Ltecube Cat4 Wifi - Manual.v1.2.0
Ltecube Cat4 Wifi - Manual.v1.2.0
Ltecube Cat4 Wifi - Manual.v1.2.0
LTECube-CAT4NA2-WIFI
IoT 150Mbps CAT4 LTE Ethernet Gateway
LTECube-CAT4GL-WIFI
IoT 150Mbps CAT4 LTE Ethernet Gateway
Warranty
Microhard Systems Inc. warrants that each product will be free of defects in material and workmanship for a
period of one (1) year for its products. The warranty commences on the date the product is shipped by Micro-
hard Systems Inc. Microhard Systems Inc.’s sole liability and responsibility under this warranty is to repair or
replace any product which is returned to it by the Buyer and which Microhard Systems Inc. determines does
not conform to the warranty. Product returned to Microhard Systems Inc. for warranty service will be shipped
to Microhard Systems Inc. at Buyer’s expense and will be returned to Buyer at Microhard Systems Inc.’s ex-
pense. In no event shall Microhard Systems Inc. be responsible under this warranty for any defect which is
caused by negligence, misuse or mistreatment of a product or for any unit which has been altered or modified
in any way. The warranty of replacement shall terminate with the warranty of the product.
Warranty Disclaims
Microhard Systems Inc. makes no warranties of any nature of kind, expressed or implied, with respect to the
hardware, software, and/or products and hereby disclaims any and all such warranties, including but not lim-
ited to warranty of non-infringement, implied warranties of merchantability for a particular purpose, any inter-
ruption or loss of the hardware, software, and/or product, any delay in providing the hardware, software, and/
or product or correcting any defect in the hardware, software, and/or product, or any other warranty. The Pur-
chaser represents and warrants that Microhard Systems Inc. has not made any such warranties to the Pur-
chaser or its agents MICROHARD SYSTEMS INC. EXPRESS WARRANTY TO BUYER CONSTITUTES MICROHARD
SYSTEMS INC. SOLE LIABILITY AND THE BUYER’S SOLE REMEDIES. EXCEPT AS THUS PROVIDED, MICROHARD
SYSTEMS INC. DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTY OF MER-
CHANTABILITY OR FITNESS FOR A PARTICULAR PROMISE.
MICROHARD SYSTEMS INC. PRODUCTS ARE NOT DESIGNED OR INTENDED TO BE USED IN
ANY LIFE SUPPORT RELATED DEVICE OR SYSTEM RELATED FUNCTIONS NOR AS PART OF
ANY OTHER CRITICAL SYSTEM AND ARE GRANTED NO FUNCTIONAL WARRANTY.
Indemnification
The Purchaser shall indemnify Microhard Systems Inc. and its respective directors, officers, employees, suc-
cessors and assigns including any subsidiaries, related corporations, or affiliates, shall be released and dis-
charged from any and all manner of action, causes of action, liability, losses, damages, suits, dues, sums of
money, expenses (including legal fees), general damages, special damages, including without limitation,
claims for personal injuries, death or property damage related to the products sold hereunder, costs and de-
mands of every and any kind and nature whatsoever at law.
IN NO EVENT WILL MICROHARD SYSTEMS INC. BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL,
INCIDENTAL, BUSINESS INTERRUPTION, CATASTROPHIC, PUNITIVE OR OTHER DAMAGES WHICH MAY BE
CLAIMED TO ARISE IN CONNECTION WITH THE HARDWARE, REGARDLESS OF THE LEGAL THEORY BEHIND
SUCH CLAIMS, WHETHER IN TORT, CONTRACT OR UNDER ANY APPLICABLE STATUTORY OR REGULATORY
LAWS, RULES, REGULATIONS, EXECUTIVE OR ADMINISTRATIVE ORDERS OR DECLARATIONS OR OTHERWISE,
EVEN IF MICROHARD SYSTEMS INC. HAS BEEN ADVISED OR OTHERWISE HAS KNOWLEDGE OF THE POSSIBIL-
ITY OF SUCH DAMAGES AND TAKES NO ACTION TO PREVENT OR MINIMIZE SUCH DAMAGES. IN THE EVENT
THAT REGARDLESS OF THE WARRANTY DISCLAIMERS AND HOLD HARMLESS PROVISIONS INCLUDED ABOVE
MICROHARD SYSTEMS INC. IS SOMEHOW HELD LIABLE OR RESPONSIBLE FOR ANY DAMAGE OR INJURY, MI-
CROHARD SYSTEMS INC.'S LIABILITY FOR ANYDAMAGES SHALL NOT EXCEED THE PROFIT REALIZED BY MI-
CROHARD SYSTEMS INC. ON THE SALE OR PROVISION OF THE HARDWARE TO THE CUSTOMER.
Proprietary Rights
The Buyer hereby acknowledges that Microhard Systems Inc. has a proprietary interest and intellectual prop-
erty rights in the Hardware, Software and/or Products. The Purchaser shall not (i) remove any copyright, trade
secret, trademark or other evidence of Microhard Systems Inc.’s ownership or proprietary interest or confiden-
tiality other proprietary notices contained on, or in, the Hardware, Software or Products, (ii) reproduce or modi-
fy any Hardware, Software or Products or make any copies thereof, (iii) reverse assemble, reverse engineer or
decompile any Software or copy thereof in whole or in part, (iv) sell, transfer or otherwise make available to
others the Hardware, Software, or Products or documentation thereof or any copy thereof, except in accord-
ance with this Agreement.
© Microhard 2
Important User Information (continued)
It is assumed that users of the products described herein have either system integration or
design experience, as well as an understanding of the fundamentals of radio communications.
Throughout this manual you will encounter not only illustrations (that further elaborate on the
accompanying text), but also several symbols which you should be attentive to:
Caution or Warning
Usually advises against some action which could result in undesired or
detrimental consequences.
Point to Remember
Highlights a key feature, point, or step which is noteworthy. Keeping
these in mind will simplify or enhance device usage.
Tip
An idea or suggestion to improve efficiency or enhance usefulness.
Information
Information regarding a particular technology or concept.
© Microhard 3
Important User Information (continued)
Pour satisfaire aux exigences de la FCC d'exposition RF pour les appareils mobiles de transmission, une distance de séparation de 23cm ou
WARNING plus doit être maintenue entre l'antenne de cet appareil et les personnes au cours de fonctionnement du dispositif. Pour assurer le respect,
les opérations de plus près que cette distance n'est pas recommandée. L'antenne utilisée pour ce transmetteur ne doit pas être co-localisés
en conjonction avec toute autre antenne ou transmetteur.
MAXIMUM EIRP
FCC Regulations allow up to 36dBm Effective Isotropic Radiated Power (EIRP). Therefore, the sum of the transmitted power (in dBm), the
cabling loss and the antenna gain cannot exceed 36dBm.
WARNING Réglementation de la FCC permettra à 36dBm Puissance isotrope rayonnée équivalente (EIRP). Par conséquent, la somme de la puissance
transmise (en dBm), la perte de câblage et le gain d'antenne ne peut pas dépasser 36dBm.
Ce dispositif a été approuvé de façon modulaire. Le fabricant, le nom du produit, et la FCC et de l'Industrie du Canada identifiants de ce
WARNING produit doit figurer sur l'étiquette à l'extérieur de l'équipement de l'utilisateur final.
This device complies with Part 15 of the FCC Rules. This device complies with Part 15 of the FCC Rules.
Operation is subject to the following two conditions: Operation is subject to the following two conditions:
(1) this device may not cause harmful interference, (1) this device may not cause harmful interference,
and (2) this device must accept any interference and (2) this device must accept any interference
received including interference that may cause received including interference that may cause
undesired operation. undesired operation.
FCCID: NS916PX2
IC: 3143A-16PX2
Please Note: These are only sample labels; different products contain different identifiers. The actual identifiers should be seen on
your devices if applicable. S'il vous plaît noter: Ce sont des exemples d'étiquettes seulement; différents produits contiennent des
identifiants différents. Les identifiants réels devrait être vu sur vos périphériques le cas échéant.
© Microhard 4
Revision History
© Microhard 5
Table of Contents
4.0 Configuration.................................................................................................. 20
4.0 Web User Interface ........................................................................................................... 20
4.0.1 Logon Window .......................................................................................................... 21
4.1 System ............................................................................................................................... 23
4.1.1 Summary .................................................................................................................. 23
4.1.2 Settings ..................................................................................................................... 23
Host Name................................................................................................................ 23
Console Timeout ...................................................................................................... 23
Date/Time ................................................................................................................. 24
NTP Server Settings ................................................................................................. 24
4.1.3 Services .................................................................................................................... 26
FTP ........................................................................................................................... 26
Telnet ........................................................................................................................ 26
HTTP/HTTPS ........................................................................................................... 26
4.1.4 Keepalive .................................................................................................................. 27
4.1.5 Maintenance ............................................................................................................. 29
Firmware Upgrade .................................................................................................... 29
Reset to Default ........................................................................................................ 29
Backup & Restore Configurations ............................................................................ 30
4.1.6 Reboot ...................................................................................................................... 31
4.2 Network ............................................................................................................................. 32
4.2.1 Status ....................................................................................................................... 32
4.2.2 LAN ........................................................................................................................... 33
4.2.3 DHCP (MAC Binding) ............................................................................................... 37
4.2.4 DDNS ....................................................................................................................... 38
4.2.5 Routes ...................................................................................................................... 40
4.2.6 VRRP (Virtual Router Redundancy Protocol) .......................................................... 42
4.2.7 Ports ......................................................................................................................... 43
4.2.8 Bandwidth (Throttling Control) .................................................................................. 44
4.2.9 Device List ................................................................................................................. 45
4.2.10 Cloud Filter (Content/Security Filter) ....................................................................... 46
4.2.11 MultiWAN ................................................................................................................ 47
© Microhard 6
Table of Contents
© Microhard 7
Table of Contents
© Microhard 8
1.0 Overview
The LTECube-4-WIFI was engineered specifically for the low cost, small size, low power re-
quirements of IoT and M2M applications. The LTECube-4-WIFI provides up to 150 Mbps
throughput of CAT4 LTE Cellular data. The LTECube-CAT-WIFI models feature a 10/100
Ethernet Port and high power 2.4 GHz 802.11 b/g/n WIFI.
Providing reliable Cellular Ethernet bridge functionality as well gateway service for most
equipment types which employ a RJ45 Ethernet or WIFI interface, the LTECube Series can
be used in low bandwidth applications such as:
© Microhard 9
1.0 Overview
1.2 Specifications
Cellular
Network Protocols: IPv4, IPv6, TCP, UDP, TCP/IP, TFTP, ARP, ICMP, DHCP, HTTP,
HTTPS, SSH, SNMP, FTP, DNS
Input Voltage: 5-30 VDC or Passive POE on LAN or USB Powered (5V @1.5A)
Environmental
Mechanical
© Microhard 10
2.0 Quick Start
This QUICK START guide will walk you through the setup and process required to access the
WebUI configuration window and to establish a basic wireless connection to your carrier.
Note that the units arrive from the factory with the Local Network setting configured as
‘Static’ (IP Address 192.168.168.1, Subnet Mask 255.255.255.0), in DHCP server mode.
✓ Before the LTECube can be used on a cellular network a valid SIM Card for your Wireless
Carrier must be installed. Insert the SIM Card into the SIM tray, use the included tool to
eject the tray, the SIM will only fit into the tray if installed properly.
✓ Connect the power connector to the power adapter and apply power to the unit, once
fully booted, proceed to the next step.
5-30VDC
© Microhard 11
2.0 Quick Start
✓ Connect A PC configured for DHCP directly to the LAN port of the LTECube, using an
Ethernet Cable. If the PC is configured for DHCP it will automatically acquire a IP Address
from the LTECube.
✓ Open a Browser Window and enter the IP address 192.168.168.1 into the address bar.
192.168.168.1
The factory default network
settings:
IP: 192.168.168.1
Subnet: 255.255.255.0
Gateway: 192.168.168.1
✓ The LTECube will then ask for a Username and Password. Enter the factory defaults listed
below.
© Microhard 12
2.0 Quick Start
✓ Once successfully logged in, the System Summary page will be displayed.
✓ If the SIM card is installed, but an APN has not been specified. The LTECube will try to
use Auto APN (default) which may provide quick network connectivity, but may not work
with some carriers, or with private APN’s.
✓ To set or change the APN, click on the Carrier > Settings tab and enter the APN supplied
by your carrier in the APN field. Some carriers may also require a Username and Pass-
word.
© Microhard 13
2.0 Quick Start
✓ On the Carrier > Status Tab, verify that a WAN IP Address has been assigned by your
carrier. It may take a few minutes, so try refreshing the page if the WAN IP Address
doesn’t show up right away. The Activity Status should also show “Connected”.
✓ If you have set a static IP on your PC, you may need to add the DNS Servers shown in
the Carrier Status Menu to you PC to enable internet access.
Ensure the default
passwords are changed. ✓ Congratulations! Your LTECube is successfully connected to your Cellular Carrier.
✓ To access devices connected to LTECube remotely, one or more of the following must be
configured: Port Forwarding, DMZ or VPN Tunnel.
✓ Ensure that all default passwords are changed to limit access to the modem.
© Microhard 14
3.0 Hardware Features
3.1 LTECube-CAT4-WIFI
The LTECube is available in a enclosed version ready to be interfaced to external devices with standard
connectors as discussed below. A optional mounting bracket can be ordered to allow the enclosed version
of the LTECube to be mounted for fixed installations.
© Microhard 15
3.0 Hardware Features
© Microhard 16
3.0 Hardware Features
On the front of the LTECube-CAT4-WIFI is the CFG Button, USB Port, Main/Diversity/GPS/WIFI Antenna
Connectors and the SIM Card Slot/tray. The top of the LTECube are the status indicators, RSSI, RF (TX/
RX), GPS and Status.
The USB port is for internal use and may be a future development to be available at a later date. The unit
can also be powered via the USB port, provided it can provide a minimum of 5V @1.5A.
The Main and Diversity antennas are required for the LTE connection to the cellular carrier.
The GPS antenna is required for a GPS connection to provide location based services.
The WIFI antenna is used for the optional 802.11 b/g/n WIFI available for the LTECube.
CFG (Button) - Holding this button while powering-up the LTECube will boot the unit into FLASH FILE
SYSTEM RECOVERY mode (factory use only). One the Statis LED starts to flash, hold for 1 second for
httpd recovery mode, 5 seconds for tftp recovery mode, or 10 seconds for master reset. If button is held for
longer than 15 seconds the button will be ignored.
If the unit has been powered-up for some time (>1 minute), depressing the CFG Button for ~10 seconds
(unit will reboot) will result in FACTORY DEFAULTS being restored, including the static factory IP address.
The factory default network This IP address is useable in a Web Browser for accessing the Web User Interface.
settings:
IP: 192.168.168.1 Receive Signal Strength Indicator (RSSI) - As the received signal strength increases, starting with the
Subnet: 255.255.255.0
Gateway: 192.168.168.1 furthest left, the number of active RSSI LEDs increases.
GPS - Indicates that the optional standalone GPS module Signal RSSI1 RSSI2 RSSI3
has synchronized and is ready for use. (dBm)
(-85, 0] ON ON ON
RF (Tx(Blue)/Rx(Green)) LED’s - The RF Tx/Rx LED’s
(-90, -85] ON ON FLASH
indicate carrier (cellular) traffic.
(-95, -90] ON ON OFF
Status/CPU LED (Blue) - The CPU LED indicates that
(-100, -95] ON FLASH OFF
power has been applied to the module.
(-105, -100] ON OFF OFF
SIM - This tray is used to install SIM card(s) provided by
(-109, -105] FLASH OFF OFF
the cellular carrier. Use the tool provided to eject the SIM
tray. The SIM will only sit properly if placed in the correct Other SCANNING SCANNING SCANNING
orientation.
Table 3-1: RSSI LED’s
© Microhard 17
3.0 Hardware Features
Located on the back of the LTECube are the Power and Ethernet interface.
The LAN Port is a 10/100 Mbps RJ-45 interface used to connect Ethernet based field devices.
Vin+/Vin– is used to power the unit. The input Voltage range is 5-30 Vdc.
