Arctic Networking Properties

Jari Lahti, CTO

General networking properties

Wireless

SolutionsIndustry

Network menu

Summary

GPRS

CDMA

UMTS

EDGE

WiMax

BLUETOOTH

WiFi

Summary• Shows the status of all active network interfaces

– loopback, Ethernet, SSH-VPN, L2TP-Tunnel, Dial-In

• Shows the routing table• Shows the ARP cache

Ethernet

GPRS

CDMA

UMTS

EDGE

WiMax

BLUETOOTH

WiFi

Ethernet• 10 Base-T or 100 Base-T

– supports auto negotiation– supports half duplex and full duplex

• Shielded Ethernet connection, shield connected to power supply ground– when using shielded cable consider the possible

potential differences

Ethernet settings• Override Ethernet configuration by DHCP?

– Enable if Arctic should fetch the Ethernet configuration from DHCP server on LAN

– Make sure the Default gateway is not enabled by DHCP server if other interface (Tunnel, GPRS) should be used as default route

• Host name– The Host name of Arctic– Identifies Arctic on SSH-VPN and L2TP Tunnels.

Each Arctic must have different hostname on Tunneling configurations

• Ethernet IP address– The IP address of Arctic Ethernet interface (LAN)

• Network mask– The network mask of Ethernet network

• Default gateway– The IP address of default gateway on LAN– Use only when Ethernet should be used as

default route– Disable by entering 0

• DNS servers– Addresses of DNS servers

• MAC address– shows Arctic's MAC/HW address

• NOTE– Arctic must have only one default

route (Ethernet, GPRS, Tunnel) enabled simultaneously!

GPRS

GPRS

CDMA

UMTS

EDGE

WiMax

BLUETOOTH

WiFi

GPRS• General Packet Radio Service• Wireless packet data channel• Based on GSM technology and networks• Designed for TCP/IP traffic• Dynamic radio channel allocation• Faster data transfer compared to GSM data• Pricing based on amount of data• Different pricing models, subscription and operator

dependent– X EUR / MB (typically 0,5 - 2 EUR/MB)– X EUR / 100 MB (typically 5 - 15 EUR / 100 MB)– X EUR / Unlimited communication (typically 10 - 20

EUR)• Public network, Global - low initial investments

GPRS throughput

• Class 10 (4 downlink channels, 2 uplink channels)

• Typically CS1 and CS2 supported by GPRS networks• Table above indicates maximum throughput

– practical throughput ~ 70-80% of maximum– ~5 kB/sec download

• Round-trip times 350 ms - 2 sec– first packets typically have longer delays

Uplink speed

Downlink speed

CS1 18,1 36,2 CS2 26,8 53,6 CS3 31,2 62,4 CS4 42,8 107,0

CODING SCHEMES:CS1 => 9.05 kbpsCS2 => 13.4 kbpsCS3 => 15.6 kbpsCS4 => 21.4 kbps

GPRS settings

• Maximum MTU value– Maximum size of sent GPRS packet in bytes

• Default route– Enable if GPRS is used as a default route to external

networks (typically when plain GPRS is used)– Disable if other connection (Tunnel, Ethernet) is used

as a default route to external networks• NOTE

– Arctic must have only one default route (Ethernet, GPRS, Tunnel) enabled simultaneously!

• GPRS enabled– Set Yes to allow GPRS communication

• Access point name– mandatory parameter– public APN usually "INTERNET"– private APN (e.g. viola.fi) requires operator

contract• PIN code

– The PIN code of GPRS SIM card (e.g. 1234)– Non-numeric value causes Arctic not to try PIN

code– The SIM card must have at least 2 tries left

• Led indication– Data only - GPRS LED blinks when data is

transmitted– Informative - GPRS LED indicates data and

GPRS registration status• GPRS username & password

– Username and password required by APN– Use ”dummy” values e.g. user and pass even

when not required by APN• PPP idle timeout

– If GPRS connection is idle more than defined amount of seconds Arctic will re-establish GPRS connection

– The ICMP Echo sending interval of monitor should be smaller than PPP idle timeout in order to have uninterrupted connetion

