Moxa EDR-810 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Moxa EDR-810, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Moxa EDR-810 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Moxa EDR-810. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Moxa EDR-810 should contain:
- informations concerning technical data of Moxa EDR-810
- name of the manufacturer and a year of construction of the Moxa EDR-810 item
- rules of operation, control and maintenance of the Moxa EDR-810 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Moxa EDR-810 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Moxa EDR-810, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Moxa service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Moxa EDR-810.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Moxa EDR-810 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Industrial Secure R outer User’ s Manual Second Editio n, August 2013 www.moxa.com/product © 2013 Moxa Inc . All rights reserved. Reprod uction witho ut permis sion is p rohibited .[...]

  • Page 2

    Industrial Secure R outer User’ s Manual The softw are described in this manual is furnished under a license agreement and may be used only in accordance with the terms of that agree ment. Copyri ght Notice Copyrig ht ©2013 Moxa Inc. All r ights rese rved. Reprod uction witho ut permis sion is p rohibited . Trademarks The MOXA logo is a regis te[...]

  • Page 3

    Table of Content s 1. Int rodu ct ion ...................................................................................................................................... 1-1 Ov erv iew ........................................................................................................................................... 1-2 Packag e Checklist[...]

  • Page 4

    Se ttingChec k .............................................................................................................................. 4-8 Syste m File Upda te — by Rem ote TF TP .......................................................................................... 4- 10 Syste m File Upda te — by Loca l Impor t/Ex port ..............[...]

  • Page 5

    1 1. Introduction Welcome to the Moxa Indus trial Secure Router series , the EDR - G902, EDR - G902 , and EDR - 810. The all - in - one Firewall/N AT/VPN secur e routers are desig ned for connecting Ether net - enabled device s with network IP secur ity. The follow ing topics are covered in this chapter:  Overvi ew  Package C hecklist  Fea[...]

  • Page 6

    Industri al Se cure Rout er U ser's Man ual Introduc tion 1-2 Overvi ew As the world ’s network and informatio n technology becomes more mature , the trend is to use Ethernet as the major communic ations interf ace in many industrial co mmunications and auto mation applicatio ns. In fact, a entirely new industry has sprung up to provide Ethe[...]

  • Page 7

    2 2. Getting Started This chapte r explains how to access the Ind ustrial Secure R outer for the first time. Ther e are three ways to access the ro uter: (1) serial conso le, (2) Telnet console, and (3 ) web browser. The serial conso le connection method, w hich req uires using a s hort ser ial cab le to connect the Industria l Secure R outer to a [...]

  • Page 8

    Industri al Se cure Rout er U ser's Man ual Getting Started 2-2 RS - 232 C onsole Configurati on (115200, None, 8, 1, VT100) NOTE Connec tion Ca utio n! We strong ly suggest that you do NOT use mor e than one connection me thod at the same time. Fol lowing this advice wi ll allow you to maintain bette r control over the config uration of your [...]

  • Page 9

    Industri al Se cure Rout er U ser's Man ual Getting Started 2-3 4. Click the Ter minal tab, selec t VT100 for Terminal Type , and then click OK to continue. 5. The Console login screen will ap pear. Use the keyboard to enter the login acco unt ( admin or use r ), and then press E nt er to jump to the Pas sword field. Enter the cons ole Passwor[...]

  • Page 10

    Industri al Se cure Rout er U ser's Man ual Getting Started 2-4 the form 192.168 .xxx.xxx. On the other hand , if your PC host’s subnet mask is 255.255.255.0, the n its IP addres s must have the form, 192.168.127.xx x. NOTE To use the I ndu s tr ial Secure R outer ’s management and monitoring func tions from a PC ho st connected to the sam[...]

  • Page 11

    Industri al Se cure Rout er U ser's Man ual Getting Started 2-5 2. The web login page will ope n. Select the login account (Admin or User) and enter the Passw ord (the same as the Console pas sword), and then clic k Login to continue. Le ave the Pas sword f ield blank if a password has not been set. NOTE The default p assword for the EDR serie[...]

  • Page 12

    3 3. EDR- 810 Series Feat ures and Functions In this chapte r, we explain how to access the Ind ustrial Secur e R outer ’ s configuratio n options, perform monitor ing, and use administratio n functio ns. There are three ways to access these func tions: (1) RS - 23 2 conso le, (2) Telnet console , and (3) web browser. The web browser i s the m os[...]

  • Page 13

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-2 Quick S etting Pr ofile The EDR - 81 0 s eries sup ports WAN Routing Q uick Se tting , which creat e s a routing f unction betw een LAN ports and WAN ports def ined by users. Follow the wizard ’ s instructions to configur ing the LAN and WAN por ts . S[...]

  • Page 14

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-3 Step 3: Configur e t he WA N port type Conf igure the WAN p ort t ype to def ine how the secure router switc h connects to the WAN . Connect Type Sett ing Descrip tion Factory De faul t Dynamic I P Get the WAN IP a ddre ss f rom a DHCP se rver o r vi a a[...]

  • Page 15

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-4 Stati c IP PPPoE Step 4: Enable serv ices C heck Enabl e DHCP Server to e nable t he DHCP server for LAN devices . The def ault IP address range will be set automati cally. To modify the IP r ange, go to the DHCP Server page. N - 1 NAT will b e also enab[...]