The LTE Cube can be powered via Passive PoE Injector or Active to Passive PoE Adapter with a with a
maximum output voltage of 30 VDC. Passive PoE Injectors and Active to Passive PoE Adapters are
available from Microhard for use with the LTE Cube.
The LTE Cube can also be powered from USB (5V @ 1.5A)
Caution: Using a power
supply that does not
provide proper voltage
may damage the modem.
Ethernet RJ45 Connector Pin Number
Source
1 2 3 4 5 6 7 8
Voltage
PoE Passive
Adapter PoE
Injector
802.3AF/AT 802.3AF/AT
LAN Port
9—30V
PoE Switch PoE Switch Non PoE Switch/Device
© Microhard 18
3.0 Hardware Features
The LTE Cube cannot be directly powered by a Active PoE switch, and may be damaged by doing so.
The following Active PoE Adapter is available from Microhard to allow the LTE Cube to be connected to a
Active PoE switch.
24VDC
802.3AF/AT
To use the Passive PoE feature of the LTE Cube, you must use a Passive PoE Injector with a maximum
output voltage of 30VDC. It is recommended to use the Passive PoE Injector available from Microhard.
24VDC
24VDC
Non-PoE Switch
or device
© Microhard 19
4.0 Configuration
The factory default network Initial configuration of an LTECube using the Web User (Browser) Interface (Web UI) method involves the
settings:
following steps:
IP: 192.168.168.1
Subnet: 255.255.255.0
Gateway: 192.168.168.1
• configure a static IP Address on your PC to match the default subnet or if your PC is configured for
DHCP, simply connect a PC to a LAN port of the LTECube and it will be assigned a IP address
automatically.
• apply power to the LTECube and wait approximately 60 seconds for the system to load
• open a web browser and enter the factory default IP address(192.168.168.1) of the unit:
• logon window appears; log on using default Username: admin Password: admin
• use the web browser based user interface to configure the LTECube as required.
In this section, all aspects of the Web Browser Interface, presented menus, and available configuration
options will be discussed.
© Microhard 20
4.0 Configuration
Upon successfully accessing the LTECube using a Web Browser, the Logon window will appear.
Note that the password is case sensitive. It should be changed (discussed further along in this section),
but once changed, if forgotten, may not be recovered.
It is advisable to change the
login Password. Do not
FORGET the new password When entered, the password appears as ’dots’ as shown in the image below. This display format prohibits
as it cannot be recovered. others from viewing the password.
The ‘Remember my password’ checkbox may be selected for purposes of convenience, however it is
recommended to ensure it is deselected - particularly once the unit is deployed in the field - for one
primary reason: security.
If the LTECube is restored to factory defaults the password is also restored to the original default
password.
It is required to change the password upon initial login, once the password is changed, it will be
required to login to the unit once again with the updated password.
© Microhard 21
4.0 Configuration
4.1 System
The main category tabs located at the top of the navigation bar separate the configuration of the LTECube
into different groups based on function. The System Tab contains the following sub menu’s:
The System Summary screen is displayed immediately after initial login, showing a summary and status of
all the functions of the LTECube in a single display. This includes information about the System, Carrier
(Cellular Carrier) and network status.
© Microhard 22
4.0 Configuration
System Settings
Options available in the System Settings menu allow for the configuration of the Host Name, Description,
Console Timeout and System Log server settings.
Host Name/Description
The Host Name is a convenient identifier for a specific LTECube unit. Values (characters)
This feature is most used when accessing units remotely: a convenient
cross-reference for the unit’s WAN/Carrier IP address. This name LTECube (varies)
appears when logged into a telnet session, or when the unit is
reporting into Microhard NMS System. up to 30 characters
The description provides an additional field for text characters, but is
not displayed anywhere but in this field.
© Microhard 23
4.0 Configuration
http://xxx.xxx.xxx.xxx/cgi-bin/webif/request.sh?syslog
Time Settings
The LTECube can be set to use a local time source, thus keeping time on its own, or it can be configured
to synchronize the date and time via a NTP Server. The options and menus available will change
depending on the current setting of the Date and Time Setting Mode, as seen below.
Date
The calendar date may be entered in this field. Note that the entered Values (yyyy-mm-dd)
value is lost should the LTECube lose power for some reason.
2015.04.01 (varies)
© Microhard 24
4.0 Configuration
Time
The time may be entered in this field. Note that the entered value is Values (hh:mm:ss)
lost should the LTECube lose power for some reason.
11:27:28 (varies)
Timezone
If connecting to a NTP time server, specify the timezone from the Values (selection)
dropdown list.
User Defined (or out of date)
POSIX TZ String
This displays the POSIX TZ String used by the unit as determined by Values (read only)
the timezone setting.
(varies)
NTP Server
Enter the IP Address or domain name of the desired NTP time server. Values (address)
pool.ntp.org
NTP Port
Enter the IP Address or domain name of the desired NTP time server. Values (port#)
123
© Microhard 25
4.0 Configuration
Services in the LTECube can be disabled/enabled as well as changing the default ports used for either
security considerations or resource considerations. The changes are applied after a reboot.
FTP
The FTP service can be enabled/disabled using the Services Status Values (selection)
Menu. The FTP service is used for firmware recovery operations.
Enable / Disable
Telnet
Using the Telnet Service Enable/Disable function, you can disable the Values (port)
Telnet service from running on the modem. The port used by the
Telnet service can also be modified. The default is 23. 23
SSH
Using the SSH Service Enable/Disable function, you can disable the Values (port)
SSH service (Port 22) from running on the modem. The port used by
the SSH service can also be modified. The default is 22. 22
Web UI
The default web server port for the web based configuration tools used Values (selection)
in the modem is port 80 (http) and port 443 (HTTPS).
HTTP/HTTPS
Change as required, but keep in mind that if a non standard port is HTTP
used, it must be specified in a internet browser to access the unit. HTTPS
(example: http://192.168.168.1:8080).
Microhard Sh
Reserved for factory/internal use. Values (selection)
Enable / Disable
© Microhard 26
4.0 Configuration
Keepalive
Enable or Disable the keep alive functions of the modem. If it is Values (Selection)
disabled, the user can configure the Traffic Check separately. The unit
will monitor traffic on the Cell interface. Enable / Disable
Traffic Watchdog
The Traffic Watchdog is available when the keepalive option above is Values (Selection)
disabled. The Traffic Watchdog simply monitors that there is activity of
the cellular interface, regardless of whether there is network Enable / Disable
connectivity or not, and reboots at the specified interval if no activity is
detected.
Traffic Check
Monitors traffic on the Cell interface. If the LTECube detects that there Values (Selection)
is no activity it will attempt a ICMP, HTTP or DNS Lookup as
configured below to determine if service has been lost. Enable / Disable
CLI Activity
Monitors the activity of CLI. If the console isn't accessed within the Values (Selection)
certain period which is specified by Console Timeout in System-
Settings web page, the modem will send out the connection request. Enable / Disable
© Microhard 27
4.0 Configuration
Web UI Activity
Monitors the activity of Web UI. If the Web UI isn't accessed or Values (Selection)
refreshed within the certain period which is specified by Console
Timeout in System-Settings web page, the modem will send out the Enable / Disable
connection request.
Type
Once the connection is lost, the modem will send one of the requests Values (Selection)
to the remote host to determine the connection status. If the modem
fails to get the response, it will re-send the request within the seconds ICMP
specified by Keepalive Interval below: HTTP
DNS Lookup
ICMP: Send a "ping" request
HTTP: Send a "wget" request to a HTTP server
DNS Lookup: Send a "dslookup" request to a DNS server
Host Name
Specify a IP Address or Domain that is used to test the modems Values (IP or Domain)
connection. The modem will send out the connection requests to the
specified Host. 8.8.8.8
Keepalive Interval
The Interval value determines the frequency, or how often, the unit will Values (seconds)
send out PING messages to the Host. The LTECube will first attempt
to re-initialize the cellular model before performing a full system 300
reboot, thus the interval may be delayed by up to 120 seconds)
Keepalive Retry
The Keepalive Retry is the maximum number of connection failures Values (number)
such as “Host unreachable” the unit will attempt before the unit will
reboot itself to attempt to correct connection issues. The default 20
number is 20, and valid value is from 10 to 200.
© Microhard 28
4.0 Configuration
Firmware Upgrade
Occasional firmware updates may be released by Microhard Systems which may include fixes and/or new
Firmware Image
Use the Browse button to find the firmware file supplied by Microhard Values (file)
Systems. Select “Upgrade Firmware” to start the upgrade process.
This can take several minutes. (no default)
Reset to Default
The LTECube may be set back to factory defaults by using the Reset to Default option under System >
Maintenance > Reset to Default. *Caution* - All settings will be lost!!!
© Microhard 29
4.0 Configuration
The configuration of the LTECube can be backed up to a file at any time using the Backup Configuration
feature. The file can the be restored using the Restore Configuration feature. It is always a good idea to
backup any configurations in case of unit replacement. The configuration files cannot be edited offline, they
are used strictly to backup and restore units.
Image 4-1-7: Maintenance > Reset to Default / Backup & Restore Configuration
The Keep CARRIER Settings box can be selected before the restore process is started, if it is selected the
LTECube will retain the current carrier settings and not overwrite them with the settings contained in the
backup file.
The Keep IoT Settings box can be selected before the restore process is started, if it is selected the
LTECube will retain the current IoT settings and not overwrite them with the settings contained in the
backup file.
© Microhard 30
4.0 Configuration
The LTECube can be remotely rebooted using the System > Reboot menu. As seen below a button
‘Reboot now’ is provided. Once pressed, the unit immediately reboots and starts its boot up procedure. The
LTECube can also be restarted on a regular basis by setting up a daily/weekly/monthly schedules.
Status
Use this option to enable or disabled schooled reboots. If enabled the Values (selection)
LTECube will reboot at the interval defined below.
Disable / Enable
Type
Schedule daily, weekly or monthly reboots. Setting up a reboot Values (selection)
schedule can help keep the modem connected to the cellular carrier
and prevent physically rebooting the modem if located at a remote Reboot Daily
destination. Reboot Weekly
Reboot Monthly
Days / Time
If set for weekly, days are counted from Sunday to Saturday (0 to 6), Values (selection)
and if set to monthly the days are counted 1 to 31. Multiple days can
be specified by separating with a comma ‘,’. 1,
Set the time of day (24hr clock) for which to reboot the device.
© Microhard 31
4.0 Configuration
4.2 Network
You can also view statistical information about the interfaces including Received (RX) and Transmitted
(TX) bytes and packets for each network interface.
© Microhard 32
4.0 Configuration
The LTECube features a RJ45 LAN port that can be used for connection of devices on a local network. By
default the LAN has a static IP Address assigned, 192.168.168.1. Also, by default the LAN is running a
DHCP server to provide IP Addresses to devices that are connected to the physical LAN port (directly or
via a switch).
Network Interfaces can be added/edited. By default any additional interfaces added will automatically
assign IP addresses to connecting devices via DHCP.
Advantage:
Ensures unique IP addresses
are assigned, from a central
point (DHCP server) within a
network.
© Microhard 33
4.0 Configuration
IGMP Snooping
This feature allows a network switch to listen in on the IGMP Values (selection)
conversation between hosts and routers. By listening to these
conversations the switch maintains a map of which links need which IP Enable
The factory default
multicast streams. Disable
network settings:
IP Address
A SUBNET MASK is a bit
If ‘Static’ Connection Type is selected, a valid IPv4 Address for the Values (IP Address)
mask that separates the network being used must be entered in the field. If ‘DHCP’ is chosen
network and host (device) this field will not appear and it will be populated automatically from the 192.168.168.1
portions of an IP address. DHCP server.
The ‘unmasked’ portion
leaves available the
information required to
identify the various devices
on the subnet.
Netmask
If ‘Static’ Connection Type is selected, the Network Mask must be Values (IP Address)
entered for the Network. If ‘DHCP’ is chosen this field will not appear
and it will be populated automatically from the DHCP server. 255.255.255.0
DNS Mode
If the Connection Type is set to DHCP, you can use Auto for the DNS Values (selection)
Within any IP network, each
Mode and a DNS server will automatically be defined. If the connection
device must have its own type is set as static, DNS servers can be manually specified. Auto
unique IP address. Manual
© Microhard 34
4.0 Configuration
LAN DHCP
A LTECube may be configured to provide dynamic host control protocol (DHCP) service to all attached
devices. By default the DHCP service is enabled, so devices that are connected to the physical Ethernet
LAN ports will be assigned an IP by the LTECube. The LAN DHCP service is available for each interface,
and is located in the add/edit interface menus.
DHCP Server
The option is used to enable or disable the DHCP service for devices Values (selection)
connected to the LAN Port(s).
Prior to enabling this service, Enable / Disable
verify that there are no other
devices - either wired (e.g.
LAN) or wireless with an
active DHCP SERVER
Start IP Address
service. (The Server issues
IP address information at the
request of a DHCP Client,
Select the starting address DHCP assignable IP Addresses. The first Values (IP Address)
octets of the subnet will be pre-set based on the LAN IP configuration,
which receives the
information.) and can not be changed. 192.168.168.100
Number of Address
Set the maximum number of IP addresses that can be assigned by the Values (integer)
LTECube.
150
Lease Time
The DHCP lease time is the amount of time before a new request for a Values (minutes)
network address must be made to the DHCP Server.
720
Alternate Gateway
Specify an alternate gateway for DHCP assigned devices if the default Values (IP Address)
gateway is not to be used.
(IP Address)
© Microhard 35
4.0 Configuration
© Microhard 36
4.0 Configuration
Name
The name field is used to give the device a easily recognizable name. Values (characters)
(no default)
MAC Address
Enter in the MAC address of the device to be bound to a set IP Values (MAC Address)
address. Set the IP Address in the next field. Must use the format:
AB:CD:DF:12:34:D3. It is not case sensitive, but the colons must be (no default)
present.
IP Address
Enter the IP Address to be assign to the device specified by the MAC Values (IP Address)
address above.
(minutes)
Static Addresses
This section displays the IP address and MAC address currently assigned through the DCHP service, that
are bound by it’s MAC address. Also shown is the Name, and the ability to remove the binding by clicking
“Remove _______”.
© Microhard 37
4.0 Configuration
Unless a carrier issues a Static IP address, it may be desirable to use a Dynamic DNS (DDNS) service to
track dynamic IP changes and automatically update DNS services. This allows the use of a constant
resolvable host name for the LTECube.
DDNS Status
This selection allows the use of a Dynamic Domain Name Server Values (Selection)
(DDNS), for the LTECube.
Enable
Disable
Network
If the LTECube is using a wired WAN (ISP) as well as a Cellular Values (Selection)
carrier, specific which will use the DNS service.
Auto
Carrier
Periodic Update
When the LTECube powers up and comes online it will report any IP Values (Selection)
Address changes to the selected DNS service. Additionally the
LTECube can periodically update the service as configured. 5 minutes
15 minutes
Some Dynamic DNS service providers do not allow periodic updates, 60 minutes
or updates for the same IP address. Please review your chosen 4 hours
service providers policy before enabling this feature. 8 hours
24 hours
Service
This is a list of supported Dynamic DNS service providers. Free and Values (selection)
premium services are offered, contact the specific providers for more
information. changeip ovh
dyndns regfish
eurodyndns tzo
Hn Zoneedit
Noip Customized
Ods DMSmadeEasy
© Microhard 38
4.0 Configuration
Host
This is the host or domain name for the LTECube as assigned by the Values (domain name)
DDNS provider. Use the provided button to query the server (if
configured correctly) (none)
URL
This field appears when “custom dns” is selected. Values (characters)
How to fill URL: (none)
Use placeholder ${user} for username; ${pwd} for password; ${host}
for hostname; ${ip} for IP address.
eg: http://${user}:${pwd}@exampleddns.com/update?
hostname=${host}&myip=${ip}
© Microhard 39
4.0 Configuration
Name
Routes can be names for easy reference, or to describe the route Values (characters)
being added.
