Release Notes PN 93000695_A Connect WAN IA (Cellular Modbus Bridge) 82001661_A EOS February 12, 2008 INTRODUCTION This is a production release of firmware for Digi's Connect WAN IA. The WAN IA starts with the feature set of Digi's Connect WAN VPN, then adds a Modbus bridge for multi-master access and mixing of protocols such as Modbus/TCP, Modbus/UDP, Modbus/RTU, and Modbus/ASCII. (ModbusPlus requires dedicated hardware and IS NOT supported.) The Connect WAN IA, part of the Digi Cellular Product Family, provides an alternative to traditional wired TCP/IP Wide Area Networks (WANs), utilizing global wireless Cellular technology to create primary and backup network connectivity. They offer an easy, cost-effective, means of connecting virtually any remote location or device into the corporate IP network. The Modbus Bridge functionality enables remote Masters to connect via both the Cellular IP network and the local Ethernet. It supports: - Modbus/TCP transported by TCP/IP or UDP/IP - Modbus/RTU transported by serial, TCP/IP, or UDP/IP - Modbus/ASCII transported by serial, TCP/IP, or UDP/IP See Digi Document 90000773 for more details on the Modbus Bridge. The standard Connect WAN IA hardware includes screw terminals for 10-30vdc power supply and EIA-232/422/485 field selectable serial port. SUPPORTED PRODUCTS Connect WAN IA 1X Connect WAN IA Edge Connect WAN IA GPRS DESCRIPTION The Factory Default configuration consists of: - IP address is assigned by DHCP client - Internal DHCP server is disabled - Serial login (terminal) is disabled - Modbus/TCP Masters incoming on TCP port 502 and UDP port 502 - Modbus/RTU Masters incoming on TCP port 2101 and UDP port 2101 (Note: matches serial config, so changes to Modbus/ASCII when serial port changed to Modbus/ASCII) - Modbus/RTU serial slave on port 1, settings 9600:8,N,1 - Incoming Unit Id or Slave Address 0 treated as 1, not broadcast - Incoming Unit Id or Slave Address 1 to 32 assumed on serial port - Incoming Unit Id or Slave Address 33 to 254 assumed to be Modbus/TCP slaves (servers) on local Ethernet port. Slave Address is used for mast octet of local IP, so if WAN IA has the IP 192.168.2.1, then local slaves assumed to be at 192.168.2.33 to 192.168.2.254. - Incoming Unit Id or Slave Address 255 returns 0x0A exception - Default timeouts: *) Serial or Modbus/TCP slave response in 1 second *) Serial responses with less than 20 msec of inter-byte gap *) IP requests with less than 30 seconds of inter-byte gap (required to assemble fragmented TCP/IP via cellular link) To disable the Modbus Bridge, just change the serial port profile to anything other than ia or Industrial Automation. The ia configuration may be damaged while profile is not ia. Setting the profile back to ia may cause a factory default configuration to be restored. ENHANCEMENTS Initial release. BUG FIXES Initial release. KNOWN ISSUES - The Modbus Bridge must be configured by Telnet and Command Line. At present the Web UI only allows disabling the Modbus bridge or changing the basic serial settings. - Digi RealPort can only be used if the Modbus Bridge function is disabled. You cannot use RealPort with Modbus/RTU or ASCII to access the Modbus Bridge function. - Do not attempt to "Port Forward" TCP 502 or UDP 502 to local Modbus/TCP servers while the Modbus Bridge is active - this causes NEITHER function to work. Disable the Modbus Bridge if you desire tradtional Router/NAT function for Modbus/TCP port 502. - If you disable the Modbus Bridge or it stops working due to other configuration changes you have made (on purpose or accidently), then the safest way to restore the Modbus Bridge is to hold the blue reset button while powering up the WAN IA to do a hardware configuration reset. Doing a Default Reset by the Web UI may not fully clear certain low-level settings. - Problems have been encountered with some Linksys VPN appliance models when using different Diffie-Hellman group settings for phase 1 and phase 2. To work around this issue and successfully establish the VPN tunnel, use the same Diffie-Hellman group for both phase 1 and phase 2 settings. DOCUMENTATION ERRATA None. ADDITIONAL INFORMATION It is recommended that you perform a backup of your device's settings prior to upgrading your firmware. If you should need to revert back to a previous version of firmware, this will ensure that you will be able to restore your device to its previous settings in the event that some settings are not restored properly after downgrading the firmware. To backup your device settings, follow this simple procedure: 1) Open the web user interface and navigate to the "Administration" section and select "Backup/Restore". 2) Click the "Backup" button and select the location to where you want to save your backup file. To restore: 1) Navigate to the same section within the web UI. 2) Click the "Browse" button to select the backup file you saved in the previous steps. 3) Click the "Restore" button to upload the configuration settings contained in your backup file. On initial boot of this device, it will generate some encryption key material: an RSA key for SSL/TLS operations, and a DSA key for SSH operations. This process can take as long as 40 minutes to complete. Until the corresponding key is generated, the device will be unable to initiate or accept that type of encrypted connection. It will also report itself as 100% busy but, since key generation takes place at a low priority, the device will still function normally. On subsequent reboots, the device will use its existing keys and will not need to generate another unless a reset to factory defaults is done, which will cause a new key to be generated on the next reboot. HISTORY 82001661_A - February 12, 2008 Initial release.