GPRS LED• On "Data only" mode the GPRS LED blinks when Arctic

transmits GPRS data• On "Informative" mode the GPRS LED behaves

following way– OFF: GPRS Modem turned off– 600 ms ON / 600 ms OFF: No SIM card inserted or

no PIN entered, or network search in progress– 75 ms ON / 3 s OFF: Logged to network– 75 ms ON / 75 ms OFF / 75 ms ON / 3 s OFF: GPRS

activated– Flashing slow: Indicates GPRS data transfer– ON: GSM Data call on progress

Dial - in

GSM Data

GPRS

CDMA

UMTS

EDGE

WiMax

BLUETOOTH

WiFi

Dial-in• It is possible to dial-in into Arctic with GSM data call

– To configure Arctic in situations where GPRS connection is not possible

– Public APN, Firewall blocks, D-NAT forwards TCP ports 22 (SSH), 23 (Telnet) or 80 (HTTP), Tunnel problems

– Installed but unconfigured device• The SIM card must allow incoming data calls• Dial-in is enabled in Arctic by default

• change the default username and password for Dial-in• When dial-in is active the GPRS data is suspended• Dial-in uses PPP protocol, not plain data.

GSM data

Dial-in settings

• NOTE– also SMS Config is available for

remote configuration in situations where GSM data is not possible

• Dial-in enabled– Set Yes to allow incoming data calls

• Require authentication (PAP)– Set Yes to require password/username

authentication for PPP connection

• Required username & password– The required username/password

combination

• Idle timeout– If the dial-in connection is idle more than

defined timeout of seconds Arctic closes the connection

• Local IP address– The IP address Arctic allocates itself in PPP

connection

– After the connection is established the Arctic can be reached by using this IP address

• Peer's IP address– The IP address Arctic allocates for Peer (e.g.

Laptop computer) in PPP connection

Configuring Dial-In on Windows• Modem needs to be installed on PC (conventional PSTN

or GSM modem)• Go to Control Panel > Network connections• Select "Create new Connection"• Network connection type is "Connect to the Internet"• Select "Set up my connection manually"• Select "Connect using a dial-up modem"• Select suitable modem • ISP name can be e.g. Arctic or the hostname of Arctic• Type the Arctic SIM card number as number to dial

– Arctic SIM must support incoming GSM data call• Type the username and password for Arctic Dial-in

– "user" and "pass" by default• Uncheck "Make this the default internet connection"• Press finish - the Dial-in connection is configured• To Dial-in to Arctic double-click the created connection icon

on Control Panel > Network connections

SSH-VPN

Tunneling

GPRS

CDMA

UMTS

EDGE

WiMax

BLUETOOTH

WiFi

SSH-VPN• Secure and authenticated VPN tunnel

– uses SSH protocol

– authentication with 1024 bit RSA keys

– communicating parties must know each other's public keys in order to be able to authenticate

• Extra GPRS data caused by SSH-VPN ~ 50-60 bytes/packet• Tunnel establishment takes more time and data than with L2TP-

Tunneling– Operators usually drop GPRS connections after X hours

• When SSH-VPN Tunnel is succesfully formed the "Status" LED of Arctic lits

• SSH uses TCP protocol– TCP is connection oriented protocol - possible NAT devices between Arctic

and M2M GW maintains NAT binding without keepalive data

– Each packet must be acknowledged by receiver with ACK packet

– If the "tunneled" data also uses TCP this leads situation where multiple ACK packets are sent. This increases the amount of data transmitted and decreases performance on interactive applications

USER TCP DATA OVER SSH

SSH ACK

USER TCP ACK OVER SSH

SSH ACK

Usually combined to a single packet

SSH-VPN settings

• Routing mode– "None" used if the SSH-VPN is a default route already and Arctic is

not required to advertise any specific network to Ethernet with Proxy-ARP

– "Tunnel the following network" used to tell the Arctic which network is reachable behind tunnel. This must be used when the remote network is a subnet of the network in Ethernet interface or when the SSH-VPN is not the default route of Arctic

