Situation

A local network is to be connected to the Internet via the LTE router manually.

Solution

The Additional Internet connection wizard could be used for this, but the intention of this Configuration Guide is to explain how this can be achieved with manual settings.

It is prerequisite that the device is in default settings and an LTE modem is inserted in slot 2.

The device can only be accessed via the first Ethernet socket in default settings. This avoids to bridge several networks accidentally on an already configured router when resetting to default settings.

  1. Open web interface of the router using a browser: 192.168.1.1 [1]

  2. In the InterfacesSlot 1: Ethernet menu, assign the ports 1.3, 1.4 and 1.5 to the interface net2 LAN. [2]

  3. Click on Save settings.

  4. In the InterfacesSlot 2: LTE menu, enter PIN [3] and APN [4]. [5]

  5. Click on Save settings.

  6. In the InterfacesIP net 2 (net2) menu, activate the network and add an IP address () that the router shall get in the LAN. [6]

  7. Click on Save settings.

  8. In the WANWAN chains menu, add a new WAN chain (). [7]

  9. In the WANWAN chains menu of the new WAN chain, add a new interface () and edit it ():

    • Interface: lte2

    • Connection check type: none [8]

  10. Click on Save settings.

  11. In the RoutingStatic routes menu, add a new route () and edit it (): [9]

    • Set after start of: lte2

    • Type of the route: Default route

    • Gateway: use dynamically received IP address

  12. Click on Save settings.

  13. In the NetfilterNAT menu, enter a new rule under Source NAT () and edit it (): [10]

    • Type: Masquerade

    • Protocols: all

    • Output interface: lte2

  14. Click on Save settings.

  15. Activate profile by clicking the blinking gear in the title bar (). [11]

Troubleshooting

  • The condition of the WAN chain and their interfaces is shown in the web interface in the Status menu on the System status page. If an interface does not achieve the online condition, its condition can also be examined in this menu.

  • If no network traffic is achieved, the tools integrated in the router can be used for debugging.

  • Network devices connected to the router cannot use the Internet connection. The reason can be that they have not entered the router as gateway and DNS server.

  • The IP filters can be deactivated for testing purposes. The router itself is also subject to the IP filters. If the router itself has to send packets, an OUTPUT rule is necessary for this. If the router itself has to receive packets, an INPUT rule is necessary for this. In order to be able to route IP packets, a FORWARD rule is necessary.

Back to the Configuration Guides for icom OS Smart Devices

Back to overview

1. Login depending on configuration; default for past firmware versions: User name: insys, Password: icom
2. The switch ports must be assigned to an interface first. In this case, interface net1 remains a separate network that serves for accessing and configuring the router only. Interface net2 is intended for connecting the devices, which are connected to the router, to the Internet. The router and its web interface can be accessed from both, net1 and net2, in this example.
3. This field may be left empty if the inserted SIM card does not require a PIN.
4. The APN (Access Point Name) is important. If no or a wrong APN is configured, it may happen that no or only a 3G connection will be established. It is possible that the modem must authenticate with the provider using a user name and password.
5. The SMS center number does not have to be entered usually, because it is already stored on the SIM card. It is only necessary for SMS dispatch.
6. IP net 2 is an interface that will always be started immediately in operating mode local if the router is started. Several static IPv4 and IPv6 addresses can be configured for this interface.
7. The interfaces are arranged one after another in a WAN chain. It will be tried to put the interfaces in the WAN chain in online condition one after another. Each interface can optionally be provided with a connection check that confirms the online condition. If the connection check fails or the router independently detects that an interface in a WAN chain does not have the online condition any longer, the establishment of the WAN chain will be considered as failed. It will be tried to start the next WAN chain. If no other WAN chain exists, all interfaces in the current WAN chain will be put in offline condition and started one after another starting with the first interface. If a second WAN chain exists, it will be checked whether the interfaces are identical starting with the start of the WAN chain. If this is the case and the interfaces are not the cause for the change of the WAN chain, they will remain in online condition. Only the interfaces whose connection check has failed and all subsequent interfaces will be restarted.
8. In case of one interface in a WAN chain, the router usually detects independently whether it is in online condition or not. However, an additional connection check may still be reasonable. In case of Ethernet interfaces, the Ethernet link is not sufficient to detect whether IP traffic is possible. A DNS check or a ping to a certain IP address provides more certainty about the possibility to reach certain destinations. An Internet connection via LTE can also be useless if DNS resolution does not work any longer. In such cases, it might be reasonable to change the WAN chain and establish the Internet connection via another medium or restart the existing interfaces.
9. When starting an interface (local or in a WAN chain), it will always be checked, whether a route is configured for this interface. The type of the route can be a default route (0.0.0.0/0), a network route (e.g. into network 172.16.0.0/16) or a host route (e.g. 172.16.7.4/16). The gateway to which the new route shall direct, will be received dynamically in this case. A static IP address is known for a few providers only. Alternatively, it would be possible to enter the interface lte2 as gateway for the route in case of an LTE modem. An IP packet will be sent via the route, whose netmask is most strict, thus /32 for IPv4 and /128 for IPv6). The priority of the route defines which route is to be used if several routes with identical range are present. The lowest priority figure defines the route that is to be used first. This allows to add several default routes together.
10. Most providers allot private IP addresses to the modems connecting to the network since there are no sufficient free public IPv4 addresses any more. In order that IP packets that are sent from the LAN to the Internet find their way back from the Internet to the right LAN again, the router must replace the source IPv4 address with the IP address that the modem has received from the provider dynamically. This process is called masquerading. This is necessary if the provider assigns public accessible IP addresses. It is absolutely important to activate the IP filters in this case to regulate the permitted IP traffic.
11. All settings are stored in profiles. Only the activation of a profile causes that the router takes on and executes the settings. After the profile has been activated, the WAN LED starts to blink green. It indicates that all interfaces (in this case only lte2) of the WAN chain are not yet online. The Signal LED that was blinking green before should blink orange after some time. The blink frequency indicates the signal quality. The colour indicates, whether the modem is logged in, but still offline (green) or online (orange). After the Signal LED blinks orange, the WAN LED is illuminated green permanently: All interfaces of the WAN chain are online now.