ETIC IPL-E, User Manual

Page 1: ...DOC_DEV_IPL E_User guide_A IPL E Router Firewall _________________ USER GUIDE ...

Page 2: ......

Page 3: ... E router is manufactured by ETIC TELECOM 13 Chemin du vieux chêne 38240 MEYLAN FRANCE TEL 33 4 76 04 20 00 Hotline 33 4 76 04 20 05 FAX 33 4 76 04 20 01 E mail hotline etictelecom com web www etictelecom com ...

Page 4: ......

Page 5: ...h buttons 15 1 3 Connectors 15 1 4 IPL E 400 or IPL EW 400 WiFi option 19 1 5 IPL E 220 or IPL EW 220 WiFi option 20 1 6 IPL E 230 or IPL EW 230 WiFi option 21 1 7 IPL E 260 or IPL EW 260 WiFi option 22 1 8 IPL E 261 or IPL EW 261 WiFi option 23 2 Mounting the product on a Din rail 24 3 Cooling 24 4 Supply voltage 24 5 Digital input and output 25 6 RS232 25 7 RS485 connection IPL E 220 or IPL EW 2...

Page 6: ...9 3 HTTPS set up modifications through the WAN interface 30 4 Recovering the factory LAN IP address 30 5 Restoring the factory set up 30 6 Saving or restoring a set of parameters 31 7 Configuration steps 32 DIAGNOSTIC 34 1 Diagnostic 34 1 1 Logs 34 1 2 Network status 35 1 3 Serial gateways status 36 1 4 Ping tool 36 1 5 WiFi scanner tool 36 2 Firmware update 37 ...

Page 7: ... equipment The harmonized standards to which the equipment complies are Standard Title EN301489 1 Electromagnetic compatibility and Radio spectrum Matters Part 1 General requirements EN61000 6 2 Ed 2001 Immunity EN60100 4 2 Electrostatic Discharge EN60100 4 3 Radiated Immunity EN60100 4 4 EFT Burst Immunity EN60100 4 5 Surge Immunity EN60100 4 6 Conducted Immunity EN61000 6 4 Ed 2001 Emission EN55...

Page 8: ...ing Firewall SPI IPSEC OpenVPN VPNs 16 tunnels max 25 remote users RAS PPTP L2TP IPSec OpenVPN HTTPS HTTPS portal Serial gateway Raw TCP UDP Telnet Modbus Unitelway Ethernet 10 100 BT LAN WAN 4 1 2 1 2 1 2 1 2 1 RS232 1 2 RS485 1 RS422 isolated 1 RS485 isolated 1 USB 1 1 1 1 1 NAT Port forwarding SNMP DNS DHCP server on the LAN inteface Digital input for alarm email 1 1 1 1 1 HTTPS HTML SSH config...

Page 9: ...P L2TP IPSec OpenVPN HTTPS HTTPS portal Serial gateway Raw TCP UDP Telnet Modbus Unitelway _ Ethernet 10 100 BT LAN WAN 4 1 2 1 2 1 2 1 2 1 RS232 _ 1 2 _ _ RS485 _ 1 _ _ _ RS422 isolated _ _ _ 1 _ RS485 isolated _ _ _ _ 1 USB 1 1 1 1 1 NAT Port forwarding SNMP DNS DHCP server on the LAN inteface Digital input for alarm email 1 1 1 1 1 HTTPS HTML SSH configuration Option Référence Service de connex...

Page 10: ...C Operating T 20 C 60 C Humidity 5 95 WiFI Type 2 4 5 GHz RF connector R SMA female WiFi transmission 802 11 a b g n VPN firewall VPN Client or server IPSEC or OpenVPN Encryption AES256 3DES Certificate X509 or preshared key 16 VPNs maximum of the same type OpenVPN or IPSec Firewall Stateful packet inspection 50 rules Deny of service filter Source destination IP address port number filter Remote u...

Page 11: ...nt server Modbus master slave Multicast Telnet Unitelway USB 1 USB host port PPP client over the usb interface IP router Ethernet 10 100 BT 2 or 4 switched ports IP router Static routes RIP V2 IP address translation Source IP translation NAT Destination IP translation DNAT Port forwarding DHCP LAN interface Fixed IP or DHCP client or DHCP server ...

Page 12: ...AN interface and a LAN interface a powerful VPN client or server IPSec or OpenVPN a remote access server RAS to provide a secure access to the LAN for remote users a stateful inspection firewall to filter the IP traffic 4 1 Applications That features in the same product make the IPL E a top level solution for remote SCADA systems and remote maintenance through the Internet Remote SCADA system Remo...

