Nexus Hawk User manual
Nexus Hawk™
User Manual
ANY NETWORK, ANYTIME, ANYWHERE
Revision 1.4.0
Copyright 2009
www.nexusisr.com
Please read the complete User Manual before starting your Nexus Hawk.
Table of Contents
INTRO UCTION 1
WHAT' INCLUDED WITH THE NEXU HAWK? 1
GETTING STARTE 1
CONNECTING TO POWER 1
TAYING CONNECTED 1
WIFI CONNECTION 1
LOGIN 2
ACCE ING THE MANAGEMENT CON OLE 2
SETUP|PCMCIA 2
CELLULAR WAN 2
PREFERRED WIRELE CARD 2
PRO PECTIVE WIRELE CARD 3
ETHERNET ADAPTOR 4
WWAN WATCHDOG 4
SETUP|WIFI (OPTIONAL) 5
AP/CLIENT CONFIG 5
CLIENT 5
MAC FILTERING 6
SETUP|10/100 ETHERNET 6
ETH0 PORT 6
ETH1 (LAN) PORT 7
ETH0 WATCHDOG 7
SETUP|SERIAL 7
GP D 8
GP AGGREGATION 8
DATA CACHING 10
SECURITY|VPN CLIENT 10
IP EC 10
IP EC (CI CO XAUTH) 11
OPENVPN 11
SECURITY|VPN SERVER 12
OPENVPN 12
APPLICATIONS|WAN PORTS 12
PORT FORWARDING 12
DMZ 13
REMOTE ACCE 13
APPLICATIONS|A VANCE ROUTING 14
TATIC ROUTE 14
DEFAULT ROUTE 14
A MINISTRATION|MANAGEMENT 14
PA WORD 14
DDN 14
TATIC DHCP 15
FAILOVER 15
TIME 15
AET LABEL 16
A MINISTRATION| EBUG FILE OWNLOA 16
A MINISTRATION|RESET 16
REBOOT Y TEM 16
RE TORE DEFAULT 16
A MINISTRATION|FIRMWARE UP ATE 16
A MINISTRATION|SAVE/RESTORE SETTINGS 17
AVE CURRENT ETTING 17
RE TORE ETTING 17
IP LOOPBACK 17
ETTING PER I TENCE 17
STATUS 17
WAN CONNECTIVITY 18
PCMCIA LOT 18
WIFI 18
10/100 ETHERNET 18
ERIAL 18
ECURITY 18
HELP 19
TECHNICAL SPECIFICATIONS 20
TROUBLESHOOTING 21
IN EX 23
PRODUCT LIMITED WARRANTY 26
FEDERAL COMMUNICATION COMMI ION 28
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
1 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Introduction
Congratulations on your purchase of a Nexus Hawk™! This literature is intended as a primary reference for normal
configuration and operation of the Nexus Hawk. The information presented within should allow most users to easily
configure the device to their preferences. As with any product from Nexus i R, should you encounter any difficulties,
technical support is standing by to help you.
What's Included with the Nexus Hawk?
• Nexus Hawk
• WiFi Antenna
• Ethernet Crossover Cable
• Power upply
• Quick tart Guide
Getting Started
Connecting to Power
The Nexus Hawk accepts DC power input ranging from 11-48V. Upon power-up, both the green Power-LED and the red
tatus-LED will illuminate. Allow the unit approximately 90 seconds to complete its startup sequence. During
this time, it is performing a Power On elf Test (PO T). When the red tatus-LED begins pulsing, your Nexus Hawk is
fully powered up and ready!
Staying Connected
The Nexus Hawk has four possible paths to the Internet/WAN: 10/100 WAN (Eth0), WiFi Client (connected to a WAN-
connected WiFi Access Point), Cellphone Card 1 ( lot 1), Cellphone Card 2 ( lot 2). Connectivity is prioritized in this
order. If a higher priority connection is established, the data stream will automatically transfer to it. If a connection is
lost, the Nexus Hawk will attempt to transfer WAN functions to the next lowest priority connection (if one exists).
WiFi Connection
The Nexus Hawk's WiFi port is enabled by factory default with WEP security. This allows users to access the Nexus Hawk
without an Ethernet crossover cable and without creating an "open" access point for others to exploit.
The ID includes the last 10 characters of the Hawk's serial number. The WEB pre-shared key is the last 10 characters
of the Hawk's Eth0 MAC address. Note: The MAC address (hence, pre-shared key) is calculated by subtracting "1" from
each character of the Hawk's serial number (e.g. - /N 112233445C, MAC= 001122334B)
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
2 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Login
Accessing the Management Console
Launch a web browser (e.g. - Internet Explorer, Firefox, etc.) and enter the following address: 192.168.1.1 (the factory
default value). The "splash page" will give you the option of either viewing or changing the configuration of your Nexus
Hawk.
You may view configuration without being authenticated.
To change the configuration, authentication is required. Factory defaults for authentication are:
Username: manager
Password: manager
Setup|PCMCIA
Cellular WAN
The Nexus Hawk card slot(s) support only Cellular Data Cards. The Cellular WAN option allows the Nexus Hawk to
provide access to the internet through the services of a major mobile telephone service carrier.
Insert your Nexus Hawk preferred cellular data card into a card slot.
The Nexus Hawk will automatically detect which data carrier your cellular card is on and connect to the network when the
card is inserted, eliminating interaction from you the customer.
