background image

NBB-800
User Manual for NRSW version 4.5.0.100

When enrolling certificates, the CA certificate will be initially fetched from the specified SCEP URL
using the

getca

operation. It will be shown on the configuration page and it has to be verified that it

belongs to the correct authority. Otherwise, the CA must be rejected. This part is essential when using
SCEP as it builds up the chain of trust.

If a certificate enrollment request times out, it is possible to re-trigger the interrupted enrollment request
and it will be resumed using the previously generated key. In case a request has been rejected, you
are required to erase the certificate first and then start the enrollment process all over again.

Authorities

For SSL client connections (as used by SDK functions or when downloading configuration/software
images) you might upload a list of CA certificates which are considered trusted.

To obtain the CA certificate from a particular site with Mozilla Firefox, the following steps will be re-
quired:

– Point the browser to the relevant HTTPS website

– Click the padlock in the address bar

– Click the

More Information

and the

View Certificate

button

– Select the

Details

tab press the

Export

button

– Choose a path for the file (e.g. website.pem)

Certificates from self-signed authoritites can also be retrieved by running:

echo quit | \

openssl s_client -showcerts -connect <host>:443 | \

sed -ne ’/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > other.crt

The PEM-encoded X.509 certificate files can be edited and concatenated using a simple editor (if
required) and then uploaded to the box. Once installed, an SSL client connection will terminate if
verification with any of those CA certificates fails.

183

Summary of Contents for NB1800

Page 1: ...NetModule Router NB800 Rev B02 User Manual for Software Version 4 5 0 100 Manual Version 2 272 NetModule AG Switzerland December 15 2020...

Page 2: ...NBB 800 User Manual for NRSW version 4 5 0 100 2...

Page 3: ...portion of it may not be copied in any form or by any means stored in a retrieval system adopted or transmitted in any form or by any means electronic mechanical photographic graphic optic or otherwi...

Page 4: ...Connector 22 3 4 10 Power Supply 23 3 4 11 COM IO Shield 24 3 4 12 2xCAN Shield 25 3 4 13 CanGI Shield 26 4 Installation 27 4 1 Installation of the Router 27 4 2 Installation of the Micro SIM Card 27...

Page 5: ...3 PPTP 106 5 6 4 GRE 109 5 6 5 L2TP 110 5 6 6 Dial In 111 5 7 SERVICES 113 5 7 1 SDK 113 5 7 2 DHCP Server 122 5 7 3 DNS Server 124 5 7 4 NTP Server 127 5 7 5 Dynamic DNS 128 5 7 6 E Mail 130 5 7 7 E...

Page 6: ...Completed 189 6 6 Getting Status Information 189 6 7 Scanning Networks 190 6 8 Sending E Mail or SMS 190 6 9 Updating System Facilities 190 6 10 Manage keys and certificates 191 6 11 Restarting Servi...

Page 7: ...5 20 Static Routing 75 5 21 Extended Routing 77 5 22 Multipath Routes 78 5 23 Mobile IP 81 5 24 Firewall Groups 88 5 25 Firewall Rules 89 5 26 Masquerading 91 5 27 Inbound NAPT 92 5 28 OpenVPN Adminis...

Page 8: ...LEtoIP 155 5 54 Voice Gateway Administration 156 5 55 System 162 5 56 Regional settings 164 5 57 User Accounts 167 5 58 Remote Authentication 168 5 59 Manual File Configuration 173 5 60 Automatic File...

Page 9: ...tion 21 3 12 Ethernet Port Specification 22 3 13 Pin Assignments of RJ45 Ethernet Connector 22 3 14 Power Specifications 23 3 15 Power Connector 23 3 16 Pin Assignments of Terminal Block 23 3 17 Speci...

Page 10: ...you an introduction to the device and its features The following chapters describe any aspects of commissioning the device installation procedure and provide helpful information towards configuration...

Page 11: ...licable national and international laws and with any special restrictions regulating the utilization of the communication module in prescribed applications and environments Information about the acces...

