Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

AttributesFunction
Object TypeMulti-Home 
Parent(s)System → Networks → EtherPort 
InstanceMust be 0
PropertiesValues
IP Homes

Click the Edit Table button to edit the list of Multi-Home addresses.

Network Card IP – Enter the additional IP address to be used, in dotted notation (do not include the primary IP address defined in the Ethernet object). Subnet Mask – Enter the Subnet Mask to be associated with this IP address, in dotted notation. Default Gateway – Enter the Default Gateway to be used with this IP address, in dotted notation.

...

AttributesFunction
Object TypeDHCP Server 
Parent(s)System → Networks → EtherPort 
InstanceMust be 0
PropertiesValues
LAN Interface Name

Enter the Linux interface name of the Ethernet port on which to run the DHCP server. 

LAN Subnet AddressEnter the subnet address of the subnet that should be served to clients as part of the DHCP information, in dotted notation. Subnet address should follow normal IP rules (for instance, on a 192.3.1.x network with 255.255.255.0 subnet mask, the subnet address would be 192.3.1.0). 
LAN Subnet MaskEnter the subnet mask of the subnet that should be served to clients, in dotted notation. 
Served Address  Range Start IP Enter the starting IP address that should be served to clients, in dotted notation.
Served Address  Range End IPEnter the ending IP address that should be served to clients, in dotted notation. The range of addresses between the Start IP and End IP determines how many DHCP clients be supported simultaneously on the interface. 
Served Default GatewayEnter the address of the Default Gateway to be served to DHCP clients, in dotted notation.
Served Domain NamEnter the domain name to be served to DHCP clients (must be from 1 to 64 characters). 
Served DNS Server  PrimaryEnter the address that will be served to DHCP clients as their primary DNS server, in dotted notation. 
Served DNS Server  Secondary Enter the address that will be served to DHCP clients as their secondary DNS server, in dotted notation.
Served Broadcast AddressEnter the address that will be served to DHCP clients as the broadcast IP. The broadcast IP should follow normal IP rules (for instance, on a 192.3.1.x network with 255.255.255.0 subnet mask, the broadcast IP address would be 192.3.1.255). 
Lease Time-DefaultEnter default lease time, in seconds
Lease Time-MaxEnter the maximum lease time, in seconds. 
Authoritative

Select whether or not to make this DHCP Server "authoritative."

Setting this to "No" means that if a client requests an address that the server knows nothing about and the address is incorrect for that network segment, the server will not send a DHCPNAK (which tells the client it should stop using the address.) Setting this to "Yes" will send a DHCPNAK in this case, to force the client to stop using the incorrect address on the network and immediately request a new address.

...

AttributesFunction
Object TypeAsyncPort 
Parent(s)System → Networks
Instance

Enter a unique instance number between 0 and 127.

When configuring physical serial ports, the instance number must match the COM port number in the Linux system. 

For RediGate 1xx series, you must use instance 2 for COM2.

For built-in Zeus processor ports, use instance numbers 0 through 3 for COM0-COM3 (Linux /dev/ttyS0 through /dev/ttyS3).

For the AIM104-COM8 expansion card, use instance numbers 4 through 11 for COM4-COM11 (Linux /dev/ttyS4 through /dev/ttyS11).

To configure virtual serial ports, see the section Virtual Ports. 

...

AttributesFunction
Object TypeAsyncPort 
Parent(s)System → Networks 
Instance

Enter a unique instance number between 0 and 127

Virtual Ports must be added in pairs, using instance numbers: 52 & 53, 54 & 55, up to 66 & 67 

...

AttributesFunction
Object TypeCellModem 
Parent(s)System → Networks 
Instance

Enter a unique instance number between 0 and 18. 

Instance #0 is the configuration for the numbered interface, such as 'ppp0. 

...

AttributesFunction
Object Type Port73b_AT-CMDs, Port75b_AT-CMDs_GPS-HE910, Port77b_GPS-DE910 
Parent(s)System → Networks → Cell Modem 
Instance

Instance number for each port must be 0.

The ACE template is built so that each of these objects creates the appropriate AsyncPort filename: port073, port075, port077 

...

