all | frequencies |
|
|
|
|
|
|
exhibits | applications |
---|---|---|---|---|---|---|---|---|---|
manuals | photos | label |
app s | submitted / available | |||||||
---|---|---|---|---|---|---|---|---|
1 2 |
|
Users Manual Part 1 rev | Users Manual | 3.69 MiB | December 18 2018 / June 16 2019 | |||
1 2 |
|
Users Manual Part 2 rev | Users Manual | 2.23 MiB | December 18 2018 / June 16 2019 | |||
1 2 |
|
Users manual | Users Manual | 3.82 MiB | May 08 2020 | |||
1 2 |
|
Internal photos | Internal Photos | 4.93 MiB | May 08 2020 | |||
1 2 |
|
External photos | External Photos | 2.28 MiB | May 08 2020 | |||
1 2 |
|
Label sample and label location | ID Label/Location Info | 208.31 KiB | May 08 2020 | |||
1 2 |
|
Agent authorization | Cover Letter(s) | 272.13 KiB | May 08 2020 | |||
1 2 | Block diagram (LoRa) | Block Diagram | May 08 2020 | confidential | ||||
1 2 |
|
Confidentiality request (Long term) | Cover Letter(s) | 271.88 KiB | May 08 2020 | |||
1 2 |
|
Description of Change | Cover Letter(s) | 283.78 KiB | May 08 2020 | |||
1 2 | Operational Description rev | Operational Description | May 08 2020 | confidential | ||||
1 2 |
|
RF Exposure Info (MPE) rev | RF Exposure Info | 62.68 KiB | May 08 2020 | |||
1 2 | Schematics (LoRa) | Schematics | May 08 2020 | confidential | ||||
1 2 |
|
Test Report (DTS-LoRa) | Test Report | 246.79 KiB | May 08 2020 | |||
1 2 |
|
Test setup photos | Test Setup Photos | 270.76 KiB | May 08 2020 | |||
1 2 | Block diagram | Block Diagram | December 18 2018 | confidential | ||||
1 2 | Cover Letter(s) | December 18 2018 | ||||||
1 2 | ID Label/Location Info | December 18 2018 | ||||||
1 2 | ID Label/Location Info | December 18 2018 | ||||||
1 2 | Operational Description | Operational Description | December 18 2018 | confidential | ||||
1 2 | RF Exposure Info | December 18 2018 | ||||||
1 2 | Schematics | Schematics | December 18 2018 | confidential | ||||
1 2 | Test Report | December 18 2018 |
1 2 | Users Manual Part 1 rev | Users Manual | 3.69 MiB | December 18 2018 / June 16 2019 |
User Manual WISE-6610 Series Indsutrial LoRaWAN Gateway Copyright The documentation and the software included with this product are copyrighted 2018 by Advantech Co., Ltd. All rights are reserved. Advantech Co., Ltd. reserves the right to make improvements in the products described in this manual at any time without notice. No part of this manual may be reproduced, copied, translated or transmitted in any form or by any means without the prior written permission of Advantech Co., Ltd. Information provided in this manual is intended to be accurate and reliable. How-
ever, Advantech Co., Ltd. assumes no responsibility for its use, nor for any infringe-
ments of the rights of third parties, which may result from its use. Acknowledgements Intel and Pentium are trademarks of Intel Corporation. Microsoft Windows and MS-DOS are registered trademarks of Microsoft Corp. All other product names or trademarks are properties of their respective owners. Product Warranty (3 years) Advantech warrants to you, the original purchaser, that each of its products will be free from defects in materials and workmanship for three years from the date of pur-
chase. This warranty does not apply to any products which have been repaired or altered by persons other than repair personnel authorized by Advantech, or which have been subject to misuse, abuse, accident or improper installation. Advantech assumes no liability under the terms of this warranty as a consequence of such events. Because of Advantechs high quality-control standards and rigorous testing, most of our customers never need to use our repair service. If an Advantech product is defec-
tive, it will be repaired or replaced at no charge during the warranty period. For out of-
warranty repairs, you will be billed according to the cost of replacement materials, service time and freight. Please consult your dealer for more details. If you think you have a defective product, follow these steps:
1. Collect all the information about the problem encountered. (For example, CPU speed, Advantech products used, other hardware and software used, etc.) Note anything abnormal and list any on screen messages you get when the problem occurs. 2. Call your dealer and describe the problem. Please have your manual, product, 3. and any helpful information readily available. If your product is diagnosed as defective, obtain an RMA (return merchandize authorization) number from your dealer. This allows us to process your return more quickly. 4. Carefully pack the defective product, a fully-completed Repair and Replacement Order Card and a photocopy proof of purchase date (such as your sales receipt) in a shippable container. A product returned without proof of the purchase date is not eligible for warranty service. 5. Write the RMA number visibly on the outside of the package and ship it prepaid to your dealer. Part No. XXXXXXXXXX Printed in Taiwan Edition 1 December 2018 WISE-6610 Series User Manual ii Declaration of Conformity CE This product has passed the CE test for environmental specifications. Test conditions for passing included the equipment being operated within an industrial enclosure. In order to protect the product from being damaged by ESD (Electrostatic Discharge) and EMI leakage, we strongly recommend the use of CE-compliant industrial enclo-
sure products. FCC Class A Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Opera-
tion of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. This device complies with Part 15 of the FCC Rules. Operation is subject to the fol-
lowing two conditions:
(1) This device may not cause harmful interference, and
(2) this device must accept any interference received, including interference that may cause undesired operation. Caution! Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. Technical Support and Assistance 1. Visit the Advantech web site at www.advantech.com/support where you can find the latest information about the product. 2. Contact your distributor, sales representative, or Advantech's customer service center for technical support if you need additional assistance. Please have the following information ready before you call:
Product name and serial number Description of your peripheral attachments Description of your software (operating system, version, application software, etc.) A complete description of the problem The exact wording of any error messages iii WISE-6610 Series User Manual Warnings, Cautions and Notes Warning! Warnings indicate conditions, which if not observed, can cause personal injury!
Caution! Cautions are included to help you avoid damaging hardware or losing data. e.g. There is a danger of a new battery exploding if it is incorrectly installed. Do not attempt to recharge, force open, or heat the battery. Replace the battery only with the same or equivalent type recommended by the man-
ufacturer. Discard used batteries according to the manufacturer's instructions. Note!
Notes provide optional additional information. Document Feedback To assist us in making improvements to this manual, we would welcome comments and constructive criticism. Please send all such - in writing to: support@advan-
tech.com Packing List Before setting up the system, check that the items listed below are included and in good condition. If any item does not accord with the table, please contact your dealer immediately. 1 x Indsutrial LoRa private gateway 1 x DIN-Rail mounting bracket and screws 1 x Wall-mounting bracket WISE-6610 Series User Manual iv Safety Instructions Read these safety instructions carefully. Keep this User Manual for later reference. Disconnect this equipment from any DC outlet before cleaning. Use a damp cloth. Do not use liquid or spray detergents for cleaning. For plug-in equipment, the power outlet socket must be located near the equip-
ment and must be easily accessible. Keep this equipment away from humidity. Put this equipment on a reliable surface during installation. Dropping it or letting it fall may cause damage. The openings on the enclosure are for air convection. Protect the equipment from overheating. DO NOT COVER THE OPENINGS. Make sure the voltage of the power source is correct before connecting the equipment to the power outlet. Position the power cord so that people cannot step on it. Do not place anything over the power cord. All cautions and warnings on the equipment should be noted. If the equipment is not used for a long time, disconnect it from the power source to avoid damage by transient overvoltage. Never pour any liquid into an opening. This may cause fire or electrical shock. Never open the equipment. For safety reasons, the equipment should be opened only by qualified service personnel. If one of the following situations arises, get the equipment checked by service personnel:
The power cord or plug is damaged. Liquid has penetrated into the equipment. The equipment has been exposed to moisture. The equipment does not work well, or you cannot get it to work according to the user's manual. The equipment has been dropped and damaged. The equipment has obvious signs of breakage. DO NOT LEAVE THIS EQUIPMENT IN AN ENVIRONMENT WHERE THE STORAGE TEMPERATURE MAY GO -40C (-40F) ~ 85C (185F). THIS COULD DAMAGE THE EQUIPMENT. THE EQUIPMENT SHOULD BE IN A CONTROLLED ENVIRONMENT. The sound pressure level at the operator's position according to IEC 704-1:1982 is no more than 70 dB (A). DISCLAIMER: This set of instructions is given according to IEC 704-1. Advan-
tech disclaims all responsibility for the accuracy of any statements contained herein. The antenna(s) used for this transmitter must be installed to provide a separa-
tion distance of at least 20cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter. v WISE-6610 Series User Manual Wichtige Sicherheishinweise Bitte lesen sie Sich diese Hinweise sorgfltig durch. Heben Sie diese Anleitung fr den spteren Gebrauch auf. Vor jedem Reinigen ist das Gert vom Stromnetz zu trennen. Verwenden Sie Keine Flssig-oder Aerosolreiniger. Am besten dient ein angefeuchtetes Tuch zur Reinigung. Die NetzanschluBsteckdose soll nahe dem Gert angebracht und leicht zugn-
glich sein. Das Gert ist vor Feuchtigkeit zu schtzen. Bei der Aufstellung des Gertes ist auf sicheren Stand zu achten. Ein Kippen oder Fallen knnte Verletzungen hervorrufen. Die Belftungsffnungen dienen zur Luftzirkulation die das Gert vor berhit-
zung schtzt. Sorgen Sie dafr, daB diese ffnungen nicht abgedeckt werden. Beachten Sie beim. AnschluB an das Stromnetz die AnschluBwerte. Verlegen Sie die NetzanschluBleitung so, daB niemand darber fallen kann. Es sollte auch nichts auf der Leitung abgestellt werden. Alle Hinweise und Warnungen die sich am Gerten befinden sind zu beachten. Wird das Gert ber einen lngeren Zeitraum nicht benutzt, sollten Sie es vom Stromnetz trennen. Somit wird im Falle einer berspannung eine Beschdigung vermieden. Durch die Lftungsffnungen drfen niemals Gegenstnde oder Flssigkeiten in das Gert gelangen. Dies knnte einen Brand bzw. elektrischen Schlag aus-
lsen. ffnen Sie niemals das Gert. Das Gert darf aus Grnden der elektrischen Sicherheit nur von authorisiertem Servicepersonal geffnet werden. Wenn folgende Situationen auftreten ist das Gert vom Stromnetz zu trennen und von einer qualifizierten Servicestelle zu berprfen:
Netzkabel oder Netzstecker sind beschdigt. Flssigkeit ist in das Gert eingedrungen. Das Gert war Feuchtigkeit ausgesetzt. Wenn das Gert nicht der Bedienungsanleitung entsprechend funktioniert oder Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen. Das Gert ist gefallen und/oder das Gehuse ist beschdigt. Wenn das Gert deutliche Anzeichen eines Defektes aufweist. Der arbeitsplatzbezogene Schalldruckpegel nach DIN 45 635 Teil 1000 betrgt 70dB(A) oder weiger. Haftungsausschluss: Die Bedienungsanleitungen wurden entsprechend der IEC-704-1 erstellt. Advantech lehnt jegliche Verantwortung fr die Richtigkeit der in diesem Zusammenhang gettigten Aussagen ab. WISE-6610 Series User Manual vi Safety Precaution - Static Electricity Static electricity can cause bodily harm or damage electronic devices. To avoid dam-
age, keep static-sensitive devices in the static-protective packaging until the installa-
tion period. The following guidelines are also recommended:
Wear a grounded wrist or ankle strap and use gloves to prevent direct contact to the device before servicing the device. Avoid nylon gloves or work clothes, which tend to build up a charge. Always disconnect the power from the device before servicing it. Before plugging a cable into any port, discharge the voltage stored on the cable by touching the electrical contacts to the ground surface. vii WISE-6610 Series User Manual Contents Chapter Chapter Chapter 2.4 1 1.1 1.2 1.3 2 2.1 2.2 2.3 Product Overview ............................... 1 Specifications............................................................................................ 2 Hardware Views........................................................................................ 3 1.2.1 Front View..................................................................................... 3 1.2.2 Rear View ..................................................................................... 3 1.2.3 Top View....................................................................................... 3 1.2.4 System LED Panel........................................................................ 4 Dimensions ............................................................................................... 4 Gateway Installation ........................... 5 Warning..................................................................................................... 6 Installation Guideline................................................................................. 7 Installing the Gateway............................................................................... 8 2.3.1 Installing Antenna ......................................................................... 8 2.3.2 Wall Mounting............................................................................... 9 2.3.3 DIN Rain Mounting ..................................................................... 10 Connecting the Gateway to Ethernet Port .............................................. 12 2.4.1 RJ45 Ethernet Cable Wiring ....................................................... 12 2.5 Power Supply Installation........................................................................ 12 3 Managing Gateway ........................... 13 Access Interface ..................................................................................... 14 3.1 Recommended Practices........................................................................ 15 3.2 3.2.1 Changing Default Password ....................................................... 15 Status...................................................................................................... 16 3.3.1 General....................................................................................... 16 3.3.2 Network....................................................................................... 17 3.3.3 DHCP.......................................................................................... 17 3.3.4 IPsec........................................................................................... 18 3.3.5 DynDNS...................................................................................... 18 3.3.6 System Log................................................................................. 19 Configuration........................................................................................... 20 3.4.1 LAN............................................................................................. 20 3.4.2 NAT............................................................................................. 28 3.4.3 OpenVPN.................................................................................... 32 3.4.4 IPSec .......................................................................................... 35 3.4.5 GRE............................................................................................ 39 3.4.6 L2TP ........................................................................................... 41 3.4.7 PPTP .......................................................................................... 43 3.4.8 Services...................................................................................... 44 3.4.9 Scripts......................................................................................... 52 3.4.10 Automatic Update ....................................................................... 54 Customization ......................................................................................... 56 3.5.1 Adding a Module......................................................................... 56 Administration ......................................................................................... 63 3.6.1 Users .......................................................................................... 63 3.6.2 Change Profile............................................................................ 64 3.6.3 Change Password ...................................................................... 64 3.6.4 Set Real Time Clock................................................................... 65 3.6.5 Backup Configuration ................................................................. 65 3.6.6 Restore Configuration................................................................. 65 3.5 3.6 3.4 3.3 SmartSwarm 243 User Manual viii Chapter 3.6.7 Update Firmware ........................................................................ 66 3.6.8 Reboot ........................................................................................ 67 Configuration in Typical Situations ...........................................68 Enabling the LoRaWAN and Network Server ......................................... 69 Changing the Raw LoRa Data Format .................................................... 86 Node-RED Setup .................................................................................... 88 4 4.1 4.2 4.3 ix SmartSwarm 243 User Manual List of Figures Figure 1.1 Figure 1.2 Figure 1.3 Figure 1.4 Figure 2.1 Figure 2.2 Figure 2.3 Figure 2.4 Figure 2.5 Figure 2.6 Figure 2.7 Figure 2.8 Figure 2.9 Figure 3.1 Figure 3.2 Figure 3.3 Figure 3.4 Figure 3.5 Figure 3.6 Figure 3.7 Figure 3.8 Figure 3.9 Figure 3.10 Figure 3.11 Figure 3.12 Figure 3.13 Figure 3.14 Figure 3.15 Figure 3.16 Figure 3.17 Figure 3.18 Figure 3.19 Figure 3.20 Figure 3.21 Figure 3.22 Figure 3.23 Figure 3.24 Figure 3.25 Figure 3.26 Figure 3.27 Figure 3.28 Figure 3.29 Figure 3.30 Figure 3.31 Figure 3.32 Figure 3.33 Figure 3.34 Figure 3.35 Figure 3.36 Figure 3.37 Figure 3.38 Figure 3.39 Figure 3.40 Figure 3.41 Figure 3.42 Figure 3.43 Front View ..................................................................................................................... 3 Rear View...................................................................................................................... 3 Top View ....................................................................................................................... 3 System LED Panel ........................................................................................................ 4 Installing the Antenna.................................................................................................... 8 Positioning the Antenna ................................................................................................ 8 Wall Mount Installation .................................................................................................. 9 Wall Mount Installation ................................................................................................ 10 Installing the DIN-Rail Mounting Kit............................................................................. 10 Correctly Installed DIN Rail Kit .................................................................................... 11 Removing the DIN-Rail................................................................................................ 11 Ethernet Plug & Connector Pin Position...................................................................... 12 Installing the Power Cable........................................................................................... 12 Login Screen ............................................................................................................... 14 Changing a Default Password..................................................................................... 15 Status > General ......................................................................................................... 16 Status > Network......................................................................................................... 17 Status > DHCP............................................................................................................ 17 Status > IPsec ............................................................................................................. 18 Status > DynDNS ........................................................................................................ 18 Status > System Log ................................................................................................... 19 Example Program Syslogd Start with the Parameter -R ............................................. 19 Configuration > LAN.................................................................................................... 21 IPv6 Address with Prefix Example .............................................................................. 23 IPv4 Dynamic DHCP Network Topology ..................................................................... 24 LAN Configuration for a Dynamic Network Typology .................................................. 25 IPv4 Dynamic and Static DHCP Network Topology .................................................... 25 LAN Configuration for an IPv4 Dynamic and Static DHCP Network Topology ........... 26 IPv6 Dynamic DHCP Server Network Topology ......................................................... 26 LAN Configuration for an IPv6 Dynamic DHCP Server Network Topology................. 27 Configuration > NAT.................................................................................................... 28 Topology for NAT Configuration Example 1................................................................ 30 NAT Configuration for Example 1................................................................................ 30 Topology for NAT Configuration Example 2................................................................ 31 NAT Configuration for Example 2................................................................................ 31 Configuration > OpenVPN > 1st Tunnel...................................................................... 32 Topology of OpenVPN Configuration Example ........................................................... 34 Configuration > 1st Tunnel .......................................................................................... 36 Topology of Configuration Example ............................................................................ 39 Configuration > GRE > 1st Tunnel .............................................................................. 40 Topology of GRE Tunnel Configuration Example ....................................................... 41 Configuration > L2TP .................................................................................................. 42 Topology of L2TP Tunnel Configuration Example....................................................... 42 Configuration > PPTP ................................................................................................. 43 Topology of PPTP Tunnel Configuration Example...................................................... 44 Configuration > Services > DynDNS ........................................................................... 45 DynDNS Configuration Example ................................................................................. 45 Configuration > Services > HTTP................................................................................ 46 Configuration > Services > NTP.................................................................................. 46 Example of NTP Configuration.................................................................................... 47 Configuration > Services > SNMP............................................................................... 47 OID Basic Structure..................................................................................................... 49 SNMP Configuration Example..................................................................................... 50 MIB Browser Example................................................................................................. 50 Configuration > Services > SMTP ............................................................................... 51 SMTP Client Configuration Example........................................................................... 51 SmartSwarm 243 User Manual x Figure 3.44 Figure 3.45 Figure 3.46 Figure 3.47 Figure 3.48 Figure 3.49 Figure 3.50 Figure 3.51 Figure 3.52 Figure 3.53 Figure 3.54 Figure 3.55 Figure 3.56 Figure 3.57 Figure 3.58 Figure 3.59 Figure 3.60 Figure 3.61 Figure 3.62 Figure 4.1 Figure 4.2 Figure 4.3 Figure 4.4 Figure 4.5 Figure 4.6 Figure 4.7 Figure 4.8 Figure 4.9 Figure 4.10 Figure 4.11 Figure 4.12 Figure 4.13 Figure 4.14 Figure 4.15 Figure 4.16 Figure 4.17 Figure 4.18 Figure 4.19 Figure 4.20 Figure 4.21 Figure 4.22 Figure 4.23 Figure 4.24 Figure 4.25 Figure 4.26 Figure 4.27 Figure 4.28 Figure 4.29 Figure 4.30 Figure 4.31 Figure 4.32 Figure 4.33 Figure 4.34 Figure 4.35 Configuration > Services > SSH.................................................................................. 52 Example of a Startup Script......................................................................................... 53 Example of IPv6 Up/Down Script ................................................................................ 54 Configuration > Automatic Update............................................................................... 55 Example of Automatic Update 1 .................................................................................. 56 Example of Automatic Update 2 .................................................................................. 56 User Modules .............................................................................................................. 57 User Modules > LoRaWAN Gateway > MQTT and LoRaWAN................................... 58 User Modules > LoRaWAN Gateway > LoRaWAN Status.......................................... 60 User Modules > LoRaWAN Gateway > LoRaWAN Server ......................................... 61 User Modules > LoRaWAN Gateway > LoRaWAN Server (https) .............................. 62 User Modules > LoRaWAN Gateway > Advantech Application .................................. 62 Administration > Users ................................................................................................ 63 Administration > Change Profile.................................................................................. 64 Administration > Change Password ............................................................................ 64 Administration > Set Real Time Clock......................................................................... 65 Administration > Restore Configuration....................................................................... 65 Administration > Update Firmware .............................................................................. 66 Administration > Reboot .............................................................................................. 67 Customization > User Modules.................................................................................... 69 LoRaWAN Gateway > MQTT and LoRaWAN ............................................................. 69 LoRaWAN Gateway > MQTT and LoRaWAN ............................................................. 70 LoRaWAN Gateway > LoRaWAN Server.................................................................... 71 LoRaWAN Server > Infrastructure > Gateways........................................................... 71 LoRaWAN Server > Infrastructure > Gateways > Create............................................ 72 LoRaWAN Server > Infrastructure > Networks............................................................ 72 LoRaWAN Server > Infrastructure > Network > Create > General.............................. 73 LoRaWAN Server > Infrastructure > Network > Create > ADR................................... 74 LoRaWAN Server > Infrastructure > Network > Create > Channel ............................. 75 LoRaWAN Server > Backends > Handlers.................................................................. 76 LoRaWAN Server > Backends > Handlers > Create................................................... 77 Parse Uplink Sample ................................................................................................... 78 LoRaWAN Server > Backends > Connectors.............................................................. 78 LoRaWAN Server > Backends > Connectors > Create............................................... 79 LoRaWAN Server > Devices > Profiles ....................................................................... 80 LoRaWAN Server > Devices > Profiles > Create > General ....................................... 80 LoRaWAN Server > Devices > Profiles > Create > ADR ............................................ 81 LoRaWAN Server > Devices > Activated (Nodes) ...................................................... 82 LoRaWAN Server > Devices > Activated (Nodes) > Create........................................ 82 LoRaWAN Server > Devices > Commissioned ........................................................... 83 LoRaWAN Server > Devices > Commissioned > Create ............................................ 83 LoRaWAN Server > Received Frames........................................................................ 84 MQTT Subscription...................................................................................................... 84 MQTT Subscription...................................................................................................... 85 LoRaWAN Server > Infrastructure > Events................................................................ 85 User Modules > LoRaWAN Gateway > Advantech Application .................................. 86 Data and Status........................................................................................................... 86 User Modules > LoRaWAN Gateway > MQTT and LoRaWAN................................... 87 LoRaWAN Server > Activated (Nodes) ....................................................................... 87 LoRaWAN Server > Activated (Nodes) > Edit > General ............................................ 87 Applying Data to Other Software Applications............................................................. 88 Customization > User Modules.................................................................................... 88 Node-RED ................................................................................................................... 88 Node-RED ................................................................................................................... 88 xi SmartSwarm 243 User Manual Chapter 1 1Product Overview 1.1 Specifications Specifications WSN Support LAN Interface Digital I/O General Physical Environment Power Certifications LoRaWAN 868/915 MHz RP-SMA Female connector x 1 10/100 Mbps, auto MDI/MDIX RJ45 x 1 1.5-kV built-in magnetic isolation protection Digital input on voltage: 2.7 ~ 36 VDC 4-way Molex moni-fit connector PWR, DAT, WAN, ETH Reset button IP30 DIN rail, wall 150 x 37.5 x 83 mm (5.9" x 1.48" x 3.27") Description Standard Frequency ANT Connector Ethernet Connector Protection Port Type Port Connector LED Indicators Reboot Trigger Protection Class Installation Dimensions
(W x H x D) Weight Operating Temperature Storage Temperature Ambient Relative Humidity Power Input Power Connector 4-way Molex moni-fit connector Power Consumption EMC 500 g ( 17.63 oz)
-40 ~ 75C (-40 ~ 167F) 3.1/6.6/40 mW (average/peak/sleep mode) 10 ~ 95% (non-condensing)
-40 ~ 85C (-40 ~ 185F) 9 ~ 36 VDC EN61000-4-2, Level 3 EN61000-4-3, Level 3 EN61000-4-4, Level 3 EN61000-4-5, Level 3 EN61000-4-6, Level 3 EN61000-4-12, Level 3 EN61000-4-11, voltage dip: 70%
IEC60068-2-27 IEC60068-2-32 IEC60068-2-6 Shock Free Fall Vibration 2 WISE-6610 Series User Manual 1.2 Hardware Views 1.2.1 Front View 3 2 I / O 1 WAN DAT PWR
-
+
ETH 4 LoRa WISE-6610 Figure 1.1 Front View No. 1 2 3 4 Item System LED panel I/O (Power socket) ETH port Antenna connector Description See System LED Panel on page 4 for further details. Connect cabling for power. RJ45 x 1 Connector for antenna. 1.2.2 Rear View 1 Figure 1.2 Rear View No. 1 Item DIN-Rail holes Description Screw holes (2) used in the installation of a DIN rail clip. 1.2.3 Top View 1 1 1 1 Figure 1.3 Top View No. 1 Item Wall mounting holes Screw holes (4) used in the installation on wall. Description WISE-6610 Series User Manual 3 1.2.4 System LED Panel LED Name PWR DAT WAN LED Color Green Green Green 1.3 Dimensions mm [inch]
Description
.
]
6 2 3
[
3 8
.
]
0 3 0
[
0 5 7
. 140 [5.51]
150 [5.90]
125.40 [4.94]
I / O
.
]
7 4 1
[
0 5 7 3
. Figure 1.4 System LED Panel 4 WISE-6610 Series User Manual Chapter 2 2Gateway Installation 2.1 Warning Warning: Before working on equipment that is connected to power lines, remove any jewelry (including rings, necklaces, and watches). Metal objects can heat up when connected to power and ground, which can cause serious burns or weld the metal object to the terminals. Caution! Exposure to chemicals can degrade the sealing properties of materials used in the sealed relay device. Caution!
It is not recommended to work on the system or connect or disconnect cables during periods of lightning activity. Caution! Before performing any of the following procedures, disconnect the power source from the DC circuit. Caution! Read the installation instructions before connecting the system to its power source. Caution! The device must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground con-
ductor. Caution! The installation, replacement, or service of the device must be Only be performed by trained and qualified personnel. Caution! Ultimate disposal of this product should be handled according to local and national regulations 6 WISE-6610 Series User Manual Caution! To prevent the system from overheating, do not operate it in an area that exceeds the maximum recommended ambient temperature of: 70C
(158F). Caution!
If the switch is to be installed in a hazardous location, ensure that the DC power source is located away from the vicinity of the switch. Caution! The installation of the equipment must comply with all national and local electrical codes. Caution! Explosion Hazard-The area must be known to be nonhazardous before servicing or replacing any components. Warning! Airflow around the switch must be unrestricted. To prevent the switch from overheating, there must be the following minimum clearances:
Top and bottom: 2.0 in. (50.8 mm) Sides: 2.0 in. (50.8 mm) Front: 2.0 in. (50.8 mm) 2.2 Installation Guideline The following guidelines are provided to optimize the device performance. Review the guidelines before installing the device. Make sure cabling is away from sources of electrical noise. Radios, power lines, and fluorescent lighting fixtures can interference with the device performance. Make sure the cabling is positioned away from equipment that can damage the cables. Operating environment is within the ranges listed range, see Specifications on page 2. Relative humidity around the switch does not exceed 95 percent (noncondens-
ing). Altitude at the installation site is not higher than 10,000 feet. In 10/100 and 10/100/1000 fixed port devices, the cable length from the switch to connected devices can not exceed 100 meters (328 feet). Make sure airflow around the switch and respective vents is unrestricted. With-
out proper airflow the switch can overheat. To prevent performance degredation and damage to the switch, make sure there is clerance at the top and bottom and around the exhaust vents. WISE-6610 Series User Manual 7 2.3 Installing the Gateway 2.3.1 Installing Antenna 1. Connect the antenna by screwing the antenna connectors in a clockwise direc-
tion. WISE-6610 LoRa WAN DAT PWR I / O
+
-
ETH 2. Position the antenna for optimal signal strength. Figure 2.1 Installing the Antenna Note!
