Remote Site Access Router with Ethernet and DSL WAN ports.
Introduction
The MuLogic RSA-4422 facilitates remote connectivity to unattended locations, such as power substations, traffic management system cabinets, and various other sites housing Operational Technology (OT) equipment.
The unit features an ADSL/VDSL2 port and five 1Gb Ethernet ports with VLAN support.
Two USB 3.0 ports are provided for USB devices including flash drives, external WWAN modems, and Ethernet or serial ports.
The RSA-4422 incorporates 2 serial port gateways that can be used for remote access to devices with a serial interface.
The unit is intended for industrial applications and is powered from low voltage DC or AC power sources.
The operating temperature ranges from -40°C to +70°C.
Features
- Access router with multiple WAN ports: Ethernet, ADSL/VDSL2 and 2G/3G/4G Cat.4 Wireless WAN.
- DSL interface supports standards for VDSL2, ADSL, ADSL2 and ADSL2+
- One hardware version for ADSL Annex A (PSTN overlay) and Annex B/J (ISDN overlay).
- VDSL2 Downstream rates up to 350 Mbit/s, upstream rates up to 100 Mbit/s.
- ADSL Downstream rates up to 24 Mbit/s, upstream rates up to 1.4 Mbit/s (Annex A/B).
Upstream rates up to 3 Mbit/s in Annex A/M and Annex B/J modes. - ADSL Encapsulation Protocols: PPPoA, PPPoE, IPoA, MER/IPoE and CLIP.
- RFC4638 support for allowing PPPoE MTU size up to 1500.
- Four Ethernet ports: 10/100/1000baseT, Auto-MDI/MDIX. Each port can be configured as LAN or WAN port.
- Ethernet WAN ports are compatible with fiber optic ONTs for Active Optical Network (AON), Passive Optical Network (PON), or 10 Gigabit Symmetric Passive Optical Network (XGS-PON) connections.
- Automatic Failover operation between xDSL, Ethernet WAN and Wireless WAN port.
- IEEE 802.1Q VLAN support for PTM, and Ethernet LAN and WAN interfaces.
- Ethernet port supports SCADA protocols such as Modbus/TCP, DNP3/IP and IEC60870-5-104.
- Two external USB 3.0 ports (USB 3.2 Gen 1) and one internal USB port for circuit expansion or memory devices.
- USB ports can be used for external WWAN modem.
- Two serial port gateways for remote serial data (TCP/IP or UDP/IP) to serial ports (one RS232, one RS485) and Modbus/TCP to Modbus/RTU conversion. Data rates from 300 to 115200 bit/s.
- Serial ports support SCADA protocols such as Modbus/RTU, DNP3 and IEC60870-5-101.
- IPsec and OpenVPN tunnels for secure communication over Wide Area Networks or the internet.
- Policy-based and route-based IPsec. Route-based IPsec offering virtual IPsec interfaces.
- GRE tunnelling for encapsulating multicast traffic, such as RIPv2 and OSPF, over IPsec tunnels.
- Secure Layer 2 Ethernet bridging using OpenVPN tunnels.
- Secure access to serial port gateways (using a VPN tunnel or access restrictions in the firewall).
- Up to 6 separate LAN networks, each with its own dedicated DHCP server.
- Static routing and dynamic routing (BGP, OSPF, RIPv1 and RIPv2).
- Dynamic NAT (IP masquerading) for outgoing connections.
- Static NAT (Port forwarding) for incoming connections.
- Stateful firewall for access control, data forwarding, and rate limiting (DoS protection).
- Device Management via HTTP/HTTPS, CWMP (TR-069), SNMP, SSH, and Telnet.
- Firmware and settings update via remote connection or local Ethernet port.
- Role-based access control for administrative access.
- RADIUS and TACACS+ support for user authentication and accounting.
- IEEE 802.1X Port-based Network Access Control.
- Certificate management and enrolment: Manual or SCEP.
- System alerts sent by means of Email or SNMP traps.
- Independent watchdog/reset controller for monitoring vital system functions.
- Dry contact sensor (input) with status reporting and alerting via SNMP, Email or SMS.
- Dry contact (output) for automatic alarm/status indication or remote control.
- Sensors for system temperature (system and WWAN), power consumption, and USB overcurrent with status reporting via SNMP and HTTP/HTTPS and alerting via SNMP trap, Email or SMS.
- Power supply voltage: 10-36 VDC / 22-26 VAC (Vr1), or 18-72 VDC (Vr3).
- Extended operating temperature range: -40°C to +70°C.
- Din-Rail or panel mounting.
Application Areas
Remote site access
The RSA-4422 is designed for access to unmanned remote sites such as electric power substations, roadside cabinets for traffic control, remote surveillance etc.
The unit facilitates connectivity for Remote Terminal Units (RTUs), PLCs, and other OT equipment, offering Ethernet, USB, and serial ports for connecting such devices.