  • Page 16

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-5 Step 5: Activate the s ettings C lick the A ctiv at e button. NOTE An exis ting configur ation will be ov erwritten by new settings whe n processing WAN Ro uting Quick Se tting . System The System section includes the most common settings required by adm[...]

  • Page 17

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-6 User Account The Moxa indus trial secure router suppor t s the management of accounts , including estab lishing, acti vating, modify ing, disabling and removing accounts. T here are two levels of configur ation access, admin and user. Th e account belo n[...]

  • Page 18

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-7 Create New Account Input the user name, password and assign the authority to the new account. O nce apply the new setting, the new account w ill be shown under the Account List tab le. Sett ing Descrip tion Factory De faul t User Name (Max. of 30 charact[...]

  • Page 19

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-8 Date and Time The Moxa ind ustrial sec ure router has a time c alibration f unction based on infor mation from an NTP serv er or user spe cified time and d ate. Functions s uch as automatic warning emails can therefore includ e time and date stamp. NOTE [...]

  • Page 20

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-9 Start Date Sett ing Descrip tion Factory De faul t User - speci fied date Spec ifies the date that Daylight Saving Time begins. None End Date Sett ing Descrip tion Factory De faul t User - speci fied date Spec ifies the date that Daylight Saving Time end[...]

  • Page 21

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 10 System Even t Settings Syste m Events are related to the overall f unction of the swi tch. Each event can be activated ind ependently with diffe re nt wa rning approaches . Administrator also ca n decide the severity of each system event. Syste m E ven[...]

  • Page 22

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 11 Port Event Settings Port Events are related to the activity of a specific port . Port E vents Warning e - mail i s sent whe n… Link - ON The port is connec ted to another device. Link - OFF The port is disco nnected (e.g., the ca ble is pulled out, o[...]

  • Page 23

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 12 Max. of 30 characte rs You can set up to 4 email addresses to receive alarm emails from the Moxa switch. None Sen d Te st Em ail After you compl ete the email settings, yo u should first click Apply to activate those setting s, and then press the Te st[...]

  • Page 24

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 13 When relay war ning triggered by eithe r system or port events, adminis trator can decide to s hut down the hardw are warning buzzer b y clicking App ly butto n. The event still be recorde d in the event list. SettingC heck Setti ngCheck is a safety fu[...]

  • Page 25

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 14 If the user enable s the SettingCheck functio n with the Accessible IP l ist and the confirmer Timer is set to 15 seconds, then when the user click s the Activ ate button o n the access ible IP list page, the I ndustrial S ecure R outer will ex ecute t[...]

  • Page 26

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 15 TFTP Se r ver IP/Nam e Sett ing Descrip tion Facto ry Defa ult IP Address of TFTP Se rver The IP or name of the remote TFTP server . Must be config ured before downlo ading or upload ing files. None Configur ation Fil e Path a nd Name Sett ing Descrip [...]

  • Page 27

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 16 Upgrade Firm ware To import a firmware file into the Indus trial Secure R outer , cli ck Brow se to s elect a firmwa re file already saved on your computer . The upgrade procedur e will proceed automatically after clicki ng Import. This upgrad e proced[...]

  • Page 28

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 17 Enable Sett ing Descrip tion Factory De faul t Checked Allows d ata transmissio n through the port. Enabled Unchecked Immediatel y shuts off port access. Media Type Sett ing Descrip tion Factory De faul t Media type Dis plays the media type f or each m[...]

  • Page 29

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 18 Link Aggreg ation Link aggreg ation invo lves grouping links into a link aggregation g roup. A MAC client can treat link a ggregation groups as if they were a sing le link. The Moxa industria l secure router’s port trunking feature allow s devices to[...]

  • Page 30

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 19 Step 1 : Select the desir ed Trunk Group Step 2 : Select the desir ed Member Port s or Available Ports Step 3 : Use Up a nd Down to modify the Group Members Trunk G roup ( maxi mum of 4 trun k group s) Sett ing Descrip tion Factory De faul t Trk1, Trk2[...]

  • Page 31

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 20 Port Mi rroring Settings Sett ing Descrip tion Monitor ed Port Select the numb er of the ports whose network activ ity will be monitor ed. Multiple port selectio n is acceptable . Watch Direc tion Select o ne of the followi ng two watch directio n opti[...]

  • Page 32

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 21 Benefits of VLA Ns The main benef it of VLANs is that they provide a network segmentatio n system that is far more flex ible than traditio nal networks. U sing VLANs also provide s you with three other benefits: • VLANs e ase the r eloca tion of devi[...]

  • Page 33

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 22 802.1Q VLAN Settings Managem ent VLAN ID Sett ing Descrip tion Factory De faul t VLAN ID from 1 - 4094 A ssigns the VLAN ID of this Moxa sw itch. 1 Port Type Sett ing Descrip tion Factory De faul t Access Port type is used to co nnect single devices wi[...]

  • Page 34

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 23 Input multi port numbers in the “ Por t ” column, and Port Type, Tag ged VLAN I D, an d untagge d VLAN ID, and then click the Set to T able button to create VLAN ID configura tion table. VLAN Tab le Use the 802.1Q VLAN T able to review the VLAN gro[...]

