Manuale d’uso / di manutenzione del prodotto EDR-810 del fabbricante Moxa
Vai alla pagina of 129
Industrial Secure R outer User’ s Manual Second Editio n, August 2013 www.moxa.com/product © 2013 Moxa Inc . All rights reserved. Reprod uction witho ut permis sion is p rohibited .
Industrial Secure R outer User’ s Manual The softw are described in this manual is furnished under a license agreement and may be used only in accordance with the terms of that agree ment. Copyri ght Notice Copyrig ht ©2013 Moxa Inc. All r ights rese rved.
Table of Content s 1. Int rodu ct ion ...................................................................................................................................... 1-1 Ov erv iew ...............................................................
Se ttingChec k .............................................................................................................................. 4-8 Syste m File Upda te — by Rem ote TF TP ...............................................................
1 1. Introduction Welcome to the Moxa Indus trial Secure Router series , the EDR - G902, EDR - G902 , and EDR - 810. The all - in - one Firewall/N AT/VPN secur e routers are desig ned for connecting Ether net - enabled device s with network IP secur ity.
Industri al Se cure Rout er U ser's Man ual Introduc tion 1-2 Overvi ew As the world ’s network and informatio n technology becomes more mature , the trend is to use Ethernet as the major communic ations interf ace in many industrial co mmunications and auto mation applicatio ns.
2 2. Getting Started This chapte r explains how to access the Ind ustrial Secure R outer for the first time. Ther e are three ways to access the ro uter: (1) serial conso le, (2) Telnet console, and (3 ) web browser.
Industri al Se cure Rout er U ser's Man ual Getting Started 2-2 RS - 232 C onsole Configurati on (115200, None, 8, 1, VT100) NOTE Connec tion Ca utio n! We strong ly suggest that you do NOT use mor e than one connection me thod at the same time.
Industri al Se cure Rout er U ser's Man ual Getting Started 2-3 4. Click the Ter minal tab, selec t VT100 for Terminal Type , and then click OK to continue. 5. The Console login screen will ap pear. Use the keyboard to enter the login acco unt ( admin or use r ), and then press E nt er to jump to the Pas sword field.
Industri al Se cure Rout er U ser's Man ual Getting Started 2-4 the form 192.168 .xxx.xxx. On the other hand , if your PC host’s subnet mask is 255.
Industri al Se cure Rout er U ser's Man ual Getting Started 2-5 2. The web login page will ope n. Select the login account (Admin or User) and enter the Passw ord (the same as the Console pas sword), and then clic k Login to continue. Le ave the Pas sword f ield blank if a password has not been set.
3 3. EDR- 810 Series Feat ures and Functions In this chapte r, we explain how to access the Ind ustrial Secur e R outer ’ s configuratio n options, perform monitor ing, and use administratio n functio ns. There are three ways to access these func tions: (1) RS - 23 2 conso le, (2) Telnet console , and (3) web browser.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-2 Quick S etting Pr ofile The EDR - 81 0 s eries sup ports WAN Routing Q uick Se tting , which creat e s a routing f unction betw een LAN ports and WAN ports def ined by users.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-3 Step 3: Configur e t he WA N port type Conf igure the WAN p ort t ype to def ine how the secure router switc h connects to the WAN .
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-4 Stati c IP PPPoE Step 4: Enable serv ices C heck Enabl e DHCP Server to e nable t he DHCP server for LAN devices . The def ault IP address range will be set automati cally.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-5 Step 5: Activate the s ettings C lick the A ctiv at e button. NOTE An exis ting configur ation will be ov erwritten by new settings whe n processing WAN Ro uting Quick Se tting .
