;

How to change the Lock to Client mode

Modified on Sun, 28 Jan 2024 at 10:06 AM

Lock Mode


In Lock mode, the Node is acting as a combined router and firewall on the network. With its factory default settings, the Node is connected to the Internet via its WAN port or a LTE/5G modem. In this mode, the Node creates its own protected local network for the connected LAN devices. The devices are connected to the Node by cable or via WLAN access point.


Client Mode


In Client Mode, the Node is functioning as a switch on the network, switching traffic but not providing Internet access. The Node can provide secure remote access to the network but cannot protect the devices connected to the same LAN as the default gateway to Internet is another device on the network.


Client mode can be used for connecting the Node to an existing network (e.g. an office network) without changing cabling or settings on the LAN devices. In this mode, the Node joins the network like any other device (e.g. a PC) and provides remote users access to other devices in the same network.


To connect to Internet the Node must be connected to the gateway via one of the LAN ports and either fixed IP address or DHCP Client configured.




Starting with the firmware release 5.4.0 the Node can utilise also WLAN and especially the cellular modem for fallback to Internet access. Prior to firmware release 5.4.0 WAN port or cellular modem should not be used in Client mode.


Internet fallback


When Node is configured for Client Mode, it must receive internet connection through any one of the LAN ports. If WAN/WLAN/cellular is not configured for fallback connection and Internet connection is unavailable via the LAN, Node also becomes unavailable.


With the Internet connection fallback in Client Mode, the Node is able to switch to WAN, WLAN client or cellular network connectivity when Internet connection from LAN becomes unavailable, and switch back to LAN connectivity when Internet becomes available. Technically this is implemented with the LAN DHCP being the highest priority, ie. if Node receives DHCP parameters from LAN it is treated as the default Internet connection.


It is recommended to configure and test the fallback connectivity interfaces before turning on the Client Mode. Interfaces can be configured also later if wanted.


Optionally, WLAN can be configured to Access Point mode when Node is in Client Mode. Node can be regarded as a "WiFi extender" in this case. WLAN access point settings need to be set manually.


When using the fallback Internet connection it is expected LAN devices cannot connect to the Internet through the Node. This is because the LAN devices are still configured for accessing the Internet through the (suspected) failed LAN gateway. Node itself is reachable through the fallback Internet connection and can be configured remotely for example as the Internet gateway for the LAN devices if required.


When Node is using the fallback Internet connection it can be reached through the Key VPN tunnel and connectivity should work to LAN devices provided the failed LAN gateway/router the Node is connected to is operational.


Note: Internet fallback is a new feature introduced in firmware 5.4.0.


Deploying Node in Client Mode


Note, that in Client mode the Lock will obtain its address from the DHCP, so the local network needs to have a DHCP server available. If not, Client mode cannot be used.


  • IMPORTANT Remove WAN cable if connected 
  • Connect your computer to the Node using the service port.
  • Log into the Node’s browser interface as admin.
  • Go to the page Network > LAN
  • Set “Protocol” as “DHCP client”, then click “Switch protocol” and after the page has reloaded click “Save”. Wait until the changes have been saved.
  • Connect the Node from any LAN port to the network


If you need to configure Client Mode with static addresses

  • Connect your computer to the Node using the service port.
  • Log into the Node’s browser interface as admin.
  • Go to the page Network > LAN
  • Set “Protocol” as “Static”, then click “Switch protocol” and wait until the page has reloaded
  • Set LAN IP (free static IP from the target network, e.g. 192.168.100.10 in the example) and set the netmask (255.255.255.0 in the example)
  • Set Gateway IP to point to the firewall/router on the target network (192.168.100.1 in the example)
  • Finally click “Save”. Wait until the changes have been saved.
  • Connect the Node from any LAN port to the network


Note:

  • Prior to firmware 5.4.0 do not use mobile connection when in Client mode
  • Do not connect any LAN port directly to the Internet
  • Do not connect the controlled devices to any LAN port
  • The lock will scan the entire LAN network for connected devices and will grant device access to any user with a matched Key. Please keep this in mind when considering network and information security.
  • In cases where access rights need to be restricted, switch on MAC/IP Filtering (under Advanced Settings) or set up the Node in its factory default configuration.
  • In Client Mode, the Node’s inbuilt firewall does not protect the devices in the LAN network.


Note: With earlier SW versions than v3.3.3 on Lock 100 and Lock 200, the Node will automatically change to default configuration if the USB modem or WAN cable is connected to the Node after it has been set to Client Mode. For this reason, neither USB modem nor WAN cable should be connected to Node when changing the Node to Client mode. This does not apply from v3.3.3 onwards (Lock 100 & Lock 200) and on all other Node variants.


Deploying Node in Lock Mode


If you need to go back to Lock mode change the "Protocol" field back to "Static" address and click the "Switch Protocol" button to activate the settings. Go to the Status page and check you see Lock in the Mode field. Plug the Internet cable back to the WAN port. To enable the LAN DHCP, go to Network > LAN DHCP server and deselect the Disable DHCP server checkbox. Click Save to activate the settings.