Etic Telecom RAS Series User manual
DOC_DEV_Router setup guide_A
RAS / IPL / SIG
_________________
SETUP GUIDE
_________________
TABLE OF CONTENTS
DOC_DEV_Router setup guide_A page 3
OVERVIEW.....................................................................................................................................5
1Purpose of this manual .................................................................................................................................... 5
2Main functions of these Routeurs.................................................................................................................... 5
PREPARING THE SETUP..............................................................................................................9
1Connecting a PC for configuration .................................................................................................................. 9
1.1 Overview................................................................................................................................................. 9
1.2 First configuration ............................................................................................................................... 10
1.3 Changing the configuration later ........................................................................................................ 10
2Access to the administration server through the WAN interface ................................................................ 11
3Working with HTTPS....................................................................................................................................... 11
4Temporary return to the factory settings ...................................................................................................... 12
5Restoring the factory settings........................................................................................................................ 12
6Protecting the access to the administration server...................................................................................... 13
7Configuration steps ........................................................................................................................................ 13
SETUP..........................................................................................................................................15
1Ethernet / WAN interface setup ..................................................................................................................... 15
2ADSL interface setup ...................................................................................................................................... 17
3Cellular interface setup................................................................................................................................... 19
3.1 SIM 1 or SIM 2 set-up .......................................................................................................................... 19
3.2 Using the SIM cards 1 and 2................................................................................................................ 20
3.3 Cellular connection control ................................................................................................................. 21
4Wi-Fi / WAN interface setup ........................................................................................................................... 22
5LAN interface setup ........................................................................................................................................ 23
5.1 Overview............................................................................................................................................... 23
5.2 Ethernet & IP menu............................................................................................................................. 24
5.3 Wi-Fi access point set-up .................................................................................................................... 25
5.4 Device list set-up.................................................................................................................................. 26
5.5 DHCP server menu .............................................................................................................................. 27
6IPSec VPNs setup ........................................................................................................................................... 28
6.1 Overview............................................................................................................................................... 28
6.2 IPSec VPN connection set-up............................................................................................................. 29
7OpenVPN type VPN connection..................................................................................................................... 33
7.1 Overview............................................................................................................................................... 33
7.2 Set-up principles .................................................................................................................................. 34
7.3 OpenVPN server set-up ....................................................................................................................... 35
7.4 Setting up an outgoing connection .................................................................................................... 37
7.5 Setting up an ingoing VPN connection............................................................................................... 38
8IP routing ......................................................................................................................................................... 39
8.1 Basic routing function ......................................................................................................................... 39
8.2 Static routes......................................................................................................................................... 39
8.3 RIP protocol ......................................................................................................................................... 40
9Substitution of addresses (NAT, Port forwarding, Advance NAT)............................................................... 41
9.1 Network address translation (NAT).................................................................................................... 41
TABLE OF CONTENTS
Page 4 DOC_DEV_Router setup guide_A
9.2 Port forwarding.................................................................................................................................... 41
9.3 Advanced NAT ..................................................................................................................................... 42
10 Publish the IP address of the router on the Internet ................................................................................. 44
10.1 Overview ........................................................................................................................................... 44
10.2 Set-up................................................................................................................................................ 44
11 Remote access connection ........................................................................................................................ 45
11.1 Advantages of a remote access connection ................................................................................. 45