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-6 User Account The Moxa indus trial secure router suppor t s the management of accounts , including estab lishing, acti vating, modify ing, disabling and removing accounts.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-7 Create New Account Input the user name, password and assign the authority to the new account. O nce apply the new setting, the new account w ill be shown under the Account List tab le.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-8 Date and Time The Moxa ind ustrial sec ure router has a time c alibration f unction based on infor mation from an NTP serv er or user spe cified time and d ate.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3-9 Start Date Sett ing Descrip tion Factory De faul t User - speci fied date Spec ifies the date that Daylight Saving Time begins.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 10 System Even t Settings Syste m Events are related to the overall f unction of the swi tch. Each event can be activated ind ependently with diffe re nt wa rning approaches .
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 11 Port Event Settings Port Events are related to the activity of a specific port . Port E vents Warning e - mail i s sent whe n… Link - ON The port is connec ted to another device.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 12 Max. of 30 characte rs You can set up to 4 email addresses to receive alarm emails from the Moxa switch.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 13 When relay war ning triggered by eithe r system or port events, adminis trator can decide to s hut down the hardw are warning buzzer b y clicking App ly butto n.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 14 If the user enable s the SettingCheck functio n with the Accessible IP l ist and the confirmer Timer i.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 15 TFTP Se r ver IP/Nam e Sett ing Descrip tion Facto ry Defa ult IP Address of TFTP Se rver The IP or name of the remote TFTP server . Must be config ured before downlo ading or upload ing files.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 16 Upgrade Firm ware To import a firmware file into the Indus trial Secure R outer , cli ck Brow se to s elect a firmwa re file already saved on your computer .
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 17 Enable Sett ing Descrip tion Factory De faul t Checked Allows d ata transmissio n through the port. Enabled Unchecked Immediatel y shuts off port access.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 18 Link Aggreg ation Link aggreg ation invo lves grouping links into a link aggregation g roup. A MAC client can treat link a ggregation groups as if they were a sing le link.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 19 Step 1 : Select the desir ed Trunk Group Step 2 : Select the desir ed Member Port s or Available Ports.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 20 Port Mi rroring Settings Sett ing Descrip tion Monitor ed Port Select the numb er of the ports whose network activ ity will be monitor ed. Multiple port selectio n is acceptable .
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 21 Benefits of VLA Ns The main benef it of VLANs is that they provide a network segmentatio n system that is far more flex ible than traditio nal networks.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 22 802.1Q VLAN Settings Managem ent VLAN ID Sett ing Descrip tion Factory De faul t VLAN ID from 1 - 4094 A ssigns the VLAN ID of this Moxa sw itch.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 23 Input multi port numbers in the “ Por t ” column, and Port Type, Tag ged VLAN I D, an d untagge d VLAN ID, and then click the Set to T able button to create VLAN ID configura tion table.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 24 • It makes eff icient use of network bandw idth and scales well as the number of multicas t group members increases. • Works with o ther IP protocols and serv ices, such as Quality of Serv ice (QoS).
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 25 Snooping M ode Snooping Mode allows yo ur industrial s ecure router to forward multica st packets only to the appropriate por ts.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 26 IGMP Snoopi ng IGMP Snoop ing provides the ability to prune multicast tr affic so that it travels only to those end destinations that requir e that traffic, ther eby reducing the amount of tr affic on the Ethernet LAN.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 27 The inform ation shown in the table includ es : • Auto Learne d Multicast Route r Port: This ind icates that a multicast r outer connects to/sends packe ts from these por t(s).
