IndustrialPro® 6000 Routers RAM® 6000 Series Cellular RTUs RAM® 9000 Cellular RTUs Software User Guide Version 3.17/4.17 www.redlion.
Chapter 1 1.1 1.2 Connect PC to Red Lion Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Setup PC IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.3 Accessing the Web User Interface . . . . . . . . . . . . . . . . . . . . . . 4 Open the Control Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.5.4 3.5.5 3.5.6 3.5.7 3.5.8 3.5.9 3.5.10 3.5.11 3.6 Automation Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 3.6.1 3.6.2 3.6.3 3.6.4 3.6.5 3.6.6 3.7 SN Proxy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 SixView Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Connect PC to Red Lion Router Chapter 1 Accessing the Web User Interface 1.1 Connect PC to Red Lion Router Connect a CAT‐5 or CAT‐6 Ethernet cable between the local PC and the Red Lion router’s Ethernet Port(s). Note: If the Ethernet port’s green LED is lit, this indicates that the connection is running at 100Mb speed. If the Ethernet port’s green LED is not lit, this indicates that the connection is running at 10Mb speed. The yellow LED indicates the “link” status of the connection.
Setup PC IP Address 1.2 Setup PC IP Address 1.2.1 Open the Control Panel • Click on Start and browse the “Control Panel” menu item. The Control Panel should look similar to the following: 1.2.
Setup PC IP Address 1.2.3 • • Access Network Connection Settings Click on the link to access network connection settings. • XP ‐ “Network Connections” • Vista/Windows 7 ‐ “Network and Sharing Center” The display should look similar to the following: 1.2.4 • • Access Local Area Connection Click on the link to access the local area connection.
Setup PC IP Address 1.2.5 Open Properties • Click on “Properties” button (Vista/Windows 7 will display a popup window asking to confirm the operation). • Click on the “Continue” button. The display should look similar to the following: 1.2.6 • • Access Internet Protocol Properties Click on the Internet Protocol to highlight. • XP ‐ “Internet Protocol (TCP/IP)” • Vista/Windows7 ‐ “Internet Protocol Version 4 (TCP/IPv4)” Click on the “Properties” button.
Setup PC IP Address METHOD 1: PC to: WAN /ETH0, Ethernet on SN/RAM‐6000, RAM 9000 • Select “Use the following IP address” and fill in the blank fields with the information below: •IP address:192.168.0.2 •Subnet mask:255.255.255.0 •Default gateway:192.168.0.1 •Preferred DNS:192.168.0.1 • Click “OK”. • The previous screen will appear. • Click “OK”.
Setup PC IP Address METHOD 2: PC to LAN: ETH1, RAM 9000 Series only • Select “Use the following IP address” and fill in the blank fields with the information below: •IP address:192.168.1.2 •Subnet mask:255.255.255.0 •Default gateway:192.168.1.1 •Preferred DNS:192.168.1.1 • Click “OK”. • The previous screen will appear. • Click “OK”. Verify that you are connected to the router. • Open a Command Prompt window on your laptop. • XP Start Run, type in cmd and press the ENTER key.
Setup PC IP Address METHOD 1: PC to WAN /ETH0, Ethernet on SN‐6000, RAM 9000 Type in ping 192.168.0.1 and then press the ENTER key The display should look similar to the following: METHOD 2: PC to ETH1: LAN on RAM 9000 only Type in ping 192.168.1.1 and the press the ENTER key The display should look similar to the following: This shows the connection is up and functioning.
Access Red Lion Web Server 1.3 • • 1.3.1 Access Red Lion Web Server Open a web browser and enter the following in the address bar: METHOD 1 (WAN/ETH0): http://192.168.0.1:10000/ METHOD 2 (LAN/ETH1): http://192.168.1.1:10000/ You will receive a login pop‐up screen.
Access Red Lion Web Server At this point, you are connected to the Red Lion router and can configure it to meet your needs. If the ppp0 or wwan0 interface do not show an IP address, this could indicate that the internal SIM/Module has not been properly activated. Low or invalid signal strength may also contribute to the issue. Please contact your service provider to ensure proper activation. You may need to enter provisioning information in the NetworkingCellularProvisioning screen. Consult Section 2.
Cellular Configuration Chapter 2 Cellular Connections 2.1 Cellular Configuration Cellular connectivity can be obtained through the use of an internal (embedded) RF Module. Your Red Lion router has an embedded cellular radio that is already detected and configured for the intended carrier. If you are using a carrier that supports the use of an APN, you may have to set your specific APN manually, as covered in the next section.
Cellular Configuration Address and Signal Strength. If you do not see an IP Address get populated for the PPP interface you may have an issue with your settings or your account has not been correctly activated. Activation Status column: See table below for a description of the different statuses found in the “Activation Status” col‐ umn. CDMA HSPA/LTE Running - Connection/Activation is running Not Reg - Modem not registered Waiting - Connection/Activation tried and failed. Will retry in 20 mins.
Cellular Configuration Note: The User Name, Password and APN can be case sensitive. Be certain that you use the exact information as provided by your carrier. 2.1.3 Provisioning For Sprint/CDMA installations for Sprint Data link support, additional information may be required. Navigate to Network ‐> Cellular Connection ‐> Provisioning. 2.1.4 Verify Cellular Connectivity Browse to the Status screen, by selecting Summary ‐> Status.
Cellular Configuration As shown, the router is receiving good signal from the cellular network, it is connected and has been issued an IP address. At this point, if you previously verified that the SIM/Module is activated and have been accessing the web UI to configure your Red Lion interface via it’s browser, you should be able to access the Internet. • Open a browser on the PC/Laptop, and attempt to browse the Internet.
Cellular Configuration 2.1.5.2 Verifying IP Connectivity First, check to make sure that your device is connecting to the cellular network and obtaining an IP address. Navigate to the Web UI Status screen shown below: If your screen looks similar to the one shown above, you are having signal reception difficulties. You can further verify this condition by examining the LED signal meter. SN6000 units: Observe the signal LED as shown below.
Cellular Configuration RAM 9000 units: Observe the RSSI LED as shown below. Low Signal / No service > ‐ 109 dBm (Low but valid signal) RSSI > ‐ 99 dBm (Lower but valid signal) > ‐ 89 dBm (Avg signal) > ‐ 80 dBm (Excellent signal) 2.1.5.3 Minimal Reception On occasion, you can find yourself in a situation where you have just enough signal to be able to communicate with the cellular tower and obtain an IP address, but not enough reception to be able to sustain a viable connection.
Cellular Configuration 2.1.5.4 Authentication Issues If you are using a GPRS/EDGE/HSDPA card, and have at least three LEDs of signal on the front panel signal meter, your radio connection to the network may be just fine. The problem may lie in logging onto the cellular network. Navigate to the Cellular Connection dialog window (Network ‐> Cellular Connection ‐> Configuration): Verify your user name, password, and APN information.
Web User Interface Introduction Chapter 3 Web User Interface 3.1 Web User Interface Introduction 3.1.1 Organization The Red Lion Web UI is comprised of six major sections. (Click on a link to get an in‐depth description of each topic) • Status: The Status tab presents information on the router. This tab is organized into five (5) sections: Summary, Network, Diagnostics, Syslog and Gather Stats.
Status Tab 3.2 Status Tab The Status Tab allows you to review the state of the router functions, such as network connections, interfaces, system pro‐ cesses, services running, and system information. It also allows review of the syslog, update history, and under diagnostic tools, permits testing connectivity through the use of ‘ping’ and ‘traceroute’. 3.2.1 Summary This option will return the user to the System Summary (home) page.
Status Tab 3.2.1.1 EZ Config Wizard The EZ Config Wizard is used to setup your Ethernet IP without having to navigate through multiple dialog windows. The EZ Config Wizard is situated on the Summary page and accessed by clicking on the blue EZ Config Wizard button. • Click on the EZ Config Wizard button. The Eth0 Settings dialog window will open: Enable eth0 Interface: Select Yes to enable the interface or No to disable it. If you select No, the fields below the “Enable eth0 Interface” will disappear.
Status Tab For example, if a netmask is 255.255.255.0 and the IP address assigned to the device is 192.168.1.1 through 192.168.1.254 as 192.168.1.0 is the value reserved for the broadcast address. Recommended Setting: This address should have been provided by your Network Administrator. It must be an address valid for the network described by the value contained in the Enter Subnet Mask field and must not conflict with any other device on the target network.
Status Tab Note: Entering an APN value in this field will overwrite any APN stored in the modem for the selected context. • Once the desired settings have been entered, click on the Finish button and a recommendation dialog window will appear. • Click on Revert, Save or Apply (see explanation of each setting in dialog window above). 3.2.2 Network The Network menu contains the following sub‐menus: Arp Cache, Firewall Rules, Interfaces, Routing Tables and Socket Statuses.