• Remote network IP & mask– Defines the remote network behind tunnel

• Use SSH-VPN– Set Yes to allow SSH-VPN operation

• Interface– Define the interface (GPRS or Ethernet)

used to form SSH-VPN Tunnel

• Default route– Enable if the SSH-VPN tunnel is the

primary comunication channel

– Usually this should be enabled

– If enabled all other default gateways (Ethernet, GPRS) must be disabled

• Tunnel server IP– The public IP address of M2M Gateway

• Tunnel server port– The TCP port M2M Gateway listens for

incoming SSH connections

• Tunnel server GW– If Ethernet is used and M2M Gateway is

not in same LAN as Arctic this field must contain the IP address of LAN's default gateway

SSH-VPN key management

• Local SSH public key– The public SSH key of Arctic. This must be copied to M2M Gateway– Use SHIFT-END to select the whole key and copy with CNTRL-C– Paste to M2M GW with CNTRL-V

• Server SSH key– Shows the public key of M2M GW if the key is known by Arctic

• Retrieve SSH server key– Uses HTTP (TCP port 80) to fetch the public key from M2M GW

• Insert SSH server key– Paste the public key of M2M GW here manually if the "retrieve" method does not work

Common SSH-VPN problems• Most of the problems are routing-related

– Multiple default routes defined to Arctic, there must be only one default route/default gateway defined

– "Remote network IP" and "Remote network mask" are incompatible in Arctic. Check the routes in Network>Summary when tunnel is active

– "Remote network IP" and "Remote network mask" are incompatible in M2M GW. Check with "route" command on M2M GW when tunnel is active.

• SSH-VPN can not be established– Check the SSH-VPN interface (GPRS or Ethernet)

– Check the public keys. M2M GW and Arctic must know each other's public keys

– Check the firewall in M2M GW side to allow TCP port 22

• SSH-VPN works only certain time if operator closes PDP contexts– Check the Arctic monitor pings the other end of tunnel, not the public IP

address

• SSH-VPN drops after several hours– Check how often the operator drops GPRS connections

• SSH-VPN is slow or high variance in response times– "TCP over TCP" decreases performance, consider L2TP Tunnel

L2TP TUNNEL

GPRS

CDMA

UMTS

EDGE

WiMax

BLUETOOTH

WiFi

L2TP TUNNEL• Plain tunneling without strong authentication or encryption

– M2M Gateway authenticates the Arctic only by user/password combination

– Data is not encrypted

• Very fast data transfer and small delays when compared to other tunnels• Very fast tunnel establishment• Suitable for bringing full routing to private-APN systems• Suitable for applications not requiring strong security• Extra GPRS data caused by L2TP Tunnel ~ 30-40 bytes/packet• L2TP uses UDP

– UDP is connectionless protocol - possible NAT devices (APN, firewall) between Arctic and M2M GW may maintain the NAT binding only 30-60 seconds

– In order to keep the NAT binding valid additional keepalive data may be required

– Ask the NAT binding timeout from operator!

• When L2TP Tunnel is succesfully formed the "Status" LED of Arctic lits

L2TP-TUNNEL settings• Use L2TP-VPN

– Set Yes to allow L2TP tunneling

• Interface– Define the interface (GPRS or Ethernet) used to

form L2TP Tunnel

• Default route– Enable if the L2TP tunnel is the primary

comunication channel– Usually this should be enabled – If enabled all other default gateways (Ethernet,

GPRS) must be disabled

• L2TP server IP– The public IP address of L2TP server

• L2TP server port– The UDP port L2TP server listens for incoming

connections

• L2TP server gateway– If Ethernet is used and L2TP server is not in same

LAN as Arctic this field must contain the IP address of LAN's default gateway

• L2TP username & password– If the L2TP server requires PAP authentication

these settings define the username/password combination

• Hello interval– Interval sending L2TP "Hello" messages in order

to keep NAT binding active

• Routing mode– "None" used if the L2TP is a default route already and Arctic is not

required to advertise any specific network to Ethernet with Proxy-ARP

– "Tunnel the following network" used to tell the Arctic which network is reachable behind tunnel. This must be used when the remote network is a subnet of the network in Ethernet interface or when the L2TP is not the default route of Arctic

• Remote network IP & mask– Defines the remote network behind tunnel

Common L2TP problems• Most of the problems are routing-related

– Multiple default routes defined to Arctic, there must be only one default route/default gateway defined

– "Remote network IP" and "Remote network mask" are incompatible in Arctic. Check the routes in Network>Summary when tunnel is active

– "Remote network IP" and "Remote network mask" are incompatible in M2M GW. Check with "route" command on M2M GW when tunnel is active.