11.2 Types of remote access connections ............................................................................................ 46
11.3 OpenVPN remote user connection ................................................................................................. 47
11.4 OpenVPN connection for smartphones ......................................................................................... 47
11.5 PPTP connection ............................................................................................................................. 48
11.6 L2TP / IPSec connection................................................................................................................. 48
12 HTTPS connection and portal for smartphone, tablets or PCs................................................................ 49
12.1 Overview ........................................................................................................................................... 49
12.2 Set-up................................................................................................................................................ 50
12.3 Operation.......................................................................................................................................... 50
13 M2Me_Connect connection setup ............................................................................................................. 51
14 Users list ...................................................................................................................................................... 52
15 Assigning rights to remote users ............................................................................................................... 54
16 Firewall setup .............................................................................................................................................. 55
16.1 Overview ........................................................................................................................................... 55
16.2 Main filter ......................................................................................................................................... 56
17 Adding a certificate..................................................................................................................................... 58
18 Alarm email or SMS .................................................................................................................................... 59
19 Serial to Ip gateways................................................................................................................................... 60
19.1 Overview ........................................................................................................................................... 60
19.2 Modbus gateway.............................................................................................................................. 61
19.3 Raw TCP gateway............................................................................................................................ 66
19.4 Raw UDP gateway............................................................................................................................ 68
19.5 Raw multicast gateway ................................................................................................................... 69
19.6 Unitelway gateway........................................................................................................................... 70
19.7 Telnet gateway................................................................................................................................. 71
19.8 USB gateway .................................................................................................................................... 72
DIAGNOSTICS AND MAINTENANCE ........................................................................................73
1Visual diagnostic............................................................................................................................................. 73
2« Ping » tool ..................................................................................................................................................... 73
3« WiFi » scanner tool....................................................................................................................................... 73
4Firmware update ............................................................................................................................................. 73
OVERVIEW
DOC_DEV_Router setup guide_A page 5
OVERVIEW
1Purpose of this manual
This manual describes how to set-up the RAS, IPL and SIG families of IP routers manufactured by ETIC
TELECOM.
This manual applies in particular to the models listed below :
Machine Access Box with Ethernet RAS-E
Machine Access Box with Cellular RAS-EC, RAS-C
Machine Access Box with Wi-Fi RAS-EW
Machine Access Box with Cellular and Wi-Fi RAS-ECW
Router with Ethernet IPL-E
Router with ADSL IPL-A
Router with Cellular IPL-C
Router with Wi-Fi IPL-EW
Router with ADSL and Cellular IPL-DAC
Router with Ethernet and Cellular IPL-DEC
VPN Server with Ethernet SIG-E
VPN Server with Cellular SIG-EC
VPN Server with ADSL SIG-A
In this document, the name "Router" refers to both RAS, IPL and SIG products.
2Main functions of these Routeurs
IP router
The router provides powerful, flexible and comprehensive solutions to route IP packets from one network to
other networks:
Static routes, to reach nested networks,
Network address translation d‘adresse (NAT, DNAT, port forwarding),
Routing protocol (RIP),
Domain name management DNS et DynDNS.
IPSec & OpenVPN tunnels
The Router features IPSec and OpenVPN tunnels to provide a high level of security and also compatibility with
existing devices.
The VPN connection guarantees a high level of performance and security
Transparency: The VPN interconnects the two networks so that any machine in one network can
communicate with a machine on the other network.
Authentication: The router that establishes the VPN is authenticated by the one that accepts it and any
other connection is rejected.
Confidentiality: Data traffic via the VPN is encrypted.
IPSec will be chosen when the Router needs to establish a VPN with an already installed IPSec VPN server.
OVERVIEW
Page 6 DOC_DEV_Router setup guide_A
OpenVPN will be preferred when VPN traffic is routed through intermediate routers to take advantage of the
flexibility of this technique.
Remote access server for PCs, tablets and smartphones
The Router can also behave like a remote access server.
If he is registered in the user list, a remote user can access to particular devices of a machine network
depending on his identity.
The new HTTPS portal make possible to access easily and safely to HMIs or PLCS web servers using a tablet,
a PC or a smartphone.
Remote maintenance of machines using the M2Me_Connect service
The Router allows to connect easily and safely a machine to a remote PC, through the M2Me_Connect Internet
cloud service, for operation like remote maintenance.
When the remote PC is connected, the remote user can exchange any kind of data with each device of the
machine network as if his PC was directly connected to the machine network.
Firewall
The firewall protects against the sophisticated attacks coming from the Internet.
It is also able to filter IP frames between the WAN interface or any VPN interface on one hand, and the LAN
interface on the other hand.
VRRP redundancy
VRRP makes possible to use two Routers shaping a redundant solution.
Automatic backup of an ADSL link over the cellular network
The IPL-DAC provides an ADSL interface and a cellular interface. It is designed for critical industrial remote
SCADA systems.