Preferred Wireless Cards
Kyocera
• KPC-650
• KPC-680 Generic sled required
Novatel
• EX720 (Express Card)
• 720
• U730
Option
• GT Max (1.8)
• GT Max (3.6)
Pantech
• PX-500
• PC-5750
Sierra
• 555
• 595
• 595U
• 597E
• 875
• 881
Sony
• GC83
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
3 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
• GC89
UBiQUiTi
• R4
Privately Licensed Cellular Network ystem Cards
• 700 MHz – AnyDATA APC-500N
Prospective Wireless Cards
Novatel
• U720, U727 (U B)
Option
• GT Ultra
• GT Ultra Express
Sierra
• 880E, 881E (ExpressCard)
• 880U, 881U (U B)
UTStarCom
• UM159 (U B)
etected: This field will display the manufacturer's model name of the detected card.
Connect: Pressing this button connects the inserted card to the cellular network.
isconnect: You must either power-down, or press this button before removing your cellular data card from the
Nexus Hawk. Failure to do so may cause malfunction.
ialup parameters: The dialup parameters options are used for connecting to
• Auto: Use this option to automatically connect to the cellular network. ( EFAULT)
• Manual: Use this option if your air card needs to specify specific parameters to connect to the cellular
network.
o Username, Password: Check this option if a username and password is required to connect
o Phone Number: Check this option and enter the password required to connect
o APN Identifier: Check this option and enter the APN Identifier required to connect
o Port Speed: Check this option and select the desired port speed when connecting
ata card operation mode: Below are some user definable options for connecting air cards.
• Always connected: electing this option will keep the cell card connected until you press the disconnect
button.
• Connect on demand (when needed as default): electing this option will only connect the cell card
when it becomes the default WAN interface or when the user presses the Connect button.
• Manual connect only: elect this option to only connect the air card when the user presses the Connect
button on this configuration page.
isconnect: Below are some user definable options for disconnecting air cards.
• Never (except manually): elect this option to only disconnect when the disconnect button is pushed or
the Nexus Hawk is turned off.
• When no longer default: electing this option will disconnect the cell card when it is no longer the default
WAN interface.
• When idle for n seconds: elect this option to disconnect the cell card when it is idle for the specified
amount of time. DEFAULT: 300 seconds.
PPP negotiation delay: This option specifies the amount of time the Nexus Hawk will wait before attempting to
initiate PP negotiation over the card’s open radio link. Lower values mean faster connect times, but also a greater
risk of dialup failure depending on the card and environment.
lower data cards (such as old 1xRTT cards) need a higher value so the radio link is fully established before the Hawk
starts trying to negotiate the PPP connection. If this value is too low and the card is not ready for PPP negotiation
frames when the Hawk sends them, the card will drop the radio connection to the network.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
4 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Redial holdoff: Amount of time the Nexus Hawk will wait after a dropped connection to reconnect. DEFAULT: 5.
Can be set as low as 0 for instantaneous redial attempts.
LCP echo interval: This setting is how often the Nexus Hawk will send an LCP echo over the established PPP
connection. DEFAULT: 65535, set to 0 to disable. For more information on LCP click here.
LCP echo failure threshold: This is the number of unreturned LCP echoes that will result in the Hawk dropping the
network connection. DEFAULT: 4
Power-cycle card after x failed attempts in n seconds: Check this option to force the Nexus Hawk to power
cycle the inserted cell card if a threshold of failed connection attempts is met in the specified time frame.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
After pressing the Connect button the Cellular WAN configuration page will briefly refresh and indicate with the available
button selections that a connection has been initiated.
Your selections may be verified by navigating to the Status page on the top navigation bar. Once a connection has been
established, the carrier, signal strength
of signal upon initial connection
, and connection IP address will be displayed on
the status page.
NOTE: ome cellular data cards will report 'No signal strength returned' for the signal strength of the card; this is normal
operation of the card and/or network.
NOTE: For best results power down before removing card.
Ethernet Adaptors
The Nexus Hawk supports the following families of PCMCIA-based Ethernet adaptors. With multiple Ethernet LAN ports,
the Nexus Hawk acts as a Layer-2 switch. (more)
• 3Com 3c589
• 3Com 3c574
• Fujitsu FMV-J18x
• NE2000 compatible
• New Media
• MC 91Cxx
• Xircom 16-bit
• Asix AX88190
WWAN Watchdog
The WWAN Watchdog function is used when the cellular data card is having problems staying connected to the cellular
network.
Enabled: Enables the WWAN Watchdog functionality
Ping host: Host to ping in determining connectivity status
or
Use PPP connection peer: This option pings the closest available host on the cellular PPP link: the opposite end of the
connection. If checked, the Ping host entry will be disregarded.
Packet size: Enter the size of the packet to ping in bytes. EFAULT: 56 bytes
Interval: Enter the number of milliseconds between pings. EFAULT: 1000 milliseconds
Sample size: Enter the number of pings to send before evaluating results. EFAULT: 10 packets
Packet loss exceeds: Enter the packet loss percentage at which the watchdog will trip.
and/or when selecting both packet loss and latency, determines if both or only one criteria will trip the watchdog.
Average latency exceeds: Enter the average latency in milliseconds for the ping set beyond which the watchdog will
trip.
Watchdog action: From the dropdown box specify what the watchdog should do when it trips.
• Redial connection
• Reboot Hawk
Slot 2, Use same settings as Slot 1: This option allows you to have lot 2 use exactly what you specified for lot 1
without having to re-enter it all.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
5 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Setup|WiFi (OPTIONAL)
AP/Client Config
AP
This selection will enable the Nexus Hawk to function as a WiFi Access Point (AP), sharing its connections with others
(Clients) who may connect to it. The Nexus Hawk may serve as either an AP or Client of another AP,
but not both at the
same time
NOTE: When in WiFi AP mode, the Nexus Hawk's WiFi port and LAN (Eth1) port are bridged together at the physical layer
as a single virtual device. This means that all IP information is the same (192.168.1.1, for instance). As a result, all LAN
clients share the same DHCP pool, subnet, and can access each other. Firewalling and port forwarding may be done to
any device on this shared virtual network. This occurs only in WiFi AP mode, and not in WiFi Client mode.