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 28 Join Po rt Sett ing Descrip tion Factory De faul t Select/Desel ect Check mark the appropriate check boxes to select the join por ts for this multic ast group.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 29 inspec ting 802.1p CoS tags in the MAC frame to determine the priori ty of each frame. Port Priority Sett ing Descrip tion Factory De faul t Port p riority The port pr iority has 4 prior ity queues.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 30 ToS/DSCP Mapping ToS (D SCP) V alue a nd Pr iority Queue s Sett ing Descrip tion Factory De faul t Low/Nor mal/ Medium/Hig h Maps different TOS values to 4 differ ent egress queu es.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 31 Limit Bro adcast, Multicast, Flooded Unicast Limit Bro adcast, Multicast Limit Bro adcast Ingre ss/Egre ss Rate Sett ing Descrip tion Fac tory De fault Ingre ss/Egress Rate Select the ing ress/egress rate limit (% of max.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 32 Inter face WAN VLA N ID Moxa I ndustrial Secure Ro uter ’ s WAN interface is configur ed by VLAN group. T he ports with the same VLAN can be config ured as one WAN interface.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 33 User Na me Sett ing Descrip tion Factory De faul t Max. 30 Character s The Log in username when dialing up to PPTP serv ice None Passwor d Sett ing Descrip tion Factory De faul t Max.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 34 Detaile d Ex plan ation of St atic IP Type Address Information IP Addre ss Sett ing Descrip tion Facto.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 35 Host Name Sett ing Descrip tion Facto ry Defa ult Max. 30 characters User - defined Host Name of this PPPoE serv er None Passwor d Sett ing Descrip tion Facto ry Defa ult Max.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 36 DHCP Ser ver The Industr ial Secure Router provides a DHCP (Dynamic Host Conf iguration Protoco l) server function for LAN interf aces.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 37 NOTE 1. T he DHCP Server is only available f or LAN interfaces.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 38 DNS S erver Sett ing De scriptio n Factor y Defa ult IP Add ress T he DNS serve r for the selected de vice 0.0.0.0 NTP S erver Sett ing De scriptio n Factor y Defa ult IP Add ress T he NTP server for the selected d evice 0.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 39 ≥ 5min. T he lease time of the connec ted device None Defaul t Gate way Sett ing De scriptio n Factor y Defa ult IP Add ress T he default gateway for the conne cted device 0.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 40 SN MP Versi ons Sett ing Descrip tion Facto ry Defa ult Disabl e V1, V2c , V3, or V1, V 2c, or V3 only Select the SN MP protocol version used to manag e the secu re router .
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 41 Access Co ntrol Sett ing Descrip tion Facto ry Defa ult Read/Write A ccess control typ e after match i.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 42 Secu rity User Inte rface Managem ent Enable MOX A Uti lity Sett ing Description Fac tory De fault Sel.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 43 Authentic ation Certifi cate SSL Cer tificat e Re - generate Sett ing Descrip tion Factory De faul t S.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 44 • Grant acc ess to one ho st with a specific IP address For example, e nter IP address 192.168 .1.1 with netmask 2 55. 255. 255.2 55 to all ow acc ess to 1 92.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 45 Port Statistic s Access the Monitor by selecting Mon ito r from the left selectio n bar. Monitor by System allow s the user to view a graph that show s the combined data transm ission activity of a ll of the Moxa industr ial secure router ’s por ts .
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 46 Event L og The Event Log Tabl e displays the following information: In d ex Event i ndex a ssigne d to identif y the e vent seque nce. Bootup This field show s how many times the Moxa switch has been r ebooted or cold star ted.
Industri al Se cure Rout er U ser's Man ual EDR - 810 Serie s Feature s and Functi ons 3- 47 NOTE The follow ing events will be record ed into the Moxa industrial s ecure router’ s Event Log Ta.
