Routers for use for use on TRBO Repeaters

Routers, Firewalls, NAT'ing, PinHoling and more are part of adding a IPSC repeater to a network...successfully!  While it can be Plug n Play, in many cases, it is much more involved.  This page is an effort to help reduce the problems associated in bringing a repeater online.

The best approach to start is to give your repeater a static LAN or public  IP and place it in the DMZ.  No further set-up should be required but many routers do not even implement DMZ's correctly. So alternative set-up methods will be discussed as this page matures.

We are requesting that any repeater owner or network manager provide us with their success stories.  Please Email us with the minimum product info and if possible, provide as much set-up detail.  We will add this information to build up this list.  Let us know if you wish attribution an/or are willing to be contacted by other hams who might need a helping hand.


This is our beginning list of known working routers, most which are likely to be found in a residential or SoHo environment.  More details will be provided on set-up of a particular device.  Ebay pricing strictly as a reference, not an endorsement.
Manufacturer Model Hardware/Software Version/Revision Notes
D-Link EBR-2310   Mot approved / ~$35 new / ($10-$50 on Ebay)
CISCO PIX 501   Mot approved, discontinued / ($5-$30 on Ebay)
Cisco/Linksys RVS4000   Mot approved, VPN, NAT OK, discontinued / ($50-$150 on Ebay) /  WB6WUI
ZyXel USG-20 2.1 (BDQ.5) rel 5-2011 ($95-$190 on Ebay) / WB6WUI  (see notes below)
Netopia 3347-02   No UDP Ports above 49153 / ($20-$40 on Ebay) / WB6WUI
AT&T U-Verse 3800HGV-B   For use with AT&T service (~$40on Ebay) / K9SA , W9LSL
Mikrotik RB450   Loads of diagnostics  ($80-$120 on Ebay) / N7TWW
Cradlepoint MBR-1000   handles NAT correctly  ($125-$180 on Ebay) / KC9KKO
 
Linksys (Cisco) RVS4000 Router:  3-2012; Supports multiple multiple repeaters on same LAN, RDAC can see repeater(s) on same LAN..This is a big deal if NAT (pinholing) is not implemented correctly.  More NAT Detail
 
ZyXel USG-20 Unified Gateway/Security Appliance:  3-2012; low cost business class router.  Supports multiple LAN's, multiple repeaters, extensive port monitoring and reporting.  Works well with multiple repeaters on same or different subnets.  Highly recommend this router though NAT'ing is still a mystery for multiple peers/RDAC; likely addressed with knowledge of it's CLI programming.

Hints, Tips or Prep

NAT Problems:  Detailed Info on NAT & Routers related to MotoTRBO IPSC by JP, KC9KKO
Begin set-up by using your router's DMZ.  You can move it out of the DMZ later; some routers still need UDP's ports opened as their DMZ implementation is flawed (Linksys RVS4000).
Setup your repeater up for a test connection on the bench at work or home.  Make sure it is working fine on that LAN and IPSC network before you drag it to the hill or tower site and then introduce more variables in a far less friendly environment.  Have an IPSC network admin available (off-site) to help you with the connection with access to RDAC, c-Bridge admin, etc.  Don't rely solely on TRBO to communicate that first time so have a cell or landline backup to the admin guy.  Remember, there can be a settle in or "Simmer" time of 10-15 minutes (or more) so be patient as the IPSC network may be unstable (one-ways, can't to talk or hear all other peers, drop-outs, etc)
Buy one of the cheap routers from the above list, stuff it in with the TRBO programming cable in your tool box and have it available to your site trip.  You just never know what you might find with a quick swap to a known working router that has been partially set-up for a prior LAN/repeater combination.

Excerpt from the Motorola System Planner, R01.07.00, page 183

A repeater can be (and is suggested to be) behind a router and/or a NAT and/or a firewall.  Although not required, it is highly suggested in order to protect against the undesired solicitations common over the public internet. Although IP Site Connect will work through most off-the-shelf devices, the following two router/NAT/firewalls have been validated and are therefore suggested for use.
D-Link – EBR-2310  /  CISCO – PIX 501:  As previously described, peer-to-peer communications over the network can be optionally authenticated and are also encrypted end-to-end if enabled in the radios. If this is not considered sufficient for a particular customer, IP Site Connect supports the ability to work through a Secure VPN (Virtual Private Network). Secure VPN is not a function of the IP Site Connect device but rather of the router. It is important to note that VPN does add the need for additional bandwidth and may introduce additional delay. This should be taken into consideration in bandwidth planning. The following Secure VPN router has been validated and is therefore suggested for use. See “Network Bandwidth Considerations” on page 228.
Linksys 4 Port Gigabit Security Router with VPN - Model RVS4000:  Only the repeaters acting as Masters require a publicly accessible static IPv4 address from the Internet Service Provider. The other IP Site Connect devices utilize this publicly accessible static IPv4 address to establish their link with the wide area system. In addition, the router/NAT/firewall connected to the Master require some configuration (open port) so that unsolicited messages from other repeaters can reach the Master repeater.
Disclaimer:  We are not IP experts and provide this page in the interests of helping other hams bring their repeater onto IPSC.  Please assist us if you find any errors in this page or have something you wish to contribute.
 

Revised: 09/19/2014 05:33

Webmaster

Contact DCI