Dr. Neuhaus TAINY IQ-LTE, User Manual

Page 1: ...TAINY IQ LTE User Manual ...

Page 2: ... registered trademark of Sagemcom Dr Neuhaus GmbH All other trademarks and product names are trademarks registered trademarks or product names belonging to the respective owner All deliveries and services are provided by Sagemcom Dr Neuhaus GmbH on the basis of the General Terms and Conditions of Sagemcom Dr Neuhaus GmbH in the respective valid version All information is based on manufacturer s sp...

Page 3: ...or user names passwords and other inputs 36 4 4 Establishing a configuration connection 36 4 5 Terminating a configuration connection Logging out 38 5 STATUS OVERVIEW 39 5 1 Get a Status Overview 39 5 2 Get the Cellular Network Status 41 5 3 Get the DSL Cable Status 43 5 4 Get the VPN Status 45 5 5 Get the LAN Status 46 6 WAN SETTINGS 47 6 1 Select the Default WAN Setup 47 6 2 List Add Delete WAN ...

Page 4: ...02 11 3 Export the Logbook 103 11 4 System Logs 104 12 MANAGE USERS ENABLE DISABLE SNMP ACCESS 105 12 1 Configure Operator and Guests Access Rights 107 12 2 Configure TACACS 108 12 3 Configure RADIUS 109 13 CERTIFICATES 111 13 1 Device Certificates 111 13 2 Remote Certificates 117 14 SYSTEM 119 14 1 Select the System Language 119 14 2 Enter manually Date and Time 120 14 3 Force a Factory Reset Man...

Page 5: ...etwork The TAINY IQ LTE provides this connection anywhere a UMTS network Universal Mobile Telecommunication System 3rd generation mobile communications network a LTE network Long Term Evolution 4th generation mobile communications network or a GSM network Global System for Mobile Communication mobile communications network which provides IP based data service is available For UMTS this means the H...

Page 6: ...onnection via HSPA UMTS E GPRS Local network External network Local application Admin PC Local application Admin PC External remote station LTE HSPA UMTS E GPRS TAINY Local network Network connected to the local interface of the TAINY IQ LTE The local network contains at least one local application Local interfaces ETH 0 ETH 1 10 100 Base T Interfaces of the TAINY IQ LTE for connection of the loca...

Page 7: ...are available VPN gateway Component of the external remote network that supports DM VPN and IPsec and which is compatible with the TAINY IQ LTE Remote network External network with which the TAINY IQ LTE is establishing a VPN connection Mobile communications network Infrastructure and technology for wireless mobile verbal and data communication The TAINY IQ LTE is designed for use in LTE UMTS mobi...

Page 8: ... GPRS or LTE or DSL and a direct VPN to an external network Externe Gegen stelle APN Lokale Applikation Router Firewall Kabellose IP Verbindung via LTE HSPA UMTS E GPRS Direktes VPN zur IP mobiler Funkdienst Lokale Applikation Lokale Applikation Lokales Netzwerk Externes Netzwerk LTE HSPA UMTS E GPRS TAINY Scenario 3 Connection via HSPA UMTS EGPRS or GPRS or LTE or DSL and the Internet to an exter...

Page 9: ...ust as if they had a direct local connection to the external network Scenario 5 Connection via DSL and or mobile communication via the internet o an external network or redundancy by VRRP INTERNET Router Firewall IP Verbindung via DSL Mobilfunk Lokales Netzwerk Externes Netzwerk Lokale Applikation Lokale Applikation Lokale Applikation Externe Gegen stelle TAINY TAINY Router Firewall Router Firewal...

Page 10: ...likation Externe Gegen stelle Router Firewall Service Gegen stelle VPN Tunnel Service VPN Tunnel abschaltbar ON OFF VPN Schalter VPN Leuchtmelder VPN Benachrichtigung INTERNET TAINY Router Firewall DSL LTE Servicetechniker Wartung Havarie IPsec VPN Constant VPN connection and disengageable VPN service access switchable via digital input and messaging by email and signal lamp ...

Page 11: ...Introduction TAINY iQ Page 11 of 147 1 4 Controls 1 24V Power Input 2 MIMO Antenna System 3 8 Signal lamps 4 Service Button 5 8 RS232 Interface 6 Digital Input Output 7 Ethernet Ports ...

Page 12: ...n order to install configure and use the mobile router correctly in any scenario described Also pay attention to the security advices and chapter in this manual as infringing the provision might cause harm to the user as well as the device General Web configuration interface in English and German also adjustable Port HTTPS Export and import of the router configuration Reset to factory settings Pla...

Page 13: ...dynamic VRRP Priorities VPN features IPsec IKEv1 max 10 simultaneous tunnel connections guaranteed Server or Client Main Aggressive Mode Authentication Modi Pre Shared Key Receiver certificate CA certificate Cryptographic technique 3DES AES 128 AES 192 AES 256 HASH technique MD5 SHA 1 SAH 256 SAH 384 SAH 512 NAT Traversal Dead Peer Detection DPD DM VPN Dynamic Multipoint VPN GRE NHRP Firewall feat...

Page 14: ...es individual addresses to destination address Port implementation oder transfer Classification of Port forwarding according to protocol TCP UDP Unknown data traffic can be forwarded to a defined destination addres Exposed Host MAC Tables MAC Address can be allocated to a defined Ethernet Port Logging in a separate Firewall Log analysis of the entire data traffic ...

Page 15: ...ded application in the data sheets and in this document Proper transport storage set up and assembly as well as careful operation and service are prerequisite for a fault free and safe operation of the product 2 2 Unintended Use Do not use TAINY IQ LTE without a secure backup in any application which malfunctions could lead to property damage fatal injuries or death 2 3 Qualified Personnel This de...

Page 16: ...result in death or serious injury Warning Indicates a hazardous situation that if not avoided could result in death or serious injury Caution Indicates a hazardous situation that if not avoided will result in minor or moderate injury Caution Indicates a hazardous situation that if not avoided could result in property damage or loss Attention Indicates that an undesired result could occur if the gi...

Page 17: ...f the cables connected to the device are damaged Never connect the device to damaged cables Do not install or operate device outdoors Do not install or operate device in a damp environment Never use device for any other then the intended use Keep device out of reach of children Qualified personnel Danger Risk of fatal injury by electric shock due to lack of knowledge Installation and operation mus...

