Phoenix Contact TC ROUTER 3002T-4G User manual
User manual
UM EN TC ROUTER ... 3G/4G
Industrial mobile router with integrated
firewall and VPN
2018-09-07
PHOENIX CONTACT GmbH & Co. KG • Flachsmarktstraße 8 • 32825 Blomberg • Germany
phoenixcontact.com
107025_en_01
Industrial mobile router with integrated firewall and VPN
Designation Software release Order No.
TC ROUTER 3002T-4G 2.04.11 2702528
TC ROUTER 3002T-3G 2.04.11 2702529
TC ROUTER 2002T-4G 2.04.11 2702530
TC ROUTER 2002T-3G 2.04.11 2702531
TC ROUTER 3002T-4G VZW 2.04.11 2702532
TC ROUTER 3002T-4G ATT 2.04.11 2702533
User manual
This user manual is valid for:
UM EN TC ROUTER ... 3G/4G, Revision 01
Table of contents
107025_en_01 PHOENIX CONTACT 3 / 146
Table of contents
1 For your safety ...........................................................................................................................5
1.1 Identification of warning notes ............................................................................... 5
1.2 Qualification of users ............................................................................................. 5
1.3 Field of application of the product.......................................................................... 6
1.4 Safety notes .......................................................................................................... 6
1.5 UL warning notes (only TC ROUTER 3002T-4G VZW and
TC ROUTER 3002T-4G ATT)................................................................................ 7
2 Installation ..................................................................................................................................9
2.1 Product description................................................................................................ 9
2.2 Structure.............................................................................................................. 10
2.3 Mounting and removal ......................................................................................... 12
2.4 Inserting the SIM card.......................................................................................... 13
2.5 Connection .......................................................................................................... 14
2.6 Resetting the router ............................................................................................. 17
3 Configuration via web-based management ..............................................................................19
3.1 Connection requirements .................................................................................... 19
3.2 Starting web-based management (WBM) ........................................................... 19
3.3 Device information (viewing the device status).................................................... 20
3.4 Status .................................................................................................................. 21
3.5 Local network (local network setup) .................................................................... 26
3.6 Wireless network (mobile network settings)......................................................... 29
3.7 Network security (security settings) ..................................................................... 43
3.8 VPN ..................................................................................................................... 52
3.9 I/O........................................................................................................................ 71
3.10 System ................................................................................................................ 82
4 Creating X.509 certificates .......................................................................................................95
4.1 Installation ........................................................................................................... 95
4.2 Creating a new database..................................................................................... 95
4.3 Creating a CA certificate...................................................................................... 96
4.4 Creating templates .............................................................................................. 99
4.5 Creating certificates........................................................................................... 101
4.6 Exporting certificates ......................................................................................... 103
TC ROUTER ... 3G/4G
4 / 146 PHOENIX CONTACT 107025_en_01
5 Technical data .......................................................................................................................105
5.1 Ordering data .................................................................................................... 105
5.2 Technical data ................................................................................................... 106
5.3 Dimensions........................................................................................................ 110
A Technical appendix.................................................................................................................111
A 1 XML elements ................................................................................................... 111
A 2 Structure of the XML configuration file............................................................... 114
A 3 Wireless network ............................................................................................... 117
A 4 CIDR (Classless Inter-Domain Routing) ............................................................ 136
B Appendixes.............................................................................................................................137
B 1 List of figures ..................................................................................................... 137
B 2 Index.................................................................................................................. 141
For your safety
107025_en_01 PHOENIX CONTACT 5 / 146
1Foryoursafety
Read this user manual carefully and keep it for future reference.
1.1 Identification of warning notes
1.2 Qualification of users
The use of products described in this user manual is oriented exclusively to:
– Electrically skilled persons or persons instructed by them. The users must be familiar
with the relevant safety concepts of automation technology as well as applicable stan-
dards and other regulations.