• L2TP Tunnel can not be established– Check the L2TP interface (GPRS or Ethernet)

– Check the firewall in M2M GW side to allow UDP port 1701

• L2TP works only certain time– Check the Arctic monitor pings the other end of tunnel, not the public IP

address

• L2TP works only certain time (minutes)– Check how long the operator's NAT (or other NAT device between Arctic

and L2TP server) maintains NAT binding for UDP and adjust the L2TP Hello interval to be smaller than the timeout

– Extra data caused by keepalive ~30 bytes / packet

Monitor

GPRS

CDMA

UMTS

EDGE

WiMax

BLUETOOTH

WiFi

Monitor• The monitor application performs runtime supervisory of

Arctic by inspecting various resources like– Status of filesystem and memory

– GPRS modem and SIM card

– Status of applications

• The monitor should be used to verify the "end-to-end" operation of GPRS or Tunnel connection. This is achieved by periodically pinging the defined IP address.– In Tunnel mode pinging the private Tunnel IP of M2M GW

– In plaing GPRS mode pinging suitable public IP address.

• If the ping fails the monitor restarts GPRS connection and the Tunnel

• If the systems inspection fails or the ping fails many times the monitor reboots Arctic

• The monitor itself is protected by HW watchdog. If the monitor application hangs the Arctic will reboot.

Monitor settings

• NOTE– each ping sent consumes ~50 bytes of data in plain GPRS

mode and ~100 bytes in Tunnel mode– the reply consumes same amount– the Interval defines the minimum time to detect closed

GPRS or Tunnel connection. Adjust this parameter according the criticality of connection

– the interval must be smaller than GPRS idle timeout (typically 2/3 of GPRS idle timeout) in order to have uninterrupted communication

• ICMP Echo sending– Set enabled in order to allow end-to-end

testing of GPRS or Tunnel connection

• Interval– The interval in seconds between ICMP Echo

requests (pings) sent

• Reply timeout– The timeout in seconds waiting reply for sent

ICMP Echo request

• Retries– Number of retries sent before detecting

connection to be closed

• Target IP address– The IP address where ICMP Echo requests

are sent

– In Tunnel mode this should be the other end of tunnel (M2M GW)

• Secondary target IP address– The secondary IP address where ICMP

Echo requests are sent if the primary IP address does not respond

– Use this option only in plain GPRS mode

Routing

GPRS

CDMA

UMTS

EDGE

WiMax

BLUETOOTH

WiFi

Routing settings• Act as a router?

– Enable in order to allow Arctic to route traffic between Ethernet, GPRS and Tunnel

– Enabled by default

• Use Proxy ARP?– Enable in order to allow Arctic to "cheat"

devices in Ethernet

– Usually used with subnetting when the network behind tunnel is a subnet of the network behind Ethernet interface

– Proxy-ARP makes it possible to access devices in subnet without using Arctic as a default gateway for Ethernet devices

– Disabled by default

NAT

Network Address

TranslationGPRS

CDMA

UMTS

EDGE

WiMax

BLUETOOTH

WiFi

S-NAT (Source NAT)• Replaces the source address of IP packet with GPRS IP

address• This is usually required (Network does not know how to

route private IP addresses)– access internet from laptop-PC thru Arctic

• The S-NAT can be turn completely off on Arctic• It's also possible to define only certain source addresses

to be S-NAT processed

GPRSEthernet

ARCTIC

GPRS IP: 11.22.33.44

Ethernet IP: 10.10.10.1

1 2

Data from 10.10.10.2 Data from 11.22.33.44

S-NAT settings• Enable S-NAT

– set Yes to enable S-NAT operation

• Use– Yes - The defined source

address is S-NAT processed

– No - The defined source address is not S-NAT processed

• From IP– Defines the IP address or IP

address range to be S-NAT processed

• IP Address syntax– single IP address format (1.2.3.4)– net/bits on net (1.2.3.0/24)– any IP (0/0 or empty)

