Teradek User Guide

Network

Updated on

Configure Prism’s network interface and encryption options by opening the Network menu from the web UI. 

Configurable Options

Priority

The Prism connects services to the outside world through the Priority interface if valid.  This includes connections to

  • Teradek Cloud services
  • Camera to Cloud
  • Most "caller/push" streaming protocols (by default)

    To change the Priority interface drag and drop the interface up or down on the list.

Behavior of interfaces

The Prism will attempt to make a primary connection through the first interface and continue down the line until there is a valid connection (Green).

If an interface reads green but is Firewall blocked for those services, the Prism will not attempt to authenticate those services over another interface.

 

Open VPN

Prism supports the use of OpenVPN for remote administration of the device as well as passthrough of NAT'ed clients on hotspot (users on hotspot can access remote resources).  We have tested successfully with TUN connections.

To use OpenVPN, you must provide a properly formatted OVPN file.

An example of this format would be something like this:

dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote example.remote-server.com 1194 udp
auth-user-pass
remote-cert-tls server

<ca>
-----BEGIN CERTIFICATE-----
MIICIjCCAYqgAwIBAgIJAIZT0NZxTgjCMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
BAMTCGV4YW1wbGUuY29tMB4XDTE1MDgxOTEzMjA1OFoXDTE4MDgxODEzMjA1OFow
EzERMA8GA1UEAxMIbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAzG1+2jf/Y/bQXFYVj1XVNb7h1Nw4uSg6GnTlnBiXhphYExFvJstbGvhw
...
-----END CERTIFICATE-----
</ca>
setenv CLIENT_CERT 0
key-direction 1

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
eXaMpLeKaYvFgM9K3Yw3E94iFeAlHe7O
8Ja27yNnM97kL9I4aSg39g9Z8LpQ3lN2
o2bM3pF6kz6N8O3l9P1F8I3pC9K8J7rF
m4X5H1vN4m2F7o4E9Z1K6yM5o1G8Q9M6
3aZ7D1o5P8n9V2j3Q5L8E9fN2R6M7g8D
...
-----END OpenVPN Static key V1-----
</tls-auth>
Click to copy
  • SELECT FILE - Selects a file to upload into the Prism.
  • UPLOAD CONFIG FILE - Uploads selected file into the Prism
  • DELETE CONFIG FILE - Deletes configuration File into the Prism

CONTROLS

  • START - Starts the OpenVPN connection
  • STOP - Stops the OpenVPN connection
  • AUTO RUN - When on, the OpenVPN connection automatically connects on startup.  This is desirable for

NOTE: The Prism supports only one configuration at a time.

WiFi

Prism Flex and Prism Mobile Series have built in 802.11ax chipsets for configuration, data sharing, and infrastructure wifi attachment.

  • WIFI MODE (Default: Access Point)
    • Disabled: Wifi is disabled on the Prism
    • Access Point (AP): Prism acts as its dual-band access point, allowing you to connect your device directly to Prism’s AP network for configuration, and for bonding multiple iOS/Android cellular devices for increased bandwidth.
    • Client: Allows Prism to connect . Client Mode is typically used for normal WiFi operating and connecting to your local router.
  • Access Point Mode Options:
    • ACCESS POINT NAME - Name of broadcasted SSID (network name)
    • ACCESS POINT SECURITY MODE (Default - None)
      • None - No Security
      • WPA - Basic Security
      • WPA2 - Highest Security
      • WPA/WPA2 - Compatible Security
    • ACCESS POINT REGION- Conforms access point to the regional requirements to match country laws
      • United States
      • Europe
      • Japan
      • China
      • South Korea
    • ACCESS POINT CHANNEL (Default - Auto (5GHZ or 2.4GHZ range) )
      • Select a specific channel or Range for the Wifi.  This list is limited to country specific channels. Note
    • Hotspot - Shares internet access from an attached Modem (or other interface) with the Wifi
      • Hotspot feature (Enable or Disable) 
      • Hotspot Interface (available when Hotspot is enabled):
        • Auto - Uses the highest priority interface
        • Wired 1
        • Wired 2
        • Modem A
        • Modem B
        • Modem C
        • Modem D
        • OpenVPN - Allows connection through the OpenVPN tunnel
  • Client Mode Options:
    • AUTO CONNECT TO SAVED NETWORKS (default: Enable) - Prism automatically connects to existing saved networks.
    • IP MODE
      • Dynamic (DHCP): Prism requests an IP address and configuration from the network’s DHCP server when set to DHCP.
      • Static: When set to Static, you must manually configure the IP address, subnet mask, gateway, domain, and DNS server to connect to the network.
    • WIFI-SCAN - Scans for Wifi Netowrks
    • SAVED NETWORKS - Lists previously connected networks
    • ADD NETWORK -  Allows manually adding a network without scan
    • MANAGE CERTIFICATES - Upload certificates for connections to EAP-TLS, EAP-TTLS,and PEAP-MSCHAPv2 connections.  While certificates are saved for known networks, Only the last loaded certificate will be used to make a new connections.
      • .P12 for EAP-TLS
      • .pem, .crt, .cer files for - EAP-TTLS and PEAP-MSCHAPv2

