ETIC RAS-E User manual
Machine Access Box RAS DOC_DEV_RAS_User guide_A
RAS-E RAS-EW
RAS-EC RAS-ECW
_________________
_________________
USER GUIDE
CONTENT
Machine Access Box RAS DOC_DEV_RAS_User guide_A Page 3
CONTENT
PRODUCT OVERVIEW.................................................................................................................9
CERTIFICATE OF CONFORMITY .........................................................................................9
PRODUCT IDENTIFICATION ............................................................................................. 10
DATA-SHEET................................................................................................................... 14
PRODUCT OVERVIEW ...................................................................................................... 16
4.1 Main functions of the router RAS........................................................................ 16
4.2 Router RAS organisation ................................................................................... 17
4.3 The M2Me_Connect connection.......................................................................... 18
4.4 Benefits of the M2Me_Connect service ............................................................... 19
USE CASES ..................................................................................................................... 20
5.1 Use case Nr 1 : The machine is connected to the factory network........................ 22
5.2 Use case Nr 2 : The machine belongs to the factory network ............................... 24
5.3 Use case Nr3 : The machine is connected through a cellular network................... 25
5.4 Use case Nr4 : The machine is connected through a Wi-Fi network...................... 26
5.5 Use case Nr 5 : Connecting the machine through the factory & a cellular ntwk..... 27
5.6 Use case Nr 6 : Connecting the machine through the Wi-Fi & a cellular ntwk........ 29
PRODUCT INSTALLATION ........................................................................................................ 31
PRODUCT DESCRIPTION ................................................................................................. 31
1.1 Dimensions........................................................................................................ 31
1.2 Push-buttons ..................................................................................................... 32
1.3 Connectors ........................................................................................................ 32
1.4 RAS-E-100 router RAS ....................................................................................... 34
1.5 RAS-E or RAS-EW (Wi-Fi option)......................................................................... 35
1.6 Cellular router RAS-EC ou RAS-ECW (Wi-Fi option)............................................. 37
CONTENT
Page 4 DOC_DEV_RAS_User guide_A Machine Access Box RAS
… PRODUCT INSTALLATION
MOUNTING THE PRODUCT ON A DIN RAIL....................................................................... 39
COOLING......................................................................................................................... 39
SUPPLY VOLTAGE........................................................................................................... 39
RS232............................................................................................................................. 40
RS485 CONNECTION....................................................................................................... 40
DIGITAL INPUT AND OUTPUT .......................................................................................... 40
CONNECTING THE ROUTER TO THE CELLULAR NETWORK............................................... 41
8.1 Controls before installing the router.................................................................... 41
8.2 Cellular antenna ................................................................................................. 41
8.3 Déport de l’antenne ......................................................... Erreur ! Signet non défini.
8.4 Cellular service subscription............................................................................... 42
8.5 Installing the SIM card........................................................................................ 42
8.6 Controlling the conformance of the connection................................................... 43
PREPARING THE PRODUCT SET-UP ......................................................................................... 45
FIRST SET-UP ................................................................................................................. 45
PROTECTING THE ACCESS TO THE ADMINISTRATION WEB SERVER ............................... 46
SET-UP MODIFICATIONS WITH HTTPS OR THROUGH THE WAN INTERFACE.................... 46
RECOVERING THE FACTORY LAN IP ADDRESS ................................................................ 46
RETOUR À LA CONFIGURATION USINE ............................................................................ 46
SETTING-UP THE ROUTER WITH THE WIZARD.......................................................................... 47
USE CASE 1 SET-UP........................................................................................................ 47
USE CASE NR 2 SET-UP .................................................................................................. 52
USE CASE 3 SET-UP........................................................................................................ 54
USE CASE 4 SET-UP........................................................................................................ 56
USE CASE 5 SET-UP........................................................................................................ 58
USE CASE 6 SET-UP........................................................................................................ 61
CONTENT
Machine Access Box RAS DOC_DEV_RAS_User guide_A Page 5
ADVANCED SET-UP.................................................................................................................. 65
INTERNET ACCESS SET-UP............................................................................................. 66
1.1 Overview............................................................................................................ 66
1.2 Ethernet / WAN interface.................................................................................... 66
1.3 Cellular network interface................................................................................... 68
1.3.1 SIM 1 or SIM 2 set-up ..................................................................................................... 68
1.3.2 Using the SIM cards 1 and 2.......................................................................................... 69
1.3.3 Cellular connection control............................................................................................ 70
1.4 Wi-Fi interface setup.......................................................................................... 71
LAN INTERFACE .............................................................................................................. 72
2.1 Overview............................................................................................................ 72
2.2 Ethernet & IP menu............................................................................................ 73
2.3 Wi-Fi access point set-up................................................................................... 75
2.4 Device list set-up ............................................................................................... 76
2.5 DHCP server menu ............................................................................................. 77
M2ME_CONNECT CONNECTION SET-UP.......................................................................... 78
REMOTE ACCESS CONNECTION ...................................................................................... 79
4.1 Advantages of a remote access connection ........................................................ 79
4.2 Types of remote access connections .................................................................. 81
4.3 HTTPS connection and portal for smartphones, tablets or PCs............................ 82