Page 12: ...n and cable attenuation that have been correctly configured by certi fied specialized personnel A misconfiguration will lead to loss of the approval Cellular antennas attached to the router must have...

Page 13: ...e requirements of the Council Directive 2012 19 EU regard ing Waste Electrical and Electronic Equipment WEEE you are urged to ensure that this product will be segregated from other waste at end of lif...

Page 14: ...ing open source codes covered by these licenses please contact our techni cal support at router support netmodule com Acknowledgements This product includes PHP freely available from http www php net...

Page 15: ...NBB 800 User Manual for NRSW version 4 5 0 100 3 Specifications 3 1 Appearance 15...

Page 16: ...gy 1x GNSS 1x Extension shields Software Keys Due to its modular approach the NB800 Rev B02 router and its hardware components can be arbitrarily assembled according to its indented usage or applicati...

Page 17: ...as LAN or WAN interface 5 Reset Reboot and factory reset button 6 USB USB 2 0 host port can be used for software configuration updates 7 WLAN SMA female connectors for MIMO WLAN antenna A3 is the mai...

Page 18: ...3 NB800 Rev B02 Status Indicators Ethernet LEDs The following table describes the Ethernet status indicators Label Color State Function S Speed lg On Link 10 Mbit s or 100 Mbit s m Off No Link L A Lin...

Page 19: ...length 30 m Max allowed antenna gain including cable attenuation 2 5 dBi Min distance between collocated ra dio transmitter antennas Example MOB1 to MOB2 20 cm Min distance between people and an tenna...

Page 20: ...tems GPS GLONASS GALILEO BEIDOU Data stream JSON or NMEA Tracking sensitivity up to 162 dBm Supported antennas Active and passive Table 3 9 GNSS Specifications option G The GNSS antenna port have the...

Page 21: ...8 USB 2 0 Host Port The USB 2 0 host port has the following specification Feature Specification Speed Low Full Hi Speed Current max 500 mA Max cable length 3 m Cable shield mandatory Connector type Ty...

Page 22: ...C Speed 10 100 Mbit s Mode Half Full Duplex Crossover Automatic MDI MDI X Max cable length 100 m Cable type CAT5e or better Cable shield mandatory Connector type RJ45 Table 3 12 Ethernet Port Specific...

Page 23: ...VDC and 24 VDC Voltage range 12 VDC to 24 VDC 20 20 Avg power consumption 5 W Max power consumption 10 W Max cable length 30 m Cable shield not required Table 3 14 Power Specifications 2 Pin Terminal...

Page 24: ...RS 485 Termination 120 configurable by SW DI Signals DI Level Low 0 VDC 3 VDC high 0 VDC 32 VDC DO Signals NO COM DO Level 0 32 VDC 1A DIO Isolation 1500 VDC Connector type 8 pin terminal block heade...

Page 25: ...o internal bus termination On request 120 configurable by software Bus access Passive read access only On request write access Connector type 8 pin terminal block header 3 5mm Table 3 19 Specification...

Page 26: ...5 0 100 3 4 13 CanGI Shield 1x GNSS to SMA 1x CAN on 8 pin terminal block header 3 5mm Pin Assignment Pin Signal V V V V 1 CAN_H 2 CAN_L 3 GND 4 5 6 Table 3 21 Pin Assignments of CanGI Shield Note Cab...

Page 27: ...inserted in a NB800 Rev B02 router To install the SIM card you will have to remove the SIM cover first The SIM card connector has a push to insert push to eject mech anism So just push the SIM card in...

Page 28: ...ber of attached anten nas can be configured in the software If only one antenna is used it must be attached to port A3 However for better diversity and thus better throughput and coverage we highly re...

Page 29: ...erience sporadical link loss during op eration The L A Link Activity LED will lit up as soon as the device has synced If not it might be necessary to configure a different link setting as described in...

Page 30: ...ly The IP address of Ethernet1 is 192 168 1 1 and the Dynamic Host Configuration Protocol DHCP is activated on the interface by default The following steps need to be taken to establish your first Web...