The location and position of the antenna is crucial for effective wireless connectivity WISE-6610 LoRa WAN DAT PWR I / O
+
-
ETH Figure 2.2 Positioning the Antenna 8 WISE-6610 Series User Manual 2.3.2 Wall Mounting 1. 2. 3. 4. Locate the area to install and mark the four screw locations. It is suggested to place the device on the installation location and use the mounting locations to mark the location of the screw holes). If necessary first drill pilot holes. Drill four holes over the four marked locations on the wall. On concrete, it is recommended to install wall sinks Align the SmartSwarm over the installation location on the wall. Secure the SmartSwarm with screws ( 5.0 mm). P W R D AT WA N I
/
O
-
+
ETH LoRa WISE-6610 Figure 2.3 Wall Mount Installation WISE-6610 Series User Manual 9 2.3.3 DIN Rain Mounting 2.3.3.1 Installing the DIN Rail Mounting Kit 1. 2. Align the DIN rail clip with the rear of SmartSwarm. Secure the DIN rail clip and the SmartSwarm with screws. Figure 2.4 Wall Mount Installation 3. Position the rear panel of the SmartSwarm directly in front of the DIN rail, mak-
ing sure that the top of the DIN rail clip hooks over the top of the DIN rail, as shown in the following illustration. Make sure the DIN rail is inserted behind the spring mechanism. 4. Once the DIN rail is seated correctly in the DIN rail clip, press the front of the SmartSwarm to rotate the SmartSwarm down and into the release tab on the DIN rail clip. If seated correctly, the bottom of the DIN rail should be fully inserted in the release tab. DIN rail clip DIN rail DIN rail clip release tab Figure 2.5 Installing the DIN-Rail Mounting Kit 10 WISE-6610 Series User Manual See the following figure demonstrating the correct position of a completed DIN installation. Figure 2.6 Correctly Installed DIN Rail Kit 2.3.3.2 Removing the DIN Rail Mounting Kit 1. 2. Ensure that power is removed from the SmartSwarm, and disconnect all cables and connectors from the front panel of the SmartSwarm. Push down on the top of the DIN rail clip release tab with your finger. As the clip releases, lift the bottom of the SmartSwarm, as shown in the following illustra-
tion. Figure 2.7 Removing the DIN-Rail WISE-6610 Series User Manual 11 2.4 Connecting the Gateway to Ethernet Port 2.4.1 RJ45 Ethernet Cable Wiring For RJ45 connectors, data-quality, twisted pair cabling (rated CAT5 or better) is rec-
ommended. The connector bodies on the RJ45 Ethernet ports are metallic and con-
nected to the GND terminal. For best performance, use shielded cabling. Shielded cabling may be used to provide further protection. Straight-thru Cable Wiring Pin 1 Pin 2 Pin 3 Pin 6 Pin 1 Pin 2 Pin 3 Pin 6 Cross-over Cable Wiring Pin 1 Pin 2 Pin 3 Pin 6 Pin 3 Pin 6 Pin 1 Pin 2 Figure 2.8 Ethernet Plug & Connector Pin Position 1 Maximum cable length: 100 meters (328 ft.) for 10/100BaseT. 8 2.5 Power Supply Installation 1. Insert the power cable into the power socket. The cable locks in place if installed correctly. 2. Connect the other end to a wall outlet. The LEDs light when the device is connected to the power source WISE-6610 LoRa WAN DAT PWR I / O
+
-
ETH The following table show the color lines definition:
Figure 2.9 Installing the Power Cable V+
Red DI Yellow GND Black D0 Gray 12 WISE-6610 Series User Manual Chapter 3 3Managing Gateway 3.1 Access Interface To access the login window, connect the device to the network, see Connecting the Gateway to Ethernet Port on page 12. When WISE-6610 Series is first installed, make sure the network environment is configured to enable access to the device. Your computer and the device must be on the same network subnet to allow them to establish a network connection. Before you begin, make sure the device is powered on, see Power Supply Installation on page 13 for further information. 1. 2. Launch a web browser on a computer. In the browser's address bar type in the default IP address (192.168.1.1). The login screen displays. Enter the default user name and password (root/root) to log into the management interface. You can change the default password after a successfully log in. See Changing Default Password on page 15. 3. 4. Click Login to enter the management interface. Figure 3.1 Login Screen When you successfully enter login information on the login page, web interface will be displayed. The left side of the web interface contains a menu tree with sections for monitoring (Status), configuration (Configuration), customization (Customization) and administration (Administration) of the device. Name and Location items in the right upper corner display the name and location of the device in the SNMP configuration (see SNMP on page 47). These fields are user-defined for each device. After the green LED starts to blink you may restore the initial device settings by pressing the reset (RST) button on the back panel. If the reset button is pressed, all configuration will revert to factory defaults and the device will reboot (the green LED will be on during the reboot). 14 WISE-6610 Series User Manual 3.2 Recommended Practices One of the easiest things to do to help increase the security posture of the network infrastructure is to implement a policy and standard for secure management. This practice is an easy way to maintain a healthy and secure network. After you have performed the basic configurations on your switches, the following is a recommendation which is considered best practice policy. 3.2.1 Changing Default Password In keeping with good management and security practices, it is recommended that you change the default password as soon as the WISE-6610 Series is functioning and setup correctly. The following details the necessary steps to change the default password. To change the password:
1. Navigate to Administration > Change Password. 2. In the New Password field, type in the new password. Re-type the same password in the Confirm Password field. 3. Click Apply to change the current account settings. Figure 3.2 Changing a Default Password Note!
To change other user's password, go to Administration > User. From the User Administration menu, click Change Password behind the user's account WISE-6610 Series User Manual 15 3.3 Status 3.3.1 General Selecting the General item will open a screen displaying a summary of basic information about the device and its activities. This page is also displayed when you login to the web interface. Information is divided into several sections, based upon the type of device activity or the properties area: Mobile Connection, Primary LAN, Peripheral Ports and System Information. If the device is WiFi equipped, there will be a WiFi section. IPv6 Address item can show multiple different addresses for one network interface. This is standard behavior since an IPv6 interface uses more addresses. The second IPv6 Address showed after pressing More Information is automatically generated EUI-64 format link local IPv6 address derived from MAC address of the interface. It is generated and assigned the first time the interface is used (e.g. cable is connected, Mobile WAN connecting, etc.). To access this page, click Status > General. Figure 3.3 Status > General 16 WISE-6610 Series User Manual 3.3.2 Network To view information about the interfaces and the routing table, open the Network item in the Status menu. To access this page, click Status > Network. 3.3.3 DHCP Figure 3.4 Status > Network Information about the DHCP server activity is accessible via DHCP item. The DHCP server provides automatic configuration of the client devices connected to the device. The DHCP server assigns each device an IP address, subnet mask, default gateway
(IP address of device) and DNS server (IP address of device). DHCPv6 server is supported. To access this page, click Status > DHCP. Figure 3.5 Status > DHCP WISE-6610 Series User Manual 17 3.3.4 IPsec Selecting the IPsec option in the status menu of the web page will bring up the infor-
mation for any IPsec Tunnels that have been established. If the tunnel has been built correctly, the screen will display IPsec SA established (highlighted in red in the figure below.) If there is no such text in log, the tunnel was not created. To access this page, click Status > IPsec. 3.3.5 DynDNS Figure 3.6 Status > IPsec The device supports DynamicDNS using a DNS server on www.dyndns.org. If Dynamic DNS is configured, the status can be displayed by selecting menu option DynDNS. Refer to www.dyndns.org for more information on how to configure a Dynamic DNS client. You can use the following listed servers for the Dynamic DNS service. It is possible to use the DynDNSv6 service with IP Mode switched to IPv6 on DynDNS Configuration page. www.dyndns.org www.spdns.de www.dnsdynamic.org www.noip.com To access this page, click Status > DynDNS. Figure 3.7 Status > DynDNS When the device detects a DynDNS record update, the dialog displays one or more of the following messages:
DynDNS client is disabled. Invalid username or password. Specified hostname doesn't exist. Invalid hostname format. Hostname exists, but not under specified username. No update performed yet. DynDNS record is already up to date. DynDNS record successfully update. DNS error encountered. DynDNS server failure. 18 WISE-6610 Series User Manual 3.3.6 System Log If there are any connection problems you may view the system log by selecting the System Log menu item. Detailed reports from individual applications running in the device will be displayed. Use the Save Log button to save the system log to a connected computer. (It will be saved as a text file with the .log extension.) The Save Report button is used for creating detailed reports. (It will be saved as a text file with the .txt extension. The file will include statistical data, routing and process tables, system log, and configuration.) The default length of the system log is 1000 lines. After reaching 1000 lines a new file is created for storing the system log. After completion of 1000 lines in the second file, the first file is overwritten with a new file. The Syslogd program will output the system log. It can be started with two options to modify its behavior. Option -S followed by decimal number sets the maximal number of lines in one log file. Option -R followed by hostname or IP address enables logging to a remote syslog daemon. (If the remote syslog daemon is Linux OS, there has to be remote logging enabled (typically running syslogd -R). If it's the Windows OS, there has to be syslog server installed, e.g. Syslog Watcher). To start syslogd with these options, the /etc/init.d/syslog script can be modified via SSH or lines can be added into Startup Script (accessible in Configuration section) according to Figure 3.9. To access this page, click Status > System Log. Figure 3.8 Status > System Log The following example (figure) shows how to send syslog information to a remote server at 192.168.2.115 on startup. Figure 3.9 Example Program Syslogd Start with the Parameter -R WISE-6610 Series User Manual 19 3.4 Configuration 3.4.1 LAN To enter the Local Area Network configuration, select the LAN menu item in the Configuration section. LAN Configuration page is divided into IPv4 and IPv6 columns, see Figure 3.10. There is dual stack support of IPv4 and IPv6 protocols - they can run alongside, you can configure either one of them or both. If you configure both IPv4 and IPv6, other network devices will choose the communication protocol. Configuration items and IPv6 to IPv4 differences are described in the tables below. 20 WISE-6610 Series User Manual To access this page, click Configuration > LAN. Item DHCP Client IP Address Figure 3.10 Configuration > LAN Description Enables/disables the DHCP client function supporting both IPv4 and IPv6. disabled - The device does not allow automatic allocation of an IP address from a DHCP server in LAN network. enabled - The device allows automatic allocation of an IP address from a DHCP server in LAN network. A fixed IP address of the Ethernet interface. Use IPv4 notation in IPv4 column and IPv6 notation in IPv6 column. Shortened IPv6 notation is supported. Subnet Mask / Prefix Specifies a Subnet Mask for the IPv4 address. In the IPv6 column, fill in the Prefix for the IPv6 address - number in range 0 to 128. WISE-6610 Series User Manual 21 Item Default Gateway DNS Server Description Specifies the IP address of a default gateway. If filled-in, every packet with the destination not found in the routing table is sent to this IP address. Use proper IP address notation in IPv4 and IPv6 column. Specifies the IP address of the DNS server. When the IP address is not found in the Routing Table, the device forwards the request to DNS server specified here. Use proper IP address notation in IPv4 and IPv6 column. The Default Gateway and DNS Server items are only used if the DHCP Client item is set to disabled and if the Primary or Secondary LAN is selected by the Backup Routes system as the default route. Since FW 5.3.0, Default Gateway and DNS Server are also supported on bridged interfaces. The following items (in the table below) are global for the configured Ethernet interface. Only one bridge can be active on the device at a time. The DHCP Client, IP Address and Subnet Mask / Prefix parameters of the only one of the interfaces are used to for the bridge. Primary LAN has higher priority when other interfaces (wlan0) are added to the bridge. Other interfaces (wlan0 - wifi) can be added to or deleted from an existing bridge at any time. The bridge can be created on demand for such interfaces, but not if it is configured by their respective parameters. Item Bridged Media Type Description Activates/deactivates the bridging function on the device. no - The bridging function is inactive (default). yes - The bridging function is active. Specifies the type of duplex and speed used in the network. Auto-negation - The device automatically sets the best speed and duplex mode of communication according to the network's possibilities. 100 Mbps Full Duplex - The device communicates at 100 Mbps, in the full duplex mode. 100 Mbps Half Duplex - The device communicates at 100 Mbps, in the half duplex mode. 10 Mbps Full Duplex - The device communicates at 10 Mbps, in the full duplex mode. 10 Mbps Half Duplex - The device communicates at 10 Mbps, in the half duplex mode. 3.4.1.1 DHCP Server The DHCP server assigns the IP address, gateway IP address (IP address of the device) and IP address of the DNS server (IP address of the device) to the connected clients. If these values are filled in by the user in the configuration form, they will be preferred. The DHCP server supports static and dynamic assignment of IP addresses. Dynamic DHCP assigns clients IP addresses from a defined address space. Static DHCP assigns IP addresses that correspond to the MAC addresses of connected clients. If IPv6 column is filled in, the DHCPv6 server is used - it is dual stack IPv4 and IPv6. Note!
Do not to overlap ranges of static allocated IP addresses with addresses allocated by the dynamic DHCP server. IP address conflicts and incorrect network function can occur if you overlap the ranges. 22 WISE-6610 Series User Manual Configuration of Dynamic DHCP Server Item Enable dynamic DHCP leases IP Pool Start IP Pool End Lease time Description Select this option to enable a dynamic DHCP server. Starting IP addresses allocated to the DHCP clients. Use proper notation in IPv4 and IPv6 column. End of IP addresses allocated to the DHCP clients. Use proper IP address notation in IPv4 and IPv6 column. Time in seconds that the IP address is reserved before it can be re-
used. Configuration of Static DHCP Server Item Enable static DHCP leases MAC Address IPv4 Address IPv6 Address Description Select this option to enable a static DHCP server. MAC address of a DHCP client. Assigned IPv4 address. Use proper notation. Assigned IPv6 address. Use proper notation. 3.4.1.2 IPv6 Prefix Delegation Note!
This is an advanced configuration option. IPv6 prefix delegation works automatically with DHCPv6 - use only if different configuration is desired and if you know the consequences. If you want to override the automatic IPv6 prefix delegation, you can configure it in this form. You have to know your Subnet ID Width (part of IPv6 address), see Figure 3.11 below for the calculation help - it is an example: 48 bits is Site Prefix, 16 bits is Subnet ID (Subnet ID Width) and 64 bits is Interface ID. Item Enable IPv6 prefix delegation Enable IPv6 prefix delegation Subnet ID Width Figure 3.11 IPv6 Address with Prefix Example Description Enables prefix delegation configuration filled-in below. The decimal value of the Subnet ID of the Ethernet interface. Maximum value depends on the Subnet ID Width. The maximum Subnet ID Width depends on your Site Prefix - it is the remainder to 64 bits. WISE-6610 Series User Manual 23 3.4.1.3 IEEE 802.1X Authentication To prevent unauthorized radios from accessing data transmitting over wireless transmission, WISE-6610 Series provides rock solid security settings. Navigate to Configuration > LAN and locate Enable IEEE 802.1X Authentication. Item Enable IEEE 802.1X Authentication Authentication Method CA Certificate Local Certificate Local Private Key Identity Password Apply Description Tick the radio button to enable the authentication function. Click the drop-down menu to select the method type. Range: EAP-
PEAP/MSCHAPv2 or EAP-TLS. Enter the trusted digital certificate (required for EAP-PEAP). Enter the self-signed digital certificate (required for EAP-PEAP). Enter the secret key variable used to encrypt or decrypt the transmission. Enter the Identity profile authorized to access the authentication server. Enter the string associated with the defined Identity profile in the previous frame. Click Apply to accept the configuration changes. The following are LAN configuration illustrations defining possible network topology. Example 1: IPv4 Dynamic DHCP Server, Default Gateway and DNS Server The range of dynamic allocated IPv4 addresses is from 192.168.1.2 to 192.168.1.4. The address is allocated for 600 second (10 minutes). Default gateway IP address is 192.168.1.20 DNS server IP address is 192.168.1.20 Figure 3.12 IPv4 Dynamic DHCP Network Topology 24 WISE-6610 Series User Manual The settings required in the LAN configuration menu for an IPv4 Dynamic DHCP configuration are shown in the following figure. Figure 3.13 LAN Configuration for a Dynamic Network Typology Example 2: IPv4 Dynamic and Static DHCP server The range of allocated addresses is from 192.168.1.2 to 192.168.1.4. The address is allocated for 600 seconds (10 minutes). The client with the MAC address 01:23:45:67:89:ab has the IP address 192.168.1.10. The client with the MAC address 01:54:68:18:ba:7e has the IP address 192.168.1.11. Figure 3.14 IPv4 Dynamic and Static DHCP Network Topology WISE-6610 Series User Manual 25 The settings required in the LAN configuration menu for an IPv4 Dynamic and Static DHCP configuration are shown in the following figure. Figure 3.15 LAN Configuration for an IPv4 Dynamic and Static DHCP Network Topology Example 3: IPv6 Dynamic DHCP Server The range of dynamic allocated IPv6 addresses is from 2001:db8::1 to 2001:db8::ffff. The address is allocated for 600 second (10 minutes). The device is still accessible via IPv4 (192.168.1.1). Figure 3.16 IPv6 Dynamic DHCP Server Network Topology 26 WISE-6610 Series User Manual Figure 3.17 LAN Configuration for an IPv6 Dynamic DHCP Server Network Topology WISE-6610 Series User Manual 27 3.4.2 NAT To configure the address translation function, click on NAT in the Configuration sec-
tion of the main menu. There is independent IPv4 and IPv6 NAT configuration since there is dual stack IPv4 and IPv6 implemented in the router. The NAT item in the menu on the left will expand to IPv4 and IPv6 options and you can click IPv6 to enable and configure the IPv6 NAT - see Figure below. The configuration fields have the same meaning in the IPv4 NAT Configuration and IPv6 NAT Configuration forms. To access this page, click Configuration > NAT. Figure 3.18 Configuration > NAT The router actually uses Port Address Translation (PAT), which is a method of map-
ping a TCP/UDP port to another TCP/UDP port. The router modifies the information in the packet header as the packets traverse a router. This configuration form allows you to specify up to 16 PAT rules. Item Public Port Private Port Type Server IP Address Description Public port for the translation rule. Private port for the translation rule. Protocol type - TCP or UDP. IP address where the router forwards incoming data. 28 WISE-6610 Series User Manual If you require more than sixteen NAT rules, insert the remaining rules into the Startup Script. The Startup Script dialog is located on Scripts page in the Configuration sec-
tion of the menu. When creating your rules in the Startup Script, use this command for IPv4 NAT:
iptables -t nat -A napt -p tcp -dport [PORT_PUBLIC] -j DNAT
-to-destination [IPADDR]:[PORT_PRIVATE]
Enter the IP address [IPADDR], the public ports numbers [PORT_PUBLIC], and pri-
vate [PORT_PRIVATE] in place of square brackets. For IPv6 NAT use ip6tables com-
mand with same options. If you enable the following options and enter the port number, the router allows you to remotely access to the router from WAN (Mobile WAN) interface. Caution! Enable remote HTTP access on port activates the redirect from HTTP to HTTPS protocol only. The router doesn't allow unsecured HTTP proto-
col to access the web configuration. To access the web configuration, always check the Enable re- mote HTTPS access on port item. Never enable the HTTP item only to access the web configuration from the Internet (configuration would not be accessible from the Internet). Always check the HTTPS item or HTTPS and HTTP items together (to set the redirect from HTTP). Description This option sets the redirect from HTTP to HTTPS only (disabled in default configuration). If field and port number are filled in, configuration of the router over web interface is allowed (disabled in default configuration). Item Enable remote HTTP access on port Enable remote HTTPS access on port Enable remote SSH access on port Enable remote SNMP access on port Masquerade outgoing packets Use the following parameters to set the routing of incoming data from the WAN
(Mobile WAN) to a connected computer. Select this option to allow access to the router using SSH (disabled in default configuration). Select this option to allow access to the router using SNMP (disabled in default configuration). Activates/deactivates the network address translation function. Item Send all remaining incoming packets to default server Default Server IP Address Description Activates/deactivates forwarding unmatched incoming packets to the default server. The prerequisite for the function is that you specify a default server in the De- fault Server IPv4/IPv6 Address field. The router can for- ward incoming data from a GPRS to a computer with the assigned IP address. The IP address. WISE-6610 Series User Manual 29 Example1: IPv4 NAT Configuration with Single Device Connected Figure 3.19 Topology for NAT Configuration Example 1 It is important to mark the Send all remaining incoming packets to default server check box for this configuration. The IP address in this example is the address of the device behind the router. The default gateway of the devices in the subnetwork con-
nected to router is the same IP address as displayed in the Default Server IPv4 Address field. Figure 3.20 NAT Configuration for Example 1 Example 2: IPv4 NAT Configuration with More Equipment Connected In this example, using the switch you can connect more devices behind the router. Every device connected behind the router has its own IP address. Enter the address in the Server IPv4 Address field in the NAT dialog. The devices are communicating on port 80, but you can set port forwarding using the Public Port and Private Port fields in the NAT dialog. You have now configured the router to access the 192.168.1.2:80 socket behind the router when accessing the IP address 10.0.0.1:81 from the Internet. If you send a ping request to the public IP address of the router
(10.0.0.1), the router responds as usual (not forwarding). And since the Send all 30 WISE-6610 Series User Manual remaining incoming packets to default server is inactive, the router denies connection attempts. Figure 3.21 Topology for NAT Configuration Example 2 Figure 3.22 NAT Configuration for Example 2 WISE-6610 Series User Manual 31 3.4.3 OpenVPN Select the OpenVPN item to configure an OpenVPN tunnel. The OpenVPN tunnel function allows you to create a secure connection between two separate LAN networks. The device allows you to create up to four OpenVPN tunnels. IPv4 and IPv6 dual stack is supported. To access this page, click Configuration > OpenVPN. Figure 3.23 Configuration > OpenVPN > 1st Tunnel Item Description Description Specifies the description or name of tunnel. 32 WISE-6610 Series User Manual Remote Subnet Remote Subnet Mask Redirect Gateway Local Interface IP Address Item Protocol Description Specifies the communication protocol. UDP - The OpenVPN communicates using UDP. TCP server - The OpenVPN communicates using TCP in server mode. TCP client - The OpenVPN communicates using TCP in client mode. UDPv6 - The OpenVPN communicates using UDP over IPv6. TCPv6 server - The OpenVPN communicates using TCP over IPv6 in server mode. TCPv6 client - The OpenVPN communicates using TCP over IPv6 in client mode. UDP Port Remote IP Address Specifies the IPv4, IPv6 address or domain name of the opposite side Specifies the port of the relevant protocol (UDP or TCP). of the tunnel. IPv4 address of a network behind opposite side of the tunnel. IPv4 subnet mask of a network behind opposite tunnel's side. Remote Interface IP Address Activates/deactivates redirection of data on Layer 2. Specifies the IPv4 address of a local interface. For proper routing it is recommended to fill-in any IPv4 address from local range even if you are using IPv6 tunnel only. Specifies the IPv4 address of the interface of opposite side of the tunnel. For proper routing it is recommended to fill-in any IPv4 address from local range even if you are using IPv6 tunnel only. Remote IPv6 Subnet Specify the subnet associated with the listed remote interface. Remote IPv6 Subnet Prefix Length Local Interface IPv6 Address Remote Interface IPv6 Address Ping Interval IPv6 address and prefix of the remote IPv6 network. Equivalent of the Remote Subnet and Remote Subnet Mask in IPv4 section. Specifies the IPv6 address of a local interface. Specifies the IPv6 address of the interface of opposite side of the tunnel. Specifies the IPv6 address of the interface of opposite side of the tunnel. Specifies the time interval the device waits for a message sent by the opposite side. For proper verification of the OpenVPN tunnel, set the Ping Timeout to greater than the Ping Interval. Ping Timeout Renegotiate Interval Specifies the renegotiate period (reauthorization) of the OpenVPN tunnel. You can only set this parameter when the Authenticate Mode is set to username/password or X.509 certificate. After this time period, the device changes the tunnel encryption to help provide the continues safety of the tunnel. Max Fragment Size Maximum size of a sent packet. Compression of the data sent:
Compression none - No compression is used. LZO - A lossless compression is used, use the same setting on both sides of the tunnel. NAT Rules Activates/deactivates the NAT rules for the OpenVPN tunnel:
not applied - NAT rules are not applied to the tunnel. applied - NAT rules are applied to the OpenVPN tunnel. WISE-6610 Series User Manual 33 Item Authenticate Mode Pre-shared Secret CA Certificate DH Parameters Local Certificate Local Private Key Username Password Extra Options Description Specifies the authentication mode:
none - No authentication is set. Pre-shared secret - Specifies the shared key function for both sides of the tunnel. Username/password - Specifies authentication using a CA Certificate, Username and Password. X.509 Certificate (multiclient) - Activates the X.509 authentication in multi-client mode. X.509 Certificate (client) - Activates the X.509 authentication in client mode. X.509 Certificate (server) - Activates the X.509 authentication in server mode. Specifies the pre-shared secret which you can use for every authentication mode. Specifies the CA Certificate which you can use for the username/
password and X.509 Certificate authentication modes. Specifies the protocol for the DH parameters key exchange which you can use for X.509 Certificate authentication in the server mode. Specifies the certificate used in the local device. You can use this authentication certificate for the X.509 Certificate authentication mode. Specifies the key used in the local device. You can use the key for the X.509 Certificate authentication mode. Specifies a login name which you can use for authentication in the username/password mode. Specifies a password which you can use for authentication in the username/password mode. Specifies additional parameters for the OpenVPN tunnel, such as DHCP options. The parameters are proceeded by two dashes. For possible parameters see the help text in the device using SSH - run the openvpnd --help command. Example: OpenVPN Tunnel Configuration in IPv4 Network Figure 3.24 Topology of OpenVPN Configuration Example OpenVPN tunnel configuration:
Configuration Protocol UDP Port A UDP 1194 34 B UDP 1194 WISE-6610 Series User Manual Configuration Remote IP Address Remote Subnet Remote Subnet Mask Local Interface IP Address Remote Interface IP Address Compression Authenticate mode Examples of different options for configuration and authentication of OpenVPN tunnel can be found in the application note OpenVPN Tunnel [5]. B 10.0.0.1 192.168.1.0 255.255.255.0 19.16.2.0 19.16.1.0 LZO none A 10.0.0.2 192.168.2.0 255.255.255.0 19.16.1.0 19.16.2.0 LZO none 3.4.4 IPSec To open the Tunnel Configuration page, click in the Configuration section of the main menu. The tunnel function allows you to create a secured connection between two separate LAN networks. The device allows you to create up to four tunnels. IPv4 and IPv6 tunnels are supported (dual stack), you can transport IPv6 traffic through IPv4 tunnel and vice versa. To access this page, click Configuration > IPSec. Note!
To encrypt data between the local and remote subnets, specify the appropriate values in the subnet fields on both devices. To encrypt the data stream between the devices only, leave the local and remote subnets fields blank. Note!
If you specify the protocol and port information in the Local Protocol/Port field, then the device encapsulates only the packets matching the settings. WISE-6610 Series User Manual 35 Figure 3.25 Configuration > 1st Tunnel 36 WISE-6610 Series User Manual Item Description Host IP Mode Remote IP Address Tunnel IP Mode Remote ID Remote Subnet Remote Subnet Mask Remote Protocol/
Port Local ID Local Subnet First Local Subnet Mask Local Protocol/Port Description Name or description of the tunnel. IPv4 - The device communicates via IPv4 with the opposite side of the tunnel. IPv6 - The device communicates via IPv4 with the opposite side of the tunnel. IPv4, IPv6 address or domain name of the remote side of the tunnel, based in the Host IP Mode above. IPv4 - The IPv4 communication runs inside the tunnel. IPv6 - The IPv6 communication runs inside the tunnel. Identifier (ID) of remote side of the tunnel. It consists of two parts: a hostname and a domain-name. IPv4 or IPv6 address of a network behind remote side of the tunnel, based on Tunnel IP Mode above. IPv4 subnet mask of a network behind remote side of the tunnel, or IPv6 prefix (single number 0 to 128). Specifies Protocol/Port of remote side of the tunnel. The general form is protocol /port, for example 17/1701 for UDP (protocol 17) and port 1701. It is also possible to enter only the number of protocol, however, the above mentioned format is preferred. Identifier (ID) of local side of the tunnel. It consists of two parts: a hostname and a domain-name. IPv4 or IPv6 address of a local network, based on Tunnel IP Mode above. IPv4 subnet mask of a local network, or IPv6 prefix (single number 0 to 128). Specifies Protocol/Port of a local network. The general form is protocol /port, for example 17/1701 for UDP (protocol 17) and port 1701. It is also possible to enter only the number of protocol, however, the above mentioned format is preferred. Encapsulation Mode Specifies the mode, according to the method of encapsulation. You can select the tunnel mode in which the entire IP datagram is encapsulated or the transport mode in which only IP header is encapsulated. Force NAT Traversal Enable/disables NAT address translation on the tunnel. Enable if you IKE Protocol IKE Mode IKE Algorithm use NAT between the end points of the tunnel. Click the drop-down menu to select to define a protocol (IKEv1/IKEv2, IKEv1, or IKEv2). IKE Phase 1 is ISAKMP (Internet Security Association and Key Management Protocol), which is used to create private tunnelling between peers for a secure communication. Specifies the mode for establishing a connection (main or aggressive). If you select the aggressive mode, then the device establishes the tunnel faster, but the encryption is permanently set to 3DES-MD5. We recommend that you not use the aggressive mode due to lower security!