Status Tab 3.2.2.1 ARP Cache The “ARP Cache” is a table which stores mappings between Data Link Layer (OSI Layer 2) addresses and Network Layer (OSI Layer 3) addresses. This important information shows what connections are established to the router. When you click on the ARP Cache menu item, the following dialog window will appear. 3.2.2.2 Firewall Rules The “Firewall Rules” menu item displays a complete listing of the rules used within the firewall for the Red Lion router.
Status Tab 3.2.2.3 Interfaces The “Interfaces” dialog window is divided into three sections. Summary, Details and Multicast. The “Summary” table displays a brief description of the interfaces of the Red Lion router. The “Details” table displays a system specific description of the interfaces on the Red Lion router. The “Multicast” table displays the current multicast settings for various interfaces. 3.2.2.
Status Tab The “Standard System Routing Table” displays the current routes for the Red Lion router and the static routes that have been configured for the router. The “Policy Routing Table” displays information on the policy rules, the route tables for each individual interface and the general routes for the Red Lion router. 3.2.2.5 Socket Statuses Sockets are end‐points to communication over the Internet.
Status Tab 3.2.3.1 Cellular Status The Status menu item will bring up a dialog window which displays the status of the cellular connection. From here, you can get information such as the type of modem, carrier, MDN, IMEI, ESN, IP RSSI, Activation Status, Connection Status, CSQ Status and Card Stats. 3.2.3.2 Ping The Ping menu item allows you to input an address either as an IP Address or a URL for testing the destination availability.
Status Tab networks. Your local default gateway is a good test, and this IP can be found in the your routing table. Also, a com‐ monly available internet server available to test against is 4.2.2.2 Source Interface: The Source Interface offers the option of using different interfaces to send the Ping through. This is useful if you have a VPN Tunnel in place. Testing the connection through the VPN Tunnel is required to verify connec‐ tivity through the tunnel.
Status Tab Destination Port field: Enter the Destination IP Address of the server to which you would like to connect. • 3.2.3.4 Click on the Test button at the bottom of the dialog window to proceed with the TCP socket test to verify socket availability. Traceroute The Traceroute menu item will allow you to watch the route taken through the Internet to the specified IP Address or URL. Host/IP Address field: Type in the IP Address or URL you wish to trace.
Status Tab 3.2.3.5 System Info The System Info menu item will display the current usage of the file system in both the directory size and the memory uti‐ lization. 3.2.4 Syslog The Syslog window will display the current log into the syslog of the Red Lion router.
Status Tab Customize your search by configuring the following fields: Filter String (optional): Enter a filter string in the space provided. Only lines containing the filter value(s) will be dis‐ played via a GREP (Global Regular Expression Parser) style filter mechanism. Auto Update: Select YES to enable automatic updating of the log file display. The update interval can be selected using the Select Update Interval option provided in the field below the Auto Update one.
Status Tab Include All Configuration Files: Select YES to include ALL GWLNX protocol conversion related files. This included GWLNX application as well and will considerably increase the size of your resulting zip file. Note: Only choose YES for this option if directed by the Technical Support Staff. Include GWLNX Files: Select YES to include all GWLNX configuration files. The recommended setting for this option is YES.
Admin Tab 3.3 Admin Tab The Admin Tab is where you configure web access methods, manage SSL/IPSEC certificates, set passwords, update firm‐ ware, manage configurations and set factory defaults. 3.3.1 Access Settings The “Access Settings” menu item allows you to change how the unit’s Web UI is accessed, either by HTTP or HTTPS. You can also change the passwords used to access the Web User Interface.
Admin Tab Web Access Method: Select the method you would like to use to access the Web UI. You do not need to enter the password in order to change the access method. Note: The HTTP method can result in better performance and faster page load time; however, it is less secure than the HTTPS method, which uses data encryption to provide a secure con‐ nection. User: admin (Full access) New Password: Enter the new password in the “New Password” field.
Admin Tab • Click on the System Time menu time and the following window will appear. Time Zone: Select the time zone corresponding to your geographical location by choosing one of the values available on the drop down list provided. To configure the date and time for your Red Lion router there are three options: Option 1: Sync to NTP Server: Select Yes to enable synchronizing the system clock to an NTP server.
Admin Tab 3.3.3 Certificate Manager The Certificate Manager gives the option of adding a certificate, deleting or editing an existing one. • Click on the Certificate Manager menu item and the following dialog window will appear: To create a new certificate: • Click on the Add button and the following dialog window will appear: Name: Enter a descriptive name to be associated with the Certificate File to be uploaded. This name will be used later in fields where selection of a certificate is required.
Admin Tab Type: Select the type of certificate that you will be uploading. Each certificate is stored in a unique repository, depend‐ ing on the service that will be using it. The certificate file name can contain only upper and/or lower case letters, dig‐ its, ‘‐’, ‘_’ and must end with a .ca, .csr, .crt, .key or .pem. Possible choices include: • IPsec Cert: This will specify a certificate to be used to authenticate a VPN connection. A server and client certificate will be required.
Admin Tab 3.3.4 Firmware Update The Firmware Update menu item is used to upgrade the firmware of the Red Lion router. • Click on the Firmware Update menu item and the following window will appear: To upgrade the firmware of the Red Lion router: Boot Image File: Select the file that will perform the Kernel update. Root Image File: Select the file that will perform the system update.
Admin Tab 3.3.4.1 Configuration Manager The Configuration Manager menu item saves a copy of the current system configuration, i.e., Export. This is useful when a confirmed good configuration is operational. A backup can be exported for use should the configuration become corrupt or re‐configured in error.
Admin Tab To apply the settings, you will need to visit the configuration page for each supported sub‐system and click its Apply button. This is unusual, but useful for when you are importing a configuration from one unit to another and need to make additional settings before applying them. Import Configuration File: Click on the Select File button, and the dialog window below will appear. • Browse to the directory where the config.xml.txt file is located. • Select the config.xml.
Admin Tab • Click on the Package Installation menu item and the following dialog window will appear: • In the Package File field, click the Select File button, and the following dialog window appear: • Browse to the directory where the patch is located. • Select the filename to select the file. Note: Be sure to use only genuine Red Lion provided packages in the form of filename.zip. • Click on the Open button to populate the Package File field and click on the Install button.
Admin Tab 3.3.4.3 Factory Defaults/Reboot The Factory Defaults/Reboot menu item allows you to restore the configuration back to factory default settings. • Click on the Factory Defaults/Reboot menu item and the following window will appear: Restore Factory Default: Click on the Restore button to restore the factory default settings. A warning will appear, read through the information and click OK. The restore may take 2‐5 minutes. Reboot System: Click on the Reboot button to reboot the device.
Network Tab 3.4 Network Tab The Network Tab configures aspects of the Red Lion router affecting the networking functionality of the unit. From here you can configure the Cellular Connection (should the air card/SIM not be recognized at power up), Ethernet Interfaces, Firewall, Tunneling, DNS Settings, Static Routes and TCP Global Settings. 3.4.1 Cellular Connection The Cellular Connection menu item is sub‐sectioned into Configuration, Status and Provisioning.
Network Tab The Config, Status and Provisioning buttons are a quick way to navigate to the three (3) submenus of the Cellular Connec‐ tion menu. Enable Interface: Select Yes to enable the interface to become active after the new settings are applied and upon sub‐ sequent system start‐up. Select No to disable the cellular interface and prevent the cellular radio from attempting to establish a network connection. Select APN Context: Select the desired APN Context from the provided drop‐down.
Network Tab 0 ‐ Default: Band Group 0 ‐ G900 G1800 W2100 W800 Band Group 1 ‐ G1900 G850 W1900 W850 1 ‐ Europe/Rest of the World: Band Group 0 ‐ G900 G1800 W2100 W800 Band Group 1 ‐ G1900 G850 W1900 W850 2 ‐ North America: Band Group 0 ‐ G1900 G850 W1900 W850 Band Group 1 ‐ G900 G1800 W2100 W800 3 ‐ Australia: Band Group 0 ‐ G900 G1800 W850 W2100 W800 Band Group 1 ‐ G1900 G850 W1900 4‐ Japan: Band Group 0 ‐ G900 G1800 W2100 W800 Band Group 1 ‐ G1900 G850 W1900 W850 Select Cellular Network Speed: Select the
Network Tab Maximum Receive Idle Time (rxidle): Enter the number of seconds the connection may be allowed to remain “idle” or “unresponsive” (no data received) before closing the connection. If packets are leaving the interface, but no return packet is received for the specified time, then the connection is reset. This can be useful for detecting an unresponsive situation where the network is down, the modem is in an unknown state, or other low level error may have occurred.