  • Page 35

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 24 • It makes eff icient use of network bandw idth and scales well as the number of multicas t group members increases. • Works with o ther IP protocols and serv ices, such as Quality of Serv ice (QoS). Multicast trans mission m akes more sense and is[...]

  • Page 36

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 25 Snooping M ode Snooping Mode allows yo ur industrial s ecure router to forward multica st packets only to the appropriate por ts. The router snoops on exchanges between hos ts and an IGMP de vice to find those ports that want to join a multicast g roup[...]

  • Page 37

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 26 IGMP Snoopi ng IGMP Snoop ing provides the ability to prune multicast tr affic so that it travels only to those end destinations that requir e that traffic, ther eby reducing the amount of tr affic on the Ethernet LAN. IGMP Snoopi ng Settings Enable IG[...]

  • Page 38

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 27 The inform ation shown in the table includ es : • Auto Learne d Multicast Route r Port: This ind icates that a multicast r outer connects to/sends packe ts from these por t(s). • Static Multicas t Router Port: Displa ys the static multica st querie[...]

  • Page 39

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 28 Join Po rt Sett ing Descrip tion Factory De faul t Select/Desel ect Check mark the appropriate check boxes to select the join por ts for this multic ast group. None QoS and R ate Cont rol QoS Classific ation The Moxa switch supp orts inspectio n of lay[...]

  • Page 40

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 29 inspec ting 802.1p CoS tags in the MAC frame to determine the priori ty of each frame. Port Priority Sett ing Descrip tion Factory De faul t Port p riority The port pr iority has 4 prior ity queues. Low, norma l, medium, high pr iority queue option is [...]

  • Page 41

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 30 ToS/DSCP Mapping ToS (D SCP) V alue a nd Pr iority Queue s Sett ing Descrip tion Factory De faul t Low/Nor mal/ Medium/Hig h Maps different TOS values to 4 differ ent egress queu es. 1 to 16: Low 17 to 32: Norma l 33 to 48: Medium 49 to 64: High Rate L[...]

  • Page 42

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 31 Limit Bro adcast, Multicast, Flooded Unicast Limit Bro adcast, Multicast Limit Bro adcast Ingre ss/Egre ss Rate Sett ing Descrip tion Fac tory De fault Ingre ss/Egress Rate Select the ing ress/egress rate limit (% of max. throug hput) for all packets f[...]

  • Page 43

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 32 Inter face WAN VLA N ID Moxa I ndustrial Secure Ro uter ’ s WAN interface is configur ed by VLAN group. T he ports with the same VLAN can be config ured as one WAN interface. Connect ion Note that there are three different connectio n typ es fo r the[...]

  • Page 44

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 33 User Na me Sett ing Descrip tion Factory De faul t Max. 30 Character s The Log in username when dialing up to PPTP serv ice None Passwor d Sett ing Descrip tion Factory De faul t Max. 30 characters The p assword for d ialing the PPTP service None MPPE [...]

  • Page 45

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 34 Detaile d Ex plan ation of St atic IP Type Address Information IP Addre ss Sett ing Descrip tion Facto ry Defaul t IP Add ress The interf ace IP address None Subn et Ma sk Sett ing Descrip tion Facto ry Defa ult IP Add ress The sub net mask None Gat ew[...]

  • Page 46

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 35 Host Name Sett ing Descrip tion Facto ry Defa ult Max. 30 characters User - defined Host Name of this PPPoE serv er None Passwor d Sett ing Descrip tion Facto ry Defa ult Max. 30 characters The login pas sword for the PPPoE server None LAN Add a VLAN I[...]

  • Page 47

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 36 DHCP Ser ver The Industr ial Secure Router provides a DHCP (Dynamic Host Conf iguration Protoco l) server function for LAN interf aces. When configured , t he Indus trial Secure Router will automatically assign an IP address to a Ethernet device f rom [...]

  • Page 48

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 37 NOTE 1. T he DHCP Server is only available f or LAN interfaces. 2. Th e Po o l First/Last IP Ad dress must be in the same Subnet on the LAN. Static DHCP Use the Static DHCP list to ensure that devic es connected to the Industria l Secure Router always [...]

  • Page 49

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 38 DNS S erver Sett ing De scriptio n Factor y Defa ult IP Add ress T he DNS serve r for the selected de vice 0.0.0.0 NTP S erver Sett ing De scriptio n Factor y Defa ult IP Add ress T he NTP server for the selected d evice 0.0.0. 0 Clickable B uttons Add[...]

  • Page 50

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 39 ≥ 5min. T he lease time of the connec ted device None Defaul t Gate way Sett ing De scriptio n Factor y Defa ult IP Add ress T he default gateway for the conne cted device 0.0.0. 0 DNS S erver Sett ing De scriptio n Factor y Defa ult IP Add ress T he[...]

  • Page 51

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 40 SN MP Versi ons Sett ing Descrip tion Facto ry Defa ult Disabl e V1, V2c , V3, or V1, V 2c, or V3 only Select the SN MP protocol version used to manag e the secu re router . Disabl e Auth. Ty pe Sett ing Descrip tion Facto ry Defa ult MD5 Pr ovides aut[...]

