Moxa EDR-810 User Manual

Industrial Secure Router User’s Manual Second Edition, August 2013 www.moxa.com/product © 2013 Moxa Inc. All rights reserved. Reproduction without pe

Industrial Secure Router User's Manual Getting Started 2-4 the form 192.168.xxx.xxx. On the other hand, if your PC host’s subnet mask is 255.25

Industrial Secure Router User's Manual Firewall 8-2 Policy Concept A firewall device is commonly used to provide secure traffic control over an

Industrial Secure Router User's Manual Firewall 8-3 Enable Setting Description Factory Default Enable or Disable Enable or disable the sele

Industrial Secure Router User's Manual Firewall 8-4 Destination IP Setting Description Factory Default All (IP Address) This Firewall Policy

Industrial Secure Router User's Manual Firewall 8-5 detailed description EtherType Setting Description Factory Default 0x0600 to 0xFFFF When

Industrial Secure Router User's Manual Firewall 8-6 Quick Automation Profile Ethernet Fieldbus protocols are popular in industrial automation a

Industrial Secure Router User's Manual Firewall 8-7 Modbus TCP/IP (TCP) 502 Modbus TCP/IP (UDP) 502 PROFInet RT Unicast (TCP) 34962 PROFInet

Industrial Secure Router User's Manual Firewall 8-8 Policy Check The Industrial Secure Router supports a PolicyCheck function for maintainin

Industrial Secure Router User's Manual Firewall 8-9 Include: Policy [X] is included in Policy [Y] The Source/Destination IP range or Source/Des

Industrial Secure Router User's Manual Firewall 8-10 Modbus TCP Policy Modbus TCP is a Modbus protocol used for communications over TCP/IP netw

Industrial Secure Router User's Manual Firewall 8-11 Enable/Disable Modbus Policy Setting Description Factory Default Enable or Disable Enab

Industrial Secure Router User's Manual Getting Started 2-5 2. The web login page will open. Select the login account (Admin or User) and enter

Industrial Secure Router User's Manual Firewall 8-12 Destination IP Setting Description Factory Default All (IP Address) This Modbus policy

Industrial Secure Router User's Manual Firewall 8-13 Denial of Service (DoS) Defense The Industrial Secure Router provides 9 different DoS func

Industrial Secure Router User's Manual Firewall 8-14

9 9. Virtual Private Network (VPN) The following topics are covered in this chapter:  Overview  IPSec Configuration  Global Settings  IPSec

Industrial Secure Router User's Manual Virtual Private Network (VPN) 9-2 Overview In this section we describe how to use the Industrial Secure

Industrial Secure Router User's Manual Virtual Private Network (VPN) 9-3 All IPSec Connection Users can Enable or Disable all VPN services with

Industrial Secure Router User's Manual Virtual Private Network (VPN) 9-4 Name of VPN Tunnel Setting Description Factory Default Max. of 16 ch

Industrial Secure Router User's Manual Virtual Private Network (VPN) 9-5 ID ID for indentifying the VPN tunnel connection. The Local ID must

Industrial Secure Router User's Manual Virtual Private Network (VPN) 9-6 MD5 SHA1 SHA256 DH Group Setting Description Factory Default DH1(m

Industrial Secure Router User's Manual Virtual Private Network (VPN) 9-7 AES-128 AES-192 AES-256 Hash Algorithm Setting Description Facto

3 3. EDR-810 Series Features and Functions In this chapter, we explain how to access the Industrial Secure Router’s configuration options, perform m

Industrial Secure Router User's Manual Virtual Private Network (VPN) 9-8 1. Root Certificate generation. Both EDR-G903(A) and EDR-G903(B) need

Industrial Secure Router User's Manual Virtual Private Network (VPN) 9-9 NOTE The default setting for Certificate Day is 0, which means that th

Industrial Secure Router User's Manual Virtual Private Network (VPN) 9-10 Remote Certificate Upload Upload the .crt Remote certificate on this

Industrial Secure Router User's Manual Virtual Private Network (VPN) 9-11 Login User Name Setting Description Factory Default Max. to xx char

Industrial Secure Router User's Manual Virtual Private Network (VPN) 9-12 L2TP for Remote User Maintenance The following example shows how a Ro

10 10. Diagnosis The Industrial Secure Router provides Ping tools and LLDP for administrators to diagnose network systems. The following topics are