4 4. EDR- G90 2/G9 03 Series Fe atur e s a nd Functions Overvie w Configuring Basic Settin gs Syste m Identificatio n Accessible IP Password Tim e SettingC heck Syste m.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-2 Overvi ew The Overv iew page is divid ed into three ma jor parts : Interf ace Status, B asic func tion status , and Rece nt 10 Event logs , and gives u ser s a quick overview of the E therDevice R outer ’s c urrent setting s.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-3 Click More … at the top of the Recent 1 0 Even t Log table to open the Event LogT abl e page.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-4 Maintai ner C ontac t Info Sett ing Descrip tion Facto ry Defa ult Max.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-5 Allowable Hosts In put Form at Ay host Disabl e 192.1 68.1. 120 192.1 68.1. 120 / 255.2 55.2 55.25 5 192.1 68.1. 1 to 192. 168.1.25 4 192.1 68.1. 0 / 255.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-6 Account Sett ing Descrip tion Facto ry Defa ult Admin “ad min” privileg e allows the user to modify all conf igurations. Admi n User “us er” privilege o nly allows viewing device configuratio ns.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-7 Current Time Sett ing Descrip tion Facto ry Defa ult User adj ustable Time The time param eter allows configur ation of the local time in local 24 - ho ur format.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-8 SettingC heck Setti ngCheck is a safety functio n for indus trial user s using a s ecur e r outer.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4-9 If the new configur ation does not block the connec tion from the re mot e user to the E therDev ice R outer, the user w ill see the Se ttingCheck Conf irmed pa ge , shown in the follo wing figure .
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 10 System F i le Up dat e —b y Remote TFTP The E therDe vice R outer supports saving your configu.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 11 Log File C lick Ex por t t o export the Log file of th e E therDevic e R outer to the local host. NOTE Some operating syste ms will open the configur ation file and log file directly in the web page.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 12 Networ k Setting s Mode C onfiguration Network M ode E therDevic e R outer pro vid es Rout er Mo.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 13 WAN1 Configuration Connect ion Note that ther e are thre e different co nnection types fo r the WA N1 interf ace: Dynamic I P, Static IP , and PPPoE.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 14 E xample : S uppose a remote user (IP: 10 .10.10.10) w ants to connect t o the inter nal server (private I P: 30.30. 30.10) via the PPTP protoco l.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 15 Gat eway Sett ing Descrip tion Facto ry Defa ult IP Add ress The Gateway IP ad dr ess No ne Detaile d Ex plan ation of PPPoE Type PPPoE Dialup User Na me Sett ing Descrip tion Facto ry Defa ult Max.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 16 Connec tion Type Sett ing Descrip tion Facto ry Defa ult Static IP, Dynamic IP, PPPoE Conf igure.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 17 DNS (Dom an Name Server ; optional setting f or Dyna mic IP a nd PPPoE types) Server 1/ 2/3 Sett.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 18 Subn et Ma sk Sett ing Descrip tion Facto ry Defa ult IP Add ress The sub net mask None Gat eway.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 19 Using DMZ M ode A DMZ ( d emilitarize d z one) is an isolated netw ork for dev ices — such as d ata, FTP, w eb , and m ail server s connec ted to a LAN n etwo rk — that need to frequently connect with exter nal network s .
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 20 LAN IP Co nfigu rat ion IP Addre ss Sett ing Descrip tion Facto ry Defa ult IP Add ress The LAN interf ace IP address 192.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 21 WAN Bac kup Configurat ion Select Backup for the WA N2/ DMZ Connect Mode, and then go to the Netw ork Re dundan cy WAN Bac kup se tting page for the WAN Backup config uration.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 22 Monitor You can monito r statistics in real time from the E therD evice R outer ’ s we b console . Monitor by S ystem Access the Monitor by selecting “ System ” from the left selection bar.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 23 System Log The indus trial secure route r prov ides Event L og and Sys l og functions to record impo rtant eve nts . EventL og Field Descrip tion Bootup This field show s how many times the dev ice has been reb ooted o r cold start ed.
Industri al Se cure Rout er U ser's Man ual EDR - G902/G903 S erie s Features an d Functions 4- 24 DI trans ition (Off - > On) DI trans ition (On - > O ff) Cold star t Factory def ault Warm.
5 5. Routing The follo wing topics are covered in this chapter: Unicast R outi ng Static Routing RIP (Routing Informatio n Protocol) Routing Table.