Page 18: ...stated in the data sheet Only assemble and disassemble device as described in the manual Transport and store device with great care Handling cables Warning Risk of electric shock due to wrong handling of cables Never remove the plug from the socket by pulling the cable always pull the plug Never route cables over sharp edges or corners without an edge guard Ensure sufficient strain relief for the ...

Page 19: ...this device must always be placed and operated at least 20 cm away from people Warning Risk of property damage due to demagnetization Do not store diskettes credit cards or any other magnetic data carrier in the vicinity of the device Caution Risk of breach legal regulations and interference with other transmitters Mind the limit of public exposure to electromagnetic fields 0 hertz to 300 gigahert...

Page 20: ...ery or rechargeable battery Warning Risk of damaging the device due to false supply Use only power supplies that are conform to the standard IEV EN 62368 1 Annex Q Limited Power Source The external power supply must also comply with the requirements for NEC Class 2 circuit as defined in the National Electric Code ANSI NFPA 70 In port and switching output Warning Risk of property damage or injuries...

Page 21: ...isk of additional financial costs Bear in mind that the exchange of data packages is subject to charges whether a connection to a remote station is maintained or re established Unsuccessful attempts to connect to incorrect addresses or switch off remote stations are subject to charges ...

Page 22: ...ist of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgement This product includes software deve...

Page 23: ...ure to understand and follow them 2 3 3 Also familiarise yourself with the control elements connections and operating state indicators of the TAINY IQ LTE before installation 1 4 Disconnect the TAINY IQ LTE from the power supply 3 5 Connect the web browser of your pc to the local interface 10 100 BASE T of the TAINY IQ LTE 4 6 Enter the PIN s personal identification number of the SIM card s into t...

Page 24: ...r two antennas as described in chapter 3 5 Power supply A 24 V installation See chapter 3 3 SIM card A SIM card from the chosen GSM network operator PIN The PIN for the SIM card HSPA UMTS EGPRS GPRS activation The services LTE HSPA UMTS data and or EGPRS or GPRS must be enabled on the SIM card by your mobile communications network provider The access data must be known Access Point Name APN User n...

Page 25: ...he external installation being connected to the TAINY IQ LTE connects a signal of the In port and switching output galvanically to a power supply signal of the TAINY IQ LTE the voltage between each signal of the In port and switching output and each signal of the power supply may not exceed 60V Terminals Cross section rigid flexible 0 2 2 5 mm AWG 24 14 Isolation stripped length L 7 mm Locked torq...

Page 26: ...tennas Please make sure that during operation always an antenna is connected to the TAINY IQ LTE Requirements for the antenna Passive azimuthally omnidirectional vertical polarisation gain 1 5 dBi VSWR 2 0 1 impedance 50 Ω matched for the used frequency bands See chapter 18 for a list of supported frequency bands Which frequency bands are actually used at the location is dependent on the country a...

Page 27: ...signal of the In port and each signal of the power supply may not exceed 60V Switching output O1a O1b The TAINY IQ LTE has a switching output The screw terminals are designated O1a O1b UMax 30 V IMax 20 mA This port is the Switching Output for WAN Setup Operation Rules see chapter 6 3 When the switching output is active the switch is closed Warning Risk of injuries or property damage due to false ...

Page 28: ... to be received by DTE data negative logic A Data A RS485 interface This feature is currently not supported B Data B RS485 interface This feature is currently not supported GND Ground Common ground connection 3 8 Signal lamps Signal lamps The TAINY IQ LTE is equipped with a set of signal lamps for display of the operating status Power Supply Signal LED Status Meaning POWER Always OFF No supply vol...

Page 29: ... Field strength moderate Flash 3 times with interval Field strength good Constantly ON Field strength very good Constantly OFF Field strength info not available C Connect Always OFF No connection Flash 1 time with interval GPRS EDGE connection Flash 2 times with interval LTE UMTS connection Flash 3 times with interval LAN connection VPN and IO Status Signals LED Status Meaning VPN Constantly OFF N...

Page 30: ... Meaning Green Constantly ON Link established Constantly Off No link established Yellow Flashing Data transfer 3 9 Service button There is a small hole on the front side of the TAINY IQ LTE where a button is located Use a thin object such as a straightened paper clip to press the button When you press the button during operation for longer than 5 seconds the factory configuration is loaded ...

Page 31: ...the device Right next to each drawer for the SIM card in the housing aperture there is a small yellow button Press on this button with a pointed object for example a pencil When the button is pressed the SIM card drawer comes out of the housing 3 Place the SIM card in the drawer so that its gold plated contacts remain visible 4 Then push the drawer with the SIM card completely into the housing and...

Page 32: ...ut Output terminal or 24V terminal must be covered to avoid accidental touch of voltage carrying parts Prohibit the intrusion of foreign bodies e g screws paper clips or other metal parts At the rear side the TAINY IQ LTE has a notch D to hook it at the top of the cap rail One metal spring fastener C locks the TAINY IQ LTE at the bottom of the cap rail It can be released again by pulling the down ...

Page 33: ...Installation TAINY iQ Page 33 of 147 Unmounting Use a flat head screw driver to pull down the cap rail fixation C until the TAINY IQ LTE is detached Mounting Position of the cap rail mm ...

Page 34: ...the tab bar as shown in the left text column throughout this manual only reflects the tab in question Please also bear in mind that not all tabs of all TAINY IQ LTE types contain the same information or configuration possibilities in the dialog box Again see the left text column of this manual for the corresponding device types Note Please remember that the names you enter for a new network i e in...

Page 35: ...ess to the TAINY IQ LTE via the local network By default the LAN port ETH1 of TAINY IQ LTE is part of the local network with the IP address 192 168 1 1 and Subnet mask 255 255 255 0 So you have to do the following settings for your PC The network adapter of the computer Admin PC that you use to carry out configuration must have the following TCP IP configuration IP address 192 168 1 2 Subnet mask ...

Page 36: ...e Web browser e g MS Internet Explorer version 11 or later or Mozilla Firefox version 37 or later Chrome version x or later Enter the full TAINY IQ LTE address in the address line of the browser The factory setting is https 192 168 1 1 Result A security message appears In Internet Explorer 7 for example it is the following Confirm the security message Acknowledge the corresponding safety message w...

Page 37: ... Log In Note To register successfully on the TAINY IQ LTE activate the cookies in your browser Note The registration screen will open a selection menu in which the registration can be made via TACACS RADIUS or the normal local registration The initial local registration process is described below which is used when commissioning the device For further information on registration via TACACS see cha...

