Mode
CYBOX LTE 2
11
The following 3 lines fix a problem with this LuCI page (The drop-down menu for the country code is not updated
correctly)
• Click button Save & Apply
• Logout / Login
• Select tab Network –> tab WiFi –> tab radio0 (or click button Edit for radio0)
Now we can complete the configuration for radio0:
• In box Device Configuration:
• Select tab Advanced Settings
• Select HT mode
• Select Channel
• Select Transmit Power
• Click button Save & Apply
• Select tab Network –> tab WiFi
• Click button Enable for radio0
5.4.4 Attach the “Clients” VLAN to radio0
• Select tab Network –> tab WiFi –> tab radio0 (or click button Edit for radio0)
• In box Interface Configuration:
• [Select tab General Setup]
• Enter ESSID “Clients”
• Clear checkbox lan
• Activate checkbox vlan101
• Click button Save & Apply
5.4.5 Attach the “Staff” VLAN to radio0
• Select tab Network tab WiFi
• Click button Add for radio0 (if both VLANs shall run on the same radio).
Alternatively, if the “Staff” shall use the other radio and that radio has been configured and enabled (see 7.3.3),
then (instead of Add) select tab Network tab WiFi tab radio1 (or click button Edit for radio1)
• In box Interface Configuration:
• [Select tab General Setup]
• Enter ESSID “Staff”
• [Clear checkbox lan]
• Activate checkbox vlan102
• If needed, set checkbox Hide ESSID
• Select tab Wireless Security
• Select Encryption (e.g. WPA2-PSK)
• Enter Key (at least 8 characters)
CYBOX LTE 2
12
• Click button Save & Apply
5.4.6 Check Configuration
As a check, you may login to the CyBox LTE 2 through SSH and issue the ifconfig command. The following
interfaces should be shown:
br-vlan101 Link encap:Ethernet …
br-vlan102 Link encap:Ethernet …
eth0 Link encap:Ethernet
inet addr:192.168.100.1 Bcast:192.168.100.255 Mask:255.255.255.0
…
eth0.100 Link encap:Ethernet
inet addr:10.0.1.128 Bcast:10.0.1.255 Mask:255.255.255.0
…
eth0.101 Link encap:Ethernet …
eth0.102 Link encap:Ethernet …
lo Link encap:Local Loopback …
wlan0 Link encap:Ethernet …
wlan0-1 Link encap:Ethernet …
Oder alternativ (anstelle von wlan0-1), wenn beide Funkmodule verwendet werden:
wlan1 Link encap:Ethernet …
5.4.7 Disable Unneeded Default Address
After successfully testing the VLAN-based management access (vlan100), the default address 192.168.100.1 may
be disabled. This is easily achieved by deleting the LAN interface:
• Select tab Network tab Interface
• Click button Delete for the LAN interface (usually the lowermost)
• Select tab Network tab Interfaces tab LAN
Alternatively, you may change the protocol of the LAN interface to Unmanaged:
• Select tab Network tab Interface tab LAN
• In box Common Configuration:
• In drop-down menu Protocol select Unmanaged
• Click button Save & Apply
5.5 Example: Client Isolation within the Access Point
By default, all clients of an access point can directly communicate with each other. Depending on the use case,
this might be undesirable.
5.5.1 Isolate the Radio Clients
CYBOX LTE 2
13
• Select tab Network –> tab WiFi –> tab radio0 (or click button Edit for radio0)
• In box Interface configuration
• Select tab Advanced settings
• Activate checkbox Separate clients
• Click button Save & Apply
• Do the same for the other radio
5.5.2 Restrict Access to Local Ports to Specified Interfaces
• Select tab System tab Administration
• In box Dropbear Instance
• Click radio button lan
• [unselect radio button unspecified]
• Click button Save & Apply
This affects the mentioned port only. To protect more ports against WLAN access, use button Add.
Note that all interfaces listed in the lan field are allowed to access the respective socket.
CYBOX LTE 2
14
This manual suits for next models
1
Table of contents
Other ELTEC Network Router manuals
