RSA-4222WU

Remote Site Access Router with DSL, Ethernet and cellular wireless WAN ports. (LTE450 version)

Introduction

The MuLogic RSA-4222WU is a router for providing access to unmanned remote locations such as power substations, traffic management systems and various other remote site automation equipment.

The unit is equipped with an ADSL/VDSL2 port, 4 Ethernet ports with VLAN support, and a WWAN port with support for LTE450 networks as used by utility companies.

Two USB2.0 ports are available for connecting an external wireless WAN modem and USB devices like flash drives and interface devices for additional Ethernet and serial ports.

The RSA-4222WU incorporates 2 serial port gateways that can be used for remote access to devices with a serial interface.

The unit is designed for industrial applications and is powered from low voltage DC or AC power sources.

The RSA-4222WU operates over a temperature range from -40°C to +70°C.

Features

  • Access router with multiple WAN ports: Ethernet, ADSL/VDSL2 and Cat.4 Wireless WAN
    with LTE450 (utility network) support.
  • DSL interface supports standards for VDSL2, ADSL, ADSL2 and ADSL2+
  • One hardware version for ADSL Annex A (PSTN overlay) and Annex B/J (ISDN overlay).
  • ADSL Downstream rates up to 24 Mbit/s, upstream rates up to 1.4 Mbit/s (Annex A/B).
    Upstream rates up to 3 Mbit/s in Annex A/M and Annex B/J modes.
  • VDSL2 Downstream rates up to 100 Mbit/s, upstream rates up to 50 Mbit/s.
  • WWAN radio bands supported: 31 and 72 (LTE450), and 3, 7, 20 (LTE)
  • WWAN Data rates: up to 100/50 Mbit/s (Downlink/Uplink)
  • Dual SIM (optional) for WWAN fall back to regular LTE networks.
  • ADSL Encapsulation Protocols: PPPoA, PPPoE, IPoA, MER/IPoE and CLIP.
  • RFC4638 support for allowing PPPoE MTU size up to 1500.
  • Ethernet ports: 10/100baseT, Auto-MDI/MDIX. All can be used as LAN or WAN port.
  • Automatic Failover operation between xDSL, Ethernet or Wireless WAN ports.
  • IEEE 802.1Q VLAN support for PTM, and Ethernet LAN interfaces.
  • Automatic Failover operation between xDSL, Ethernet WAN and Wireless WAN port.
  • Ethernet port supports SCADA protocols like Modbus/TCP, DNP3/IP and IEC60870-5-104.
  • Two serial port gateways for remote serial data (TCP/IP or UDP/IP) to serial ports (one RS232, one RS485). Data rates from 300 to 115200 bit/s.
  • Serial ports support SCADA protocols like Modbus RTU/ASCII, DNP3 and IEC60870-5-101.
  • IPsec and OpenVPN tunnels for secure communication with Ethernet and serial ports.
  • Policy-based and route-based IPsec.
  • GRE tunnels for linking multicast protocols like RIPv2 and OSPF over IPsec tunnels.
  • Secure Layer-2 Ethernet bridging over OpenVPN tunnels.
  • Secure access to Serial port gateways. (VPN tunnel or access restrictions in firewall).
  • Up to 4 separate LAN networks with individual DHCP servers.
  • Static routing and dynamic routing (BGP, OSPF, RIPv1 and RIPv2).
  • Dynamic NAT (IP masquerading) for outgoing connections.
  • Static NAT (Port forwarding) for incoming connections.
  • Stateful firewall for access control, data forwarding and rate limiting (DoS protection).
  • Device Management services: HTTP/HTTPS, CWMP(TR-069), SNMP and CLI.
  • Firmware updates via local Ethernet port, remotely via HTTP/HTTPS (upload or download), or invoked by CWMP(TR-069), SNMP, web interface or CLI command.
  • Role-based access control for administrative access.
  • RADIUS support for user authentication. Access roles determined by RADIUS attributes.
  • IEEE 802.1X Port-based Network Access Control.
  • Certificate management and enrolment: Manual or SCEP.
  • System alerting by means of: Email, SNMP traps and SMS.
  • Independent watchdog/reset controller for monitoring vital system functions.
  • Dry contact sensor (input) with status reporting and alerting via SNMP, Email or SMS.
  • Dry contact (output) for automatic alarm/status indication or remote control.
  • Temperature sensors (system and WWAN) with status reporting via SNMP and HTTP
    and alerting via SNMP trap, Email or SMS.
  • Isolated supply voltage input for industrial applications (suitable for AC and DC).
  • Supply voltage ranges: 11-36Vdc/11-28Vac, 18-60Vdc/18-30Vac or 18-72Vdc.
  • Extended operating temperature range: -40°C to +70°C
  • Din-Rail or panel mounting.

Application Areas

Remote site access

The RSA-4222WU is designed for access to unmanned remote sites like electric power substations, roadside cabinets for traffic control,
remote surveillance etc.
The unit provides connectivity for RTUs, PLCs and other equipment, and supports both Ethernet and serial ports. Various options for secure VPN IPsec and OpenVPN tunnels are available. In combination with GRE tunnels or secure Layer2 tunnels, all possible layer2 and layer3 network protocols can be transported.