Specifies the means by which the device selects the algorithm:
auto - The encryption and hash algorithm are selected automatically. manual - The encryption and hash algorithm are defined by the user. IKE Encryption IKE Hash Encryption algorithm - 3DES, AES128, AES192, AES256. Hash algorithm - MD5, SHA1, SHA256, SHA384 or SHA512. WISE-6610 Series User Manual 37 Item IKE DH Group ESP Algorithm ESP Encryption ESP Hash PFS PFS DH Group Key Lifetime IKE Lifetime Rekey Margin Rekey Fuzz DPD Delay DPD Timeout Authenticate Mode Pre-shared Key CA Certificate Remote Certificate Local Certificate Local Private Key Local Passphrase Debug Description Specifies the Diffie-Hellman groups which determine the strength of the key used in the key exchange process. Higher group numbers are more secure, but require more time to compute the key. Specifies the means by which the device selects the algorithm:
auto - The encryption and hash algorithm are selected automatically. manual - The encryption and hash algorithm are defined by the user. Encryption algorithm - DES, 3DES, AES128, AES192, AES256. Hash algorithm - MD5, SHA1, SHA256, SHA384 or SHA512. Enables/disables the Perfect Forward Secrecy function. The function ensures that derived session keys are not compromised if one of the private keys is compromised in the future. Specifies the Diffie-Hellman group number (see IKE DH Group). Lifetime key data part of tunnel. The minimum value of this parameter is 60 s. The maximum value is 86400 s. Lifetime key service part of tunnel. The minimum value of this parameter is 60 s. The maximum value is 86400 s. Specifies how long before a connection expires that the device attempts to negotiate a replacement. Specify a maximum value that is less than half of IKE and Key Lifetime parameters. Percentage of time for the Rekey Margin extension. Time after which the tunnel functionality is tested. The period during which device waits for a response. Specifies the means by which the device authenticates:
Pre-shared key - Sets the shared key for both sides of the tunnel. X.509 Certificate - Allows X.509 authentication in multiclient mode. Specifies the shared key for both sides of the tunnel. The prerequisite for entering a key is that you select pre-shared key as the authentication mode. Certificate for X.509 authentication. Certificate for X.509 authentication. Certificate for X.509 authentication. Private key for X.509 authentication. Passphrase used during private key generation. Choose the level of verbosity to System Log. Silent (default), audit, control, control-more, raw, private (most verbose including the private keys). See strongSwan documentation for more details. The function supports the following types of identifiers (ID) for both sides of the tunnel, Remote ID and Local ID parameters:
IP address (for example, 192.168.1.1) DN (for example, C=CZ, O=CompanyName, OU=TP, CN=A) FQDN (for example, @director.companyname.cz) - the @ symbol proceeds the FQDN. User FQDN (for example, director@companyname.cz) The certificates and private keys have to be in the PEM format. Use only certificates containing start and stop tags. The random time, after which the device re-exchanges new keys is defined as follows:
38 WISE-6610 Series User Manual Lifetime - (Rekey margin + random value in range (from 0 to Rekey margin *
Rekey Fuzz/100)) The default exchange of keys is in the following time range:
Minimal time: 1h - (9m + 9m) = 42m Maximal time: 1h - (9m + 0m) = 51m We recommend that you maintain the default settings. When you set key exchange times higher, the tunnel produces lower operating costs, but the setting also provides less security. Conversely, when you reducing the time, the tunnel produces higher operating costs, but provides for higher security. The changes in settings will apply after clicking the Apply button. Example: Tunnel Configuration in IPv4 Network Figure 3.26 Topology of Configuration Example tunnel configuration:
Configuration Host IP Mode Remote IP Address Tunnel IP Mode Remote Subnet Remote Subnet Mask Local Subnet Local Subnet Mask Authenticate mode Pre-shared key Examples of different options for configuration and authentication of tunnel can be found in the application note Tunnel [6]. A IPv4 10.0.0.2 IPv4 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 pre-shared key test B IPv4 10.0.0.1 IPv4 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 pre-shared key test 3.4.5 GRE Note! GRE is an unencrypted protocol. GRE via IPv6 is not supported. To open the GRE Tunnel Configuration page, click GRE in the Configuration section of the main menu. The GRE tunnel function allows you to create an unencrypted WISE-6610 Series User Manual 39 connection between two separate LAN networks. The device allows you to create four GRE tunnels. To access this page, click Configuration > GRE. Figure 3.27 Configuration > GRE > 1st Tunnel Item Description Remote IP Address Remote Subnet Remote Subnet Mask Local Interface IP Address Remote Interface IP Address Multicasts Pre-shared Key Description Description of the GRE tunnel. IP address of the remote side of the tunnel. IP address of the network behind the remote side of the tunnel. Specifies the mask of the network behind the remote side of the tunnel. IP address of the local side of the tunnel. IP address of the remote side of the tunnel. Activates/deactivates sending multicast into the GRE tunnel:
disabled - Sending multicast into the tunnel is inactive. enabled - Sending multicast into the tunnel is active. Specifies an optional value for the 32 bit shared key in numeric format, with this key the device sends the filtered data through the tunnel. Specify the same key on both devices, otherwise the device drops received packets. Note!
The GRE tunnel does not pass through NAT. The changes in settings will apply after pressing the Apply button. 40 WISE-6610 Series User Manual Example: GRE Tunnel Configuration Figure 3.28 Topology of GRE Tunnel Configuration Example GRE tunnel configuration:
Configuration Remote IP Address Remote Subnet Remote Subnet Mask Examples of different options for configuration of GRE tunnel can be found in the application note GRE Tunnel [7]. B 10.0.0.1 192.168.1.0 255.255.255.0 A 10.0.0.2 192.168.2.0 255.255.255.0 3.4.6 L2TP Note!
L2TP is an unencrypted protocol. L2TP via IPv6 is not supported. To open the L2TP Tunnel Configuration page, click L2TP in the Configuration section of the main menu. The L2TP tunnel function allows you to create a password protected connection between 2 LAN networks. The device activates the tunnels after you mark the Create L2TP tunnel check box. WISE-6610 Series User Manual 41 To access this page, click Configuration > L2TP. Figure 3.29 Configuration > L2TP Item Mode Description Specifies the L2TP tunnel mode on the device side:
L2TP server - Specify an IP address range offered by the server. L2TP client - Specify the IP address of the server. IP address of the server. IP address to start with in the address range. The range is offered by the server to the clients. The last IP address in the address range. The range is offered by the server to the clients. IP address of the local side of the tunnel. IP address of the remote side of the tunnel. Address of the network behind the remote side of the tunnel. The mask of the network behind the remote side of the tunnel. Username for the L2TP tunnel login. Password for the L2TP tunnel login. Server IP Address Client Start IP Address Client End IP Address Local IP Address Remote IP Address Remote Subnet Remote Subnet Mask Username Password Example: L2TP Tunnel Configuration Figure 3.30 Topology of L2TP Tunnel Configuration Example 42 WISE-6610 Series User Manual Configuration of the L2TP tunnel:
Configuration Mode Server IP Address Client Start IP Address Client End IP Address Local IP Address Remote IP Address Remote Subnet Remote Subnet Mask Username Password 3.4.7 PPTP A L2TP Server N/A 192.168.2.5 192.168.2.254 192.168.1.1 N/A 192.168.2.0 255.255.255.0 username password B L2TP Client 10.0.0.1 N/A N/A N/A N/A 192.168.1.0 255.255.255.0 username password Note!
PPTP is an unencrypted protocol. PPTP via IPv6 is not supported. Select the PPTP item in the menu to configure a PPTP tunnel. PPTP tunnel allows password protected connections between two LANs. It is similar to L2TP. The tunnels are active after selecting Create PPTP tunnel. To access this page, click Configuration > PPTP. Figure 3.31 Configuration > PPTP Item Mode Server IP Address Local IP Address Remote IP Address Remote Subnet Remote Subnet Mask Description Specifies the L2TP tunnel mode on the device side:
PPTP server - Specify an IP address range offered by the server. PPTP client - Specify the IP address of the server. IP address of the server. IP address of the local side of the tunnel. IP address of the remote side of the tunnel. Address of the network behind the remote side of the tunnel. The mask of the network behind the remote side of the tunnel. WISE-6610 Series User Manual 43 Description Username for the PPTP tunnel login. Password for the PPTP tunnel login. Item Username Password The changes in settings will apply after pressing the Apply button. The firmware also supports PPTP pass through, which means that it is possible to create a tunnel through the device. Example: PPTP Tunnel Configuration Figure 3.32 Topology of PPTP Tunnel Configuration Example Configuration of the PPTP tunnel:
Configuration Mode Server IP Address Local IP Address Remote IP Address Remote Subnet Remote Subnet Mask Username Password 3.4.8 Services 3.4.8.1 DynDNS A PPTP Server N/A 192.168.1.1 192.168.2.1 192.168.2.0 255.255.255.0 username password B PPTP Client 10.0.0.1 N/A N/A 192.168.1.0 255.255.255.0 username password The DynDNS function allows you to access the device remotely using an easy to remember custom hostname. This DynDNS client monitors the IP address of the device and updates the address whenever it changes. In order for DynDNS to function, you require a public IP address, either static or dynamic, and an active Remote Access service account at www.dyndns.org. Register the custom domain
(third-level) and account information specified in the configuration form. You can use other services, too - see the table below, Server item. To open the DynDNS Configuration page, click DynDNS in the main menu. 44 WISE-6610 Series User Manual
1 2 | Users Manual Part 2 rev | Users Manual | 2.23 MiB | December 18 2018 / June 16 2019 |
To access this page, click Configuration > Services > DynDNS. Item Hostname Username Password IP Mode Server Figure 3.33 Configuration > Services > DynDNS Description The third order domain registered on the www.dyndns.org server. Username for logging into the DynDNS server. Password for logging into the DynDNS server. Specifies a DynDNS service other than the www.dyndns.org. Possible other services: www.spdns.de, www.dnsdynamic.org, www.noip.com. Enter the update server service information in this field. If you leave this field blank, the default server members.dyndns.org will be used. Specifies the version of IP protocol:
IPv4 - IPv4 protocol is used only (default). IPv6 - IPv6 protocol is used only. IPv4/IPv6 - IPv4 and IPv6 dual stack is enabled. Example: DynDNS client configuration with the domain company.dyndns.org:
Figure 3.34 DynDNS Configuration Example WISE-6610 Series User Manual 45 3.4.8.2 HTTP To access this page, click Configuration > Services > HTTP. Figure 3.35 Configuration > Services > HTTP Item Enable HTTP service Click the check box to set up Ethernet encapsulation (remote access) Description through HTTP function. Click the check box to set up Ethernet encapsulation over HTTPS. Enter the variable in minutes to define the timeout period for the session. Click Apply to save the values. Enable HTTPS service Session Timeout Apply 3.4.8.3 NTP The NTP configuration form allows you to configure the NTP client. To open the NTP page, click NTP in the Configuration section of the main menu. NTP (Network Time Protocol) allows you to periodically set the internal clock of the device. The time is set from servers that provide the exact time to network devices. IPv6 Time Servers are supported. If you mark the Enable local NTP service check box, then the device acts as a NTP server for other devices in the local network (LAN). If you mark the Synchronize clock with NTP server check box, then the device acts as a NTP client. This means that the device automatically adjusts the internal clock every 24 hours. To access this page, click Configuration > Services > NTP. Figure 3.36 Configuration > Services > NTP Description IPv4 address, IPv6 address or domain name of primary NTP server. IPv4 address, IPv6 address or domain name of secondary NTP server. Specifies the time zone where you installed the device. Item Primary NTP Server Secondary NTP Server Timezone Daylight Saving Time Activates/deactivates the DST shift. No - The time shift is inactive. Yes - The time shift is active. 46 WISE-6610 Series User Manual The figure below displays an example of a NTP configuration with the primary server set to ntp.cesnet.cz and the secondary server set to tik.cesnet.cz and with the automatic change for daylight saving time enabled. Figure 3.37 Example of NTP Configuration 3.4.8.4 SNMP The SNMP page allows you to configure the SNMP v1/v2 or v3 agent which sends information about the device (and its expansion ports) to a management station. To open the SNMP page, click SNMP in the Configuration section of the main menu. SNMP (Simple Network Management Protocol) provides status information about the network elements such as devices or endpoint computers. In the version v3, the communication is secured (encrypted). To enable the SNMP service, mark the Enable the SNMP agent check box. Sending SNMP traps to IPv6 address is supported. To access this page, click Configuration > Services > SNMP. Figure 3.38 Configuration > Services > SNMP Item Name Description Designation of the device. WISE-6610 Series User Manual 47 Item Location Contact Description Location of where you installed the device. Person who manages the device together with information how to contact this person. To enable the SNMPv1/v2 function, mark the Enable SNMPv1/v2 access check box. It is also necessary to specify a password for access to the Community SNMP agent. The default setting is public. You can define a different password for the Read community (read only) and the Write community (read and write) for SNMPv1/v2. You can also define 2 SNMP users for SNMPv3. You can define a user as read only (Read), and another as read and write (Write). The device allows you to configure the parameters in the following table for every user separately. The device uses the parameters for SNMP access only. To enable the SNMPv3 function, mark the Enable SNMPv3 access check box, then specify the following parameters:
Item Username Authentication Authentication Password Privacy Description User name Encryption algorithm on the Authentication Protocol that is used to verify the identity of the users. Password used to generate the key used for authentication. Encryption algorithm on the Privacy Protocol that is used to ensure confidentiality of data. Password for encryption on the Privacy Protocol. Privacy Password Activating the Enable I/O extension function allows you monitor the binary I/O inputs on the device. Selecting Enable M-BUS extension and entering the Baudrate, Parity and Stop Bits lets you monitor the meter status connected to the expansion port MBUS status. Selecting Enable reporting to supervisory system and entering the IP Address and Period lets you send statistical information to the monitoring system, R-SeeNet. Description IPv4 or IPv6 address. Period of sending statistical information (in minutes). Item IP Address Period Each monitored value is uniquely identified using a numerical identifier OID - Object Identifier. This identifier consists of a progression of numbers separated by a point. The shape of each OID is determined by the identifier value of the parent element and then this value is complemented by a point and current number. So it is obvious 48 WISE-6610 Series User Manual that there is a tree structure. The following figure displays the basic tree structure that is used for creating the OIDs. Figure 3.39 OID Basic Structure The SNMP values that are specific for Conel devices create the tree starting at OID =
.1.3.6.1.4.1.30140. You interpret the OID in the following manner:
iso.org.dod.internet.private.enterprises.conel This means that the device provides for example, information about the internal temperature (OID 1.3.6.1.4.1.248.40.1.3.3) or about the power voltage (OID 1.3.6.1.4.1.248.40.1.3.4). For binary inputs and output, the following range of OID is used:
OID
.1.3.6.1.4.1.30140.2.3.1.0
.1.3.6.1.4.1.30140.2.3.2.0
.1.3.6.1.4.1.30140.2.3.3.0 Description Binary input BIN0 (values 0,1) Binary output OUT0 (values 0,1) Binary input BIN1 (values 0,1) WISE-6610 Series User Manual 49 The list of available and supported OIDs and other details can be found in the application note SNMP Object Identifier [8]. Figure 3.40 SNMP Configuration Example Figure 3.41 MIB Browser Example In order to access a particular device enter the IP address of the SNMP agent which is the device, in the Remote SNMP agent field. The dialog displayed the internal variables in the MIB tree after entering the IP address. Furthermore, you can find the status of the internal variables by entering their OID. 50 WISE-6610 Series User Manual The path to the objects is:
iso ? org ? dod ? internet ? private ? enterprises ? conel ? protocols The path to information about the device is:
iso ? org ? dod ? internet ? mgmt ? mib-2 ? system 3.4.8.5 SMTP Use the SMTP form to configure the Simple Mail Transfer Protocol client (SMTP) for sending e-mails. IPv6 e-mail servers are supported. To access this page, click Configuration > Services > SMTP. Figure 3.42 Configuration > Services > SMTP Item SMTP Server Address SMTP Port Secure Method Username Password Description IPv4 address, IPv6 address or domain name of the mail server. Port the SMTP server is listening on. None, SSL/TLS, or STARTTLS. Secure method has to be supported by the SMTP server. Name for the e-mail account. Password for the e-mail account. The password can contain the following special characters * + , - . / : = ? ! # % [ ] _ { } ~
The following special characters are not allowed: " $ & ' ( ) ; < >
Own Email Address Address of the sender. The mobile service provider can block other SMTP servers, then you can only use the SMTP server of the service provider. Figure 3.43 SMTP Client Configuration Example You can send e-mails from the Startup script. The Startup Script dialog is located in Scripts in the Configuration section of the main menu. The device also allows you to send e-mails using an SSH connection. Use the email command with the following parameters:
-t: e-mail address of the receiver
-s: subject, enter the subject in quotation marks
-m: message, enter the subject in quotation marks
-a: attachment file WISE-6610 Series User Manual 51
-r: number of attempts to send e-mail (default setting: 2) Note!
Commands and parameters can be entered only in lowercase. Example: Sending an e-mail:
email -t john@doe.com -s "System Log" -m "Attached" -a /var/log/messages The command above sends an e-mail to address john@doe.com with the subject
"System Log", body message "Attached" and attachment messages file with System Log of the device directly from the directory /var/log/. 3.4.8.6 SSH To access this page, click Configuration > Services > SSH. Figure 3.44 Configuration > Services > SSH Item Enable SSH service Click the check box to set up Ethernet encapsulation (remote access) Description through the Secure Shell (SSH) function. Enter the variable in minutes to define the timeout period for the session. Click Apply to save the values. Session Timeout Apply 3.4.9 Scripts There is possibility to create your own shell scripts executed in the specific situations. Go to the Scripts page in the Configuration section in the menu. The menu item will expand and there are Startup Script, Up/Down IPv4 and Up/Down IPv6 scripts you can use - there is IPv4 and IPv6 independent dual stack. For more examples of Scripts and possible commands see the Application Note Commands and Scripts [1]. To access this page, click Configuration > Scripts. 3.4.9.1 Startup Script Use the Startup Script window to create your own scripts which will be executed after all of the initialization scripts are run - right after the device is turned on or rebooted. The changes in settings will apply after pressing the Apply button. To access this page, click Configuration > Scripts > Startup Script. Note!
Any changes to the Startup Script will take effect the next time the device is power cycled or rebooted. This can be done with the Reboot button in the Administration section, or by SMS message. 52 WISE-6610 Series User Manual Example: Startup Script Figure 3.45 Example of a Startup Script When the device starts up, stop syslogd program and start syslogd with remote logging on address 192.168.2.115 and limited to 100 entries. Add these lines to the Startup Script:
killall syslogd syslogd -R 192.168.2.115 -S 100 3.4.9.2 Up/Down Scripts Use the Up/Down IPv4 and Up/Down IPv6 page to create scripts executed when the Mobile WAN connection is established (up) or lost (down). There is independent IPv4 and IPv6 dual stack implemented in the device, so there is independent IPv4 and IPv6 Up/Down script. IPv4 Up/Down Script runs only on the IPv4 WAN connection established/lost, IPv6 Up/Down Script runs only on the IPv6 WAN connection established/lost. Any scripts entered into the Up Script window will run after a WAN connection is established. Script commands entered into the Down Script window will run when the WAN connection is lost. The changes in settings will apply after pressing the Apply button. Also you need to reboot the device to make Up/Down Script work. To access this page, click Configuration > Scripts > Up/Down IPv4 or Up/Down IPv6. WISE-6610 Series User Manual 53 Example: IPv6 Up/Down Script Figure 3.46 Example of IPv6 Up/Down Script After establishing or losing an IPv6 WAN connection (connection to mobile network), the device sends an email with information about the connection state. It is necessary to configure SMTP before. Add this line to the Up Script field:
email -t name@domain.com -s "Router" -m "Connection up."
Add this line to the Down Script field:
email -t name@domain.com -s "Router" -m "Connection down."
3.4.10 Automatic Update Use the Automatic Update menu to configure the automatic update settings. The device can be configured to automatically check for firmware and configuration updates from a HTTP(S) or FTP(S) server. IPv6 sites/servers are supported. Used protocol is specified by an address in Base URL field: HTTP, HTTPS, FTP or FTPS. To prevent possible unwanted manipulation of the files, the device verifies that the downloaded file is in the tar.gz format. At first, the format of the downloaded file is checked. Then the type of architecture and each file in the archive (tar.gz file) is checked. If the Enable automatic update of configuration option is selected, the device will check if there is a configuration file on the remote server, and if the configuration in the file is different than its current configuration, it will update its configuration to the new settings and reboot. If the Enable automatic update of firmware option is checked, the device will look for a new firmware file and update its firmware if necessary. 54 WISE-6610 Series User Manual To access this page, click Configuration > Automatic Update. Item Base URL Unit ID Update Hour Figure 3.47 Configuration > Automatic Update Description Base URL, IPv4 or IPv6 address from which the configuration file will be downloaded. This option also specifies the communication protocol
(HTTP, HTTPS, FTP or FTPS), see examples below. Name of configuration (name of the file without extension). If the Unit ID is not filled, the MAC address of the device is used as the filename
(the delimiter colon is used instead of a dot.) Use this item to set the hour (range 1-24) when the automatic update will be performed every day. If the time is not specified, automatic update is performed five minutes after turning on the device and then every 24 hours. If the detected configuration file is different from the running one, it is downloaded and the device is restarted automatically. The configuration file name consists of Base URL, hardware MAC address of ETH0 interface and cfg extension. Hardware MAC address and cfg extension are added to the file name automatically and it isn't necessary to enter them. When the parameter Unit ID is enabled, it defines the concrete configuration name which will be downloaded to the device, and the hardware MAC address in the configuration name will not be used. The firmware file name consists of Base URL, type of device and bin extension. For the proper firmware filename, see the Update Firmware page in Administration section - it us written out there. See Update Firmware on page 66. Note!
Note!
It is necessary to load two files (.bin and .ver) to the HTTP/FTP server. If only the .bin file is uploaded and the HTTP server sends the incorrect answer of 200 OK (instead of the expected 404 Not Found) when the device tries to download the nonexistent .ver file, then there is a risk that the device will download the .bin file over and over again. Firmware update can cause incompatibility with the user modules. It is recommended that you update user modules to the most recent version. Information about the user modules and the firmware compatibility is at the beginning of the user module's Application Note. WISE-6610 Series User Manual 55 Example 1: Automatic Update In the following example the device checks for new firmware or configuration file each day at 1:00 a.m. An example is given for the WISE-6610 Series device. Firmware file: http://example.com/SPECTRE-v3L-LTE.bin Configuration file:http://example.com/test.cfg Figure 3.48 Example of Automatic Update 1 Example 2: Automatic Update Based on MAC In the following example the device checks for new firmware or configuration each day at 1:00 a.m. An example is given for the WISE-6610 Series device with MAC address 00:11:22:33:44:55. Firmware file: http://example.com/SPECTRE-v3L-LTE.bin Configuration file: http://example.com/00.11.22.33.44.55.cfg Figure 3.49 Example of Automatic Update 2 3.5 Customization 3.5.1 Adding a Module You may run custom software programs in the device to enhance the features of the device. Use the User Modules menu item to add new software modules to the device, to remove them, or to change their configuration. Use the Browse button to select the user module (compiled module has tgz extension). Use the Add button to add a user module. To access this page, click User Modules (located under Customization). The new module appears in the list of modules on the same page. If the module contains an index.html or index.cgi page, the module name serves as a link to this page. The module can be deleted using the Delete button. Updating a module is done the same way. Click the Add button and the module with the higher (newer) version will replace the existing module. 56 WISE-6610 Series User Manual Programming and compiling of modules is described in the Application Note Programming of User Modules [10]. Figure 3.50 User Modules Item MODBUS TCP2RTU Provides a conversion of MODBUS TCP/IP protocol to MDBUS RTU Description Easy VPN client protocol, which can be operated on the serial line. Provides secure connection of LAN network behind our device with LAN network behind CISCO device. Enables TCP and UDP scan. Enables daily reboot of the device at the specified time. NMAP Daily Reboot HTTP Authentication Adds the process of authentication to a server that doesn't provide this service. HTTP Authentication Adds support of dynamic protocols. PIM SM WMBUS Concentrator pduSMS Pinger Adds support of multicast routing protocol PIM-SM. Enable the reception of messages from WMBUS meters and saves contents of these messages to an XML file. Sends short messages (SMS) to specified number. Allows you to manually or automatically verify the functionality of the connection between two network interfaces (ping). Adds support of IS-IS protocol. IS-IS Note!
In some cases the firmware update can cause incompatibility with installed user modules. Some of them are dependent on the version of the Linux kernel (for example SmsBE and PoS Configuration). It is best to update user modules to the most recent version. Information about the user module and the firmware compatibility is at the beginning of the user module's Application Note. WISE-6610 Series User Manual 57 3.5.1.1 MQTT and LoRaWAN To access the gateway configuration page, navigate to Customization and click User Modules > LoRaWAN Gateway > MQTT and LoRaWAN. Figure 3.51 User Modules > LoRaWAN Gateway > MQTT and LoRaWAN Description Item LoRaWAN Radio Setting Model Name LoRaWAN Radio Enable Radio 0 Main Frequency(KHz) Radio 1 Main Frequency(KHz) Quick Setup LoRaWAN Gateway Setting LoRaWAN Gateway Identifier Backup Enable Backup Database Interval LoRaWAN Network Server Setting LoRaWAN Network Server Enable LoRaWAN Server Listen Port LoRaWAN Network Server HTTP Port LoRaWAN Network Server HTTPS Port Enter the model name. Click the drop-down menu to enable the radio channel and corresponding settings. Enter the frequency setting for the interface. Enter the frequency setting for the interface. Click to enter the Quick Setup menu enabling the selection of pre-
configured region-specific, radio frequency settings. Displays the gateway identifier for the remote LoRa network server. Click the drop-down menu to enable (default: Off) the LoRaWAN backup feature. Set the backup frequency, setting: 5 to 60 minutes. Click the drop-down menu to disable the LoRaWAN network server
(default: On). Enter a variable (1 to 65535) to designate the listening port. Enter a variable (1 to 65535) to designate the HTTP port. Enter a variable (1 to 65535) to designate the HTTPS port. 58 WISE-6610 Series User Manual Description Enter an identifier used to access the Web user interface for the LoRaWAN network server. Enter the corresponding password to the set LoRaWAN Web username. Click the drop-down menu to enable the HTTPS service (default: Off). Item LoRaWAN Web Username LoRaWAN Web Password LoRaWAN Network Server HTTPS Enable Update Database Download Database Click to upload the current server database. In the ensuing screen, Click to upload an existing server database. Factory Reset click Download to save the database to a local drive. Click to reset the current server database. In the ensuing screen, click to reset the database to its factory default. MQTT Broker MQTT Broker Enable Click the drop-down menu to enable or disable local MQTT broker. MQTT Broker Port MQTT Bridge MQTT Bridge Enable Click the drop-down menu to enable or disable bridging to a remote Enter a value to specify the port of MQTT broker (default: 1883). MQTT broker. Enter a value to specify the port of MQTT bridge (default: 1883). Enter a value to specify the bridge address of the MQTT bridge. Enter the name of the MQTT bridge user. Enter the character set for the define password type.u MQTT Bridge Port MQTT Bridge Address MQTT Bridge User MQTT Bridge Password With MQTT and LoRa configured, pair and modify the node settings, MQTT Bridge Client see Node Control. Identifier Advantech Application Server Setting Application Server Enable Application Server Connect MQTT Address Application Server Connect MQTT Port MQTT User MQTT Password Uplink Topic Click the drop-down menu to enable the local Application server
(default: Off). Enter the private network address to allow bidirectional sending and receiving of messages. Enter a port designation to associate with the previously defined network address. Enter an identifier used to access the remote MQTT broker. Enter the password associated with the MQTT user listed previously. Enter a string identifier to describe the MQTT broker, uplink, subscription topic. Enter a string identifier to describe the MQTT broker, downlink, subscription topic. Click Save to save the values. Click Restore to restore the values. Save Restore With MQTT and LoRa configured, pair and modify the node settings, see Node Control. Downlink Topic 3.5.1.2 Licenses To download the LoRa license, click the Licenses on the Router menu. WISE-6610 Series User Manual 59 3.5.1.3 LoRaWAN Status The LoRaWAN Status menu displays specific information pertaining to the basic and channel settings of the LoRaWAN Gateway. To access the page use the following guidelines:
1. 2. 3. From the LoRaWAN router, Customization menu, click User Modules. In User Modules, click the LoRaWAN Gateway link. The LoRaWAN Gateway Settings menu displays. Under Router menu, click LoRaWAN Status. The LoRaWAN Gateway Settings menu displays listing Basic, Channel, and Live Up Stream status information. Figure 3.52 User Modules > LoRaWAN Gateway > LoRaWAN Status 60 WISE-6610 Series User Manual 3.5.1.4 LoRaWAN Server The LoRaWan Server is a ready-to-use solution, which includes a web-based user interface, providing the components needed to build networks. To access this page, click User Modules > LoRaWAN Gateway > LoRaWAN Server. Figure 3.53 User Modules > LoRaWAN Gateway > LoRaWAN Server WISE-6610 Series User Manual 61 3.5.1.5 LoRaWAN Server (https) Enable the LoRaWAN Network Server HTTPS Enable function under MQTT and LoRaWAN to access the website through https. To access this page, click User Modules > LoRaWAN Gateway > LoRaWAN Server (https). Figure 3.54 User Modules > LoRaWAN Gateway > LoRaWAN Server (https) 3.5.1.6 Advantech Application To access this page, click User Modules > LoRaWAN Gateway > Advantech Application. For more details, see Changing the Raw LoRa Data Format on page 86. Figure 3.55 User Modules > LoRaWAN Gateway > Advantech Application 3.5.1.7 Return to Router The main menu is accessible through the Return to Router function. To return the WISE-6610 Series to the main menu, click Customization > User Modules >
LoRaWAN Gateway > Return to Router. 62 WISE-6610 Series User Manual 3.6 Administration 3.6.1 Users Note!