SSI : This is the name of your wireless network. This option has a 32 alphanumeric character limit. For more
information click here
Broadcast SSI : Check this option to broadcast the name of your AP's WiFi network to others. Doing so
makes discovery and attachment to your AP easier. Failing to broadcast it makes your AP somewhat more
secure, by requiring trusted clients (people who will attach to it) to know the ID without being prompted.
Channel: elect the channel on which your AP will operate. Channels 1-11 coincide with 802.11b/g (2.4 GHz)
while channels 36 and up coincide with 802.11a (5.8GHz). Effort should be made to select a channel that is not in
use in the immediate vicinity of the Nexus Hawk in order to minimize interference and maximize the WiFi
efficiency.
Security: This specifies the security mode of the Nexus Hawk's WiFi AP.
• None: electing this option creates an "open" or unsecured AP.
• WEP:
Wireless Equivalent Privacy
is available in two modes; 64-bit (shorter key) and 128-bit (longer
key). electing this option requires you to enter a private key that is known only to you and trusted
others that you want to allow to connect to your AP. For more information click here
• WPA-PSK, WPA2-PSK, WPA/WPA2-PSK: This stands for:
WiFi Protected Access
. electing this
option requires you to enter a pre-shared key to secure the AP connection. The WPA/WPA2-P K option
allows for dual operation of both WPA and WPA2 for connected clients. For more information on WPA
click here For more information on WPA2 click here
Pre-shared key: This is a passphrase that is used by the selected security mode. For WEP-level security, this
must be a hexadecimal value using the digits 0-9 and letters from A-F. For the 64-bit option the value must be 10
characters. For 128-bit option the value must be 26 characters. For WPA/WPA2-level security, the value must be
alphanumeric and a minimum of 8 characters and may be a maximum of 63 characters.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
The AP's IP address is the same one that is specified for the 10/100 Ethernet LAN configuration (Eth1). For
example, if the 10/100 Ethernet LAN IP is set to the factory default of 192.168.1.1, this will also be the IP
address for the WiFi port of the Nexus Hawk. They are considered "bridged".
Client
The Nexus Hawk may connect to an 802.11a/b/g compliant WiFi Access Point (AP). This function may be found by
navigating to the "Setup|WiFi" page. Check the "Client" box to enable the AP Client.
SSI : Enter the known ID of the 802.11 a/b/g network that you wish to connect to. Once this option is
selected and applied, it remains active. The Nexus Hawk will continue to scan for an AP with the entered ID
until it is able to locate it, at which point it will connect. If that AP disappears, the Nexus Hawk will resume its
scanning function in an attempt to connect when one appears. For more information click here
[Scan]: elect this option to view any in-range AP's that are broadcasting their ID's. imply click the hyperlink
to make your selection. To find out more about the AP hardware click on the MAC Address link which will
perform a MAC Address lookup.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
6 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Security: This is defined by the AP, not the Nexus Hawk. elect the type of security set by the AP. NOTE:
ome AP's differentiate between WPA-P K and WPA2-P K. The Nexus Hawk does not. If the AP uses either,
simply select the WPA/WPA2-PSK option.
Pre-shared key: Enter the AP's pre-shared security key. This field is required if security is set to WEP or WPA.
HCP Client: This allows the Nexus Hawk to be automatically configured to function on a network provided by
another AP.
If Enabled the Nexus Hawk will attempt to obtain configuration information from a DHCP enabled AP.
If isabled, the Nexus Hawk will require manual IP assignment (also known as " tatic IP") and the following
console options will come into play:
• IP Address: Enter the manually assigned (static) IP address. For more information click here
• Netmask: elect the desired netmask from the drop down list. For more information click here
• Gateway: Enter the desired gateway. For more information click here
• NS1: Enter the desired primary Domain Name erver's address. For more information click here
• NS2: Enter the IP address for an optional (not required) econdary DN .
Revert to efaults: Pressing this button will set all properties back to factory defaults.
ettings may be verified by navigating to the Status page on the top navigation bar. The wireless client status
section will show a connection status, the ID of the connected network, and a signal strength indicator.
MAC Filtering
The Nexus Hawk supports MAC Filtering of wireless devices. MAC Filtering allows specified wireless devices to connect by
allowing or denying each specified MAC addresses.
Enabled: Enables MAC Filtering functionality.
Allow: This option allows
only
the specified MAC addresses entered to connect to the Hawk
eny: This option denies the specified MAC addresses access from connecting to the Hawk
MAC: Enter the desired MAC addresses. For more information on MAC click here
elete: Deletes the specified address
Apply Changes: aves the changes that were made.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Setup|10/100 Ethernet
Eth0 Port
The Nexus Hawk has two Ethernet ports. The port that is closest to the DC power jack is ETH0. This port may be
configured to be used as a WAN port or LAN port.
WAN Port: Connection is by a standard RJ-45 Ethernet patch cable.
HCP Client: This allows the Nexus Hawk to attempt to obtain configuration information from a DHCP enabled
WAN device. For more information click here
• Enabled: The Nexus Hawk automatically obtains configuration parameters from a DHCP server on the
WAN.
• isabled: The Nexus Hawk will allow the Console Operator to manually configure networking
parameters as follows:
IP Address: Enter the assigned (static) IP address. For more information click here
Netmask: elect the desired netmask from the drop down list. For more information click here
Gateway: Enter the IP address of the desired gateway. For more information click here
NS1: Enter the IP address of the desired Primary Domain Name erver (DN ). For more information click here
NS2: Enter the IP address for an optional (not required) econdary DN .