Page 38: ... Log Out button at the top right of the screen to sign out manually This will terminate the configuration connection to TAINY IQ LTE The webserver will return to the start screen In order to re establish the configuration connection you have to enter your user name and password again Please refer to chapter 4 4 ...

Page 39: ...sful log in to the TAINY IQ LTE s web user interface select Status from the menu bar at the top left An overview of the current operating status of TAINY IQ LTE appears It displays the status of the WAN connection DSL Cable Interface Cellular Interface Active LAN Interface Data Volume Consumption Note The displayed values are automatically refreshed by the TAINY IQ LTE ...

Page 40: ...hed They will be reset when the connection is re established IPv4 and IPv6 addresses Displays the IPv4 provided by the provider and if assigned the IPv6 address Data Volume Consumption Define in which time interval the value of the data volume consumption is set back to zero The default setting is monthly at the first day of each month To change the settings select another interval from the dropdo...

Page 41: ...CI ICCID IMEI see Glossary Note The displayed values are automatically refreshed by the TAINY IQ LTE Bytes Received Bytes Sent Indicates the number of received or sent bytes since the connection has been established The counters will be reset when the connection will be re established Cellular Module Type Cellular Module Firmware Version The TAINY IQ LTE is equipped with a cellular module which ac...

Page 42: ...ether the Internet provider used supports the assignment of IPv6 addresses in the mobile data network Accessibility with IPv6 from the Internet depends on the mobile operator and the contract with the operator Mobile operators may require private access point name APN for the use of outgoing and incoming IPv6 connections In addition the mobile radio settings IPv6 support must be activated With the...

Page 43: ...ion Network IPv4 addresses and network IPv6 addresses The IPv4 address provided by the provider and if assigned the IPv6 address with the associated name servers for IPv4 and IPv6 are displayed Bytes Received Bytes Sent Indicates the number of received or sent bytes since the connection has been established The counters will be reset when the connection is re established IP addresses Displays the ...

Page 44: ... IPv6 address on the DSL cable interface It should be noted that the operating mode setting of the WAN interface has been activated as an additional LAN interface Under the WAN setup settings the operating mode of the WAN setup must be set to both interfaces or at least the DSL cable interface ...

Page 45: ...e party Connected Yes connection is established or No connection is not established SA Type Defines the convention connection two communicating entities use within a secure network Static Indicates a connection that is configured and established by TAINY IQ LTE Dynamic Indicates a connection that is established externally by the other entity Connected Since Displays the timestamp of the connection...

Page 46: ... IP addresses Displays the IPv6 address provided by the provider and the link Local IPv6 address starting with fe80 The IPv6 address es are only displayed if the IPv6 operating mode has been activated under the LAN interface setting Dynamic MAC Table Indicates the MAC address es of connected clients or the static MAC table DHCP Clients Indicates LAN devices which have retrieved an IP address from ...

Page 47: ...p n You may organize several WAN setups with different settings and select one of it as the default setting Click on the WAN tab and select WAN Settings to open the screen Reset WAN Connection This configuration page provides options to create different WAN Setups select the default WAN Setup and reset a WAN Connection General WAN Settings In the General WAN Settings column you select the Current ...

Page 48: ... select WAN Settings to open the screen Setup 1 or created Setups WAN Setups All existing WAN Setups are listed in this column You can add or delete WAN Setups To add a new WAN Setup Enter a name in the Setup entry field and press the Add button The new WAN Setup will appear in this list and in the menu ...

Page 49: ...nd confirm with Activate WAN Setup Operation Mode You can either select one of the interfaces Cellular or DSL Cable to be responsible for establishing the WAN Connection Or you select both interfaces in parallel Having selected both however you need to priorities either Cellular or DSL Cable TAINY IQ LTE will then always try the prioritised interface first to establish the WAN Connection In case i...

Page 50: ...sition at the In Port Add edit or delete Rules for WAN Setup Operations in this section To add a new rule enter a name and click the Add button The new rule will appear in this list To define or modify the rule click the Edit button Select the desired action from the List of Actions e g Send Email SNMP Trap Send Snapshot You will find the parameters you need to set explained in the tables Selectab...

Page 51: ...lied Action triggered Example as shown above Condition If the Connection to WAN is Inactive for 3600 seconds Action Restart the WAN Interface Rule Settings Periodically as long as the condition is fulfilled within a waiting time of 300 seconds If the WAN connection is inactive for 3600 seconds the TAINY IQ LTE resets the WAN interface This will be done periodically each 300 seconds until the WAN c...

Page 52: ...ned period of time Timeout SIM 2 Data Volume kB Counter Value Cellular in case the value is equal higher or lower than the entered value or within the entered range for the defined period of time Timeout DSL Cable Data Volume kB Counter Value DSL Cable in case the value is equal higher or lower than the entered value or within the entered range for the defined period of time Timeout Cellular Conne...

Page 53: ... Counters Influenced by Rules Counter 1 5 Operator Value Timeout in case the Counter is equal higher or lower the entered value or within the entered range for the defined period of time Timeout Selectable Actions Action Parameter Description System Reboot n a The TAINY IQ LTE performs a system reboot Changeover WAN Setup WAN Setup Name The TAINY IQ LTE switches to the WAN Setup determined by the ...

Page 54: ...selected Counter 1 5 will be decreased by 1 Set Counter Counter Value The selected Counter 1 5 will set to the value determined by the value parameter Selectable Rules Rule Parameter Description Every time the condition is fulfilled n a The action will be performed when the condition switches from not fulfilled to fulfilled The first time the condition is fulfilled n a The action will be performed...

Page 55: ...e screen General Cellular Interface Settings Select the SIM Card Slot and configure the parameter being applied to the selected SIM SIM PIN Enter the PIN of the SIM in the selected SIM Slot Network Selection Select if the TAINY IQ LTE shall automatically register to the most advanced network type being supported and available Preferred 4G Fallback 3G Fallback 2G ...

Page 56: ... communication with this SIM via the cellular interface The device registers into network but does not attach to the data service Allow Roaming Enable Disable roaming Intervall for network status refresh Intervall for refreshing of the quality data of the radio connection value range 5 300 seconds List of Operator Configurations The list is only visible if the Operator Configuration Mode is set to...