Page 13: ... PLCS web servers using a tablet a PC or a smartphone Firewall The firewall protects against the sophisticated attacks coming from the Internet It is also able to filter IP frames between the WAN interface or any VPN interface on one hand and the LAN interface on the other hand VRRP redundancy VRRP makes possible to usse two routers shaping a redundant solution DNS server DNS makes it possible to ...

Page 14: ...nnector The WiFi interface when it is used as a client can also be used as a WAN interface Only one interface can be selected as the WAN interface at the same time Ethernet port 1 WiFi LAN interface The LAN interface consists of Ethernet switched ports or optionally the WiFi interface when it is used as an access point The serial gateway is located at the IP address of the LAN interface Firewall T...

Page 15: ...ashing red The factory configuration and the default IP address 192 168 0 128 are selected The current configuration is deleted Front panel push button Pressing the front panel PB led Function During 5 seconds 3 flashes The hotline of ETICTELECOM is authorised to connect remotely to the router administration server within a 1 hour delay During 10 seconds 5 flashes A remote user is authorised to co...

Page 16: ...net Position Signal Description 1 Tx Emission polarity 2 Tx Emission polarity 3 Rx Reception polarity 4 N C 5 N C 6 Rx Reception polarity 7 N C 8 N C WiFi Antenna connector Network Type Description WiFi RP SMA female J45 RS232 DCE interface Position Signal Description RJ45 1 DTR 108 OUT Data terminal ready 2 TD 103 OUT Data Emission 3 RD 104 IN Data Reception 4 DSR 107 IN Data set ready 5 SG 102 G...

Page 17: ... RJ45 1 CD 109 OUT Carrier detect 2 RD 104 OUT Data Reception 3 TD 103 IN Data Emission 4 DTR 108 IN Data terminal ready 5 SG 102 Ground 6 DSR 107 OUT Data set ready 7 RTS 105 IN Request to send 8 CTS 106 OUT Clear to send Out Signal provided by the router 2 positions RS485 screw block Position Signal Fonction 1 A RS485 polarity A 2 B RS485 polarity B ...

Page 18: ... RS422 signal OFF OFF The two 470 Ohm polarisation R are disabled on the reception RS422 signal SW3 SW4 ON ON The 120 Ohm termination R is enabled on the reception RS422 signal OFF OFF The 120 Ohm termination R is disabled on the reception RS422 signal 2 positions RS485 screw block IPL E 261 IPL EW 261 Position Signal Signal 1 Com Common 2 B RS485 polarity B 3 A RS485 polarity A Micro switches RS4...

Page 19: ...ion in progress Flashing One VPN at least is progressing Green One VPN at least is established Ethernet WAN Lower led Off Ethernet interface disabled or not connected Green Ethernet interface connected WiFi connection WiFi Off WiFi Interface disabled Green WiFi Interface enabled WiFi Signal quality WiFi Off WiFi not enabled or enabled as an access point 1 flash Weak not sufficient signal 2 flashes...

Page 20: ...t least is established Ethernet WAN Lower led Off Ethernet interface disabled or not connected Green Ethernet interface connected WiFi connection WiFi Off WiFi Interface disabled Green WiFi Interface enabled WiFi Signal quality WiFi Off WiFi not enabled or enabled as an access point 1 flash Weak not sufficient signal 2 flashes Sufficient signal 3 flashes Strong signal Ethernet LAN 1 to 2 Off Ether...

Page 21: ...at least is established Ethernet WAN Lower led Off Ethernet interface disabled or not connected Green Ethernet interface connected WiFi connection WiFi Off WiFi Interface disabled Green WiFi Interface enabled WiFi Signal quality WiFi Off WiFi not enabled or enabled as an access point 1 flash Weak not sufficient signal 2 flashes Sufficient signal 3 flashes Strong signal Ethernet LAN 1 to 2 Off Ethe...

Page 22: ...N at least is established Ethernet WAN Lower led Off Ethernet interface disabled or not connected Green Ethernet interface connected WiFi connection WiFi Off WiFi Interface disabled Green WiFi Interface enabled WiFi Signal quality WiFi Off WiFi not enabled or enabled as an access point 1 flash Weak not sufficient signal 2 flashes Sufficient signal 3 flashes Strong signal Ethernet LAN 1 to 2 Off Et...

Page 23: ...at least is established Ethernet WAN Lower led Off Ethernet interface disabled or not connected Green Ethernet interface connected WiFi connection WiFi Off WiFi Interface disabled Green WiFi Interface enabled WiFi Signal quality WiFi Off WiFi not enabled or enabled as an access point 1 flash Weak not sufficient signal 2 flashes Sufficient signal 3 flashes Strong signal Ethernet LAN 1 to 2 Off Ethe...