  • Page 52

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 41 Access Co ntrol Sett ing Descrip tion Facto ry Defa ult Read/Write A ccess control typ e after match ing the co mmunity string Read /Write Read only (Pub lic MI B only) No Access Target IP Address Sett ing Descrip tion Facto ry Defa ult IP Add ress Ent[...]

  • Page 53

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 42 Secu rity User Inte rface Managem ent Enable MOX A Uti lity Sett ing Description Fac tory De fault Select/Desel ect Select the appropriate c heckboxes to enable MOXA Utility Selected Enabl e Telnet Sett ing Description Fac tory De fault Select/Desel ec[...]

  • Page 54

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 43 Authentic ation Certifi cate SSL Cer tificat e Re - generate Sett ing Descrip tion Factory De faul t Select/Desel ect Enable the SSL Cer tificate R e - generate Deselect SSH Ke y Re - generat e Sett ing Descrip tion Factory De faul t Select/Desel ect E[...]

  • Page 55

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 44 • Grant acc ess to one ho st with a specific IP address For example, e nter IP address 192.168 .1.1 with netmask 2 55. 255. 255.2 55 to all ow acc ess to 1 92.16 8.1. 1 only. • Grant acc ess to any hos t on a spec ific sub network For example, e nt[...]

  • Page 56

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 45 Port Statistic s Access the Monitor by selecting Mon ito r from the left selectio n bar. Monitor by System allow s the user to view a graph that show s the combined data transm ission activity of a ll of the Moxa industr ial secure router ’s por ts .[...]

  • Page 57

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 46 Event L og The Event Log Tabl e displays the following information: In d ex Event i ndex a ssigne d to identif y the e vent seque nce. Bootup This field show s how many times the Moxa switch has been r ebooted or cold star ted. Date The d ate is update[...]

  • Page 58

    Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 47 NOTE The follow ing events will be record ed into the Moxa industrial s ecure router’ s Event Log Table: • Cold sta rt • Warm start • Conf iguration cha nge activated • Power 1/2 transition (Off ( On), Power 1/2 trans ition (On ( Off)) • Au[...]

  • Page 59

    4 4. EDR- G90 2/G9 03 Series Fe atur e s a nd Functions  Overvie w  Configuring Basic Settin gs  Syste m Identificatio n  Accessible IP  Password  Tim e  SettingC heck  Syste m File Upda te —b y Remote TF TP  Syste m File Upda te —b y Local Impor t/Exp ort  Restart  Reset to Factory D efault  Netw ork Se ttin[...]

  • Page 60

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-2 Overvi ew The Overv iew page is divid ed into three ma jor parts : Interf ace Status, B asic func tion status , and Rece nt 10 Event logs , and gives u ser s a quick overview of the E therDevice R outer ’s c urrent setting s. Click More … at th[...]

  • Page 61

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-3 Click More … at the top of the Recent 1 0 Even t Log table to open the Event LogT abl e page. Configu ring Basic S ettin gs The Basic Settings gro up includes the most commonly used settings required by administr ators to maintain and contro l th[...]

  • Page 62

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-4 Maintai ner C ontac t Info Sett ing Descrip tion Facto ry Defa ult Max. 30 Character s Enter the contact informati on of the person responsible for maintaining this EDR - G90 3 None Web Con fi gura tion Sett ing Descrip tion Facto ry Defa ult http [...]

  • Page 63

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-5 Allowable Hosts In put Form at Ay host Disabl e 192.1 68.1. 120 192.1 68.1. 120 / 255.2 55.2 55.25 5 192.1 68.1. 1 to 192. 168.1.25 4 192.1 68.1. 0 / 255. 255. 255. 0 192.1 68.0. 1 to 192. 168.255. 254 192.1 68.0. 0 / 255. 255. 0.0 192.1 68.1. 1 to[...]

  • Page 64

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-6 Account Sett ing Descrip tion Facto ry Defa ult Admin “ad min” privileg e allows the user to modify all conf igurations. Admi n User “us er” privilege o nly allows viewing device configuratio ns. Passwor d Sett ing Descrip tion Facto ry Def[...]

  • Page 65

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-7 Current Time Sett ing Descrip tion Facto ry Defa ult User adj ustable Time The time param eter allows configur ation of the local time in local 24 - ho ur format. None (hh:mm:s s) Current Date Sett ing Descrip tion Facto ry Defa ult User adjusta bl[...]

  • Page 66

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-8 SettingC heck Setti ngCheck is a safety functio n for indus trial user s using a s ecur e r outer. I t provid e s a double co nfirm ation mechanism f or when a remote user change s the secur ity policies, s uch as Firew all filte r , NAT , and Acce[...]

  • Page 67

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-9 If the new configur ation does not block the connec tion from the re mot e user to the E therDev ice R outer, the user w ill see the Se ttingCheck Conf irmed pa ge , shown in the follo wing figure . C lick Confirm to s ave the config uration update[...]

  • Page 68

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 10 System F i le Up dat e —b y Remote TFTP The E therDe vice R outer supports saving your configur ation file to a remote TFTP server or loca l host to allow other E the rDevic e R outer r ou ter s to use the same configura tion at a later time, o[...]

  • Page 69

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 11 Log File C lick Ex por t t o export the Log file of th e E therDevic e R outer to the local host. NOTE Some operating syste ms will open the configur ation file and log file directly in the web page. In such cases, right clic k the Exp ort b utto[...]