Industrial Secure Router User's Manual Diagnosis 10-2 Ping The Ping function uses the ping command to give users a simple but powerful tool fo

Industrial Secure Router User's Manual Diagnosis 10-3 LLDT Table Port: The port number that connects to the neighbor device. Neighbor ID: A uni

A A. MIB Groups The Industrial Secure Router comes with built-in SNMP (Simple Network Management Protocol) agent software that supports cold start t

Industrial Secure Router User's Manual MIB Groups A-2 The Industrial Secure Router also provides a MIB file, located in the file “Moxa-EDRG903-

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-2 Quick Setting Profile The EDR-810 series supports WAN Routing

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-3 Step 3: Configure the WAN port type Configure the WAN port typ

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-4 Static IP PPPoE Step 4: Enable services Check Enable DHCP Se

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-5 Step 5: Activate the settings Click the Activate button. NOTE

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-6 User Account The Moxa industrial secure router supports the ma

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-7 Create New Account Input the user name, password and assign th

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-8 Date and Time The Moxa industrial secure router has a time cal

Industrial Secure Router User’s Manual The software described in this manual is furnished under a license agreement and may be used only in accordance

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-9 Start Date Setting Description Factory Default User-specifie

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-10 System Event Settings System Events are related to the overal

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-11 Port Event Settings Port Events are related to the activity o

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-12 Max. of 30 characters You can set up to 4 email addresses to

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-13 When relay warning triggered by either system or port events,

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-14 If the user enables the SettingCheck function with the Access

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-15 TFTP Server IP/Name Setting Description Factory Default IP

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-16 Upgrade Firmware To import a firmware file into the Industria

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-17 Enable Setting Description Factory Default Checked Allows

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-18 Link Aggregation Link aggregation involves grouping links int

Table of Contents 1. Introduction ...

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-19 Step 1: Select the desired Trunk Group Step 2: Select the de

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-20 Port Mirroring Settings Setting Description Monitored Port

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-21 Benefits of VLANs The main benefit of VLANs is that they pro

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-22 802.1Q VLAN Settings Management VLAN ID Setting Description

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-23 Input multi port numbers in the “Port” column, and Port Type

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-24 • It makes efficient use of network bandwidth and scales wel

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-25 Snooping Mode Snooping Mode allows your industrial secure rou

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-26 IGMP Snooping IGMP Snooping provides the ability to prune mul

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-27 The information shown in the table includes: • Auto Learned

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-28 Join Port Setting Description Factory Default Select/Desele

SettingCheck ... 4-8 System

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-29 inspecting 802.1p CoS tags in the MAC frame to determine the

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-30 ToS/DSCP Mapping ToS (DSCP) Value and Priority Queues Settin

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-31 Limit Broadcast, Multicast, Flooded Unicast Limit Broadcast,

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-32 Interface WAN VLAN ID Moxa Industrial Secure Router’s WAN in

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-33 User Name Setting Description Factory Default Max. 30 Chara

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-34 Detailed Explanation of Static IP Type Address Information I

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-35 Host Name Setting Description Factory Default Max. 30 chara

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-36 DHCP Server The Industrial Secure Router provides a DHCP (Dyn

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-37 NOTE 1. The DHCP Server is only available for LAN interfaces.

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-38 DNS Server Setting Description Factory Default IP Address

1 1. Introduction Welcome to the Moxa Industrial Secure Router series, the EDR-G902, EDR-G902, and EDR-810. The all-in-one Firewall/NAT/VPN secure r

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-39 ≥ 5min. The lease time of the connected device None Default

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-40 SNMP Versions Setting Description Factory Default Disable

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-41 Access Control Setting Description Factory Default Read/Wri

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-42 Security User Interface Management Enable MOXA Utility Setti

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-43 Authentication Certificate SSL Certificate Re-generate Setti

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-44 • Grant access to one host with a specific IP address For ex

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-45 Port Statistics Access the Monitor by selecting Monitor from

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-46 Event Log The Event Log Table displays the following inform

Industrial Secure Router User's Manual EDR-810 Series Features and Functions 3-47 NOTE The following events will be recorded into the Moxa indu

4 4. EDR-G902/G903 Series Features and Functions  Overview  Configuring Basic Settings  System Identification  Accessible IP  Password 

Industrial Secure Router User's Manual Introduction 1-2 Overview As the world’s network and information technology becomes more mature, the tre