Network Tab 3.4.1.2 Status The Status menu item will bring up a dialog window which displays the status of the cellular connection. From here, you can get information such as the type of modem, carrier, MDN, IMEI, ESN, IP, RSSI, Activation Status, Connection Status, CSQ Status and Card Stats. 3.4.1.3 Provisioning The Provisioning menu displays carrier specific information that may be useful when initially provisioning your device with a new carrier. • Click on the Provisioning menu item.
Network Tab Note: If the cellular SIM is not recognized, go to the Configuration dialog window and enter the required data (see section 3.4.1.1). 3.4.2 Interfaces The Interfaces menu allows the administrator to configure the Ethernet ports of Red Lion routers to incorporate within their existing nework topology. Interfaces available may include eth0 (WAN), eth1 (LAN), and USB. These will only be present if your hardware supports these interfaces.
Network Tab 3.4.2.1 eth0 (WAN) and eth1(LAN) ‐ (Internet Interfaces) The configuration of the Ethernet ports is the same for eth0 and eth1, therefore this section will only reference the config‐ uration of “WAN”/’eth0’. Please refer to this section when configuring “LAN”/’eth1’. • Click on the “eth0 (WAN)” menu item and the following window will appear: Enable eth0 Interface: This field determines if the specified Ethernet port is enabled, allowing the administrator to disable the port if necessary.
Network Tab Obtain Network Addresses via DHCP: Select Yes to allow the interface to obtain address information via a DHCP server. The device will obtain its IP address, netmask and remote gateway and optionally, use the remote gateway as the default route. It can also obtain DNS server address via DHCP. Select No to prevent the interface from obtaining address information via a DHCP server. You will be required to enter an IP address, netmask and remote gateway addresses.
Network Tab Enter Remote Gateway: Enter the IP Address for the gateway device in the field provided. This field is only available when Obtain Network Addresses via DHCP has been set to NO. This field is required if Use Remote Gateway as Default Route is set to Yes. A gateway is a device (typically a router) used to gain access to another network. For example, if a device is attached to a LAN whose network address is 192.168.1.0 with a netmask of 255.255.255.
Network Tab Enter Sub interface number (Required): This field is where you enter the sub interface number. The valid range is 0‐ 99, and each aliased interface must be uniquely numbered. The final sub interface name will then be in the form ethx:y where x is the root interface number and y is the sub interface number. Your Network Administrator should be able to provide guidance as to an appropriate value. Enter IP Address (Required): This field specifies the IP Address of the sub interface.
Network Tab Enter Vlan ID number (Required): Enter the desired Vlan ID interface number in the field provided. The valid range is 0‐4096 and each interface must be uniquely numbered. The final Vlan ID will then be in the form ethx.y where x is the root interface number and y is the vlan ID number. Your Network Administrator should be able to provide guidance as to an appropriate value. Enter IP Address (Required): Enter the desired interface IP Address into this field.
Network Tab 3.4.2.2 USB The USB interfaces menu item allows the administrator to configure the USB port of the Red Lion routers to meet their needs. The default address is set for 192.168.111.1 with the subnet mask of 255.255.255.0 • Click on the USB menu item and the following dialog window will appear: Enable USB Interface: Select YES to enable the USB interface. The recommended setting for this field if YES if using this interface.
Network Tab • 3.4.2.3 Click on the “Save” button for changes to be saved without activating the interface, the “Apply” button will save your settings and apply them immediately. To revert to the previous defaults, click on the “Revert” button. Switch Control The purpose of the Switch Control function is to create a WAN/LAN separation This gives the user the ability to create a divided network with additional capabilities. This option only applies to units with the 5 port unmanaged switch (6x21).
Network Tab • 3.4.2.4 Click on the “Save” button for changes to be saved without activating the interface, the “Apply” button will save your settings and apply them immediately. To revert to the previous defaults, click on the “Revert” button. PPP Dial Backup The PPP Dial Backup menu item is used to configure the capability of an alternate connection by dialing into an ISDN should the primary router get interrupted.
Network Tab Enter Dial String (Required): Enter the phone number of the peer/ISP to dial. Enter User Name (Required): Enter the name used for authenticating the local system to the peer. Please consult your ISP for these values. Enter Password (Required): Enter the password to use for authenticating with the peer. Please consult your IPS for these values. Confirm Password (Required): Re‐type the password entered in the Enter Password field.
Network Tab 3.4.2.5 PPP over Ethernet The PPP over Ethernet menu item is used to configure a connection by being able to connect a DSL or cable modem. • Click on the PPP over Ethernet menu item and the following dialog window will appear: Enable PPPoE: Select Yes to enable the PPP over Ethernet service on the specified interface when the Apply button is clicked. To disable the service, select No and click Apply.
Network Tab Select DNS Method: Select the method by which DNS Server information should be obtained. The recommended set‐ ting for this field is “Use Peer DNS”. Choices include: Use Unit Default: Do not obtain DNS information from PPPoE Server. Use settings from Network‐>DNS Settings instead. Use Peer DNS: DNS information should be obtained from the peer host once connected. Use Custom DNS: DNS information is entered manually in the fields which will appear below.
Network Tab Enable Firewall (Required): Specify whether to enable the firewall service on this device. The recommended setting for this field is Yes. Note: Disabling the firewall will compromise security and routing functions of the unit. Allow Ping: To allow ICMP echo responses (Ping) from external devices through untrusted interfaces on this unit, select Yes; otherwise select No. The recommended setting for this field is Yes.
Network Tab Allow DNP3: To allow external devices to connect to the DNP3 Server, via port 20,000, through untrusted interfaces on this unit, select Yes; otherwise select No. The recommended setting for this field is No. To restrict access via a configured whitelist, click the check box marked Use Whitelist and then select a whitelist name for the list of names available in the drop‐down list box provided. Whitelists may be viewed/defined via the Net‐ work>Firewall>ACL Rules>Subnet Whitelist Rules screen.
Network Tab • Click on the Add button for Trusted Interfaces and the following dialog window will appear: Interface: Choose an interface from the drop‐down list provided. You may add as many interfaces as exist on the device. Each selection must be unique. Trusted interfaces will not block traffic to/from devices connected to that interface. Filter Rules are the only rules that will control traffic on these interfaces. • Click on the Finish button to populate the Trusted Interface screen.
Network Tab Interface: Choose an interface from the drop‐down list provided. You may add any number of interfaces, up to as many exist on the device. Each selection must be unique. Untrusted interfaces will block all incoming traffic from devices/networks connected to this interface. Exceptions must be defined in firewall rules to allow traffic (General Settings, Allow/Redirect, etc.) • Click on the Finish button to populate the Untrusted Interface screen.
Network Tab Enter Whitelist Name (Required): Enter a name for the whitelist in the space provided. If the name of an existing whitelist is entered, then you are in effect adding another member to the list of subnets defined by that whitelist group. After the Finish button is clicked, the entry will be added to the group in the (sorted) display area under the Current Whitelist Groups heading.
Network Tab • Click on the Finish button. You will be returned to the Firewall Access Control List (ACL) Rules dialog window and the Subnet Blacklist Rules table will now be populated with the recently entered data. • To delete an existing rule, select it in the table and click on the Delete button. To edit an existing rule, select it in the table and click on the Edit button. Filter Rules: Trusted interfaces are by default trusted, and do not have restrictions.
Network Tab • Click on the Finish button. You will be returned to the Firewall Access Control List (ACL) Rules dialog window and the Filter Rules table will now be populated with the recently entered data. • To delete an existing rule, select it in the table and click on the Delete button.
Network Tab Original Source Subnet (Required): Enter the subnet, using IP/CIDR notation that will be masqueraded out of a spe‐ cific interface. All traffic that is sourced from this subnet and that is destined to go out the specified interface will be masqueraded with the source IP address of the interface specified. Interface: Select the desired interface through which you wish to masquerade source addresses from the drop‐down menu. • Click on the Finish button.
Network Tab Original Destination Address (Required): This field holds the address being transformed by NAT, the IP seen by a remote host. This address may be owned by an interface on this device or an unowned/fake range with a correspond‐ ing route (static or default). One‐to‐one NAT will perform a complete forwarding of all ports on the Original Destina‐ tion IP to a new IP address entered in New Destination. Both fields can be any valid IP.
Network Tab Original Destination Address End (Required): This field holds the ending address range being transformed by NAT, the IP’s seen by a remote host. This address may be owned by an interface on this device, or an unowned/fake range with a corresponding route (static or default).