• S-NAT is enabled by default

D-NAT (Destination NAT)

• Requires fixed GPRS IP address (Private APN)

• Arctic forwards defined (protocol,port) connections from GPRS to Ethernet by replacing the destination IP address of packet

• The reply contains Arctic's GPRS IP as source address

• Makes it possible to access Ethernet devices behind GPRS without tunneling

• The Ethernet devices use Arctic as default gateway

• The Arctic uses GPRS connection as default route

Connect to 11.22.33.44 port 888

Forward to 10.10.10.4 port 80 GPRSEthernet

ARCTIC

GPRS IP: 11.22.33.44

Ethernet IP: 10.10.10.1

1

2

Reply from 10.10.10.4 port 80

3Reply from 11.22.33.44 port 888

4

D-NAT settings

• Source IP Address syntax– single IP address format (1.2.3.4)– net/bits on net (1.2.3.0/24)– any IP (0/0 or empty)

• "Redirect to IP" accepts only single IP address format

• Enable D-NAT– set Yes to enable D-NAT operation

• Use– Yes - The defined rule is processed

– No - The defined rule is not processed

• Protocol– ANY - Checks the IP address only

– TCP - Protocol must be TCP

– UDP - Protocol must be UDP

– ICMP - Protocol must be ICMP

• Source IP– The source address of packet

• Destination port– The destination port (TCP,UDP) or ICMP

type of packet

• Redirect to IP– The new destination IP address where

packet is redirected

• Redir. port– The new destination port (TCP,UDP) or

ICMP type where packet is redirected

Common NAT problems• Redirecting (D-NAT) TCP port 22 (SSH), Telnet (23) or

80 HTTP and therefore making it impossible to access Arctic configuration from GPRS.– Solution: SMS config or Dial-in still provides access

• Setting D-NAT protocol to ANY and therefore making it impossible to access Arctic configuration from GPRS.– Solution: SMS config or Dial-in still provides access

• Running FTP server on passive mode behind D-NAT does not work, FTP must use active mode

• Some VPN programs (Ipsec in tunnel mode) require NAT traversal in order to work over S-NAT

DNS Update

GPRS

CDMA

UMTS

EDGE

WiMax

BLUETOOTH

WiFi

DNS Update• Requires public (but not static) GPRS IP address• Requires GPRS operator to allow incoming GPRS

connections– Operator and subscription dependent policy

• The idea is that Arctic informs remote Domain Name Server which IP address Arctic got from GPRS

• Then the Arctic can be addressed with domain name instead of IP address– Makes it easier to access GPRS device, especially on

automatic data collection applications

APNGPRS IP: 62.22.33.11

USER

DNS SERVER

I Have IP 62.22.33.11

IP 62.22.33.11

Which IP is "arctic.exampledomain.com"?

"arctic.exampledomain.com" is 62.22.33.11

Connect to 62.22.33.11

DNS Update settings• Enable

– set Yes to enable DNS update

• Record TTL– Informs the DNS server how long the IP

address is valid

• Record refresh interval– How often Arctic refresh the DNS server

about it's IP address (should be smaller than Record TTL)

• Zone– The Zone (domain) where Arctic belongs

• Authoritative name server address– The IP address of DNS server which is

responsible of maintaing the Zone's Name-IP address bindings

• Our domain name– The domain name Arctic is given

• Use Transaction Signatures– Set yes to enable DNS update authentication

(usually required)

• Tsig key name and Tsig key– Like username and password for

authentication– The key must be Base64 encoded

• NOTE– DNS update works with common DNS

servers like DNS-BIND– DNS update does not work with

DynDSN.org and other similar services using non-standard protocols

SMS Config

GPRS

CDMA

UMTS

EDGE

WiMax

BLUETOOTH

WiFi

SMS Config• Enables Artic to be monitored and controlled with SMS

messages– "Emergency" situations when Arctic on the field is not

reacheable with GPRS or Dial-in

• Two versions– Version 1.1

• Simple command set

– Versions 1.2 and newer• Advanced command set• Advanced permission configuration

• SMS Config is enabled by default

• NOTE– SMS Config will delete all messages from SIM card– SMS Config will send "unknown command" reply if it does not

recognise command– =>Make sure the SIM card message storage is empty!