AttributesFunction
Object TypeAT_Commands 
Parent(s)System → Networks → Cell Modem 
Instance

Always 0

PropertiesValues (Port 77)
 PropertiesValues Timeout Msec

Enter the timeout (in milliseconds) to wait for modem response to AT command. 

AT CmdsThis table defines any user-configured AT commands to be queried regularly
RTDB MapEnter one or more rows in the AT Cmds table to use this feature
AT Command

Enter the AT command string to send to the modem, or a single uppercase character 'C'. The AT string must be a command that is recognized by the modem model being used. 

If the command returns several different values to be parsed, the 'C' indicates a continuation row. This allows the response from a previous command to be skipped or parsed according to different rules, as described in the remaining properties, below. 

Conversion

Select the type of conversion to use when parsing the command response from the modem.

  • SINT16 – Store value(s) as 16-bit signed integer
  • SINT32 – Store value(s) as 32-bit signed integer
  • SINT32 – Store value(s) as 64-bit signed integer
  • REAL32 – Store value(s) as 32-bit floating point
  • STRING-32 – Store parsed parameter(s) as a 32-character string. The Count refers to the number of comma-separated strings.
  • STRING-256 – Store the entire remainder of the AT command response into a STRING-256 register. The Count field is ignored.
  • SKIP – Discard one or more comma-separated parameters from the AT command response, based on Count. 


Use the following GPS conversion options with the "AT$GPSACP" command, which returns GPS data from the modem in the format (the Count column is ignored):

$GPSACP: 214127.000,3853.5898N,09447.4488W,0.9,315.4,3,0.0,0.0,0.0,310715,07

  • GPS REAL32 – Store each comma-delimited parameter of the $GPSACP command into thirteen REAL32 registers verbatim, as:
  1. UTC time as hhmmss.sss (e.g. 214127.000=9:41:27 PM)
  2. Latitude as DDMM.mmmm (e.g. 3853.5898)

  3. Latitude direction, N=78, S=83

  4. Longitude as DDDMM.mmmm (e.g. 09447.4488)

  5. Longitude direction, W=87, E=69

  6. HDOP/Horizontal dilution of precision (e.g. 0.9)

  7. Altitude, meters above mean sea level (e.g. 315.4)

  8. Fix, 0=No fix, 2=2D fix, 3=3D fix

  9. Course over ground, as degrees (ddd.mm)

  10. Speed over ground (Km/hr)

  11. Speed over ground (knots)

  12. Date of Fix, as ddmmyy (e.g. 310715=July 31, 2015)

  13. Total number of satellites in use (0 to 12)

  • GPS Set Clock – Use the time and date returned in the $GPSACP command to set the real-time clock of the RediGate.
  • GPS DDMM.mm to De.gree – Store each comma-delimited parameter of the $GPSACP command into thirteen REAL32 registers (ignore Count). The latitude/longitude values are converted from their normal degree.minute(DDMM.mm) format into degrees. Values are the same as above, except Latitude and Longitude:

2. Latitude as ±dddd.dddd (positive=north, negative=south) 4. Longitude as ±dddd.dddd (positive=east, negative=west)

  • GPS Set Clock, to De.gree – This option combines the previous two options: convert degree/minute/second to degrees and set the real-time clock. 
ChannelEnter the Master Channel number of the destination RTDB. 
RTUEnter the Field Unit address of the destination RTDB. 
RTDB DestEnter the starting numeric register address of the destination RTDB into which data from this command will be stored. The RTDB addresses must be defined and must be of the correct data type. 
CountEnter the number of data entities of the same 'Conversion' type to parse sequentially. If the response to an AT command includes multiple values of different types, these must be handled on separate rows in the table, with the Count appropriate for each row.
CommentOptional column, allowing a descriptive comment to be entered for each row in the table. The Comment field is unused in the configuration.

...

AttributesFunction
Object TypeFirewall 
Parent(s)System → Networks
Instance

Must be 0. 

The Comment column used in various tables allows a descriptive comment to be entered for each row in the table. The Comment field is unused in the configuration.

...

AttributesFunction
Object TypeRoutes 
Parent(s)System → Networks → EtherPort
Instance

Must be 0. 