Industri al Se cure Rout er U ser's Man ual Routing 5-2 Unicast R ou ting The Indus trial Sec ure R outer sup ports two routing m ethods: static routing and dynamic routing. Dy namic routing makes use of RIP V1/V1c/V2. You can either choos e one routing method, or combine the two methods to estab lish your routing tab le.
Industri al Se cure Rout er U ser's Man ual Routing 5-3 Clickable B uttons Add For adding an entry to the Static Routing Table. Delet e For remov ing selected entrie s from the Static Routing Table. Modify For modify ing the content of a selected entry in the Static Ro uting Table .
Industri al Se cure Rout er U ser's Man ual Routing 5-4 RIP I nterfa ce T able (ED R - 810 ser ies o nly) Sett ing Descrip tion Factory De faul t Enable/D isable Check the checkb ox to enable RIP for each interf ace. Unch ecked Routing T able The Routing Table page shows all r outing e ntries.
6 6. Network Redundanc y The follow ing topics are covered in this chapter: Lay er 2 R edundan t Pro tocol s (ED R - 810 se ries o nly) Conf iguring STP/R STP Conf iguring Turbo Ring V2 .
Industri al Se cure Rout er U ser's Man ual Network R edun dancy 6-2 Layer 2 Red undan t Prot ocols (EDR - 810 series only) Configuri ng STP/RSTP The follow ing figures indic ate which Spanning Tr ee Protocol parame ters can be configured. A more detaile d explana tion of e ach parameter follows.
Industri al Se cure Rout er U ser's Man ual Network R edun dancy 6-3 Hello time (sec.) Sett ing Descrip tion Factory De faul t Numeric al value input by user The root of the Spanning Tree topology p eriodically sends out a “hello” message to other devices on the network to check if the topo logy is healthy.
Industri al Se cure Rout er U ser's Man ual Network R edun dancy 6-4 Configuri ng Turbo Ring V2 NOTE When using the Dual - Ring architectur e, users must config ure settings for both R ing 1 and Ring 2. In this case, the status of bo th rings will appear under “Cur rent Status.
Industri al Se cure Rout er U ser's Man ual Network R edun dancy 6-5 Expl anati on of “Se ttings” Ite ms Redund ancy Pr otocol Sett ing De scriptio n Facto ry Defa ult Turbo Ri ng V2 S elect this ite m to change to the Tur bo Ring V2 conf iguration p age .
Industri al Se cure Rout er U ser's Man ual Network R edun dancy 6-6 Layer 3 Red undan t Prot ocols VRRP Setting s Virtual Ro uter Redundancy Pro tocol (VRRP) can solv e the problem with static co nfiguration. VRR P enables a group of routers to form a single vir tual ro uter w ith a vir tual IP ad dress .
7 7. Network Address Tra nslation The follow ing topics are covered in this chapter: Network A ddress Tr anslati on (NA T) NAT C onc ept 1- to - 1 NAT N- to - 1 NA T Port Fo rward.
Industri al Se cure Rout er U ser's Man ual N etwork Ad dress T ransl ation 7-2 Network Address Tr anslation (NAT ) NAT C oncept NAT (Network Address Transla tion) is a common secur ity function fo r chang ing the I P address during Etherne t packet transmission .
Industri al Se cure Rout er U ser's Man ual N etwork Ad dress T ransl ation 7-3 1- to - 1 NAT Se tting for EDR - G903 in Pr oduc tio n Line 1 1- to - 1 NAT Se tting for EDR - G903 in Pr oduc tio .
Industri al Se cure Rout er U ser's Man ual N etwork Ad dress T ransl ation 7-4 IP Add ress Select the Inter nal IP address in LAN /DMZ network area N one WAN IP (1 - 1 NAT typ e) Sett ing Descri.
Industri al Se cure Rout er U ser's Man ual N etwork Ad dress T ransl ation 7-5 Interface (N - 1 mode) Sett ing Descrip tion Facto ry Defa ult Auto WAN1 WAN2 Select the Inter face for this NAT Polic y Auto The Ind ustrial Secure R outer prov ide s a Dual WAN backup functio n for network r edundancy.