SMS Config 1.1• Password

– If password is defined for Arctic it must be given in SMS before the command by separating it with a comma (,)

• Command set (all commands must be small-cap)

–echo <string> echoes back the string (e.g. echo test)–reboot reboots arctic–restart gprs restarts GPRS–get hostname returns Arctic host name–get gprs enabled return is the GPRS enabled–get gprs pin returns GPRS PIN code–get gprs apn returns GPRS APN name–get gprs user returns GPRS user name–get gprs passwd returns GPRS password–get gprs defaultroute returns is the GPRS default route enabled–get gprs status returns is the GPRS enabled, active, interface name and enable status of default route

–Exampe with password: pass,restart gprs–Example without password: restart GPRS

FirewallWireless

SolutionsIndustry

Firewall menu

Firewall• Arctic firewall limits the IP

communication between the following networks– From GPRS to Arctic (incoming)

– From GPRS to LAN (forwarding)

– From LAN to GPRS (outgoing)

•Each firewall section can be turn on/off separately•The firewall can be turn completely on/off •Turning off the section or firewall means there is no traffic limitation

•The tunnel connections are not affected by firewall•The dial-in connections are not affected by firewall

Stateful inspection• Arctic firewall remembers the state of connections• No necessary to define separate rules for incoming and

outgoing data of connection• S-NAT and D-NAT rules are prosessed before firewall

rules• E.g. D-NAT is used to forward GPRS TCP port 888 to

LAN IP 10.10.10.2 port 80 • GPRS to LAN firewall needs to be configured to accept

TCP connection to 10.10.10.2 port 80

Forward to 10.10.10.2 port 80 GPRSEthernet

ARCTIC

GPRS IP: 11.22.33.44

Ethernet IP: 10.10.10.1

1

2

Reply from 10.10.10.2 port 80

3Reply from 11.22.33.44 port 888

4

Connect to 11.22.33.44 port 888

Order of rule processing• The rules are processed from top to bottom• It's not possible to enable communication if it's disabled

on rule before• It's not possible to disable communication if it's enabled

on rule before• Examples of misleading configurations

This setup accepts all data This setup drops all data to 10.10.10.4

GRPS to Arctic

• IP Address syntax– single IP address format (1.2.3.4)– net/bits on net (1.2.3.0/24)– any IP (0/0)

• Defines the rules how to treat the traffic coming from GPRS targeted to Arctic• Action

– NO RULE - rule is disabled

– ACCEPT - data is accepted

– DROP - data is discharded

• Protocol– ANY - Checks the IP address only

– TCP - Protocol must be TCP

– UDP - Protocol must be UDP

– ICMP - Protocol must be ICMP

• From IP– The source address of packet

• Destination port– The destination port (TCP,UDP) or ICMP type of packet

GRPS to LAN

• IP Address syntax– single IP address format (1.2.3.4)– net/bits on net (1.2.3.0/24)– any IP (0/0 or empty)

• Defines the rules how to treat the traffic coming from GPRS targeted to LAN• Action

– NO RULE - rule is disabled– ACCEPT - data is accepted– DROP - data is discharded

• Protocol– ANY - Checks the IP address only– TCP - Protocol must be TCP– UDP - Protocol must be UDP– ICMP - Protocol must be ICMP

• From IP– The source address of packet

• Destination IP– The destination address of packet

• Destination port– The destination port (TCP,UDP) or ICMP type of packet

LAN to GPRS

• IP Address syntax– single IP address format (1.2.3.4)– net/bits on net (1.2.3.0/24)– any IP (0/0 or empty)

• This firewall section is useful for accepting only wanted data to enter GPRS network

• Defines the rules how to treat the traffic coming from LAN targeted to GPRS• Action

– NO RULE - rule is disabled– ACCEPT - data is accepted– DROP - data is discharded

• Protocol– ANY - Checks the IP address only– TCP - Protocol must be TCP– UDP - Protocol must be UDP– ICMP - Protocol must be ICMP

