QUICKSTART GUIDE FOR CDI CELLULAR STARTER KIT A softcopy of this document can be found in the Support Center of our website. http://www.commdevices.com/support-center/technical-manuals/ - PA100/200 Cell-QuickStart. Create a free support account to gain access to Manuals, Diagrams, Support video s, and more. July 2015 Version 1.1 NOTE: All devices are programmed with an APN, UserID, and Password to connect to the cellular network. This is configurable via a browser or via the OBM. If this data is entered incorrectly it will render the remote cell device unreachable. The OBM will pull this data out of an already configured device. Do not change this if the device is working properly.
Contents OVERVIEW... 2 OPERATION... 4 Browser Config:... 9 OBM Configuration... 10 The OBM can be loaded on a LAPTOP or server at the NOC..... 10 Run the OBM and Log onto the OBM... 11 Add a User:... 11 Add a NOC Client PA222:... 12 Create a Remote PA244:... 12 Connect to a Remote PA244:... 13 Generate Reports:... 13 Connect to a Device using PUTTY:... 14 More Information:... 14 This is a starter kit for CDI Secure Wireless OOB devices. AT ANYTIME M-F 7AM TO 6PM (GMT-5) YOU CAN CALL +1 973 334-0161 FOR HELP. We are happy to provide assistance. All manuals are available on our website support center http://www.commdevices.com/support-center/ A Free 30 minute personal online session with an engineer can also be scheduled through your sales contact, or our support ticket system, on the website. Page 2
OVERVIEW The product set has three major components. 1. NOC Client device i. The client device(s) is a hardware device installed at the NOC ii. The device has a network interface and a 1. A Cellular module for wireless installations iii. The client device is used to connect to remote devices. It establishes a secure hardware encrypted channel between the NOC and the remote site over a Cellular wireless connection. 2. Remote Device i. Each remote device can be scaled according to the number of devices being managed at that site (From 1 to 9) ii. The remote device has a network interface and 1. A Wireless module for cellular applications 2. Some number of serial ports (1-9) to connect to console ports on remote devices. 3. Some number of power control ports (1-9) to control power on those remote devices being accessed (power reboot). 3. Configuration Software i. These devices need to be configured using CDI s OBM (Out of Band Manager) software. This can be a desktop APP or installed on a server. The minimum usage for the server is to setup the initial security and communication s configuration. ii. The software can optionally be used to access the devices using the secure terminal capability of the software. We understand that many organizations already have procedures for secure terminal access (SSH) so those methods can be used also. Page 3
OPERATION You should have at least 2 CDI devices in the start kit. These devices are on a private cellular APN and will not connect directly to the internet or any other network. Both the PA100 series and the PA200 series operate the same so that any reference to a PA111, PA155, PA222, or PA244, will be the same for either series. THESE DEVICES ARE NOT CONNECTED TO THE CELLULAR INTERNET AND CAN ONLY BE REACHED BY ANOTHER DEVICE ON THE PRIVATE CELLULAR APN. This is done intentionally to protect Out of Band Access to your network elements. Because you are on a private APN, you need 2 devices. 1 configured as a CLIENT to get onto the APN, and one configured as a remote to receive the connection from the CLIENT. For security reasons we use a device at each end of the circuit. This provides end to end encryption of the session. It also allows you to jump onto the cellular VPN without having to bring the MPLS circuit into your NOC. For dial-out installations the NOC Client also provides the internal modem to interface to the Telco circuit. The device in the NOC is configured as a NOC-Client device. The device at the remote end is configured as a REMOTE device. We have preconfigured the two devices in the device authentication mode. This will allow you to SSH into the NOC Client device (PA222 or PA111) and then use the cellular network to make an encrypted session to the remote without having to enter credentials. The devices will authenticate to each other by passing a cryptographic key and will then go into AES 128 bit encryption. This will allow you to use the device without having to configure them with the OBM Manager. You can become familiar with the OBM after you get the device communicating. Page 4
The two devices have two network interfaces. A fixed Ethernet IP addressed port and a FIXED CELLULAR IP Address on the private APN. The cellular address is on a private APN network and therefore is not reachable via the internet. That is why a client is required to reach the remote. For large installations the private APN MPLS can be brought directly into your corporate network for direct access if desired. 