– Qualified application programmers and software engineers. The users must be familiar
with the relevant safety concepts of automation technology as well as applicable stan-
dards and other regulations.
This symbol indicates hazards that could lead to personal injury.
There are three signal words indicating the severity of a potential injury.
DANGER
Indicates a hazard with a high risk level. If this hazardous situation is not
avoided, it will result in death or serious injury.
WARNING
Indicates a hazard with a medium risk level. If this hazardous situation is not
avoided, it could result in death or serious injury.
CAUTION
Indicates a hazard with a low risk level. If this hazardous situation is not avoided,
it could result in minor or moderate injury.
This symbol together with the NOTE signal word warns the reader of actions
that might cause property damage or a malfunction.
Here you will find additional information or detailed sources of information.
TC ROUTER ... 3G/4G
6 / 146 PHOENIX CONTACT 107025_en_01
1.3 Field of application of the product
The devices are industrial mobile routers for 3G and 4G mobile networks.
1.3.1 Intended use
• The devices are designed for use in industrial environments.
• The devices are intended for installation in a control cabinet.
• Operation of the wireless system is only permitted if accessories available from
Phoenix Contact are used. The use of other accessory components could invalidate the
operating license.
1.3.2 Product changes
Modifications to hardware and firmware of the device are not permitted.
Incorrect operation or modifications to the device can endanger your safety or damage the
device. Do not repair the device yourself. If the device is defective, please contact
Phoenix Contact.
1.4 Safety notes
• Installation, operation, and maintenance may only be carried out by qualified electri-
cians. Follow the installation instructions as described.
• When installing and operating the device, the applicable regulations and safety direc-
tives (including national safety directives), as well as the generally recognized codes of
practice, must be observed. The technical data is provided in the packing slip and on
the certificates (conformity assessment, additional approvals where applicable).
• Do not open or modify the device. Do not repair the device yourself; replace it with an
equivalent device instead. Repairs may only be carried out by the manufacturer. The
manufacturer is not liable for damage resulting from non-compliance.
• The IP20 degree of protection (IEC 60529/EN 60529) of the device is intended for use
in a clean and dry environment. Do not subject the device to mechanical and/or thermal
loads that exceed the specified limits.
• The device is designed exclusively for operation with safety extra-low voltage (SELV)
in accordance with IEC 60950/EN 60950/VDE 0805. The device may only be connect-
ed to devices that meet the requirements of EN 60950.
• The device complies with the EMC regulations for industrial areas (EMC class A).
When used in residential areas, the device may cause radio interference.
You can find the approved accessories for this wireless system listed with the product at
phoenixcontact.net/products.
WARNING:
Observe the following safety notes when using the device.
For your safety
107025_en_01 PHOENIX CONTACT 7 / 146
1.5 UL warning notes (only
TC ROUTER 3002T-4G VZW and
TC ROUTER 3002T-4G ATT)
• Use copper wires rated 85°C.
• If the equipment is used in a manner not specified, the protection provided by the equip-
ment may be impaired.
• This device has to be built in an enclosure (control box).
• External circuit from SELV supplied
• SELV - Limited energy according to UL/IEC/EN 61010-1 or NEC class II
• This equipment must be mounted in an enclosure certified for use in Class I, Zone 2 mi-
nimum and rated IP54 minimum in accordance with IEC 60529 when used in Class I,
Zone 2 environment.
• Device shall only be used in an area of not more than pollution degree 2.
Class I, Zone 2, AEx nA IIC T4 / Ex nA IIC T4 Gc
Class I, Division 2, Groups A, B, C and D T4
Input: 10 - 30 V DC, max. 1.7 A
Amb. Temp. Range: -40°C < Tamb < 70°C
IND.CONT.EQ.
FOR.HAZ.LOC.
E366272
Installation
107025_en_01 PHOENIX CONTACT 9 / 146
2 Installation
2.1 Product description
The TC ROUTER... mobile routers enable high-performance high-speed data links via mo-
bile networks. The integrated firewall and VPN (Virtual Private Network) protect your appli-
cation against unauthorized access.