4.3.1 Overview .......................................................................................................................... 82
4.3.2 Set-up............................................................................................................................... 83
4.3.3 Operation......................................................................................................................... 83
4.4 OpenVPN remote user connection ...................................................................... 84
4.5 OpenVPN connection for smartphones ............................................................... 84
4.6 PPTP connection................................................................................................ 85
4.7 L2TP / IPSec connection .................................................................................... 85
USER LIST....................................................................................................................... 86
ASSIGNING RIGHTS TO REMOTE USERS ......................................................................... 88
IPSEC VPNS SET-UP ....................................................................................................... 89
7.1 Overview............................................................................................................ 89
7.2 IPSec VPN connection set-up............................................................................. 90
CONTENT
Page 6 DOC_DEV_RAS_User guide_A Machine Access Box RAS
… ADVANCED SET-UP
OPENVPN TYPE VPN CONNECTION................................................................................ 95
8.1 Overview............................................................................................................ 95
8.1.1 Set-up principles ............................................................................................................. 97
8.2 OpenVPN server set-up ...................................................................................... 98
8.3 Setting up an outgoing connection ................................................................... 100
8.4 Setting up an ingoing VPN connection.............................................................. 102
IP ROUTING................................................................................................................... 103
9.1 Basic routing function ...................................................................................... 103
9.2 Static routes .................................................................................................... 103
9.3 RIP protocol..................................................................................................... 105
NETWORK ADDRESS TRANSLATION (NAT).................................................................... 106
PORT FORWARDING...................................................................................................... 106
11.1 Overview.......................................................................................................... 106
11.2 Set-up.............................................................................................................. 107
ADVANCED NAT ............................................................................................................ 108
12.1 Overview.......................................................................................................... 108
12.2 Set-up.............................................................................................................. 109
DYNDNS OR NOIP SET-UP............................................................................................. 110
13.1 Overview.......................................................................................................... 110
13.2 Set-up.............................................................................................................. 110
FIREWALL SET-UP ........................................................................................................ 112
14.1 Overview.......................................................................................................... 112
14.2 Main filter ........................................................................................................ 113
14.2.1 Main filter prganisation.............................................................................................. 113
CONTENT
Machine Access Box RAS DOC_DEV_RAS_User guide_A Page 7
…ADVANCED SET-UP
SERIAL TO IP GATEWAY CONFIGURATION..................................................................... 115
15.1 Overview.......................................................................................................... 115
15.2 Modbus gateway.............................................................................................. 117
15.2.1 Glossary....................................................................................................................... 117
15.2.2 Selecting a Modbus client or a Modbus server gateway ........................................ 117
15.2.3 Modbus server gateway............................................................................................. 118
15.2.4 Modbus client gateway .............................................................................................. 119
15.3 RAW TCP gateway............................................................................................ 120
15.3.1 Raw client gateway .................................................................................................... 120
15.3.2 Raw server gateway ................................................................................................... 121
15.4 RAW UDP gateway ........................................................................................... 122
15.4.1 Overview ...................................................................................................................... 122
15.4.2 Set-up .......................................................................................................................... 122
USB GATEWAY.............................................................................................................. 123
16.1 Overview.......................................................................................................... 123
16.2 Set-up.............................................................................................................. 123
ALARM EMAIL OR A SMS.............................................................................................. 124
SNMP TRAPS................................................................................................................ 125
ADDING A CERTIFICATE INTO THE ROUTER................................................................... 125
MAINTENANCE ...................................................................................................................... 127
DIAGNOSTIC MENU....................................................................................................... 127
1.1 Logs................................................................................................................. 127
1.2 Network status................................................................................................. 128
1.3 Serial gateways status ..................................................................................... 129
1.4 « Ping » tool ..................................................................................................... 129
1.5 « Wi-Fi » scanner tool....................................................................................... 129
SAVING OR RESTORING A SET OF PARAMETERS .......................................................... 130
FIRMWARE UPDATE...................................................................................................... 131
Machine Access Box RAS DOC_DEV_RAS_User guide_A Page 9
PRODUCT OVERVIEW
Certificate of conformity
The manufacturer, ETIC Telecom –13 chemin du vieux chêne –38240 Meylan –France, Hereby declares
that the listed products
Type of device: Router RAS family described in the next pages
Conform to the Council Directive 1999/5/EC related to radio and telecommunication terminal equipments.