Page 57: ...n Celluar Network Status page provided the SIM card is inserted or in the information documents of your UMTS or GSM GPRS provider or on the provider s homepage You can also ask the provider s hotline Kwan Interface keyword MCC MNC Operator Configuration for Manual Configuration Only applicable if the Operator Configuration Mode is set to Manual Configuration The Operator Configuration is required ...

Page 58: ...ine up to 6 Name Servers IPv4 and IPv6 manually You can specify IPv4 and IPv6 name servers IPv6 Enable IPv6 Support You can set whether the mobile service provider should request an IPv6 address Select Request IPv6 address from Provider If an IPv6 address is not required select the IPv6 Support Disabled setting The IPv6 addresses of the mobile service provider are normally unique addresses worldwi...

Page 59: ...ss is omitted On the website Mobile Status you can see if an IPv6 address has been obtained If so an additional entry appears with the note Network IPv6 Address and Primary IPv6 Name Server In addition an IPv6 name server is normally also obtained from the mobile service provider This gives the TAINY IQ the ability to resolve hostnames in IPv6 destination addresses 6to4 tunnel With the Enable IPv6...

Page 60: ...terface With PPPoE DHCP will first try to connect with PPPoE if this fails it will try DHCP With DHCP PPPoE it will work vice versa In case of a PPPoE connection enter the Username and the Password It is possible to change the Mode of the interface Select the required mode from the dropdown list Automatic 100M Full Duplex or 100M Half Duplex 10M Full Duplex or 10M Half Duplex To shut down the enti...

Page 61: ...e LAN interface only displays the Link Local Address of the TAINY IQ valid within closed network segments The format prefix of the link local address is fe80 64 On the LAN status web page you can see under the entry IPv6 Address es which IPv6 address es has been set DHCP Settings DHCP Operation The TAINY IQ LTE provides a DHCP server function or a DHCP relay function If the DHCP server function is...

Page 62: ...y to a new value Adjusted VRRP Priority In case of an active WAN or VPN connection VRRP IP Address List IP addresses of the VRRP TAINY IQ LTEs IP Address Configuration Hostname Assignment Hostname IP Address The TAINY IQ LTE allows assigning IP addresses of remote stations to hostnames Using this function applications connected to TAINY IQ LTE s LAN interfaces address these remote stations by the ...

Page 63: ...If the TAINY IQ LTE shall automatically select the right logical interface select PPPoE DHCP or DHCP PPPoE With PPPoE DHCP will first try to connect with PPPoE if this fails it will try DHCP With DHCP PPPoE it will work vice versa In case of a PPPoE connection enter the Username and the Password Click button Save WAN Interface Operation Mode Manual configuration For manual configuration select the...

Page 64: ...IPv4 configuration To do this select Yes in the Enable IPv6 support menu Enable IPv6 Support Yes IPv4 Adress Enter an IPv4 address for the WAN interface IPv4 Subnet Mask Enter an IPv4 subnet mask for the WAN interface IPv4 Default Gateway Enter here the IPv4 gateway address via the TAINY IQ forwards the IPv4 data packets IPv6 Adress Enter an IPv6 address for the WAN interface IPv6 Prefix Enter the...

Page 65: ...ttings TAINY iQ Page 65 of 147 IPv6 Name Server Enter an IPv6 name server for the resolution of hostnames to IPv6 addresses MTU Here changes to the maximum transmission unit MAC layer can be made if necessary ...

Page 66: ...ossible Default Gateways Select Yes to Route all WAN traffic over a Default Gateway in a DM VPN Network The Default Gateway needs to be part of the List of Possible Default Gateways Select Yes if the TAINY IQ LTE shall monitor the availability of the Default Gateway by ICMP pings and switch to the next gateway in case the used one is not reachable DM VPN Networks Click the Add button to define a n...

Page 67: ...e MTU size defined in chapter Fehler Verweisquelle konnte nicht gefunden werden Please observe that the GRE protocol increases the size of data packets NHRP Settings Operating Mode Select whether the TAINY IQ LTE shall act as a NHRP spoke or hub Please observe that there may only be one hub in the DM VPN Holding Time Only applicable if Spoke mode is selected The holding time for registration reque...

Page 68: ...tribution of Multicast Packets in the DM VPN Enable Authenticati on Select Yes if the TAINY IQ LTE shall authenticate itself at the remote NHRP station In this case enter an authentication key Disable NHRP Purge If No is selected the TAINY IQ LTE in Spoke mode sends after a re registration a request to the hub to clean up formerly stored routing data of the TAINY standard implementation If Yes is ...

Page 69: ...Psec tunnel which is also dynamically established ISAKMP SA Settings The ISAKMP SA settings define the procedures and packet formats to establish negotiate modify and delete the Security Associations SA for the IPsec tunnel s IPsec SA Settings The IPsec SA settings define the timeouts encryption methods packet formats etc of the Security Association SA of the IPsec tunnel s It also enables disable...

Page 70: ...figured IPsec Hosts are listed in this view You can see the Name Remote Host and Tunnel Count To edit an IPsec Tunnel click the Edit button To configure a new IPsec Host enter the name in the Name entry field and click Add The following screen opens Set the follwoing parameters to edit an exsisting or configure a new IPsec Tunnel Remote Host Settings ...

Page 71: ...ork and Subnet Mask of the Local Network that TAINY uses to establish a connection to the remote network The actual IPs of the Remote Network and Subnet Mask of the Remote Network You could leave these fields empty ISAKMP SA Settings ISAKMP SA Mode ISAKMP Internet Security Association and Key Management establishes the SA Security Association for the key exchange between TAINY IQ LTE and the VPN g...

Page 72: ...entication method is set to Remote Certificate select the desired certificate from the dropdown list Device Certificate Select the corresponding Remote Certificate CA Certificate If the authentication method is set to CA Certificate select the desired certificate from the dropdown list Device Certificate Local Remote Identification Enter the IDs of the local and remote ISAKMP SAs ISAKMP SA Lifetim...

Page 73: ...s used in any case IPsec SA Settings IPsec Internet Protocol Security establishes the actual SA Security Association for the connection between the TAINY and the opposite network IPsec SA Lifetime seconds Enter the validity of the Internet Protocol Security in seconds Could be between 1 second up to 24 hours Encryption Method Select the required encryption method algorithm AES or 3DES Hash Algorit...