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-2 Overview The Overview page is divided into three major p

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-3 Click More… at the top of the Recent 10 Event Log table

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-4 Maintainer Contact Info Setting Description Factory De

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-5 Allowable Hosts Input Format Ay host Disable 192.168.1

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-6 Account Setting Description Factory Default Admin “ad

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-7 Current Time Setting Description Factory Default User

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-8 SettingCheck SettingCheck is a safety function for indu

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-9 If the new configuration does not block the connection

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-10 System File Update—by Remote TFTP The EtherDevice Route

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-11 Log File Click Export to export the Log file of the Eth

2 2. Getting Started This chapter explains how to access the Industrial Secure Router for the first time. There are three ways to access the router:

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-12 Network Settings Mode Configuration Network Mode EtherD

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-13 WAN1 Configuration Connection Note that there are thre

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-14 Example: Suppose a remote user (IP: 10.10.10.10) wants

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-15 Gateway Setting Description Factory Default IP Addres

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-16 Connection Type Setting Description Factory Default S

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-17 DNS (Doman Name Server; optional setting for Dynamic I

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-18 Subnet Mask Setting Description Factory Default IP Ad

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-19 Using DMZ Mode A DMZ (demilitarized zone) is an isolate

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-20 LAN IP Configuration IP Address Setting Description F

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-21 WAN Backup Configuration Select Backup for the WAN2/DM

Industrial Secure Router User's Manual Getting Started 2-2 RS-232 Console Configuration (115200, None, 8, 1, VT100) NOTE Connection Caution! We

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-22 Monitor You can monitor statistics in real time from th

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-23 System Log The industrial secure router provides EventL

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions 4-24 DI transition (Off -> On) DI transition (On ->

5 5. Routing The following topics are covered in this chapter:  Unicast Routing  Static Routing  RIP (Routing Information Protocol)  Routing

Industrial Secure Router User's Manual Routing 5-2 Unicast Routing The Industrial Secure Router supports two routing methods: static routing an

Industrial Secure Router User's Manual Routing 5-3 Clickable Buttons Add For adding an entry to the Static Routing Table. Delete For removing s

Industrial Secure Router User's Manual Routing 5-4 RIP Interface Table (EDR-810 series only) Setting Description Factory Default Enable/Disab

6 6. Network Redundancy The following topics are covered in this chapter:  Layer 2 Redundant Protocols (EDR-810 series only)  Configuring STP/RS

Industrial Secure Router User's Manual Network Redundancy 6-2 Layer 2 Redundant Protocols (EDR-810 series only) Configuring STP/RSTP The follow

Industrial Secure Router User's Manual Network Redundancy 6-3 Hello time (sec.) Setting Description Factory Default Numerical value input by

Industrial Secure Router User's Manual Getting Started 2-3 4. Click the Terminal tab, select VT100 for Terminal Type, and then click OK to con

Industrial Secure Router User's Manual Network Redundancy 6-4 Configuring Turbo Ring V2 NOTE When using the Dual-Ring architecture, users must

Industrial Secure Router User's Manual Network Redundancy 6-5 Explanation of “Settings” Items Redundancy Protocol Setting Description Factory

Industrial Secure Router User's Manual Network Redundancy 6-6 Layer 3 Redundant Protocols VRRP Settings Virtual Router Redundancy Protocol (VR

7 7. Network Address Translation The following topics are covered in this chapter:  Network Address Translation (NAT)  NAT Concept  1-to-1 NAT

Industrial Secure Router User's Manual Network Address Translation 7-2 Network Address Translation (NAT) NAT Concept NAT (Network Address Trans

Industrial Secure Router User's Manual Network Address Translation 7-3 1-to-1 NAT Setting for EDR-G903 in Production Line 1 1-to-1 NAT Settin

Industrial Secure Router User's Manual Network Address Translation 7-4 IP Address Select the Internal IP address in LAN/DMZ network area None

Industrial Secure Router User's Manual Network Address Translation 7-5 Interface (N-1 mode) Setting Description Factory Default Auto WAN1 WAN

Industrial Secure Router User's Manual Network Address Translation 7-6 Enable/Disable NAT policy Setting Description Factory Default Enable

8 8. Firewall The following topics are covered in this chapter:  Policy Concept  Policy Overview  Policy Configuration  Layer 2 Policy Setup