PropertiesValues
Route TableClick the Edit Table button to edit the list of Multi-Home addresses.
Destination AddressEnter an IP address in the range of addresses defined in this route entry, typically the first one in the range. When defining a Default Gateway, it must appear in the first row and have the Destination Address and Net Mask set to 0.0.0.0. Also make sure that no other Default Gateway is used for other interfaces in the configuration, including those obtained through DHCP.
Net Mask 

The Subnet Mask defines the range of addresses to be defined by this route entry. If defining the Default Gateway (first row of table only), this must be set to 0.0.0.0.

Gateway 

Enter the IP address to use as the Default Gateway for addresses defined in this route entry. 

If the first row in the Routes table is defined as a Gateway of 0.0.0.0, it is treated as the Default Gateway for the system (overriding a Default Gateway setting in Ethernet objects). Set the Gateway to an address other than 0.0.0.0 to define a specific route definition.

OR, you can define a route based on the interface rather than a specific IP address. To do this, set the Metric to one of several specially designated values (90, 91, 100, 101, etc.), as described below. In this case, the Gateway property may be set to 0.0.0.0 to omit the 'gw' field in the Linux route command.

Note that when defining the Gateway property (other than 0.0.0.0), the address of the gateway must be reachable via the networking defined in other ACE objects for the specified interface. 

InterfaceEnter the text identifier of the network interface to use for the addresses appearing in this route. Note: This is case-sensitive. For instance, if the route entry specifies an address range on the Ethernet network, and the Ethernet object is configured with "Ether1" for its Domain Name, then "Ether1" must be entered as the Interface here. 
MetricThe Metric indicates the relative priority when two routes might be used to reach the same network address. The Metric with the lower number will be given priority. OR, use the following specially designated values in the Metric field to set up a static route based on interface name rather than IP address: Use Metric of 90 to use the 'ppp0' interface (91=ppp1, 92=ppp2, etc.) Use Metric of 100 to use the 'eth0' interface (101=eth1, 102=eth2, etc.) With these designations, the Linux interface name is used in the 'route' entry instead of IP addresses.
CommentOptional column, allowing a descriptive comment to be entered for each row in the table. The Comment field is unused in the configuration.

...

AttributesFunction
Object TypeTLS Tunnels
Parent(s)System → Networks
Instance

Must be 0. 

The following parameters are used to create the stunnel configuration file, located at /etc/stunnel/stunnel.conf. 

PropertiesValues
TLS VersionSelect the version of TLS or SSL protocol to use. TLS protocol versions are more secure than SSL. Select "all" to allow the client and server to negotiate the protocol. 
CompressionSelet the type of data compression to use  Select 'none', 'zlib', or 'rle'. 
Verify CertificateSelect whether (and how) to use certificate verification for authentication to an TLS/SSL server. A security certificate is optional for a client but required on a server. The number after the option indicates the "verify=" stunnel value: NO certificate verification ALWAYS require peer cert (2) Request and ignore peer cert (0) Validate only if cert is present (1) Verify peer with locally installed cert (3) Ignore CA chain & only verify peer cert (4) 
Certificate FileIf the Verify Certificate option has been selected to employ certificate authentication, identify the location on the Linux file system containing the certificate chain PEM file. If used, this property must begin with "cert = ". NOTE: If no certificate is to be used, this field must be disabled, either by adding a semicolon at the beginning ("; cert = ") or by clearing the property value entirely. Otherwise, the TLS/SSL connection will fail. The certificate file must be obtained from an appropriate certificate authority containing credentials for this device, which are also known by the TLS/SSL server. The certificate file must be put on the device in the specified location, and must be in PEM format. 
Key File

If the Verify Certificate option has been selected to employ certificate authentication, identify the location on the Linux file system containing the private key assocated with the certificate. If used, this property must begin with "key = ".

NOTE: If no certificate is to be used, this field must be disabled, either by adding a semicolon at the beginning ("; key = ") or by clearing the property value entirely. Otherwise, the TLS/SSL connection will fail. The key file is typically created along with the certificate and must be put on the device in the specified location, and must be in PEM format. 