This configuration function is only available for users assigned the admin role!
To assign roles and manage user accounts open the Users form in the Administration section of the main menu. The first frame of this configuration form contains an overview of available users. The table below describes the meaning of the buttons in this frame. To access this page, click Administration > Users. Figure 3.56 Administration > Users Item Lock Change Password Delete Description Locks the user account. This user is not allowed to log in to the device, neither web interface nor SSH. Allows you to change the password for the corresponding user. Deletes the corresponding user account. Warning!
If you lock every account with the permission role Admin, you can not unlock these accounts. This also means that the Users dialog is unavailable for every user, because every admin account is locked and the users do not have sufficient permissions. The second block contains configuration form which allows you to add new user. All items are described in the table below. Item Role Username Password Confirm Password Description Specifies the type of user account:
User: User with basic permissions. Admin: User with full permissions. Specifies the name of the user allowed to log in the device. Specifies the password for the corresponding user. Confirms the password you specified above. Note! Ordinary users are not able to access device via Telnet, SSH or SFTP. Read only FTP access is allowed for these users. WISE-6610 Series User Manual 63 3.6.2 Change Profile In addition to the standard profile, up to three alternate device configurations or profiles can be stored in device's non-volatile memory. You can save the current configuration to a device profile through the Change Profile menu item. Select the alternate profile to store the settings to and ensure that the Copy settings from current profile to selected profile box is checked. The current settings will be stored in the alternate profile after the Apply button is pressed. Any changes will take effect after restarting device through the Reboot menu in the web administrator or using an SMS message. To access this page, click Administration > Change Profile. Example: Using Profiles Profiles can be used to switch between different modes of operation of the device such as PPP connection, VPN tunnels, etc. It is then possible to switch between these settings using the front panel binary input, an SMS message, or Web interface of the device. Figure 3.57 Administration > Change Profile 3.6.3 Change Password Use the Change Password configuration form in the Administration section of the main menu for changing your password used to log on the device. Enter the new password in the New Password field, confirm the password using the Confirm Password field, and press the Apply button. To access this page, click Administration > Change Password. Warning! The default password of the device is root for the root user. To maintain the security of your network change the default password. You can not enable remote access to the device for example, in NAT, until you change the password. Figure 3.58 Administration > Change Password 64 WISE-6610 Series User Manual 3.6.4 Set Real Time Clock You can set the internal clock directly using the Set Real Time Clock dialog in the Administration section of in the main menu. You can set the Date and Time manually. When entering the values manually use the format yyyy-mm-dd as seen in the figure below. You can also adjust the clock using the specified NTP server. IPv4, IPv6 address or domain name is supported. After you enter the appropriate values, click the Apply button. To access this page, click Administration > Set Real Time Clock. Figure 3.59 Administration > Set Real Time Clock 3.6.5 Backup Configuration You can save the configuration of the device using the Backup Configuration function. If you click on Backup Configuration in the Administration section of the main menu, then the device allows you to select a directory in which the device saves the configuration file. 3.6.6 Restore Configuration You can restore a configuration of the device using the Restore Configuration form. To navigate to the directory containing the configuration file (.cfg) you wish to load on the device, use the Browse button. To access this page, click Administration > Restore Configuration. Figure 3.60 Administration > Restore Configuration WISE-6610 Series User Manual 65 3.6.7 Update Firmware Select the Update Firmware menu item to view the current device firmware version and load new firmware into the device. There is current firmware version and firmware filename written out. When loading the new firmware, it has to have this name. To load new firmware, browse to the new firmware file and press the Update button to begin the update. Warning! Do not turn off the device during the firmware update. The firmware update can take up to five minutes to complete. Always use the filename written out as Firmware Name when updating the firmware. To access this page, click Administration > Update Firmware. Figure 3.61 Administration > Update Firmware During the firmware update, the device will show the following messages. The progress is shown in the form of adding dots ('.'). After the firmware update, the device will automatically reboot. Note!
Uploading firmware intended for a different device can cause damage to the device. Starting with FW 5.1.0, a mechanism to prevent multiple startups of the firmware update is included. Firmware update can cause incompatibility with the user modules. It is recommended to update user modules to the most recent version. Information about user module and firmware compatibility is at the beginning of the user module's Application Note. 66 WISE-6610 Series User Manual 3.6.8 Reboot To reboot the device select the Reboot menu item and then press the Reboot button. To access this page, click Administration > Reboot. Figure 3.62 Administration > Reboot WISE-6610 Series User Manual 67 Chapter 4 4Configuration in Typical Situations 4.1 Enabling the LoRaWAN and Network Server Login WISE-6610 Series. See Access Interface on page 14. 1. 2. Go to Customization > User Modules. 3. A list of available devices display. Click on the target LoRaWAN Gateway. Figure 4.1 Customization > User Modules 4. The Settings menu displays. In LoRaWAN Radio Enable, click the drop-down menu to enable LoRaWAN function. 5. Configure the main frequency for radio 0 and radio 1. For radio 1, there are eight channels and one standard channel. Note!
The offset setting for the eight channels must be +/-500KHz. 1. 2. Use Quick Setup to define the main frequency for receiving the data from the LoRaWAN node. 3. In LoRaWAN Gateway Identifier, copy the gateway ID and set on LoRaWAN network server. Figure 4.2 LoRaWAN Gateway > MQTT and LoRaWAN WISE-6610 Series User Manual 69 4. 5. In LoRaWAN Network Server Setting, click the drop-down menu to enable LoRaWAN network server. In MQTT Broker Enable, click the drop-down menu to enable MQTT broker. Figure 4.3 LoRaWAN Gateway > MQTT and LoRaWAN 6. Click Save to save the configuration. 70 WISE-6610 Series User Manual 7. Click LoRaWAN Server and enter the default user name and password (root/
root) to log into the LoRaWAN Network Server page. Note!
The LoRaWAN Network Server does not support IE or EDGE browser. Figure 4.4 LoRaWAN Gateway > LoRaWAN Server 8. Click Infrastructure > Gateways to enter the Gateways List page. 9. Click Create to add a new gateway. Figure 4.5 LoRaWAN Server > Infrastructure > Gateways WISE-6610 Series User Manual 71 10. In the Create new gateway page, configure the new gateway settings. Input the MAC which is the LoRaWAN gateway ID shows on the LoRaWAN setting Page. Figure 4.6 LoRaWAN Server > Infrastructure > Gateways > Create Item MAC Group TX Chain Description Enter the LoRaWAN gateway ID shown on MQTT and LoRaWAN menu. Enter the opaque string with application-specific settings. Enter a value to identify the radio chain used for downlinks (default:
0). It shall correspond to a radio_x (e.g. radio_0) with tx_enable: true in gateway's global_conf.json. Enter a value to ensure the TX Power + Antenna Gain is below the maximal allowed Equivalent Isotropic Radiated Power (EIRP) for the given Network. Enter the description for the gateway. Description Click Submit to save the values and update the screen. Submit 11. Click Infrastructure > Networks to enter the Networks List page. Antenna Gain (dBi) By default, the WISE-6610 Series pre-configures the network to support EU868, AU915, AS923 and US902. Figure 4.7 LoRaWAN Server > Infrastructure > Networks 72 WISE-6610 Series User Manual 12. Click Create to create your own network frequency. Figure 4.8 LoRaWAN Server > Infrastructure > Network > Create > General Item Name NetID SubID Region Coding Rate RX1 Join Delay (s) RX2 Join Delay (s) RX1 Delay (s) RX2 Delay (s) Gateway Power
(dBm) Submit Description Enter the name of the network. Enter the NetID of the network. Use 000000 or 000001 for private networks. Enter the SubID of the network in the format of HexValue:Length which specifies the fixed bits in the DevAddr of the active node.
(optional) Enter a value to determine the regional characteristics of LoRaWAN. Enter a value to define the coding rate. It is regularly set on 4/5. Enter a value to define the JOIN_ACCEPT_DELAY1. Enter a value to define the JOIN_ACCEPT_DELAY2. Enter a value to define the RECEIVE_DELAY1. Enter a value to define the RECEIVE_DELAY2. Enter a value to define the default transmission power for downlinks. Click Submit to save the values and update the screen. In the General tab, follow the table below when configuring a new network:
Parameter Coding Rate 4/5 RX1 Join Delay(s) 5 EU868 US902 CN779 EU433 AU915 CN580 AS923 KR920 IN865 4/5 5 4/5 5 4/5 5 4/5 5 4/5 5 4/5 5 4/5 5 4/5 5 RU864 4/5 5 WISE-6610 Series User Manual 73 EU868 US902 CN779 EU433 AU915 CN580 AS923 KR920 IN865 6 6 6 6 6 6 6 6 6 1 2 16 16 1 2 26 30 1 2 12 1 2 12 12.15 12.15 1 2 30 30 1 2 19 19.15 1 2 16 16 1 2 23 14 1 2 30 30 RU864 6 1 2 16 16 Parameter RX2 Join Delay(s) RX1 Delays RX2 Delays Gateway Power Max EIRP
(dBm) Max Power Min Power Max Max -
14 dB SF7 125 kHz 0 Max Max -
20 dB SF8 500 kHz 0 Max Max -
10 dB SF7 125 kHz 0 Max Max -
10 dB SF7 125 kHz 0 Max Max -
20 dB SF8 500 kHz 0 Max Max -
14 dB SF7 125 kHz 0 Max Max -
14 dB SF7 125 kHz 0 Max Max -
14 dB SF7 125 kHz 0 Max Data Rate Initial RX1 DR Offset Initial RX2 DR Initial RX2 Freq (MHz) Initial Channels 13. Click the ADR tab to configure the ADR settings for a specified parameter. SF12 125 kHz 869.525 923.3 SF12 125 kHz 434.665 923.3 SF10 125 kHz 923.2 SF12 125 kHz 505.3 SF12 125 kHz 786 SF12 125 kHz 921.9 SF12 500 kHz SF12 500 kHz 0-95 0-71 0-71 0-x*
0-2 0-2 0-2 0-2 0-2 Max Max -
20 dB SF7 125 kHz 0 Max Max -
14 dB SF7 125 kHz 0 SF10 125 kHz SF10 125 kHz 866.550 869.1 0-1 Figure 4.9 LoRaWAN Server > Infrastructure > Network > Create > ADR Item Max EIRP (dBm) Max Power Min Power Description Enter a value to specify the EIRP used in your region. Enter a value to define the first TX Power item. Enter a value to define the last TX Power item. 74 WISE-6610 Series User Manual Item Max Data Rate Description Enter a value to define the highest DR (lowest SF) supported by the channels in this network. Additional channels may need to be given a different value. Note: The Max Data Rate is not always the last item (lowest SF) in the TX data rate table. Not all channels (frequencies) are allowed to use all data rates. For example, in EU868, the default channels use SF12/125 to SF7/125 only. The SF7/250 is allowed for the 867.3 MHz channel only and FSK for 867.7 MHz only. Initial RX1 DR Offset Enter a value to define the offset between the uplink and downlink Initial RX2 DR data rates used to communicate with the end-device on the first reception slot (RX1). Enter a value to define the data rate for the second reception slot
(RX2). Enter a value to define the default frequency in the RX2 receive window. Click Submit to save the values and update the screen. Initial RX2 Freq
(MHz) Submit 14. Click the Channel tab to configure the channel settings following the frequency rule. Figure 4.10 LoRaWAN Server > Infrastructure > Network > Create > Channel Item Initial Channels Channels Description Enter a range of values to define the initial channels including a comma-separated list of intervals, e.g. 0-2 for EU and 0-71 for US. Click Add new channels to define a list of additional channels sent to the device during Join (CFList). Frequency (MHz): Enter a value to define the channel fre-
quency. Min Data Rate: Enter a value to define the lowest data rate allowed in this channel. Enter 0 if it's not specified. Max Data Rate: Enter a value to define the highest data rate allowed in this channel. Enter the global value of the ADR tab if it's not specified. Submit Click Submit to save the values and update the screen. WISE-6610 Series User Manual 75 15. Click Backends > Handlers to enter the Handlers List page. The WISE-6610 Series handler is created by default. The LoRaWAN data comes with the item with the Field in the handler settings. Figure 4.11 LoRaWAN Server > Backends > Handlers Type String Hex String Hex String Any Integer Integer Integer Hex String ISO 8601 Number String String Object Hex String Number Number Object Definition Application (Handler) name DevAddr of the active node DevEUI of the device Application arguments for the node Most recent battery level reported by the device Received frame sequence number LoRaWAN port number Raw application payload encoded as a hexadecimal string Timestamp using the server clock RX central frequency in MHz (unsigned float/ Hz precision) LoRa data rate identifier (e.g. SF12BW500) LoRa ECC coding rate identifier (default: 4/5) Gateway with the strongest reception MAC address of the gateway with the strongest reception LoRa uplink SNR ratio in dB (signed float/ 0.1 dB precision)
(same as rxq.lsnr for best_gw) RSSI in dBm (signed integer/ 1 dB precision) (same as rxq.rssi for best_gw) List of all gateways that received the frame Field app devaddr deveui appargs battery fcnt port data datetime freq datr codr best_gw mac lsnr rssi all_gw 76 WISE-6610 Series User Manual 16. Click Create to add a new handler rule. This function allows you to choose the desired uplink fields and supports the parse script option that helps you parse the raw data received from the sensor node as shown in Figure 4.13. Figure 4.12 LoRaWAN Server > Backends > Handlers > Create Item Application Uplink Fields Payload Parse Uplink Parse Event Build Downlink Description Enter the name of the handler. Enter the filter values to be forwarded to the backend connector. Enter the filter values as the format for automatic decoding. Enter the string to extract additional data fields from the uplink frame. See Figure 4.13 for references. Enter the string to be forwarded to the backend connector. Enter the string to create a downlink frame based on backend data fields. WISE-6610 Series User Manual 77 Item D/L Expires Submit Description Click the drop-down menu to define when the downlinks may be dropped. Never:
All class A downlinks for a device will be queued and eventu-
ally delivered. All confirmed downlinks will be retransmitted until acknowl-
edged even when a new downlink is sent. When Superseded:
Only the most recent class A downlinks will be scheduled for delivery. Superseded downlinks will be dropped. Unacknowledged downlinks will be dropped when a new downlink (either class A or C) is sent. Click Submit to save the values and update the screen. fun(Fields,Port, <<DEV, Temp:16, Hum:16, Sensor:16>>) ->
if DEV==1 ->
Fields#(device => co2, temp => Temp/100, hum => Hum/100, sensor => Sensor);
DEV==2 ->
Fields#(device => co, temp => Temp/100, hum => Hum/100, sensor => Sensor);
DEV==3 ->
Fields#(device => pm25, temp => Temp/100, hum => Hum/100, sensor => Sensor);
true ->
false end end. 17. Click Backends > Connectors to enter the Connectors List page. Figure 4.13 Parse Uplink Sample The connector settings define the data flow which is the rule for processing the LoRaWAN data. For example, data comes with the handler rule should be saved to the MQTT broker or websocket. The broker and websocket on the WISE-6610 Series is enabled by default. The uplink from the sensor node comes with the MQTT topic is uplink/{devaddr} and the downlink topic is out/{devaddr}. Figure 4.14 LoRaWAN Server > Backends > Connectors 78 WISE-6610 Series User Manual 18. Click Create to create your own connector rule. Figure 4.15 LoRaWAN Server > Backends > Connectors > Create Item Connector Name Application Format URI Publish Uplinks Publish Events Subscribe Received Topic Enabled Description Enter the name of the connector. Click the drop-down menu to select the application to reference a specific backend handler. Click the drop-down menu to select the format. JSON: Encode data fields as Json structures such as {"Name-
One":ValueOne, "NameTwo":ValueTwo}. Raw Data: Send only the binary content of the data field without ant port numbers nor flags. Web Form: Encode fields in query strings such as Name-
One=ValueOne&NameTwo=ValueTwo. Enter a string to define the target host which can be mqtt:// for MQTT or mqtts:// for MQTT/SSL. Enter a string to define a server pattern for constructing the publication topic for uplink messages, including the actual DevEUI, DevAddr or other data fields in the message topic. e.g. out/
{devaddr}. Enter a string to define a server pattern for constructing the publication topic for event messages. Enter a string to define a topic for subscription. It may include broker specific wilcards, e.g. in/#. The MQTT broker will then send messages with a matching topic to this connector. Enter a string to define the template for parsing the topic of received messages, e.g. in/{devaddr}. This can be used to obtain a DevEUI, DevAddr or a device group that receives a given downlink. Check to allow a temporarily disable on an existing connector. WISE-6610 Series User Manual 79 Item Failed Description Click the drop-down menu to select the flag indicates the failure items. badarg: Some connector parameters are bad. network: The destination server cannot be reached. topic: The target broker configuration is wrong. Click Submit to save the values and update the screen. Submit 19. Click Devices > Profiles to enter the Profiles List page. Define the profile rule for the LoRa node and assign the handler rule to each profile. The default profiles are listed in the figure below:
Figure 4.16 LoRaWAN Server > Devices > Profiles 20. Click Create to add a new profile. Figure 4.17 LoRaWAN Server > Devices > Profiles > Create > General Item Name Network Application App Identifier Description Enter the name of the profile. Click the drop-down menu to select the network. Click the drop-down menu to select the application in use. Enter the name of the application ID. 80 WISE-6610 Series User Manual Item Can Join?
FCnt Check TX Window Description Click the drop-down menu to select a flag to prevent the device from joining. Click the drop-down menu to select the FCnt check for the device. Strict 16-bit (default) or Strict 32-bit: Indicates a standard compli-
ant counter. Reset on zero: Behaves as a "less strict 16-bit" which allows personalised (ABP) devices to reset the counter. This weakens the device security a bit as more reply attacks are possible. Disabled: Disables the check for faulty devices and destroys the device security. Click the drop-down menu to select the TX window for downlinks to the device. Auto: Choose the earliest feasible option: RX1 or RX2. RX1: Always use the first RX window. RX2: Always use the second RX window. Click Submit to save the values and update the screen. Submit 21. Click the ADR tab to configure further settings for the node. Figure 4.18 LoRaWAN Server > Devices > Profiles > Create > ADR Item ADR Mode Set Power Set Data Rate Max Data Rate Set Channels Description Click the drop-down menu to determine the adaptive data rate (ADR) mechanism for the device: Disabled, Auto-Adjust or Maintain. Enter a value to define the power (in dBm). Enter a value to define the data rate. Enter a value to define the maximal data rate supported by the devices. Enter a value to define the set of channels. The channels are given as a comma-separated list of interfaces, e.g. 0-2 for EU, 0-71 for the whole US band, or 0-7,64 for the first US sub-band. WISE-6610 Series User Manual 81 Item Set RX1 DR Offset Set RX2 DR Description Enter a value to define the offset between the uplink and the RX1 slot downlink data rates. Enter a value to define the data rate for the second reception slot
(RX2). Set RX2 Freq (MHz) Enter a value to define the default frequency in the RX2 receive Request Status?
window. Click the drop-down menu to select the flag used to disable the status requests for simple devices that do not support the function (default:
true). Click Submit to save the values and update the screen. Submit 22. Click Devices > Activated (Nodes) to enter the Nodes List page. Activated (Nodes) is the setting for ABP type nodes and Commissioned is for OTAA type nodes. The LRPv2 nodes only supports ABP so the info can only be created in the ABP options. Figure 4.19 LoRaWAN Server > Devices > Activated (Nodes) 23. Click Create to add a new LoRaWAN node (ABP) along with its Devaddr, APPkey and NwkKey. Figure 4.20 LoRaWAN Server > Devices > Activated (Nodes) > Create Item DevAddr Profile Description Enter the name of the node. Click the drop-down menu to select the profile for the node. 82 WISE-6610 Series User Manual Item App Arguments NwkSKey AppSKey FCnt Up FCnt Down Submit 24. Click Devices > Commissioned to enter the Devices List page. Description Enter the opaque string with application-specific settings. Enter the NwkSKey for the node. Enter the AppSKey for the node. Enter a value to define the frame counter. Enter a value to define the frame counter. Click Submit to save the values and update the screen. Figure 4.21 LoRaWAN Server > Devices > Commissioned 25. Click Create to add a new LoRaWAN node (OTAA). Figure 4.22 LoRaWAN Server > Devices > Commissioned > Create Item DevEUI Profile App Arguments AppEUI AppKey Last Join Node Submit Description Enter the DevEUI for the device. Click the drop-down menu to select the profile for the device. Enter the opaque string with application-specific settings. Enter the AppEUI for the device. Enter the AppKey for the device. Enter a value to define the timestamp of the last successful Join request. Enter the corresponding node. Click Submit to save the values and update the screen. WISE-6610 Series User Manual 83 26. After the LoRaWAN network, gateway, node, handler and connector funcitons are enabled. Click Received Frames to enter the Received Frames page and check the received messages. Figure 4.23 LoRaWAN Server > Received Frames 27. Since the MQTT broker on the WISE-6610 series is enabled by default, you can subscribe the MQTT "#" on 192.168.1.1 to receive the LoRaWAN node mes-
sages. Figure 4.24 MQTT Subscription 84 WISE-6610 Series User Manual 28. Click Infrastructure > Events to enter the Events List page to view the events. Figure 4.25 MQTT Subscription Figure 4.26 LoRaWAN Server > Infrastructure > Events WISE-6610 Series User Manual 85 4.2 Changing the Raw LoRa Data Format This function parses and shows the raw data from an Advantech LRPv2 LoRa node. Note! WISE-6610 series models does not parse data from a non-Advantech LoRa node through the Advantech Application function. Note!
All the foregoing settings must be configured before using this function. 1. To access this page, click User Modules > LoRaWAN Gateway > Advantech Application. Figure 4.27 User Modules > LoRaWAN Gateway > Advantech Application 2. Click Detail to list the real data and status detail of the node. Figure 4.28 Data and Status 86 WISE-6610 Series User Manual 3. To get the sensor node data, the application server needs to be enabled first. After the application server is enabled, the Advantech application server will parse the data subscribed from the MQTT broker (WISE-6610 with topic uplink/
#) as shown in the figure below. Figure 4.29 User Modules > LoRaWAN Gateway > MQTT and LoRaWAN 4. Click LoRaWAN Server > Devices > Activated (Nodes) to enter the Nodes List page. Figure 4.30 LoRaWAN Server > Activated (Nodes) 5. Edit the LoRa Node and enter Advantech in the App Arguments field. The Advantech application server will deal with the raw data based on the info and list the real data on the Advantech Application page. Figure 4.31 LoRaWAN Server > Activated (Nodes) > Edit > General WISE-6610 Series User Manual 87 6. Not only the data will be shown on the Advantech Application page, if you would like to apply the data to other software applications, you can also subscribe Topic # or direct Topic Advantech/+/data from the WISE-6610 MQTT server. Figure 4.32 Applying Data to Other Software Applications 4.3 Node-RED Setup 1. Go to Customization > User Modules. 2. A list of available devices display. Click on the target Node-RED. Figure 4.33 Customization > User Modules 3. The Settings menu displays. Click Node-RED and check the box to enable the Node-RED and enter the port number (default: 1880). 4. Go to Node-RED page (http://192.168.1.1:1880/) and log in using the default user name and password (root/root) for further configuration. Figure 4.34 Node-RED Figure 4.35 Node-RED 88 WISE-6610 Series User Manual www.advantech.com Please verify specifications before quoting. This guide is intended for reference purposes only. All product specifications are subject to change without notice. No part of this publication may be reproduced in any form or by any means, electronic, photocopying, recording or otherwise, without prior written permis-
sion of the publisher. All brand and product names are trademarks or registered trademarks of their respective companies. Advantech Co., Ltd. 2018
1 2 | Users manual | Users Manual | 3.82 MiB | May 08 2020 |
User Manual WISE-6610 Series Indsutrial LoRaWAN Gateway Copyright The documentation and the software included with this product are copyrighted 2018 by Advantech Co., Ltd. All rights are reserved. Advantech Co., Ltd. reserves the right to make improvements in the products described in this manual at any time without notice. No part of this manual may be reproduced, copied, translated or transmitted in any form or by any means without the prior written permission of Advantech Co., Ltd. Information provided in this manual is intended to be accurate and reliable. How-
ever, Advantech Co., Ltd. assumes no responsibility for its use, nor for any infringe-
ments of the rights of third parties, which may result from its use. Acknowledgements Intel and Pentium are trademarks of Intel Corporation. Microsoft Windows and MS-DOS are registered trademarks of Microsoft Corp. All other product names or trademarks are properties of their respective owners. Product Warranty (3 years) Advantech warrants to you, the original purchaser, that each of its products will be free from defects in materials and workmanship for three years from the date of pur-
chase. This warranty does not apply to any products which have been repaired or altered by persons other than repair personnel authorized by Advantech, or which have been subject to misuse, abuse, accident or improper installation. Advantech assumes no liability under the terms of this warranty as a consequence of such events. Because of Advantechs high quality-control standards and rigorous testing, most of our customers never need to use our repair service. If an Advantech product is defec-
tive, it will be repaired or replaced at no charge during the warranty period. For out of-
warranty repairs, you will be billed according to the cost of replacement materials, service time and freight. Please consult your dealer for more details. If you think you have a defective product, follow these steps:
1. Collect all the information about the problem encountered. (For example, CPU speed, Advantech products used, other hardware and software used, etc.) Note anything abnormal and list any on screen messages you get when the problem occurs. 2. Call your dealer and describe the problem. Please have your manual, product, 3. and any helpful information readily available. If your product is diagnosed as defective, obtain an RMA (return merchandize authorization) number from your dealer. This allows us to process your return more quickly. 4. Carefully pack the defective product, a fully-completed Repair and Replacement Order Card and a photocopy proof of purchase date (such as your sales receipt) in a shippable container. A product returned without proof of the purchase date is not eligible for warranty service. 5. Write the RMA number visibly on the outside of the package and ship it prepaid to your dealer. Part No. XXXXXXXXXX Printed in Taiwan Edition 1 March 2020 WISE-6610 Series User Manual ii Declaration of Conformity CE This product has passed the CE test for environmental specifications. Test conditions for passing included the equipment being operated within an industrial enclosure. In order to protect the product from being damaged by ESD (Electrostatic Discharge) and EMI leakage, we strongly recommend the use of CE-compliant industrial enclo-
sure products. FCC Class A Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Opera-
tion of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. This device complies with Part 15 of the FCC Rules. Operation is subject to the fol-
lowing two conditions:
(1) This device may not cause harmful interference, and
(2) this device must accept any interference received, including interference that may cause undesired operation. Caution! Any changes or modifications not expressly approved by the party responsi-
ble for compliance could void the user's authority to operate this equipment. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. FCC RF Radiation Exposure Statement:
1. 2. This Transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with a minimum distance of 20 centimeters (7.87 inches) between the radiator and your body. NCC NCC iii WISE-6610 Series User Manual Technical Support and Assistance 1. Visit the Advantech web site at www.advantech.com/support where you can find the latest information about the product. 2. Contact your distributor, sales representative, or Advantech's customer service center for technical support if you need additional assistance. Please have the following information ready before you call:
Product name and serial number Description of your peripheral attachments Description of your software (operating system, version, application software, etc.) A complete description of the problem The exact wording of any error messages Warnings, Cautions and Notes Warning! Warnings indicate conditions, which if not observed, can cause personal injury!