Network Tab • Click on the Add button and the following dialog window will appear: Select Interface: Click on the pull down‐down menu to choose an interface that will be forwarded to a DMZ Host. All incoming packets (TCP/UDP/ICMP/etc) will be forwarded to the DMZ Host specified. Note: Host Redirect and Service Access rules will apply first, and may prevent certain ports from reaching the DMZ Host. DMZ Host Address (Required): Enter the IP address of the DMZ Host.
Network Tab 3.4.3.4 Port Allow/Forwarding Rules The Firewall Port Forwarding is used to configure routes from a small range of IP Addresses or all IP Addresses through one or more interfaces to a designated IP Address located behind the Red Lion router. Service Access (Allow) Rules: The Service Access Rules option is used to define what ports, either as a single port or a range of ports, are authorized access through the firewall on the Red Lion router.
Network Tab Ending Port (Required): Enter the ending TCP or UDP port number for this rule. Note: If adding only one port, please omit this entry. Interface: Select the interface on which this port will be opened. Incoming connections to this interface will be allowed into the device. Note: For connections destined to a device beyond this unit, use Host Redirect, NAT or DMZ rules instead. Select Protocol: Choose the protocol for the type of data you want to allow.
Network Tab New Destination Port (Required): Enter the port that the incoming connection will be redirected to. This may be the same number as the Original Destination Port. Select Protocol: Choose the protocol type for this port’s data. Options are TCP and UDP. Source Subnets via Whitelist: Select a whitelist name from the list of names available in the drop‐down list box pro‐ vided. Whitelists may be viewed/defined in the via the Network/Firewall/ACL Rules screen. • Click on the Finish button.
Network Tab To add a GRE Tunnel: • Click on the Add button and the following window will appear: Tunnel Name: Select the name of the GRE name by choosing one of the options available in the provided drop‐down list. Enabled: Select Yes to enable the tunnel. Local bind‐to IP: Set the local bind IP address for tunneled packets. This field is optional. Note: If supplied, the Local IP Address must be an address on another interface of this host.
Network Tab • 3.4.4.2 Click on the “Save” button for changes to be saved without activating the interface until you reboot the unit, the “Apply” button will save your settings and apply them immediately. To revert to the previous defaults, click on the “Revert” button. IP in IP Tunnels The IP in IP Tunnels menu items is used to configure a simple IP Tunnel. IP in IP Tunnel essentially encapsulates an IP packet into another packet with the same protocol as the transport protocol.
Network Tab To add an IP in IP Tunnel: • Click on the Add button and the following window will appear: Tunnel ID (Required): Enter a unique numerical identifier in this field. It will be used for naming the tunnel interface which will appear in the interface list as tunl1, tunl2, etc. depending on the IDs provided. Enable Tunnel: Select Yes to enable the tunnel. Local IP Address (Required): Set the fixed local address for tunneled packets.
Network Tab 3.4.4.3 IPSEC The IPSEC dialog window is split into two sections. The top section pertains to the IPSEC configuration and the bottom por‐ tion is where IPSEC tunnels are created and edited. IPSEC Configuration Enable IPSEC: Specify whether you want to enable the IPSEC service. If you select No, all tunnels will be disabled. Enable NAT Traversal: Specify whether all tunnels will use NAT Traversal.
Network Tab Coordinate with Dial‐up PPP: You may select specific actions to be performed either upon PPP connect, PPP discon‐ nect or both. Do Nothing: Perform no action Restart: IPSEC is restarted Stop: IPSEC is stopped With these combinations, the connection management may be fine tuned so that the tunnel(s) may be able to restart faster rather than having to rely on Dead Peer detection or other time out mechanisms alone.
Network Tab Tunnel Type: Controls the initial mode of the tunnel at startup. The options given to IPsec will be: Client: auto=start Server: auto=add Dynamic: auto=route For more information, please consult an IPsec user guide on aspects of these specific modes. Negotiation Mode: As a default, this field is set to Main mode ISAKMP Negotiation. When using dynamic, or DHCP issued IP addresses (for example with cellular cards), some remote devices may require the use of Aggressive Mode ISAKMP Negotiation.
Network Tab Phase 1 DH Group: Select the DH Group needed for phase 1 (IKE) by choosing one of the values from the drop‐down list provided. This option selects the encryption level of the Diffie‐Hellman keys and these are Group 1 (768 bits), Group 2 (1024 bits), Group 5 (1536 bits) or Group 14 (2048 bits). Longer keys imply better security but at a cost of lon‐ ger negotiation/set‐up time during the initial connection establishment. These settings must match on both ends of the connection.
Network Tab For example, if the Red Lion router has an external cellular interface (ppp0) and an external Ethernet interface that is con‐ nected to a cable or DLS modem, and you need to bind the tunnel’s crypto endpoint to the Ethernet interface, you would specify the IP address of the appropriate Ethernet interface here. Note: If this value is omitted, it will be filled in automatically with the local address of the default route interface (as deter‐ mined at IPSEC startup time).
Network Tab 3.4.5 DNS Settings The Domain Name Server (DNS) Settings dialog window is split into two sections. The top section pertains to the DNS set‐ tings and the bottom section is where static hosts are added and edited. • Click on the DNS Settings menu item and the following dialog window will appear: Enter Search Domain: Enter the local domain name(s) to be searched, separated by spaces. These domains are used as the default local domains when performing DNS queries. Example: local.net domain.
Network Tab Enter Alternate DNS Server #2: This field is already filled in; it is showing the current server in use by the Red Lion server. Enter the IP Address of a Backup DNS Server you want to use, if the Primary DNS Server is unable to perform a DNS lookup. Note: This setting may be overridden if a network interface is set to obtain its configuration information from its peer (either via PPP or DHCP).
Network Tab 3.4.6 Static Routes The Static Routes menu allows you to configure a route to a network through an interface manually. • Click on the Static Routes menu item and the following dialog window will appear: To add a Static Route on the Red Lion router: • Click on the Add button and the dialog window below will appear: Interface: Select the interface to which the route should be applied by select‐ ing one of the available options from the drop‐down list.
Network Tab When set to No, the route will take effect only when a network change occurs on the configured interface. For exam‐ ple, if the configured interface is eth1, then the route will be assigned only when eth1 has a network change to an active state. Select Route Type: Select the type of route to be created by choosing one of the available options from the provided drop‐down list. The choices are Host or Network. Select Host to create a route to a specific device.
Network Tab [SYN] Tx Timeout (Required): Specifies the timeout value, in seconds, for SYN packets for connection tracking. 65 is generally recommended default, which differs from the system default of 120. The recommended default for IP ATMs is 30‐120. Enter Timeout (Required): Specifies the amount of time, in seconds, that a TCP connection can remain in an idle state before sending Keep‐Alive Probes to verify that the remote end of the socket is still available.
Services Tab 3.5 Services Tab The Services Tab is where you can configure the various service offerings of the Red Lion router. These services include DHCP Server, DHCP Relay, Dynamic DNS, SNProxy Settings, SixView Manager, GPS Settings, SSH/TELNET Server, SSL Con‐ nections, SNMP Agent, Ping Alive and Serial IP. 3.5.1 DHCP Server Used to configure one of the internal Ethernet interfaces to be a DHCP server and hand out IP Addresses to systems con‐ nected to the Red Lion router.
Services Tab Global Settings: Enter Domain Name: Enter the domain name that will be passed to DHCP Clients. Use Sixnet Standard DNS Settings: • Choosing “Yes” will automatically use the DNS Servers obtained by this unit’s internet connection and/or entries speci‐ fied in NetworkingDNS Settings. This is the preferred method of operation. • Choosing “No” will allow you to issue custom DNS servers to connected DHCP Clients.
Services Tab Recommended Setting: An address valid for the subnet for which the interface is configured, beyond that chosen for the starting value of the range. Care should be used to ensure that there is no conflict with any pre‐existing devices on that sub‐ net which may have been already configured to use statically assigned IP addresses. Show DHCP Leases: Click on the Show DHCP button to display the current DHCP leases logged on to the unit.
Services Tab • To delete an address, select it in the table and click on the Delete button. To edit an existing rule, select it in the table and click on the Edit button. • Click on the “Save” button for changes to be saved without activating the interface until you reboot the unit, the “Apply” button will save your settings and apply them immediately. To revert to the previous defaults, click on the “Revert” button. 3.5.
Services Tab Interface Table: • Click on the ADD button and the following dialog window will appear: Select Interface: Select the interface to receive its IP from the remote DHCP server from the drop down menu. • Click on the Finish button. You will be returned to the DHCP Relay dialog window and the Interface Table will be populated with the entered data. • To delete an existing rule, select it in the table and click on the Delete button.
Services Tab • Click on the ADD button and the following dialog window will appear: Remote Server: Enter the IP Address or fully qualified domain name of all remote DHCP Servers available. It is the responsibility of the remote DHCP Server to coordinate the issuing DHCP addresses. • Click on the Finish button. You will be returned to the DHCP Relay dialog window and the Remote Servers table will be populated with the entered data.