CA FileIf the TLS/SSL server's certificate must be validated with a Certificate Authority before connecting to it, a file identifying the CA must be stored on the Linux file system. If used, this property must begin with "CAfile = " (case-sensitive). The CA file must be in PEM format. 
CRL PathIf using a Certificate Revocation List file(s) to confirm the validity of the server's certificate, this property is used to identify the directory on the Linux file system where the CRL file(s) will be stored Only two options are available: none /etc/stunnel/crls If using CRL files, they must be stored in the above directory in PEM format. 
Connect TimeoutSelect the amount of time to wait for a TLS/SSL connection to be established. Default selection is 10 seconds. 
Idle TimeoutSelect the amount of time to keep an idle connection open when there is no data transmitted. Default selection is 1 hour. 
Busy TimeoutSelect the amount of time to wait for expected data in case of a busy network. Default selection is 5 minutes. 
FIPS modeSelect whether to use FIPS 140-2 encryption mode. Default is no. (FIPS mode is not currently supported.)
Cipher ListEnter a list of encryption ciphers to allow for the TLS/SSL connection. This property must begin with "ciphers = " and must contain some criteria for the list of ciphers to include or exclude. Use a colon ((smile) to separate cipher names or criteria. (This property is not required and may be disabled by adding a semicolon before "ciphers" or by clearing the property entirely.) Example: ciphers = !SSLv3:DH+AES:ECDH:-AES128 
In Linux, the ciphers available in the system may be listed using the command: openssl ciphers -v or (for example): openssl ciphers -v '!SSLv3:DH+AES:ECDH:-AES128' The openssl command lists ciphers of various strengths, including those used by SSL or TLS protocol versions. In order to ensure more robust encryption, the list may be filtered to allow only more secure ciphers. In the above example, "!SSLv3" excludes all ciphers used with the older SSLv3. "DH+AES" includes ciphers that use DH or AES, but excludes those using RSA. "ECDH" includes protocols that use ECDH. "-AES128" filters the list of whatever ciphers may have been included in the previous list by excluding those which use AES with 128-bit encryption, but allows those with 256-bit or better. Consult 'openssl' documentation for further information. 
RenegotiationSelect whether to support connection renegotiation. 
Delay DNSSelect whether to delay DNS lookup until connection. 
Debug LevelSelect the debugging level for TLS/SSL diagnostics The default level is 5 (notice). Use level 7 for a greater quantity of diagnostic messages in the Log File to troubleshoot connection problems. 
Log FileThis property is hard-coded and indicates where the TLS/SSL debug messages may be found. Only option is /var/log/messages 
Socket option 1Sets TCP socket options for the connection. This is an optional field, but if used for socket options it must begin with "socket = ". See stunnel documentation for further information. Default value is "socket = l:TCP_NODELAY=1" 
Socket option 2Sets TCP socket options for the connection. This is an optional field, but if used for socket options it must begin with "socket = ". See stunnel documentation for further information. Default value is "socket = r:TCP_NODELAY=1" 
PIDName of PID file used by Linux for the TLS/SSL process. This option is hard-coded to /var/run/stunnel.pid 
PIDName of PID file used by Linux for the TLS/SSL process. This option is hard-coded to /var/run/stunnel.pid 
Param 1Additional (optional) stunnel parameters. If used, these fields must be
Param 2Formatted as proper 'stunnel' configuration options and will be placed
Param 3verbatim in the stunnel.conf Linux configuration file. 
Client ModeChoose whether to use client mode for the TLS/SSL connection. In Client Mode, this will listen for a local (non-secure) connection to be made to its listener port, and then initiate a connection to a remote server. If set to Server Mode, this will operate as a TLS/SSL server, waiting for a connection to be made to it from another secure client. 
STUNNEL  ParametersIn the STUNNEL Parameters field, enter a series of properties that are used to define one or more TLS/SSL tunnel between a non-secure and a secure port connection. 
Tunnel NameEnter a unique logical name of the stunnel service (limited to 16 characters) for each tunnel being defined. 
Accept Connection Enter a string that defines the port which will receive the connection, and an optional IP address. Some examples of port or "IP:port" are given below: 443 127.0.0.2:1883 192.168.1.2:3040 
Connect ToEnter a string that defines the address and IP port to which a connection will be made after receiving a socket on the "Accept Connection" port. The address being connected to must be accessible using the system's DNS and routing rules. Some examples are: 10.1.2.1:443 xyz.com:20000 127.0.0.3:3040

DNS Client

The DNS Client object is used to manually configure DNS entries into the Linux resolv.conf file.