WPA2 Enterprise Configuration

Prism supports EAP-TTLS, EAP-TLS, and PEAP-MSCHAPv2, which are 3 of the major authentication methods used today in most modern radius setups.

Upload your certificate and then scan for a Wifi Network.  Select your Network and connecting to an Enterprise Network, you will need to select which authentication type you are using.

  • EAP-TLS - Uses a certificate chain to allow authentication.  Prism only allows a .p12 file with a password. Most environments require  CA (certificate authority) certificate, server certificate, client certificate, and private key.

Instructions for .P12 file creation with all required files.

1. If you have a .P12 file with just the cert and key, you can extract them

openssl pkcs12 -in existing.p12 -nocerts -out existing_key.pem -nodes
openssl pkcs12 -in existing.p12 -nokeys -out existing_certs.pem
Click to copy

2. Prepare your server certificate. If you have a certificate chain, combine it as before: 

cat server.crt intermediate1.crt intermediate2.crt > server_chain.crt
Click to copy

3. Now, create a new .p12 file that includes both the existing content and the new server certificate and allows you to set a password 

openssl pkcs12 -export -out new.p12 -inkey existing_key.pem -in existing_certs.pem -certfile server_chain.crt
Click to copy
  • EAP-TTLS/PAP -  Uses a CA certificate, username, and password to authorize the device.
    • Requires a certificate to be uploaded into the the "Manage Certificates" before hand
  • PEAP-MSCHAPv2 -  Accepts a server presented certificate and then authorizes with username and password.

Wired Interfaces

Prism devices support 2x gigabit ethernet ports.

  • Wired 1
    • DHCP: Prism requests an IP address and configuration from the network’s DHCP server when set to DHCP.
    • Static:  In static, you may manually configure the IP address, subnet mask, domain, gateway, and DNS server to connect to the network.
    • MTU - (default: 1500) Maximum Transmission Unit - the largest data packet the Prism creates and accepts
  • Wired 2 - Supports additional modes
    • IP MODE
      • DHCP Client : Prism requests an IP address and configuration from the network’s DHCP server when set to DHCP.
      • DHCP SERVER: Prism will create a network (172.16.3.0/24) and allow devices to connect to it.  Allows Hotspot connectivity.
      • STATIC:  In static, you may manually configure the IP address, subnet mask, domain, gateway, MTU, and DNS server to connect to the network.
    • HOTSPOT - Shares internet access from an attached Modem (or other interface) with the Wifi
      • Hotspot feature (Enable or Disable
      • Hotspot Interface (available when Hotspot is enabled):
        • Auto - Uses the highest priority interface
        • Wired 1
        • Modem A
        • Modem B
        • Modem C
        • Modem D
        • OpenVPN - Allows connection through the OpenVPN tunnel
    • MTU - (default: 1500) Maximum Transmission Unit - the largest data packet the Prism creates and accepts

Modems

Prism can support up to 6x Node devices depending on configuration

  • Prism Flex - 2 Node Modems
  • Prism Mobile - 3 Node Modems (4 if use Node II or Node II CBRS externally)
  • Prism Mobile Backpack - 6 Modems