Page 74: ...ional data volume might be 5 MB or more per month This could lead to additional costs Enable Dead Peer Detection Select Yes to use the function TAINY IQ LTE will now identify the validity of the connection irrespectively data transmission Select No to switch the function off DPD Delay Lapse of time in seconds the DPD requests are send DPD Timeout Lapse of time in seconds after which the DPD reques...

Page 75: ...s well as a corresponding netmask RIPv2 Settings The RIPv2 protocol is used to transmit the configured LAN routing tables repeatedly in fixed intervals to a remote station If two routers e g TAINY IQ LTE provide the same route you can prioritize one of the routers by entering a lower value for the Networks Costs This router will be prioritised Select Yes if only RIP neighbours behind the active de...

Page 76: ...rent time very precisely via NTP NTP Server 1 3 You can enter up to 3 time server Enter either their URL or there IP address Synchronization Interval You can select the interval in which the NTP Servers are requested for the actual time stamp Provide NTP Server Functionality for the Local Network The TAINY IQ LTE can serve itself as an NTP time server for the applications that are connected to its...

Page 77: ...eponse Timeout If the TAINY IQ LTE receives within this period of time the ICMP ping answers from the remote stations the check was successful Number of retries until an error is detected Defines the number of retries until an error is detected In case the TAINY IQ LTE does not receive ICMP ping answers within the Response Timeout the check will be repeated the entered number of retries If all ret...

Page 78: ...ck on the WAN tab and select Hostnames to open the screen This function allows assigning IP addresses of remote stations to hostnames Using this function applications connected to TAINY IQ LTE s LAN interfaces can address these remote stations by the entered hostnames TAINY IQ LTE functions e g NTP can also use this feature Hostnames configured here are valid only for the selected WAN setup Hostna...

Page 79: ...ynDNS hostname You can enable disable this function Dynamic DNS Service Chose one of the three supported function Username Password Enter the username and password to access the selected DynDNS service Dynamic DNS Hostname Enter the hostname on which the TAINY IQ LTE can be addressed provided by the DynDNS service Enable SSL Select if the connection to the DynDNS service shall be SSL protected ...

Page 80: ... Packet Filter are set Only the internal traffic of data traffic which is terminated inside the TAINY IQ LTE e g for configuration is not blocked By default three rules for the Packet Filter are set VPN Incoming VPN Outgoing and WAN Outgoing Packet filter can be defined to allow data traffic from to a specific Data Source to a specific Data Destination To define a packet filter chose a Rule Name a...

Page 81: ...Destination is connected to WAN LAN DM VPN or Any Data Classification Define whether only a certain data protocol may pass the packet filter e g TCP UDP ICMP or Any Action Define whether data from this Data Source shall be Accepted Dropped or Rejected If Log is enabled Yes each time the conditions for the rule are fulfilled an entry will be made to a firewall log retrievable via the Snapshot see c...

Page 82: ... address and IPv6 netmask of the application you want to send Define the source interface to which the data source is connected WAN LAN or any Data Destination Enter the IPv6 address and IPv6 netmask of the application that should receive data Define the target interface to which the data destination is connected WAN LAN or any Data Classification Specify whether only a specific data protocol is a...

Page 83: ...y Data source and data destination is sufficient Whole netzt the access permit Data Source Source IP 2a01 0598 990E 66bf 0000 0000 0000 0000 Source Network Mask ffff ffff ffff ffff 0000 0000 0000 0000 Data destination allowed to all computers in the local network Destination IP 0000 0000 0000 0000 0000 0000 0000 0000 Destination network mask 0000 0000 0000 0000 0000 0000 0000 0000 Or destination I...

Page 84: ...ngs via the firewall settings Define Rules for Remote Access HTTPS VPN To define rules for a new remote access or change the rules for an existing remote access click the Add or Edit button Data Source Enter the IP address and the Netmask of the application that shall send the data Define the Source Interface the Data Source is connected to WAN LAN DM VPN or Any Data Destination Select the require...

Page 85: ...l in descending order until a rule matches Following rules are not applied The rule sequence can be influenced by the sortation rank Rank 1 will be processed first rank 2 second etc Remote Access Rules IPv6 Create rules for the remote access of IPv6 based connections To set up a new remote access or to change the rules for an existing remote access press Add enter the name for the new access here ...

Page 86: ...ewall rules Firewall rules are processed sequentially in descending order until a matching rule is found The following rules will no longer apply The order of the rules is influenced by the sorting level Level 1 is processed first then level 2 etc Application Examples IPv6 Firewall rules for remote access For Allow All the entry Data Source is sufficient Whole netzworks access permit Data Source S...

Page 87: ...ick on the Firewall tab and select Port Forwarding to open the screen Port Forwarding can be defined to forward data traffic received by the TAINY IQ LTE s WAN interface on a certain IP port to a defined IP address port To define a packet filter chose a Rule Name and click the Add or Edit button ...

Page 88: ...ach time the conditions for the rule are fulfilled an entry will be made to a firewall log retrievable via the Snapshot see chapter 14 6 Rule Sortation Rank Sortation Rank of the firewall rule Firewall rules are processed sequential in descending order until a rule matches Following rules are not applied The rule sequence can be influenced by the sortation rank Rank 1 will be processed first rank ...

Page 89: ...ity Only if there are no data in path of high or medium priority data in path of low priority are transmitted To define a rule for prioritizing data traffic chose a Rule Name and click the Add or Edit button Define a Rule The data paths are defined by the IP address of the source network Source IP Netmask and the IP range of the destination network Destination IP Netmask If Check VLAN ID is enable...

Page 90: ...MAC Table function is enabled only devices may communicate with or via the TAINY IQ LTE which MAC addresses are entered in the Static MAC Table You can enable a MAC address to All ports or to a certain Physical Network Interface ETH0 ETH5 only The Size of Range determines the number of MAC Addresses starting with the given MAC Address which will not be blocked ...

Page 91: ...LAN Settings TAINY iQ Page 91 of 147 8 LAN Settings 8 1 Configure the LAN Interface DHCP VRRP Settings LAN Interface Click on the LAN tab and select LAN Interface to open the screen ...

Page 92: ... Set to No to disable 802 1q tagged in this interface MTU Enter the MTU Maximum Transmission Unit to determine the maximum size of IP packets Interface Hostname The Logical Network Interface can either be addressed by an IP address or a hostname To address it by hostname enter the hostname in the entry field DNS Searchpath Enter the Domain Name Server of the search path DHCP Settings DHCP Operatio...