  • Page 70

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 12 Networ k Setting s Mode C onfiguration Network M ode E therDevic e R outer pro vid es Rout er Mode and Bridge M ode operation for differ ent applications: Route r Mode In this mode , E therD evice R outer operates as a gateway between different n[...]

  • Page 71

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 13 WAN1 Configuration Connect ion Note that ther e are thre e different co nnection types fo r the WA N1 interf ace: Dynamic I P, Static IP , and PPPoE. A detaile d exp lanation of the config uration se ttings for each type is given below . Connecti[...]

  • Page 72

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 14 E xample : S uppose a remote user (IP: 10 .10.10.10) w ants to connect t o the inter nal server (private I P: 30.30. 30.10) via the PPTP protoco l. The IP address for the PPTP serv er is 20.20.20.1 . The n ecessar y c onfig uration settings a re [...]

  • Page 73

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 15 Gat eway Sett ing Descrip tion Facto ry Defa ult IP Add ress The Gateway IP ad dr ess No ne Detaile d Ex plan ation of PPPoE Type PPPoE Dialup User Na me Sett ing Descrip tion Facto ry Defa ult Max. 30 characters The User Name for logging in to t[...]

  • Page 74

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 16 Connec tion Type Sett ing Descrip tion Facto ry Defa ult Static IP, Dynamic IP, PPPoE Conf igure the connection typ e D ynamic IP Detaile d Ex plan ation of Dy nam ic IP Type PPTP Dialup Point - to - Point Tunnel ing Pro tocol is used for Virtual[...]

  • Page 75

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 17 DNS (Dom an Name Server ; optional setting f or Dyna mic IP a nd PPPoE types) Server 1/ 2/3 Sett ing Descrip tion Facto ry Defa ult IP Add ress The DNS IP Addr ess None NOTE The prior ity of a manual ly c onfigured D NS will higher than the DNS f[...]

  • Page 76

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 18 Subn et Ma sk Sett ing Descrip tion Facto ry Defa ult IP Add ress The sub net mask None Gat eway Sett ing Descrip tion Facto ry Defa ult IP Add ress The Gateway IP ad dr ess No ne Detaile d Ex plan ation of PPPoE Type PPPoE Dialup User Na me Sett[...]

  • Page 77

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 19 Using DMZ M ode A DMZ ( d emilitarize d z one) is an isolated netw ork for dev ices — such as d ata, FTP, w eb , and m ail server s connec ted to a LAN n etwo rk — that need to frequently connect with exter nal network s . The deploy ment of [...]

  • Page 78

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 20 LAN IP Co nfigu rat ion IP Addre ss Sett ing Descrip tion Facto ry Defa ult IP Add ress The LAN interf ace IP address 192.1 68.12 7.2 54 Subn et Ma sk Sett ing Descrip tion Facto ry Defaul t Comm unication Redundancy Moxa industr ial secur e ro u[...]

  • Page 79

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 21 WAN Bac kup Configurat ion Select Backup for the WA N2/ DMZ Connect Mode, and then go to the Netw ork Re dundan cy  WAN Bac kup se tting page for the WAN Backup config uration. Link Ch eck Sett ing Descrip tion Facto ry Defa ult Enable or Disa[...]

  • Page 80

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 22 Monitor You can monito r statistics in real time from the E therD evice R outer ’ s we b console . Monitor by S ystem Access the Monitor by selecting “ System ” from the left selection bar. Monitor by System allows the user to view a graph [...]

  • Page 81

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 23 System Log The indus trial secure route r prov ides Event L og and Sys l og functions to record impo rtant eve nts . EventL og Field Descrip tion Bootup This field show s how many times the dev ice has been reb ooted o r cold start ed. Date The d[...]

  • Page 82

    Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 24 DI trans ition (Off - > On) DI trans ition (On - > O ff) Cold star t Factory def ault Warm start System resta rt Warm start Firm ware U pgrade Warm start Conf iguration Upgrade Warm start NOTE The m aximum number o f e vent e ntries is 1000[...]

  • Page 83

    5 5. Routing The follo wing topics are covered in this chapter:  Unicast R outi ng  Static Routing  RIP (Routing Informatio n Protocol)  Routing Table[...]

  • Page 84

    Industri al Se cure Rout er U ser's Man ual Routing 5-2 Unicast R ou ting The Indus trial Sec ure R outer sup ports two routing m ethods: static routing and dynamic routing. Dy namic routing makes use of RIP V1/V1c/V2. You can either choos e one routing method, or combine the two methods to estab lish your routing tab le. A routing entr y incl[...]

  • Page 85

    Industri al Se cure Rout er U ser's Man ual Routing 5-3 Clickable B uttons Add For adding an entry to the Static Routing Table. Delet e For remov ing selected entrie s from the Static Routing Table. Modify For modify ing the content of a selected entry in the Static Ro uting Table . NOTE The entrie s in the Static Routing T able will not be ad[...]

  • Page 86

    Industri al Se cure Rout er U ser's Man ual Routing 5-4 RIP I nterfa ce T able (ED R - 810 ser ies o nly) Sett ing Descrip tion Factory De faul t Enable/D isable Check the checkb ox to enable RIP for each interf ace. Unch ecked Routing T able The Routing Table page shows all r outing e ntries. All Routi ng Entr y List Sett ing Descrip tion Fac[...]