(no default)
Destination Subnet
Enter the network IP address for the destination subnet. Values (IP Address)
(192.168.168.0)
Gateway
Specify the Gateway used to reach the network specified above. Values (IP Address)
192.168.168.1
Netmask
Enter the Netmask for the destination network. Values (IP Address)
255.255.255.0
© Microhard 40
4.0 Configuration
Metric
In some cases there may be multiple routes to reach a destination. Values (Integer)
The Metric can be set to give certain routes priority, the lower the
metric is, the better the route. The more hops it takes to get to a 255.255.255.0
destination, the higher the metric.
Interface
Define the exit interface. Is the destination a device on the LAN, LAN1 Values (Selection)
(If physical WAN port is bridged as an independent LAN), 3G/4G
(cellular), USB or the WAN? LAN / Carrier / GRE / None
© Microhard 41
4.0 Configuration
Internet
PC/LAN Device
LAN: 192.168.220.50
Gateway: 192.168.220.211
Switch
VRRP Status
Enable or disable the VRRP service on the LTECube. To change Values (Selection)
settings the VRRP service must be disabled (then submitted) and then
re-enabled. Enable / Disable
Virtual Router IP
This is the IP Address of the virtual router, this must be the same on all Values
devices participating in VRRP. This is the IP that any attached LAN
PC/device would use as its default gateway. 192.168.220.211
© Microhard 42
4.0 Configuration
Virtual Router ID
This is the Router ID. Each router/ participating in VRRP should have Values
a router ID to distinguish between them.
2
Router Priority
This is the Router priority. This number to assigned to each router to Values
determine which router(s) will be used first or as the primary. The
higher the ID, the higher the priority. 150
© Microhard 43
4.0 Configuration
Rule Name
The rule name is used as a reference to be able to help identify which Values (chars)
interface or network is attached to the affected network interface.
rule1
Network
Select the physical interface to be affected by the Bandwidth Throttling Values (selection)
as defined below.
(varies)
Upload Bandwidth
Set the data limit (speed) for file uploads if uploads have been allowed Values (kbps)
using the Upload Bandwidth Enable.
10000
© Microhard 44
4.0 Configuration
Download Bandwidth
Set the data limit (speed) for file downloads if downloads have been Values (kbps)
allowed using the Download Bandwidth Enable.
30000
© Microhard 45
4.0 Configuration
Status
When Cloud Filter is enabled, this status will be refreshed every 30 Values (selection)
seconds, showing the OpenDNS status. For OpenDNS to be active,
the status must be green and show "Connected to OpenDNS". Enable / Disable
© Microhard 46
4.0 Configuration
MultiWAN Enable
Enable or disable the MultiWAN service on the LTECube. To use Values (selection)
MultiWAN, the WIFI must be configured as a Client & bound to the
WIFI interface. Enable / Disable
Primary WAN
Define which connection is the primary network/internet connection for Values (selection)
the LTECube.
WIFI Client | Carrier Network
Second WAN
Select which WAN connection is the secondary connection. When a Values (selection)
failure of the main WAN occurs this will be the first alternative.
Generally this will be the cellular connection. WIFI Client | Carrier Network
© Microhard 47
4.0 Configuration
Switch Notification
It is possible for the LTECube to send out a notification when the Values (selection)
MultiWAN has switched its available connection and is routing data
through an alternate interface. Disable / Email / SMS / Both
Failover Settings (Same settings for WAN, WIFI Client and Carrier)
Type
Select the type of failover detection to be used. By default ICMP is Values (selection)
used to ping a specified address(s), a DNS Lookup can also be
selected. ICMP / DNS Lookup
Host Name
Up to three(3) reachable addresses can be specified to test for link Values (Address)
health at the frequency specified above for the Health Monitor Interval.
8.8.8.8
A test button is provided to ensure that reachable address have been 4.2.2.1
entered and that there are no errors. 208.67.222.222
Ping Mode
The Ping mode allows for the selected hosts to be pinged either Values (seconds)
Sequentially or Simultaneously. This option is only displayed when the
failover mode is set to ICMP. 3
ICMP Timeout
This is the amount of time the Health Monitor will wait for a response Values (seconds)
from the ICMP Host (when type is configured as ICMP).
3
© Microhard 48
4.0 Configuration
© Microhard 49
4.0 Configuration
4.3 IPv6
The IPv6 Status window provides complete overview information related to the IPv6 portion of the
LTECube. A variety of information can be found here, such as Network Status for interfaces configured for
IPv6. Information about the IPv6 DNS services, active DHCPv6 Leases and the current IPv6 Routing Table
can all be found on the IPv6 > Status window.
© Microhard 50
4.0 Configuration
The IPv6 setup windows provides the options required to setup IPv6 on the LTECube on the LAN
interface.
IPv6 Status
Enable or Disable IPv6 on the LTECube. When enabled the Values (Selection)
configuration option appear below.
Enable / Disabled
© Microhard 51
4.0 Configuration
IPv6 ULA-prefix
Modify the IPv6 ULA (Unique Local Address)-prefix here. If the prefix Values (Selection)
length > 48 the subnet ID will be ignored for this prefix.
Fd87:4588:5c48::/48
© Microhard 52
4.0 Configuration
Prefix Length
Prefix size used for assigned prefix to the interface. For example 64 Values (length)
will assign /64-prefixes.
64
Subnet ID
Set the desired Subnet ID. If the Subnet ID is not set an arbitrary ID Values (characters)
will be chosen.
(no default)
Router Advertisement-Service
Select the Router Advertisement-Service for the LAN. Values (selection)
Server Mode
Relay Mode
RA Lifetime
The amount of RA Lifetime given for the use of the IP address, from Values (seconds)
1800 to 9000 (seconds).
1800
DHCPv6 Service
Select the DHCPv6-Service mode for the LAN. Values (Selection)
Server Mode
Relay Mode
© Microhard 53
4.0 Configuration
NDP-Proxy
Select the NDP-Proxy mode for the LAN. Values (Selection)
Disabled
Relay Mode
© Microhard 54
4.0 Configuration
The IPv6 Firewall6 window allows the configuration of the firewall on the interfaces that are setup for IPv6.
The current Firewall for IPv6 can be viewed, changed and enabled/disabled under the Traffic Rules Status
summary of all current firewall rules.
Rule Name
The rule name is simply a text identifier to label the corresponding rule Values (Characters)
for reference.
(varies)
Action
The Action is used to define how the rule handles the connection Values (Selection)
request.
Accept
ACCEPT will allow a connection, while REJECT (error) and DROP Drop
(quietly dropped), will refuse connections. Reject
Address family
Select if the rule applies only to IPv6. Values (Selection)
IPv6 only
© Microhard 55
4.0 Configuration
Protocol
The protocol field defines the transport protocol type controlled by the Values (Selection)
rule.
TCP
UDP
TCP+UDP
ICMP
Protocol 41
ALL
Enable
Enables the specified IPv6 Firewall Rule. Values (Checkbox)
Checked
Source Zone
Specify the source zone/interface. Values (Selection)
lan zone (Covered networks: LAN)
wan2 zone (Covered networks: Carrier)
any zone
none
Source Port
Specify the source port(s). Multiple ports can be specified as 80 443 Values (Port)
465. Port range can be specified as 100:200 format.
(no default)
Destination Zone
Specify the destination zone/interface. Values (Selection)
lan zone (Covered networks: LAN)
wan2 zone (Covered networks: Carrier)
any zone
this device (input)
Destination Port
Specify the destination port(s). Multiple ports can be specified as 80 Values (Port)
443 465. Port range can be specified as 100:200 format.
(no default)
© Microhard 56
4.0 Configuration
It may be desirable to have devices on different subnets to be able to talk to one another. This can be
accomplished by specifying a static route, telling the LTECube where to send data.
Target
Enter the target IPv6 address or network CIDR. Values (IP Address)
(no default)
IPv6-Gateway
Specify the IPv6 Gateway used to reach the network specified above. Values (IP Address)
(no default)
Metric
Enter the metric for the static route. Values
0
Interface
Select the interface to which to send the data intended for the target Values (selection)
specified.
LAN
Carrier
none
© Microhard 57
4.0 Configuration
4.4 Carrier
The Carrier Status window provides complete overview information related to the Cellular Carrier portion of
the LTECube. A variety of information can be found here, such as Activity Status, Network (Name of
Wireless Carrier connected), Data Service Type (WCDMA/HSPA/HSPA+/LTE etc), Frequency band,
Phone Number etc.
The Received and Transmitted bytes and packets indicate the respective amount of data which has been
moved through the radio.
The Error counts reflect those having occurred on the wireless link.
© Microhard 58
4.0 Configuration
The parameters within the Carrier Configuration menu must be input properly; they are the most basic
requirement required by your cellular provider for network connectivity.
Carrier Status
Carrier Status is used to Enable or Disable the connection to the Values (Selection)
Cellular Carrier. By default this option is enabled.
Enable / Disable
MTU Size
Allows a user to specify the MTU size for custom applications. In most Values
cases this will be left blank and the system will determine the best
value. (blank)
© Microhard 59
4.0 Configuration
IP-Passthrough
IP pass-through allows the Carrier IP address to be assigned to the Values (Selection)
device connected to the LAN port. In this mode the LTECube is for the
most part transparent and forwards all traffic to the device connected Disable
to the selected Ethernet port except that listed below: Ethernet
• The WebUI port (Default Port:TCP 80), this port is retained for
remote management of the LTECube. This port can be changed to a
different port under the System > Services Menu.
Lease Time
When IP-Passthrough is enabled, this field appears where you can Values (minutes)
adjust the DHCP lease time for IP-Passthrough.
2
Virtual IP Address
When in IP passthrough mode the local IP is not available, thus the Values (IP Address)
virtual IP can be used for local configuration.
192.168.10.1
© Microhard 60
4.0 Configuration
Settings
Data Roaming
This feature allows the disabling or enable of data roaming. When data Values (Selection)
roaming is enabled the modem will be allowed to use data when in
roaming status. It is not recommended to allow roaming unless the Enable / Disable
appropriate data plans are in place.
Carrier Operator
In some cases, a user may want to lock onto a certain carrier. There Values (Selection)
are four options to choose from: Auto, SIM based, Manual and Fixed.
Auto
• Auto will allow the unit to pick the carrier automatically. Data roaming is Based on SIM
permitted.
• SIM based will only allow the unit to connect to the network indicated by the Manual
SIM card used in the unit. Fixed
• Manual will scan for available carriers and allow a user to select from the
available carriers. It takes 2 to 3 minutes to complete a scan.
• Fixed allows a user to enter the carrier code (numerical) directly and then the
unit will only connect to that carrier.
Technologies Mode
Select the valid types of Carrier connections allowed. For example, If set Values (selection)
to UMTS only, the LTECube will only allow connections to 3G/HSPA
related technologies, and not allow the device to connect to LTE WCDMA Only
technologies. LTE Only
TD-SCDMA Only
UMTS Only
CDMA Only
HDR Only
CDMA and HDR Only
SIM Type
Select the SIM profile if your SIM Card is being used on one of the Values (Selection)
Carriers listed. Otherwise select the Auto Detect option.
Auto Detect
General/ATT Mode
Verizon Mode
Auto APN (default) may allow the unit to quickly connect to a carrier, by cycling through a predetermined
list of common APN’s. Auto APN will not work for private APN’s or for all carriers.
© Microhard 61
4.0 Configuration
Advanced+
SIM Pin
The SIM Pin is required for some international carriers. If supplied and Values (characters)
required by the cellular carrier, enter the SIM Pin here.
(none)
Authentication
Sets the authentication type required to negotiate with peer. Values (Selection)
PAP - Password Authentication Protocol. PAP
CHAP - Challenge Handshake Authentication Protocol. CHAP
No Auth
Only required if the carrier requires a User Name and Password.
User Name
A User Name may be required for authentication to a remote peer. Values (characters)
Although usually not required for dynamically assigned IP addresses
from the wireless carrier. Varies by carrier. Carrier/peer dependent
Password
Enter the password for the user name above. May not be required by Values (characters)
some carriers, or APN’s
Carrier/peer dependent
Network+
PDP Type
IPv6 support is related to the LTECube’s configuration and carrier Values (selection)
network.
IPV4 and IPV6
IP
Default Route
Use this interface as the default route for all outbound traffic unless Values (Selection)
specified in the Network > Routes table.
Yes / No
DNS-Passthrough
When enabled DNS-Passthrough will pass on the WAN assigned DNS Values (Selection)
information to the end device.
Enable / Disable
© Microhard 62
4.0 Configuration
The SMS menu allows a user to view the SMS Command History and view the SMS messages on the SIM
Card.
© Microhard 63
4.0 Configuration
Status
This option allows a user to enable or disable to use of the following Values (Selection)
SMS commands to reboot or trigger events in the LTECube:
Enable / Disable
Status
SMS Messages received by the LTECube can be forwarded to another Values (Selection)
number. Messages can be saved or deleted from the SIM after
forwarding. Disable / Enable
© Microhard 64
4.0 Configuration
The Data Usage tool on the LTECube allows users to monitor the amount of cellular data consumed. Since
cellular devices are generally billed based on the amount of data used, alerts can be triggered by setting
daily and/or monthly limits. Notifications can be sent using SMS or Email, allowing a early warning if
configurable limits are about to be exceeded. The usage data reported by the Data Usage Monitor may not
match the data reported by the carrier, but it gives the users an idea of the bandwidth consumed by the
LTECube.
Status
If enabled the LTECube will track the amount of cellular data consumed. If Values (selection)
disabled, data is not recorded, even in the Current Data Usage display.
Disable
Enable
© Microhard 65
4.0 Configuration
Data Limit
Select the data limit for the day or month, used in connection with the data Values (1-65535)
unit is the previous field. If you want to set the limit to 250 Mbytes, select M
Bytes for the data unit, and 250 for the data limit.
500
Phone Number
If SMS is selected as the notification method, enter the phone number to Values (phone)
send any SMS messages generated when the data usage exceeds the
configured limits.
+1403
© Microhard 66
4.0 Configuration
Mail Subject
If Email is selected as the notification method, enter the desired email Values (string)
subject line for the notification email sent when daily and/or monthly usage
limits are exceeded. Daily/Monthly Data Usage
Notice
Mail Server(IP/Name)
If Email is selected as the notification method, enter the SMTP server Values (xxx:port)
details for the account used to send the Email notifications. Domain or IP
address with the associated port as shown.
smtp.gmail.com:465
Username
If Email is selected as the notification method, enter the username of the Values (username)
Email account used to send Emails.
@gmail.com
Password
If Email is selected as the notification method, enter the password of the Values (string)
Email account used to send Emails. Most email servers require
authentication on outgoing emails.
***
Authentication
If Email is selected as the notification method, enter the password of the Values (selection)
Email account used to send Emails. Most email servers require
authentication on outgoing emails.
None
SSL/TLS
STARTTLS
SSL/TLS + STARTTLS
Mail Recipient
Enter the email address of the individual or distribution list to send the Values (xx@xx.xx)
email notification to.
host@
© Microhard 67
4.0 Configuration
The LTECube provides a Odometer that shows the total data used by the LTECube. You can also click on
the More link to get a data usage history summary as seen below.
© Microhard 68
4.0 Configuration
The Status window gives a summary of all radio or wireless related settings and connections.
The General Status section shows the Wireless MAC address of the current radio, the Operating Mode
(Access Point, Client), the SSID being used, frequency channel information and the type of security used.
Traffic Status shows statistics about the transmitted and received data.
The LTECube shows information about all Wireless connections in the Connection Info section. The
Wireless MAC address, Noise Floor, Signal to Noise ratio (SNR), Signal Strength (RSSI), The transmit and
receive Client Connection Quality (CCQ), TX and RX data rates, and a graphical representation of the
signal level or quality.
© Microhard 69
4.0 Configuration
Radio
This option is used to turn the radio module on or off. If turned off Values (selection)
Wireless connections can not be made. The default is On.
On / Off
Mode
The Mode defines which wireless standard to use for the wireless Values (selection)
network. The LTECube supports 802.11/b/g/n modes as seen here.
Select the appropriate operating mode from the list. 802.11B ONLY
802.11BG
The options below are dependent and vary on the operating mode 802.11NG
chosen here.
Channel Bandwidth
Only appears when using 802.11b or b/g modes. Lower channel Values (selection)
bandwidths may provide longer range and be less susceptible to noise
but at the trade off of data rates. Higher channel bandwidth may 20MHz Normal Rate
provide greater data rates but will be more susceptible to noise and
shorter distance potentials.