Page 93: ...he group of utilised TAINY IQ LTEs VRRP Priority Defines which TAINY IQ LTE acts as master and which as the backup The TAINY IQ LTE which has the highest priority acts as the master Enter values between 1 lowest prio and 254 highest prio The VRRP priority can be adjusted automatically to a new value Adjusted VRRP Priority In case of an active WAN or VPN connection VRRP IP Address List IP addresses...

Page 94: ...tilised TAINY IQ LTEs VRRP Priority Defines which TAINY IQ LTE acts as master and which as the backup The TAINY IQ LTE which has the highest priority acts as the master Enter values between 1 lowest prio and 254 highest prio The VRRP priority can be adjusted automatically to a new value Adjusted VRRP Priority In case of an active WAN or VPN connection Virtual Router Local application TAINY TAINY A...

Page 95: ...Address The TAINY IQ LTE allows assigning IP addresses of remote stations to hostnames Using this function applications connected to TAINY IQ LTE s LAN interfaces address these remote stations by the entered hostnames TAINY IQ LTE functions e g NTP also use this feature ...

Page 96: ... screen Set the WAN Setup Operation Mode to Both Interfaces with Priority for Cellular to switch on the ETH0 port Since it is prioritized the WAN communication will be routed via the cellular DSL Cable Settings Open the DSL Cable submenu Define an IP address and netmask on the Additional LAN Port with a different network to the other ETH port After this configuration the ETH0 interface acts as an ...

Page 97: ...ETH0 interface and for the ETH1 interface The TAINY IQ LTE will route data packets between these two networks Firewall Packet Filter Click on the Firewall tab and select Packet Filter to open the screen Define a Firewall package filter rule and allow traffic from LAN to LAN Action select Accept Press Save ...

Page 98: ...gning the IPv4 address and the subnet mask you simultaneously define the network on the LAN interface ETH1 IP data packets can be routed between the ETH0 interface and the mobile interface And IP data packets can be routed between the ETH0 interface and the ETH1 interface if the ETH0 interface has been configured as an additional LAN interface with a different network ...

Page 99: ...P Port Enter the local TCP Port opened by TAINY IQ LTE Interface Speed Set the required speed in Baud of the interface by selecting a value from the dropdown list Data Bits Set the number for the used Data bits by selecting a number from the list Parity Bit Select whether you use either none or an even or odd parity Number der Stop Bits Set the number of Stop Bits to either 1 or 2 Enable Echo Sele...

Page 100: ...oft eh host in question Enter the size bytes of the user data and click on Execute The result appears below Executed Ping Command 10 2 Network Tools Traceroute Ping Traceroute Click on the Network Tools tab and select Traceroute to open the screen This tool shows the routers and joints within the network the IP packages pass along the way from the sender to the receiver Execute Traceroute command ...

Page 101: ...the Network Tools tab and select NSlookup to open the screen This tool identifies the domain name of an IP address and vs Execute NSlookup command To execute a NSlookup command enter he address of the host in question Click on Execute The result appears below Executed NSlookup Command ...

Page 102: ...tant incidents of the TAINY IQ LTE are saved and displayed in this view The entries are refreshed automatically Also Log entries created by rules for the WAN setup operations are written into this logbook see chapter 6 11 2 Configure the Logbook Function Logbook Settings Click on the Logbook tab and select Logbook Settings to open the screen ...

Page 103: ... Debug the highest level being Fatal For each logbook section you can select the minimum Log level which is stored If you select Debug all Log entries are stored if you select Error all Log entries with the level Error and Fatal are stored 11 3 Export the Logbook Logbook Export Click on the Logbook tab and select Logbook Export to open the screen Click on the Export button to write the logbook dat...

Page 104: ... the firewall log file in a zip file to an external pc accept log Data packages that are accepted by the firewall drop log Data packages that are discarded by the firewall port fw log Data packages that are forwarded by the firewall reject log Data packages that are rejected by the firewall Export IPsec Log Click Export button to export the IPsec Log file in a zip file to an external pc ...

Page 105: ...User to open the screen Change Password In this screens information about the current user are displayed Click on the Change button to change the password of the current user User Management Click on the Users tab and select User Management to open the screen Click the Add to define an additional user or the Edit button to change the settings for an existing user ...

Page 106: ... below If required set the complexity and length for the user s password Edit User User Settings If required change the user group of the user For each user you define the Required Password Complexity numbers letters upper case lower case special characters and the Minimum Password Length Apart from assigning a password you can delete the user in this screen SNMPv3 Settings Select Yes to enable th...

Page 107: ... Click on the Users tab and select Access Rights to open the screen Access Rights While an Admin always has got full access rights the access rights of the members of the Guest user group and the Operator user group are limited Define the Access Rights for the Guest and Operator Group in the corresponding columns of the screen ...

Page 108: ... the result back to the TAINY IQ LTE which then either rejects or accepts the registration Activate the authentication process TACACS in this screen by setting the parameters the TAINY IQ LTE needs to connect to the TACACS server As soon as the TACACS service is activated the type of registration can be selected from an additional drop down list TACACS or Local in the registration Primary Secondar...

Page 109: ...l the user has guests rights only 12 3 Configure RADIUS TACACS Click on the Users tab and select TACACS to open the screen With the authentication method RADIUS Terminal Access Controller Access Control System Plus the access data for the TAINY IQ LTE are not saved on the device itself but on an external server In the event of a registration request the TAINY IQ LTE forwards the registration data ...

Page 110: ... Page 110 of 147 TAINY iQ Primary Secondary TACACS Server A primary and a secondary backup TACACS server can be used Enter the Hostname or IP address port number shared secret and authentication protocol to reach and access the TACACS server ...

Page 111: ... the Remote Certificates as described in the next chapter See also Glossary for further information In this view information on the device certificates the request templates and the currently used RSA Key Pair are displayed It is possible to add new certificates and request templates as well as generate a new RSA Key Pair List of Device Certificates View Details Export Certificate Click the Detail...

Page 112: ...he imported certificate requires the file ending pem The new certificate will now appear in the List of Certificates List of Signing Request Templates All requests templates appear in the List of Signing Request Templates with Name and Subject Name CN New Request Templates To create a new Request Template enter the name of the template in the Name entry field and click the Add button The following...

Page 113: ... name at export Signature Algorithm Select either SHA 1 or SHA 256 The latter being more recent and saver Organisation Name Unit Address Email Address Enter the name and contact details into the respective entry fields Land Enter the abbreviation for the country in the respective field Note Please only use the abbreviation as listed in the table below In case of using a different abbreviation the ...