Caution! Cautions are included to help you avoid damaging hardware or losing data. e.g. There is a danger of a new battery exploding if it is incorrectly installed. Do not attempt to recharge, force open, or heat the battery. Replace the battery only with the same or equivalent type recommended by the man-
ufacturer. Discard used batteries according to the manufacturer's instructions. Note!
Notes provide optional additional information. Document Feedback To assist us in making improvements to this manual, we would welcome comments and constructive criticism. Please send all such - in writing to: support@advant-
ech.com Packing List Before setting up the system, check that the items listed below are included and in good condition. If any item does not accord with the table, please contact your dealer immediately. 1 x Indsutrial LoRa private gateway 1 x DIN-Rail mounting bracket and screws 1 x Wall-mounting bracket WISE-6610 Series User Manual iv Safety Instructions Read these safety instructions carefully. Keep this User Manual for later reference. Disconnect this equipment from any DC outlet before cleaning. Use a damp cloth. Do not use liquid or spray detergents for cleaning. For plug-in equipment, the power outlet socket must be located near the equip-
ment and must be easily accessible. Keep this equipment away from humidity. Put this equipment on a reliable surface during installation. Dropping it or letting it fall may cause damage. The openings on the enclosure are for air convection. Protect the equipment from overheating. DO NOT COVER THE OPENINGS. Make sure the voltage of the power source is correct before connecting the Position the power cord so that people cannot step on it. Do not place anything equipment to the power outlet. over the power cord. All cautions and warnings on the equipment should be noted. If the equipment is not used for a long time, disconnect it from the power source to avoid damage by transient overvoltage. Never pour any liquid into an opening. This may cause fire or electrical shock. Never open the equipment. For safety reasons, the equipment should be opened only by qualified service personnel. If one of the following situations arises, get the equipment checked by service personnel:
The power cord or plug is damaged. Liquid has penetrated into the equipment. The equipment has been exposed to moisture. The equipment does not work well, or you cannot get it to work according to the user's manual. The equipment has been dropped and damaged. The equipment has obvious signs of breakage. DO NOT LEAVE THIS EQUIPMENT IN AN ENVIRONMENT WHERE THE STORAGE TEMPERATURE MAY GO -40C (-40F) ~ 85C (185F). THIS COULD DAMAGE THE EQUIPMENT. THE EQUIPMENT SHOULD BE IN A CONTROLLED ENVIRONMENT. The sound pressure level at the operator's position according to IEC 704-1:1982 is no more than 70 dB (A). DISCLAIMER: This set of instructions is given according to IEC 704-1. Advant-
ech disclaims all responsibility for the accuracy of any statements contained herein. The antenna(s) used for this transmitter must be installed to provide a separa-
tion distance of at least 20cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter. v WISE-6610 Series User Manual Wichtige Sicherheishinweise Bitte lesen sie Sich diese Hinweise sorgfltig durch. Heben Sie diese Anleitung fr den spteren Gebrauch auf. Vor jedem Reinigen ist das Gert vom Stromnetz zu trennen. Verwenden Sie Keine Flssig-oder Aerosolreiniger. Am besten dient ein angefeuchtetes Tuch zur Reinigung. Die NetzanschluBsteckdose soll nahe dem Gert angebracht und leicht zugnglich sein. Das Gert ist vor Feuchtigkeit zu schtzen. Bei der Aufstellung des Gertes ist auf sicheren Stand zu achten. Ein Kippen oder Fallen knnte Verletzungen hervorrufen. Die Belftungsffnungen dienen zur Luftzirkulation die das Gert vor ber-
hitzung schtzt. Sorgen Sie dafr, daB diese ffnungen nicht abgedeckt werden. Beachten Sie beim. AnschluB an das Stromnetz die AnschluBwerte. Verlegen Sie die NetzanschluBleitung so, daB niemand darber fallen kann. Es sollte auch nichts auf der Leitung abgestellt werden. Alle Hinweise und Warnungen die sich am Gerten befinden sind zu beachten. Wird das Gert ber einen lngeren Zeitraum nicht benutzt, sollten Sie es vom Stromnetz trennen. Somit wird im Falle einer berspannung eine Beschdigung vermieden. Durch die Lftungsffnungen drfen niemals Gegenstnde oder Flssigkeiten in das Gert gelangen. Dies knnte einen Brand bzw. elektrischen Schlag aus-
lsen. ffnen Sie niemals das Gert. Das Gert darf aus Grnden der elektrischen Sicherheit nur von authorisiertem Servicepersonal geffnet werden. Wenn folgende Situationen auftreten ist das Gert vom Stromnetz zu trennen und von einer qualifizierten Servicestelle zu berprfen:
Netzkabel oder Netzstecker sind beschdigt. Flssigkeit ist in das Gert eingedrungen. Das Gert war Feuchtigkeit ausgesetzt. Wenn das Gert nicht der Bedienungsanleitung entsprechend funktioniert oder Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen. Das Gert ist gefallen und/oder das Gehuse ist beschdigt. Wenn das Gert deutliche Anzeichen eines Defektes aufweist. Der arbeitsplatzbezogene Schalldruckpegel nach DIN 45 635 Teil 1000 betrgt 70dB(A) oder weiger. Haftungsausschluss: Die Bedienungsanleitungen wurden entsprechend der IEC-704-1 erstellt. Advantech lehnt jegliche Verantwortung fr die Richtigkeit der in diesem Zusammenhang gettigten Aussagen ab. WISE-6610 Series User Manual vi Safety Precaution - Static Electricity Static electricity can cause bodily harm or damage electronic devices. To avoid dam-
age, keep static-sensitive devices in the static-protective packaging until the installa-
tion period. The following guidelines are also recommended:
Wear a grounded wrist or ankle strap and use gloves to prevent direct contact to the device before servicing the device. Avoid nylon gloves or work clothes, which tend to build up a charge. Always disconnect the power from the device before servicing it. Before plugging a cable into any port, discharge the voltage stored on the cable by touching the electrical contacts to the ground surface. vii WISE-6610 Series User Manual Contents Chapter Product Overview ............................... 1 Specifications............................................................................................ 2 Hardware Views........................................................................................ 3 1.2.1 Front View..................................................................................... 3 1.2.2 Rear View ..................................................................................... 3 1.2.3 Top View....................................................................................... 3 1.2.4 System LED Panel........................................................................ 4 Dimensions ............................................................................................... 4 Chapter Gateway Installation ........................... 5 Chapter 3 Managing Gateway ........................... 13 Warning..................................................................................................... 6 Installation Guideline................................................................................. 7 Installing the Gateway............................................................................... 8 2.3.1 Installing Antenna ......................................................................... 8 2.3.2 Wall Mounting ............................................................................... 9 2.3.3 DIN Rain Mounting ..................................................................... 10 Connecting the Gateway to Ethernet Port .............................................. 12 2.4.1 RJ45 Ethernet Cable Wiring ....................................................... 12 Power Supply Installation........................................................................ 12 Access Interface ..................................................................................... 14 Recommended Practices........................................................................ 15 3.2.1 Changing Default Password ....................................................... 15 Status...................................................................................................... 16 3.3.1 General ....................................................................................... 16 3.3.2 Network....................................................................................... 17 3.3.3 DHCP.......................................................................................... 17 3.3.4 IPsec........................................................................................... 18 3.3.5 DynDNS...................................................................................... 18 3.3.6 System Log................................................................................. 19 Configuration........................................................................................... 20 3.4.1 LAN............................................................................................. 20 3.4.2 NAT............................................................................................. 28 3.4.3 OpenVPN.................................................................................... 32 3.4.4 IPSec .......................................................................................... 35 3.4.5 GRE ............................................................................................ 39 3.4.6 L2TP ........................................................................................... 41 3.4.7 PPTP .......................................................................................... 43 3.4.8 Services ...................................................................................... 44 3.4.9 Scripts......................................................................................... 52 3.4.10 Automatic Update ....................................................................... 54 Customization ......................................................................................... 56 3.5.1 Adding a Module......................................................................... 56 Administration ......................................................................................... 63 3.6.1 Users .......................................................................................... 63 3.6.2 Change Profile ............................................................................ 64 3.6.3 Change Password ...................................................................... 64 3.6.4 Set Real Time Clock ................................................................... 65 3.6.5 Backup Configuration ................................................................. 65 3.6.6 Restore Configuration................................................................. 65 1 1.1 1.2 1.3 2 2.1 2.2 2.3 2.4 2.5 3.1 3.2 3.3 3.4 3.5 3.6 SmartSwarm 243 User Manual viii 3.6.7 Update Firmware ........................................................................ 66 3.6.8 Reboot ........................................................................................ 67 Chapter 4 Configuration in Typical Situations ...........................................68 4.1 4.2 4.3 Enabling the LoRaWAN and Network Server ......................................... 69 Changing the Raw LoRa Data Format .................................................... 86 Node-RED Setup .................................................................................... 88 ix SmartSwarm 243 User Manual List of Figures Figure 1.1 Figure 1.2 Figure 1.3 Figure 1.4 Figure 2.1 Figure 2.2 Figure 2.3 Figure 2.4 Figure 2.5 Figure 2.6 Figure 2.7 Figure 2.8 Figure 2.9 Figure 3.1 Figure 3.2 Figure 3.3 Figure 3.4 Figure 3.5 Figure 3.6 Figure 3.7 Figure 3.8 Figure 3.9 Figure 3.10 Figure 3.11 Figure 3.12 Figure 3.13 Figure 3.14 Figure 3.15 Figure 3.16 Figure 3.17 Figure 3.18 Figure 3.19 Figure 3.20 Figure 3.21 Figure 3.22 Figure 3.23 Figure 3.24 Figure 3.25 Figure 3.26 Figure 3.27 Figure 3.28 Figure 3.29 Figure 3.30 Figure 3.31 Figure 3.32 Figure 3.33 Figure 3.34 Figure 3.35 Figure 3.36 Figure 3.37 Figure 3.38 Figure 3.39 Figure 3.40 Figure 3.41 Figure 3.42 Figure 3.43 Front View ..................................................................................................................... 3 Rear View...................................................................................................................... 3 Top View ....................................................................................................................... 3 System LED Panel ........................................................................................................ 4 Installing the Antenna.................................................................................................... 8 Positioning the Antenna ................................................................................................ 8 Wall Mount Installation .................................................................................................. 9 Wall Mount Installation ................................................................................................ 10 Installing the DIN-Rail Mounting Kit............................................................................. 10 Correctly Installed DIN Rail Kit .................................................................................... 11 Removing the DIN-Rail................................................................................................ 11 Ethernet Plug & Connector Pin Position...................................................................... 12 Installing the Power Cable........................................................................................... 12 Login Screen ............................................................................................................... 14 Changing a Default Password..................................................................................... 15 Status > General ......................................................................................................... 16 Status > Network ......................................................................................................... 17 Status > DHCP ............................................................................................................ 17 Status > IPsec ............................................................................................................. 18 Status > DynDNS ........................................................................................................ 18 Status > System Log ................................................................................................... 19 Example Program Syslogd Start with the Parameter -R ............................................. 19 Configuration > LAN .................................................................................................... 21 IPv6 Address with Prefix Example .............................................................................. 23 IPv4 Dynamic DHCP Network Topology ..................................................................... 24 LAN Configuration for a Dynamic Network Typology .................................................. 25 IPv4 Dynamic and Static DHCP Network Topology .................................................... 25 LAN Configuration for an IPv4 Dynamic and Static DHCP Network Topology ........... 26 IPv6 Dynamic DHCP Server Network Topology ......................................................... 26 LAN Configuration for an IPv6 Dynamic DHCP Server Network Topology................. 27 Configuration > NAT.................................................................................................... 28 Topology for NAT Configuration Example 1................................................................ 30 NAT Configuration for Example 1................................................................................ 30 Topology for NAT Configuration Example 2................................................................ 31 NAT Configuration for Example 2................................................................................ 31 Configuration > OpenVPN > 1st Tunnel...................................................................... 32 Topology of OpenVPN Configuration Example ........................................................... 34 Configuration > 1st Tunnel .......................................................................................... 36 Topology of Configuration Example ............................................................................ 39 Configuration > GRE > 1st Tunnel .............................................................................. 40 Topology of GRE Tunnel Configuration Example ....................................................... 41 Configuration > L2TP .................................................................................................. 42 Topology of L2TP Tunnel Configuration Example....................................................... 42 Configuration > PPTP ................................................................................................. 43 Topology of PPTP Tunnel Configuration Example...................................................... 44 Configuration > Services > DynDNS ........................................................................... 45 DynDNS Configuration Example ................................................................................. 45 Configuration > Services > HTTP................................................................................ 46 Configuration > Services > NTP.................................................................................. 46 Example of NTP Configuration.................................................................................... 47 Configuration > Services > SNMP............................................................................... 47 OID Basic Structure..................................................................................................... 49 SNMP Configuration Example..................................................................................... 50 MIB Browser Example................................................................................................. 50 Configuration > Services > SMTP ............................................................................... 51 SMTP Client Configuration Example........................................................................... 51 SmartSwarm 243 User Manual x Figure 3.44 Figure 3.45 Figure 3.46 Figure 3.47 Figure 3.48 Figure 3.49 Figure 3.50 Figure 3.51 Figure 3.52 Figure 3.53 Figure 3.54 Figure 3.55 Figure 3.56 Figure 3.57 Figure 3.58 Figure 3.59 Figure 3.60 Figure 3.61 Figure 3.62 Figure 4.1 Figure 4.2 Figure 4.3 Figure 4.4 Figure 4.5 Figure 4.6 Figure 4.7 Figure 4.8 Figure 4.9 Figure 4.10 Figure 4.11 Figure 4.12 Figure 4.13 Figure 4.14 Figure 4.15 Figure 4.16 Figure 4.17 Figure 4.18 Figure 4.19 Figure 4.20 Figure 4.21 Figure 4.22 Figure 4.23 Figure 4.24 Figure 4.25 Figure 4.26 Figure 4.27 Figure 4.28 Figure 4.29 Figure 4.30 Figure 4.31 Figure 4.32 Figure 4.33 Figure 4.34 Figure 4.35 Configuration > Services > SSH.................................................................................. 52 Example of a Startup Script......................................................................................... 53 Example of IPv6 Up/Down Script ................................................................................ 54 Configuration > Automatic Update............................................................................... 55 Example of Automatic Update 1 .................................................................................. 56 Example of Automatic Update 2 .................................................................................. 56 User Modules .............................................................................................................. 57 User Modules > LoRaWAN Gateway > MQTT and LoRaWAN ................................... 58 User Modules > LoRaWAN Gateway > LoRaWAN Status.......................................... 60 User Modules > LoRaWAN Gateway > LoRaWAN Server ......................................... 61 User Modules > LoRaWAN Gateway > LoRaWAN Server (https) .............................. 62 User Modules > LoRaWAN Gateway > Advantech Application .................................. 62 Administration > Users ................................................................................................ 63 Administration > Change Profile .................................................................................. 64 Administration > Change Password ............................................................................ 64 Administration > Set Real Time Clock ......................................................................... 65 Administration > Restore Configuration....................................................................... 65 Administration > Update Firmware .............................................................................. 66 Administration > Reboot .............................................................................................. 67 Customization > User Modules.................................................................................... 69 LoRaWAN Gateway > MQTT and LoRaWAN ............................................................. 69 LoRaWAN Gateway > MQTT and LoRaWAN ............................................................. 70 LoRaWAN Gateway > LoRaWAN Server.................................................................... 71 LoRaWAN Server > Infrastructure > Gateways........................................................... 71 LoRaWAN Server > Infrastructure > Gateways > Create............................................ 72 LoRaWAN Server > Infrastructure > Networks............................................................ 72 LoRaWAN Server > Infrastructure > Network > Create > General.............................. 73 LoRaWAN Server > Infrastructure > Network > Create > ADR................................... 74 LoRaWAN Server > Infrastructure > Network > Create > Channel ............................. 75 LoRaWAN Server > Backends > Handlers.................................................................. 76 LoRaWAN Server > Backends > Handlers > Create................................................... 77 Parse Uplink Sample ................................................................................................... 78 LoRaWAN Server > Backends > Connectors.............................................................. 78 LoRaWAN Server > Backends > Connectors > Create............................................... 79 LoRaWAN Server > Devices > Profiles ....................................................................... 80 LoRaWAN Server > Devices > Profiles > Create > General ....................................... 80 LoRaWAN Server > Devices > Profiles > Create > ADR ............................................ 81 LoRaWAN Server > Devices > Activated (Nodes) ...................................................... 82 LoRaWAN Server > Devices > Activated (Nodes) > Create........................................ 82 LoRaWAN Server > Devices > Commissioned ........................................................... 83 LoRaWAN Server > Devices > Commissioned > Create ............................................ 83 LoRaWAN Server > Received Frames........................................................................ 84 MQTT Subscription...................................................................................................... 84 MQTT Subscription...................................................................................................... 85 LoRaWAN Server > Infrastructure > Events................................................................ 85 User Modules > LoRaWAN Gateway > Advantech Application .................................. 86 Data and Status........................................................................................................... 86 User Modules > LoRaWAN Gateway > MQTT and LoRaWAN ................................... 87 LoRaWAN Server > Activated (Nodes) ....................................................................... 87 LoRaWAN Server > Activated (Nodes) > Edit > General ............................................ 87 Applying Data to Other Software Applications............................................................. 88 Customization > User Modules.................................................................................... 88 Node-RED ................................................................................................................... 88 Node-RED ................................................................................................................... 88 xi SmartSwarm 243 User Manual Chapter 1 1Product Overview 1.1 Specifications Specifications Description WSN Support Standard LoRaWAN Frequency WISE-6610-NXXX: US 902-928 (MHz) WISE-6610-EXXX: EU 863-870 (MHz) WISE-6610-AXXX: AS 920-925 (Mhz) ANT Connector SMA Male Reverse connector x 1 LAN Interface Ethernet 10/100 Mbps, auto MDI/MDIX Digital I/O Connector Protection Port Type Port Connector RJ45 x 1 1.5-kV built-in magnetic isolation protection Digital input on voltage: 2.7 ~ 36 VDC 4-way Molex moni-fit connector General LED Indicators PWR, DAT, WAN, ETH Reboot Trigger Reset button Physical Protection Class IP30 DIN rail, wall 150 x 37.5 x 83 mm (5.9" x 1.48" x 3.27") Installation Dimensions
(W x H x D) Weight Operating Temperature Storage Temperature Environment 500 g ( 17.63 oz)
-40 ~ 75C (-40 ~ 167F)
-40 ~ 85C (-40 ~ 185F) Ambient Relative Humidity 10 ~ 95% (non-condensing) Power Power Input 9 ~ 36 VDC Power Connector 4-way Molex moni-fit connector 3.1/6.6/40 mW (average/peak/sleep mode) Power Consumption Certifications EMC EN61000-4-2, Level 3 EN61000-4-3, Level 3 EN61000-4-4, Level 3 EN61000-4-5, Level 3 EN61000-4-6, Level 3 EN61000-4-12, Level 3 EN61000-4-11, voltage dip: 70%
IEC60068-2-27 Shock Free Fall Vibration IEC60068-2-32 IEC60068-2-6 Cellular Interface LTE Bands B2, B3, B4, B5, B12, B13,B26 (WISE-6610-NXXXC) 2 WISE-6610 Series User Manual 1.2 Hardware Views 1.2.1 Front View 1 2 3 I / O WAN DAT PWR
ETH 4 LoRa WISE-6610 Figure 1.1 Front View System LED panel See System LED Panel on page 4 for further details. No. Item Description 1 2 3 4 I/O (Power socket) Connect cabling for power. ETH port RJ45 x 1 Antenna connector Connector for antenna. 1.2.2 Rear View 1 Figure 1.2 Rear View No. Item Description 1 DIN-Rail holes Screw holes (2) used in the installation of a DIN rail clip. 1.2.3 Top View 1 1 1 1 Figure 1.3 Top View No. Item Description 1 Wall mounting holes Screw holes (4) used in the installation on wall. WISE-6610 Series User Manual 3 1.2.4 System LED Panel LED Name LED Color Description PWR DAT WAN Green Green Green 1.3 Dimensions mm [inch]
140 [5.51]
150 [5.90]
125.40 [4.94]
I / O
0 3 0
0 5 7
6 2 3
3 8
7 4 1
0 5 7 3
. Figure 1.4 System LED Panel 4 WISE-6610 Series User Manual Chapter 2 2Gateway Installation 2.1 Warning Warning: Before working on equipment that is connected to power lines, remove any jewelry (including rings, necklaces, and watches). Metal objects can heat up when connected to power and ground, which can cause serious burns or weld the metal object to the terminals. Caution! Exposure to chemicals can degrade the sealing properties of materials used in the sealed relay device. Caution!
It is not recommended to work on the system or connect or disconnect cables during periods of lightning activity. Caution! Before performing any of the following procedures, disconnect the power source from the DC circuit. Caution! Read the installation instructions before connecting the system to its power source. Caution! The device must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground con-
ductor. Caution! The installation, replacement, or service of the device must be Only be performed by trained and qualified personnel. Caution! Ultimate disposal of this product should be handled according to local and national regulations 6 WISE-6610 Series User Manual Caution! To prevent the system from overheating, do not operate it in an area that exceeds the maximum recommended ambient temperature of: 70C
(158F). Caution!
If the switch is to be installed in a hazardous location, ensure that the DC power source is located away from the vicinity of the switch. Caution! The installation of the equipment must comply with all national and local electrical codes. Caution! Explosion Hazard-The area must be known to be nonhazardous before servicing or replacing any components. Warning! Airflow around the switch must be unrestricted. To prevent the switch from overheating, there must be the following minimum clearances:
Top and bottom: 2.0 in. (50.8 mm) Sides: 2.0 in. (50.8 mm) Front: 2.0 in. (50.8 mm) 2.2 Installation Guideline cables. page 2. ing). The following guidelines are provided to optimize the device performance. Review the guidelines before installing the device. Make sure cabling is away from sources of electrical noise. Radios, power lines, and fluorescent lighting fixtures can interference with the device performance. Make sure the cabling is positioned away from equipment that can damage the Operating environment is within the ranges listed range, see Specifications on Relative humidity around the switch does not exceed 95 percent (noncondens-
Altitude at the installation site is not higher than 10,000 feet. In 10/100 and 10/100/1000 fixed port devices, the cable length from the switch to connected devices can not exceed 100 meters (328 feet). Make sure airflow around the switch and respective vents is unrestricted. With-
out proper airflow the switch can overheat. To prevent performance degredation and damage to the switch, make sure there is clerance at the top and bottom and around the exhaust vents. WISE-6610 Series User Manual 7 2.3 Installing the Gateway 2.3.1 Installing Antenna tion. 1. Connect the antenna by screwing the antenna connectors in a clockwise direc-
WISE-6610 LoRa WAN DAT PWR I / O
ETH 2. Position the antenna for optimal signal strength. Figure 2.1 Installing the Antenna Note!
The location and position of the antenna is crucial for effective wireless connectivity WISE-6610 LoRa WAN DAT PWR I / O
ETH Figure 2.2 Positioning the Antenna 8 WISE-6610 Series User Manual 2.3.2 Wall Mounting 1. 2. 3. 4. Locate the area to install and mark the four screw locations. It is suggested to place the device on the installation location and use the mounting locations to mark the location of the screw holes). If necessary first drill pilot holes. Drill four holes over the four marked locations on the wall. On concrete, it is recommended to install wall sinks Align the SmartSwarm over the installation location on the wall. Secure the SmartSwarm with screws ( 5.0 mm). P W R D AT W A N I
O
E T H L o R a WIS E-6 6 1 0 Figure 2.3 Wall Mount Installation WISE-6610 Series User Manual 9 2.3.3 DIN Rain Mounting 2.3.3.1 Installing the DIN Rail Mounting Kit 1. 2. Align the DIN rail clip with the rear of SmartSwarm. Secure the DIN rail clip and the SmartSwarm with screws. Figure 2.4 Wall Mount Installation 3. Position the rear panel of the SmartSwarm directly in front of the DIN rail, mak-
ing sure that the top of the DIN rail clip hooks over the top of the DIN rail, as shown in the following illustration. Make sure the DIN rail is inserted behind the spring mechanism. 4. Once the DIN rail is seated correctly in the DIN rail clip, press the front of the SmartSwarm to rotate the SmartSwarm down and into the release tab on the DIN rail clip. If seated correctly, the bottom of the DIN rail should be fully inserted in the release tab. DIN rail clip DIN rail DIN rail clip release tab Figure 2.5 Installing the DIN-Rail Mounting Kit 10 WISE-6610 Series User Manual See the following figure demonstrating the correct position of a completed DIN installation. Figure 2.6 Correctly Installed DIN Rail Kit 2.3.3.2 Removing the DIN Rail Mounting Kit 1. 2. Ensure that power is removed from the SmartSwarm, and disconnect all cables and connectors from the front panel of the SmartSwarm. Push down on the top of the DIN rail clip release tab with your finger. As the clip releases, lift the bottom of the SmartSwarm, as shown in the following illustra-
tion. Figure 2.7 Removing the DIN-Rail WISE-6610 Series User Manual 11 2.4 Connecting the Gateway to Ethernet Port 2.4.1 RJ45 Ethernet Cable Wiring For RJ45 connectors, data-quality, twisted pair cabling (rated CAT5 or better) is rec-
ommended. The connector bodies on the RJ45 Ethernet ports are metallic and con-
nected to the GND terminal. For best performance, use shielded cabling. Shielded cabling may be used to provide further protection. Straight-thru Cable Wiring Cross-over Cable Wiring Pin 1 Pin 2 Pin 3 Pin 6 Pin 1 Pin 2 Pin 3 Pin 6 Pin 1 Pin 2 Pin 3 Pin 6 Pin 3 Pin 6 Pin 1 Pin 2 Figure 2.8 Ethernet Plug & Connector Pin Position Maximum cable length: 100 meters (328 ft.) for 10/100BaseT. 8 1 2.5 Power Supply Installation 1. Insert the power cable into the power socket. The cable locks in place if installed correctly. 2. Connect the other end to a wall outlet. The LEDs light when the device is connected to the power source WISE-6610 LoRa WAN DAT PWR I / O
ETH The following table show the color lines definition:
Figure 2.9 Installing the Power Cable V+
Red DI Yellow GND Black D0 Gray 12 WISE-6610 Series User Manual Chapter 3 3Managing Gateway 3.1 Access Interface To access the login window, connect the device to the network, see Connecting the Gateway to Ethernet Port on page 12. When WISE-6610 Series is first installed, make sure the network environment is configured to enable access to the device. Your computer and the device must be on the same network subnet to allow them to establish a network connection. Before you begin, make sure the device is powered on, see Power Supply Installation on page 13 for further information. 1. 2. Launch a web browser on a computer. In the browser's address bar type in the default IP address (192.168.1.1). The login screen displays. Enter the default user name and password (root/root) to log into the management interface. You can change the default password after a successfully log in. See Changing Default Password on page 15. 3. 4. Click Login to enter the management interface. Figure 3.1 Login Screen When you successfully enter login information on the login page, web interface will be displayed. The left side of the web interface contains a menu tree with sections for monitoring (Status), configuration (Configuration), customization (Customization) and administration (Administration) of the device. Name and Location items in the right upper corner display the name and location of the device in the SNMP configuration (see SNMP on page 47). These fields are user-defined for each device. After the green LED starts to blink you may restore the initial device settings by pressing the reset (RST) button on the back panel. If the reset button is pressed, all configuration will revert to factory defaults and the device will reboot (the green LED will be on during the reboot). 14 WISE-6610 Series User Manual 3.2 Recommended Practices One of the easiest things to do to help increase the security posture of the network infrastructure is to implement a policy and standard for secure management. This practice is an easy way to maintain a healthy and secure network. After you have performed the basic configurations on your switches, the following is a recommendation which is considered best practice policy. 3.2.1 Changing Default Password In keeping with good management and security practices, it is recommended that you change the default password as soon as the WISE-6610 Series is functioning and setup correctly. The following details the necessary steps to change the default password. To change the password:
1. Navigate to Administration > Change Password. 2. In the New Password field, type in the new password. Re-type the same password in the Confirm Password field. 3. Click Apply to change the current account settings. Figure 3.2 Changing a Default Password Note!