Apply Changes: aves the changes that were made.
LAN Port: Direct-connection to a computer will require a Category-5 (minimally) Ethernet crossover cable.
When the Eth0 port is setup as a LAN port it becomes a member of the LAN bridge and will have the same
settings as the Eth1 port. Example: If you have the DHCP erver on the Eth1 port disabled any clients connected
to the Eth0 LAN port will have to have a static IP assigned.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
7 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
ettings may be verified by navigating to the Status page on the top navigation bar. A well configured Eth0 status will
display as "Connected" with a properly formatted IP address.
Eth1 (LAN) Port
The Nexus Hawk has two Ethernet ports. The port that is closest to the <RE ET> button is ETH1 -- and is exclusively
reserved to allow local network (LAN) connection to the Nexus Hawk (such as used by a locally connected computer).
Direct-connection to a computer will require a Category-5 (minimally) Ethernet crossover cable (a RED crossover cable is
supplied with your purchase and is included in the packaging). For more information click here.
Warning, if you are using this port to configure the Nexus Hawk: Changes here can cause you to lose connectivity to the
Nexus Hawk. Proceed with caution. If at any time, you lose connection and are unable to recover, you may regain
control by resetting the Nexus Hawk to factory defaults.
IP Address: The default address is 192.168.1.1 It may be manually changed here. Note: Changing this
address, while connecting through this port will cause loss of connectivity. To regain connectivity, perform
a DHCP IP renewal on your client. From your computer's command prompt:
Windows2000/XP:
ipconfig /release <enter>
ipconfig /renew <enter>
Linux:
ifconfig /release <enter>
ifconfig /renew <enter>
Netmask: elect the desired netmask from the drop down list. For more information click here
HCP Server: For more information click here
• Enabled: The Nexus Hawk will provide dynamic configuration parameters to LAN devices.
• isabled: The Nexus Hawk will not provide dynamic configuration parameters to LAN devices. This will
require that all LAN devices be manually configured, individually.
Apply Changes: aves the changes that were made.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
You may verify that the Nexus Hawk has been properly configured by navigating to the Status page on the top
navigation bar. A well configured Eth1 status will display as "Connected" with a properly formatted IP address.
Eth0 Watchdog
The Eth0 Watchdog function is used when the cellular data card is having problems staying connected to the cellular
network.
• Enabled: Enables the WWAN Watchdog functionality
• Ping host: Host to ping in determining connectivity status
• or
• Use gateay: This option pings the defined gateway. If checked, the Ping host entry will be disregarded.
• Packet size: Enter the size of the packet to ping in bytes. EFAULT: 56 bytes
• Interval: Enter the number of milliseconds between pings. EFAULT: 1000 milliseconds
• Sample size: Enter the number of pings to send before evaluating results. EFAULT: 10 packets
• Packet loss exceeds: Enter the packet loss percentage at which the watchdog will trip.
• and/or when selecting both pachet loss and latency, determines if both or only one criteria will trip the
watchdog.
• Average latency exceeds: Enter the average latency in milliseconds for the ping set beyond which the
watchdog will trip.
• Consecutive passing sets to require before re-activating: pecify the number of sets to pass before re-
activating the WAN connectin.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Setup|Serial
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
8 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
GPSd
NOTE: The erial Port supports only Global Positioning ystem (GP ) functionality in this firmware revision.
GP d can be configured using two different types of GP hardware:
• erial - The GP must be both serial (R -232c) and capable of providing NMEA-0183, Rockwell or Garmin Binary
data streams (all of which are converted into NMEA-0183 on the selected port). The Nexus Hawk's firmware will
auto-detect the communication settings (baud rate, parity, etc.) of the connected GP .
• Internal GP (OPTIONAL). To use the internal GP just enable GP d and setup the GP aggregation page to
send data out.
Only three wires are needed for data connectivity, TXData, RXData and Ground. The diagram below shows the cabling
from the perspective of a plug that is attached to the GP .
Enable GPSd: Enables the described function. For more information on GP d click here
TCP Port: This is the TCP port that will interface with the GP . Most simply, one may use TELNET to attach to
the port and manage the GP (including the receipt of NMEA sentences, once the GP is commanded to send
data). By default, this is 192.168.1.1:2947 though it may also be accessible remotely by DN if a dynamic DN
service has been subscribed to. For more information on TCP click here
Apply Changes: Updates are applied only when this button is pressed.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Upon pressing Apply Changes, the Nexus Hawk will immediately open the designated port to/from the GP . ome
GP 's may appear to sit idle until a user sends a command to activate their data stream. The most often used code is
simply "r", at which point the port will present raw NMEA strings. For more information on how to use GP d-presented
data for mapping and navigation applications, visit http://www.penguin-soft.com/penguin/man/1/gpsd.html .
Note: With only this selected, the GP data stream is available only to LAN and WiFi connected clients. You may present
the GP data stream to the WAN port by additionally selecting the Access to GP Port option.
GPS Aggregation
The GP Aggregation page enables the Nexus Hawk to send GP data updates to an aggregator. Updates may be sent at
timed intervals or continuously and GP data will be cached for later delivery in the event of a disconnect. upports APR
standard or raw NMEA data streams. GPSd must be enabled for aggregation to be available.
Enable GPS Aggregation: Enables the GP to connect to the aggregator specified.
New: Press the new button to create a new feed. Note: Any uncommitted changes to the feed you are currently
editing will be lost.
Copy: Press the copy button to create a new feed with the settings of the current feed. Note: Any uncommitted
changes to the feed you are currently editing will be lost.
elete: Press the delete button to delete the curernt feed.
Feed: elect the feed you wish to enable or edit.