© Microhard 70
4.0 Configuration
MPDU Aggregation (Enable/Disable) - Allows multiple data frames to be sent in a single transmission
block, allowing for acknowledging or retransmitting if errors occur.
Short GI (Enable/Disable) - GI (guard interval) is the time the receiver waits for any RF reflections to settle
before sampling data. Enabling a short GI (400ns) can increase throughput, but can also increase the error
rate in some installations.
Channel-Freq
The Channel-Freq setting allows configuration of which channel to Values (selection)
operate on, auto can be chosen where the unit will automatically pick a
channel to operate. If a link cannot be established it will try another Auto
channel. Channel 01 : 2.412 GHz
Channel 02 : 2.417 GHz
Channel 03 : 2.422 GHz
Channel 04 : 2.427 GHz
Channel 05 : 2.432 GHz
Channel 06 : 2.437 GHz
Channel 07 : 2.442 GHz
Channel 08 : 2.447 GHz
Channel 09 : 2.452 GHz
Channel 10 : 2.457 GHz
Channel 11 : 2.462 GHz
TX Power
This setting establishes the transmit power level which will be Values (selection)
presented to the antenna connector at the rear of the LTECube.
Unless required, the Tx Power should be set not for maximum, but 7 dBm 19 dBm
rather for the minimum value required to maintain an adequate system 8 dBm 20 dBm
fade margin. 9 dBm 21 dBm
Refer to FCC (or as 10 dBm 22 dBm
otherwise applicable) 11 dBm 23 dBm
regulations to ascertain, 12 dBm 24 dBm
and not operate beyond,
the maximum allowable
13 dBm 25 dBm
transmitter output power 14 dBm 26 dBm
and effective isotropic 15 dBm 27 dBm
radiated power (EIRP). 16 dBm 28 dBm
17 dBm 29 dBm
18 dBm 30 dBm
© Microhard 71
4.0 Configuration
Wireless Distance
The Wireless Distance parameter allows a user to set the expected Values (meters)
distance the WiFi signal needs to travel. The default is 100m, so the
LTECube will assume that the signal may need to travel up to 100m so 100
it sets various internal timeouts to account for this travel time. Longer
distances will require a higher setting, and shorter distances may
perform better if the setting is reduced.
© Microhard 72
4.0 Configuration
Network
Choose between LAN or WAN for the Virtual Interface. If additional Values (selection)
Network Interfaces have been defined in the Network > LAN section,
the Interface name will also appear here. LAN
WAN
Etc..
(Additional Interfaces…)
Mode
Access Point - An Access Point may provide a wireless data Values (selection)
connection to many clients, such as stations, repeaters, or other
supported wireless devices such as laptops etc. Access Point
Client
If more than 1 Virtual Interface (more than 1 SSID) has been defined, Repeater
the LTECube can ONLY operate as a Access Point, and will be locked
into this mode.
Station/Client - A Station may sustain one wireless connection, i.e. to an Access Point.
Repeater - A Repeater can be connected to an Access Point to extend the range and provide a
wireless data connection to many clients, such as stations.
© Microhard 73
4.0 Configuration
TX bitrate
This setting determines the rate at which the data is to be wirelessly transferred.
The default is ‘Auto’ and, in this configuration, the unit will transfer data at the highest possible rate in
consideration of the receive signal strength (RSSI).
Setting a specific value of transmission rate has the benefit of ‘predictability’ of that rate, but if the RSSI
drops below the required minimum level to support that rate, communications will fail.
ESSID Broadcast
Disabling the SSID broadcast helps secure the wireless network. Values (selection)
Enabling the broadcast of the SSID (Network Name) will permit others
to ‘see’ the wireless network and perhaps attempt to ‘join’ it. On / Off
AP Isolation
When AP Isolation is enabled wireless devices connected to this SSID Values (selection)
will not be able to communicate with each other. In other words if the
LTECube is being used as a Hot Spot for many wireless clients, AP On / Off
Isolation would provide security for those clients by not allowing
access to any other wireless device.
WMM
WiFi Multimedia (WMM) is a feature that enhances the quality of Values (selection)
service on a network by prioritizing data packets according to data
type. (Video, Voice, Best Effort, Background). On / Off
© Microhard 74
4.0 Configuration
SSID
All devices connecting to the LTECube in a given network must use Values (string)
the SSID of the LTECube. This unique network address is not only a
security feature for a particular network, but also allows other networks (MAC Address)
- with their own unique network address - to operate in the same
SSID: Service Set Identifier. area without the possibility of undesired data exchange between
The ‘name’ of a wireless
network. In an open wireless networks.
network, the SSID is
broadcast; in a closed system
it is not. The SSID must be
known by a potential client for Encryption Type
it to be able to access the
wireless network. The encryption types defines the type of security used for the Wireless Values (selection)
Interface, to join a network a device must know the correct password/
passphrase/key. Disabled
WPA (PSK)
Security options are dependent on the version type. This section WPA2 (PSK)
describes all available options. Export versions may not have all WPA+WPA2 (PSK)
optional available to meet regulatory requirements set government WPA Enterprise (RADIUS)
policies. WPA2 Enterprise (RADIUS)
WPA+WPA2 Enterprise (RADIUS)
Change the default value for
the Network Name to
something unique for your
network. Do this for an
added measure of security
WPA PSK
and to differentiate your
network from others which This is the password, or preshared key that is required by any device Values (string)
may be operating nearby. to connect to the wireless interface of the LTECube. It is strongly
recommended to always have a password defined, and changed from (serial number)
the factory default.
Show Password
Check this box to show the currently configured password for WPA/ Values (selection)
WPA2 encryption passphrase.
unchecked
RADIUS IP Address
If using Enterprise (RADIUS) encryption, enter the IP Address of the Values (IP Address)
RADIUS authentication server here.
(no default)
RADIUS Port
If using Enterprise (RADIUS) encryption, enter the port number of the Values (port)
RADIUS authentication server here.
(no default)
© Microhard 75
4.0 Configuration
Hotspot Mode
Use this option to enable or disable the hotspot authentication service. Values (selection)
There are three different options for the Hotspot Mode:
Disable
Simple Internal - Display a simple text based terms of use or Simple Internal
statement to connected users.
Simple External - Display an external webpage Simple External
RADIUS/UAM - Use a 3rd Party Authentication service to RADIUS/UAM
authenticate and/or prompt users to agree to terms of
service.
UAM Secret
If the Hotspot Mode, RADIUS/UAM is chosen, this is a secret Values
password between the Redirect URL and the Hotspot given by the
hotspot provider. hotsys123
© Microhard 76
4.0 Configuration
Hotspot Network
This field is used to specify which configured network is bonded to the Values
hotspot. Sub networks can be created in the Network > LAN menu,
which are dedicated to the hotspot devices. Varies
*The DHCP service for the network used should be turned off as all IP
address assignments will be made by the hotspot service provider.*
Network IP Address
Specify the IP Address of the Hotspot application. All hotspot clients Values
will get an IP address in the same network as the Hotspot.
192.168.182.0
Network Netmask
Specify the Netmask of the Hotspot application. All hotspot clients will Values
get an IP address in the same network as the Hotspot.
255.255.255.0
DNS Domain
Provide your service providers 1st DNS Server domain. Values
Key.chillispot.info
Primary DNS
Specify the Primary DNS server to be used by devices connected to Values
the Hotspot network.
208.67.222.222
Secondary DNS
Specify the Secondary DNS server to be used by devices connected Values
to the Hotspot network.
208.67.222.220
DHCP Start
When devices connect to the LTECube Wifi and Hotspot is enabled, Values
the Hotspot will assign the IP addresses to the connected devices,
select the starting range here. 3
DHCP End
When devices connect to the LTECube Wifi and Hotspot is enabled, Values
the Hotspot will assign the IP addresses to the connected devices,
select the ending range here. 250
© Microhard 77
4.0 Configuration
Radius NAS ID
This is the RADIUS name of your Hotspot as given by your Hotspot Values
Service Provider.
Microhard_1
Radius Server 1
As assigned by the Hotspot Service Provider, the name or IP address Values
of the primary RADIUS Server.
radius.hotspotsystem.com
Radius Server 2
As assigned by the Hotspot Service Provider, the name or IP address Values
of the alternate RADIUS Server.
radius2.hotspotsystem.com
Radius Secret
Also called a shared key, this is the RADIUS password assigned by Values
you Hotspot provider.
hotsys123
© Microhard 78
4.0 Configuration
© Microhard 79
4.0 Configuration
4.6 Firewall
The Firewall Summary allows a user to see detailed information about how the firewall is operating. The
All, Filter, Nat, Raw, and Mangle options can be used to view different aspects of the firewall.
© Microhard 80
4.0 Configuration
The General Firewall settings allow users to enable or disable the firewall, and to decide which areas of the
modem to protect. The Firewall can also be reset to factory defaults from this area of the WebUI.
In a cellular device such as this, it is highly recommended to configure the firewall to protect any devices
connected to the modem, and to control data usage. This is especially important with units set up with a
public IP address as the modem is effectively on the public internet and is susceptible to a wide range of
threats which may severely impact the data usage. This can be avoided by blocking all Cellular traffic and
setting up specific rules to either open only used ports, or even restrict access to specific IP/networks.
Remote Management
For best practices and to
control data usage it is
critical that the firewall be Allow (checked) remote management of the LTECube from the Cellular Values (checkbox)
configured properly. side of using the WebUI on port 80(HTTP), and 443 (HTTPS). If disabled,
the configuration can only be accessed from the LAN (or WAN if enabled).. (checked)
It is recommended to block
all incoming Cellular traffic
and create rules to open
specific ports and/or use
ACL lists to limit incoming
Remote Access
connections.
When Blocked (unchecked) all requests originating from the Cellular side Values (checkbox)
will be blocked, unless specified otherwise in the Access Rules, MAC List,
IP List configurations. Access to ports 80 (HTTP) and 443 (HTTPS-if (unchecked)
enabled), is still available unless disabled in the Remote Management
option.
LAN Outgoing
When Remote Access is set
to ‘Allow’ the modem is
Allows (checked) or Blocks (unchecked) traffic from the LAN accessing the Values (checkbox)
open to anyone, this is not
Cellular connection unless specified otherwise using the Access Rules,
recommended as it may MAC, and IP List configuration. (checked)
impact data usage from
unwanted sources.
Anti-Spoof
The Anti-Spoof protection is to create some firewall rules assigned to the Values
external interface (Cellular) of the firewall that examines the source
address of all packets crossing that interface coming from outside. If the Enable / Disable
address belongs to the internal network or the firewall itself, the packet is
dropped.
© Microhard 81
4.0 Configuration
Packet Normalization
Packet Normalization is the normalization of packets so there are no Values
ambiguities in interpretation by the ultimate destination of the packet. The
scrub directive also reassembled fragmented packets, protecting some Enable / Disable
operating systems from some forms of attack, and drops TCP packets that
have invalid flag combinations.
© Microhard 82
4.0 Configuration
The LTECube can be used to provide remote access to connected devices. To access these devices a
user must define how incoming traffic is handled by the LTECube. If all incoming traffic is intended for a
specific connected device, DMZ could be used to simplify the process, as all incoming traffic can be
directed towards a specific IP address.
In the case where there is multiple devices, or only specific ports need to be passed, Port forwarding is
used to forward traffic coming in from the WAN (Cellular) to specific IP Addresses and Ports on the LAN.
Port forwarding can be used in combination with other firewall features, but the Firewall must be enabled
for Port forwarding to be in effect. If Remote Access is blocked on the General Tab, additional rules and/or
IP Lists must be set up to allow the port forwarding traffic to pass through the firewall.
© Microhard 83
4.0 Configuration
DMZ Mode
Enable or disable DMZ. DMZ can be used to forward all traffic to the DMZ Values (selection)
Server IP listed below.
Disable / Enable
DMZ Server IP
Enter the IP address of the device on the LAN side of the LTECube where Values (IP Address)
all the traffic will be forwarded to.
192.168.100.100
Exception Ports
If the firewall is set to block
incoming traffic on the WAN Enter a exception port number(s) (range is XX:XX) that will NOT be Values (Port #)
and/or Carrier interfaces, forwarded to the DMZ server IP. Usually a configuration or remote
additional rules or IP/MAC
lists must be configured to
management port that is excluded to retain external control of the 0
allow desired traffic access.
Name
This is simply a field where a convenient reference or description is added Values (10 chars)
to the rule. Each Forward must have a unique rule name and can use up to
10 characters. Forward
Source
Select the source for the traffic. Values (selection)
Carrier
Protocol
Select the type of transport protocol used. For example Telnet uses TCP, Values (selection)
SNMP uses UDP, etc.
TCP / UDP / Both
External Ports
Port number(s) (for range format is start:stop) of the incoming request Values (Port #)
(from Cellular/WAN-side).
2000
© Microhard 84
4.0 Configuration
Internal Server IP
Enter the IP address of the intended internal (i.e. on LAN side of LTECube) Values (IP Address)
server. This is the IP address of the device you are forwarding traffic to.
192.168.168.2
Internal Ports
Target port number(s) (for range format is start:stop) of the internal server Values (Port #)
on the LAN IP entered above.
3000
© Microhard 85
4.0 Configuration
MAC List configuration can be used to control which physical LAN devices can access the ports on the
LTECube, by restricting or allowing connections based on the MAC address. IP List configuration can be
used to define who or what can access the LTECube, by restricting or allowing connections based on the
IP Address/Subnet. MAC-IP List can be used alone or in combination with Remote Access Control to
provide secure access to the LTECube.
Rule Name
The Rule Name field is required to give the rule a convenient name for Values (10 chars)
reference. Each rule must have a unique name, up to 10 characters in
length. mac1
Action
The Action is used to define how the rule handles the connection request. Values (selection)
ACCEPT will allow a connection, while REJECT (error) and DROP (quietly ACCEPT
dropped), will refuse connections. DROP
REJECT
© Microhard 86
4.0 Configuration
Network
Select the Network of the source device. For the LTECube this would be Values (selection)
either a device connected to the RJ45 LAN port or via WIFI.
LAN | WIFI
MAC Address
Specify the MAC Address to be added to the list. Must be entered in the Values (MAC Address)
correct format as seen above. Not case sensitive.
00:00:00:00:00:00
Target
Select the Target. Input is to access within the modem, while forward is to Values (selection)
access through the modem to another device.
Input | Forward | Both
Rule Name
The Rule Name field is required to give the rule a convenient name for Values (10 chars)
reference. Each rule must have a unique name, up to 10 characters in
length. ip1
Action
The Action is used to define how the rule handles the connection request. Values (selection)
ACCEPT will allow a connection, while REJECT (error) and DROP (quietly
dropped), will refuse connections. ACCEPT / DROP / REJECT
Source
Enter the specific zone that the IP List will apply to, Cellular, LAN, WAN or Values (Selection)
None (both).
LAN / Carrier
© Microhard 87
4.0 Configuration
Once the firewall is turned on, rules configuration can be used to define specific rules on how local and
remote devices access different ports and services. MAC List and IP List are used for general access, and
are applied before rules are processed.
It is highly recommended to block as much traffic as possible from the modem, especially when using a
public IP address. The best security would to be to allow traffic only from trusted IP addresses, and only
the specific ports being used, and block everything else. Not configuring the firewall and the firewall rules
correctly could result in unpredictable data charges from the cellular carrier.
Appendix D: Firewall
Example
Rule Name
The rule name is used to identify the created rule. Each rule must have a Values (10 Chars)
unique name and up to 10 characters can be used.
rule1
Type
The type refers to the direction in terms of source and destination of the Values (selection)
traffic. The fields below will adjust accordingly.
Input
Output
Forward
Action
The Action is used to define how the rule handles the connection request. Values (selection)
ACCEPT will allow a connection, while REJECT (error) and DROP ACCEPT
(quietly dropped), will refuse connections. DROP
REJECT
This is configured based on how the Carrier Request and LAN to Carrier
Access Control are configured in the previous menus.
© Microhard 88
4.0 Configuration
Source
Select the zone which is to be the source of the data traffic. The LAN Values
refers to local connections on the LTECube.