Various options for secure VPN tunnels, such as IPsec and OpenVPN, are available.
In combination with GRE or secure Layer 2 tunnels, all Layer 2 and Layer 3 network protocols can be transported.
Cellular Wireless WAN
External Wireless WAN (WWAN) modems can be connected to the USB ports.
The WWAN port can be used as primary connection but can also serve as backup for
the xDSL or Ethernet/Fiber optic WAN link.
Failover operation of WAN ports and interfaces
Each WAN interface can be used as either the primary or backup WAN interface.
Alternative paths are automatically selected based on priority and availability.
Serial port gateways
The integrated Serial Port gateways offer remote access to the unit’s serial ports.
One gateway connects to an RS485/RS422 port, the other to an RS232 port.
The network connection to the serial port gateways allows for the use of various tools
such as “virtual com port drivers”, direct IP socket connection or dedicated application
software. Serial-to-Ethernet converters or other MuLogic routers can also be used.
In addition, the serial ports can be accessed via a Telnet connection.
Modbus/TCP to Modbus/RTU conversion is supported for accessing Modbus/RTU devices via Modbus/TCP over the network.
Information and Access Security: IPsec, OpenVPN and Firewall
Since the unit will often be connected to the public internet, it supports extra security features such as encrypted tunnels. Encrypted virtual tunnel connections can be created with IPsec or OpenVPN. Only the equipment at the endpoints of the tunnel can communicate with each other and the data is protected from eavesdropping.
A single RSA-4422 can support multiple IPsec or OpenVPN tunnels.
The OpenVPN tunnels can operate in routing mode (Layer 3) but can also be used to transparently bridge Ethernet frames (Layer 2).
For IPsec, both the standard “policy mode” and “routed mode” are supported.
In routed mode, virtual interfaces are created, allowing the use of the regular routing
table to determine which data should be tunnelled.
The unit’s firewall features provide both static and dynamic NAT routing (including port forwarding and IP masquerading) and offer the ability to block or grant access to its configuration and management interfaces, as well as to connected devices. These features allow you to block all access from unknown IP addresses. Additionally, several options are available to limit the rate of incoming or outgoing data, serving as protection against DoS attacks or for traffic shaping. This enables control over the flow of specific types of network packets, ensuring optimal network performance for prioritized applications.
Containerised applications
The RSA-4422 provides the option to run custom applications in isolated runtime environments, such as Docker containers. These applications can be installed on
internal (optional) or external USB flash memory.
384MB of system RAM is available for custom applications.
Configuration and remote management
The RSA-4422 can be configured, updated, and managed via:
- Web browser.
- TR-069/CWMP ACS .
- SNMP manager.
- HTTP/HTTPS POST for scripted configuration and control.
- SCP for file transfer (settings and firmware upload).
- Command line interface via Telnet, SSH, or serial RS232 port.
Device power supply
The RSA-4422 is equipped with a galvanically isolated low voltage power input.
For mains power operation (100..240 VAC) an external power adapter or PSU is used.
Two voltage ranges are available: 10-36 VDC/20-26 VAC and 18-72 VDC.
The power consumption ranges from 6 to 12 Watt* maximum, depending on the
power supplied by the USB ports (* when no internal USB device is added).
Extended temperature range
The RSA-4422 is designed for operating under extreme temperature conditions.
It is suitable for operating at ambient temperatures ranging from -40°C to +70°C.
Technical Specifications
xDSL modes
- ITU-T G.992.1 (G.dmt)
- ITU-T G.992.2 (G.lite)
- ITU-T G.992.3/4 (ADSL2)
- ITU-T G.992.3 Annex L (RE-ADSL)
- ITU-T G.992.5 (ADSL2+)
- ITU-T G.992.5 Annex M (ADSL2+M)
- ITU-T G.993.2 VDSL2 (profiles: 8a, 8b, 8c, 8d, 12a, 12b, 17a, 30a, 35b)
- ITU-T G.993.2 Annex D and G.993.5 Annex B (Long Reach VDSL2 / VDSL2-LR)
- ITU-T G.993.5 and G.993.2 Annex Y VDSL2 Vectoring
- ITU-T G.998.4 (G.INP) Impulse Noise Protection
- SRA (Seamless Rate Adaption)
- Hardware is suitable for both ADSL Annex A/M and Annex B/J operation.
xDSL encapsulation protocols
- PPP Over ATM (PPPoA, RFC2364)
- PPP Over Ethernet (PPPoE, RFC2516)
- Ethernet Over ATM (MER/IPoE, RFC2684)
- IP Over ATM (IPoA – CLIP, RFC2225)
- MAC Encapsulation Routing (MER, RFC2684)
- Ethernet bridging (RFC2684 Bridge mode)
- PTM untagged or tagged VLAN
- PPPoE MTU up to 1500 (RFC4638)
IP routing
- Static and Dynamic routing: OSPFv2, OSPFv3, RIPv1/v2 and BGP-4.