The focus is on EMC, electrical isolation, and surge protection for reliable and secure com-
munication. The data link and quality of the mobile network are also monitored. If required,
the device sends a message or re-establishes the mobile network connection.
Features
– Virtual permanent line to connect networks via mobile network
– Stateful inspection firewall for dynamic filtering
– VPN remote start via SMS or call
– Two switching inputs and one switching output
–XMLinterface
– Alarm sent via SMS or e-mail directly via the integrated switching input
– Configuration via web-based management or microSD card
– Two local Ethernet connections
– Switchable energy-saving mode
– Integrated logbook
– Extended temperature range of -40°C ... +70°C
Table 2-1 Overview product versions
Designation Mobile
communication
Fallback VPN function Area of appli-
cation
TC ROUTER 3002T-4G 4G (LTE) 3G (UMTS/HSPA)
2G (GPRS/EDGE) IPsec and OpenVPN, up
to three VPN tunnels
Europe
TC ROUTER 3002T-3G 3G (UMTS/HSPA) 2G (GPRS/EDGE)
TC ROUTER 2002T-4G 4G (LTE) 3G (UMTS/HSPA)
2G (GPRS/EDGE) -
TC ROUTER 2002T-3G 3G (UMTS/HSPA) 2G (GPRS/EDGE)
TC ROUTER 3002T-4G VZW 4G (LTE) -IPsec and OpenVPN, up
to three VPN tunnels
USA (HazLoc
approval)
TC ROUTER 3002T-4G ATT 3G (UMTS/HSPA)
TC ROUTER ... 3G/4G
10 / 146 PHOENIX CONTACT 107025_en_01
2.2 Structure
2.2.1 4G router
Figure 2-1 4G router
1LAN interface 1
2LAN interface 2
3SMA antenna connection 1, primary antenna
4SMA antenna connection 2, secondary antenna
5COMBICON plug-in screw terminal block
6SIM interface
7Slot for microSD card
8CON LED
9ERR LED
10 US LED
US
ERR
CON
Micro SD
Micro
RESET
SD
LAN 1 LAN 2
ANT 1
ANT 2
SIM
TC ROUTER
24V 0V I1 I2 O1
1
2
3
4
5
7
8
9
10
6
Installation
107025_en_01 PHOENIX CONTACT 11 / 146
2.2.2 3G router
Figure 2-2 3G router
1LAN interface 1
2LAN interface 2
3SMA antenna socket
4COMBICON plug-in screw terminal block
5SIM interface
6Slot for microSD card
7CON LED
8ERR LED
9US LED
2.2.3 Status and diagnostics indicators
In the case of the TC ROUTER 3002T..., the CON LED can be configured via web-based
management. You can therefore monitor the mobile IP connection or the VPN tunnel.
USPower Green
On Supply voltage is present
ERR Error Red
Off Logged into the network
Flashing SIM card not inserted,
SIM error (e.g., PIN or PUK locked)
On Searching for cellular network
CON Connect Yellow
On Connection established
US
ERR
CON
Micro SD
Micro
RESET
SD
LAN 1 LAN 2
ANT
SIM
TC ROUTER
24V 0V I1 I2 O1
1
2
3
4
6
7
8
9
5
TC ROUTER ... 3G/4G
12 / 146 PHOENIX CONTACT 107025_en_01
2.3 Mounting and removal
The device is intended for installation in a control cabinet.
• Snap the device onto a 35 mm DIN rail according to EN 60715.
• Connect the DIN rail to protective earth ground.
Figure 2-3 Mounting on the DIN rail
Removal
• Pull down the locking latch using a screwdriver, needle-nose pliers or similar.
• Pull the bottom edge of the device slightly away from the mounting surface.
• Pull the device away from the DIN rail.
Figure 2-4 Removal
NOTE: Device damage
Only mount and remove devices when the power supply is disconnected!