Page 31: ...oot user which can be used to access the device via the serial console telnet SSH or to enter the bootloader You may also configure additional users which will only be granted to access the summary pa...

Page 32: ...ffers a minimal system image for running a software update or doing other modifications You will be provided with two files recovery image and recovery dtb which must be placed in the root directory o...

Page 33: ...LL VPN SERVICES SYSTEM LOGOUT Figure 5 2 Home Summary This page offers a short summary about the administrative and operational status of the router s inter faces WAN This page offers details about an...

Page 34: ...h interfaces DHCP This page offers details about any activated DHCP service including a list of issued DHCP leases OpenVPN This page provides information about the OpenVPN tunnel status IPSec This pag...

Page 35: ...ting protocol DynDNS This page provides information about Dynamic DNS System Status The system status page displays various details of your NB800 Rev B02 router including system details information ab...

Page 36: ...nt Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS WAN Link Managem...

Page 37: ...ble 2nd priority The first fallback link it can be enabled permanently or being dialed as soon as Link 1 goes down 3rd priority The second fallback link it can be enabled permanently or being di aled...

Page 38: ...ll be dialled if previous links failed distributed Link is member of a load distribution group Parameter WAN Link Settings Operation mode The operation mode of the link Weight The weight ratio of a di...

Page 39: ...Simulator Hostname NB1600 Software Version 4 4 0 103 2004 2020 NetModule AG WAN Link Management Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN...

Page 40: ...pings on each WAN link to authoritative hosts The link will be declared as down in case all trials failed You may further specify an emergency action if a certain downtime is reached Link Hosts Emerg...

Page 41: ...pings are re transmitted in case a first ping failed Max number of failed trials The maximum number of failed ping trials until the link will be declared as down Emergency action The emergency action...

Page 42: ...ule AG WAN Link Management Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I...

Page 43: ...tiation can be set for each Ethernet port individually Most devices support auto negotiation which will configure the link speed automatically to comply with other devices in the network In case of ne...

Page 44: ...LAN1 2 5 LAN1 background routed HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 8 VLAN Management In order to form a distinctive subnet the network interface of a remote LAN host...

Page 45: ...t Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS IP Address Manage...

Page 46: ...erver will be retrieved from a DHCP server in the network You may also define static values but caution has to be taken to assign an unique IP address as it would otherwise raise IP conflicts in the n...

Page 47: ...t Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS Mobile SIMs This menu can be used to assign a d...

Page 48: ...in order to restart PIN unlocking and trigger another network registration attempt Under some circumstances e g in case the modem flaps between base stations it might be nec essary to set a specific s...

Page 49: ...ode for unlocking the SIM card PUK code The PUK code for unlocking the SIM card optional Default modem The default modem assigned to this SIM card Preferred service The preferred service to be used wi...

Page 50: ...103 2004 2020 NetModule AG WAN Link Management Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges...

Page 51: ...urtheron you may configure the following advanced settings Parameter WAN Advanced Parameters Required signal strength Sets a minimum required signal strength before the connection is di aled Home netw...

Page 52: ...Software Version 4 4 0 103 2004 2020 NetModule AG WAN Link Management Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configurati...

Page 53: ...ther configure the following settings Parameter WLAN Management Operation type Specifies the desired IEEE 802 11 operation mode Radio band Selects the radio band to be used for connections depending o...

Page 54: ...nual for NRSW version 4 5 0 100 Standard Frequencies Bandwidth Data Rate 802 11g 2 4 GHz 20 MHz 54 Mbit s 802 11n 2 4 GHz 20 MHz 144 Mbit s 802 11n 5 GHz 40 MHz 150 Mbit s Table 5 20 IEEE 802 11 Netwo...

Page 55: ...ngs Parameter WLAN Mesh Point Management Operation type Specifies the desired IEEE 802 11 operation mode Radio band Selects the radio band to be used for connections depending on your module it could...

Page 56: ...network name called SSID Security mode The desired security mode WPA WPA2 mixed mode WPA2 should be preferred over WPA1 running WPA WPA2 mixed mode offers both WPA cipher The WPA cipher to be used the...