Page 114: ...r EE Estonia EG Egypt EH Western Sahara ER Eritrea ES Spain ET Ethiopia FI Finland FJ Fiji FK Falkland Islands Malvinas FM Micronesia FO Faroe Islands FR France FX France Metropolitan GA Gabon GB Great Britain UK GD Grenada GE Georgia GF French Guiana GG Guernsey GH Ghana GI Gibraltar GL Greenland GM Gambia GN Guinea GP Guadeloupe GQ Equatorial Guinea GR Greece GS S Georgia and S Sandwich Isls GT ...

Page 115: ... and Principe SU USSR former SV El Salvador SZ Swaziland TC Turks and Caicos Islands TD Chad TF French Southern Territories TG Togo TH Thailand TJ Tajikistan TK Tokelau TM Turkmenistan TN Tunisia TO Tonga TP East Timor TR Turkey TT Trinidad and Tobago TV Tuvalu TW Taiwan TZ Tanzania UA Ukraine UG Uganda UM US Minor Outlying Islands UY Uruguay UZ Uzbekistan VA Vatican City State Holy See VC Saint V...

Page 116: ...Public Key Fingerprint The pair consists of a private and a public key which guarantee a secure data transmission Generate a new Key Pair To generate a new pair of keys Select the Key Length in Bit from the list Click Generate to start the process Mind that the process could take up to 2 minutes The information on the newly generated key pair appears now in the Device RSA Key Pair Information ...

Page 117: ...certificates are all certificates that are used to authenticate the opposite entities The List of CA certificates contains the certificates of the accepted Certificate Authorities List of Remote Certificates Add Remote Certificate To upload a certificate from the opposite entity Enter a name in the Name entry field Click the Add button in the List of Remote Certificates ...

Page 118: ...the List of Remote Certificates List of CA Certificates d CA Certificate Add Remote Certificate To upload a certificate from CA Enter a name in the Name entry field Click the Add button in the List of CA Certificates The following screen opens Click on Submit to upload the file of the additional CA certificate from the administration pc The new certificate will appear in the List of CA Certificate...

Page 119: ... tab and select Web Interface to open the screen Language Select the Language of the Web Interface in the General Web Settings Web Server Port Enter in the section general Web Settings the for the connection web interface required TCP port Mind that after the modification of the port a new login is required ...

Page 120: ...ime Configuration Set the System Time of the TAINY IQ LTE Enter the local time In case the time synchronisation by NTP is active the entered date and time will be overwritten after the next NTP synchronisation 14 3 Force a Factory Reset Manage Device Configuration Backup and Recovery Click on the System tab and select Backup and Recovery to open the screen ...

Page 121: ...onfiguration from a file Chose if the new configuration shall be kept without further confirmation or if the TAINY IQ LTE should fall back to the configuration used before in case the new configuration has not been confirmed within 15 minutes To create a new configuration export the current configuration and edit it in a text editor Mind that neither the local user and their passwords nor the log ...

Page 122: ...TCP Port Enter the SMTP Server Address and the SMTP TC Port Username Password Enter a username and password for this email account Sender Name Enter the name you intend to appear in the sender s field of the email Enable STARTTLS Enable TLS Set to Yes to enable the configuration of the encryption via TLS Transport Layer Security SNMPv3 Settings Enable To enable the SNMPv3 interface select Yes Port...

Page 123: ...ntication For further information on how to configure conditions and rules on when to send emails see chapter 6 3 14 5 Perform Software Updates Update Software Update Click on the System tab and select Update to open the screen Click the Submit button to select and upload the required update file from the administration pc ...

Page 124: ...ice Snapshots provides diagnostic information of TAINY IQ LTE for debug purposes It stores the information in a downloadable tgz file Sensitive information such as usernames and passwords are not included The snapshot also contains the log files of the TAINY IQ LTE Click Create to take a snapshot Set the Configure Snapshot transfer to Yes Mind that the function email function has to be configured ...

Page 125: ...stem TAINY iQ Page 125 of 147 14 7 Force a Reboot Device Reboot Click on the System tab and select Device Reboot to open the screen Click the Reboot button to force a new system start of the TAINY IQ LTE ...

Page 126: ...on the WAN tab GRE Tunnel set as default gateway yet no route set this is also important for DNS NTP SNMP and Ping checks Check the GRE settings and gateway settings on the WAN tab Firewall is not open Check the Firewall settings No access from the local network to TAINY Wrong VLAN parameters set Check VLAN parameters on WAN and LAN tab Logged out by MAC filter Check the filter settings for MAC Lo...

Page 127: ...k the settings for IPsec on the WAN tab The encryption and hash methods of the activated IPsec do not match Check the IPsec settings on the WAN tab The GRE tunnel does configure yet the communication between the local networks is not possible Do both entities use RIPv2 Please check Do both entities support RIPv2 Please check If not are the right routes set in both entities tunnels so the packets a...

Page 128: ... controlled storage locations Temperature range storage 20 C 70 C Relative Humidity transport max 95 The TAINY IQ LTE must be stored either in its individual box or mounted on a top rail inside a cabinet The cabinet must be packed inside a layer of material e g Styrofoam which absorbs shocks and vibrations The layer of material shall be appropriate to the mass of the cabinet 16 3 Disposal Environm...

Page 129: ...This symmetric encryption should replace the previous DES standard The AES standard specified three different key sizes with 128 192 and 256 bit In 1997 the NIST started an initiative for AES and revealed its conditions for the algorithm From the proposed encryption algorithms the NIST narrowed the selection down to five algorithms MARS RC6 Rijndael Serpent and Twofish In October 2000 Rijndael was...

Page 130: ...h as RSA are slow and susceptible to certain types of attacks therefore they are often combined with a symmetric process symmetric encryption Furthermore concepts which eliminate the elaborate administrative efforts for symmetric keys are also possible Cell ID Unique identifier of a cellular network cell CIDR Classless Inter Domain Routing IP netmasks and CIDR are notations for grouping a number o...

Page 131: ...13 255 240 0 0 11111111 11110000 00000000 00000000 12 255 224 0 0 11111111 11100000 00000000 00000000 11 255 192 0 0 11111111 11000000 00000000 00000000 10 255 128 0 0 11111111 10000000 00000000 00000000 9 255 0 0 0 11111111 00000000 00000000 00000000 8 254 0 0 0 11111110 00000000 00000000 00000000 7 252 0 0 0 11111100 00000000 00000000 00000000 6 248 0 0 0 11111000 00000000 00000000 00000000 5 24...