LAN /Carrier / Any
Source IPs
Match incoming traffic from the specified source IP range. Boxes accept Values (IP Address)
single IP Addresses without network masks, example: 192.168.1.0 to
192.168.1.255 represents all IP Addresses in the 192.168.1.0/24 network. 192.168.0.0 to
(Put same IP in both boxes for a single IP match.) 192.168.0.0
Destination
Select the zone which is the intended destination of the data traffic. 3G/4G Values (selection)
applies to the wireless connection to the cellular carrier and the LAN,
LAN1, USB refers to local connections on the LTECube. LAN / Carrier / Any
Destination IPs
Match incoming traffic from the specified destination IP range. Boxes Values (IP Address)
accept single IP Addresses without network masks, example: 192.168.1.0
to 192.168.1.255 represents all IP Addresses in the 192.168.1.0/24 192.168.0.0 to
network. (Put same IP in both boxes for a single IP match.) 192.168.0.0
Destination Port
Match incoming traffic directed at the given destination port or port range. Values (port)
(To specify a port range use a From:To (100:200) format) 0
Protocol
The protocol field defines the transport protocol type controlled by the rule. Values
TCP
UDP
Both
ICMP
Protocol 41
GRE
© Microhard 89
4.0 Configuration
The Firewall Default option allows a user to return the modems firewall setting back to the default values
without having to reset the entire modem.
© Microhard 90
4.0 Configuration
4.7 VPN
A Virtual Private Network (VPN) may be configured to enable a tunnel between the LTECube and a remote
network. The LTECube supports VPN IPsec Gateway to Gateway (site-to-site) tunneling, meaning you are
using the LTECube to create a tunnel to a network with VPN capabilities (Another LTECube or VPN
capable device).
© Microhard 91
4.0 Configuration
A Gateway to Gateway connection is used to create a tunnel between two VPN devices such as an
LTECube and another device (another LTECube or Cisco VPN Router or another vendor). The local and
remote group settings will need to be configured below to mirror those set on the other VPN device.
Tunnel Name
Enter a name for the VPN Tunnel. Up to 16 different tunnels can be Values (chars)
created, each requiring a unique name.
(no default)
© Microhard 92
4.0 Configuration
Enable
Used to enable (checked) is disable (unchecked) the VPN tunnel. Values (checkbox)
Enable (Checked)
Interface
Select the WAN interface used for the Gateway to Gateway VPN. U Values (selection)
Carrier
WAN1
WAN2
IP Only: Choose this option if this router has a static WAN IP address. The WAN IP address appears
automatically. For the Remote Security Gateway Type, an extra field appears. If you know the IP address
of the remote VPN router, choose IP Address, and then enter the address.
IP + Server ID: Choose this option if this router has a static WAN IP address and a server id. The WAN IP
address appears automatically. For the Remote Security Gateway Type, an extra field appears. If you
know the IP address of the remote VPN router, choose IP Address, and then enter the address.
Dynamic IP + Server ID: Choose this option if this router has a dynamic IP address and a server id
(available such as @microhard.vpn). Enter the server id to use for authentication. The server id can be
used only for one tunnel connection.
Interface IP Address
Displays the IP address of the LTECube, which is the local VPN Gateway. Values (IP Address)
Current IP Address
Server ID
This option appears when the Local Security Gateway Type specifies that Values (characters)
the Server ID is required for the connection. The Server ID must be in the
format @name, where name can be anything. Both routers must know (no default)
each others names to establish a connection.
© Microhard 93
4.0 Configuration
Gateway IP Address
If the remote VPN router has a static IP address, enter the IP address of Values (IP Address)
the remote VPN Gateway here.
(no default)
Server ID
This option appears when the Remote Security Gateway Type specifies Values (IP Address)
that the Server ID is required for the connection. The Server ID must be in
the format @name, where name can be anything. Both routers must know (no default)
each others names to establish a connection.
© Microhard 94
4.0 Configuration
IPsec Setup
Aggressive Mode
Check the box to enable aggressive mode for IPSec. In aggressive mode Values (checkbox)
the IKE SA negotiation is squeezed into 3 packets, resulting in faster
negotiation, but is less secure. (unchecked)
IKE DH Group
Select the Diffie-Hellman public key type. Select between 1024, 1536 and Values (selection)
2048 bit. The values on each end of the tunnel must match.
modp1024
modp1536
modp2048
IKE Encryption
Select the IKE Encryption type used. Select the value to match the Phase 1 Values (selection)
Encryption type used by the remote VPN router.
3des
aes
aes128
aes256
IKE Authentication
Sets the IKE Authentication type. Select the value to match the Phase 1 Values (selection)
Authentication used by the remote VPN router accordingly.
md5
sha1
IKE SA Lifetime(s)
Sets the lifetime of the keys used to encrypt data, when the timers run out Values
the tunnel negotiates a new key. The default value is 28800 seconds (8
hours). 28800
Phase 2 Type
Select the type of security protocol to use for phase 2 of the IKE Values (selection)
negotiation. The options are ESP (Encapsulating Security Payload) and AH
(Authentication Header). Must match remote end of tunnel. ESP / AH
© Microhard 95
4.0 Configuration
Phase 2 DH Group
Select value to match the values required by the remote VPN router. Values (selection)
modp1024
modp1536
modp2048
Phase 2 Encryption
Select value to match the Phase 1 Encryption type used by the remote Values (selection)
VPN router.
3des
aes
aes128
aes256
Phase 2 Authentication
Sets the IKE Authentication type. Select the value to match the Phase 2 Values (selection)
Authentication used by the remote VPN router accordingly.
md5
sha1
Phase 2 SA Lifetime(s)
Sets the lifetime of the keys used to encrypt data for phase 2, when the Values
timers run out the tunnel negotiates a new key. The default value is 3600
seconds (1 hour). 3600
Preshared Key
Set the Preshared Key required to authenticate with the remote VPN Values (characters)
router.
password
DPD Delay(s)
Dead Peer Detection is used to detect if there is a dead peer. Set the DPD Values (seconds)
Delay (seconds), as required.
32
DPD Timeout(s)
Set the DPD (Dead Peer Detection) Timeout (seconds), as required. Values (seconds)
122
© Microhard 96
4.0 Configuration
DPD Action
Controls the use of Dead Peer Detection (DPD) protocol, which is the Values (seconds)
method to detect the aliveness of a IPsec connection. When DPD is in use,
VPN device will send IPsec DPD packet to the peer and wait for the peer's Hold
acknowledgement. If there is no feedback from the peer, the tunnel is Clear
stopped and unrouted (clear), put in the (hold) state or (restarted). Restart
Backup
© Microhard 97
4.0 Configuration
The LTECube cab be configured as a L2TP Server or Client. This section outlines the configuration of a
L2TP Client.
Tunnel Name
Enter a name for the VPN Tunnel. Up to 16 different tunnels can be Values (chars)
created, each requiring a unique name.
tunnel1
Enable
Used to enable (checked) is disable (unchecked) the VPN tunnel. Values (checkbox)
Enable (Checked)
© Microhard 98
4.0 Configuration
Remote Server ID
Some servers require that you know the Server ID as well as the IP Values
address. Enter the Server ID of the remote router here.
none
Remote Subnet IP
In order to communicate with the devices on the other side of the tunnel, Values (IP Address)
the LTECube must know which data to pass through the tunnel, to do this
enter the Remote Subnet network IP address here. none
Username
Enter the Username Values (chars)
0
Preshared Key
The preshared key is required to connect to the L2TP Server. Values (chars)
0
© Microhard 99
4.0 Configuration
The LTECube can operate as a L2TP Server, allowing VPN connections to be made with L2TP Clients.
The configuration for L2TP Server can be found on the VPN Summary Page. You can then select “Edit”.
Enable
Select the Enable check box to enable the L2TP Server and to view the Values (checkbox)
L2TP Server configuration parameters.
Disabled (unchecked)
IPsec
Use the IPsec checkbox to enable Ipsec on the L2TP Server. The different Values (checkbox)
IPsec parameters are covered in the IPsec section of Gateway-to-Gateway
VPN. Disabled (unchecked)
© Microhard 100
4.0 Configuration
Server ID
As a extra measure of security a server ID can be specified and remote Values (characters)
client would need to know this ID before they can create a session and
begin authentication. none
Interface
The Interface parameter is a non changeable parameter that is shown to Values
indicate which interface the L2TP Server is listening for incoming
connections from clients. To use an alternate interface, you need to create/ 4G or WAN
edit a new connection from the VPN > Summary page.
Interface IP Address
The Interface IP Address is a non-changeable field that shows the current Values
WAN or 4G IP address (as defined in the Interface parameter above).
Clients would need this IP address to create a remote connection. xxx.xxx.xxx.xxx
Server IP Address
The Server IP Address is the local LAN IP of the Dragon-LTE. (The default Values (IP Address)
Local IP of the LTECube is 192.168.168.1)
none
© Microhard 101
4.0 Configuration
OpenVPN Server
The LTECube supports OpenVPN and can be configured as a Server or a Client. This section outlines the
configuration of a OpenVPN Server.
OpenVPN Mode
Enable/Disable the OpenVPN Mode by selecting the mode to operate in, Values (selection)
Client or Server. When the Server is enabled it will be listening for incoming
connection requests from OpenVPN Clients. Client / Server / Disable
© Microhard 102
4.0 Configuration
Tunnel Protocol
Select the Tunnel Protocol to be used. The options are TCP and UDP, the Values (selection)
default is UDP.
TCP / UDP
Port
The TCP/UDP port which the server is listening on. Default is 1194 Values (port)
1194
MSSFIX/Fragment size
The maximum resulting UDP send packet size after the OpenVPN has Values (size)
fully encapsulated data. Packets exceeding this max value will be
fragmented. 1370
Root Certificate
The root certificate file (CA file) that all the server and clients must have in Values (chars)
common.
ca.crt
© Microhard 103
4.0 Configuration
User/Password Authentication
Select the OpenVPN username as setup/defined in the VPN Users menu. Values (selection)
(no default)
Client Isolation
When select yes, the clients will not see each other. Select no, it will allow Values (selection)
different clients to be able to "see" each other. By default, clients will only
see the server. No / Yes
© Microhard 104
4.0 Configuration
Cipher
Select a cryptographic cipher. Must be the same on Server and Client. Values (selection)
DES-CBC CAST5-CBC
RC2-CBC RC2-64-CBC
DES-EDE-CBC AES-128-CBC
DES-EDE3-CBC AES-192-CBC
DESX-CBC AES-256-CBC
BF-CBC SEED-CBC
RC2-40-CBC
© Microhard 105
4.0 Configuration
OpenVPN Client
The LTECube supports OpenVPN and can be configured as a Server or a Client. This section outlines the
configuration of a OpenVPN Client.
OpenVPN Mode
Enable/Disable the OpenVPN Mode by selecting the mode to operate in, Values (selection)
Client or Server. When the Server is enabled it will be listening for incoming
connection requests from OpenVPN Clients. Client / Server / Disable
Tunnel Protocol
Select the Tunnel Protocol to be used. The options are TCP and UDP, the Values (selection)
default is UDP.
TCP / UDP
© Microhard 106
4.0 Configuration
MSSFIX/Fragment size
The maximum resulting UDP send packet size after the OpenVPN has Values (size)
fully encapsulated data. Packets exceeding this max value will be
fragmented. 1370
Server IP/Port
The IP Address and TCP/UDP port which the server is located. This is Values (IP/Port)
generally the Public IP Address of the router/modem where the Server is
running. (no default)
Root Certificate
The root certificate file (CA file) that all the server and clients must have in Values (chars)
common.
ca.crt
Cleint Certificate
The Client Certificate which is the certificate file that resides on only the Values (chars)
client.
client.crt
Client Key
The private Client Key, which should not be disclosed. Values (chars)
client.key
Cipher
Select a cryptographic cipher. Must be the same on Server and Values (selection)
Client.
DES-CBC RC2-40-CBC
RC2-CBC CAST5-CBC
DES-EDE-CBC RC2-64-CBC
DES-EDE3-CBC AES-128-CBC
DESX-CBC AES-192-CBC
BF-CBC AES-256-CBC
SEED-CBC
© Microhard 107
4.0 Configuration
GRE Configuration
The LTECube supports GRE (Generic Routing Encapsulation) Tunneling which can encapsulate a wide
variety of network layer protocols not supported by traditional VPN. This allows IP packets to travel from
one side of a GRE tunnel to the other without being parsed or treated like IP packets.
Name
Each GRE tunnel must have a unique name. Up to 10 GRE tunnels are Values (Chars(32))
supported by the LTECube.
gre
Enable
Enable / Disable the GRE Tunnel. Values (selection)
Disable / Enable
© Microhard 108
4.0 Configuration
Multicast
Enable / Disable Multicast support over the GRE tunnel. Values (selection)
Disable / Enable
TTL
Set the TTL (Time-to-live) value for packets traveling through the GRE Values (value)
tunnel.
1 - 255
Key
Enter a key is required, key must be the same for each end of the GRE Values (chars)
tunnel.
(none)
ARP
Enable / Disable ARP (Address Resolution Protocol) support over the GRE Values (selection)
tunnel.
Disable / Enable
Local Setup
The local setup refers to the local side of the GRE tunnel, as opposed to the remote end.
Gateway IP Address
This is the WAN IP Address of the Dragon-LTE, this field should be Values (IP Address)
populated with the current WAN IP address.
(varies)
Tunnel IP Address
This is the IP Address of the local tunnel. Values (IP Address)
(varies)
Netmask
Enter the subnet mask of the local tunnel IP address. Values (IP Address)
(varies)
Subnet IP Address
Enter the subnet address for the local network. Values (IP Address)
(varies)
© Microhard 109
4.0 Configuration
Subnet Mask
The subnet mask for the local network/subnet. Values (IP Address)
(varies)
Remote Setup
The remote setup tells the LTECube about the remote end, the IP address to create the tunnel to, and the
subnet that is accessible on the remote side of the tunnel.
Gateway IP Address
Enter the WAN IP Address of the Dragon-LTE or other GRE supported Values (IP Address)
device in which a tunnel is to be created with at the remote end.
(varies)
Subnet IP Address
The is the IP Address of the remote network, on the remote side of the Values (IP Address)
GRE Tunnel.
(varies)
Subnet Mask
The is the subnet mask for the remote network/subnet. Values (IP Address)
(varies)
IPsec Setup
Refer to the IPsec setup in the VPN Site to Site section of the manual for more information.
© Microhard 110
4.0 Configuration
For VPN L2TP & OpenVPN operation, users will be required to provide a username and password. Use
the VPN Users menu to set up the required users.
Username
Enter a username for the user being set up. Values (characters)
(no default)
New Password
Enter a password for the use. Values (characters)
(no default)
© Microhard 111
4.0 Configuration
When using the VPN features of the LTECube, it is possible to select X.509 for the Authentication Type. If
that is the case, the LTECube must use the required x.509 certificates in order to establish a secure tunnel
between other devices. Certificate Management allows the user a place to manage these certificates.
© Microhard 112
4.0 Configuration
4.8 Router
RIPV2 Status
Enable or disable RIPV2 routing on the LTECube. If enabled the device will Values (selection)
exchange routing information on the specified (interfaces) attached
networks. Enable / Disable
Passive Interface
Do not speak RIPV2 on the given interface. All received packets are Values (checkbox)
processed as normal and RIP does not send multicast or unicast RIP
packets on this interface. (unchecked)
Split Horizon
Split Horizon prevents a router from advertising a route back onto the Values (checkbox)
interface from which it was learned, preventing routing loops. Poison
Reverse, actively advertises routes as unreachable over the interface they On / Poison Reverse
were learned by setting the metric to infinite.
© Microhard 113
4.0 Configuration
OSPFv2 Status
Enable or disable OSPF routing on the LTECube. If enabled the device will Values (selection)
exchange routing information on the specified (interfaces) attached
networks. Enable / Disable
Router ID
Set the router ID in the format used for OSPF. Values (selection)
Enable / Disable
Area
OSPF provides for the protocol is be broken up into multiple smaller and Values (selection)
independent link-state areas. The format can be A.B.C.D or any 32 bit
number. (no default)
Passive Interface
Do not speak OSPF on the given interface, but does advertise the interface Values (checkbox)
as a stub-link in the router LSA.
