OpenGear ACM-5004-G

This device allows management of up to 4 devices using in-band LAN or out-of-band Cellular management. The whole family of these products also have an appliance that we can buy in both versions, virtual and physical. So we can control a bunch of these devices by using a central management console.

Opengear

It has the power supply connection, 4 serial ports, 4 sensors, 1 RJ-45 for LAN access, 2 connectors for the cellular modem antenna, and a slot for inserting a SIM card with data enabled. Configuration is a little bit tricky because it is plenty of configuration options and there are some points that not everybody knows.

Once connected to LAN it will pick and IP address from the DHCP server. We can change it later. So for connection we only have to browse secure http to this IP address. Once there we can access the management of the device. GUI is very simple, almost everything is a link that takes us to the correct configuration page.

Opengear-Management-Console-Windows-Internet-Explorer.jpg

All you have to do is navigate through the different options testing changes you make. For this post, I’ll only explain the failover over cellular feature. Ok, the first thing we need is to insert the SIM card in the slot. There is no drawing to know how to plug in the card, but it only fits if you have it correctly turned, so, unless you’re using a hammer, you should have no problems. Then check in System - Dial - Internal Cellular Modem the SIM status. In my screenshot it says error or unavailable because I already disconnected it, but should note Available. Make sure we check Allow outgoing modem communication and also provide the APN parameter for the connection through the carrier to work. Usually it’s the only parameter we will need and should ask for it to your provider.

Next step is to configure the Failover. This option will allow the device to reach internet over the provider carrier in case of LAN failure. Navigate to System - IP - Network Interface and then select the internal cellmodem to use as failover device. We have to specify the polled IP addresses. The ACM will poll these addresses periodically over the LAN, and in case of failure of the probes, it will activate the cell and route traffic through it.

Opengear-Management-Console-Windows-Internet-Explorer_2.jpg

Last step involves the connection to the OpenGear appliance we have running, it’s named " Call Home “. This post will only show how to manage our device without the need of the appliance, but we still need an endpoint to connect to. In my case I’ve setup a little Linux box with SSH enabled and published over the Internet. We have to be very careful. Usually cellular provider data connections gave the devices private IP addresses, and this means that the IP address will not be reachable through Internet. Those of you who though that all the job was done, were in an error. As the IP address provided is not reachable, we need to workaround this. My way was to make the ACM the one that establishes the connection, because we cannot reach directly the provider private address. So what we’ll do is configure the ACM to run a SSH connection with my box. Whenever we want to access the ACM, we will have to connect to this box, and from it with the port forward, we will be able to reverse connect to the ACM.

Navigate to Serial & Network - Call Home. Add a connection and specify, the public reachable address of your SSH server, user, password and the port forward it will use to reach the ACM. I will not deep dig on this because you can find extensive documentation in Internet, but make sure to create the RSA key-pair in the SSH server for the user we use in the ACM, otherwise connection will not work.

Opengear-Management-Console-Windows-Internet-Explorer_3.jpg

That’s all. Few things to consider are timeouts between probes for failover and delay on the switchover back and forward to the LAN and cell. I didn’t find anything about this in the documentation, but I’m sure it has to be there.

Before we finish, we need to connect to our new ACM, right?

Well, with a session opened in the SSH server and once the ACM has established the connection, we can do a:

ssh -p [port-number] -l [username] 127.0.0.1

This is the way we connect to the console of our ACM. Port number has to be the one we sepcified a few minutes ago, and the username is the same we used to connect to the web interface. From there we’ll need then connection to the serial/console port. Easy, do a:

telnet 127.0.0.1 200X

being X the port number we want to manage, and 2000 the base port we configured before in the ACM.

Maybe I’ll write a new post explaining the basics about the serial ports configuration, and if time allows, maybe another regarding the appliance and how to manage it, as always, the very very basic.