To change other user's password, go to Administration > User. From the User Administration menu, click Change Password behind the user's account WISE-6610 Series User Manual 15 3.3 Status 3.3.1 General Selecting the General item will open a screen displaying a summary of basic information about the device and its activities. This page is also displayed when you login to the web interface. Information is divided into several sections, based upon the type of device activity or the properties area: Mobile Connection, Primary LAN, Peripheral Ports and System Information. If the device is WiFi equipped, there will be a WiFi section. IPv6 Address item can show multiple different addresses for one network interface. This is standard behavior since an IPv6 interface uses more addresses. The second IPv6 Address showed after pressing More Information is automatically generated EUI-64 format link local IPv6 address derived from MAC address of the interface. It is generated and assigned the first time the interface is used (e.g. cable is connected, Mobile WAN connecting, etc.). To access this page, click Status > General. Figure 3.3 Status > General 16 WISE-6610 Series User Manual 3.3.2 Network To view information about the interfaces and the routing table, open the Network item in the Status menu. To access this page, click Status > Network. 3.3.3 DHCP Figure 3.4 Status > Network Information about the DHCP server activity is accessible via DHCP item. The DHCP server provides automatic configuration of the client devices connected to the device. The DHCP server assigns each device an IP address, subnet mask, default gateway
(IP address of device) and DNS server (IP address of device). DHCPv6 server is supported. To access this page, click Status > DHCP. Figure 3.5 Status > DHCP WISE-6610 Series User Manual 17 3.3.4 IPsec Selecting the IPsec option in the status menu of the web page will bring up the infor-
mation for any IPsec Tunnels that have been established. If the tunnel has been built correctly, the screen will display IPsec SA established (highlighted in red in the figure below.) If there is no such text in log, the tunnel was not created. To access this page, click Status > IPsec. 3.3.5 DynDNS Figure 3.6 Status > IPsec The device supports DynamicDNS using a DNS server on www.dyndns.org. If Dynamic DNS is configured, the status can be displayed by selecting menu option DynDNS. Refer to www.dyndns.org for more information on how to configure a Dynamic DNS client. You can use the following listed servers for the Dynamic DNS service. It is possible to use the DynDNSv6 service with IP Mode switched to IPv6 on DynDNS Configuration page. www.dyndns.org www.spdns.de www.dnsdynamic.org www.noip.com To access this page, click Status > DynDNS. Figure 3.7 Status > DynDNS When the device detects a DynDNS record update, the dialog displays one or more of the following messages:
DynDNS client is disabled. Invalid username or password. Specified hostname doesn't exist. Invalid hostname format. Hostname exists, but not under specified username. No update performed yet. DynDNS record is already up to date. DynDNS record successfully update. DNS error encountered. DynDNS server failure. 18 WISE-6610 Series User Manual 3.3.6 System Log If there are any connection problems you may view the system log by selecting the System Log menu item. Detailed reports from individual applications running in the device will be displayed. Use the Save Log button to save the system log to a connected computer. (It will be saved as a text file with the .log extension.) The Save Report button is used for creating detailed reports. (It will be saved as a text file with the .txt extension. The file will include statistical data, routing and process tables, system log, and configuration.) The default length of the system log is 1000 lines. After reaching 1000 lines a new file is created for storing the system log. After completion of 1000 lines in the second file, the first file is overwritten with a new file. The Syslogd program will output the system log. It can be started with two options to modify its behavior. Option -S followed by decimal number sets the maximal number of lines in one log file. Option -R followed by hostname or IP address enables logging to a remote syslog daemon. (If the remote syslog daemon is Linux OS, there has to be remote logging enabled (typically running syslogd -R). If it's the Windows OS, there has to be syslog server installed, e.g. Syslog Watcher). To start syslogd with these options, the /etc/init.d/syslog script can be modified via SSH or lines can be added into Startup Script (accessible in Configuration section) according to Figure 3.9. To access this page, click Status > System Log. Figure 3.8 Status > System Log The following example (figure) shows how to send syslog information to a remote server at 192.168.2.115 on startup. Figure 3.9 Example Program Syslogd Start with the Parameter -R WISE-6610 Series User Manual 19 3.4 Configuration 3.4.1 LAN To enter the Local Area Network configuration, select the LAN menu item in the Configuration section. LAN Configuration page is divided into IPv4 and IPv6 columns, see Figure 3.10. There is dual stack support of IPv4 and IPv6 protocols - they can run alongside, you can configure either one of them or both. If you configure both IPv4 and IPv6, other network devices will choose the communication protocol. Configuration items and IPv6 to IPv4 differences are described in the tables below. 20 WISE-6610 Series User Manual To access this page, click Configuration > LAN. Figure 3.10 Configuration > LAN Item DHCP Client Description Enables/disables the DHCP client function supporting both IPv4 and IPv6. disabled - The device does not allow automatic allocation of an IP address from a DHCP server in LAN network. enabled - The device allows automatic allocation of an IP address from a DHCP server in LAN network. A fixed IP address of the Ethernet interface. Use IPv4 notation in IPv4 column and IPv6 notation in IPv6 column. Shortened IPv6 notation is supported. IP Address Subnet Mask / Prefix Specifies a Subnet Mask for the IPv4 address. In the IPv6 column, fill in the Prefix for the IPv6 address - number in range 0 to 128. WISE-6610 Series User Manual 21 Item Description Default Gateway DNS Server Specifies the IP address of a default gateway. If filled-in, every packet with the destination not found in the routing table is sent to this IP address. Use proper IP address notation in IPv4 and IPv6 column. Specifies the IP address of the DNS server. When the IP address is not found in the Routing Table, the device forwards the request to DNS server specified here. Use proper IP address notation in IPv4 and IPv6 column. The Default Gateway and DNS Server items are only used if the DHCP Client item is set to disabled and if the Primary or Secondary LAN is selected by the Backup Routes system as the default route. Since FW 5.3.0, Default Gateway and DNS Server are also supported on bridged interfaces. The following items (in the table below) are global for the configured Ethernet interface. Only one bridge can be active on the device at a time. The DHCP Client, IP Address and Subnet Mask / Prefix parameters of the only one of the interfaces are used to for the bridge. Primary LAN has higher priority when other interfaces (wlan0) are added to the bridge. Other interfaces (wlan0 - wifi) can be added to or deleted from an existing bridge at any time. The bridge can be created on demand for such interfaces, but not if it is configured by their respective parameters. Item Bridged Media Type Description Activates/deactivates the bridging function on the device. no - The bridging function is inactive (default). yes - The bridging function is active. Specifies the type of duplex and speed used in the network. Auto-negation - The device automatically sets the best speed and duplex mode of communication according to the network's possibilities. 100 Mbps Full Duplex - The device communicates at 100 Mbps, 100 Mbps Half Duplex - The device communicates at 100 Mbps, 10 Mbps Full Duplex - The device communicates at 10 Mbps, in 10 Mbps Half Duplex - The device communicates at 10 Mbps, in in the full duplex mode. in the half duplex mode. the full duplex mode. the half duplex mode. 3.4.1.1 DHCP Server The DHCP server assigns the IP address, gateway IP address (IP address of the device) and IP address of the DNS server (IP address of the device) to the connected clients. If these values are filled in by the user in the configuration form, they will be preferred. The DHCP server supports static and dynamic assignment of IP addresses. Dynamic DHCP assigns clients IP addresses from a defined address space. Static DHCP assigns IP addresses that correspond to the MAC addresses of connected clients. If IPv6 column is filled in, the DHCPv6 server is used - it is dual stack IPv4 and IPv6. Note!
Do not to overlap ranges of static allocated IP addresses with addresses allocated by the dynamic DHCP server. IP address conflicts and incorrect network function can occur if you overlap the ranges. 22 WISE-6610 Series User Manual Configuration of Dynamic DHCP Server Item Description Enable dynamic DHCP leases IP Pool Start IP Pool End Lease time Select this option to enable a dynamic DHCP server. Starting IP addresses allocated to the DHCP clients. Use proper notation in IPv4 and IPv6 column. End of IP addresses allocated to the DHCP clients. Use proper IP address notation in IPv4 and IPv6 column. Time in seconds that the IP address is reserved before it can be re-
used. Configuration of Static DHCP Server Item Description Enable static DHCP leases Select this option to enable a static DHCP server. MAC Address IPv4 Address IPv6 Address MAC address of a DHCP client. Assigned IPv4 address. Use proper notation. Assigned IPv6 address. Use proper notation. 3.4.1.2 IPv6 Prefix Delegation Note!
This is an advanced configuration option. IPv6 prefix delegation works automatically with DHCPv6 - use only if different configuration is desired and if you know the consequences. If you want to override the automatic IPv6 prefix delegation, you can configure it in this form. You have to know your Subnet ID Width (part of IPv6 address), see Figure 3.11 below for the calculation help - it is an example: 48 bits is Site Prefix, 16 bits is Subnet ID (Subnet ID Width) and 64 bits is Interface ID. Figure 3.11 IPv6 Address with Prefix Example Item Description Enable IPv6 prefix delegation Enables prefix delegation configuration filled-in below. Enable IPv6 prefix delegation The decimal value of the Subnet ID of the Ethernet interface. Maximum value depends on the Subnet ID Width. Subnet ID Width The maximum Subnet ID Width depends on your Site Prefix - it is the remainder to 64 bits. WISE-6610 Series User Manual 23 3.4.1.3 IEEE 802.1X Authentication To prevent unauthorized radios from accessing data transmitting over wireless transmission, WISE-6610 Series provides rock solid security settings. Navigate to Configuration > LAN and locate Enable IEEE 802.1X Authentication. Item Description Enable IEEE 802.1X Authentication Tick the radio button to enable the authentication function. Authentication Method Click the drop-down menu to select the method type. Range: EAP-
PEAP/MSCHAPv2 or EAP-TLS. CA Certificate Enter the trusted digital certificate (required for EAP-PEAP). Local Certificate Enter the self-signed digital certificate (required for EAP-PEAP). Local Private Key Enter the secret key variable used to encrypt or decrypt the transmission. Identity Password Enter the Identity profile authorized to access the authentication server. Enter the string associated with the defined Identity profile in the previous frame. Apply Click Apply to accept the configuration changes. The following are LAN configuration illustrations defining possible network topology. Example 1: IPv4 Dynamic DHCP Server, Default Gateway and DNS Server The range of dynamic allocated IPv4 addresses is from 192.168.1.2 to 192.168.1.4. The address is allocated for 600 second (10 minutes). Default gateway IP address is 192.168.1.20 DNS server IP address is 192.168.1.20 Figure 3.12 IPv4 Dynamic DHCP Network Topology 24 WISE-6610 Series User Manual The settings required in the LAN configuration menu for an IPv4 Dynamic DHCP configuration are shown in the following figure. Figure 3.13 LAN Configuration for a Dynamic Network Typology Example 2: IPv4 Dynamic and Static DHCP server The range of allocated addresses is from 192.168.1.2 to 192.168.1.4. The address is allocated for 600 seconds (10 minutes). The client with the MAC address 01:23:45:67:89:ab has the IP address The client with the MAC address 01:54:68:18:ba:7e has the IP address 192.168.1.10. 192.168.1.11. Figure 3.14 IPv4 Dynamic and Static DHCP Network Topology WISE-6610 Series User Manual 25 The settings required in the LAN configuration menu for an IPv4 Dynamic and Static DHCP configuration are shown in the following figure. Figure 3.15 LAN Configuration for an IPv4 Dynamic and Static DHCP Network Topology Example 3: IPv6 Dynamic DHCP Server The range of dynamic allocated IPv6 addresses is from 2001:db8::1 to 2001:db8::ffff. The address is allocated for 600 second (10 minutes). The device is still accessible via IPv4 (192.168.1.1). Figure 3.16 IPv6 Dynamic DHCP Server Network Topology 26 WISE-6610 Series User Manual Figure 3.17 LAN Configuration for an IPv6 Dynamic DHCP Server Network Topology WISE-6610 Series User Manual 27 3.4.2 NAT To configure the address translation function, click on NAT in the Configuration sec-
tion of the main menu. There is independent IPv4 and IPv6 NAT configuration since there is dual stack IPv4 and IPv6 implemented in the router. The NAT item in the menu on the left will expand to IPv4 and IPv6 options and you can click IPv6 to enable and configure the IPv6 NAT - see Figure below. The configuration fields have the same meaning in the IPv4 NAT Configuration and IPv6 NAT Configuration forms. To access this page, click Configuration > NAT. Figure 3.18 Configuration > NAT The router actually uses Port Address Translation (PAT), which is a method of map-
ping a TCP/UDP port to another TCP/UDP port. The router modifies the information in the packet header as the packets traverse a router. This configuration form allows you to specify up to 16 PAT rules. Item Public Port Private Port Type Description Public port for the translation rule. Private port for the translation rule. Protocol type - TCP or UDP. Server IP Address IP address where the router forwards incoming data. 28 WISE-6610 Series User Manual If you require more than sixteen NAT rules, insert the remaining rules into the Startup Script. The Startup Script dialog is located on Scripts page in the Configuration sec-
tion of the menu. When creating your rules in the Startup Script, use this command for IPv4 NAT:
iptables -t nat -A napt -p tcp -dport [PORT_PUBLIC] -j DNAT
-to-destination [IPADDR]:[PORT_PRIVATE]
Enter the IP address [IPADDR], the public ports numbers [PORT_PUBLIC], and pri-
vate [PORT_PRIVATE] in place of square brackets. For IPv6 NAT use ip6tables com-
mand with same options. If you enable the following options and enter the port number, the router allows you to remotely access to the router from WAN (Mobile WAN) interface. Caution! Enable remote HTTP access on port activates the redirect from HTTP to HTTPS protocol only. The router doesn't allow unsecured HTTP proto-
col to access the web configuration. To access the web configuration, always check the Enable re- mote HTTPS access on port item. Never enable the HTTP item only to access the web configuration from the Internet (configuration would not be accessible from the Internet). Always check the HTTPS item or HTTPS and HTTP items together (to set the redirect from HTTP). Item Description Enable remote HTTP access on port This option sets the redirect from HTTP to HTTPS only (disabled in default configuration). If field and port number are filled in, configuration of the router over web interface is allowed (disabled in default configuration). Enable remote SSH access on port Select this option to allow access to the router using SSH (disabled in default configuration). Select this option to allow access to the router using SNMP (disabled in default configuration). Enable remote HTTPS access on port Enable remote SNMP access on port Masquerade outgoing packets Activates/deactivates the network address translation function. Use the following parameters to set the routing of incoming data from the WAN
(Mobile WAN) to a connected computer. Item Description Send all remaining incoming packets to default server Activates/deactivates forwarding unmatched incoming packets to the default server. The prerequisite for the function is that you specify a default server in the De- fault Server IPv4/IPv6 Address field. The router can for- ward incoming data from a GPRS to a computer with the assigned IP address. Default Server IP Address The IP address. WISE-6610 Series User Manual 29 Example1: IPv4 NAT Configuration with Single Device Connected Figure 3.19 Topology for NAT Configuration Example 1 It is important to mark the Send all remaining incoming packets to default server check box for this configuration. The IP address in this example is the address of the device behind the router. The default gateway of the devices in the subnetwork con-
nected to router is the same IP address as displayed in the Default Server IPv4 Address field. Figure 3.20 NAT Configuration for Example 1 Example 2: IPv4 NAT Configuration with More Equipment Connected In this example, using the switch you can connect more devices behind the router. Every device connected behind the router has its own IP address. Enter the address in the Server IPv4 Address field in the NAT dialog. The devices are communicating on port 80, but you can set port forwarding using the Public Port and Private Port fields in the NAT dialog. You have now configured the router to access the 192.168.1.2:80 socket behind the router when accessing the IP address 10.0.0.1:81 from the Internet. If you send a ping request to the public IP address of the router
(10.0.0.1), the router responds as usual (not forwarding). And since the Send all 30 WISE-6610 Series User Manual remaining incoming packets to default server is inactive, the router denies connection attempts. Figure 3.21 Topology for NAT Configuration Example 2 Figure 3.22 NAT Configuration for Example 2 WISE-6610 Series User Manual 31 3.4.3 OpenVPN Select the OpenVPN item to configure an OpenVPN tunnel. The OpenVPN tunnel function allows you to create a secure connection between two separate LAN networks. The device allows you to create up to four OpenVPN tunnels. IPv4 and IPv6 dual stack is supported. To access this page, click Configuration > OpenVPN. Figure 3.23 Configuration > OpenVPN > 1st Tunnel Item Description Description Specifies the description or name of tunnel. 32 WISE-6610 Series User Manual Item Protocol Description Specifies the communication protocol. UDP - The OpenVPN communicates using UDP. TCP server - The OpenVPN communicates using TCP in server mode. mode. TCP client - The OpenVPN communicates using TCP in client UDPv6 - The OpenVPN communicates using UDP over IPv6. TCPv6 server - The OpenVPN communicates using TCP over TCPv6 client - The OpenVPN communicates using TCP over IPv6 in server mode. IPv6 in client mode. UDP Port Specifies the port of the relevant protocol (UDP or TCP). Remote IP Address Specifies the IPv4, IPv6 address or domain name of the opposite side of the tunnel. Remote Subnet IPv4 address of a network behind opposite side of the tunnel. IPv4 subnet mask of a network behind opposite tunnel's side. Remote Subnet Mask Redirect Gateway Activates/deactivates redirection of data on Layer 2. Local Interface IP Address Specifies the IPv4 address of a local interface. For proper routing it is recommended to fill-in any IPv4 address from local range even if you are using IPv6 tunnel only. Remote Interface IP Address Specifies the IPv4 address of the interface of opposite side of the tunnel. For proper routing it is recommended to fill-in any IPv4 address from local range even if you are using IPv6 tunnel only. Remote IPv6 Subnet Specify the subnet associated with the listed remote interface. Remote IPv6 Subnet Prefix Length IPv6 address and prefix of the remote IPv6 network. Equivalent of the Remote Subnet and Remote Subnet Mask in IPv4 section. Local Interface IPv6 Address Specifies the IPv6 address of a local interface. Remote Interface IPv6 Address Specifies the IPv6 address of the interface of opposite side of the tunnel. Ping Interval Ping Timeout Specifies the IPv6 address of the interface of opposite side of the tunnel. Specifies the time interval the device waits for a message sent by the opposite side. For proper verification of the OpenVPN tunnel, set the Ping Timeout to greater than the Ping Interval. Renegotiate Interval Specifies the renegotiate period (reauthorization) of the OpenVPN tunnel. You can only set this parameter when the Authenticate Mode is set to username/password or X.509 certificate. After this time period, the device changes the tunnel encryption to help provide the continues safety of the tunnel. Max Fragment Size Maximum size of a sent packet. Compression NAT Rules Compression of the data sent:
none - No compression is used. LZO - A lossless compression is used, use the same setting on both sides of the tunnel. Activates/deactivates the NAT rules for the OpenVPN tunnel:
not applied - NAT rules are not applied to the tunnel. applied - NAT rules are applied to the OpenVPN tunnel. WISE-6610 Series User Manual 33 Item Description Authenticate Mode Specifies the authentication mode:
none - No authentication is set. Pre-shared secret - Specifies the shared key function for both sides of the tunnel. Username/password - Specifies authentication using a CA Certificate, Username and Password. X.509 Certificate (multiclient) - Activates the X.509 authentication in multi-client mode. X.509 Certificate (client) - Activates the X.509 authentication in X.509 Certificate (server) - Activates the X.509 authentication in client mode. server mode. Pre-shared Secret Specifies the pre-shared secret which you can use for every authentication mode. CA Certificate DH Parameters Local Certificate Specifies the CA Certificate which you can use for the username/
password and X.509 Certificate authentication modes. Specifies the protocol for the DH parameters key exchange which you can use for X.509 Certificate authentication in the server mode. Specifies the certificate used in the local device. You can use this authentication certificate for the X.509 Certificate authentication mode. Local Private Key Specifies the key used in the local device. You can use the key for the X.509 Certificate authentication mode. Username Password Extra Options Specifies a login name which you can use for authentication in the username/password mode. Specifies a password which you can use for authentication in the username/password mode. Specifies additional parameters for the OpenVPN tunnel, such as DHCP options. The parameters are proceeded by two dashes. For possible parameters see the help text in the device using SSH - run the openvpnd --help command. Example: OpenVPN Tunnel Configuration in IPv4 Network Figure 3.24 Topology of OpenVPN Configuration Example OpenVPN tunnel configuration:
Configuration Protocol UDP Port A UDP 1194 34 B UDP 1194 WISE-6610 Series User Manual Configuration Remote IP Address Remote Subnet Remote Subnet Mask Local Interface IP Address Remote Interface IP Address Compression Authenticate mode A 10.0.0.2 192.168.2.0 255.255.255.0 19.16.1.0 19.16.2.0 LZO none B 10.0.0.1 192.168.1.0 255.255.255.0 19.16.2.0 19.16.1.0 LZO none Examples of different options for configuration and authentication of OpenVPN tunnel can be found in the application note OpenVPN Tunnel [5]. 3.4.4 IPSec To open the Tunnel Configuration page, click in the Configuration section of the main menu. The tunnel function allows you to create a secured connection between two separate LAN networks. The device allows you to create up to four tunnels. IPv4 and IPv6 tunnels are supported (dual stack), you can transport IPv6 traffic through IPv4 tunnel and vice versa. To access this page, click Configuration > IPSec. Note!
To encrypt data between the local and remote subnets, specify the appropriate values in the subnet fields on both devices. To encrypt the data stream between the devices only, leave the local and remote subnets fields blank. Note!
If you specify the protocol and port information in the Local Protocol/Port field, then the device encapsulates only the packets matching the settings. WISE-6610 Series User Manual 35 Figure 3.25 Configuration > 1st Tunnel 36 WISE-6610 Series User Manual Item Description Description Host IP Mode Name or description of the tunnel. IPv4 - The device communicates via IPv4 with the opposite side IPv6 - The device communicates via IPv4 with the opposite side of the tunnel. of the tunnel. Remote IP Address Tunnel IP Mode Remote ID Remote Subnet Remote Subnet Mask Remote Protocol/
Port Local ID Local Subnet IPv4, IPv6 address or domain name of the remote side of the tunnel, based in the Host IP Mode above. IPv4 - The IPv4 communication runs inside the tunnel. IPv6 - The IPv6 communication runs inside the tunnel. Identifier (ID) of remote side of the tunnel. It consists of two parts: a hostname and a domain-name. IPv4 or IPv6 address of a network behind remote side of the tunnel, based on Tunnel IP Mode above. IPv4 subnet mask of a network behind remote side of the tunnel, or IPv6 prefix (single number 0 to 128). Specifies Protocol/Port of remote side of the tunnel. The general form is protocol /port, for example 17/1701 for UDP (protocol 17) and port 1701. It is also possible to enter only the number of protocol, however, the above mentioned format is preferred. Identifier (ID) of local side of the tunnel. It consists of two parts: a hostname and a domain-name. IPv4 or IPv6 address of a local network, based on Tunnel IP Mode above. First Local Subnet Mask IPv4 subnet mask of a local network, or IPv6 prefix (single number 0 to 128). Local Protocol/Port Specifies Protocol/Port of a local network. The general form is protocol /port, for example 17/1701 for UDP (protocol 17) and port 1701. It is also possible to enter only the number of protocol, however, the above mentioned format is preferred. Encapsulation Mode Specifies the mode, according to the method of encapsulation. You can select the tunnel mode in which the entire IP datagram is encapsulated or the transport mode in which only IP header is encapsulated. Force NAT Traversal Enable/disables NAT address translation on the tunnel. Enable if you IKE Protocol IKE Mode use NAT between the end points of the tunnel. Click the drop-down menu to select to define a protocol (IKEv1/IKEv2, IKEv1, or IKEv2). IKE Phase 1 is ISAKMP (Internet Security Association and Key Management Protocol), which is used to create private tunnelling between peers for a secure communication. Specifies the mode for establishing a connection (main or aggressive). If you select the aggressive mode, then the device establishes the tunnel faster, but the encryption is permanently set to 3DES-MD5. We recommend that you not use the aggressive mode due to lower security!
IKE Algorithm Specifies the means by which the device selects the algorithm:
auto - The encryption and hash algorithm are selected manual - The encryption and hash algorithm are defined by the automatically. user. IKE Encryption Encryption algorithm - 3DES, AES128, AES192, AES256. IKE Hash Hash algorithm - MD5, SHA1, SHA256, SHA384 or SHA512. WISE-6610 Series User Manual 37 Item Description IKE DH Group Specifies the Diffie-Hellman groups which determine the strength of the key used in the key exchange process. Higher group numbers are more secure, but require more time to compute the key. ESP Algorithm Specifies the means by which the device selects the algorithm:
auto - The encryption and hash algorithm are selected manual - The encryption and hash algorithm are defined by the automatically. user. ESP Encryption Encryption algorithm - DES, 3DES, AES128, AES192, AES256. PFS DH Group Specifies the Diffie-Hellman group number (see IKE DH Group). ESP Hash PFS Key Lifetime IKE Lifetime Rekey Margin Hash algorithm - MD5, SHA1, SHA256, SHA384 or SHA512. Enables/disables the Perfect Forward Secrecy function. The function ensures that derived session keys are not compromised if one of the private keys is compromised in the future. Lifetime key data part of tunnel. The minimum value of this parameter is 60 s. The maximum value is 86400 s. Lifetime key service part of tunnel. The minimum value of this parameter is 60 s. The maximum value is 86400 s. Specifies how long before a connection expires that the device attempts to negotiate a replacement. Specify a maximum value that is less than half of IKE and Key Lifetime parameters. Rekey Fuzz DPD Delay Percentage of time for the Rekey Margin extension. Time after which the tunnel functionality is tested. DPD Timeout The period during which device waits for a response. Authenticate Mode Specifies the means by which the device authenticates:
Pre-shared key - Sets the shared key for both sides of the X.509 Certificate - Allows X.509 authentication in multiclient tunnel. mode. Pre-shared Key Specifies the shared key for both sides of the tunnel. The prerequisite for entering a key is that you select pre-shared key as the authentication mode. CA Certificate Certificate for X.509 authentication. Remote Certificate Certificate for X.509 authentication. Local Certificate Certificate for X.509 authentication. Local Private Key Private key for X.509 authentication. Local Passphrase Passphrase used during private key generation. Debug Choose the level of verbosity to System Log. Silent (default), audit, control, control-more, raw, private (most verbose including the private keys). See strongSwan documentation for more details. The function supports the following types of identifiers (ID) for both sides of the tunnel, Remote ID and Local ID parameters:
IP address (for example, 192.168.1.1) DN (for example, C=CZ, O=CompanyName, OU=TP, CN=A) FQDN (for example, @director.companyname.cz) - the @ symbol proceeds the FQDN. User FQDN (for example, director@companyname.cz) The certificates and private keys have to be in the PEM format. Use only certificates containing start and stop tags. The random time, after which the device re-exchanges new keys is defined as follows:
38 WISE-6610 Series User Manual Lifetime - (Rekey margin + random value in range (from 0 to Rekey margin *
Rekey Fuzz/100)) The default exchange of keys is in the following time range:
Minimal time: 1h - (9m + 9m) = 42m Maximal time: 1h - (9m + 0m) = 51m We recommend that you maintain the default settings. When you set key exchange times higher, the tunnel produces lower operating costs, but the setting also provides less security. Conversely, when you reducing the time, the tunnel produces higher operating costs, but provides for higher security. The changes in settings will apply after clicking the Apply button. Example: Tunnel Configuration in IPv4 Network Figure 3.26 Topology of Configuration Example tunnel configuration:
Configuration Host IP Mode Remote IP Address Tunnel IP Mode Remote Subnet Remote Subnet Mask Local Subnet Local Subnet Mask Authenticate mode Pre-shared key A IPv4 10.0.0.2 IPv4 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 pre-shared key test B IPv4 10.0.0.1 IPv4 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 pre-shared key test Examples of different options for configuration and authentication of tunnel can be found in the application note Tunnel [6]. 3.4.5 GRE Note! GRE is an unencrypted protocol. GRE via IPv6 is not supported. To open the GRE Tunnel Configuration page, click GRE in the Configuration section of the main menu. The GRE tunnel function allows you to create an unencrypted WISE-6610 Series User Manual 39 connection between two separate LAN networks. The device allows you to create four GRE tunnels. To access this page, click Configuration > GRE. Figure 3.27 Configuration > GRE > 1st Tunnel Item Description Description Description of the GRE tunnel. Remote IP Address IP address of the remote side of the tunnel. Remote Subnet IP address of the network behind the remote side of the tunnel. Remote Subnet Mask Local Interface IP Address Remote Interface IP Address Multicasts Pre-shared Key Specifies the mask of the network behind the remote side of the tunnel. IP address of the local side of the tunnel. IP address of the remote side of the tunnel. Activates/deactivates sending multicast into the GRE tunnel:
disabled - Sending multicast into the tunnel is inactive. enabled - Sending multicast into the tunnel is active. Specifies an optional value for the 32 bit shared key in numeric format, with this key the device sends the filtered data through the tunnel. Specify the same key on both devices, otherwise the device drops received packets. Note!