Services Tab • Click on the Dynamic DNS menu item and the following dialog window will appear: Enable Dynamic DNS: Select Yes to enable the Dynamic DNS Service. Select Service Type: Select the desired Dynamic DNS Service from the list provided. Enter User Name (Required): Enter the User Name used to access your Dynamic DNS Service in this field. Enter Password (Required): Enter the password used to access your Dynamic DNS Service in this field.
Services Tab 3.5.4 SN Proxy Settings SN Proxy is a web relay proxy service used to gain access to devices that are behind our Red Lion router providing addi‐ tional security and access control to devices that may not offer such functionality. A proxy based service provides a more robust connection than just using a port forward rule, including the ability to add an additional user login for authentica‐ tion, encryption via SSL as well as isolation via Access Control Lists.
Services Tab 3.5.5 SixView Manager The SixView Manager menu item allows you to configure various aspects of the SixView Manager Client to communicate with a SixView Manager hosted at Red Lion or at your location.
Services Tab When changing the Primary Address to your own private SixView Manager server, you may want to consider setting the Secondary Address to the Red Lion SixView Manager test server (server2.sixviewmanager.com) for trial and initial production rollouts. This will enable Red Lion support staff to monitor the progress and better assist in diagnosing potential problems. Select Connection Mode: Select the desired Connection Mode from the drop‐down menu.
Services Tab 3.5.6 • GPS Settings Click on the GPS Settings menu item and the following dialog window will appear: Lockdown Radius Multiple (Required): Enter the value of the Lockdown Radius Multiplier in this field. The recom‐ mended setting for this field is 2. When the Geofence engine begins to build a fence, it will create a Calculated Minimum Radius allowed using an accu‐ racy figure based on the acquisition 200 GPS location points obtained over an initial settling interval of about 15‐20 minutes.
Services Tab When the GeoFence engine begins to build a fence, it will calculate an allowed Minimum Radius using an accuracy fig‐ ure based on an average of 200 location points acquired over an interval of 15‐20 minutes. This value is then multi‐ plied by the Lockdown Radius Multiplier to obtain the Modified Minimum Radius. The Modified Minimum Radius will not be allowed to be less than the Minimum Accuracy, and will be increased to the Minimum Accuracy as needed.
Services Tab • Custom: Configured special actions are applied: • Block All: In addition to the actions taken in Block Network, all access to the device including via physical ports (console, etc.) is blocked. • Block Network: All network traffic, except to a SixView Manager server, will be blocked. • Report Only: The device reports violation events to a SixView Manager server. Configure Advanced GPS Parameters: Select Yes to configure advanced GPS parameters.
Services Tab 3.5.7 SSH/TELNET Server The SSH/TELNET Server menu allows you to configure whether the Red Lion router will communicate with the network via Secure Shell (SSH) and to enable or disable TELNET on the Red Lion router. • Click on the SSH/TELNET menu item and the following dialog window will appear: SSH Server Enable SSH Server: Select YES to enable the SSH server. Note: Enabling the SSH Server does not, by default, allow SSH data through the firewall.
Services Tab Listening IP Port: Specifies the local IP port on which the SSH server will accept connections. Note: Specifying a value other than 22 will require proper firewall rules in order to allow connections to the given port. The recommended set‐ ting for this field is 22. Login Grace Time (seconds): Specifies the amount of time, in seconds, after which the SSH server will disconnect, if the user has not successfully logged in. The recommended setting for this field is 30.
Services Tab Enable SSL: Select Yes to configure SSL client/server. Select No and then the Apply button to disable SSL. Select Activity Log Level: This option controls the logging level for SSL Connection activity. The recommended setting for a production environment is: Summary. For a test environment: Full. Wait for Connection (sec.): Time (in seconds) allowed after sending SYN packets, to wait for SYN‐ACK. The recom‐ mended setting for this field is 20 seconds.
Services Tab • None: Keep‐alives not used. • All: Keep‐alives enabled for all sockets. • Accept: Keep‐alives enabled for listening server socket side connections only. This applies to the clear text server for Cli‐ ent mode sockets, or the SSL Encrypted server for Server mode sockets. • Remote: Keep‐alives enabled for client initiated sockets. • Local: Keep‐alives enabled for Client connections bound to a local IP address.
Services Tab • Leave Blank (0.0.0.0) to allow connections from any interface. • Use 127.0.0.1 for internal connection use only (gwlnx Protocol Converter). TCP Listening Port (Required): Enter the listening port for this connection. Please note that this port must be allowed in the Firewall access rules for any external/untrusted interface. It may be useful to review the results of Status‐>Net‐ work‐>Socket Statuses‐>TCP Only to confirm that your choice of listening port is not already in use.
Services Tab Enable SSL: Select Yes to configure SSL client/server. Select No and click the Apply button to disable SSL. Select Activity Log Level: This controls the logging level for SSL Connection activity. The recommended setting for a production environment is Summary. The recommended setting for a test environment is Full. Wait for Connection (sec.): Time (in seconds) allowed after sending SYN packets, to wait for SYN‐ACK. The recom‐ mended setting for this field is 20 seconds. Idle Timeout (min.
Services Tab • Click on the Add button and the following dialog window will appear: Label (Required): Enter a unique name to describe this connection. SSL Listening IP: Enter the IP to listen on for incoming SSL connections. If not using static IP addresses, it is recom‐ mended to use the Advanced Setup option “Bind Interface for accepting TCP Connections” instead. The recommended setting for this field is to leave it blank (0.0.0.0) to allow connections from any interface.
Services Tab • To delete an existing rule, select it in the table and click on the Delete button. To edit an existing rule, select it in the table and click on the Edit button. • Click SAVE to store the settings for the next reboot, or click APPLY for the settings to take effect immediately. Selecting Revert, will reset all fields to previously saved defaults. 3.5.
Services Tab Enable SNMP Agent: Select YES to enable the SNMP Agent. Note: Enabling the SNMP Agent does not, by default, allow SNMP data through the firewall. If you have connection problems, please check your firewall settings. Community String for SNMP Agent Access (Required): Specify the community string to use for authentication between the SNMP Agent and Manager. Alpha‐numeric strings are supported. Note: The community string must match on both ends of the connection in order to work.
Services Tab Enable Ping Alive: Select YES to enable the Ping Alive Service. The recommended setting for this option is NO. Ping Alive will send the specified number of packets in Test Packets to Send, every interval defined in Test Interval. Should the ping fail to the first host, a second host may also be defined. Host Fail Type will control how many hosts must fail before a failure is declared and Failure Command Script will execute the failure action specified at that time.
Services Tab • Select the Serial IP menu item and the following dialog window will appear: Enable Serial IP: Select Yes to enable the Serial IP interface. Configuration Description: Enter a description to describe the intent of this communication. Character limit is 128. Line Speed: Select the desired interface speed to be used via the provided drop‐down. Consult the configuration of the remote device being attached, this setting must be compatible.
Services Tab Parity: Select the parity to be used via the provided drop‐down. Consult the configuration of the remote device being attached, this setting must be compatible. Stop Bit: Select the number of stop bits to be used via the provided drop‐down. Consult the configuration of the remote device being attached, this setting must be compatible. Connect Mode: If this option is set to No, the device will expect to receive AT Commands in order to go to active state.
Services Tab TCP Client Broadcaster: If this option is selected, the device will support 10 TCP Client broadcast socket using IP Destination configuration for connectivity. TCP Client Broadcaster Traffic Activator: If this option is selected, the device will support 10 TCP Client broadcast socket using IP Destination configuration for connectivity and would connect only if the serial data is available to broadcast. Peer IP Address (Required): Enter the peer IP Address into this field.
Automation Tab 3.6 Automation Tab The Automation menu contains all aspects of managing your Modbus and DNP3 based I/O. Note: If prompted for an Unlock Key, contact Red Lion Support at support@redlion.net or 1‐877‐432‐9908 This option is only supported if the IndustrialPro router has been upgraded from an SN prefix to IndustrialPro RAM and for the RAM 9000 series. The IndustrialPro RAM firmware MODBUS application allows it to act as a MODBUS Master acting as an I/O concentrator for MODBUS/DNP3 devices.
Automation Tab • CLI: The command line interface for the cellular modbus gateway (IndustrialPro) provides a Cisco‐style telnet com‐ mand line interface. It writes an XML configuration file, which is used to drive the backend daemons. • Web UI: This method is a WEB based interface which is the focus of this documentation. The user interfaces will have the ability to: • Configure/Display local station information such as station name and station number.