The harmonized standards to which the equipment complies are :
Standard
Title
EN301489-1
Electromagnetic compatibility and Radio spectrum Matters :
Part 1 : General requirements
EN301489-7
Electromagnetic compatibility and Radio spectrum Matters :
Part 7 : Specific conditions for mobile and portable radio and ancillary
equipment of digital cellular radio
EN61000-6-2
Ed. 2001
Immunity :
EN60100-4-2 Electrostatic Discharge
EN60100-4-3 Radiated Immunity
EN60100-4-4 EFT/Burst Immunity
EN60100-4-5 Surge Immunity
EN60100-4-6 Conducted Immunity
EN61000-6-4
Ed 2001
Emission :
EN55022 radiated and conducted emission
EN60950
Security
EN50385
Human exposure to radio frequency fields exposure
EN301511
Global System for mobile communication
Gilles Bénas
Quality manager
5th January 2015
PRODUCT OVERVIEW
Page 10 DOC_DEV_RAS_User guide_A Machine Access Box RAS
Product identification
Router RAS with Ethernet interfaces
RAS-E-
100
400
220
Ethernet interfaces to Internet
1
1
1
M2Me ready
•
•
•
User list
•
•
•
Remote users firewall
•
•
•
Firewall SPI
•
•
•
VPN IPSEC & OpenVPN
•
•
•
Serial gateway
(Raw TCP et UDP, Telnet, Modbus, Unitelway)
-
-
•
Ethernet 10 / 100 BT (LAN)
1
4
2
RS232
-
-
1
RS485
-
-
1
USB
1
1
1
Digital input (emails –SMS)
1
1
1
HTTPS / HTML /SSH configuration
•
•
•
Advanced IP router functions
NAT, port forwarding, SNMP, DHCP
•
•
•
PRODUCT OVERVIEW
Machine Access Box RAS DOC_DEV_RAS_User guide_A Page 11
Router RAS with Ethernet & Wi-Fi interfaces
RAS-EW-
400
220
Ethernet interfaces to Internet
1
1
Wi-Fi interface (Access point & client)
•
•
M2Me ready
•
•
User list
•
•
Remote users firewall
•
•
Firewall SPI
•
•
VPN IPSEC & OpenVPN
•
•
Serial gateway
(Raw TCP et UDP, Telnet, Modbus, Unitelway)
-
•
Ethernet 10 / 100 BT (LAN)
4
2
RS232
-
1
RS485
-
1
USB
1
1
Digital input (emails –SMS)
1
1
HTTPS / HTML /SSH configuration
•
•
Advanced IP router functions
NAT, port forwarding, SNMP, DHCP
•
•
PRODUCT OVERVIEW
Page 12 DOC_DEV_RAS_User guide_A Machine Access Box RAS
Router RAS with cellular & Ethernet interfaces
RAS-EC-
400
220
Cellular ntwk router LTE 4G - UMTS 3G -GPRS-EDGE
UMTS 3G -GPRS-EDGE : XY = HG
LTE 4G - UMTS 3G -GPRS-EDGE XY =LE
•
•
Ethernet interfaces to Internet
1
1
M2Me ready
•
•
User list
•
•
Remote users firewall
•
•
Firewall SPI
•
•
VPN IPSEC & OpenVPN
•
•
Serial gateway
(Raw TCP et UDP, Telnet, Modbus, Unitelway)
-
•
Ethernet 10 / 100 BT (LAN)
4
2
RS232
-
1
RS485
-
1
USB
1
1
Digital input (emails –SMS)
1
1
HTTPS / HTML /SSH configuration
•
•
Advanced IP router functions
NAT, port forwarding, SNMP, DHCP
•
•
PRODUCT OVERVIEW
Machine Access Box RAS DOC_DEV_RAS_User guide_A Page 13
Router RAS with cellular, Wi-Fi & Ethernet interfaces
RAS-ECW-
400
220
Cellular ntwk router LTE 4G - UMTS 3G -GPRS-EDGE
UMTS 3G -GPRS-EDGE : XY = HG
LTE 4G - UMTS 3G -GPRS-EDGE XY =LE
•
•
Ethernet interfaces to Internet
1
1
Wi-Fi interface (Access point & client)
•
•
M2Me ready
•
•
User list
•
•
Remote users firewall
•
•
Firewall SPI
•
•
VPN IPSEC & OpenVPN
•
•
Serial gateway
(Raw TCP et UDP, Telnet, Modbus, Unitelway)
-
•
Ethernet 10 / 100 BT (LAN)
4
2
RS232
-
1
RS485
-
1
USB
1
1
Digital input (emails –SMS)
1
1
HTTPS / HTML /SSH configuration
•
•