(unchecked)
© Microhard 114
4.0 Configuration
Status
Enable or disable the static multicast routes. Values (selection)
Enable / Disable
TTL Increase
Check this box if the multicast source does not set the TTL correctly. The Values (checkbox)
TTL will be increased by 1 to make the multicast packets be routed through
the modem. (unchecked)
Upstream Network
Select the upstream network interface used by the multicast static route. Values (selection)
LAN | Carrier
(varies, defined interfaces)
© Microhard 115
4.0 Configuration
Source IP (optional)
Specify the multicast source IP address. If any source is allowed, leave Values (address)
blank or use 0.0.0.0.
(no default)
Downstream network(s)
Hold CTRL (Windows) / Command (MAC) to select multiple windows. Values (checkbox)
(unchecked)
© Microhard 116
4.0 Configuration
4.9 GPS
Location Map
The location map shows the location on the LTECube. The unit will attempt to get the GPS coordinates
from the built in GPS receiver, and if unsuccessful, will use the Cell ID location reported by the Cellular
Carrier.
If the unit had a GPS signal (GPS Module enabled and antenna attached), it will report the specific GPS
coordinates of the modem, otherwise only the estimated coordinates reported by the Carrier. To see the
device location in the Location Tab and via NMS, when using the carriers reported location, a Geolocation
API key must be obtained and set in the modem. Geolocation API keys can be obtained from services
such as Google. Click the “Set MapAPI key” link set the API key (see NMS section of this manual for
detailed instructions)
The maps can be viewed with either Bing or Openstreet maps by using the option located at the bottom,
right hand corner near the refresh option.
© Microhard 117
4.0 Configuration
GPS Status
Enable or disable the GPS polling function of the LTECube. Values (Selection)
Disable / Enable
GPS Source
The LTECube contains an standalone GPS module built into the unit. To Values (Selection)
use the GPS features of the LTECube an antenna must be connected to
the GPS Antenna Port. Standalone GPS
TCP Port
Specify the TCP port on the LTECube where the GPS service is running Values (1-65535)
and remote systems can connect and poll for GPSD data.
2947
Sample Output:
Antenna Mode
Set this parameter to match the type of GPS antenna connected to the Values (Selection)
GPS antenna port.
Passive Antenna
Active Antenna
© Microhard 118
4.0 Configuration
Report Define
Enable UDP and/or Email or disable GPS Reporting. Up to 4 reports can Values (selection)
be set up and configured independently.
Disable
UDP Report
Email Report
Time Interval
The interval timer specifies the frequency at which the GPS data is Values (seconds)
reported in seconds.
600
© Microhard 119
4.0 Configuration
Message 1-4
The Message field allows customization of up to 4 different GPS messages Values (selection)
to be sent to the specified host.
None
None - Message is not used, no data will be sent ALL NMEA
ALL - Sends all of the below GGA
GGA - GPS Fix Data GSA
GSA - Overall Satellite Data GSV
GSV - Detailed Satellite Data RMC
RMC - Recommended Min Data for GPS VTG
VTG - Vector Track & Ground Speed Latitude/Longitude
GPSGate - For use with GPSGate Tracking Software GPSGate UDP Protocol
Trigger Set
The trigger condition defines the conditions that must be met before a GPS Values (selection)
update is reported. If OR is chosen, the Repeater Timer OR the Distance
trigger conditions must be met before an update is sent. The AND Only Timer
condition, requires that both the Repeat timer AND the Distance trigger Timer AND Distance
conditions be met before an update is sent. Timer OR Distance
Distance Set
The distance parameter allows the GPS data to only be sent when a Values (meters)
specified distance has been traveled since the last report.
1000
$GPGSV,4,1,13,02,14,086,14,05,43,059,39,13,21,107,31,15,18,145,32*7F
$GPGSV,4,2,13,16,16,325,27,18,51,270,18,20,19,218,,23,14,213,21*7B
$GPGSV,4,3,13,25,13,197,22,26,32,292,12,29,75,154,30,46,30,199,*73
$GPGSV,4,4,13,51,31,171,30*49
$GPGLL,5108.56911,N,11404.48933,W,150651.00,A,D*7B
$GPZDA,150651.00,13,10,2020,00,00*63
$GPRMC,150652.00,A,5108.56905,N,11404.48934,W,0.179,,131020,,,D*6D
$GPVTG,,T,,M,0.179,N,0.331,K,D*28
$GPGGA,150652.00,5108.56905,N,11404.48934,W,2,11,0.73,1104.5,M,-17.5,M,,0000*52
$GPGSA,A,3,25,02,29,26,05,51,18,13,15,16,23,,1.40,0.73,1.20*02
© Microhard 120
4.0 Configuration
Mail Subject
If an Email report is chosen, the subject line of the Email can be defined Values (characters)
here.
1000
Mail Server
If an Email report is to be sent, the outgoing mail server must be defined, Values (Address:port)
and the port number.
smtp.gmail.com:465
Username / Password
Some outgoing mail servers required username and password to prevent Values (characters)
an account being used for spam. Enter the login credentials here.
Username / password
Mail Recipient
Some outgoing mail servers require a username and password to prevent Values (characters)
an account being used for spam. Enter the login credentials here.
host@email.com
© Microhard 121
4.0 Configuration
Mode Set
Enable GpsGate Tracker Mode or TCP modes. In tracker mode the Values (selection)
LTECube and GpsGate software will communicate via TCP/IP, however if
a connection is not available it will attempt to use SMS messaging. Disable
Enable Tracker Mode
Enable TCP Send Mode
© Microhard 122
4.0 Configuration
Motion Trigger
Use this parameter to enable or disable the motion trigger in the LTECube. Values (selection)
Disable
Enable Motion Trigger
© Microhard 123
4.0 Configuration
Mode Set
Enable GpsGate Tracker Mode or TCP modes. In TCP Mode the LTECube Values (selection)
will establish a connection with the GpsGate Server directly without the
SMS setup process. If the TCP connection is not available, the LTECube Disable
will continue to try to connect every few seconds. Enable Tracker Mode
Enable TCP Send Mode
Server Address / IP
Enter the IP Address of the server running the GpsGate application. Values (IP Address)
0.0.0.0
Server Port
Enter the TCP Port of the server running the GpsGate application. Values (Port)
Sample Output: 30175
Server Interval
Define the interval at which the LTECube will send data to the GpsGate Values (seconds)
Server.
60
Motion Distance
Set the motion threshold in which the LTECube will be triggered to send Values (meters)
location data.
100
© Microhard 124
4.0 Configuration
Send Interval
Set the interval for which to send UDPTracker UDP packets to the server. Values (seconds)
The default is 60 seconds.
60 (1-99999)
© Microhard 125
4.0 Configuration
Motion Trigger
Enable the Motion Trigger which is trigger a UDP update when the defined Values (selection)
distance threshold has been exceeded.
Disable
Enable Motion Trigger
Motion Trigger
Set the distance for which to travel before triggering the Motion Trigger. Values (meters)
500 (20-99999)
© Microhard 126
4.0 Configuration
Status
Use the Status parameter to enable the GPS recording functionality of the Values (selection)
LTECube. The total number of records that can be recorded varies
between 16,000 and 36,000, depending on the number of GPS parameters Disable
that are recorded. Enable GPS Recorder
Time Interval
Define the interval at which the LTECube will record GPS data. If there is Values (seconds)
no valid data available at the specified time (i.e. no connected satellites),
the unit will wait until the next time valid information is received. 300
DI/DO Changed
The LTECube can detect and report the current GPS info when a digital Values (selection)
input or output status changes, regardless of the time interval setting.
Record / Don’t Record
© Microhard 127
4.0 Configuration
Speed
Select Record to include the current speed in the reported data. Values (selection)
Record / Don’t Record
Over Speed
Trigger a GPS record entry when the speed has exceeded the configured Values (Km/hr)
threshold. A minimum of 30 Km/hr is required.
120
Orientation
Select Record to record the current orientation when a GPS entry is Values (selection)
recorded. (Degree to North).
Record / Don’t Record
Orientation Changed
Record a GPS, regardless of the time interval, if the orientation of the unit Values (5 ~ 180)
changes. (5 ~ 180: 180 = Disable)
60
Altitude
Select Record to record the current Altitude when a GPS entry is recorded Values (selection)
(meters).
Record / Don’t Record
© Microhard 128
4.0 Configuration
© Microhard 129
4.0 Configuration
Server Address/IP
Enter the address or IP address of the remote server to which the data is to Values (IP)
be sent.
nms.microhardcorp.com
Server Port
Enter the UDP/TCP port number of the remote server to which the data is Values (Port)
to be sent.
30175
© Microhard 130
4.0 Configuration
Socket Type
Select the socket type that is used by the Remote TAIP server. Select TCP Values (selection)
or UDP, this will define how the connection (TCP) or data is sent (UDP) to
the server. UDP / TCP
© Microhard 131
4.0 Configuration
Message Type
Select between RPV and RLN message types. Values (selection)
RPV - Position/Velocity RPV / RLN
RLN - Long Navigation Message
Interval
Set the frequency at which TAIP messages are reported to the remote Values (seconds)
server. The unit used is seconds, and the default value is 60 seconds.
60
Vehicle ID
Set the Vehicle ID using 4 alpha-numeric characters. Values (chars)
0000
© Microhard 132
4.0 Configuration
4.10 Apps
The LTECube can be configured to operate as a TCP/IP Modbus slave and respond to Modbus requests
and report various information as shown in the Data Map.
Status
Disable or enable the Modbus service on the LTECube. Values (selection)
Disable Service
Enable Service
Port
Specify the Port in which the Modbus TCP service is to listen and respond Values (Port #)
to polls.
502
Active Timeout(s)
Define the active timeout in seconds. Values (seconds)
30
© Microhard 133
4.0 Configuration
Slave ID
Each Modbus slave device must have a unique address, or Slave ID. Enter Values (value)
this value here as required by the Modbus Host System.
1
© Microhard 134
4.0 Configuration
© Microhard 135
4.0 Configuration
The LTECube can be configured to send Netflow reports to up to 3 remote systems. Netflow is a tool that
collects and reports IP traffic information, allowing a user to analyze network traffic on a per interface basis
to identity bandwidth issues and to understand data needs. Standard Netflow Filters can be applied to
narrow down results and target specific data requirements.
Status
Enable / Disable Netflow Reporting. Values (selection)
Disable / Enable
Source Address
The Source Address is the IP Address, of which data is to be collected and Values (IP Address)
analyzed. The default of 0.0.0.0 will collect and report information about all
addresses connected to the interface selected below.
0.0.0.0
Interface
Select between LAN, and Carrier interfaces, or capture data from all Values (selection)
interfaces.
LAN / Carrier / ALL
© Microhard 136
4.0 Configuration
Remote IP
The Remote IP is the IP Address of the NetFlow collector where the flow Values (IP Address)
reports are be sent.
0.0.0.0
Remote Port
Enter the Remote Port number. Values (IP Address)
Filter expression
Filter expression selects which packets will be captured. If no expression is Values (chars)
given, all packets will be captured. Otherwise, only packets for which
expression is `true' will be captured. Example: tcp&&port 80
(no default)
The “tcpdump” manual, available on the internet provides detailed expression syntax.
© Microhard 137
4.0 Configuration
Status
Enable or disable the local device monitoring service. Values (selection)
Disable / Enable
IP Mode
Select the IP mode. By selecting a fixed IP address the service will monitor Values (selection)
the connection to that specific IP. If auto detect is selected, the LTECube
will detect and monitor DHCP assigned IP address. Fixed local IP
Auto Detected IP
Local IP Setting
This field is only shown if Fixed Local IP is selected for the IP Mode. Enter Values (IP)
the static IP to be monitored in this field.
0.0.0.0
Status Timeout
The status timeout is the maximum time the LTECube will wait to detect the Values (seconds)
monitored device. At this time the LTECube will restart the DHCP service.
(5-65535 seconds) 10
© Microhard 138
4.0 Configuration
Profile Type
Select the IoT Server type you would like to connect to. The remaining Values (selection)
configuration parameters will changed based on the IoT Server type
selected. Microhard Data
Azure (SAS)
Azure (X509)
AWS
OTHER
Profile Name
This field is available to give your IoT Server profile a name. Values (characters)
(no default)
Publish Interval
The frequency (in seconds) at which the values get published to the IoT Values (seconds)
server.
60
© Microhard 139
4.0 Configuration
SAS Token
An SAS token is used to authenticate the device by the Azure hub. This Values (characters)
can be generated for each Client Id by using the "Device Explorer Twin"
application from Azure (or using the Portal). (No default)
Device ID
Enter the unique device identifier which is registered on the Azure IoT hub. Values (characters)
(No default)
Subdomain
This is the endpoint sub domain provided by your AWS IoT. Values (characters)
(No default)
Account Number
Enter the AWS Account Number associated with AWS IoT. Values (characters)
(No default)
Device Name
This is the name of the Device (Thing) you created at the AWS IoT portal. Values (characters)
(No default)
Region
This is the Region provided by your AWS IoT. Values (selection)
US East(Ohio)
Publication Topic
Provide a name for the AWS publication topic as required by AWS IoT. Values (characters)
(no default)
© Microhard 140
4.0 Configuration
The SSL Management Menu is used to quickly configure devices to connect and communicate with the
Microhard IoT Portal (In Development). The IoT Portal requires a number of secure certificates to be
created and uploaded to each device. The SSL Management allows users to enter a Registration Code,
which then allows the certificates to be automatically created and uploaded to the device as required.
Enable
Check the box to enable the SSL Management. In order for the SSL Values (checkbox)
Manager to create and upload certificates the NTP service must be
enabled in the System > Settings Tab. Enable (unchecked)
Registration Code
Enter the registration code obtained by Microhard, or retrieved from your Values (seconds)
IoT Portal Domain. Upon applying the registration code and submitting the
changes, it can take several minutes to complete. (no default)
In order for the SSL Management feature to work, the NTP Service must
be enabled and available in System > Settings.
© Microhard 141
4.0 Configuration
Event Reporting allows the LTECube to send periodic updates via UDP packets. These packets are
customizable and can be sent to up to 3 different hosts, and at a programmable interval. The event packet
can report information about the modem such as the hardware/ software versions, core temperature,
supply voltage, etc; carrier info such as signal strength (RSSI), phone number, Band; or about the WAN
such as if the assigned IP Address changes. All events are reported in binary.
Event Type
This box allows the selection of the type of event to be reported. The Values (selection)
default is disabled. If Modem_event is selected, additional options appear
to the right and allow for customization of the event reported via Messages. Modem_Event
If Management is selected, additional check boxes appear below to select SDP_Event
the interfaces to report to the Microhard NMS system. Management
Remote IP
Enter the IP Address of a reachable host to send the UDP packets Values (IP Address)
0.0.0.0
© Microhard 142
4.0 Configuration
Remote Port
Specify the UDP port number of the Remote IP Address. Values (Port #)
*Default Port Numbers for Microhard NMS (20100 for modem events, 20200 for 20200
Management)
Interval Time(s)
This is the interval time in seconds, that the LTECube will send the Values (seconds)
configured UDP message to the Remote IP and Port specified.
600
- spd_cmd (1 byte(0x01))
- content length (1 byte)
- spd_package - same as spd response inquiry package format
© Microhard 143
4.0 Configuration
Modem info:
Carrier info:
WAN Info:
Message Order:
For example,
If message type mask = 0x15, the eurd package will be equipped by header+modem information+carrier
information+wanip information.
If message type mask = 0x4, the eurd package will be equipped by header+carrier information.
If message type mask = 0x11, the eurd package will be equipped by header+modem infomation+wanip
infomation.
© Microhard 144
4.0 Configuration
The System Alert feature of the LTECube allows the device to send SMS and/or Email alerts triggered by
events such as RSSI thresholds, Ethernet Link Status and Carrier Roaming.
Status
Enable system alerts to be sent via SMS and/or Email. If disabled, the Values (Selection)
unit with not send SMS alerts.