B
A
B
A
C
D
Installation
107025_en_01 PHOENIX CONTACT 13 / 146
2.4 Inserting the SIM card
You will receive a SIM card from the provider on which all data and services for your con-
nection are stored. The SIM card can be protected with a 4 or 5-digit PIN code. We recom-
mend that you enter the PIN code and the APN settings as described in “SIM” on page 30.
A packet data connection via the mobile network is required for the core functions (VPN
router). Select an appropriate SIM card. You must activate the package data connection be-
fore the operation (see “Packet data setup” on page 36).
• Press the yellow release button with a pointed object.
• Remove the SIM card holder.
• Insert the SIM card so that the SIM chip remains visible.
• Fully insert the SIM card holder together with the SIM card into the device until this ends
flush with the housing.
Figure 2-5 Removing the SIM card holder, inserting the SIM card
NOTE: Electrostatic discharge!
The device contains components that can be damaged or destroyed by electrostatic dis-
charge. When handling the device, observe the necessary safety precautions against
electrostatic discharge (ESD) in accordance with EN 61340-5-1 and IEC 61340-5-1.
The device only supports 1.8 V and 3 V SIM cards. In the event of older SIM cards, please
contact your provider.
ANT 2
ANT 1
TC ROUTER
SIM
D
A
B
ANT 2
ANT 1
TC ROUTER
SIM
D
C
TC ROUTER ... 3G/4G
14 / 146 PHOENIX CONTACT 107025_en_01
2.5 Connection
2.5.1 Antenna
Figure 2-6 Connecting the antenna (4G router)
The 4G routers have two antenna connections. To achieve optimum LTE reception, always
connect two antennas for 4G routers. The 3G routers only have one antenna connection.
We recommend the multiband mobile antenna with mounting bracket for outdoor installa-
tion (TC ANT MOBILE WALL 5M, Order No. 2702273). Please also refer to the documen-
tation for the antenna at phoenixcontact.net/product/2702273.
• Connect one or two suitable antennas to the antenna connection.
• The antenna cable must not be longer than 5 meters in length.
• Check the signal quality in the web-based management software under “Device Infor-
mation, Status, Radio”.
• Fix the antenna in place when reception is good or very good.
• Screw the antenna hand-tight on to the device (1.7 Nm).
You can find the approved accessories for this wireless system listed with the product at
phoenixcontact.net/products.
Micro
SD
LAN 1 LAN 2
RESET
US
ERR
CON
ANT 1
ANT 2
SIM
TC ROUTER
24V 0V I1 I2 O1
ANT 1
Micro
SD
LAN 1 LAN 2
RESET
US
ERR
CON
ANT 1
ANT 2
SIM
TC ROUTER
24V 0V I1 I2 O1
ANT 2
Installation
107025_en_01 PHOENIX CONTACT 15 / 146
2.5.2 Ethernet network
• Only twisted pair cables with an impedance of 100 Ωmay be connected to the RJ45
Ethernet interfaces.
• Only use shielded twisted pair cables and corresponding shielded RJ45 connectors.
• Push the Ethernet cable with the RJ45 connector into the TP interface until the connec-
tor engages with a click. Observe the connector coding.
Figure 2-7 RJ45 interface
2.5.3 Supply voltage
Figure 2-8 Connecting the supply voltage
• Connect the supply voltage to 24 V and 0 V at the plug-in screw terminal block. Ensure
the correct polarity when doing so.
• The device is ready for operation as soon as the US LED lights up.
CAUTION: Electrical voltage
The device is designed exclusively for operation with safety extra-low voltage (SELV) in
accordance with IEC 60950/EN 60950/VDE 0805.
– Provide overcurrent protection (I ≤5 A) in the installation.
1
2
3
4
5
6
7
8
RD+
RD-
TD+
TD-
n.c.
n.c.
n.c.
n.c.