Advanced IP router functions
NAT, port forwarding, SNMP, DHCP
•
•
PRODUCT OVERVIEW
Page 14 DOC_DEV_RAS_User guide_A Machine Access Box RAS
Data-sheet
General characteristics
Dimensions
137 x 48 x 116 mm (h, l, p)
Electrical safety
EN 60950- UL 1950
EMC
ESD : EN61000-4-2 : Discharge 6 KV
RF field : EN61000-4-3 : 10V/m < 2 GHz
Fast transient : EN61000-4-4
Surge voltage : EN61000-4-5 : 4KV line / earth
RoHS
2002/95/CE (RoHS)
Supply voltage
RAS-3G-1220 : 10 to 30 VDC - 125 mA / 24 VDC
RAS-3G-1201 : 10 to 60 VDC - 125 mA / 24 VDC
RAS-3G-1230 : 10 to 60 VDC - 125 mA / 24 VDC
RAS-3G-1400 : 10 to 60 VDC - 210mA / 24 VDC
Operating T°
-20°C / + 60°C Humidity 5 –95 %
Cellular network
Type
4G / 3G+ / GPRS-EDGE
RF connector
SMA female
Models
LE
LS
LA
HG
LTE 4G
Europe
USA
Asia
-
UMTS 3G+
Yes (*1)
Yes (*1)
Yes (*1)
Yes (*2)
GPRS-EDGE
Yes (*3)
Yes (*3)
Yes (*3)
Yes (*3)
(*1) 850 / 900 / 1900 / 2100 MHz
(*2) 850 / 900 / 1700 / 1900 / 2100 MHz
(*3) 850 / 900 / 1800 / 1900 MHz
Wi-Fi
Type
2.4 et 5 GHz
RF connector
R-SMA female
Wi-Fi transmission
802.11 a/b/g/n
PRODUCT OVERVIEW
Machine Access Box RAS DOC_DEV_RAS_User guide_A Page 15
Security
VPN
Client or server IPSEC or TLS/SSL
Encryption AES256 3DES
Certificate X509 or preshared key
25 VPNs maximum of the same type (TLS or IPSec)
Firewall
Stateful packet inspection (50 rules)
Source & destination IP address & port number filter
Logs
Date and time stamped logs
Remote access server (RAS)
User list
25 users
Connection
VPN PPTP / L2TP-IPSec / TLS Open VPN
Login & password
Certificate X509
M2Me (*)
VPN Compliant with the M2Me_Secure VPN client
Compliant with the M2Me_Connect mediation service
Alarms
3 inputs : emails
Asynchronous serial interface
Data rate
1200 to 115200 kb/s parity N / E / O
Gateway
Raw client & server - Modbus master & slave
Multicast - Telnet - Unitelway
USB
1 USB host port
PPP client over the usb interface
IP router
Ethernet
10/100 BT –2 or 4 switched ports
IP router
Remote connections - static routes –RIP V2
IP address
translation
Source IP @ translation (NAT)
Destination IP @ translation (DNAT)
Port translation (Port forwarding)
DNS
Domain name
IP address
assignment
Fixed IP @ or DHCP client or DHCP server
PRODUCT OVERVIEW
Page 16 DOC_DEV_RAS_User guide_A Machine Access Box RAS
Product overview
4.1 Main functions of the router RAS
Remote maintenance of machines using the M2Me_Connect service
The RAS family allows to connect easily and safely a machine to a remote PC, through the M2Me_Connect
Internet cloud service, for operation like remote maintenance.
When the remote PC is connected, the remote user can exchange any kind of data with each device of the
machine network as if his PC was directly connected to the machine network.
Ethernet or serial devices
The machine can consist of one or several devices connected through an Ethernet machine network or
connected through a serial RS232-RS485 interface.
The router RAS can be connected to the Internet through a cellular network, a Wi-Fi network or a factory
network
An Up-to-date IP router for particular situations
When using the Expert mode set-up, the router RAS becomes a powerful IP router-RAS-firewall for industrial
IP networks applications.