Disable System Alert
Enable via SMS
Enable via Email
Enable via SMS and Email
© Microhard 145
4.0 Configuration
SMS Configuration
Email Configuration
Mail Subject
If an Email report is chosen, the subject line of the Email can be defined Values (characters)
here.
System Alert Notice
Mail Server
If an Email report is to be sent, the outgoing mail server must be defined, Values (Address:port)
and the port number.
smtp.gmail.com:465
Username / Password
Some outgoing mail servers required username and password to prevent Values (characters)
an account being used for spam. Enter the login credentials here.
Username / password
Authentication
Select the authentication used by your Email service provider. Values (selection)
None
SSL/TLS
STARTTLS
SSL/TLS+STARTTLS
Mail Recipient
Some outgoing mail servers require a username and password to prevent Values (characters)
an account being used for spam. Enter the login credentials here.
host@email.com
© Microhard 146
4.0 Configuration
Time Interval(s)
System Alerts, when active, will be sent out at the frequency defined Values (Seconds)
here.
300
Device Alias
The device Alias is text that is sent with the SMS/Email message to Values (30 chars)
provide additional information or help identify the source of the alert.
UserDevice
RSSI Check
Enable or disable the RSSI alerts. Values (Selection)
Disable RSSI check
Enable RSSI check
Carrier Network
Enable or disable System Alerts for Roaming Status. Values (Selection)
Disable Roaming Check
Enable Roaming Check
© Microhard 147
4.0 Configuration
Ethernet
Enable or disable System Alerts for the Ethernet Link status of the Values (Selection)
LAN RJ45 port.
Disable Ethernet check
Enable Ethernet check
© Microhard 148
4.0 Configuration
4.11 Diag
The Traceroute feature can be used to provide connectivity data by providing information about the
number of hops, routers and the path taken to reach a particular destination.
© Microhard 149
4.0 Configuration
4.11.3 Iperf
The LTECube features an integrated Iperf server/client to use to measure and analyze throughput of TCP/
UDP packets to and/or from the LTECube. Iperf is a 3rd party utility that can be loaded on any PC to
measure network performance. For additional information about Iperf, please visit the Iperf website.
The LTECube can be configured to operate as a Server, listening for an incoming connection from another
device (with Iperf), or PC running an Iperf client. If set to Iperf client, the LTECube will connect to or send
packets to a specified Iperf server.
Iperf Mode
Select between an Iperf Server (listens for incoming connections) and Values (selection)
client (initiates a connection with a server)
Server / Client
Server Status
If the Iperf mode to set to Server, this Server Status allows a user to Values (selection)
Enable or Disable the server.
Enable / Disable
Protocol
Select the type of packets to be sent to test the throughput. TCP packets Values (selection)
are connection oriented and require additional overhead for the
handshaking that occurs, while UDP is a connectionless, best effort TCP / UDP
oriented protocol.
© Microhard 150
4.0 Configuration
Duration
When in Client mode, select the duration of the test (in seconds). The Values (seconds)
default is 5.
5
Report Format
Select the format to display the bandwidth numbers in. Supported formats Values (selection)
are:
'Kbits' = Kbits/sec 'Kbytes' = KBytes/sec Kbits
'Mbits' = Mbits/sec 'M'bytes = MBytes/sec Mbits
Kbytes
Mbytes
© Microhard 151
4.0 Configuration
4.11.4 Speedtest
The LTECube features an integrated Netperf speedtest that can be used from either the WebUI or the
command line interface. You can use the list of preconfigured public servers or specify your own. Shown
below is a sample test run in both the WebUI and CLI interfaces.
The speedtest function does use a significant amount of cellular data to run over the LTE
connection. Consider this when running this test, especially when running over long durations.
The CLI can be accessed from the console interface which can be accessed from the serial console port or
by telnet/ssh into the LTECube.
CLI Syntax:
UserDevice> status diagnostic speedtest --help
Usage: speedtest [ -s | -c ] [-4 | -6] [ -H netperf-server ] [ -t duration ] [ -p host-to-ping ] [ -P port-number ] [ -n
simultaneous-sessions ]
© Microhard 152
4.0 Configuration
Remote Server
Select the from the list of available netperf servers in Values (selection)
which to run the speedtest. You can also select to
manually enter the server details by selecting Customer netperf.bufferbloat.net
Server netperf-east.bufferbloat.net (East Coast US)
netperf-west.bufferbloat.net (California)
netperf-eu.bufferbloat.net (Denmark)
Customer Server
Ping Server
Specify the Ping Server used during the speedtest. By default this is Values (IP Address)
8.8.8.8 which is the google DNS server. If using a custom speedtest server
you must set this to a reachable value. 8.8.8.8
Protocol
Select the type of packets to be sent to test the throughput. TCP packets Values (selection)
are connection oriented and require additional overhead for the
handshaking that occurs, while UDP is a connectionless, best effort TCP / UDP
oriented protocol.
© Microhard 153
4.0 Configuration
4.12 Admin
Password Change
The Password Change menu allows the password of the user ‘admin’ to be changed. The ‘admin’
username cannot be deleted, but additional users can be defined and deleted as required as seen in the
Users menu below.
New Password
Enter a new password for the ‘admin’ user. It must be at least 5 Values (characters)
characters in length. The default password for ‘admin’ is ‘admin’.
admin
Confirm Password
The exact password must be entered to confirm the password change, Values (characters)
if there is a mistake all changes will be discarded.
admin
© Microhard 154
4.0 Configuration
Add Users
Different users can be set up with customized access to the WebUI. Each menu or tab of the WebUI can
be disabled on a per user basis as seen below.
Username
Enter the desired username. Minimum or 5 character and maximum of Values (characters)
32 character. Changes will not take effect until the system has been
restarted. (no default)
Min 5 characters
Max 32 characters
© Microhard 155
4.0 Configuration
The Microhard NMS is a no cost server based monitoring and management service offered by Microhard
Systems Inc. Using NMS you can monitor online/offline units, retrieve usage data, perform backups and
centralized upgrades, etc. The following section describes how to get started with NMS and how to
configure the LTECube to report to NMS.
Contact Microhard to get started with NMS. Once NMS has been configured, each LTECube must be
configured to report into NMS.
© Microhard 156
4.0 Configuration
Default Settings
The default Settings link will reset the configuration form to the default factory values. The form still needs
to be submitted before any changes will occur.
NMS Server/IP
The default server address for NMS is nms.microhardcorp.com. The NMS Values (IP/Name)
can also be hosted privately, and if that is the case, enter the address here.
nms.microhardcorp.com
Online Location
Enable or Disable location estimation via carrier connection. When Values (chars)
enabled, the LTECube will consume some data to retrieve location
information from the internet. Disable/Enable
1. Login your google cloud account and search for "Geolocation API", click "MANAGE".
2. Select from menu item "APIs" to enable "Geolocation API"
3. View key from menu item "Credential" and copy it.
4. To activate key, click the edit (pencil) icon and then Restrict API > Geolocation API
4. Input above key to modem's form on webUI: Admin -> NMS ->Online Location
5. After submit, there will be a link to "check online" to check the status.
6. Location can be checked from webUI: GPS -> Location
Report Status
Enable or Disable UDP reporting of data to the NMS system. Values (chars)
Enable NMS Report
Disable NMS Report
© Microhard 157
4.0 Configuration
Remote Port
This is the port to which the UDP packets are sent, and the NMS system is Values (UDP Port#)
listening on. Ensure this matches what is configured on NMS. The default
is 20200. 20200
Interval(s)
The Interval defines how often data is reported to NMS. The more often Values (seconds)
data is reported, the more data is used, so this should be set according to a
user’s data plan. (0 to 65535 seconds) 300
Information Selection
The LTECube can report information about the different interfaces it has. Values (selection)
By default the LTECube is set to send information about the Carrier, such
as usage and RSSI. Statistical and usage data on the, Ethernet and WIFI Ethernet
(radio) interfaces can also be reported. Carrier
Radio
The more that is reported, the more data that is sent to the NMS system,
be aware of data plan constraints and related costs.
Webclient Setting
Status
The Web Service can be enabled or disabled. This service is used to Values (chars)
remotely control the LTECube. It can be used to schedule reboots,
firmware upgrade and backup tasks, etc. Disable/Enable
Server Type
Select between HTTPS (secure), or HTTP server type. Values (chars)
HTTPS/ HTTP
Server Port
This is the port where the service is installed and listening. This port should Values (Port#)
be open on any installed firewalls.
9998
Username / Password
This is the username and password used to authenticate the unit. This Values (seconds)
should not be changed from the default of admin/admin unless directed by
Microhard. admin/admin
Interval
The Interval defines how often the LTECube checks with the NMS System Values (min)
to determine if there are any tasks to be completed. Carrier data will be
consumed every time the device probes the NMS system. 30
© Microhard 158
4.0 Configuration
An SNMPv1 agent accepts commands to retrieve an object, retrieve the next object, set and
object to a specified value, send a value in response to a received command, and send a value
in response to an event (trap).
SNMPv2c adds to the above the ability to retrieve a large number of objects in response to a
single request.
SNMPv3 adds strong security features including encryption; a shared password key is utilized.
Secure device monitoring over the Internet is possible. In addition to the commands noted as
supported above, there is a command to synchronize with a remote management station.
The pages that follow describe the different fields required to set up SNMP on the LTECube.
MIBS may be requested from Microhard Systems Inc.
The MIB file can be downloaded directly from the unit using the ‘Get MIB File’ button on the
Admin > SNMP menu.
© Microhard 159
4.0 Configuration
SNMP Settings
© Microhard 160
4.0 Configuration
Listening Port
Set the UDP port used for the SNMP protocol. Values (UDP Port)
161
SNMP Version
Select the SNMP version used for Set/Get events and SNMP traps Values (selection)
events.
Version 1
Version 2
Version 3
V3 Authentication Protocol
Set the SNMP V3 Authentication Protocol. Only valid when V3 User Values (selection)
Authentication Level set to AuthNoPriv or AuthPriv.
MD5
SHA
© Microhard 161
4.0 Configuration
V3 Privacy Protocol
Set the SNMP V3 Privacy Protocol. Only valid when V3 User Values (selection)
Authentication Level set to AuthPriv.
DES
AES
Trap Selection
Enable/Select which SNMP traps that should be sent when the modem Values (varies)
detects an event:
RSSI Threshold: 90 (-dBm)
RSSI - Set the RSSI threshold and Interval of when to send traps. Interval: 90
Roaming - Send a trap when unit enters Roaming status. Roaming Interval: 90
WAN IP - Send SNMP trap when WAN IP is changed.
© Microhard 162
4.0 Configuration
Microhard Radios employ a discovery service that can be used to detect other Microhard Radio’s on a
network. This can be done using a stand alone utility from Microhard System’s called ‘IP Discovery’ or from
the Admin > Discovery menu. The discovery service will report the MAC Address, IP Address, Description,
Product Name, Firmware Version, Operating Mode, and the SSID.
Network Discovery
The Network discovery tool allows the LTECube to send a broadcast to all Microhard Cellular units on the
same network. Other units on the network will respond to the broadcast and report their MAC address, IP
address (With a hyperlink to that units WebUI page), description, firmware version.
The discovery service can be a useful troubleshooting tool and can be used to quickly find and indentify
other units on the network.
© Microhard 163
4.0 Configuration
The logout function allows a user to end the current configuration session and prompt for a login
screen.
© Microhard 164
5.0 AT Command Line Interface
A session can be made to the WAN IP Address (if allowed in the firewall settings) for remote configuration,
or to the local RJ45 interface.
Once a session is established a login is required to continue. The default login is admin, and the password
is admin. Once verified, the AT Command Line Interface menu is shown and AT Commands can now be
issued. (Type “?” or Help to list the commands).
IP: 192.168.168.1
Subnet: 255.255.255.0
Gateway: 192.168.168.1
© Microhard 165
5.0 AT Command Line Interface
- All commands start with the AT characters and end with the <Enter> key
- Microhard Specific Commands start with +M
- Help will list top level commands (ATL will list ALL available AT Commands)
- To query syntax of a command: AT+<command_name>=?
- Syntax for commands that are used only to query a setting:
AT<command_name>
- Syntax for commands that can be used to query and set values:
AT<command_name>=parameter1,parameter2,… (Sets Values)
AT<command_name>? (Queries the setting)
Query Syntax:
AT+MSMNAME=? <Enter>
+MSMNAME: Command Syntax: AT+MSMNAME=<Modem_Name>
Parameter:
<Modem_Name> : 1 - 64 characters. Must be alphanumeric or dots(.), or dashes(-)
or underscores(_)
OK
Setting a value:
AT+MSMNAME=LTECube <Enter>
OK
Query a setting:
AT+MSMNAME? <Enter>
Host name:LTECube
OK
A screen capture of the above commands entered into a unit is shown below:
Once AT commands are entered, they must be saved into the file system to enable the changes.
AT&W Saves changes.
ATO or ATA Exits the AT Command Line Interface, if used before AT&W,
changes are discarded.