Enabled: Enabled the feed selected.
Name: Enter a descriptive name for the feed.
Host: Enter the host IP address of the aggregator
Port: Enter the port number to connect to on the host
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
9 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Protocol: elect which protocol the current feed will be sending
TCP: elect this option to send the data via TCP. For more information on TCP click here
U P: elect this option to send the data via UDP. For more information on UDP click here
Format: elect which format the current feed will be sending
NMEA: elect this option if you wish to output NMEA format.
TAIP: elect this option if you wish to output TAIP format.
TAIP Checksum: Check this option is you wish to send the TAIP checksum (only available if TAIP is selected)
Filter Sentences: Check which sentences you want to send out.
• GPRMC - Recommend minimum specific GP data (NMEA Only)
• GPGGA - Global positioning system fix data (NMEA Only)
• GPG A - GP DOP and active satellites (NMEA Only)
• GPG V - GP satellites in view (NMEA Only)
• RPV - Position and velocity (TAIP only)
Timed: elect the Timed option to send data at the interval specified between 2-86399.
Enable reduced-rate reporting when stationary: Check this option to reduce reporting rate if the vehicle is
below the specified speed.
• seconds between stationary updates (0 for no updates): Enter the number of seconds between
updates when the vehicle is stationary.
• mph or below should be considered stationary: Enter the miles per hour at which you deem the
vehicle stationary. If the speed from the GP data is at or below this speed data will not be sent.
• Force an immediate update when unit becomes stationary: elect this option to have the Nexus
Hawk send an update when the unit becomes stationary.
Enable corner-pinning: Check this option to turn on corner-pinning. Corner pinning will send a position report
if the vehicle makes a turn that is greater than the specified degree.
• degree change or more in bearing forces update: enter the angle degree at which you want the
Nexus Hawk to send out a position report. e.g. 15. If the vehicle turns more than 15 degrees a position
report will be sent out.
Enable alternate reporting rate when GPS fix is invalid: Check this option to reduce the number of reports
sent out if the GP has an invalid satellite fix.
• seconds between invalid updates (0 for no updates): Enter the number of seconds between
updates when the GP has an invalid satellite fix. If set to 0 no reports will be sent out.
Always send an update on startup, even if it is stationary and/or invalid: Check this option if you want
the Nexus Hawk to send out a position report upon startup of the device even if the vehicle is stationary and/or
the GP satellite fix is invalid.
Bind sockets/datagrams to LAN IP address: Forces outgoing GP Beacon data to originate from the Nexus
Hawk's LAN IP address. hould only be selected if the GP Beacon destination is on the other end of a standard
IPsec tunnel (not Cisco Xauth).
Cache GPS data when aggregator is unavailable: Check this option to enable the caching of GP data when
the aggregator is unavailable.
• seconds between TCP cache-dump retries: Enter the number of seconds for the Nexus Hawk to wait
before attempting to dump the cache again.
APRS: ends out APR data. APR is a trademark of APR Engineering, LLC, Bob Bruninga President.
• Callsign/I : Enter the callsign/ID to represent the GP . The callsign/ID must contain at least one
number.
• Server Validation Code: ome GP data target hosts require that a special code be sent to "validate"
the authenticity of the GP source. Without it, the host may ignore the data stream. The Hawk's
implementation of this feature abides by the "APR Internet tream" protocol.
• Icon: elect the icon to represent the GP
• Overlay: Eleven of the icons support overlay. GP OD - Digi; GP OG - HF Gateway; GP A0 - Circle;
GP NV - Car; GP AA - Box; GP DV - Aircraft; GP DW - WX station - Green; GP N - Triangle; GP -
hip/Boat; GP U - Truck; GP V - Van.
Raw (default): end out raw NMEA data
• Header: Enter the custom header to send in front of the NMEA strings
• Vehicle I (TAIP): Enter the vehicle ID; this must be four alphanumeric characters
• Force APRS-style authentication: Check this option to send a valid APR -style authentication string
to the specified aggregator.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
10 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Example for creating two feeds; one for NMEA, one for TAIP:
The first feed we are going to set up is the NMEA feed. Enable the feed. Enter the Host IP and port number in the
appropriate fields. elect the protocal type and enter the header settings. Apply changes.
To create the second feed press the <New> button. Enable the new feed and rename it 'TAIP Feed' for this example.
Enter the Host IP and port number in the appropriate fields. elect the protocal type required by the host. elect the
TAIP option. Enter a four digit alphanumeric ID in the Vehicle ID field. Apply changes.
You now have two data feed setup; one an NMEA feed and the other a TAIP feed.
ata Caching
The Nexus Hawk will cache GP data upon loss of a path to the target host (either an aggregator or a single host) but the
cache is not used as long as there
is
an active path in effect. Upon restoration of the path the cache will be sent to the
target host. Data caching applies to both TCP and UDP protocol.
Security|VPN Client
IPsec
IPsec is a protocol allowing VPN connectivity from a client to a central location, providing secure access to a private LAN
over a WAN. The Nexus Hawk supports IPsec client functionality and will route traffic from connected client devices over
the VPN as well, thus replacing the need for many IPsec clients with one. For more information on IP ec click here
Enabled: Enables IPsec client connectivity
Server IP/Hostname: Enter the hostname/ IP address of the IPsec server or concentrator
Server subnet: Enter the server subnet
Phase 1: The first phase of authentication and handshaking to establish an IPsec session.
H Group: Diffie-Hellman key group. Options are Group 2 or Group 5
Encryption: Encryption algorithm to be used for Phase 1 handshaking.
3DE : Triple Data Encryption tandard. For more information click here
AE -128: Advanced Encryption tandard 128-bit. For more information click here
Authentication: Authentication hash to be used for Phase 1 handshaking.