The GRE tunnel does not pass through NAT. The changes in settings will apply after pressing the Apply button. 40 WISE-6610 Series User Manual Example: GRE Tunnel Configuration Figure 3.28 Topology of GRE Tunnel Configuration Example GRE tunnel configuration:
Configuration Remote IP Address Remote Subnet Remote Subnet Mask A 10.0.0.2 192.168.2.0 255.255.255.0 B 10.0.0.1 192.168.1.0 255.255.255.0 Examples of different options for configuration of GRE tunnel can be found in the application note GRE Tunnel [7]. 3.4.6 L2TP Note!
L2TP is an unencrypted protocol. L2TP via IPv6 is not supported. To open the L2TP Tunnel Configuration page, click L2TP in the Configuration section of the main menu. The L2TP tunnel function allows you to create a password protected connection between 2 LAN networks. The device activates the tunnels after you mark the Create L2TP tunnel check box. WISE-6610 Series User Manual 41 To access this page, click Configuration > L2TP. Figure 3.29 Configuration > L2TP Item Mode Description Specifies the L2TP tunnel mode on the device side:
L2TP server - Specify an IP address range offered by the server. L2TP client - Specify the IP address of the server. IP address of the server. IP address to start with in the address range. The range is offered by the server to the clients. The last IP address in the address range. The range is offered by the server to the clients. Server IP Address Client Start IP Address Client End IP Address Remote Subnet Mask Username Password Local IP Address IP address of the local side of the tunnel. Remote IP Address IP address of the remote side of the tunnel. Remote Subnet Address of the network behind the remote side of the tunnel. The mask of the network behind the remote side of the tunnel. Username for the L2TP tunnel login. Password for the L2TP tunnel login. Example: L2TP Tunnel Configuration Figure 3.30 Topology of L2TP Tunnel Configuration Example 42 WISE-6610 Series User Manual Configuration of the L2TP tunnel:
Configuration Mode Server IP Address Client Start IP Address Client End IP Address Local IP Address Remote IP Address Remote Subnet Remote Subnet Mask Username Password 3.4.7 PPTP A N/A L2TP Server 192.168.2.5 192.168.2.254 192.168.1.1 N/A 192.168.2.0 255.255.255.0 username password L2TP Client 10.0.0.1 B N/A N/A N/A N/A 192.168.1.0 255.255.255.0 username password Note!
PPTP is an unencrypted protocol. PPTP via IPv6 is not supported. Select the PPTP item in the menu to configure a PPTP tunnel. PPTP tunnel allows password protected connections between two LANs. It is similar to L2TP. The tunnels are active after selecting Create PPTP tunnel. To access this page, click Configuration > PPTP. Figure 3.31 Configuration > PPTP Item Mode Description server. Specifies the L2TP tunnel mode on the device side:
PPTP server - Specify an IP address range offered by the Server IP Address PPTP client - Specify the IP address of the server. IP address of the server. Local IP Address IP address of the local side of the tunnel. Remote IP Address IP address of the remote side of the tunnel. Remote Subnet Address of the network behind the remote side of the tunnel. The mask of the network behind the remote side of the tunnel. Remote Subnet Mask WISE-6610 Series User Manual 43 Item Username Password Description Username for the PPTP tunnel login. Password for the PPTP tunnel login. The changes in settings will apply after pressing the Apply button. The firmware also supports PPTP pass through, which means that it is possible to create a tunnel through the device. Example: PPTP Tunnel Configuration Figure 3.32 Topology of PPTP Tunnel Configuration Example Configuration of the PPTP tunnel:
Configuration Mode Server IP Address Local IP Address Remote IP Address Remote Subnet Remote Subnet Mask Username Password 3.4.8 Services 3.4.8.1 DynDNS A N/A PPTP Server 192.168.1.1 192.168.2.1 192.168.2.0 255.255.255.0 username password PPTP Client 10.0.0.1 B N/A N/A 192.168.1.0 255.255.255.0 username password The DynDNS function allows you to access the device remotely using an easy to remember custom hostname. This DynDNS client monitors the IP address of the device and updates the address whenever it changes. In order for DynDNS to function, you require a public IP address, either static or dynamic, and an active Remote Access service account at www.dyndns.org. Register the custom domain
(third-level) and account information specified in the configuration form. You can use other services, too - see the table below, Server item. To open the DynDNS Configuration page, click DynDNS in the main menu. 44 WISE-6610 Series User Manual To access this page, click Configuration > Services > DynDNS. Item Hostname Username Password IP Mode Server Figure 3.33 Configuration > Services > DynDNS Description The third order domain registered on the www.dyndns.org server. Username for logging into the DynDNS server. Password for logging into the DynDNS server. Specifies a DynDNS service other than the www.dyndns.org. Possible other services: www.spdns.de, www.dnsdynamic.org, www.noip.com. Enter the update server service information in this field. If you leave this field blank, the default server members.dyndns.org will be used. Specifies the version of IP protocol:
IPv4 - IPv4 protocol is used only (default). IPv6 - IPv6 protocol is used only. IPv4/IPv6 - IPv4 and IPv6 dual stack is enabled. Example: DynDNS client configuration with the domain company.dyndns.org:
Figure 3.34 DynDNS Configuration Example WISE-6610 Series User Manual 45 3.4.8.2 HTTP To access this page, click Configuration > Services > HTTP. Figure 3.35 Configuration > Services > HTTP Item Description Enable HTTP service Click the check box to set up Ethernet encapsulation (remote access) through HTTP function. Click the check box to set up Ethernet encapsulation over HTTPS. Enter the variable in minutes to define the timeout period for the session. Apply Click Apply to save the values. Enable HTTPS service Session Timeout 3.4.8.3 NTP The NTP configuration form allows you to configure the NTP client. To open the NTP page, click NTP in the Configuration section of the main menu. NTP (Network Time Protocol) allows you to periodically set the internal clock of the device. The time is set from servers that provide the exact time to network devices. IPv6 Time Servers are supported. If you mark the Enable local NTP service check box, then the device acts as a NTP server for other devices in the local network (LAN). If you mark the Synchronize clock with NTP server check box, then the device acts as a NTP client. This means that the device automatically adjusts the internal clock every 24 hours. To access this page, click Configuration > Services > NTP. Figure 3.36 Configuration > Services > NTP Item Description Primary NTP Server IPv4 address, IPv6 address or domain name of primary NTP server. Secondary NTP Server IPv4 address, IPv6 address or domain name of secondary NTP server. Timezone Specifies the time zone where you installed the device. Daylight Saving Time Activates/deactivates the DST shift. No - The time shift is inactive. Yes - The time shift is active. 46 WISE-6610 Series User Manual The figure below displays an example of a NTP configuration with the primary server set to ntp.cesnet.cz and the secondary server set to tik.cesnet.cz and with the automatic change for daylight saving time enabled. Figure 3.37 Example of NTP Configuration 3.4.8.4 SNMP The SNMP page allows you to configure the SNMP v1/v2 or v3 agent which sends information about the device (and its expansion ports) to a management station. To open the SNMP page, click SNMP in the Configuration section of the main menu. SNMP (Simple Network Management Protocol) provides status information about the network elements such as devices or endpoint computers. In the version v3, the communication is secured (encrypted). To enable the SNMP service, mark the Enable the SNMP agent check box. Sending SNMP traps to IPv6 address is supported. To access this page, click Configuration > Services > SNMP. Figure 3.38 Configuration > Services > SNMP Item Name Description Designation of the device. WISE-6610 Series User Manual 47 Item Location Contact Description Location of where you installed the device. Person who manages the device together with information how to contact this person. To enable the SNMPv1/v2 function, mark the Enable SNMPv1/v2 access check box. It is also necessary to specify a password for access to the Community SNMP agent. The default setting is public. You can define a different password for the Read community (read only) and the Write community (read and write) for SNMPv1/v2. You can also define 2 SNMP users for SNMPv3. You can define a user as read only (Read), and another as read and write (Write). The device allows you to configure the parameters in the following table for every user separately. The device uses the parameters for SNMP access only. To enable the SNMPv3 function, mark the Enable SNMPv3 access check box, then specify the following parameters:
Description User name Item Username Authentication Authentication Password Privacy Encryption algorithm on the Authentication Protocol that is used to verify the identity of the users. Password used to generate the key used for authentication. Encryption algorithm on the Privacy Protocol that is used to ensure confidentiality of data. Privacy Password Password for encryption on the Privacy Protocol. Activating the Enable I/O extension function allows you monitor the binary I/O inputs on the device. Selecting Enable M-BUS extension and entering the Baudrate, Parity and Stop Bits lets you monitor the meter status connected to the expansion port MBUS status. Selecting Enable reporting to supervisory system and entering the IP Address and Period lets you send statistical information to the monitoring system, R-SeeNet. Item IP Address Period Description IPv4 or IPv6 address. Period of sending statistical information (in minutes). Each monitored value is uniquely identified using a numerical identifier OID - Object Identifier. This identifier consists of a progression of numbers separated by a point. The shape of each OID is determined by the identifier value of the parent element and then this value is complemented by a point and current number. So it is obvious 48 WISE-6610 Series User Manual that there is a tree structure. The following figure displays the basic tree structure that is used for creating the OIDs. Figure 3.39 OID Basic Structure The SNMP values that are specific for Conel devices create the tree starting at OID =
.1.3.6.1.4.1.30140. You interpret the OID in the following manner:
iso.org.dod.internet.private.enterprises.conel This means that the device provides for example, information about the internal temperature (OID 1.3.6.1.4.1.248.40.1.3.3) or about the power voltage (OID 1.3.6.1.4.1.248.40.1.3.4). For binary inputs and output, the following range of OID is used:
OID Description
.1.3.6.1.4.1.30140.2.3.1.0 Binary input BIN0 (values 0,1)
.1.3.6.1.4.1.30140.2.3.2.0 Binary output OUT0 (values 0,1)
.1.3.6.1.4.1.30140.2.3.3.0 Binary input BIN1 (values 0,1) WISE-6610 Series User Manual 49 The list of available and supported OIDs and other details can be found in the application note SNMP Object Identifier [8]. Figure 3.40 SNMP Configuration Example Figure 3.41 MIB Browser Example In order to access a particular device enter the IP address of the SNMP agent which is the device, in the Remote SNMP agent field. The dialog displayed the internal variables in the MIB tree after entering the IP address. Furthermore, you can find the status of the internal variables by entering their OID. 50 WISE-6610 Series User Manual The path to the objects is:
iso ? org ? dod ? internet ? private ? enterprises ? conel ? protocols The path to information about the device is:
iso ? org ? dod ? internet ? mgmt ? mib-2 ? system 3.4.8.5 SMTP Use the SMTP form to configure the Simple Mail Transfer Protocol client (SMTP) for sending e-mails. IPv6 e-mail servers are supported. To access this page, click Configuration > Services > SMTP. Figure 3.42 Configuration > Services > SMTP Item Description SMTP Server Address SMTP Port Secure Method Username Password IPv4 address, IPv6 address or domain name of the mail server. Port the SMTP server is listening on. None, SSL/TLS, or STARTTLS. Secure method has to be supported by the SMTP server. Name for the e-mail account. Password for the e-mail account. The password can contain the following special characters * + , - . / : = ? ! # % [ ] _ { } ~
The following special characters are not allowed: " $ & ' ( ) ; < >
Own Email Address Address of the sender. The mobile service provider can block other SMTP servers, then you can only use the SMTP server of the service provider. Figure 3.43 SMTP Client Configuration Example You can send e-mails from the Startup script. The Startup Script dialog is located in Scripts in the Configuration section of the main menu. The device also allows you to send e-mails using an SSH connection. Use the email command with the following parameters:
-t: e-mail address of the receiver
-s: subject, enter the subject in quotation marks
-m: message, enter the subject in quotation marks
-a: attachment file WISE-6610 Series User Manual 51
-r: number of attempts to send e-mail (default setting: 2) Note!
Commands and parameters can be entered only in lowercase. Example: Sending an e-mail:
email -t john@doe.com -s "System Log" -m "Attached" -a /var/log/messages The command above sends an e-mail to address john@doe.com with the subject
"System Log", body message "Attached" and attachment messages file with System Log of the device directly from the directory /var/log/. 3.4.8.6 SSH To access this page, click Configuration > Services > SSH. Figure 3.44 Configuration > Services > SSH Item Description Enable SSH service Click the check box to set up Ethernet encapsulation (remote access) through the Secure Shell (SSH) function. Session Timeout Enter the variable in minutes to define the timeout period for the session. Apply Click Apply to save the values. 3.4.9 Scripts There is possibility to create your own shell scripts executed in the specific situations. Go to the Scripts page in the Configuration section in the menu. The menu item will expand and there are Startup Script, Up/Down IPv4 and Up/Down IPv6 scripts you can use - there is IPv4 and IPv6 independent dual stack. For more examples of Scripts and possible commands see the Application Note Commands and Scripts [1]. To access this page, click Configuration > Scripts. 3.4.9.1 Startup Script Use the Startup Script window to create your own scripts which will be executed after all of the initialization scripts are run - right after the device is turned on or rebooted. The changes in settings will apply after pressing the Apply button. To access this page, click Configuration > Scripts > Startup Script. Note!
Any changes to the Startup Script will take effect the next time the device is power cycled or rebooted. This can be done with the Reboot button in the Administration section, or by SMS message. 52 WISE-6610 Series User Manual Example: Startup Script Figure 3.45 Example of a Startup Script When the device starts up, stop syslogd program and start syslogd with remote logging on address 192.168.2.115 and limited to 100 entries. Add these lines to the Startup Script:
killall syslogd syslogd -R 192.168.2.115 -S 100 3.4.9.2 Up/Down Scripts Use the Up/Down IPv4 and Up/Down IPv6 page to create scripts executed when the Mobile WAN connection is established (up) or lost (down). There is independent IPv4 and IPv6 dual stack implemented in the device, so there is independent IPv4 and IPv6 Up/Down script. IPv4 Up/Down Script runs only on the IPv4 WAN connection established/lost, IPv6 Up/Down Script runs only on the IPv6 WAN connection established/lost. Any scripts entered into the Up Script window will run after a WAN connection is established. Script commands entered into the Down Script window will run when the WAN connection is lost. The changes in settings will apply after pressing the Apply button. Also you need to reboot the device to make Up/Down Script work. To access this page, click Configuration > Scripts > Up/Down IPv4 or Up/Down IPv6. WISE-6610 Series User Manual 53 Example: IPv6 Up/Down Script 3.4.10 Automatic Update Figure 3.46 Example of IPv6 Up/Down Script After establishing or losing an IPv6 WAN connection (connection to mobile network), the device sends an email with information about the connection state. It is necessary to configure SMTP before. Add this line to the Up Script field:
email -t name@domain.com -s "Router" -m "Connection up."
Add this line to the Down Script field:
email -t name@domain.com -s "Router" -m "Connection down."
Use the Automatic Update menu to configure the automatic update settings. The device can be configured to automatically check for firmware and configuration updates from a HTTP(S) or FTP(S) server. IPv6 sites/servers are supported. Used protocol is specified by an address in Base URL field: HTTP, HTTPS, FTP or FTPS. To prevent possible unwanted manipulation of the files, the device verifies that the downloaded file is in the tar.gz format. At first, the format of the downloaded file is checked. Then the type of architecture and each file in the archive (tar.gz file) is checked. If the Enable automatic update of configuration option is selected, the device will check if there is a configuration file on the remote server, and if the configuration in the file is different than its current configuration, it will update its configuration to the new settings and reboot. If the Enable automatic update of firmware option is checked, the device will look for a new firmware file and update its firmware if necessary. 54 WISE-6610 Series User Manual To access this page, click Configuration > Automatic Update. Item Base URL Unit ID Update Hour Figure 3.47 Configuration > Automatic Update Description Base URL, IPv4 or IPv6 address from which the configuration file will be downloaded. This option also specifies the communication protocol
(HTTP, HTTPS, FTP or FTPS), see examples below. Name of configuration (name of the file without extension). If the Unit ID is not filled, the MAC address of the device is used as the filename
(the delimiter colon is used instead of a dot.) Use this item to set the hour (range 1-24) when the automatic update will be performed every day. If the time is not specified, automatic update is performed five minutes after turning on the device and then every 24 hours. If the detected configuration file is different from the running one, it is downloaded and the device is restarted automatically. The configuration file name consists of Base URL, hardware MAC address of ETH0 interface and cfg extension. Hardware MAC address and cfg extension are added to the file name automatically and it isn't necessary to enter them. When the parameter Unit ID is enabled, it defines the concrete configuration name which will be downloaded to the device, and the hardware MAC address in the configuration name will not be used. The firmware file name consists of Base URL, type of device and bin extension. For the proper firmware filename, see the Update Firmware page in Administration section - it us written out there. See Update Firmware on page 66. Note!
It is necessary to load two files (.bin and .ver) to the HTTP/FTP server. If only the .bin file is uploaded and the HTTP server sends the incorrect answer of 200 OK (instead of the expected 404 Not Found) when the device tries to download the nonexistent .ver file, then there is a risk that the device will download the .bin file over and over again. Note!
Firmware update can cause incompatibility with the user modules. It is recommended that you update user modules to the most recent version. Information about the user modules and the firmware compatibility is at the beginning of the user module's Application Note. WISE-6610 Series User Manual 55 Example 1: Automatic Update In the following example the device checks for new firmware or configuration file each day at 1:00 a.m. An example is given for the WISE-6610 Series device. Firmware file: http://example.com/SPECTRE-v3L-LTE.bin Configuration file:http://example.com/test.cfg Figure 3.48 Example of Automatic Update 1 Example 2: Automatic Update Based on MAC In the following example the device checks for new firmware or configuration each day at 1:00 a.m. An example is given for the WISE-6610 Series device with MAC address 00:11:22:33:44:55. Firmware file: http://example.com/SPECTRE-v3L-LTE.bin Configuration file: http://example.com/00.11.22.33.44.55.cfg Figure 3.49 Example of Automatic Update 2 3.5 Customization 3.5.1 Adding a Module You may run custom software programs in the device to enhance the features of the device. Use the User Modules menu item to add new software modules to the device, to remove them, or to change their configuration. Use the Browse button to select the user module (compiled module has tgz extension). Use the Add button to add a user module. To access this page, click User Modules (located under Customization). The new module appears in the list of modules on the same page. If the module contains an index.html or index.cgi page, the module name serves as a link to this page. The module can be deleted using the Delete button. Updating a module is done the same way. Click the Add button and the module with the higher (newer) version will replace the existing module. 56 WISE-6610 Series User Manual Programming and compiling of modules is described in the Application Note Programming of User Modules [10]. Figure 3.50 User Modules Item Description MODBUS TCP2RTU Provides a conversion of MODBUS TCP/IP protocol to MDBUS RTU protocol, which can be operated on the serial line. Easy VPN client Provides secure connection of LAN network behind our device with LAN network behind CISCO device. NMAP Enables TCP and UDP scan. Daily Reboot Enables daily reboot of the device at the specified time. HTTP Authentication Adds the process of authentication to a server that doesn't provide HTTP Authentication Adds support of dynamic protocols. this service. PIM SM WMBUS Concentrator pduSMS Pinger Adds support of multicast routing protocol PIM-SM. Enable the reception of messages from WMBUS meters and saves contents of these messages to an XML file. Sends short messages (SMS) to specified number. Allows you to manually or automatically verify the functionality of the connection between two network interfaces (ping). IS-IS Adds support of IS-IS protocol. Note!
In some cases the firmware update can cause incompatibility with installed user modules. Some of them are dependent on the version of the Linux kernel (for example SmsBE and PoS Configuration). It is best to update user modules to the most recent version. Information about the user module and the firmware compatibility is at the beginning of the user module's Application Note. WISE-6610 Series User Manual 57 3.5.1.1 MQTT and LoRaWAN To access the gateway configuration page, navigate to Customization and click User Modules > LoRaWAN Gateway > MQTT and LoRaWAN. Figure 3.51 User Modules > LoRaWAN Gateway > MQTT and LoRaWAN Item Description LoRaWAN Radio Setting Model Name Enter the model name. LoRaWAN Radio Enable Click the drop-down menu to enable the radio channel and corresponding settings. Radio 0 Main Frequency(KHz) Radio 1 Main Frequency(KHz) Quick Setup Enter the frequency setting for the interface. Enter the frequency setting for the interface. Click to enter the Quick Setup menu enabling the selection of pre-
configured region-specific, radio frequency settings. LoRaWAN Gateway Setting LoRaWAN Gateway Identifier Backup Enable Backup Database Interval LoRaWAN Network Server Setting Displays the gateway identifier for the remote LoRa network server. Click the drop-down menu to enable (default: Off) the LoRaWAN backup feature. Set the backup frequency, setting: 5 to 60 minutes. LoRaWAN Network Server Enable Click the drop-down menu to disable the LoRaWAN network server
(default: On). Enter a variable (1 to 65535) to designate the listening port. LoRaWAN Server Listen Port LoRaWAN Network Server HTTP Port LoRaWAN Network Server HTTPS Port Enter a variable (1 to 65535) to designate the HTTP port. Enter a variable (1 to 65535) to designate the HTTPS port. 58 WISE-6610 Series User Manual Item Description LoRaWAN Web Username LoRaWAN Web Password LoRaWAN Network Server HTTPS Enable Enter an identifier used to access the Web user interface for the LoRaWAN network server. Enter the corresponding password to the set LoRaWAN Web username. Click the drop-down menu to enable the HTTPS service (default: Off). Update Database Click to upload an existing server database. Download Database Click to upload the current server database. In the ensuing screen, click Download to save the database to a local drive. Click to reset the current server database. In the ensuing screen, click to reset the database to its factory default. Factory Reset MQTT Broker MQTT Bridge MQTT Bridge Address MQTT Bridge Password MQTT Broker Enable Click the drop-down menu to enable or disable local MQTT broker. MQTT Broker Port Enter a value to specify the port of MQTT broker (default: 1883). MQTT Bridge Enable Click the drop-down menu to enable or disable bridging to a remote MQTT broker. MQTT Bridge Port Enter a value to specify the port of MQTT bridge (default: 1883). Enter a value to specify the bridge address of the MQTT bridge. MQTT Bridge User Enter the name of the MQTT bridge user. Enter the character set for the define password type.u MQTT Bridge Client Identifier With MQTT and LoRa configured, pair and modify the node settings, see Node Control. Advantech Application Server Setting Application Server Enable Click the drop-down menu to enable the local Application server
(default: Off). Application Server Connect MQTT Address Enter the private network address to allow bidirectional sending and receiving of messages. Application Server Connect MQTT Port Enter a port designation to associate with the previously defined network address. MQTT User Enter an identifier used to access the remote MQTT broker. MQTT Password Enter the password associated with the MQTT user listed previously. Uplink Topic Downlink Topic Enter a string identifier to describe the MQTT broker, uplink, subscription topic. Enter a string identifier to describe the MQTT broker, downlink, subscription topic. Save Restore Click Save to save the values. Click Restore to restore the values. With MQTT and LoRa configured, pair and modify the node settings, see Node Control. 3.5.1.2 Licenses To download the LoRa license, click the Licenses on the Router menu. WISE-6610 Series User Manual 59 3.5.1.3 LoRaWAN Status The LoRaWAN Status menu displays specific information pertaining to the basic and channel settings of the LoRaWAN Gateway. To access the page use the following guidelines:
1. 2. 3. From the LoRaWAN router, Customization menu, click User Modules. In User Modules, click the LoRaWAN Gateway link. The LoRaWAN Gateway Settings menu displays. Under Router menu, click LoRaWAN Status. The LoRaWAN Gateway Settings menu displays listing Basic, Channel, and Live Up Stream status information. Figure 3.52 User Modules > LoRaWAN Gateway > LoRaWAN Status 60 WISE-6610 Series User Manual 3.5.1.4 LoRaWAN Server The LoRaWan Server is a ready-to-use solution, which includes a web-based user interface, providing the components needed to build networks. To access this page, click User Modules > LoRaWAN Gateway > LoRaWAN Server. Figure 3.53 User Modules > LoRaWAN Gateway > LoRaWAN Server WISE-6610 Series User Manual 61 3.5.1.5 LoRaWAN Server (https) Enable the LoRaWAN Network Server HTTPS Enable function under MQTT and LoRaWAN to access the website through https. To access this page, click User Modules > LoRaWAN Gateway > LoRaWAN Server (https). Figure 3.54 User Modules > LoRaWAN Gateway > LoRaWAN Server (https) 3.5.1.6 Advantech Application To access this page, click User Modules > LoRaWAN Gateway > Advantech Application. For more details, see Changing the Raw LoRa Data Format on page 86. Figure 3.55 User Modules > LoRaWAN Gateway > Advantech Application 3.5.1.7 Return to Router The main menu is accessible through the Return to Router function. To return the WISE-6610 Series to the main menu, click Customization > User Modules >
LoRaWAN Gateway > Return to Router. 62 WISE-6610 Series User Manual 3.6 Administration 3.6.1 Users Note!
This configuration function is only available for users assigned the admin role!
To assign roles and manage user accounts open the Users form in the Administration section of the main menu. The first frame of this configuration form contains an overview of available users. The table below describes the meaning of the buttons in this frame. To access this page, click Administration > Users. Figure 3.56 Administration > Users Item Lock Description Locks the user account. This user is not allowed to log in to the device, neither web interface nor SSH. Change Password Allows you to change the password for the corresponding user. Delete Deletes the corresponding user account. Warning!
If you lock every account with the permission role Admin, you can not unlock these accounts. This also means that the Users dialog is unavailable for every user, because every admin account is locked and the users do not have sufficient permissions. The second block contains configuration form which allows you to add new user. All items are described in the table below. Item Role Username Password Description Specifies the type of user account:
User: User with basic permissions. Admin: User with full permissions. Specifies the name of the user allowed to log in the device. Specifies the password for the corresponding user. Confirm Password Confirms the password you specified above. Note! Ordinary users are not able to access device via Telnet, SSH or SFTP. Read only FTP access is allowed for these users. WISE-6610 Series User Manual 63 3.6.2 Change Profile In addition to the standard profile, up to three alternate device configurations or profiles can be stored in device's non-volatile memory. You can save the current configuration to a device profile through the Change Profile menu item. Select the alternate profile to store the settings to and ensure that the Copy settings from current profile to selected profile box is checked. The current settings will be stored in the alternate profile after the Apply button is pressed. Any changes will take effect after restarting device through the Reboot menu in the web administrator or using an SMS message. To access this page, click Administration > Change Profile. Example: Using Profiles Profiles can be used to switch between different modes of operation of the device such as PPP connection, VPN tunnels, etc. It is then possible to switch between these settings using the front panel binary input, an SMS message, or Web interface of the device. Figure 3.57 Administration > Change Profile 3.6.3 Change Password Use the Change Password configuration form in the Administration section of the main menu for changing your password used to log on the device. Enter the new password in the New Password field, confirm the password using the Confirm Password field, and press the Apply button. To access this page, click Administration > Change Password. Warning! The default password of the device is root for the root user. To maintain the security of your network change the default password. You can not enable remote access to the device for example, in NAT, until you change the password. Figure 3.58 Administration > Change Password 64 WISE-6610 Series User Manual 3.6.4 Set Real Time Clock You can set the internal clock directly using the Set Real Time Clock dialog in the Administration section of in the main menu. You can set the Date and Time manually. When entering the values manually use the format yyyy-mm-dd as seen in the figure below. You can also adjust the clock using the specified NTP server. IPv4, IPv6 address or domain name is supported. After you enter the appropriate values, click the Apply button. To access this page, click Administration > Set Real Time Clock. Figure 3.59 Administration > Set Real Time Clock 3.6.5 Backup Configuration You can save the configuration of the device using the Backup Configuration function. If you click on Backup Configuration in the Administration section of the main menu, then the device allows you to select a directory in which the device saves the configuration file. 3.6.6 Restore Configuration You can restore a configuration of the device using the Restore Configuration form. To navigate to the directory containing the configuration file (.cfg) you wish to load on the device, use the Browse button. To access this page, click Administration > Restore Configuration. Figure 3.60 Administration > Restore Configuration WISE-6610 Series User Manual 65 3.6.7 Update Firmware Select the Update Firmware menu item to view the current device firmware version and load new firmware into the device. There is current firmware version and firmware filename written out. When loading the new firmware, it has to have this name. To load new firmware, browse to the new firmware file and press the Update button to begin the update. Warning! Do not turn off the device during the firmware update. The firmware update can take up to five minutes to complete. Always use the filename written out as Firmware Name when updating the firmware. To access this page, click Administration > Update Firmware. Figure 3.61 Administration > Update Firmware During the firmware update, the device will show the following messages. The progress is shown in the form of adding dots ('.'). After the firmware update, the device will automatically reboot. Note!