  • Page 87

    6 6. Network Redundanc y The follow ing topics are covered in this chapter:  Lay er 2 R edundan t Pro tocol s (ED R - 810 se ries o nly)  Conf iguring STP/R STP  Conf iguring Turbo Ring V2  Lay er 3 R edundan t Pro tocol s  VRRP Settings[...]

  • Page 88

    Industri al Se cure Rout er U ser's Man ual Network R edun dancy 6-2 Layer 2 Red undan t Prot ocols (EDR - 810 series only) Configuri ng STP/RSTP The follow ing figures indic ate which Spanning Tr ee Protocol parame ters can be configured. A more detaile d explana tion of e ach parameter follows. At the top of this pag e, the user can check th[...]

  • Page 89

    Industri al Se cure Rout er U ser's Man ual Network R edun dancy 6-3 Hello time (sec.) Sett ing Descrip tion Factory De faul t Numeric al value input by user The root of the Spanning Tree topology p eriodically sends out a “hello” message to other devices on the network to check if the topo logy is healthy. The “hello time” is the amou[...]

  • Page 90

    Industri al Se cure Rout er U ser's Man ual Network R edun dancy 6-4 Configuri ng Turbo Ring V2 NOTE When using the Dual - Ring architectur e, users must config ure settings for both R ing 1 and Ring 2. In this case, the status of bo th rings will appear under “Cur rent Status.” Explanatio n of “Current Status” I tems Now Acti ve It s [...]

  • Page 91

    Industri al Se cure Rout er U ser's Man ual Network R edun dancy 6-5 Expl anati on of “Se ttings” Ite ms Redund ancy Pr otocol Sett ing De scriptio n Facto ry Defa ult Turbo Ri ng V2 S elect this ite m to change to the Tur bo Ring V2 conf iguration p age . None RSTP (IEEE 8 02.1W/ 802. 1D - 2004 ) Select this item to change to the RSTP con[...]

  • Page 92

    Industri al Se cure Rout er U ser's Man ual Network R edun dancy 6-6 Layer 3 Red undan t Prot ocols VRRP Setting s Virtual Ro uter Redundancy Pro tocol (VRRP) can solv e the problem with static co nfiguration. VRR P enables a group of routers to form a single vir tual ro uter w ith a vir tual IP ad dress . The LAN clients ca n then be config u[...]

  • Page 93

    7 7. Network Address Tra nslation The follow ing topics are covered in this chapter:  Network A ddress Tr anslati on (NA T)  NAT C onc ept  1- to - 1 NAT  N- to - 1 NA T  Port Fo rward[...]

  • Page 94

    Industri al Se cure Rout er U ser's Man ual N etwork Ad dress T ransl ation 7-2 Network Address Tr anslation (NAT ) NAT C oncept NAT (Network Address Transla tion) is a common secur ity function fo r chang ing the I P address during Etherne t packet transmission . When t he user wants to hide the internal I P addres s ( LA N) f r om the extern[...]

  • Page 95

    Industri al Se cure Rout er U ser's Man ual N etwork Ad dress T ransl ation 7-3 1- to - 1 NAT Se tting for EDR - G903 in Pr oduc tio n Line 1 1- to - 1 NAT Se tting for EDR - G903 in Pr oduc tio n Line 2 Enable/D isable NAT po licy Sett ing Descrip tion Facto ry Defa ult Enable or Disab le Enable or disab le the selected NAT policy No ne NAT M[...]

  • Page 96

    Industri al Se cure Rout er U ser's Man ual N etwork Ad dress T ransl ation 7-4 IP Add ress Select the Inter nal IP address in LAN /DMZ network area N one WAN IP (1 - 1 NAT typ e) Sett ing Descrip tion Facto ry Defa ult IP Add ress Select the ex ternal IP address in WAN network area N one NOTE The Indus trial Secur e R outer can obtain an IP a[...]

  • Page 97

    Industri al Se cure Rout er U ser's Man ual N etwork Ad dress T ransl ation 7-5 Interface (N - 1 mode) Sett ing Descrip tion Facto ry Defa ult Auto WAN1 WAN2 Select the Inter face for this NAT Polic y Auto The Ind ustrial Secure R outer prov ide s a Dual WAN backup functio n for network r edundancy. If the interface is set to Auto, the NAT Mod[...]

  • Page 98

    Industri al Se cure Rout er U ser's Man ual N etwork Ad dress T ransl ation 7-6 Enable/D isable NAT po licy Sett ing Descrip tion Facto ry Defa ult Enable or Disab le Enable or disab le the selected NAT policy Enabl ed NAT Mo de Sett ing Descrip tion Facto ry Defa ult N-1 1-1 Port Fo rward Select the NA T types N-1 Interface (Port Forward mode[...]

  • Page 99

    8 8. Firewall The follow ing topics are covered in this chapter:  Policy Co ncept  Policy Overvie w  Policy Co nfiguratio n  Layer 2 Policy Setup (Only in Bridge Mode for EDR - G 902/G 903)  Quick A utomation Profile  Policy C heck  Modbus TCP Polic y  Den ial of S ervic e (DoS) D efense[...]