In normal situation the data are transmitted via the main interface (usually the ADSL one).
In case of a failure the data are transmitted via the backup interface (usually the cellular one).
Automatic backup of a private VPN network over the cellular network
The IPL-DEC provides a WAN Ethernet interface and a cellular interface. It is designed for critical industrial
remote SCADA systems.
In normal situation the data are transmitted via the main interface (usually the WAN Ethernet).
In case of a failure the data are transmitted via the backup interface (usually the cellular one).
Wi-Fi interface (optional)
The Router can be equipped with a Wi-Fi 2.4 and 5GHz interface able to behave like a client or an access point.
SNMP
The Router is an SNMP agent; it complies with the MIB2 standard and transmits an SNMP trap when
configurable events occur.
DNS server
DNS makes it possible to assign Internet names to devices or organizations independently of their public IP
address.
The Router behaves like a DNS server for the devices connected to the LAN.
DHCP server
On the LAN interface, the Router can behave like a DHCP server.
OVERVIEW
DOC_DEV_Router setup guide_A page 7
Configuration
The Router is configured using an HTML browser (HTTP or HTTPS).
EticFinder
The ETICFinder software can easily detect all ETIC branded products connected to an Ethernet network to
display their MAC address and their IP address.
Serial gateway
Optionally, the Router provides 1 or 2 serial RS232, RS485, RS422 interfaces.
The serial gateway features the following modes :
Raw TCP client or server
Raw UDP
Telnet
Modbus master or slave
Unitelway
PREPARING THE SETUP
DOC_DEV_Router setup guide_A page 9
PREPARING THE SETUP
1Connecting a PC for configuration
1.1 Overview
The Router is configured using a PC with a web browser. No additional software is required.
Online help:
For most pages of the administration server an help page is available by clicking ?located at the top right of
the page.
Administration server address:
When the product is delivered, the IP address of the administration web server is 192.168.0.128.
First setup:
For the first configuration, we advise to connect the PC directly to the LAN interface of the Router.
Subsequent changes can be made remotely.
Restoring the factory IP address:
The factory IP address 192.168.0.128 can be restored (see the User guide of the product).
Restricted access to the administration server:
If you do not have access to the administration server, it is probably that access has been restricted for security
reasons or for other reasons.
Network IP address:
Later in the text, we often speak of “network IP address”. We mean the lowest value of the addresses of the
network.
For instance, if the netmask of a network is 255.255.255.0, the network IP address of that network is
terminated by a zero (X.Y.Z.0.).
Characters allowed:
Accented characters are not supported.
PREPARING THE SETUP
Page 10 DOC_DEV_Router setup guide_A
1.2 First configuration
Step 1: Create or modify the PC TCP/IP connection
Assign to the PC an IP address different but consistent with the factory IP address of the Router.
For the first configuration, assign for instance 192.168.0.1 to the PC.
Step 2: Connect the PC to the Router
Connect the PC directly to the Router with any Ethernet cable (straight or cross-wired);
Step 3: Launch the web browser
Launch the web browser and then enter the IP address of the Router: 192.168.0.128
The Home page of the administration server is displayed.
Note: Access to the administration server is not protected when configuring the Router for the first time.
1.3 Changing the configuration later
Thereafter, the Router administration server is accessible from the local Ethernet interface or remotely through
a remote connection at the IP address assigned to the product.
By default, the access to the administration web server is not allowed through the WAN interface.
PREPARING THE SETUP
DOC_DEV_Router setup guide_A page 11
2Access to the administration server through the WAN interface
To allow the access to the administration server through the WAN interface:
•In the menu, choose Setup > Security > Administration rights.
•Enter the username and the password.
•Select the protocol to use for configuration HTTPS only or HTTP and HTTPS.
•Tick the Enable access from the WAN(s) checkbox.
The administration server is accessible with HTTPS through the WAN or the LAN interface.
3Working with HTTPS
Once HTTPS has been selected, proceed as follows:
The port 4433 is assigned to administration server.
•Open the web browser and enter the IP address of the Router administration server:
Example: https://192.168.38.191:4433.