Page 132: ...overnmental institutions Since it was the first standardised encryption algorithm it was also quickly adopted in industrial applications in the US and beyond DES works with a key length of 56bit which can no longer be considered to be secure due to the increase in computing capability of the computer since 1977 3DES is a variant of DES It works with keys three times the size they are 168 bits long...

Page 133: ...me under which the computer can be accessed in the future e g www xyz abc de Moreover the DynamicDNS provider makes a small program available that has to be installed and executed on the computer concerned In each internet session of the local computer this tool reports to the DynamicDNS provider which IP address the computer obtains at the moment Its domain name server registers the current host ...

Page 134: ...the DM VPN is organized like a NBMA Nonbroadcast Multiple Access network Inside this virtual network data are transmitted directly from endpoint to endpoint or across a switching device By using the NHRP Next Hop Resolution Protocol the addresses of the endpoints NHRP spokes are collected at one endpoint acting as a NHRP hub which shares this information on request In a DM VPN one GRE endpoint e g...

Page 135: ...digit serial number of a GSM or UMTS terminal device IMSI The IMSI International Mobile Subscriber Identity is an identifier stored on the SIM card and used to identify the subscriber An IMSI is usually presented as a 15 digit long number but could be shorter Intranet An intranet is a private IP network varying in size For example the IP network of a company is an intranet as is also several netwo...

Page 136: ...o ensure the authenticity of the sender as well as the confidentiality and the integrity of the data through encryption The components of IPsec are the authentication header AH the encapsulating security payload ESP the security association SA the security parameter index SPI and the internet key exchanges IKE At the beginning of the communication the computers participating in the communication c...

Page 137: ... IP and TCP header of the datagram It switches the source IP address and the source port with its own official IP address and its own previously unused port For this purpose it maintains a table which establishes the allocation of the original with the new values Upon receipt of a response datagram the NAT router recognises that the datagram is actually intended for an internal computer on the bas...

Page 138: ...a packets received at a defined IP port of the firewall device from the external network will be forwarded The incoming data packets are then forwarded to a specified IP address and port number in the local network The port forwarding can be configured for TCP or UDP In port forwarding the following occurs The header of incoming data packets from the external network that are addressed to the exte...

Page 139: ...cols which are often used include IP TCP PPP HTTP or SMTP TCP IP is an umbrella term for all protocols building on IP RADIUS The abbreviation RADIUS means Remote Authentication Dial In User Service This Client Server Protocol controls the secure user access to the network The user password is verified against a central server The authentication of the user is established on user basis This kind au...

Page 140: ... the authorization for the relevant interested party on behalf of the end devices when registration requests are received The end device forwards the received registration data to the TACACS server which carries out the necessary checks for the authorization and reports the result of the checks back to the end device TCP IP Transmission Control Protocol Internet Protocol Network protocols that are...

Page 141: ...rks VLAN The VLAN function Virtual Local Area Network facilitates splitting the LAN interfaces of the TAINY IQ LTE into different independent virtual networks Local applications which are connected to LAN interfaces with identical VLAN ID can communicate via the TAINY IQ LTE among each other If the VLAN IDs are different a communication among one another is not possible The separation in VLANs is ...

Page 142: ...SH value from the public key s bit sequence the data on its owner and from additional data The CA encrypts this with its private key and adds the certificate Encryption with the CA s private key verifies authenticity meaning that the encrypted HASH character sequence is the CA s digital signature If the data of the certificate appears to have been manipulated this HASH value will no longer be corr...

Page 143: ...ess 192 168 15 0 24 Netmask 255 255 255 0 Network C Network address 192 168 27 0 24 Netmask 255 255 255 0 TAINY internal address 192 168 11 1 TAINY external address assigned by provider e g 80 81 192 37 Additional internal routes Network A is connected to the TAINY IQ LTE and via it to a remote network Additional internal routes show the path to additional networks networks B C which are connected...

Page 144: ...M GPRS EDGE 850 MHz 900 MHz 1800 MHz 1900 MHz UMTS HSPA 800 MHz BdVI 850 MHz BdV 900 MHz BdVIII 1900 MHz BdII 2100 MHz BdI Not for use in the EU Bands LTE 20 8 3 7 1 3G 8 3 1 2G Dual Band Max Transmit Power Class 4 33dBm 2dB für EGSM900 Class 1 30dBm 2dB für GSM1800 Class E2 27dBm 3dB für GSM 900 8 PSK Class E2 26dBm 3 4dB für GSM 1800 8 PSK Class 3 24dBm 1 3dB für UMTS 2100 FDD BdI Class 3 24dBm ...

Page 145: ...DGE class 12 data rates DL max 237 kbps UL max 237 kbps GPRS GPRS class 12 data rates DL max 85 6 kbps UL max 85 6 kbps Antenna connection SMA jack nominal impedance 50 ohms Security functions VPN Dynamic Multipoint VPN IPsec Firewall Stateful inspection firewall Anti spoofing Port forwarding Traffic Priority MAC Table Additional functions VLAN PPPoE DNS cache DHCP server NTP Connection check TACA...

Page 146: ... ROHS The CE Declaration of Conformity can be found at www neuhaus de www sagemcom com or contact our customer service Radio EN 301 511 v 9 0 2 incl section 4 2 26 EN 301 908 1 v 11 1 1 EN 301 908 2 v 11 1 1 EN 301 908 13 v 11 1 1 EMC ESD EN 301 489 1 v 1 9 2 Draft EN 301 489 52 v 1 1 0 EN 61000 6 2 AC 2005 2005 Safety Health EN 62368 1 A11 A1 A12 AC A2 2006 2009 2010 2011 2011 2013 EN 62479 2010 ...

Page 147: ...le at the following Internet addresses www neuhaus de or www sagemcom com There you will also find the EU Declarations of Conformity for the TAINY IQ LTE TAINY IQ LTE frequency bands and Max Transmission power Frequency bands GSM GPRS EDGE 900 1800MHz UMTS HSPA 900 1800 2100MHz LTE 800 900 1800 2100 2600MHz Max Sendeleistung Class 4 2W for EGSM900 Class 1 1W for GSM1800 Class E2 0 5W for GSM900 8 ...