Automation Tab 3.6.2 Serial Ports This section is used to configure the RS‐232 port that is facing the front of the Red Lion device to integrate into your Mod‐ bus/DNP3 schema.
Automation Tab Device Name: Name of the serial device. Valid values: ttys1 (RS232), ttys5 (RS485) Baud Rate: Baud rate for the serial device. Supported baud rates are: 300, 600, 1200, 2400, 4800, 9600, 19200 and 38400. Data Bits: Number of data bits. Supported data bits are 7 and 8. Parity: Parity for serial device. Supported parities are: none, even, odd, mark and space. Flow Control: Flow control for serial device. Supported flow controls are: none, hardware, xon/xoff, half duplex, full duplex.
Automation Tab 3.6.3.
Automation Tab Station Name (Required): Enter the name of the remote station. The remote station name must be less than or equal to 32 characters. All the defined remote station names will be populated in the I/O Transfer screens as a selection for assigning I/O transfer for selected remote station name. Station Number (Required): Enter the remote station number. The station number must be in range of 1‐247.
Automation Tab • Click on the I/O Transfer menu item and the following window will appear: Register Allocation: This section is displaying the default values for the following: Analog In: By default we support 5000 Analog Input registers, but the range is 1 ‐ 65535. Analog Out: By default we support 5000 Analog Output registers, but the range is 1 ‐ 65535. Long In: By default we support 2000 Long Input registers, but the range is 1 ‐ 65535.
Automation Tab • Click on the Add button to configure the I/O Transfer for the remote station and the following pop‐up window will appear: Station Name: Name of the remote station for this I/O transfer. This option lists the name of all the remote stations that you have already defined and configured in remote station table entry. Select the remote station name that you want for this I/O transfer. Protocol: Modbus is currently the only supported protocol used for I/O transfers.
Automation Tab READ: Used for reading MODBUS registers from the remote station. WRITE: Write MODBUS output registers to the remote stations. WRITE_SINGLE: Write a single MODBUS discrete or analog output register to the remote station. Note: Only an option when writing a singe discrete output or single analog output. Local Type: Local Station I/O type. See Table2 ‐ I/O Types and Limits. Local Relative Address (Required): First address of the local I/O used for the I/O transfer.
Automation Tab Table 2 ‐ I/O Types and Limits for write commands I/O Type Number of regs supported in I/O transfer Discrete Input DI 1968 Discrete Output DO 1968 Analog Input AI 123 Analog Output AO 123 Float Input FI 61 Float Output FO 61 Long Input LI 61 Long Output LO 61 Table 3 ‐ Valid Type Combinations for READ I/O Xfers Local Type Valid Remote Type DI DI | DO DO DI | DO AI AI | AO AO AI | AO FI FI | FO FO FI | FO LI LI | LO LO LI | LO Table 4 ‐ Valid Type
Automation Tab 3.6.3.3 Forwards • Click on the Forwarding menu item and the following dialog window will appear: • Click on the Add button to configure the Forwarding and the following pop‐up window will appear: Station Number (Required): Station number to be forwarded. Valid values are 1 ‐ 247. Forward Station Number: If supplied, replaces the station number in the request with this value. Valid values are 1 ‐ 247. Communication Type: Select the forwarding method.
Automation Tab IP Port: Enter a valid port number (1‐65535) to be used to forward the request to on the remote station. It is recom‐ mended that a port number not already used by other system services is chosen. Consult Status‐> Network‐>Socket Statuses‐>TCP Only for a list of ports currently in use. Please note that a Firewall Allow rule will need to be added for remote access. (Network‐>Firewall‐>Port Allow/Forwarding Rules‐>Service Access Rules).
Automation Tab 3.6.4 DNP3 DNP3 (Distributed Network Protocol) is a set of communications protocols used between components in process automa‐ tion systems. Its main use is in utilities such as electric and water companies. Usage in other industries is not common. It was developed for communications between various types of data acquisition and control equipment. 3.6.4.1 • General Click on the DNP3>General menu option and the following screen will appear: Compatibility Mode: The DNP v3.
Automation Tab Enable Unsolicited Responses: Select if the DNP Slave should send unsolicited messages to the DNP Master. If this selection is checked, then the user should also configure the following: DNP Address to Send Unsolicited Messages to: The address of the station to which DNP Slave will send unsolicited mes‐ sages in the DNP Address to Send Unsolicited Messages field.
Automation Tab 3.6.4.2 Physical Link Layer Select Mode of Operation: The DNP V3.00 Slave Driver implementation supports RS‐232 and RS‐485 (two and four wires) over serial port communications as well as TCP/IP and UDP/IP over LAN/WAN communications. When the user selects the Serial Mode, the TCP/UDP section is disabled. The same happens to the Serial section if the Mode of Oper‐ ation selected is TCP or UDP. Serial: This section groups all the parameters needed to establish serial communication.
Automation Tab 3.6.4.3 Data Link and Application Layer Use Local Station Number as This Station DNP Address: DNP address for the slave. This value can be set by the user or automatically assigned by the Add‐On. If the check box Same As station Number is selected, then the DNP Address will be equal to the Station Number. Enter Station DNP Address (Required): Enter the address for this Station if not being automatically assigned.
Automation Tab Enable Application Layer Confirmation: The DNP V3.00 Slave Driver can be configured to retry unconfirmed applica‐ tion link primary frames. The number of retries the driver sends and the retry timeout are configurable. This service is disabled unless Application Link Confirmations check box is selected. Application Layer Retries: The number of Retries is configurable between 0 (Application Link Retries disabled) and 255.
Automation Tab Binary Inputs Map I/O: This section provides configuration of Mapping Binary Input I/O’s Reg/Index to DNP points for generating events based on configured Class Assignments when the status of any Binary Input I/O’s changes. Default Class Assignments are applied to all the Reg/Index defined by Highest Register Address except Reg/Index entries that are defined in Exception Class Assignments Table. Configure DNP Points: If option is No, then no Binary Inputs is mapped as DNP points.
Automation Tab Starting Reg/Index (Required): Enter the Starting Register for exception class assignments. The valid ranges are 0 to your configured highest register, and must be less than or equal to Ending Register. Ending Register (Required): Enter the Ending Register for exception class assignments. The valid ranges are 0 to your configured highest register, and must be greater than or equal to Starting Register. Object 2 ‐ Binary Change Event: This field is activated on both Levels 2 and 2+.
Automation Tab • Click on Store I/O Mapping to save your configuration before moving to the next project. Click on the Object Map‐ ping button to return to the DNP3 Object Mapping Configuration dialog window. Analog Inputs Map I/O: This section provides configuration of Mapping Analog Input I/O’s Reg/Index to DNP points for generating events based on configured DeadBand and Class Assignments when the status of any Ana‐ log Input I/O’s changes.
Automation Tab associated to a class (Class 1, Class 2 or Class 3), otherwise it should be associated to None. By default all DNP Points don’t generate events, this feature should be modified by the user. Default Object 32 ‐ Analog Change Event: This field is activated on both Levels 2 and 2+. It’s used to determine if a DNP point will generate events.
Automation Tab value of 1000 or more. This Analog Input deadband can be set to any value between 0 to 32767 (generate an event when the value changes by 32767). Object 31 ‐ Frozen Analog Input: This field is activated on both levels 2 and 2+. It’s used to determine if a DNP point will generate events. In case a DNP point generates events (Object 2 Binary Change Events) then it should be associ‐ ated to a class (Class 1, Class 2 or Class 3), otherwise it should be associated to None.
Automation Tab Floating Inputs Map I/O: This option provides configuration of Mapping Float Input I/O’s Reg/Index to DNP points for generating events based on configured DeadBand and Class Assignments when the status of any Float Input I/O’s changes. Default DeadBand and Class Assignments are applied to all the Reg/Index defined by Highest Register Address except Reg/ Index entries that are defined in Exception DeadBand and Class Assignments Table.
Automation Tab Default Object 32 ‐ Analog Change Event: This field is activated on both Levels 2 and 2+. It’s used to determine if a DNP point will generate events. In case a DNP point generates events (Object2 Binary Change Events) then it should be associated to a class (Class 1, Class 2 or Class 3), otherwise it should be associated to None. By default all DNP Points don’t generate events, this feature should be modified by the user.
Automation Tab Object 31 ‐ Frozen Analog Input: This field is activate by both Levels 2 and 2+. It’s used to determine if a DNP point will generates events (Object2 Binary Change Events) then it should be associated to a class (Class 1, Class 2 or Class 3), otherwise it should be associated to None. By default all DNP Points don’t generate events, this feature should be modified by the user. Object 32 ‐ Analog Change Event: This field is activate by both Levels 2 and 2+.