Cellular Wireless WAN

The RSA-4222WU incorporates an internal wireless WAN (WWAN)
modem for internet connectivity via cellular LTE/LTE450 networks.
The WWAN port can be used as primary connection but can also serve as back-up for the xDSL WAN link. Versions for Dual-SIM operation are available. Dual-SIM operation allows for fallback to regular LTE
services, should the LTE450 service fail.

Failover operation of WAN ports and interfaces

All WAN interfaces can be used as primary WAN or back-up WAN interface. Alternative paths are selected automatically according to priority and availability.

Serial port gateways

The integrated Serial Port gateways offer remote access to the unit’s serial ports. One gateway connects to the RS485/RS422 port, the other to the RS232 port. Combined operation of RS232 and RS485 to a single gateway is also possible.
The network connection to the serial port gateways allows for the use
of various tools like “virtual com port drivers”, direct IP socket connection or dedicated application software.
Also other “serial to Ethernet converters” or another Mulogic router can be used. In addition, the serial ports can also be accessed by means of a telnet or SSH connection.

Information and Access Security: IPsec, OpenVPN and Firewall.

As the unit in most cases will be connected to the public internet, extra security features such as IPsec and OpenVPN are supported. IPsec and OpenVPN protect against unwanted access and eavesdropping of the data.
With IPsec and OpenVPN encrypted virtual tunnel connections can be created. Only devices at the end-points of the tunnel can communicate and the data is protected from eavesdropping.
A single RSA-4222WU can support multiple IPsec or OpenVPN tunnels.
The OpenVPN tunnels can operate in routing mode (layer-3) but can also be used to transparently bridge Ethernet frames (Layer-2). The
unit’s firewall features are used for static or dynamic NAT routing
(port forwarding and IP masquerading) and blocking or granting access to the devices attached to the unit and the unit’s configuration and management interface. This makes it possible to block all access from unknown IP addresses. In addition, several options are available to limit the rate of incoming or outgoing data as protection against DoS attacks.

 

Configuration and remote management.

RSA-4222WU can be configured and managed in multiple ways:

  • Web browser (http and https).
  • TR-069 CWMP.
  • HTTP(s) Post for scripted and automated configuration and control.
  • Command line interface via telnet, SSH, or serial port.
  • SNMP manager.

Device power supply

The RSA-4222WU is equipped with a galvanically isolated power input. Three voltage ranges are available:

  • 11-36Vdc/11-28Vac.
  • 18-60Vdc/18-30Vac.
  • 18-72Vdc.

For mains power operation (100..240Vac) an external power adapter or power supply is used.

Extended temperature range

The RSA-4222WU is designed for operating under extreme conditions. It is suitable for operating at ambient temperatures ranging from -40°C to +70°C.

Technical Specifications

xDSL modes

  • ANSI T1.413 Issue 2 (ADSL)
  • ITU-T G.992.1 (G.dmt)
  • ITU-T G.992.2 (G.lite)
  • ITU-T G.992.3/4 (ADSL2)
  • ITU-T G.992.3 Annex L (RE-ADSL)
  • ITU-T G.992.5 (ADSL2+)
  • ITU-T G.992.5 Annex M (ADSL2+M)
  • ITU-T G.993.2 VDSL2 (profiles: 8a, 8b, 8c, 8d, 12a, 12b, 17a)
  • ITU-T G.993.5 and G.993.2 Annex Y VDSL2 Vectoring
  • ITU-T G.998.4 (G.INP) Impulse Noise Protection
  • SRA (Seamless Rate Adaption)
  • Hardware is suitable for both ADSL Annex A/M and Annex B/J
     


xDSL encapsulation protocols

  • PPP Over ATM (PPPoA, RFC2364)
  • PPP Over Ethernet (PPPoE, RFC2516)
  • Ethernet Over ATM (MER/IPoE, RFC2684)
  • IP Over ATM (IPoA – CLIP, RFC2225)
  • MAC Encapsulation Routing (MER, RFC2684)
  • Ethernet bridging (RFC2684 Bridge mode)
  • PTM with tagged or untagged VLAN
  • PPPoE MTU up to 1500 (RFC4638)


Wireless cellular modes  

  • 4G/LTE bands: 3, 7, 20
  • LTE450 bands: 31, 72
  • LTE, 3GPP release 9
  • LTE data rates: (Cat.4) DL: up to 100 Mbit/s, UL: up to 50Mbit/s.


IP routing

  • Static routing
  • Dynamic routing: OSPFv2, OSPFv3, RIPv1/v2 and BGP-4.


Firewall

  • stateful firewall for data forwarding and access control, Rate limiting, NAT routing and port forwarding.


Tunnel protocols

  • IPsec (IKEv1/v2), OpenVPN and GRE (Layer 2 and Layer 3).