  • Page 100

    Industri al Se cure Rout er U ser's Man ual Firewall 8-2 Policy C oncept A f irewall dev ice is common ly used to prov ide secu r e traffic contro l over an Ethernet n etwo rk , a s illustrated in the f ollowing f igure . F irewall dev ice s are deploy ed at critical point s betw een an e xternal network ( the non - secure p ar t ) and an i nt[...]

  • Page 101

    Industri al Se cure Rout er U ser's Man ual Firewall 8-3 Enable Sett ing Descrip tion Facto ry Defa ult Enable or Disab le Enable or disab le the selected Firew all policy Enab led Interface From/To Sett ing Descrip tion Facto ry Defa ult All (WAN1 /WAN2/LAN) Sele ct the From Interfac e and To interface From All to All WAN1 WAN2 LAN Quick Auto[...]

  • Page 102

    Industri al Se cure Rout er U ser's Man ual Firewall 8-4 Destin ation IP Sett ing Descrip tion Facto ry Defa ult All (I P Address ) This Firew all Policy will check all Destination I P a ddre sses in the packet All Single (IP Ad dress) T his Fire wall Polic y will check single D estinatio n IP addres ses in the packet Range (IP Address) This F[...]

  • Page 103

    Industri al Se cure Rout er U ser's Man ual Firewall 8-5 detail ed des cription Ether Type Sett ing Descrip tion Factory De faul t 0x060 0 to 0x FFFF When Protoc ol is set to “ Manual ” you can set up Ether T ype manually None Ta r get Sett ing Descrip tion Factory De faul t Accept The packet will pas s the Firewall when it match es this F[...]

  • Page 104

    Industri al Se cure Rout er U ser's Man ual Firewall 8-6 Quick Automa tion Profile Ethernet Fieldbus prot ocol s are popular in i ndustr ial automation app lications. In fact, ma ny Fieldbus p rotocols (e.g., EtheNe t/IP and Modbus TCP/IP) c an operate on an industrial Ether net network, w ith the Ethernet port number define d by IANA (Interne[...]

  • Page 105

    Industri al Se cure Rout er U ser's Man ual Firewall 8-7 Modbus TC P/IP (TCP) 502 Modbus TC P/IP (UDP) 5 02 PROFInet RT U nicast (TCP) 34962 PROFInet R T Unic ast (UDP) 3 4962 PROFInet RT Multic ast (TCP) 34963 PROFInet RT Multic ast (UDP) 3 4963 PROFInet Co ntext Manager (TCP) 3 4964 PROFInet Co ntext Manager (UDP) 34964 IEC 608 70 -5- 104 (T[...]

  • Page 106

    Industri al Se cure Rout er U ser's Man ual Firewall 8-8 Policy Chec k The Ind ustrial Secure R o uter supports a Poli cyCheck function for maintain ing the f irewall polic y list. The Policy Check functio n detect s firewall policies that may b e configured incorr ectly . Policy Check prov ides an auto d etection f unction for detect ing comm[...]

  • Page 107

    Industri al Se cure Rout er U ser's Man ual Firewall 8-9 Include: Pol icy [X ] is includ ed in Policy [Y ] The Source/D estination IP range or Source /Destination por t number of policy [X] is less than or equal to policy [Y], and the ac tion target (Accep t/Drop) is the same. In this case p olicy [X] will incr ease the loading of the Indus tr[...]

  • Page 108

    Industri al Se cure Rout er U ser's Man ual Firewall 8- 10 Modbus TCP Policy Modbus TCP is a Modbus protoc ol used for communications over TCP/IP network s, connecting o ver port 502 by defaul t . Some have experim ented with using Mo dbus over UDP o n IP networks, which r emoves the over heads require d for TCP. The following tab le shows the[...]

  • Page 109

    Industri al Se cure Rout er U ser's Man ual Firewall 8- 11 Enable/D isable Mo dbus P olicy Setting Descrip tion Factory Def ault Enable or Disab le Enable or disab le the selected Modbus policy Enabled Interface From/To Sett ing Descrip tion Factory De faul t All (WAN/LA N) Select the Fr om Interf ace and To interface From A ll to All WAN LAN [...]

  • Page 110

    Industri al Se cure Rout er U ser's Man ual Firewall 8- 12 Destin ation IP Sett ing Descrip tion Factory De faul t All (I P Address ) This Modbus polic y will check all Destination I P addresses i n the packet. All Single (IP Ad dress) T his Modb us policy will check single Destination I P addresses in the packet. Range (I P Add ress) This Mo [...]

  • Page 111

    Industri al Se cure Rout er U ser's Man ual Firewall 8- 13 Denial of Servi ce (DoS) Defense The Ind ustrial Secure Ro uter provides 9 differ ent DoS functio ns for detect ing or def in ing abnor mal packet format or traff ic flow. The Industr ial Se cure R outer w ill drop the packets when it detects an abnormal packet for mat. The I ndustrial[...]

  • Page 112

    Industri al Se cure Rout er U ser's Man ual Firewall 8- 14[...]

  • Page 113

    9 9. Virtual Pri vate Network ( VPN) The follow ing topics are covered in this chapter:  Overvie w  IPSec Co nfig uration  Global Settings  IPSec S ettings  IPSec S tatus  X.509 C ertificate  L2TP Server (Lay er 2 Tunnel Proto col)  L2TP Confi guration  Examples f or Typic al VPN Applicatio ns[...]