MD5: Message-Digest algorithm 5. For more information click here
HA1: ecure Hash Algorithm. For more information click here
Phase 2: The second phase of authentication and handshaking to establish an IPsec session.
Encryption: Encryption algorithm to be used for Phase 2 handshaking.
3DE : Triple Data Encryption tandard. For more information click here
AE -128: Advanced Encryption tandard 128-bit. For more information click here
Authentication: Encryption algorithm to be used for Phase 2 handshaking.
MD5: Message-Digest algorithm 5. For more information click here
HA1: ecure Hash Algorithm. For more information click here
Authentication Type: elect the type of authentication that you want to use for IPsec
X.509 Certificates: elect this option to use the X.509 encryption type. For more information click here
Pre-shared Key: elect this option to use a pre-shared key for authentication
Pre-Shared Key: Enter the pre-shared key defined by your network administrator
CA Certificate: Certificate of the Certificate Authority used to sign the other certificates in use. Enter the CA
certificate here. Please ensure that the certificate is copy-pasted correctly.
Public Server Certificate: Enter the certificate assigned to the IPsec server here. Please ensure that the
certificate is copy-pasted correctly.
Public Client Certificate: Enter the certificate assigned to the IPsec client here. Please ensure that the
certificate is copy-pasted correctly.
Private Client Key: Enter the client key here.
Private key passphrase: Enter the private key passphrase here.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
11 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
IPsec (Cisco Xauth)
The Nexus Hawk supports IPsec login to Cisco VPN concentrators with group and username credentials.
Enabled: Enables the IPsec (Cisco Xauth) functionality.
Server IP/Hostname: Enter the server IP or hostname on which the Cisco VPN concentrator resides.
IPsec Group I : Enter the IPsec group id
IPsec Group Secret: Enter the IPsec group secret
Xauth Username: Enter the Xauth username required by the Cisco VPN concentrator
Xauth Password: Enter the Xauth password required by the Cisco VPN concentrator
P Interval: Time between dead peer detection messages sent from the VPN client to the concentrator.
There is a known incompatibility between this feature and Cisco PIX devices. Nexus recommends disabling this
option when connecting to a PIX. EFAULT: 300, ISABLE : 0. For more information on DPD click here
NAT-T Mode: Mode in which the Nexus Hawk's VPN client will traverse NAT firewalls.
• Auto: The Nexus Hawk will auto-detect NAT-T mode
• None: Use no NAT-T
• Force NAT-T ( EFAULT): highly recommended for Cisco PIX re-key compatibility
• Cisco U P: Uses Cisco proprietary UDP encapsulation
Cisco U P Port: Local port for Cusco UDP encapsulation. Only relevant if Cisco UDP is selected for NAT-T
mode. EFAULT: 10000
Maximum Session Length: Maximum amount of time the Nexus Hawk will allow a VPN session to continue
before terminating it and redialing. Especially useful when re-key problems with the concentrator are
encountered. EFAULT: 0
Redial pause: Amount of time the Nexus Hawk will wait between VPN connection attempts to the concentrator.
EFAULT: 10
Cycle PHY link when tunnel: For more information on PHY click here.
• Connects: Check this option to cycle the PHY link when the tunnel connects.
• isconnects: Check this option to cycle the PHY link when the tunnel disconnects.
Hold PHY link down for: pecify the number of seconds (from 1-300) that you want to hold the PHY link down
for. EFAULT: 5
On these LAN interfaces: elect which interfaces you want to cycle/hold the PHY link for. Wifi AP, Eth1, Eth0
(if in LAN mode).
Revert to efaults: Pressing this button will set all properties back to factory defaults.
OpenVPN
For advanced users, the Nexus Hawk supports functioning as an OpenVPN endpoint. For more information on OpenVPN
click here. For a how-to guide in setting up a VPN server click here
Enabled: Enables OpenVPN client functionality.
Interface Type:
• tap: imulates an Ethernet device and operates with Layer 2 packets. Used to create a Network bridge.
• tun: A network tunnel that simulates a network latyer device and operates with Layer 3 packets. Used
with Routing. For more information on tun click here
• For more on tap and tun information click here
Bridge to: This option allows you to bridge the OpenVPN connection to your Eth1 connected client. elect Eth1
from the drop box to bridge the connection.
Server IP/Hostname: Enter the server IP address or hostname
Port: Enter the port number of the VPN tunnel
Protocol: elect which protocol you wish to use.
• TCP: elect this option to use TCP. This option transfers packets and checks the packets for errors. For
more information click here
• U P: elect this option to use UDP. This option is an alternative protocol to TCP, it is faster than TCP
because it does not use packets, it also does not provide error checking. For more information click here
TUN MTU: Enter the maximum packet size that the VPN is capable of transmitting. For more information click
here
TUN MTU Extra:
TCP MSS:
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
12 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Public Server Certificate: Enter the public server certificate here. Please ensure that the certificate is copy-
pasted correctly.
Public Client Certificate: Enter the public client certificate here. Please ensure that the certificate is copy-
pasted correctly.
Private Client Key: Enter the client key here.
Apply Changes: No updates are applied unless this button is pressed. Once pressed, the screen changes are
saved.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
You can verify the connectivity status of the OpenVPN tunnel by navigating to the Status page and checking the
connectivity status for " ecurity|OpenVPN Client Tunnel." If the status is indicated as "Connected" and shows a properly
formatted IP address, the Nexus Hawk is acting as an OpenVPN client to the remote network.
Security|VPN Server
OpenVPN
For advanced users, the Nexus Hawk supports functioning as an OpenVPN server. For a how-to guide in setting up a VPN
server click here.