•Click Next when a warning message is displayed
•Enter the user name and password that have been set to protect access to the administration server.
The home page of the administration server is displayed.
PREPARING THE SETUP
Page 12 DOC_DEV_Router setup guide_A
4Temporary return to the factory settings
If the IP address of the Router could not be founded, or if it is impossible to access the administration server,
for example, following a configuration error, it is possible to restore the factory settings without losing the
current configuration.
•Press the push-button located on the back, for example with a small screwdriver
•Keep the push-button pressed for about 3 seconds;
•The LED blinks red rapidly
•The administration server becomes accessible at the factory IP address (192.168.0.128), in HTTP without
a password. The factory configuration is temporarily running. However, the current configuration is not
lost and it is the one that is still displayed in the pages of the Administration Server.
•After reading the IP address or changing some parameters, press again the push button or reboot the
product.
•The product can be reached at the registered IP address.
Note:
If the IP address of the Router is unknown, the software tool EticFinder can be used.
This software detects all ETIC branded products on a local network. After starting the software, click on the
"Search" button, and when the product list is displayed, double-click on the product address to access the html
server.
5Restoring the factory settings
It is possible to restore the factory configuration permanently using the push button on the rear panel, or by
using the administration server. In this case, the current configuration will be lost unless it has been saved to
a file.
To restore the factory settings using the push button,
•Power off the Router,
•Press the push-button located on the back, for example with a small screwdriver,
•Power on the Router, while keeping the push-button pressed at least 10 s.
The LED turns red; the Router boots and the factory configuration is restored.
Note: The factory configuration can also be restored via the menu Maintenance > Configurations
management of the administration server.
PREPARING THE SETUP
DOC_DEV_Router setup guide_A page 13
6Protecting the access to the administration server
•In the menu, choose Setup > Security > Administration rights
•Enter a user name and password to protect the administration server.
•Tick the Password protect the web site access checkbox
If the username and password to access the administration server are lost, you have to temporarily return to
the factory settings; access to the administration server is then free.
7Configuration steps
To configure the product, we advise to proceed as follows:
•Set up the LAN interface
•Set up the WAN interface
•Set up the routing functions
•Set up VPNs
•Set up the remote access
•Set up the firewall
•Set up the serial gateways
SETUP
DOC_DEV_Router setup guide_A page 15
SETUP
1Ethernet / WAN interface setup
This section applies to the below routers:
IPL-E, IPL-EW, IPL-DEC, SIG-E, RAS-E, RAS-EC, RAS-EW, RAS-ECW.
Il s’applique aussi aux routeurs IPL-A ou IPL-C lorsque l’on souhaite utiliser l’interface RJ5 N°1 comme
interface WAN au lieu de l’interface ADSL (IPL-A) ou l’interface cellulaire (IPL-C).
•Select the Set-up > WAN menu
« WAN type » list :
Select the “Ethernet” value.
Ethernet WAN port configuration
« Speed / Duplex» parameter :
Select 10 or 100 Mb/s & full or half duplex.
IP set-up of the Ethernet WAN port
« Connection type » list :
The Ethernet value is the default value.
It has to be selected when another router connected to the Ethernet/WAN interface of the ETIC Router is in
charge of routing the IP frames to the internet
The PPPOE value must be selected only in a particular situation :
When it is selected, the Router sets a PPP connection over Ethernet towards a service provider for instance.
It is useful when a modem, not supporting PPOE, is connected to the Ethernet WAN port of the Router.
Do not select PPOE except in the situation described above.
SETUP
Page 16 DOC_DEV_Router setup guide_A
Choice
Ethernet
PPPoE
“Priority” parameter
That parameter defines the priority of the path when more than one path is
selected (Cellular & Ethernet WAN, for instance).
The Router will use as a priority the path to which the highest value is
assigned; the other path will be used as a backup path.
⚫
⚫
« PPP login» et « PPP password » parameters
Enter the login and password of the PPP connection
⚫
« Obtain an IP address automatically » checkbox:
Leave that checkbox selected if the IP address on the WAN interface is
assigned by a DHCP server.