AttributesFunction
Object TypeDNS Client 
Parent(s)System → Networks
Instance

Must be 0. 

PropertiesValues
DNS Server #1-6Enter up to 6 DNS server addresses to use for resolving named servers, in dotted notation. DNS addresses should be entered consecutively starting with #1. Any entries after a 0.0.0.0 entry will be ignored. 
Search(optional) Enter a search string to use in the Linux 'resolv.conf" for the DNS host name lookup

...

AttributesFunction
Object TypeQuagga, RIP_Quagga
Parent(s)System → Networks
Instance

Must be 0. 

VLAN

The VLAN object effectively subdivides an Ethernet port into multiple virtual LAN ports and adds 802.1Q VLAN tagging bytes to the TCP/IP network packet data. This feature must be used in conjunction with an external router or switch supporting VLAN tagging.

...

AttributesFunction
Object TypeVLAN
Parent(s)System → Networks
Instance

Must be 0. 

Must be 0.
PropertiesValues
VLAN Table

In the VLAN Table field, add a table row for every VLAN to be defined. 

Physical Device – Select the physical LAN device to be divided into VLANs, such as eth0 (corresponding to EtherPort object with instance 0). In Linux, the original network interface will be renamed (e.g., eth0 will be renamed to eth0_base) unless the VLAN_ID is 0.

If the interface is renamed to "eth?_base", the IP address settings configured in ACE for that physical device are not used. However, the instance of the physical port still must be defined in order to give Linux a network interface that can be divided into VLANs. 

New Device Name – Select the Virtual LAN device to associate with the Physical Device selected (above). The IP settings for this VLAN device will be taken from the EtherPort object with the corresponding instance number. 

VLAN ID – Enter the numeric VLAN ID to use fo

Parent(s)System → Networks
Instance

 

 

PPP Port

The PPP port configuration defines the physical PPP (Point-to-Point Protocol) connections. PPP is a serial IP connection that is used for some dial-out or dial-in applications. (For an Elecsys E-Modem, use the Cell Modem object instead of this generic PPP object.)

AttributesFunction
Object TypePPPport
Parent(s)System → Networks
Instance

Must be 0. This defines the interface as 'ppp0'.

The instance number is the next consecutive number, starting from zero. Instance #0 is the configuration for the 'ppp0' interface. There is no correlation between PPP instance number and the physical COM port to which it will be attached. 

...

AttributesFunction
Object TypePSTN
Parent(s)System → Networks → PPPport
InstanceMust be 0
PropertiesValues
Initialize StringEnter text for an AT command to be sent to the modem upon initialization.
Consult modem manual for initialization parameters. Do not include the phone number to dial here. Multiple AT command strings can be sent if separated by "\r". If additional initialization characters are needed, terminate this field with backslash ("\") and continue the string in the Init String 2 field. 
Dial StringEnter the AT string with the phone number to dial (0 to 31 characters). 
Spaces and dashes will have no effect. Use a comma to insert a pause of 1 second. Be sure to include 9 for an outside line if necessary, and the full number including 1 for long distance, and area code. 
Init String 2Continuation of Init String, if last character is \. Otherwise this is ignored. 
Prompt 1Enter text that will be returned by the server for an input prompt.
Often this will be the word "Login", prompting the user to enter a username.
The string is case sensitive, so it is recommended to leave off the initial "L" since some servers will return "login" and others "Login:" etc. 
Response 1Enter text to be sent to the server in response to the Prompt 1.
This is case sensitive and should typically be the user name allowed by the server, if Prompt 1 is a login prompt. 
Prompt 2Enter text that will be returned by the server for a second input prompt.
Often this will be the word "Password", prompting the user to enter a username. The string is case sensitive, so it is recommended to leave off the initial "P". 
Response 2Enter text to be sent to the server in response to the Prompt 2.
This is case sensitive. 
Prompt 3Enter text that will be returned by the server for a third input prompt.
The string is case sensitive. Any of the Prompt and Response parameters can be left blank if not required by the dial-in server. 
Response 3Enter text to be sent to the server in response to the Prompt 3.
This is case sensitive. 
Master Network 
TimeToLive
Enter the Time to Live (in seconds) for this connection (1 to 86400). 
The Time to Live is the amount to keep the session alive without data traffic before closing the connection.
The TimeToLive allows the connection to be closed after a period of silence. However, the PPP TimeToDie property will force the PPP connection closed automatically regardless of data traffic. 
Connect Retry CountEnter the number of retry attempts to dial-in to the server.