• From IP– The source address of packet

• Destination IP– The destination address of packet

• Destination port– The destination port (TCP,UDP) or ICMP type of packet

Common firewall problems• GPRS to Arctic firewall disables TCP port 22 (SSH),

Telnet (23) or 80 HTTP and therefore makes it impossible to access Arctic configuration from GPRS.– Solution: SMS config or Dial-in still provides access

• Violating the "from top to bottom" rule processing principle causes different operation than required

ServicesWireless

SolutionsIndustry

Services menu

WWW Server Settings

• NOTE– Disabling WEB Server or WEB Configuration access makes it impossible to

turn them back by using WEB browser– Consider do you need to disable WWW or block access to it from GPRS by

using GPRS to Arctic firewall– For enabling them again command line interface must be used

• WEB Server– Enable to allow Arctic WEB server run on

TCP port 80• WEB Configuration Access

– Enable to allow Arctic configuration by using WEB browser

• Both settings are enabled by default

Telnet Server Settings

• NOTE– Disabling Telnet server makes it impossible to turn them back by using Telnet– Consider do you need to disable Telnet totally or block access to it from GPRS

by using GPRS to Arctic firewall– For enabling Telnet again use WEB browser or SSH or command line

• Telnet server– Enable to allow Arctic Telnet server run on

TCP port 23• Telnet server is required to configure Arctic

remotely with Telnet command line interface

• Telnet server is enabled by default

SSH Server Settings

• NOTE– Disabling SSH server makes it impossible to turn them back by using SSH– Consider do you need to disable SSH totally or block access to it from GPRS

by using GPRS to Arctic firewall– For enabling SSH again use WEB browser or Telnet or command line

• SSH server– Enable to allow Arctic SSH server run on

TCP port 22• SSH server is required to configure Arctic

remotely with SSH command line interface• SSH server is enabled by default

DHCP Server• Arctic has built-in DHCP server for allocating Ethernet

configuration for Ethernet devices– IP address, netmask, default gateway, DNS server etc.

• The Ethernet devices must have standard DHCP client– available on any PC operating system

• There should be only one DHCP server on Ethernet LAN

• The IP addresses allocated by DHCP server should not be used on manual configurations– prevents multiple devices having same IP address on LAN

• DHCP server is disabled by defaultGive me IP address and other network information

Here you are 172.16.8.80

Data from 172.16.8.80

DHCP Server Settings

• NTP server (optional)– Network Time Protocol server IP address to

give for DHCP clients• LPR server (optional)

– Print server IP address to give for DHCP clients • WINS server (optional)

– WINS server IP address to give for DHCP clients

• DHCP Server– Enable to allow Arctic DHCP server

• Subnet (mandatory)– Defines the subnet where DHCP server listens for

requests– Must be same as the subnet of Arctic Ethernet interface– The subnet means the network part of IP address

• Netmask (mandatory)– Netmask for Ethernet interface

• Address range to share (mandatory)– Defines the lP address range DHCP allocates for clients

• Subnet mask (optional)– Subnet mask to give for DHCP clients

• Domain name (optional)– Domain name to give for DHCP clients

• DNS servers (optional)– DNS server IP address to give for DHCP clients

• Default gateway (optional)– Default gateway IP address to give for DHCP Clients– Usually the Ethernet IP address of Arctic

• Broadcast address (optional)– Broadcast address to give for DHCP clients

• Default lease time (optional)– How many seconds the given IP address is valid by

default– The DHCP client can request different lease time

• Max lease time (optional)– The maximum lease time allowed

Tools

Wireless

SolutionsIndustry

Debug information

Console• Allows Linux shell commands to be executed from WEB

user interface• Suggested use is only for monitoring, not configuring

– uptime, ps, ifconfig, df, cat, etc.

System log• Provides the information of Arctic system log• Useful for debugging problems

Recent events• Provides recent events from system log

Modem info• Provides information about GPRS modem and GPRS

network

Send SMS• Sending SMS from Arctic by using WEB interface• Useful for solving the GSM phone number of SIM card

Default settings• Overwrites Arctic current settings with default ones• Hostname and Ethernet settings remain unchanged• Also from command line

– /etc/defaults/setdef.sh

• NOTE! It is not possible to revert back to old settings!