Main Statuses

  • Network Status - Shows the connection status of the module, the roaming state and the connection technology
  • Model - Indicates the model of the connected device - Node 5G-Q, Node 5G-SW, Node II, Node II CBRS, Node I
  • Carrier - Shows the connected carrier

Detailed Status

  • Active MBN Profile - MBN profile is a profile that loads when a native sim in detected. If the a Native Sim is not detected, the Generic Profile will load.
  • Band - indicates the band / bands that the Node is connecting to.  LTE connects to a single band, 5G-NSA will show up as LTE and 5G, and 5G-SA will show up as 5G only.
  • ICCID - Identification number of the SIM/SIM Profile.  
  • EID - Identification of the hardware of the SIM (used in Teradek Data)
  • IMSI - Native network of the SIM.  If an IMSI is not owned by the network it's connect to, it is considered roaming
  • Version - The firmware version of the internal Node chipset
  • IP address, Default Gateway, DNS Server, Netmask, MTU - Values address given to the Node from the carrier at registration

Modem Settings

  • Modem - Enable or Disable the use of the selected modem.  To restart a modem, enable and disable.
  • Slots (1/2 or Physical/ eSIM) - Select which SIM slot you want to use. Only one SIM slot can be used at a time per modem
    • Prism Mobile - supports 2 physical sim slots for each modem
    • Prism Mobile MK II & 5G - Contains 1 physical sim slot for each modem and 1 Teradek Standard Data eSIM
    • Prism Mobile GOV  - Contains 1 physical sim slot for each modem.
    • Node II - before September 2024 - supports 2 physical sim slots for each modem for model purchase.  After September 2024 - supports 2 physical sim slots for each modem for model purchase.
    • Node 5G - Contains 1 physical sim slot for each modem and 1 Teradek Standard Data eSIM (Models with serials 03300420 and lower contain a Teradek Priority Data eSIM)
  • Configuration - Select a configuration type:
    • Auto - Uses auto APN or our internal APN list to find connect to the network
    • Custom
      • APN - Access Point Name - Used to connect to the internet on most networks.
        • APN entry in this location will fall into slot 1 (CID 1) for all sims except if the MBN profile is Verizon Wireless.  Then then APN will fall into slot 3 (CID 3)
      • PIN - If the sim needs a PIN to unlock, you will need to enter it here.  An attempt will only be made once per Modem start.  After 3 times, the SIM may lock an a PUK (Pin Unlock Key) may be required.
      • Authentication
        • Encryption for Authentication: PAP, CHAP, MSCHAPv2
        • Username and Password for authentication
    • Teradek Standard Data
    • Teradek Priority Data
    • Teradek Priority Data Europe
    • Teradek Priority Data Japan  - Not available
    • Teradek Data Carribean
    • Teradek Priority Data
    • Teradek Data Tier 1 - Not available

Advanced (Varies depending on Modem)

  • Auto Restart (default Disabled) - Restarts the Modem if no connectivity after 3 minutes
  • IP Type (default IPV4V6) - Force IPV4 if there is a carrier support. Sets the CID to IP instead of IPV4V6. Not recommended unless the carrier supports this.
  • 5G Standalone (default Disabled) - Enables 5G Standalone function on the Node 5G.
  • xlat464 (Node II) - Enables conversion of carrier assigned IPV6 to a local IPV4 (192.0.0.1) for use with the Prism (the Prism only supports IPv4 with Bonding Protocol).  Only works in Generic MBN Profile.  Enabled automatically for Vivo Brazil.
  • Band Selection - Allows Selection of WCDMA, LTE, NSA 5G, and SA 5G depending on your Node (Not Supported by Node I or Node 5G-SW)

Select the bands that you wish to allow the modem to  connect to.

Previous Articles Recording
Next Articles System Settings

Prism

Quick Start Guides 8
Physical Properties 5
Licenses 3
Basic Configuration Guides 9
Device Reference Guide 10
Cloud Services Reference Guide 8
Technical Specifications 6
Regulatory Information 5
Print Articles