IPSec

  • Mode of operation: Tunnel mode.
  • Policy-based and route-based IPsec
  • Key exchange method: Automatic (IKE, IKEv2).
  • Authentication method: Pre-shared key or X.509 Certificate.
  • PFS support (Perfect Forward Secrecy): RFC 2412.
  • Phase 1 mode: Main or Aggressive.
  • Phase 1 and 2 Encryption Algorithms: 3DES, AES-128, AES-192 or AES-256.
  • Phase 1 and 2 Integrity Algorithms: MD5, SHA-1, SHA-256, SHA-384, SHA-512 or SHA-256-96.
  • Diffie-Hellman groups for key exchange: DH Group 1 (768 bit), Group 2 (1024 bit),
    Group 5 (1536 bit), Group 14 (2048 bit), Group 15 (3072 bit), Group 16 (4096 bit).
    NIST ECG25 (192 bit), ECG26 (224 bit), ECG19 (256 bit), ECG 20 (384 bit) and
    ECG21 (521 bit).
    Brainpool ECG27 (224 bit), ECG28 (256bit), ECG29 (384 bit) and ECG30 (512 bit).
  • Key Lifetime: 1-28800 seconds.
  • DPD (dead peer detection).
  • NAT-traversal and NAT KeepAlive.
  • Layer-2 bridging over IPsec tunnels using GRE Layer 2 or OpenVPN Layer 2 bridging.
  • Multicast over IPsec using GRE.
  • Multiple tunnel configuration profiles.


OpenVPN

  • P2P, client and Server mode
  • UDP, TCP server, TCP client
  • Modes: L2 Bridged, L3 Routed
  • Authentication methods: Pre-shared secret, X.509 Client, X.509 Server.
  • Encryption Algorithms: 3DES, AES-128, AES-192, AES-256 or Blowfish.
  • TLS authentication.
  • LZO Compression.
  • Multiple tunnel configuration profiles.


GRE 

  • Layer 3 and layer 2 tunneling.
  • Multiple tunnel configuration profiles.


Ethernet ports

  • 10/100baseT
  • Half and Full duplex
  • Auto-MDI/MDIX
  • 802.1Q VLAN support.


Serial ports

  • Port 1: RS232 DB9 Male connector (DTE pinout).
  • Port 2: RS485/RS422 at 4-pin screw terminal connector.
  • Port rates: 300, 600, 1200, 2400, 4800, 9600, 19k2, 38k4, 57k6 or 115k2 bit/s.
  • Data formats: 8N, 8E, 8O, 7E, 7O. One or two stop bits.
  • Buffer size: 10, 20, 50, 100, 200, 300, 400, 500, 1000 or 1500 bytes.
  • Forwarding timeout: 1, 2, 5, 10, 15, 20, 50, 100 or 200 msec.


Serial gateways

  • Operating modes: TCP server, TCP client, Telnet server, UDP client/server
  • Maximum number of concurrent connections: 256.
  • TCP Alive check and Data Activity check.
  • Statistics per connection.


I/O ports

  • Input: contact sensor for dry contact. Closed contact current: max. 6 mA.
  • Output: Isolated dry contact. On resistance: 8Ω, max. load current: 150 mA.


Power supply voltage ranges

  • RSA-4222WU/Vr1: 11-36Vdc/11-28Vac (7W)
  • RSA-4222WU/Vr2: 18-60Vdc/18-30Vac (6W)
  • RSA-4222WU/Vr3: 18-72Vdc (6W)


Dimensions and weight

  • Dimensions RSA-4222WU: 143x38x95mm(HxWxD),  Weight: 560 gr.


Environment

  • Operating temperature range: -40°C to +70°C, Humidity:5..95%
  • Storage temperature range: -50°C to +80°C, Humidity:5..95%


Compliances and approvals

  • CE directives: 2014/30/EU (EMC) and 2006/35/EU (LVD).
  • EMC: EN 55022, EN55024: Emission limits and immunity for residential environments.
  • EMC: EN 61000-6-2: Immunity for industrial environments.
  • Safety: EN 60950-1:2006/A11:2009, A1:2010, A12:2011, A2:2013
  • Mechanical Stability: IEC 60068-2-27 shock, IEC 60068-2-6 vibration.
  • RoHS: 2002/95/EC (RoHS 1), 2011/65/EC (RoHS 2)
  • Cellular modem approvals: RED, CE, GCF, UL, FCC, PTCRB, IC.
  • 3GPP TS 51.010-1, ETSI EN 301 511 V12.5.1, GCF-CC V3.62.1
  • CFR Title 47 (FCC), OET Bulletin 65 (Edition 97-01), NAPRD.03 V5.24
  • RSS132, RSS133, RSS139


Order codes

  • RSA-4222WU/Vr1: Single SIM (11-36Vdc/11-28Vac)
  • RSA-4222WU/Vr2: Single SIM (18-60Vdc/18-30Vac)
  • RSA-4222WU/Vr3: Single SIM (18-72Vdc/no AC)
  • RSA-4222WDU/Vr1: Dual SIM (11-36Vdc/11-28Vac)
  • RSA-4222WDU/Vr2: Dual SIM (18-60Vdc/18-30Vac)
  • RSA-4222WDU/Vr3: Dual SIM (18-72Vdc/no AC)