1. The quickest way to make a secure connection. a. Connect the small 7 High Gain Cell Antennas provided into the MAIN connector. If a secondary Magnetic Mount extended diversity antenna is provided, then connect that to the secondary connector (the other SMA connector) and separate the antennas as much as possible. b. Plug the devices into proper power. c. Look at the front panel LED s d. The DTR or DTM LED should illuminate. And the RED LED should illuminate. The device needs to load its code and run tests. e. There should be some dialogue on the TX/RX led's f. The RI/CD LED should illuminate signifying the device has attached to a cellular tower. Without the RI/CD (on some units DCD) LED lit, there will be no cellular connection. Move the device near a window or use a signal amplifier to correct. If the RI/CD lights and then goes out quickly it usually means the APN is incorrect in the device. Contact CDI support. g. The device will then establish a PPP connection to the cellular network and the RED LED should go out. If this does not happen contact CDI support. h. The device is now ready for a remote TCP cell connection. i. Take a laptop and set it for 199.199.199.2 / 255.255.255.0 no gateway needed j. Connect a CAT5 cable from the laptop to the PA222/PA111 network interface. k. Ping 199.199.199.1 to confirm a connection. Clear the ARP table if you cannot see the device (arp- d) l. SSH to 199.199.199.1 m. Or Telnet to 199.199.199.1 10001 Page 5
You will be prompted to Login, Just hit returns until you get a menu n. The first SSH session can take a few seconds. o. Enter I2 ( The letter I as in India and the number 2) to access the cellular module here: p. Enter 2 ( the number two) to make a connection here: q. Enter the IP address of the remote cell device that you are connecting to. ( the Cell address is Located on the underside of the remote device marked CELL ADDRESS ). Ex: xxx.xxx.xxx.xxx the default port number is 10001 if needed ex: 10.64.0.2 10001 r. Shortly after you enter the IP address and hit return, you should see the cursor move as it receives a return, line feed, from the remote device. s. The two devices should go into a key transaction where you will see a few. dots on the screen until the key is exchanged. You will be prompted by a menu from the remote device. t. If the devices do not connect, please contact CDI support. Page 6
u. You will now see the menu from the remote device. v. Enter H1 to access the console port connect to host port 1 you are now directly connected to the serial console port of the device connected to H1. If you do not see any data, it may be because you did not connected a device to HOST1, the device is not powered up, or the cable is incorrect. w. ESC will always get you back to the main menu x. You will be prompted to type EXIT after an escape if you are connected to a host port Page 7
y. Enter P1 to power cycle a device. The menus will always work, however the actual function requires a power control module to power cycle the remote equipment. This will only work if you have a power control module connected to the device or you are using a PA244x with built in power control modules z. You can then go back to the host port H1 and see it power up Page 8
Browser Config: The default network IP addresses are 199.199.199.1 on each device. Using a browser you can change this address by browsing into the device @ 199.199.199.1. Change the IP address to one available on your network. The default credentials for the browser are UserID: Admin Password: Admin Page 9
OBM Configuration This section describes installing and configuring the OBM manager. A complete FREE video training series is located on our website in the support area. Just Login into the support area ( create a free account if you do not already have one) http://www.commdevices.com/support-center/ The go to the video section and select Support OBM Training http://www.commdevices.com/support-videos/category/8/ The OBM can be loaded on a LAPTOP or server at the NOC. The software is comprised of 4 parts. This is covered in the video: http://www.commdevices.com/support-video/21/ Page 10
1. Install the SQLexpress first MAKE SURE TO ENABLE THE SQL BROWSER WHEN GIVEN THE OPTION. For all others, just click OK at all prompts. 2. Install CDI database second it should see the database that SQLexpress created (default SQLexpress). 3. Install the APP server next. The App server is the interface between the database and the OBM GUI. Use localhost as the IP address of the APP server as it is probably on a DHCP machine. If this is a server with a FIXED IP address then use that address. 4. Install the OBM GUI last. Use localhost as the IP address of the APP server so the OBM can connect to it. The OBM GUI is the user interface into the database as well as the comms engine to the devices. a. if you are prompted for any licenses you can add them now or later once you get into the software. Run the OBM and Log onto the OBM i. Default username: administrator ii. Default password: administrator Add a User: This section is in video screencast form on our support site. http://www.commdevices.com/support-video/22/ Page 11
Add a NOC Client PA222: This section is in video screencast form on our support site. http://www.commdevices.com/support-video/23/ Create a Remote PA244: This section is in video screencast form on our support site. http://www.commdevices.com/support-video/24/ Page 12
Connect to a Remote PA244: This section is in video screencast form on our support site. http://www.commdevices.com/support-video/25/ Generate Reports: Click on the LOGS tab on the top of the screen Here you can generate several different kinds of reports. Page 13
Connect to a Device using PUTTY: http://www.commdevices.com/support-videos/category/8/page/2/ You can optionally connect to device using a standard SSH terminal like PUTTY. More Information: The support section of the website has a large amount of information on installing and operating our equipment. If you require any information that cannot be found on the support section then you can generate a trouble ticket that will get your question answered in a timely manner: Page 14