RJ45
Micro
SD
LAN 1 LAN 2
RESET
US
ERR
CON
ANT 1
ANT 2
SIM
TC ROUTER
24V 0VI1 I2 O1
24V 0V I1 I2 O1
TC ROUTER ... 3G/4G
16 / 146 PHOENIX CONTACT 107025_en_01
2.5.4 Switching inputs and switching outputs
Two configurable switching inputs for the following functions:
– Sending an SMS, including to multiple recipients
– Sending an e-mail, including to multiple recipients
– Controlling an output at a remote station via SMS
– Restarting the router
– Starting or stopping a mobile data connection
– Switching the IPsec or OpenVPN connection
– Automatically loading a configuration from a microSD card
– Activating energy-saving mode
One configurable switching output, activated by:
– Activation by the input at a remote station
–SMS
– Web-based management
– Incoming call
– Connection abort
– Status of the mobile network connection
– Status of the mobile data connection
– Status of a VPN connection
Connecting
• You can connect 10 ... 30 V DC to switching inputs I1 and I2.
• Switching output O1 is designed for a maximum of 50 mA at 10 ... 30 V DC.
• The connecting cables for the switching inputs and the switching output must not be
longer than 30 meters in length.
• The 0 V potential of the switching inputs and outputs must be connected to the “0 V” ter-
minal block of the power supply connection.
Figure 2-9 Wiring inputs
24V 0V I1 I2 O1
–
+
Installation
107025_en_01 PHOENIX CONTACT 17 / 146
2.6 Resetting the router
The routers have a reset button on the front to the right of the LEDs. The reset button can
be used to temporarily reset the router's IP address and the passwords to the default set-
tings upon delivery.
• Press and hold down the reset button.
• Disconnect the Ethernet cable from the LAN connection on the router.
• Reconnect the Ethernet cable.
• Press and hold down the reset button for a further five seconds.
The IP address is now reset to its default address (192.168.0.1).
Configuration via web-based management
107025_en_01 PHOENIX CONTACT 19 / 146
3 Configuration via web-based management
3.1 Connection requirements
– The device must be connected to the power supply.
– The computer that is to be used for configuration must be connected to one of the LAN
ports on the router.
– A browser, e.g., Mozilla Firefox, Microsoft Internet Explorer or Apple Safari, must be in-
stalled on the configuration computer.
3.2 Starting web-based management (WBM)
The router is configured via web-based management (WBM).
• Establish an Ethernet connection from the device to a PC.
• If necessary, adjust the IP parameters of your computer.
• Open a browser on the PC.
• Enter the IP address 192.168.0.1 in the address field of your browser.
• The following page opens in the browser.
Figure 3-1 Login window
This page protects the area in web-based management where router settings are modified.
To log into the router, click on “Login”. You need the user name and the password.
– User name: admin
– Password: admin
There are two user levels:
–user: read-only access to the “Device Information” menu item
–admin: full access to all areas
For security reasons, we recommend you change the password during initial configura-
tion (see “User (password change)” on page 85).
TC ROUTER ... 3G/4G
20 / 146 PHOENIX CONTACT 107025_en_01
3.3 Device information (viewing the device status)
You can also access this page with the user login. The page displays information about the
hardware, software, and status of the router.
3.3.1 Hardware
Figure 3-2 Device information, Hardware
Device information, Hardware
Hardware information Address Address of the manufacturer
Internet Website address of the manufacturer
Typ e Order designation of the router
Order No. Order number of the router
Serial number Serial number of the router
Hardware Hardware version of the router
Release version Release version of the router software
Operating system Operating system version
Web-based
management
Web-based management version
MAC address LAN MAC address for unique identification of an Ethernet device in
a computer network
Radio engine Type of radio engine used
Radio firmware Firmware version of the radio engine
IMEI IMEI = International Mobile Station Equipment Identity
15-digit serial number that can be used to clearly identify each
mobile network device
This manual suits for next models
5
Table of contents