PRODUCT OVERVIEW
Machine Access Box RAS DOC_DEV_RAS_User guide_A Page 17
4.2 Router RAS organisation
The router RAS connects to the devices network (called machine) and on the other hand to the Internet
The router RAS provides two IP interfaces : The WAN interface to reach the Internet and the LAN interface to
connect the machine.
WAN interface :
Depending on the model, the router RAS provides the following interfaces to reach the Internet :
WAN interfaces
RAS-E
RAS-EW
RAS-EC
RAS-ECW
Ethernet
Wi-Fi
Cellular
The network connected to the WAN interface is called the WAN network or factory network.
LAN interface :
Depending on the model, the router RAS provides 1 to 4 switched Ethernet ports to connect the devices of
the machine.
That network is called the machine network.
1 serial RS232 and 1 serial RS485 interfaces are provided optionally.
Firewall
The firewall filters data between the WAN interface or any VPN interface on one hand, and the LAN interface
on the other hand.
The firewall filters source and destination IP addresses, but also remote users according to their identity.
PRODUCT OVERVIEW
Page 18 DOC_DEV_RAS_User guide_A Machine Access Box RAS
4.3 The M2Me_Connect connection
Connecting a remote PC to a machine in any situation
M2Me Connect service is an ideal solution when a « machine », made of a set of devices connected to the
same LAN, is located in a private network (such as a Factory network).
Let’s take the example of a « machine » made of a set of connected devices and connected to the Factory
Network via a RAS-E.
Assuming that an expert is willing to remotely have access to the machine for breakdown diagnosis,
technical data acquisition, Web page display, file or program refreshment, M2Me Connect service enables
the remote operator to have access to the machine even if the machine does not have any public IP address.
Operation
When it is powered on or if the digital input is enabled, the router RAS settles a secured VPN connection
onto the M2Me Connect cloud service.
The remote PC is authenticated by the M2Me Cloud service.
Assuming that the router RAS provides two WAN connections (Cellular and Ethernet as an example), it
settles the best connection (Through the Ethernet network if possible) to the M2Me cloud service.
On the other hand, the remote user launches its M2Me secure software and settles a secured VPN
connection to the M2Me Cloud.
The directory offered by M2Me_Secure is helping the user to point the remote machine onto which he wants
to be connected.
The router RAS verifies thenafter that the remote user is allowed to be connected by checking its login &
password and as an option the certificate of the remote PC.
The router RAS grants to the remote user access rights according to its identity.
In order to warrant the level of security requested by industrial application, connection from PC to RAS is
fully encrypted and cannot be recovered even in case of intrusion onto the M2Me Connect cloud service.
PRODUCT OVERVIEW
Machine Access Box RAS DOC_DEV_RAS_User guide_A Page 19
4.4 Benefits of the M2Me_Connect service
Outgoing connection
M2Me connection onto the Internet is powered from the RAS. This non intrusive solution is better admitted
than an ingoing connection from the Internet onto the Machine.
Private & dynamic IP address
The machine connected into a factory network or connected to the Internet via a cellular network does not
have a public IP address. M2Me solution does not require a public IP address to settle a connection onto the
machine.
Access to each device of the machine
M2Me teleport your PC onto the machine network enabling you to have access to each device of the
machine as if you were in front of the machine.
Machine with Ethernet or serial connection
The family of RAS enables you to set up a connection to any type of PLC offering an Ethernet or a serial
connectivity.
Simple configuration of router RAS
Html configuration Server is delivered with a Wizard which gives an intuitive way of configuring the device.
Simple Operation
M2Me Secure software offers e set of directories for the remote machines. One click is enough to be
connected.
Security of customer network (Factory or WAN network)
Router RAS enables the remote operator to have access only to the machine network protecting the factory
network from any intrusion.
Machine & Device Access protection
A remote user can access to the machine if and only if its identification (login & password) has been
preregistered in the RAS router
An extra security option is offered. RAS can also demand the certificate installed in the PC of the remote
user.
The RAS can also give restricted access to the machine network giving access only to certain devices of the
machine and not to all.
Internet & Security
The flow of information passing through the M2Me connection is fully encrypted and requires authentication
to the M2Me server of both the PC of the remote user and the RAS router. A third party cannot consequently
have access to the machine preserving the integrity of the industrial process to be remote maintained.
PRODUCT OVERVIEW
Page 20 DOC_DEV_RAS_User guide_A Machine Access Box RAS
Use cases
There are different ways to connect the router RAS to the Internet and to the machine depending on the
situation which is encountered and also on the router RAS model.
We describe hereafter six typical situations.
This manual suits for next models
3
Table of contents
Other ETIC Network Router manuals