Enabled: Enables OpenVPN server functionality.
Interface Type: tap: imulates an Ethernet device and operates with Layer 2 packets. Used to create a
Network bridge.
Port: Enter the port number of the VPN tunnel. EFAULT: 1194
Protocol: elect which protocol you wish to use.
• TCP: elect this option to use TCP. This option transfers packets and checks the packets for errors. For
more information click here
• U P: elect this option to use UDP. This option is an alternative protocol to TCP, it is faster than TCP
because it does not use packets, it also does not provide error checking. For more information click here
Keepalive: Enter the number of seconds that you want the server to send a keep alive string. EFAULT: 10
seconds
Timeout: Enter the number of seconds that the server will continue to attempt to maintain a session with an
unresponsive client. EFAULT: 120 seconds
Address Range: Enter the address range that the sever will assign to incoming client connections. NOTE: This
range should not overlap onto the DCHP address range if enabled ( etup | 10/100 Ethernet).
Public CA Certificate: Enter the public ca certificate here. Please ensure that the certificate is copy-pasted
correctly.
Public Server Certificate: Enter the public server certificate here. Please ensure that the certificate is copy-
pasted correctly.
Private Server Key: Enter the server key here.
iffie-Hellman Key Parameters: Enter the Difie-Hellman key parameters here.
Apply Changes: No updates are applied unless this button is pressed. Once pressed, the screen changes are
saved.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Applications|WAN Ports
Port Forwarding
The Nexus Hawk supports forwarding of specific port ranges from the WAN to a client on the LAN.
Enabled: Enables the specified port
From: Enter the port number that you want to begin forwarding
To: Enter the port number that you want to end forwarding
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
13 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
TCP/U P: Transmission Control Protocol/User Datagram Protocol Options
• Both: elect this option to use both TCP and UDP protocol
• TCP: elect this option to use TCP. This option transfers packets and checks the packets for errors. For
more information click here
• U P: elect this option to use UDP. This option is an alternative protocol to TCP, it is faster than TCP
because it does not use packets, it also does not provide error checking. For more information click here
Internal Host: Enter the LAN client IP address of the host
elete: Deletes the specified port
Apply Changes: Changes are applied only after pressing this button.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
To input a single port, simply enter it as both the From and To port. If both the port forwarding and DMZ options are
enabled, port forwarding will take priority, with the remaining ports allocated to the DMZ IP address.
Do not enter overlapping port ranges for different IP addresses, as this configuration does not translate to a logical port
forwarding structure. Please note that some cellular carriers will firewall the connections to their networks. As such, a
public WAN IP address does not guarantee universal accessibility from the internet.
MZ
The Nexus Hawk supports a LAN client which can be placed in the DMZ (de-militarized zone) to allow access from the
connected WAN.
Enabled: Enables the DMZ host option.
IP address: Enter the address of the client on the LAN which will accept the WAN connection.
Apply to: elect which option to apply the DMZ to.
• All WAN Interfaces: electing this option will apply the DMZ to all interfaces.
• elected WAN Interfaces only:
Apply Changes: Updates are applied only upon pressing this button.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Apply to: All WAN interfaces: elect this option to apply the DMZ to all WAN interafces.
Apply to: Selected WAN interfaces only: elect this option to apply to DMZ to the selected WAN interfaces.
If port forwarding and DMZ values conflict, port forwarding will always be given priority. The DMZ host will receive only
the ports not allocated in the forwarding table. Caution: Forwarding all traffic to a specific host may cause the
undesired effect of losing Internet-based connectivity to the Management Console. This is because all data
will be forwarded to the host specified. The Management Console will still be accessible to devices
attached to the LAN (Eth1) and WiFi AP.
The LAN client will now be accessible from any connected WAN interface. Please note that some cellular carriers firewall
the connections to their networks, and a public WAN IP address does not guarantee universal accessibility from the
internet.
Remote Access
Allow certain LAN services to be accessible to WAN users, here. NOTE: This connection will be available if the target
network allows outside connections. Target network cannot be firewalled.
Access to the Management Console
HTTP Enabled: The Management Console is now available by WAN (i.e. - Internet) connected users on port
:80. If using a cellular data card, it is presented on that card's IP address. If using DynDN .org's services, it is
presented on the URL's port :80 (i.e. - http://MyHawk.dyndns.org:80 ).
Port: The port that the data will be presented on. Default is 80
HTTPS Enabled: The Management Console is now available by WAN (i.e. - Internet) connected users under a
secure certificate on the port specified.
Port: The port that the data will be presented on. Default is 443
Access to GPS port
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
14 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Enabled: Present GP access to WAN (i.e. - Internet) users. Note: Control of the GP is governed by the
framework provided by the GP d daemon. Local clients still have the ability to access the GP information. For
more information, click here
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Applications|Advanced Routing
Static Routes
tatic routes allow the Nexus Hawk to always use a specified gateway to access a certain host or network. For more
information click here.
Show Current Routes: Press this button to show the currently defined routes
Enabled: Check this box to enable a static route
Name: Enter the name of the static route
estination: Enter the desired destination IP Address of the static route
Netmask: Enter the desired netmask. For more information click here
Gateway: Enter the desired gateway.
efault for Interface: Check this option to use the default gateway rather than one manually specified.
Interface: elect the desired interface or use Best Available and the Nexus Hawk will choose the best available
interface.
elete: Check this box to delete the selected route
Apply Changes: Press this button to apply the changes
Cancel Changes: Press this button to cancel changes made
Revert to efaults: Pressing this button will set all properties back to factory defaults.
efault Route
The default route option allows you to order the path of your default route. If there is a WAN connection that you don't
want made available for your default route move it to the Local Only section.