...

AttributesFunction
Object TypePppAuth
Parent(s)System → Networks → PPPport
InstanceMust be 0
PropertiesValues
Authentication TypeSelect the type of PPP Authentication required by the PPP network.
Authentication types are:
PAP Authentication
CHAP Authentication 
User NameEnter the user name required by the PPP server PAP or CHAP authentication.
User Name is case sensitive. 
PasswordEnter the password required by the PPP server PAP or CHAP authentication.
Password is case sensitive. 
Authentication TriesEnter the number of times to attempt authentication. 
Authentication 
Timeout
Enter the timeout (in seconds) to wait for confirmation of each authentication attempt.

...

AttributesFunction
Object TypeHostDialBackup 
Parent(s)System → Networks
InstanceMust be 0
PropertiesValues
Primary Connection Network

Select the network interface through which the HCP should make the primary connection.

Ethernet 0 uses the primary IP network address configured in the Ethernet object (instance 0). Slip 0 and Slip 1 options are currently unused. PPP 0 uses the IP network address configured in PPP object 0. PPP 1 uses the IP network address configured in PPP object 1.

Secondary Connection NetworkSelect the network interface to which the HCP should make a secondary connection whenever the primary connection is unavailable. The same options are selected as for the Primary network. Select "No Secondary Connection" if there is only a single IP address/network to which the HCP can connect. 
Time to Fail  to SecondaryEnter the time (in seconds) before the HCP should attempt to make connection to the Secondary network address, after losing connection on the Primary network. This is ignored if no Secondary connection is defined. 
Time to Stay on SecondaryEnter the time (in seconds) before the HCP should attempt to make connection to the Secondary network address, after losing connection on the Primary network. This is ignored if no Secondary connection is defined. 
Secondary Idle  TimeEnter the time (in seconds) after disconnecting from the Secondary network address before reconnecting to the Secondary, if the Primary network is still unavailable. This option may be used to reduce long distance charges by dialing the Secondary network infrequently during a long outage of the Primary network. For instance, the HCP might connect via dial-up PSTN line once or twice an hour to get critical data updates and then disconnect. 
Startup Auto/Man

Select the default failover behavior for HCP connections.

Automatic – On startup, the HCP will automatically switch between Primary and Secondary connection paths Manual – On startup, the HCP will wait for an operator to manually switch from the Primary to the Secondary connection. This is the default setting for the connection upon first starting the HCP. The Auto/Manual setting for each RediGate can be overridden in the HCP user console at any time.

...

AttributesFunction
Object TypeSecondarySlaveTest  
Parent(s)System → Networks → HostDialBackup
InstanceMust be 0
PropertiesValues
Primary Connection Network

Select the network interface through which the HCP should make the primary connection.

Ethernet 0 uses the primary IP network address configured in the Ethernet object (instance 0). Slip 0 and Slip 1 options are currently unused. PPP 0 uses the IP network address configured in PPP object 0. PPP 1 uses the IP network address configured in PPP object 1.

Connect Port Enter the IP port of the Modbus slave on this unit to use for Modbus communication. This feature requires that a network Modbus slave be configured on the RediGate (encapsulated Modbus, not Open Modbus/TCP). 
Test TriesEnter the number of tries to read or write Modbus data to the device when secondary route testing is performed. 
Test DaySelect the day of the week on which to initiate Secondary Slave testing. Select the day, or "Never" to disable the test. 
Slave Virtual Unit Enter the Modbus slave device address. 
Write Addressnter the starting register address to use for writing data. Starting address should be a 40xxx register. 
Write Num  RegistersEnter the number of registers to write, or 0 to disable the write test. 
Read Address Enter the starting register address to use for reading data. 
Read Num  RegistersEnter the number of registers to read, or 0 to disable the read test.
Response TimeoutEnter the number of seconds to wait for slave read or write response.

...