Uploading firmware intended for a different device can cause damage to the device. Starting with FW 5.1.0, a mechanism to prevent multiple startups of the firmware update is included. Firmware update can cause incompatibility with the user modules. It is recommended to update user modules to the most recent version. Information about user module and firmware compatibility is at the beginning of the user module's Application Note. 66 WISE-6610 Series User Manual 3.6.8 Reboot To reboot the device select the Reboot menu item and then press the Reboot button. To access this page, click Administration > Reboot. Figure 3.62 Administration > Reboot WISE-6610 Series User Manual 67 Chapter 4 4Configuration in Typical Situations 4.1 Enabling the LoRaWAN and Network Server Login WISE-6610 Series. See Access Interface on page 14. 1. 2. Go to Customization > User Modules. 3. A list of available devices display. Click on the target LoRaWAN Gateway. Figure 4.1 Customization > User Modules 4. The Settings menu displays. In LoRaWAN Radio Enable, click the drop-down menu to enable LoRaWAN function. 5. Configure the main frequency for radio 0 and radio 1. For radio 1, there are eight channels and one standard channel. Note!
The offset setting for the eight channels must be +/-500KHz. 1. 2. Use Quick Setup to define the main frequency for receiving the data from the LoRaWAN node. 3. In LoRaWAN Gateway Identifier, copy the gateway ID and set on LoRaWAN network server. Figure 4.2 LoRaWAN Gateway > MQTT and LoRaWAN WISE-6610 Series User Manual 69 4. 5. In LoRaWAN Network Server Setting, click the drop-down menu to enable LoRaWAN network server. In MQTT Broker Enable, click the drop-down menu to enable MQTT broker. Figure 4.3 LoRaWAN Gateway > MQTT and LoRaWAN 6. Click Save to save the configuration. 70 WISE-6610 Series User Manual 7. Click LoRaWAN Server and enter the default user name and password (root/
root) to log into the LoRaWAN Network Server page. Note!
The LoRaWAN Network Server does not support IE or EDGE browser. Figure 4.4 LoRaWAN Gateway > LoRaWAN Server 8. Click Infrastructure > Gateways to enter the Gateways List page. 9. Click Create to add a new gateway. Figure 4.5 LoRaWAN Server > Infrastructure > Gateways WISE-6610 Series User Manual 71 10. In the Create new gateway page, configure the new gateway settings. Input the MAC which is the LoRaWAN gateway ID shows on the LoRaWAN setting Page. Figure 4.6 LoRaWAN Server > Infrastructure > Gateways > Create Item MAC Group TX Chain Antenna Gain (dBi) Description Enter the LoRaWAN gateway ID shown on MQTT and LoRaWAN menu. Enter the opaque string with application-specific settings. Enter a value to identify the radio chain used for downlinks (default:
0). It shall correspond to a radio_x (e.g. radio_0) with tx_enable: true in gateway's global_conf.json. Enter a value to ensure the TX Power + Antenna Gain is below the maximal allowed Equivalent Isotropic Radiated Power (EIRP) for the given Network. Description Submit Enter the description for the gateway. Click Submit to save the values and update the screen. 11. Click Infrastructure > Networks to enter the Networks List page. By default, the WISE-6610 Series pre-configures the network to support EU868, AU915, AS923 and US902. Figure 4.7 LoRaWAN Server > Infrastructure > Networks 72 WISE-6610 Series User Manual 12. Click Create to create your own network frequency. Figure 4.8 LoRaWAN Server > Infrastructure > Network > Create > General Item Name NetID SubID Description Enter the name of the network. Enter the NetID of the network. Use 000000 or 000001 for private networks. Enter the SubID of the network in the format of HexValue:Length which specifies the fixed bits in the DevAddr of the active node.
(optional) Region Enter a value to determine the regional characteristics of LoRaWAN. Coding Rate Enter a value to define the coding rate. It is regularly set on 4/5. RX1 Join Delay (s) Enter a value to define the JOIN_ACCEPT_DELAY1. RX2 Join Delay (s) Enter a value to define the JOIN_ACCEPT_DELAY2. RX1 Delay (s) RX2 Delay (s) Gateway Power
(dBm) Enter a value to define the RECEIVE_DELAY1. Enter a value to define the RECEIVE_DELAY2. Enter a value to define the default transmission power for downlinks. Submit Click Submit to save the values and update the screen. In the General tab, follow the table below when configuring a new network:
Parameter EU868 US902 CN779 EU433 AU915 CN580 AS923 KR920 IN865 RU864 Coding Rate 4/5 RX1 Join Delay(s) 5 4/5 5 4/5 5 4/5 5 4/5 5 4/5 5 4/5 5 4/5 5 4/5 5 4/5 5 WISE-6610 Series User Manual 73 Parameter EU868 US902 CN779 EU433 AU915 CN580 AS923 KR920 IN865 RU864 RX2 Join Delay(s) RX1 Delays RX2 Delays Gateway Power Max EIRP
(dBm) Min Power Max Data Rate Initial RX1 DR Offset Initial RX2 DR Initial RX2 Freq (MHz) Initial Channels 6 1 2 16 16 6 1 2 26 30 6 1 2 6 1 2 6 1 2 6 1 2 6 1 2 12 12 30 19 16 12.15 12.15 30 19.15 16 6 1 2 23 14 6 1 2 30 30 6 1 2 16 16 Max Power Max Max Max Max Max Max Max Max Max Max Max -
14 dB Max -
20 dB Max -
10 dB Max -
10 dB Max -
20 dB Max -
14 dB Max -
14 dB Max -
14 dB Max -
20 dB Max -
14 dB SF7 125 kHz SF8 500 kHz SF7 125 kHz SF7 125 kHz SF8 500 kHz SF7 125 kHz SF7 125 kHz SF7 125 kHz SF7 125 kHz SF7 125 kHz 0 0 0 0 0 0 0 0 0 0 SF12 125 kHz SF12 500 kHz SF12 125 kHz SF12 125 kHz SF12 500 kHz SF12 125 kHz SF10 125 kHz SF12 125 kHz SF10 125 kHz SF10 125 kHz 869.525 923.3 786 434.665 923.3 505.3 923.2 921.9 866.550 869.1 0-2 0-71 0-2 0-2 0-71 0-95 0-x*
0-2 0-2 0-1 13. Click the ADR tab to configure the ADR settings for a specified parameter. Figure 4.9 LoRaWAN Server > Infrastructure > Network > Create > ADR Item Description Max EIRP (dBm) Enter a value to specify the EIRP used in your region. Max Power Min Power Enter a value to define the first TX Power item. Enter a value to define the last TX Power item. 74 WISE-6610 Series User Manual Item Description Max Data Rate Enter a value to define the highest DR (lowest SF) supported by the channels in this network. Additional channels may need to be given a different value. Note: The Max Data Rate is not always the last item (lowest SF) in the TX data rate table. Not all channels (frequencies) are allowed to use all data rates. For example, in EU868, the default channels use SF12/125 to SF7/125 only. The SF7/250 is allowed for the 867.3 MHz channel only and FSK for 867.7 MHz only. Initial RX1 DR Offset Enter a value to define the offset between the uplink and downlink data rates used to communicate with the end-device on the first reception slot (RX1). Initial RX2 DR Enter a value to define the data rate for the second reception slot
(RX2). Initial RX2 Freq
(MHz) Enter a value to define the default frequency in the RX2 receive window. Submit Click Submit to save the values and update the screen. 14. Click the Channel tab to configure the channel settings following the frequency rule. Figure 4.10 LoRaWAN Server > Infrastructure > Network > Create > Channel Item Description Initial Channels Channels Enter a range of values to define the initial channels including a comma-separated list of intervals, e.g. 0-2 for EU and 0-71 for US. Click Add new channels to define a list of additional channels sent to the device during Join (CFList). Frequency (MHz): Enter a value to define the channel fre-
quency. Min Data Rate: Enter a value to define the lowest data rate allowed in this channel. Enter 0 if it's not specified. Max Data Rate: Enter a value to define the highest data rate allowed in this channel. Enter the global value of the ADR tab if it's not specified. Submit Click Submit to save the values and update the screen. WISE-6610 Series User Manual 75 15. Click Backends > Handlers to enter the Handlers List page. The WISE-6610 Series handler is created by default. The LoRaWAN data comes with the item with the Field in the handler settings. Figure 4.11 LoRaWAN Server > Backends > Handlers Definition Application (Handler) name DevAddr of the active node DevEUI of the device Application arguments for the node Most recent battery level reported by the device Received frame sequence number LoRaWAN port number Field app devaddr deveui appargs battery fcnt port data freq datr codr mac lsnr rssi Type String Hex String Hex String Any Integer Integer Integer ISO 8601 Number String String Object Number Number Hex String Raw application payload encoded as a hexadecimal string datetime Timestamp using the server clock RX central frequency in MHz (unsigned float/ Hz precision) LoRa data rate identifier (e.g. SF12BW500) LoRa ECC coding rate identifier (default: 4/5) best_gw Gateway with the strongest reception Hex String MAC address of the gateway with the strongest reception LoRa uplink SNR ratio in dB (signed float/ 0.1 dB precision)
(same as rxq.lsnr for best_gw) RSSI in dBm (signed integer/ 1 dB precision) (same as rxq.rssi for best_gw) List of all gateways that received the frame all_gw Object 76 WISE-6610 Series User Manual 16. Click Create to add a new handler rule. This function allows you to choose the desired uplink fields and supports the parse script option that helps you parse the raw data received from the sensor node as shown in Figure 4.13. Figure 4.12 LoRaWAN Server > Backends > Handlers > Create Item Application Uplink Fields Payload Parse Uplink Parse Event Build Downlink Description Enter the name of the handler. Enter the filter values to be forwarded to the backend connector. Enter the filter values as the format for automatic decoding. Enter the string to extract additional data fields from the uplink frame. See Figure 4.13 for references. Enter the string to be forwarded to the backend connector. Enter the string to create a downlink frame based on backend data fields. WISE-6610 Series User Manual 77 Item D/L Expires Description Click the drop-down menu to define when the downlinks may be dropped. Never:
All class A downlinks for a device will be queued and eventu-
ally delivered. All confirmed downlinks will be retransmitted until acknowl-
edged even when a new downlink is sent. When Superseded:
Only the most recent class A downlinks will be scheduled for delivery. Superseded downlinks will be dropped. Unacknowledged downlinks will be dropped when a Submit new downlink (either class A or C) is sent. Click Submit to save the values and update the screen. fun(Fields,Port, <<DEV, Temp:16, Hum:16, Sensor:16>>) ->
if Fields#(device => co2, temp => Temp/100, hum => Hum/100, sensor => Sensor);
Fields#(device => co, temp => Temp/100, hum => Hum/100, sensor => Sensor);
Fields#(device => pm25, temp => Temp/100, hum => Hum/100, sensor => Sensor);
DEV==1 ->
DEV==2 ->
DEV==3 ->
true ->
false end end. 17. Click Backends > Connectors to enter the Connectors List page. Figure 4.13 Parse Uplink Sample The connector settings define the data flow which is the rule for processing the LoRaWAN data. For example, data comes with the handler rule should be saved to the MQTT broker or websocket. The broker and websocket on the WISE-6610 Series is enabled by default. The uplink from the sensor node comes with the MQTT topic is uplink/{devaddr} and the downlink topic is out/{devaddr}. Figure 4.14 LoRaWAN Server > Backends > Connectors 78 WISE-6610 Series User Manual 18. Click Create to create your own connector rule. Figure 4.15 LoRaWAN Server > Backends > Connectors > Create Item Description Connector Name Enter the name of the connector. Application Format URI Publish Uplinks Publish Events Subscribe Received Topic Click the drop-down menu to select the application to reference a specific backend handler. Click the drop-down menu to select the format. JSON: Encode data fields as Json structures such as {"Name-
One":ValueOne, "NameTwo":ValueTwo}. Raw Data: Send only the binary content of the data field without ant port numbers nor flags. Web Form: Encode fields in query strings such as Name-
One=ValueOne&NameTwo=ValueTwo. Enter a string to define the target host which can be mqtt:// for MQTT or mqtts:// for MQTT/SSL. Enter a string to define a server pattern for constructing the publication topic for uplink messages, including the actual DevEUI, DevAddr or other data fields in the message topic. e.g. out/
{devaddr}. Enter a string to define a server pattern for constructing the publication topic for event messages. Enter a string to define a topic for subscription. It may include broker specific wilcards, e.g. in/#. The MQTT broker will then send messages with a matching topic to this connector. Enter a string to define the template for parsing the topic of received messages, e.g. in/{devaddr}. This can be used to obtain a DevEUI, DevAddr or a device group that receives a given downlink. Enabled Check to allow a temporarily disable on an existing connector. WISE-6610 Series User Manual 79 Item Failed Submit Description Click the drop-down menu to select the flag indicates the failure items. badarg: Some connector parameters are bad. network: The destination server cannot be reached. topic: The target broker configuration is wrong. Click Submit to save the values and update the screen. 19. Click Devices > Profiles to enter the Profiles List page. Define the profile rule for the LoRa node and assign the handler rule to each profile. The default profiles are listed in the figure below:
Figure 4.16 LoRaWAN Server > Devices > Profiles 20. Click Create to add a new profile. Figure 4.17 LoRaWAN Server > Devices > Profiles > Create > General Item Name Network Application Description Enter the name of the profile. Click the drop-down menu to select the network. Click the drop-down menu to select the application in use. App Identifier Enter the name of the application ID. 80 WISE-6610 Series User Manual Item Can Join?
FCnt Check TX Window Submit Description Click the drop-down menu to select a flag to prevent the device from joining. Click the drop-down menu to select the FCnt check for the device. Strict 16-bit (default) or Strict 32-bit: Indicates a standard compli-
ant counter. Reset on zero: Behaves as a "less strict 16-bit" which allows personalised (ABP) devices to reset the counter. This weakens the device security a bit as more reply attacks are possible. Disabled: Disables the check for faulty devices and destroys the device security. Click the drop-down menu to select the TX window for downlinks to the device. Auto: Choose the earliest feasible option: RX1 or RX2. RX1: Always use the first RX window. RX2: Always use the second RX window. Click Submit to save the values and update the screen. 21. Click the ADR tab to configure further settings for the node. Figure 4.18 LoRaWAN Server > Devices > Profiles > Create > ADR Item ADR Mode Description Click the drop-down menu to determine the adaptive data rate (ADR) mechanism for the device: Disabled, Auto-Adjust or Maintain. Set Power Enter a value to define the power (in dBm). Set Data Rate Enter a value to define the data rate. Max Data Rate Set Channels Enter a value to define the maximal data rate supported by the devices. Enter a value to define the set of channels. The channels are given as a comma-separated list of interfaces, e.g. 0-2 for EU, 0-71 for the whole US band, or 0-7,64 for the first US sub-band. WISE-6610 Series User Manual 81 Item Description Set RX1 DR Offset Enter a value to define the offset between the uplink and the RX1 slot downlink data rates. Set RX2 DR Enter a value to define the data rate for the second reception slot
(RX2). Set RX2 Freq (MHz) Enter a value to define the default frequency in the RX2 receive Request Status?
window. Click the drop-down menu to select the flag used to disable the status requests for simple devices that do not support the function (default:
true). Submit Click Submit to save the values and update the screen. 22. Click Devices > Activated (Nodes) to enter the Nodes List page. Activated (Nodes) is the setting for ABP type nodes and Commissioned is for OTAA type nodes. The LRPv2 nodes only supports ABP so the info can only be created in the ABP options. Figure 4.19 LoRaWAN Server > Devices > Activated (Nodes) 23. Click Create to add a new LoRaWAN node (ABP) along with its Devaddr, APPkey and NwkKey. Figure 4.20 LoRaWAN Server > Devices > Activated (Nodes) > Create Item DevAddr Profile Description Enter the name of the node. Click the drop-down menu to select the profile for the node. 82 WISE-6610 Series User Manual Item Description App Arguments Enter the opaque string with application-specific settings. NwkSKey AppSKey FCnt Up FCnt Down Submit Enter the NwkSKey for the node. Enter the AppSKey for the node. Enter a value to define the frame counter. Enter a value to define the frame counter. Click Submit to save the values and update the screen. 24. Click Devices > Commissioned to enter the Devices List page. Figure 4.21 LoRaWAN Server > Devices > Commissioned 25. Click Create to add a new LoRaWAN node (OTAA). Figure 4.22 LoRaWAN Server > Devices > Commissioned > Create Description Enter the DevEUI for the device. App Arguments Enter the opaque string with application-specific settings. Click the drop-down menu to select the profile for the device. Enter the AppEUI for the device. Enter the AppKey for the device. Enter a value to define the timestamp of the last successful Join request. Enter the corresponding node. Click Submit to save the values and update the screen. Item DevEUI Profile AppEUI AppKey Last Join Node Submit WISE-6610 Series User Manual 83 26. After the LoRaWAN network, gateway, node, handler and connector funcitons are enabled. Click Received Frames to enter the Received Frames page and check the received messages. Figure 4.23 LoRaWAN Server > Received Frames 27. Since the MQTT broker on the WISE-6610 series is enabled by default, you can subscribe the MQTT "#" on 192.168.1.1 to receive the LoRaWAN node mes-
sages. Figure 4.24 MQTT Subscription 84 WISE-6610 Series User Manual 28. Click Infrastructure > Events to enter the Events List page to view the events. Figure 4.25 MQTT Subscription Figure 4.26 LoRaWAN Server > Infrastructure > Events WISE-6610 Series User Manual 85 4.2 Changing the Raw LoRa Data Format This function parses and shows the raw data from an Advantech LRPv2 LoRa node. Note! WISE-6610 series models does not parse data from a non-Advantech LoRa node through the Advantech Application function. Note!
All the foregoing settings must be configured before using this function. 1. To access this page, click User Modules > LoRaWAN Gateway > Advantech Application. Figure 4.27 User Modules > LoRaWAN Gateway > Advantech Application 2. Click Detail to list the real data and status detail of the node. Figure 4.28 Data and Status 86 WISE-6610 Series User Manual 3. To get the sensor node data, the application server needs to be enabled first. After the application server is enabled, the Advantech application server will parse the data subscribed from the MQTT broker (WISE-6610 with topic uplink/
#) as shown in the figure below. Figure 4.29 User Modules > LoRaWAN Gateway > MQTT and LoRaWAN 4. Click LoRaWAN Server > Devices > Activated (Nodes) to enter the Nodes List page. Figure 4.30 LoRaWAN Server > Activated (Nodes) 5. Edit the LoRa Node and enter Advantech in the App Arguments field. The Advantech application server will deal with the raw data based on the info and list the real data on the Advantech Application page. Figure 4.31 LoRaWAN Server > Activated (Nodes) > Edit > General WISE-6610 Series User Manual 87 6. Not only the data will be shown on the Advantech Application page, if you would like to apply the data to other software applications, you can also subscribe Topic # or direct Topic Advantech/+/data from the WISE-6610 MQTT server. Figure 4.32 Applying Data to Other Software Applications 4.3 Node-RED Setup 1. Go to Customization > User Modules. 2. A list of available devices display. Click on the target Node-RED. Figure 4.33 Customization > User Modules 3. The Settings menu displays. Click Node-RED and check the box to enable the Node-RED and enter the port number (default: 1880). 4. Go to Node-RED page (http://192.168.1.1:1880/) and log in using the default user name and password (root/root) for further configuration. Figure 4.34 Node-RED Figure 4.35 Node-RED 88 WISE-6610 Series User Manual www.advantech.com Please verify specifications before quoting. This guide is intended for reference purposes only. All product specifications are subject to change without notice. No part of this publication may be reproduced in any form or by any means, electronic, photocopying, recording or otherwise, without prior written permis-
sion of the publisher. All brand and product names are trademarks or registered trademarks of their respective companies. Advantech Co., Ltd. 2018
1 2 | Label sample and label location | ID Label/Location Info | 208.31 KiB | May 08 2020 |
FCC ID:M82-WISE6610N PN =e Industrial LORaWAN Gateway Model No: WISE-6610-N100C-A Ete) SAE: PAS 9-36 VDC 0.6A@12VDC FCC ID: M82-WISE6610N Contains FCC ID: XMR201707BG96 Bottom of EUT EON scn koma Oe Be Gr Len) eet ey Wie CE) This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference Pee A re eC Te CAUTION!
To prevent shock, do NOT remove covers. There are no user serviceable parts inside. eee nn cr orien ana 3 atc CM keep chy a Lee eal eee EOL A ee Pmt lo)y) Pour viter les chocs, ne pas retirer le couvercle. Pr eee eae Denar cape cene mien iret ek
1 2 | Agent authorization | Cover Letter(s) | 272.13 KiB | May 08 2020 |
NEES Date: 2020-03-20 FCC ID: M82-WISE6610N To Whom It May Concern:
TERA RRA Bl Advantech Co., Ltd. GILT AERICES 26 5 20 FF 1 Ht No.1, Alley 20, Lane 26, Rueiguang Road Neihu District, Taipei 114, Taiwan Tel:886-2-2792-7818 Fax:886-2-2794-7334 www.advantech.com AUTHORIZATION LETTER Advantech Co., Ltd. hereby authorizes Andrea Hsia / Supervisor of Bureau Veritas Consumer Products Services (H.K.) Ltd., Taoyuan Branch (BV CPS Taoyuan), to act on its behalf in all matters relating to the Federal Communication Commission (FCC) application for equipment authorization in connection with the FCC ID listed above, including signing of all documents relating to these matters. Any and all acts carried out by Andrea Hsia / Supervisor of BV CPS Taoyuan on Advantech Co., Ltd. behalf, within the scope of the powers granted herein, shall have the same effect as acts of its own. If you have any questions regarding the authorization, please dont hesitate to contact us. Sincerely yours, Lily Huang / Corporate/Quality/Assistant Manager Advantech Co Ltd Tel: 02-2792-7818 Fax: 02-2794-7334 E-mail: lily.huang@advantech.com.tw
1 2 | Confidentiality request (Long term) | Cover Letter(s) | 271.88 KiB | May 08 2020 |
THER DARA]
INDENT HG Te Aaventeeh Co, ria. GILT A MAERICER 26 Es 20 FF 1 HF No.1, Alley 20, Lane 26, Rueiguang Road Neihu District, Taipei 114, Taiwan Tel:886-2-2792-7818 Fax:886-2-2794-7334 www.advantech.com Date: 2020-03-20 FCC ID: M82-WISE6610N To the attention of Federal Communications Commission Authorization and Evaluation Division Confidentiality Request Pursuant to Sections 0.457 and 0.459 of the Commissions Rules, the Applicant hereby requests confidential treatment of information accompanying this Application as outlined below:
Schematics Block Diagram Operational Description The above materials contain trade secrets and proprietary information not customarily released to the public. The public disclosure of these matters might be harmful to the Applicant and provide unjustified benefits to its competitors. The Applicant understands that pursuant to Rule 0.457, disclosure of this Application and all accompanying documentation will not be made before the date of the Grant for this application. Sincerely yours, Lily Huang / Corpotfate Quality/Assistant Manager Tel: 02-2792-7818 Fax: 02-2794-733 E-mail: lily.huang@advantech.com.tw
1 2 | Description of Change | Cover Letter(s) | 283.78 KiB | May 08 2020 |
FCC ID: M82-WISE6610N Description of Permissive Change The application is prepared for FCC class II permissive change for a. adding certified WWAN module (FCC ID: XMR201707BG96) b. adding series models for this modified. c. adding external connector of main board for containing this certified WWAN module. Best Regards, Andrea Hsia / Supervisor Bureau Veritas Consumer Products Services (H.K.) Ltd., Taoyuan Branch Tel: 886-3-318 3232 ext. 1628 Fax: 886-3-327 0892 Email: andrea.hsia@bureauveritas.com Data: 2020-04-29
frequency | equipment class | purpose | ||
---|---|---|---|---|
1 | 2020-05-08 | 923.3 ~ 927.5 | DTS - Digital Transmission System | Class II Permissive Change |
2 | 2018-12-18 | 923.3 ~ 927.5 | DTS - Digital Transmission System | Original Equipment |
app s | Applicant Information | |||||
---|---|---|---|---|---|---|
1 2 | Effective |
2020-05-08
|
||||
1 2 |
2018-12-18
|
|||||
1 2 | Applicant's complete, legal business name |
Advantech Co Ltd
|
||||
1 2 | FCC Registration Number (FRN) |
0013543681
|
||||
1 2 | Physical Address |
No. 1, Alley 20, Lane 26, Rueiguang Road Neihu District
|
||||
1 2 |
No. 1, Alley 20, Lane 26, Rueiguang Road
|
|||||
1 2 |
Taipei, N/A
|
|||||
1 2 |
Taipei, N/A 114
|
|||||
1 2 |
Taiwan
|
|||||
app s | TCB Information | |||||
1 2 | TCB Application Email Address |
c******@nacsemc.com
|
||||
1 2 | TCB Scope |
A4: UNII devices & low power transmitters using spread spectrum techniques
|
||||
app s | FCC ID | |||||
1 2 | Grantee Code |
M82
|
||||
1 2 | Equipment Product Code |
WISE6610N
|
||||
app s | Person at the applicant's address to receive grant or for contact | |||||
1 2 | Name |
L**** H****
|
||||
1 2 | Telephone Number |
886-2******** Extension:
|
||||
1 2 | Fax Number |
886-2********
|
||||
1 2 |
L******@advantech.com.tw
|
|||||
app s | Technical Contact | |||||
n/a | ||||||
app s | Non Technical Contact | |||||
n/a | ||||||
app s | Confidentiality (long or short term) | |||||
1 2 | Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | Yes | ||||
1 2 | Long-Term Confidentiality Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | No | ||||
1 2 | Yes | |||||
1 2 | If so, specify the short-term confidentiality release date (MM/DD/YYYY format) | 06/16/2019 | ||||
if no date is supplied, the release date will be set to 45 calendar days past the date of grant. | ||||||
app s | Cognitive Radio & Software Defined Radio, Class, etc | |||||
1 2 | Is this application for software defined/cognitive radio authorization? | No | ||||
1 2 | Equipment Class | DTS - Digital Transmission System | ||||
1 2 | Description of product as it is marketed: (NOTE: This text will appear below the equipment class on the grant) | Industrial LoRaWAN gateway | ||||
1 2 | Related OET KnowledgeDataBase Inquiry: Is there a KDB inquiry associated with this application? | No | ||||
1 2 | Modular Equipment Type | Does not apply | ||||
1 2 | Purpose / Application is for | Class II Permissive Change | ||||
1 2 | Original Equipment | |||||
1 2 | Composite Equipment: Is the equipment in this application a composite device subject to an additional equipment authorization? | No | ||||
1 2 | Related Equipment: Is the equipment in this application part of a system that operates with, or is marketed with, another device that requires an equipment authorization? | No | ||||
1 2 | Grant Comments | Class II Permissive Change for adding a certified WWAN module (FCC ID: XMR201707BG96) with external antenna connector as described in this filing. Output power listed is conducted. End-users and responsible parties must be provided with operating and installation instructions to ensure RF exposure compliance. The antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter, except the collocation as described in accordance with FCC multi-transmitter product guidelines. | ||||
1 2 | Output power listed is conducted. End-users and responsible parties must be provided with operating and installation instructions to ensure RF exposure compliance. The antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter, except the collocation as described in accordance with FCC multi-transmitter product guidelines. | |||||
1 2 | Is there an equipment authorization waiver associated with this application? | No | ||||
1 2 | If there is an equipment authorization waiver associated with this application, has the associated waiver been approved and all information uploaded? | No | ||||
app s | Test Firm Name and Contact Information | |||||
1 2 | Firm Name |
Bureau Veritas CPS(H.K.) Ltd., Taoyuan Branch
|
||||
1 2 | Name |
E******** L******
|
||||
1 2 | Telephone Number |
+886-********
|
||||
1 2 | Fax Number |
+886-********
|
||||
1 2 |
e******@tw.bureauveritas.com
|
|||||
Equipment Specifications | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
1 | 1 | 15C | 923.30000000 | 927.50000000 | 0.2800000 | ||||||||||||||||||||||||||||||||||||
Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
2 | 1 | 15C | 923.30000000 | 927.50000000 | 0.2800000 |
some individual PII (Personally Identifiable Information) available on the public forms may be redacted, original source may include additional details
This product uses the FCC Data API but is not endorsed or certified by the FCC