  • Page 114

    Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-2 Overvi ew In this sectio n we descri be how to use the Indus trial Secure R outer to build a secure Remote Automati on network with the VPN (Virtual Private Network ) feature. A VPN provides a highly cost e ffective solution of establis hing secure tunnels , so tha[...]

  • Page 115

    Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-3 All IPSec Connec tion User s c an Enable or Disable all VPN servic e s with this conf iguration . NOTE The factory default s etting is Disab le, so when the user wants to use VPN function, mak e sure the setting is enabled . IPSec NAT -T If there is an external NA [...]

  • Page 116

    Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-4 Name o f VPN Tunne l Sett ing Descrip tion Factory De faul t Max. of 16 characte rs User defined name of this VPN Tunnel. None NOTE T he first charac ter cannot b e a number. L2TP over IPSec E nable or Disable Sett ing Descrip tion Factory De faul t Enable or Disab[...]

  • Page 117

    Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-5 ID ID for indentify ing the VPN tunnel connec tion. T he Local ID must be equal to the Remote ID of the VPN Gateway . Otherwise , the VPN tunnel can not b e established. None Key Exchange ( IPSec phase I) IKE Mo de Setting Descrip tion Factor y Defa ult Main In “[...]

  • Page 118

    Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-6 MD5 SHA1 SHA256 DH Grou p Setting Descrip tion Factor y Defa ult DH1(m odp 768) DH2(m odp 1024) DH5(m odp 1536) DH14( modp 204 8) Diff ie - Hellman gro ups ( the Key Exchang e group between the Remote and VPN Gateway s) DH2(m odp 1024) Negotia tion Time Setting Des[...]

  • Page 119

    Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-7 AES - 128 AES - 192 AES - 256 Hash Alg orit hm Setting Descrip tion Fac tory Defa ult Any MD5 SHA1 SHA256 Hash Algor ithm in data exchange SHA1 Dead Peer Detec tion Dead Pee r Detect ion is a mech anism t o detect whether or not the co nnection betw een a local sec[...]

  • Page 120

    Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-8 1. Root Cer tificate genera tion. Both EDR - G903 (A) and EDR - G903(B) need to generate their own root certificates. 2. EDR - G903( A) an d E DR - G9 03(B) c an requ est new certifications base d on their own Root Ce rtificate s. 3. Gener ate PKCS#12 local certifi[...]

  • Page 121

    Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-9 NOTE The default se tting for Certificate D ay is 0, which means that the certificati on will not be terminated unless modif ied by the user. Certificat e Setting After R oot Cer tificatio n is activate d, the us er can generate d ifferent certif ications for diff [...]

  • Page 122

    Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9- 10 Remote Certific ate Upload Upload the .crt R emote cer tificate o n this page. Lab el : Us er d efin e d name f or this lo cal cer tificate Name/S ubject : Show the Name and subject when the certific ate is imported successfully or t he user select s a certific a[...]

  • Page 123

    Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9- 11 Login User Name Sett ing Descrip tion Factory De faul t Max. to xx characte r. User Name for L2TP connec tion NULL Login P assw ord Sett ing Descrip tion Factory De faul t Max. to xx characte r. Password fo r L2TP connection NULL Examples for Ty pical VPN Ap plic[...]

  • Page 124

    Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9- 12 L2TP for Remo te User Ma intenance The follow ing exa mpl e show s ho w a Roaming user use s L2TP over IPSec to connect to the remo te site network. VPN Plan • A ll communicatio n from the Roaming user ( n o f ixed IP) to the R emote site Network (100.10 0.3.0/[...]

  • Page 125

    10 10. Diagnosis The Ind ustrial Secure R o uter provides Ping tools and LLD P for administr ators to diagnose ne twork systems. The follow ing topics are covered in this chapter:  Ping  LLD P[...]

  • Page 126

    Industri al Se cure Rout er U ser's Man ual Diagno sis 10 -2 Ping The Ping functio n uses the ping comm and to gi ve users a simple but powerful tool for troubles hooting network proble ms. The function’s most unique f eature is that even though the ping command is entered from the user’s PC keyboard , the actual ping com mand originates f[...]

  • Page 127

    Industri al Se cure Rout er U ser's Man ual Diagno sis 10 -3 LLDT Table Port: The por t number that connects to the neighbor d evice. Neighbor ID: A unique e ntity that identifie s a neighbor device; this is typically the MAC addres s. Neighbor P ort: The port number of the neighbor device. Neighbor Por t Descrip tion: A textual desc ription o[...]

  • Page 128

    A A. MIB Groups The Ind ustrial Secure R outer comes w ith built - in SNMP (S imple Ne twork Manageme nt Protocol) ag ent software that suppor ts cold start trap , line up/down trap, and RFC 1213 MIB - II. The standar d MIB groups that the Indus trial Secure R outer series suppo rt are: MIB I I.1 – Syste m Grou p sy sOR T abl e MIB I I.2 – I nt[...]

  • Page 129

    Industri al Se cure Rout er U ser's Man ual MIB Group s A-2 The Ind ustrial Secure R outer also provides a MIB file, locate d in the file “Moxa - EDR G903 - MIB.my” on the Indus trial Secure R outer S eries utility CD - ROM for SNMP trap message interpretatio n[...]