Otherwise unselect that checkbox and enter the IP address, the netwmask
and the default gateway address assigned to the Router on the WAN
interface.
⚫
« Obtain the DNS server IP address automatically » checkbox:
Leave that checkbox selected if the DNS servers IP address are assigned by a
DHCP server.
Otherwise unselect that checkbox and enter the IP addresses of the DNS
servers.
⚫
⚫
« Enable address translation NAT» checkbox :
If that option is selected, the source IP address of any IP frame coming from
a device connected to the LAN interface and routed to the WAN interface, is
replaced by the Router WAN IP address.
Remark : Select that checkbox if a device of the LAN interface needs to set a
connection with a device connected to the Internet (FTP server …)
⚫
⚫
« Proxy-Arp » checkbox :
Leave that checkbox unselected
⚫
⚫
Ping control
The Router is able to send periodically a PING message over the Ethernet WAN interface towards a particular
machine.
If the PING receives a response, the Ethernet WAN interface is declared active with the declared priority.
If the PING message does not receive a response, the Ethernet WAN interface is disabled.
« Enable PING control” checkbox :
Select the checkbox to enable the PING control function.
“IP address” parameter
Enter the IP address of the machine to which the PING message has to be transmitted.
“PING interval” parameter
Enter the period of the PING message.
“PING retries” parameter
Enter the number of PING messages failures before disabling the Ethernet WAN interface.
SETUP
DOC_DEV_Router setup guide_A page 17
2ADSL interface setup
This section applies to the below routers:
IPL-A, IPL-DAC, SIG-A
•Select the Set-up > WAN menu
« WAN type » list :
Select the “ADSL” value.
ADSL modem configuration
”Modulation” parameter :
The default value is multi; the modem will adapt to the modulation of the FAI modem.
Otherwise, ask your provider the modulation which as to be used.
“VPI” parameter :
Range is 0 - 255
Leave the default value (8)
“Virtual Channel Identifier” parameters :
Range is 0 - 65535.
Leave the default value (35)
“Multiplexing” parameters :
Value LLC or VC
Leave the default value (LLC)
“Encapsulation” parameter :
PPPoE : PPP over Ethernet
PPPoA : PPP over ATM
EoA : Ethernet over ATM, RFC1483/RFC2684 Bridged
IPoA : Routed IP over ATM, RFC1483 Routed
A set of IP parameters is associated with each of these encapsulation solutions (see the next paragraph).
SETUP
Page 18 DOC_DEV_Router setup guide_A
IP configuration of the ADSL line depending on the
PPPoE
PPPoA
EoA
IPoA
“Priority” parameter
Enter a medium value
⚫
⚫
⚫
⚫
« PPP login» & «PPP pasword»:
Enter the ADSL account values
⚫
⚫
«PPPoE service name » parameter :
It is thename of the service provided by the operator
It is usually not necessary to enter that paramater
⚫
“Obtain an IP address automatically” checkbox :
Leave that option selected if the provider is supposed to assign an IP
address to the router through the line each time it connects to the
Internet (default).
Otherwise, unselect that option and enter the IP address assigned to
the ADSL interface and the IP address of the remote router.
⚫
⚫
⚫
⚫
“Primary DNS IP address” & “secondary DNS IP address”
parameters :
Leave that option selected if the provider is supposed to provides
that addresses automatically through the line (default).
Otherwise, unselect that option and enter the IP of the primary and
secondary DNS server.
⚫
⚫
⚫
⚫
« Enable address translation NAT» checkbox :
If that option is selected, the source IP address of any IP frame
coming from a device connected to the LAN interface and routed to
the ADSL interface, is replaced by the router WAN IP address.
Remark : Select that checkbox if a device of the LAN interface needs
to set a connection with a device connected to the Internet (FTP
server …)
⚫
⚫
⚫
⚫
Case à cocher « Activer le Proxy-Arp »:
That function gives a direct access to the remote router for the
devices of the LAN interface.
Leave that checkbox unselected
⚫
⚫
⚫
⚫
The information entered in this page have to be provided by the Internet provider.