Administration|Management
Password
The Nexus Hawk uses the defaults of Login=manager, Password=manager. It does not follow the Admin/Admin standard
used by other manufacturers specifically to make unintended access more difficult. These values may be changed here.
Login name: Displays the current login name. If you wish to change the login name enter the new name.
Current password: Enter the current configuration password.
New password: Enter the new password
Re-enter new password: Enter the new password again for verification purposes
Password-protect status page: Normally, the tatus page is viewable by anyone who attaches to your Nexus
Hawk. Check this option if you wish to restrict that page, requiring login authentication before being able to view
its contents.
Apply Changes: Updates are applied only after pressing this button.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
NOTE : Once saved, you will be required to login with the new login information.
NS
The Nexus Hawk supports a dynamic DN update with dyndns.org. If you have a dyndns.org account, this function may
be useful for finding the Nexus Hawk from the internet when it is connected to a WAN interface. Contact your Network
Administrator for system-specific settings. For more information click here
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
15 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Username: Enter your dyndns.org account username.
Password: Enter your dyndns.org account password; must be at least five characters
Hostname: Enter the hostname associated with your dyndns.org user account. Currently, only hostnames
provided by dyndns.org are supported. NOTE: Hostnames are controlled by the dyndns policy. For more
information click here
Apply Changes: No updates are applied unless this button is pressed. Once pressed, the screen changes are
saved.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Once saved, the Nexus Hawk will attempt to update the specified dyndns.org entry whenever it initiates a new connection
to a WAN interface. NOTE: Only dynamic hosting by DynDN .org is supported at this time.
Under the configuration section of this page the Nexus Hawk will display the ten most recent status on the DDN
registration stating success, failure, or no action.
Static HCP
The Nexus Hawk supports static DHCP leases and allows configuration of the router to provide the same IP address to a
specific client via DHCP upon every connection. For more information on DHCP click here
MAC: Enter the media access control address of the client device. For more information click here
Hostname: Enter the hostname of the client device. Using DN masquerading, this device may be referenced by
other LAN-connected clients by its assigned Hostname rather than it's assigned IP address. For more information
click here
LAN IP: Enter the IP address which will be provided to the client device by DHCP. For more information click
here
elete: Check this option to delete the specified entry(s)
Apply Changes: Updates are applied only when this button is pressed.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Example: Use this option to assure that the same IP address is always served to a device with a particular MAC address.
Failover
WAN Load Balancing via ECMP - It is possible to activate more than one WAN link at the same time, providing multiple
simultaneous, independent pathways. It is up to the Nexus Hawk's administrator to manage them to meet their intended
goal(s).
The administrator is presented with a chart that displays all available WAN pathways. When multiple pathways are
prioritized at the same level, they will become active simultaneously and a "round robin" use-strategy will be applied,
effectively balancing the LAN users' link-load across them.
In general terms, the first LAN request for WAN access will be fielded by the first WAN interface. The next LAN request
will be fielded by the next WAN interface. If there are only two similarly prioritized WAN interfaces, the third LAN request
will be fielded by the first WAN interface again, and so on. This effectively "balances" the link-assignment between the
two that are available.
Consider this to be a machine-controlled or automated variation of the Nexus Hawk's "static routing" feature. For more
information on the ECMP load balancing strategy, go here.
An additional benefit to employing load balancing is that there are now multiple IP addresses that face the WAN, any one
of which may be linked-to by outsiders to access LAN resources.
Time
The Network Time Protocol (NTP) interface page allows you to update the Nexus Hawk's internal clock.
Enable NTP Client: Enables the NTP service on the Nexus Hawk
NTP Host: Enter the name of the NTP host
Nexus Hawk™ User Manual This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
16 This is a printer-ready version of the in-line help files. Hyperlinks are disabled.
Time Zone: elect the time zone in which to display the time in the status header. UTC is the default.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Asset Label
Enter up to 16 alphanumeric characters as an "Asset Label". This text will appear under the Nexus Hawk logo in the
upper left-hand corner of all Management Console screens. This field is used for no other purpose and is provided to
assist human administrators to more easily identify Nexus Hawk assets.
Asset Label: Enter the label used to define the Nexus Hawk.
Apply Changes: Updates are applied only when this button is pressed.
Revert to efaults: Pressing this button will set all properties back to factory defaults.
Administration| ebug File ownload
The Nexus Hawk allows the user to download a debug file to provide to technical support in the event of a system
malfunction. This will allow Nexus i R engineers to inspect the status of your problem and more quickly determine its
cause.
Press the " ownload" button to save the "debug.bin" file. imply e-mail it to the email address provided by your
administrator, along with as much detail about the issue as possible.
Administration|Reset
Reboot System
This is the equivalent to pressing the <Reset> button on the back panel of your Nexus Hawk. You will be presented with
a warning. Press the "Reboot" button to reboot the Nexus Hawk. Note: This operation will take up to 2 minutes to
complete.
Note: The system will be unavailable while rebooting!
Restore efaults
elect this option to restore your Nexus Hawk to Factory Default settings without the need to reboot. The changes will
take effect immediately, without delay.
Note: If you have changed your Eth1 IP address from the default you will lose connectivity through that port upon
restoring defaults. To regain connectivity, perform a DHCP IP renewal on your client. From your computer's command
prompt:
Windows2000/XP:
ipconfig /release <enter>
ipconfig /renew <enter>
Linux:
ifconfig /release <enter>
ifconfig /renew <enter>
WARNING: All settings will be reset to factory defaults, all custom settings will be lost.
Administration|Firmware Update
The Nexus Hawk allows the user to update to the latest firmware version. The current firmware version is displayed at
the top right corner of the Management Console.
Other manuals for Hawk
2