Page 24: ... Mounting the product on a Din rail Mounting the unit on the 35 mm horizontal DIN rail Removing the unit from the DIN rail Cooling To avoid obstructing the airflow around the unit the spacing must be at least 25 mm above and below and 10 mm left and right Supply voltage ...

Page 25: ...ck that the input and the output are correctly wired select Diagnostic Hardware Input Output The status of the input is displayed and the output can be switched ON or OF RS232 The RS232 cable must be shorter than 10 meters Cables can be provided to connect the product to DTE and DCE as follows RS232 cables L 1m Code User connector Cable function CAB592 SubD 9 male To connect a DCE to the router CA...

Page 26: ...l 2 positions screw block It is not isolated Long RS485 line or high data rate if the RS485 line is longer than10 meters or if the data rate is greater than 19200 b s it is necessary to connect one 120 Ohm matching resistor at each end of the line and two 390 Ohm polarisation resistors at one of the two extremities of the line ...

Page 27: ...the TX TX line of the IPL router must be connected to the RX RX of all the other devices of the bus The polarisation and termination resistors can be selected with DIP switches The polarisation résistors must be enabled by one device of the bus The termination resistor must be enabled with SW3 SW4 when the router is located at the extremity of the bus Up to 16 devices can be connected to the bus W...

Page 28: ...nation resistors can be selected with DIP switches The polarisation résistors must be enabled by one device of the bus The termination resistor must be enabled with SW3 SW4 when the router is located at the extremity of the bus Up to 16 devices can be connected to the bus We recommend to use a shielded cable and twisted pairs If the line is exposed to lightning we recommend to protect the router w...

Page 29: ...ssign to the PC an IP in accordance with the IPL router IP address For the first configuration assign for instance 192 168 0 127 to the PC Step 2 Connect the PC directly to the LAN interface of the router Step 3 Launch the HTML browser http 192 168 0 128 Protecting the access to the administration web server Select Set up Security Administration rights Enter an administration identifier and passwo...

Page 30: ...e Remark the port Nr used to access to the administration web server with HTTPS is 4433 Exemple https 192 168 38 191 4433 Recovering the factory LAN IP address Press the rear panel push button The OPERATION led indicator will flash The factory IP address 192 168 0 128 will be restored but the current configuration remains active Restoring the factory set up If firewall rules have been created fina...

Page 31: ...tions table Assign a name for the current set of parameters configuration name field and click the Save button The updated Configurations table is displayed with an additional line To save a stored set of parameters as an editable file Select the set of parameters name in the Configurations table Click the Export to the PC button The set_of_parameters txt file is created To import an editable txt ...

Page 32: ...ise to proceed as follows WAN interface setup LAN interface setup VPNs setup Routing and IP address translation functions setup Remote users connections the user list and the access rights setup Serial or USB gateway setup Firewall setup For detail about the configuration refer to the IPL routers setup manual refernce 90 234 09 ...

Page 33: ......

Page 34: ...nnections disconnections The remote users connections disconnections The router starts OpenVPN IPSec Logs These logs registers the detail of the VPN connections Advanced logs That logs registers details about the following events ADSL events M2Me RIP DHCP VRRP Telnet gateway Alarm emails The filter checkbox allow to display particular classes of events ...

Page 35: ...tatus IP address and remote IP address Reception level WiFi interface Wifi mode client or base station Connection status SSID RF Frequency To display the M2Me page Select The Diagnostic Network status M2Me menu The M2Me page summarizes the current status of the M2Me connection and also displays the M2Me logs To display the remote users page Select The Diagnostic Network status Remote users menu Th...

Page 36: ... rate etc number of characters received or sent Number of TCP frames or UDP datagrams received or sent Number of TCP connections enabled The View link displays a window which shows the hexadecimal received and transmitted traffic over each serial COM port It can be a great help for trouble shooting 1 4 Ping tool Select the Diagnostic Tool Ping menu Enter the PING destination IP address 1 5 WiFi sc...

Page 37: ...d for instance if the connection fails the ETIC router restarts with the current firmware Once the firmware update has been carried out the ETIC router restores the previous current set of parameters To update the firmware Select Maintenance Firmware update menu Click the Select the firmware file button Click Upgrade now When the firmware is updated the product automatically reboots ...

Page 38: ...ETIC TELECOM 13 chemin du vieux Chêne 38240 Meylan France contact etictelecom com ...