SETUP
DOC_DEV_Router setup guide_A page 19
3Cellular interface setup
This section applies to the below routers:
IPL-C, IPL-DAC, SIG-C, RAS-C, RAS-EC, RAS-ECW
For some models, two SIM cards can be inserted in the router to allow the use of two different cellular
networks.
The network corresponding o the SIM card Nr1 is the main network, while the other one is the backup
network.
•To set-up the cellular network interface, select Set-up > WAN interface
« Connection type » list :
Select the « cellular” choice.
“Priority” parameter
That parameter defines the priority of the path when more than one path is selected (Cellular & Ethernet
WAN, for instance).
The router will use first the interface having received the highest priority; the other interface will be used as a
backup path.
“SIM card” parameter
It is possible to select the SIM card Nr1, or the SIM card Nr2 or both.
SIM card parameter
Value
SIM1
The SIM 1 is selected (default value)
SIM2
The SIM 2 is selected (default value)
SIM 1, backup to SIM2
The SIM 1 is used first ; the SIM 2 is used as backup
3.1 SIM 1 or SIM 2 set-up
Setting-up the SIM card 1 or the SIM card 2 is identical. We describe hereafter the SIM 1 set-up.
SIM 1 : Modem set-up
« Modem initialisation string » parameter :
Leave that field empty.
« APN » parameter :
Enter the label of the gateway (APN) to the Internet - or to other services - provided by the mobile service
provider.
« PIN code » parameter :
Enter the SIM card pin code.
As long as the PIN code has not been correctly entered, the OPERATION led indicator flashes (red colour).
SETUP
Page 20 DOC_DEV_Router setup guide_A
« Cellular network » parameter :
The Router is supposed to connect to the best cellular relay available.
However, in particular situations, it may be useful to force the Router to use a particular service.
That parameter gives the choice to select either the LTE 4G service, or the UMTS 3G service or the GPRS-
EDGE service.
The default value is “AUTO”; in that case, the Router selects the best available connection.
Cellular IP interface set-up
«Login» & « Password» parameters :
Enter the login and password of the subscription.
Remark : That parameters are generally not required.
« Obtain an IP address automatically » checkbox :
The IP address of the cellular interface of the Router is usually assigned by the service provider over the air.
Otherwise, enter the IP address assigned to the cellular interface of the router.
« Obtain the DNS server IP address automatically » checkbox:
Leave that checkbox selected if the DNS servers IP address are assigned by a DHCP server.
Otherwise unselect that checkbox and enter the IP addresses of the DNS servers.
« NAT» checkbox :
If that option is selected, the source IP address of any IP frame coming from a device connected to the LAN
interface and routed to the WAN interface, is replaced by the router WAN IP address.
Remark : Select that checkbox if a device of the LAN interface needs to set a connection with a device
connected to the Internet (FTP server …).
3.2 Using the SIM cards 1 and 2
Each SIM card can be associated to two different mobiles data services.
In the subsequent text, the cellular service associated to the SIM card 1 is referred to as Network 1 and the
cellular service associated to the SIM card 2 as the Network 2.
The network 1 is first service tested at power-up.
If the Network 1 remains in failure during the period of time T1, the Router switches to the network 2.
If the Network 2 is functioning properly, the Router uses that cellular network at least during the period of
time T3.
On expiry of that period, the Router switches back to the network 1 and checks if it is available. If it is not the
Router goes on using the Network 2.
At any time, if the network 2 does not work correctly during the period of time T2, the Router switches to
Network 1.
The periods of time T1, T2 and T3 can be selected.
We advise not to select too small values of the T1, T2 and T3 parameters. :
Other manuals for RAS Series
1
This manual suits for next models
16
Table of contents
Popular Network Router manuals by other brands
COUNCIL ROCK
COUNCIL ROCK TELiG quick start guide
Compatible Systems
Compatible Systems RISC Router 2800i installation guide
HIRED-HAND
HIRED-HAND HH.Net 6407-5110 instructions
Gigaset
Gigaset SX763 manual
Riverstone Networks
Riverstone Networks RS 1000 Getting started guide
H3C
H3C SR8800 IM-FW-II Configuration guide