Automation Tab Configure DNP Points: If set to No, then no Binary Inputs are mapped as DNP points. If set to Yes, the Highest Register Address field is shown to enter a Highest Register Address value. Highest Register Address (Required): This field is used to show or set the highest register address to map DNP points. Enter Default DeadBand Value: Values outside this DeadBand generate events. The DeadBand parameter sets how event data is generated by your module as a DNP slave device.
Automation Tab be associated to a class (Class 1, Class 2 or Class 3), otherwise it should be associated to None. By default all DNP Points don’t generate events, this feature should be modified by the user. Exception DeadBand and Class Assignments Table: The Exception table provides the ability to define Reg/Index ranges that are needed to be configured differently than Default DeadBand and Class Assignments.
Automation Tab Object 32 ‐ Analog Change Event: This field is activated on both Levels 2 and 2+. It’s used to determine if a DNP point will generate events. In case a DNP point generates events (Object 2 Binary Change Events) then it should be associ‐ ated to a class (Class 1, Class 2 or Class 3), otherwise it should be associated to None. By default all DNP Points don't’ generate events, this feature should be modified by the user.
Automation Tab Configure DNP Points: If option is set to No, then no Binary Counters are mapped as DNP points. If set to Yes, the Highest Register Address field is shown to enter a Highest Register Address value. Highest Register Address (Required): This field is used to show or set the highest register address to map DNP points. Enter Default DeadBand Value: Values outside this DeadBand generate events. The DeadBand parameter sets how event data is generated by your module as a DNP slave device.
Automation Tab Exception Class Assignment Table: The Exception table provides you with the ability to define Reg/Index ranges that are needed to be configured different than Default DeadBand and Class Assignments.
Automation Tab Object 23 ‐ Frozen Change Event: This field is activated on both Levels 2 and 2+. It’s used to determine if a DNP point will generate events. In case a DNP point generates events (Object 2 Binary Change Events) then it should be associ‐ ated to a Class (Class 1, Class 2 or Class 3), otherwise it should be associated to None. By default, all DNP Points don’t generate events, this feature should be modified by the user. • Click Finish to enter your exception into the table.
Automation Tab Analog Objects 30: Analog Input: Combo Box that shows the different choices for Object 30 (Analog Input) that the user can select as a default variation. 31: Frozen Analog Input: Combo Box that shows the different choices for Object 31 (Frozen Analog Input) that the user can select as a default variation (only on Level 2+). 32: Analog Change Event: Combo Box that shows the different choices for Object 32 (Analog Input Change Events) that the user can select as a default variation.
Automation Tab From this screen you are able to import, export and manually edit the DNP3 configuration file. Import Configuration File: This option will allow you to import a configuration file to replace your existing DNP3 con‐ figuration file. Simply click on Select File button to select your DNP3 configuration file on your PC, click on the Import button to replace your existing DNP3 configuration file.
Automation Tab Enable this interface: Select Yes to enable the IO/CTRL Interface. Digital Input Address: Enter the address of internal IODB database for Digital Input I/O control. Valid values for this field are 1 through 65535 as defined for specified I/O type. Digital Input Counter Address: Enter the address of internal IODB database for Digital Input Counter. The valid values for this field are 1 through a value of defined register allocation configured for Analog Input I/O type.
Automation Tab The Test I/O interface has been kept simple to make managing the test I/O process easier and keep the screen less cluttered and easier to look at and quickly locate your test values. Scan Rate: This is the time in which the screen will automatically refresh values from the internal I/ODB. Idle Timeout: With this enabled (checked), the browser will stop scanning after two minutes of inactivity. Select Type: From the drop down list, select the type of I/O you would like to test.
Automation Tab Global: Clicking on the Global button will return the user to the main I/O Control dialog window: CPU Monitor Timeout (ms): This option is used to make the I/O fail safe if the main CPU stops working. The main CPU controls communication, IODB and code written in C. If the main CPU stops working, the I/O processor will detect that in the time defined in this field. Suggested timeouts are 1000ms to 10000ms. Timeouts faster then 100ms are not rec‐ ommended.
Automation Tab Channel: A channel is a physical IO point that can be either analog or digital. Modbus Address: Configuration must be sequential. Addresses are fixed sequentially from the base address. Input Mode: This field defines the filtering mode of the Discrete Input channel. Select an option from the drop down list. Disabled: Selecting this option will completetly disable the channel and a zero (0) will be reported.
Automation Tab selected, the long integer input register increases from 0 to 4.2949673E9, then ‐4.2949673E9 and back to 0. The menu selections for this options are listed below: Note: When the Input Mode is set to Slow Response (filtered) some of the Counter Mode options are not particularly suited since the maximum count is 10Hz. For example, Frequency Rate 0.1s would only be capable of measuring one count.
Automation Tab TPO period (ms): Time Proportioned Outputs (TPO) are outputs that turn on and off in proportion to an analog value. Typically, the output will turn on and off once during the specified TPO period (cycle time). Specify a cycle time for all enabled TPO outputs in the module. The range of the cycle time is 20ms to 10 minutes (600,000ms). Each TPO will pulse ON and OFF once during each cycle period, unless a minimum OFF/ON time is speci‐ fied. The default TPO period value is 1000ms.
Automation Tab Analog Input Filtering: The table below explains the filtering (integration) options on the analog inputs. The faster the integration time, the quicker the channels will be sampled. Howerver, quicker samples will render less accurate read‐ ings. For most accurate readings, select the slower sample/filtering settings. Integration Time Samples/Second (1 Channel) 3ms/channel 320 6ms/channel 160 12.
Automation Tab Analog Output • Click on the Analog Output button and the following dialog window will appear: Channel: A channel is a physical IO point that can be either analog or digital. Modbus Address: This field indicate the register addresses for each channel. Configuration must be sequential. Addresses are fixed sequentially from the base adddress. Output Range: Select the type of signal to be supplied by the output channels. Disabled: This option will completely disable the output channel.
Automation Tab Calibration • Click on the Calibration button and the following dialog window will appear: Software User Guide 155
Automation Tab Channel:Channel: A channel is a physical IO point that can be either analog or digital. User Zero Correction: Manually adjust the user offset calibration for analog inputs/outputs. Every analog/input is cali‐ brated at the factory according to the specified accuracy. The user calibration is supplied to account to adjust the reported values to account for wiring or instrumentation errors. For this reason, most inputs/outputs will NOT need to be calibrated.
Automation Tab Span display box. Click the Apply button and observe the effect of the new span factor. Repeat this step until a satisfactory reading is displayed. 4. The channel is now calibrated. Health Monitor • Click on the Health Monitor button and the dialog window below will appear. This dialog window will supply the user with feedback on the unit’s temperature and power readings.
Automation Tab View in Test I/O: • 3.6.6.2 Click on the Test I/O button to be directed to the Test I/O Access dialog window. See section 3.6.5.2 for more infor‐ mation on this feature. Test I/O Test I/O is used to verify the functionality of I/O states in gateways, RTUs and I/O modules.
Advanced Tab 3.7 Advanced Tab The Advanced Tab is used to configure the Red Lion router, which included IP Fallback, IP Transparency, Out‐of‐Band Man‐ agement, VRRP, Sub‐Systems and Gwlnx. 3.7.1 IP Fallback IP Fallback is supported in Red Lion routers in the IndustrialPro and EnterprisePro series. The IP Fallback option is used to configure the Red Lion router to failover between two interfaces, ex.
Advanced Tab Enable IP Fallback: Select YES to enable the IP Fallback. Enable this option if you have two paths (interfaces) config‐ ured with WAN (internet) support. An example would be primary ethernet (eth0) and secondary wireless (ppp0). Note: When using an ethernet port setup as DHCP Client, choose: Use Remote Gateway as Default Route: NO in the ethernet port setup screen. Default route control will be managed by the IP Fallback instead.
Advanced Tab 3.7.2 IP Transparency IP Transparency is supported on Red Lion routers in the IndustrialPro and EnterprisePro series. The IP Transparency menu item is used to configure the transparent bridging capability of the Red Lion router. IP Transparency is a special use capability. IP Transparency will take all inbound traffic to the Red Lion router and pass it transparently through to the interface specified.
Advanced Tab • Auto Detect: Use the ‘best negotiated’ speed and duplex (default) • 10 Mbps/Half: Force the interface to 10 Mbps and half‐duplex • 100 Mbps/Half: Force the interface to 100 Mbps and half‐duplex • 100 Mbps/Full: Force the interface to 100 Mbps and full‐duplex Note: An incorrect ‘forced’ setting will result in communication failure for this interface. Enable DHCP Server: Select Yes to allow the DHCP Server(s) to be enabled while IP Transparency is in effect.