Industri al Se cure Rout er U ser's Man ual N etwork Ad dress T ransl ation 7-6 Enable/D isable NAT po licy Sett ing Descrip tion Facto ry Defa ult Enable or Disab le Enable or disab le the selec.
8 8. Firewall The follow ing topics are covered in this chapter: Policy Co ncept Policy Overvie w Policy Co nfiguratio n Layer 2 Policy Setup (Only in Bridge Mode for EDR - G 902/G 903.
Industri al Se cure Rout er U ser's Man ual Firewall 8-2 Policy C oncept A f irewall dev ice is common ly used to prov ide secu r e traffic contro l over an Ethernet n etwo rk , a s illustrated in the f ollowing f igure .
Industri al Se cure Rout er U ser's Man ual Firewall 8-3 Enable Sett ing Descrip tion Facto ry Defa ult Enable or Disab le Enable or disab le the selected Firew all policy Enab led Interface From.
Industri al Se cure Rout er U ser's Man ual Firewall 8-4 Destin ation IP Sett ing Descrip tion Facto ry Defa ult All (I P Address ) This Firew all Policy will check all Destination I P a ddre sse.
Industri al Se cure Rout er U ser's Man ual Firewall 8-5 detail ed des cription Ether Type Sett ing Descrip tion Factory De faul t 0x060 0 to 0x FFFF When Protoc ol is set to “ Manual ” you c.
Industri al Se cure Rout er U ser's Man ual Firewall 8-6 Quick Automa tion Profile Ethernet Fieldbus prot ocol s are popular in i ndustr ial automation app lications.
Industri al Se cure Rout er U ser's Man ual Firewall 8-7 Modbus TC P/IP (TCP) 502 Modbus TC P/IP (UDP) 5 02 PROFInet RT U nicast (TCP) 34962 PROFInet R T Unic ast (UDP) 3 4962 PROFInet RT Multic .
Industri al Se cure Rout er U ser's Man ual Firewall 8-8 Policy Chec k The Ind ustrial Secure R o uter supports a Poli cyCheck function for maintain ing the f irewall polic y list. The Policy Check functio n detect s firewall policies that may b e configured incorr ectly .
Industri al Se cure Rout er U ser's Man ual Firewall 8-9 Include: Pol icy [X ] is includ ed in Policy [Y ] The Source/D estination IP range or Source /Destination por t number of policy [X] is less than or equal to policy [Y], and the ac tion target (Accep t/Drop) is the same.
Industri al Se cure Rout er U ser's Man ual Firewall 8- 10 Modbus TCP Policy Modbus TCP is a Modbus protoc ol used for communications over TCP/IP network s, connecting o ver port 502 by defaul t . Some have experim ented with using Mo dbus over UDP o n IP networks, which r emoves the over heads require d for TCP.
Industri al Se cure Rout er U ser's Man ual Firewall 8- 11 Enable/D isable Mo dbus P olicy Setting Descrip tion Factory Def ault Enable or Disab le Enable or disab le the selected Modbus policy E.
Industri al Se cure Rout er U ser's Man ual Firewall 8- 12 Destin ation IP Sett ing Descrip tion Factory De faul t All (I P Address ) This Modbus polic y will check all Destination I P addresses i n the packet. All Single (IP Ad dress) T his Modb us policy will check single Destination I P addresses in the packet.
Industri al Se cure Rout er U ser's Man ual Firewall 8- 13 Denial of Servi ce (DoS) Defense The Ind ustrial Secure Ro uter provides 9 differ ent DoS functio ns for detect ing or def in ing abnor mal packet format or traff ic flow. The Industr ial Se cure R outer w ill drop the packets when it detects an abnormal packet for mat.
Industri al Se cure Rout er U ser's Man ual Firewall 8- 14.