Firewall and traffic shaper
- Offers data forwarding and access control, Rate limiting, Traffic shaping,
NAT routing and port forwarding.
Tunnel protocols
- IPsec (IKEv1/v2), OpenVPN and GRE (Layer 2 and Layer 3).
OpenVPN
- P2P, client and Server mode
- UDP, TCP server, TCP client
- Modes: Layer 2 Bridged, Layer 3 Routed.
- Authentication methods: Pre-shared secret, X.509 Client, X.509 Server.
- Encryption Algorithms: versions of AES-128/192/256, DES, CAST5.
- Authentication Algorithms: SHA-1, SHA-256, SHA-384, SHA-512.
- TLS authentication.
- LZO Compression.
- Multiple tunnel configuration profiles.
IPsec
- Policy-based and route-based IPsec.
- Key exchange method: Automatic (IKE, IKEv2).
- Authentication method: Pre-shared key or X.509 Certificate.
- PFS support (Perfect Forward Secrecy): RFC 2412.
- Phase 1 mode: Main or Aggressive (IKEv1).
- Phase 1 and 2 Encryption Algorithms: 3DES, AES-128, AES-192 or AES-256.
- Phase 1 and 2 Integrity Algorithms: MD5, SHA-1, SHA-256, SHA-384, SHA-512 or SHA-256-96.
- Key exchange methods: DH Groups: 1, 2, 5, 14, 15 and 16. NIST ECG25, ECG26, ECG19, ECG 20 and ECG21. Brainpool ECG27, ECG28, ECG29 and ECG30.
- Key Lifetime: 1-28800 seconds.
- DPD (dead peer detection).
- NAT-traversal and NAT KeepAlive.
- Layer 2 bridging over IPsec tunnels using GRE Layer 2 or OpenVPN Layer 2 bridging.
- Multicast transport by means of GRE over IPsec.
- Multiple tunnel configuration profiles.
GRE Tunnel
- Layer 3 and Layer 2 tunnelling.
- Multiple tunnel configuration profiles.
Ethernet ports
- 10/100/1000baseT
- Half and Full duplex
- Auto-MDI/MDIX
- 802.1Q VLAN support.
Serial ports
- Port 1: RS232 DB9 Male connector (DTE pinout).
- Port 2: RS485/RS422 at 4-pin screw terminal connector.
- Port rates: 300, 600, 1200, 2400, 4k8, 9k6, 19k2, 38k4, 57k6, 115k2 or 230k4 bit/s.
- Data formats: 8N, 8E, 8O, 7E, 7O. One or two stop bits.
- Buffer size: 10, 20, 50, 100, 200, 300, 400, 500, 1000 or 1500 bytes.
- Forwarding timeout: 1, 2, 5, 10, 15, 20, 50, 100 or 200 msec.
Serial gateways
- Operating modes: TCP server, TCP client, Telnet server, UDP client/server,
Modbus/TCP to Modbus/RTU conversion. - Maximum number of concurrent connections: 256.
- TCP Alive check and Data Activity check.
- Packet statistics for each connection.
USB ports
- Two external USB3.2 Gen 1 (5Gbit/s) USB ports.
- One internal USB port.
- Power budget for external USB devices: 2.5 Watt (500 mA) per port.
I/O ports
- Input: contact sensor for dry contact. Closed contact current: max. 6 mA.
- Output: Isolated dry contact. On resistance: 8Ω, max. load current: 150 mA.
Power supply voltage ranges
- RSA-4422/Vr1: 10-36 VDC/22-26 VAC (6..12W)
- RSA-4422/Vr3: 18-72 VDC (6..12W)
System characteristics
- Triple core 1.5 GHz ARM Cortex-A7 MPCore CPU (ARMv7-Architecture, 32-bit)
- 256MB system flash memory. Custom apps on internal or external flash memory.
- 512MB RAM: 128MB reserved for system, 384MB available for custom applications.
Dimensions and weight
- Dimensions RSA-4422: 143x38x95mm(HxWxD), Weight: 645 gr.
Environmental characteristics
- Operating temperature range: -40°C to +70°C, Humidity:5..95%
- Storage temperature range: -50°C to +80°C, Humidity:5..95%
Compliances and approvals
- CE directives: 2014/30/EU (EMC) and 2006/35/EU (LVD).
- EMC: EN 55022, EN55024: Emission limits and immunity for residential environments.
- EMC: EN 61000-6-2: Immunity for industrial environments.
- Safety: EN 60950-1:2006/A11:2009+A1:2010+A12:2011+A2:2013
- Mechanical Stability: IEC 60068-2-27 shock, IEC 60068-2-6 vibration.
- RoHS: 2002/95/EC (RoHS 1), 2011/65/EC (RoHS 2).
Order codes
- RSA-4422/Vr1 (10-36 VDC/22-26 VAC).
- RSA-4422/Vr3 (18-72 VDC).
- Note: Options for internal flash memory are available on request.