Advanced Tab Enable Out‐of‐Band Port Redirect: Select Yes to allow any Out‐of‐Band ports to be redirected locally to this device. When enabled, the OOB Ports specified in the Advanced‐>Out‐of‐Band Mgt section will be automatically allowed. The recommended setting for this field is Yes, when also configuring Out‐of‐Band Mgt on this unit. Enable Port Redirecting: Select Yes to allow redirecting of ports to a device beyond this device (the one being config‐ ured).
Advanced Tab • To delete an existing item, select it in the table and click on the Delete button. To edit an existing rule, select it in the table and click on the Edit button. • Click on the “Save” button for changes to be saved without activating the interface until you reboot the unit, the “Apply” button will save your settings and apply them immediately. To revert to the previous defaults, click on the “Revert” button. 3.7.
Advanced Tab • Click on the Add button to add an instance for OOB Management and the following window will appear: Interface: Select the interface to used. Note: For Speed, Bits, Parity and Stop Bits, consult the configuration of the remote device being attached; this setting must be compatible. Speed: Select the desired interface speed to be used. Bits per Character: Select the word length (bits per character) to be used. Parity: Select the parity to be used.
Advanced Tab Basic + drop CR: Carriage return characters (x'0D) are dropped. Basic + drop CR & NUL: CR and NUL (x'00) characters are dropped. Basic + drop CR & NUL/HIGH: CR, NUL (x’00) and any characters > x'7F are dropped. Note: Selecting the right value for your particular situation may require some experimentation. The Basic Telnet Server will enable some telnet negotiation options with common Telnet Clients, which may provide a better user experience.
Advanced Tab • Click on the Add button and the following dialog window will appear: Enabled: Specify whether you want to enable the VRRP service on this device. The service will be started after clicking the Apply, and on each subsequent boot. VRRP is designed to work with multiple systems. Enable only if you intend to setup other VRRP partners. Interface: Specify the interface the VRRP service should use for communication.
Advanced Tab Note: Expert Mode is not recommended unless directed by Red Lion Technical Support. WARNING: Should you choose to edit the configuration files directly, we encourage you to contact Red Lion Technical Sup‐ port. Once you have manually edited a configuration file without the use of the Web UI, you should refrain from any fur‐ ther configurations to that subsystem through the Web UI, as it will overwrite any changes you may have made. 3.7.5.
Advanced Tab 3.7.5.2 Predefined Interface The Predefined Interface Names menu item allows you to create a named interface for use in applications such as OpenVPN that require a logical interface, i.e. tun0 that the Red Lion does not know about. Using the Predefined Interface Name will place the name of the interface into the pull‐down menus of interface selections to be used by the system.
Advanced Tab 3.7.6 Gwlnx The Gwlnx menu item is used to define the following sub‐menus: Connect Table Configuration, Install Configuration, Install Application, IP Destinations, CLI Status, Gwlnx Status and Gwlnx Log. 3.7.6.1 Connect Table Configuration The Connect Table Configuration menu item is used to configure the communication ports behavior via Serial or Modem using Dialed Number Identification Service (DNIS) method.
Advanced Tab Connect Table Properties: To create a table setting, click on the Add button and the following dialog window will appear: Label (Required): Enter the Lookup Key associated with this entry. This is commonly a phone number, or a portion of a phone number for partial matches of incoming calls. (i.e. “18” will match 1‐800‐xxx‐xxx, 1‐888, 1‐866 and similar num‐ bers.) The recommended setting for this field is 1001.
Advanced Tab Transparent: Allow raw communication between the Dial port and the TCP Connection. Visa: Enable local Visa I engine. This will process one transaction, and issue an EOT after the transaction response has been sent to the dial device. Visa2: Enable local Visa II engine. After a transaction is complete and ENQ will be issued to query the next transaction in sequence. If there is no response to the ENQ, then an EOT is issued.
Advanced Tab Enter Port 1 (Required): This is a Client Primary Port address that GWLNX uses to connect to the Host Server Port. For coordination with SSL Connections, this field should match the “TCP Listening Port” configured in Services‐>SSL Con‐ nections‐>SSL Client, to reach the specified remote SSL Host Server. When using DIAL mode, and Gwlnx is configured for Dynamic TCP Server Listener Port, this field will specify the TCP Port to listen on. The recommended setting for this field is 1000.
Advanced Tab 3.7.6.2 Install Configuration The Install Configuration menu item is used to install the new Gwlnx configuration on Red Lion IndustrialPro or R‐Series router devices. The Manage Configuration section is used to install or delete Gwlnx configuration files that already reside on Red Lion IndustrialPro or R‐Series router devices.
Advanced Tab Select Gwlnx Application File: Click on the Select File button to select a ‘Gwnlx’ zip file to upload from your local sys‐ tem. It is recommended that you do not upload files unless directed to do so by Red Lion Technical Support. 3.7.6.4 IP Destinations The IP Destinations menu item is used to configure the host processor (Server) IP/Port Addresses that Gwlnx application uses for TCP/IP communication protocol.
Advanced Tab Enter Address 1 (Required): This is a Client Primary IP Address that Gwlnx uses to connect to the Host Server. Enter Port 1 (Required): This is a Client Primary Port Address that Gwlnx uses to connect to the Host Server Port. Connect Timeout 1 (Required): Specify the time in seconds to attempt a connection to this TCP Destination, before declaring it unreachable. After the specified time, the next destination will be attempted. Valid range is 2 ‐250 sec‐ onds.
Advanced Tab 3.7.6.5 CLI Status The CLI Status menu item is used to view the status of the ports defined in the Gwlnx configuration file if the Gwlnx appli‐ cation is running. • Click on the CLI Status menu item and the following dialog window will appear: Auto Update: Select Yes to enable automatic updating of the log file display, the update interval can be selected using the Select Update Interval provided immediately below this control. Manual updating is disabled while auto‐update is in effect.
Advanced Tab Be advised that when connected via a Cellular interface, the log file data collected will count towards your total data plan usage. 3.7.6.6 Gwlnx Status The Gwlnx Status menu item is used to view the Gwlnx process ID and has the ability to restart the application by selecting the process ID from the provided drop‐down list. The Refresh button will refresh the process ID, if the Gwnlx application has been restarted.
Advanced Tab • Click on the Gwlnx Log menu item and the following dialog window will appear: Filter string (optional): Enter a filter string in the space provided, only lines containing the filter value(s) will be dis‐ played via a ‘grep’ style filter mechanism. Note that the filter is case sensitive. Number of lines to display: Select the number of lines to be displayed from one of the choices in the drop‐down list provided. Choices include: 50, 100, 250, 500, 1000 & 2000.
Advanced Tab Auto Update: Select Yes to enable automatic updating of the log file display, the update interval can be selected using the Select Update Interval provided immediately below this control. Manual updating is disabled while auto update is in effect. The current filter and maximum lines to be displayed will be used. Be advised that when connected via a Cellular interface, the log file data collected will count towards your total data plan usage.
Chapter 4 Red Lion Support Technical Support For Technical Support on all products, Red Lion provides live phone support to serve you better. Hours are 8:00am to 5:30pm EST, Monday through Friday. Phone: 1‐877‐432‐9908 e‐mail: support@redlion.net Website: www.redlion.net Customer Service Contact the Customer Service Department for all your product requirements.
Chapter 5 Compliance Statements & User Information FCC Compliance Statement This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
Chapter 6 Licensing & Warranty Software supplied with each Red Lion product remains the exclusive property of Red Lion. Red Lion grants with each unit a perpetual license to use this software with the express limitations that the software may not be copied or used in any other product for any purpose. It may not be reverse engineered, or used for any other purpose other than in and with the computer hardware sold by Red Lion.
Chapter 7 Appendices Appendix A: RED‐LION‐RAM.MIB Contents Refers to: 3.5.10 SNMP Agent: RED‐LION‐RAM.MIB Contents Please note that the RAM‐6021 Wired Router will not return any values for Wireless specific fields. The following MIBs are cellular specific. It is to be noted that all of the following can be retrieved on the SN firmware version of Red Lion's routers, the A, M, and R Series routers are dependent on the cellular module/ aircard installed/inserted into the router.
Open Mobile Alliance for Device Management (OMA DM), designed for management of small mobile devices such as mobile phones, PDAs and palm top computers.
hdrType STRING cdmaRoaming STRING hdrRoaming STRING roaming INTEGER currentState INTEGER speedPref STRING roamPref STRING devName STRING ifName STRING txCount INTEGER rxCount INTEGER gprsState rxLevel servingCell STRING STRING STRING rrcState STRING gsmChannel STRING psState mode temperature simContextApn0 simContextApn1 simStatus serviceDomain STRING STRING STRING STRING STRING STRING STRING availServiceType STRING wCdmaL1State mmccState gmmPsState wCdmaChannel wCdmaBand sys