9 9. Virtual Pri vate Network ( VPN) The follow ing topics are covered in this chapter: Overvie w IPSec Co nfig uration Global Settings IPSec S ettings IPSec S tatus X.
Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-2 Overvi ew In this sectio n we descri be how to use the Indus trial Secure R outer to build a secure Remote Automati on network with the VPN (Virtual Private Network ) feature.
Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-3 All IPSec Connec tion User s c an Enable or Disable all VPN servic e s with this conf iguration . NOTE The factory default s etting is Disab le, so when the user wants to use VPN function, mak e sure the setting is enabled .
Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-4 Name o f VPN Tunne l Sett ing Descrip tion Factory De faul t Max. of 16 characte rs User defined name of this VPN Tunnel. None NOTE T he first charac ter cannot b e a number.
Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-5 ID ID for indentify ing the VPN tunnel connec tion. T he Local ID must be equal to the Remote ID of the VPN Gateway . Otherwise , the VPN tunnel can not b e established.
Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-6 MD5 SHA1 SHA256 DH Grou p Setting Descrip tion Factor y Defa ult DH1(m odp 768) DH2(m odp 1024) DH5(m odp 1536) DH1.
Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-7 AES - 128 AES - 192 AES - 256 Hash Alg orit hm Setting Descrip tion Fac tory Defa ult Any MD5 SHA1 SHA256 Hash Algo.
Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-8 1. Root Cer tificate genera tion. Both EDR - G903 (A) and EDR - G903(B) need to generate their own root certificates. 2. EDR - G903( A) an d E DR - G9 03(B) c an requ est new certifications base d on their own Root Ce rtificate s.
Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9-9 NOTE The default se tting for Certificate D ay is 0, which means that the certificati on will not be terminated unless modif ied by the user.
Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9- 10 Remote Certific ate Upload Upload the .crt R emote cer tificate o n this page.
Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9- 11 Login User Name Sett ing Descrip tion Factory De faul t Max. to xx characte r. User Name for L2TP connec tion NULL Login P assw ord Sett ing Descrip tion Factory De faul t Max.
Industri al Se cure Rout er U ser's Man ual Virtual P rivate N etwork (VPN) 9- 12 L2TP for Remo te User Ma intenance The follow ing exa mpl e show s ho w a Roaming user use s L2TP over IPSec to connect to the remo te site network. VPN Plan • A ll communicatio n from the Roaming user ( n o f ixed IP) to the R emote site Network (100.
10 10. Diagnosis The Ind ustrial Secure R o uter provides Ping tools and LLD P for administr ators to diagnose ne twork systems. The follow ing topics are covered in this chapter: Ping LLD P.
Industri al Se cure Rout er U ser's Man ual Diagno sis 10 -2 Ping The Ping functio n uses the ping comm and to gi ve users a simple but powerful tool for troubles hooting network proble ms.
Industri al Se cure Rout er U ser's Man ual Diagno sis 10 -3 LLDT Table Port: The por t number that connects to the neighbor d evice. Neighbor ID: A unique e ntity that identifie s a neighbor device; this is typically the MAC addres s. Neighbor P ort: The port number of the neighbor device.
A A. MIB Groups The Ind ustrial Secure R outer comes w ith built - in SNMP (S imple Ne twork Manageme nt Protocol) ag ent software that suppor ts cold start trap , line up/down trap, and RFC 1213 MIB - II. The standar d MIB groups that the Indus trial Secure R outer series suppo rt are: MIB I I.
Industri al Se cure Rout er U ser's Man ual MIB Group s A-2 The Ind ustrial Secure R outer also provides a MIB file, locate d in the file “Moxa - EDR G903 - MIB.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Moxa EDR-810 è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Moxa EDR-810 - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Moxa EDR-810 imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Moxa EDR-810 ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Moxa EDR-810, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Moxa EDR-810.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Moxa EDR-810. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Moxa EDR-810 insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.