© Microhard 166
5.0 AT Command Line Interface
Basic AT Commands
AT Command Description Syntax Effect
AT AT echo OK AT <enter> Immediate
Administrative AT Commands
AT Command Description Syntax Effect
AT+MAEURD1 Get/Set Event UDP Report No.1 AT+MAEURD1[=<Mode>[,<Remote IP>,<Remote Port>,<Interval Time>[,<Interfaces>]]] AT&W
AT+MAEURD2 Get/Set Event UDP Report No.2 Mode : 0 Disable
AT+MAEURD3 Get/Set Event UDP Report No.3 1 Modem Event Report
2 SDP Event Report
3 Management Report
Remote IP : valid IP address
Remote Port : 0 to 65535
Interval Time: 0 to 65535 seconds
Interfaces : (optional) 0 Disable; 1 Enable
Modem, Carrier for Modem Event Report
Radio, Ethernet, Carrier and VPN for Management Report
© Microhard 167
5.0 AT Command Line Interface
<Mode>:
0 - Disable
1 - Enable
<ROCommunity>: Read Only Community Name
1 to 32 characters
<RWCommunity>: Read Write Community Name
1 to 32 characters
<Port>: Listening Port
1 to 65535. Default is 161
<Version>: SNMP version
1 - Version 1
2 - Version 2
3 - Version 3 (Use AT+MASNMPV3 to set Authentication and Privacy parameters)
© Microhard 168
5.0 AT Command Line Interface
Firewall AT Commands
AT Command Description Syntax Effect
AT+MFGEN Get/Set firewall general configura- AT+MFGEN[=<Config>[,<Mode>]] AT&W
tion Parameters
Config : 3 - Anti-Spoof
4 - Packet Normalization
5 - Carrier Remote Management
6 - Carrier Request
7 - LAN to Carrier Access Control
Mode : 0 - Disable (Block)
1 - Enable (Allow)
AT+MFDMZ Get/Set firewall DMZ configuration AT+MFDMZ[=<DMZ Source>[,<DMZ Mode>[,<DMZ Server IP>,<Exception Port>,<SNAT>]]] AT&W
Parameters:
DMZ Source : 1 - Carrier
DMZ Mode : 0 - Disable
1 - Enable
DMZ Server IP : Valid IP address
Exception Port : 0 - 65535
Source NAT : 0 - No; 1 - Yes
© Microhard 169
5.0 AT Command Line Interface
© Microhard 170
5.0 AT Command Line Interface
Carrier/Modem AT Commands
AT Command Description Syntax Effect
AT+MMIMEI Get Modem’s IMEI AT+MMIMEI <enter> Immediate
+MMIMEI: 357188080005558
© Microhard 171
5.0 AT Command Line Interface
Network AT Commands
AT Command Description Syntax Effect
AT+MNLAN Show/Add/Edit/Delete the network LAN AT+MNLAN AT&W
interface AT+MNLAN=<LAN Name>
AT+MNLAN=<LAN Name>,DEL
AT+MNLAN=<LAN Name>,ADD/EDIT,<Protocol>[,<IP>,<Netmask>] Where <Protocol>=0
AT+MNLAN=<LAN Name>,ADD/EDIT,<Protocol> Where <Protocol>=1 or 3
AT+MNLAN=<LAN Name>,EDIT,<Protocol>[,<IP>,<Netmask>] Where <Protocol>=2 and
<LAN Name>="lan"
Parameters:
LAN Name : Name of Network LAN interface. System built-in one is "lan"
Operation : ADD - Add a new LAN interface
EDIT - Edit an exsiting LAN interface
DEL - Delete an existing LAN interface
Protocol : 0 - Static IP
1 - DHCP with LAN alias disabled
2 - DHCP with LAN alias enabled, only for "lan"
IP Address : Valid IP address
Netmask : Valid netmask
AT+MNLANDHCP Get/Set LAN DHCP server on LAN inter- AT+MNLANDHCP=<LAN Name>[,<Mode>[,<Start IP>,<Limit>,<Lease Time>[,<Alt. Gate- AT&W
face way>, <Pre. DNS>,<Alt. DNS>,<WINS/NBNS Servers>,<WINS/NBT
Node>]]]
Parameters:
LAN Name : Name of Network LAN interface
Mode : 0 - Disable DHCP Server
1 - Enable DHCP Server
Start IP : The starting address DHCP assignable IP Addresses
Limit : The maximum number of IP addresses. min=1 max=16777214
Lease Time : The DHCP lease time in minutes. 2~2147483647 minutes. 0
means'infinity'
Alt. Gateway : Alternate Gateway for DHCP assigned devices if the default
gateway is not to be used
Pre. DNS : Preferred DNS server address to be assigned to DHCP devices
Alt. DNS : Alternate DNS server address to be assigned to DHCP devices
WINS/NBNS Server : WINS/NBNS Servers
WINS/NBT Node : WINS/NBT Node Type
0 - none
1 - b-node
2 - p-node
3 - m-node
4 - h-node
AT+MNLANIGMP Get/Set the network LAN interface: AT+MNLANIGMP=<LAN Name>[,<IGMP Snooping>] AT&W
IGMP Snooping Parameters:
LAN Name : Name of Network LAN interface
IGMP Snooping : 0 - Off
1 - On
AT+MNLANDNS Get/Set the network LAN interface: AT+MNLANDNS=<LAN Name>[,<Mode>[,<Primary DNS>,<Secondary DNS>]] AT&W
DNS Usage:
AT+MNLANDNS=<LAN Name>
AT+MNLANDNS=<LAN Name>,<Mode> Where <Mode>=0
AT+MNLANDNS=<LAN Name>,<Mode>[,<Primary DNS>,<Secondary DNS>] Where <Mode>=1
Parameters:
LAN Name : Name of Network LAN interface
Mode : 0 - Auto
1 - Manual
Primary DNS : Valid IP Address or 0 (Reset)
Secondary DNS : Valid IP address or 0 (Reset)
© Microhard 172
5.0 AT Command Line Interface
AT+MNEMAC Get the MAC address of the local AT+MNEMAC <enter> Immediate
Ethernet interface Sample Output:
+MNEMAC: "00:0F:92:02:F9:0F"
OK
AT+MNPORT Get/Set the Ethernet port configura- AT+MNPORT[=<Ethernet Port>[,<Mode>[,<Auto Negotiation>,<Speed>,<Duplex>]]] AT&W
tion Parameters:
Ethernet Port : 0 - LAN
Mode : 0 - Auto
1 - Manual
Auto-Negotiation : 0 - Off
: 1 - On
Speed : 0 - 10 Mbit/s
1 - 100 Mbit/s
Duplex : 0 - Full
1 - Half
© Microhard 173
5.0 AT Command Line Interface
© Microhard 174
5.0 AT Command Line Interface
System AT Commands
AT Command Description Syntax Effect
AT+MSCNTO Get/Set the console timeout AT+MSCNTO=<Timeout_s> AT&W
Parameter:
<Timeout_s> : 30 to 65535 in seconds, 0-Disable
AT+MSIMG Get the image status for both active AT+MSIMG <enter> Immediate
and inactive images. Active Version : v1.3.0-r1086
Active Build Time : 2022-09-22 11:17:52
Inactive Version : v1.3.0-r1086
Inactive Build Time : 2022-09-22 11:17:52
© Microhard 175
5.0 AT Command Line Interface
AT+MSWEBUI Get/Set Web UI protocol and port AT+MSWEBUI[=<Mode>[,<HTTP Port>][,<HTTPS Port>]]] Immediate
Parameters:
<Mode>: 0 - HTTP/HTTPS
1 - HTTP
2 - HTTPS
3 - Disable
<HTTP Port>: 1 to 65535. 80 by default
<HTTPS Port>: 1 to 65535. 443 by default
Usages:
AT+MSWEBUI
AT+MSWEBUI=<Mode>[,<HTTP Port>,<HTTPS Port>] when <Mode>=0
AT+MSWEBUI=<Mode>[,<HTTP Port>] when <Mode>=1
AT+MSWEBUI=<Mode>[,<HTTPS Port>] when <Mode>=2
AT+MSWEBUI=<Mode> when <Mode>=3
Note: Not require AT&W
AT+MSTR=1 <enter>
LAN
RX packets: 4454
RX bytes : 404312
TX packets: 3462
TX bytes : 834448
AT+MSOPTRST Reset to default configurations with AT+MSOPTRST=<Action>,<Keep Carrier Settings>,<Keep IoT Settings>,<Wipeout data Immediate
options: and logs>
1. Keep Carrier Settings Parameter:
2. Keep IoT Setting <Action>: 0 - Pre-set action and options
3. Wipeout data and logs 1 - Confirm action and options
<Keep Carrier Settings> : 0 - Disable; 1 - Enable
<Keep IoT Settings> : 0 - Disable; 1 - Enable
<Wipeout data and logs> : 0 - Disable; 1 - Enable
© Microhard 176
5.0 AT Command Line Interface
AT+MWHTMODE Get/Set radio high throughput mode AT+MWHTMODE[=<High Throughput Mode>] AT&W
<High Throughput Mode>
0 - HT20
1 - HT40-
2 - HT40+
3 - Force HT40-
4 - Force HT40+
© Microhard 177
5.0 AT Command Line Interface
© Microhard 178
5.0 AT Command Line Interface
© Microhard 179
5.0 AT Command Line Interface
GPS AT Commands
AT Command Description Syntax Effect
AT+MGPSSTA Get/Set GPS status AT+MGPSSTA[=<Mode>] AT&W
Parameters:
Mode: 0 Disable
1 Enable
© Microhard 180
Appendix A: Port Forwarding Example (Page 1 of 2)
By completing the Quick Start process, a user should have been able to log in and set up the LTECube to
work with their cellular carrier. By completing this, the modem is ready to be used to access the internet
and provide mobile connectivity. However, one of the main applications of the LTECube is to access
connected devices remotely. In order to do this, the LTECube must be told how to deal with incoming
traffic, where to send it to.
In this section we will talk about port forwarding. Port forwarding is ideal when there are multiple devices
connected to the LTECube, or if other features of the LTECube are required (Firewall, etc). In port
forwarding, the LTECube looks at each incoming Ethernet packet on the WAN and by using the destination
port number, determines where it will send the data on the private LAN . The LTECube does this with each
and every incoming packet.
DMZ (a form of port forwarding) is useful for situations where there are multiple devices connected to the
LTECube, but all incoming traffic is destined for a single device. It is also popular to use DMZ in cases
where a single device is connected but several ports are forwarded.
Consider the following example. A user has a remote location that has several devices that need to be
accessed remotely. The User at PC1 can only see the LTECube directly using the public static IP assigned
by the wireless carrier, but not the devices behind it. In this case the LTECube is acting as a gateway
between the Cellular Network and the Local Area Network of its connected devices. Using port forwarding
we can map the way that data passes through the LTECube.
Wired or Wireless
Devices
LTECube
WAN IP:
PC1: Connected to 74.198.186.193
internet. (Cellular Carrier)
IP Camera: 192.168.0.40
Webserver on Port 80
Step 1
Log into the LTECube (Refer to Quick Start), and ensure that the Firewall is configured. This can be found under
Firewall > General. Also ensure that that sufficient Rules or IP lists have been setup to allow specific traffic to pass
through the LTECube. See the Firewall Example in the next Appendix for information on how to allow connections from
an IP or to open ports. Once that is complete, remember to “Submit” the changes.
© Microhard 181
Appendix A: Port Forwarding Example (Page 2 of 2)
Step 2
Determine which external ports (Carrier) are mapped to which internal IP Addresses and Ports (LAN). It is important to
understand which port, accessible on the outside, is connected or mapped to which devices on the inside. For this
example we are going to use the following ports, in this case it is purely arbitrary which ports are assigned, some
systems may be configurable, other systems may require specific ports to be used.
Notice that to the outside user, the IP Address for every device is the same, only the port number changes, but on the
LAN, each external port is mapped to an internal device and port number. Also notice that the port number used for the
configuration GUI for all the devices on the LAN is the same, this is fine because they are located on different IP
addresses, and the different external ports mapped by the LTECube (80, 8080, 8081, 8082), will send the data to the
intended destination.
Step 3
Create a rule for each of the lines above. A rules does not
need to be created for the first line, as that was listed simply to
show that the external port 80 was already used, by default, by
the LTECube itself. To create port forwarding rules, Navigate to
the Firewall > Port Forwarding menu. When creating rules,
each rules requires a unique name, this is only for reference
and can be anything desired by the user. Click on the “Add
Port Forwarding” button to add each rule to the LTECube.
Step 4
Configure the static addresses on all attached devices. Port forwarding required that all the attached devices have static
IP addresses, this ensure that the port forwarding rules are always correct, as changing IP addresses on the attached
devices would render the configured rules useless and the system will not work.
Step 5
Test the system. The devices connected to the LTECube should be accessible remotely. To access the devices:
For the Web Server on the PC, use a browser to connect to 74.198.186:193:8080, the result should be as follows:
To access the other devices/services: For the PLC Web Server: 74.198.186.193:8081, for the Camera
74.198.186.193:8082, and for the Modbus on the PLC telnet to 74.198.186.193:10502 etc.
© Microhard 182
Appendix B: VPN Example (Page 1 of 2)
By completing the Quick Start process, a user should have been able to log in and set up the LTECube to
work with their cellular carrier. By completing this, the modem is ready to be used to access the internet
and provide mobile connectivity. However, one of the main applications of the LTECube is to access
connected devices remotely. In addition to Port Forwarding, the LTECube has several VPN capabilities,
creating a tunnel between two sites, allowing remote devices to be accessed directly.
VPN allows multiple devices to be connected to the LTECube without the need to individually map ports to
each device. Complete access to remote devices is available when using a VPN tunnel. A VPN tunnel can
be created by using two LTECube devices, each with a public IP address. At least one of the modems
require a static IP address. VPN tunnels can also be created using the LTECube to existing VPN capable
devices, such as Cisco or Firebox.
Site A Site B
LTECube LTECube
WAN IP Carrier Assigned: WAN IP Carrier As-
A.B.C.D signed: E.F.G.H
Log into each LTECube (Refer to Quick Start) and ensure that the Firewall is configured. This can be found under
Firewall > General. Ensure that sufficient Rules or IP lists have been setup to allow specific traffic to pass through the
LTECube. Once that is complete, remember to “Apply” the changes.
Step 2
Configure the LAN IP and subnet for each LTECube. The subnets must be different and cannot overlap.
Site A Site B
© Microhard 183
Appendix B: VPN Example (Page 2 of 2)
Step 3
Site A Site B
A.B.C.D E.F.G.H
Must Match!
© Microhard 184
Appendix C: Firewall Example (Page 1 of 2)
By completing the Quick Start process, a user should have been able to log in and set up the LTECube to
work with their cellular carrier. By completing this, the modem is ready to be used to access the internet
and provide mobile connectivity. However, one of the main applications of the LTECube is to access
connected devices remotely. Security plays an important role in M2M deployments as in most cases the
modem is publicly available on the internet. Limiting access to the LTECube is paramount for a secure
deployment. The firewall features of the LTECube allow a user to limit access to the LTECube and the
devices connected to it by the following means
- Customizable Rules
- MAC and/or IP List
- ACL (Access Control List) or Blacklist using the above tools.
Consider the following example. An LTECube is deployed at a remote site. It is required that only a specific
host (Host A) have access to the deployed LTECube including the remote management features.
Host B:
84.53.23.12
Host A:
184.71.46.126
LTECube
Cell IP: 74.198.186.193
Firewall
Host C:
186.41.57.101
Step 1
Log into the LTECube (Refer to Quick Start). Navigate to the Firewall > General tab as shown below and block all
Carrier traffic by unchecking the Remote Access, and uncheck Remote Management . Be sure to Apply the settings.
At this point it should be impossible to access the LTECube from the Cellular (Carrier) Connection.
© Microhard 185
Appendix C: Firewall Example (Page 2 of 2)
Step 2
Under the Rules tab we need to create a new rule to enable Host A access to the Remote Management Port (TCP Port
80).
Rule
After the rule is created be sure to click the ADD Rule button, and then select the Submit button to write the rule to the
LTECube. The Firewall Rules Summary should look like what is shown below.
Step 3
Test the connection. The LTECube should only allow a connection from the Host A. An alternate means to limit
connections to the LTECube to a specific IP would have been to use the MAC-IP List Tool. By using Rules, we can not
only limit specific IP’s, but we can also specify ports that can be used by an allowed IP address.
© Microhard 186
Appendix D: Troubleshooting
Below is a number of the common support questions that are asked about the LTECube. The purpose of
the section is to provide answers and/or direction on how to solve common problems with the LTECube.
__________________________________________________________________
Answer: To connect to the internet a SIM card issued by the Wireless Carrier must be installed and the
APN programmed into the Carrier Configuration of the LTECube. For instructions of how to log
into the LTECube refer to the Quick Start.
__________________________________________________________________
Answer: The default IP address for the LAN (RJ45 connector) is 192.168.168.1.
__________________________________________________________________
Question: What information do I need to get from my wireless carrier to set up the LTECube?
Answer: The APN is required to configure the LTECube to communicate with a wireless carrier. Some
carriers also require a username and password. The APN, username and password are only
available from your wireless carrier.
Newer units may support an AUTO APN feature, which will attempt to determine the APN from a
preconfigured list of carriers and commonly used APN’s. This is designed to provide quick
network connectivity, but will not work with private APN’s. Success with AUTO APN will vary by
carrier.
________________________________________________________________
Answer: If you are logged into the LTECube navigate to the System > Maintenance Tab. If you cannot log
in, power on the LTECube and wait until the status LED in on solid (not flashing). Press and hold
the CONFIG button until the unit reboots (about 8-10 seconds).
_________________________________________________________________
Question: I can connect the Carrier, but I can’t access the Internet/WAN/network from a connected PC?
Answer: Ensure that you have DHCP enabled or manually set up a valid IP, Subnet, Gateway and DNS
set on the local device.
__________________________________________________________________
© Microhard 187
Appendix D: Troubleshooting
__________________________________________________________________
Answer: To access devices behind the LTECube remotely, several methods can be used:
A. Port Forwarding/DMZ - Individual external WAN ports are mapped to internal LAN IP’s and
Ports. See the Port-Forwarding Appendix for a detailed example.
B. VPN - A tunnel can be created and full access to remote devices can be obtained. Required
the use of multiple modems or VPN routers. See the VPN Appendix on an example of how to set
up a VPN.
_________________________________________________________________
Question: I have Internet/Carrier access but I cannot ping the device remotely?
Answer: Ensure that appropriates Rules have been created in the Firewall to allow traffic.
_________________________________________________________________
Question: Why does my modem reset every 10 minutes (or other time)?
Answer: There are a number of processes in the LTECube that ensure that the unit is communicating at
all times, and if a problem is detected will reboot the modem to attempt to resolve any issues:
1. Keepalive - Attempts to contact a configured host on a defined basis. Will reboot modem if
host is unreachable. Enabled by default to attempt to ping 8.8.8.8. May need to disable on
private networks, or provide a reachable address to check. Access via System > Keepalive.
3. Local Device Monitor - The LTECube will monitor a local device, if that device is not present
the LTECube may reboot. Apps > LocalMonitor.
__________________________________________________________________
Answer: Refer to the VPN Appendix for an example of how to set up a Gateway to Gateway VPN with a
pair of LTECube modems.
© Microhard 188
150 Country Hills Landing NW
Calgary, Alberta
Canada T3K 5P3
© Microhard 189