Page 57: ...lator Hostname NB1600 Software Version 4 4 0 103 2004 2020 NetModule AG WAN Link Management Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Admi...

Page 58: ...PA EAP TLS Force PMF Enables Protected Management Frames Hide SSID Hides the SSID Isolate clients Disables client to client communication Band steering master The WLAN interface which the client shoul...

Page 59: ...cally join the wireless network connect to the other mesh partners with the same ID and sercurtiy credentials The authentication credentials have to be obtained by the operator of the mesh network Par...

Page 60: ...urity modes can be configured Parameter WLAN Mesh Point Security Modes Off MESHID is disabled None No authentication provides an open network SAE SAE Simultaneous Authentication of Equals is a secure...

Page 61: ...5 255 0 Apply Continue HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 14 WLAN IP Configuration The access point networks can be bridged to any LAN interface for letting WLAN clie...

Page 62: ...llowing feature can be configured if the WLAN interface is bridged Parameter WLAN Bridging features IAPP Enables the Inter Access Point Protocol feature Pre auth Enables the pre authentication mechani...

Page 63: ...follows Parameter Bridge Settings Administrative status Enables or disables the bridge interface If you need an interface to the local system you need to define an IP address for the local device IP A...

Page 64: ...t Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS USB Administration This menu can be used to act...

Page 65: ...Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS Connected USB Devices Vendor ID Product IDBus ID Manufacturer Device Type Enabl...

Page 66: ...tication which can be used for setting up more systems with different admin passwords For new devices with an empty password the hash key e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8...

Page 67: ...login shell so that users can login to the system If more than one serial inrterface is available one serial interface can be configured as login console at a time device server The serial port will...

Page 68: ...Management Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS SERIAL1...

Page 69: ...top bits 1 stop bit Software flow control None Hardware flow control None Server Configuration Protocol on IP port Telnet Port 2000 Timeout endless numbered 600 Allow remote control RFC 2217 Show bann...

Page 70: ...rver Settings Protocol on IP port Selects the desired IP protocol TCP or Telnet Port Specifies the TCP port on which the server will be available Timeout The time in seconds before the port will be di...

Page 71: ...l port Baud rate Specifies the baud rate run on the serial port Hardware flow control You may enable RTS CTS hardware flow control so that the RTS and CTS lines are used to control the flow of data Pa...

Page 72: ...SB Serial Digital I O GNSS Digital I O Status DI1 off DI2 on DO1 off turn on DO2 on turn off Digital I O Configuration DO1 after reboot default DO2 after reboot default Apply HOME INTERFACES ROUTING F...

Page 73: ...configure the audio module It can be later used for the voice gateway It can be configured as follows Parameter Audio Settings Volume level Default volume level for line out Audio Testing This page ca...

Page 74: ...d as follows Parameter Bluetooth Settings Administrative status Enables the module for SDK or Virtualization If you enable the module for SDK usage you need a SDK script that handles the hardware inte...

Page 75: ...fication Static Routes This menu shows all routing entries of the system they can consist of active and configured ones The flags are as follows A ctive P ersistent H ost Route N etwork Route D efault...

Page 76: ...ric The routing metric of the interface default 0 higher metrics have the effect of making a route less favorable Flags A ctive P ersistent H ost Route N etwork Route D efault Route The flags obtain t...

Page 77: ...INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 21 Extended Routing In contrast to statis routes extended routes can be made up not only of a destination address net mask but also a so...

Page 78: ...will perform weighted IP session distribution for particular subnets across multiple interfaces Destination Distribution 8 8 4 4 32 WWAN1 50 LAN2 50 HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTE...

Page 79: ...a mobile node is relayed via the tunnel to the home agent instead of directly being conveyed to the final destination This fact also empowers MIP to be used as a lightweight VPN replacement without p...

Page 80: ...fies whether UDP encapsulation shall be used or not To allow NAT traversal UDP encapsulation must be enabled Mobile network address Optionally specifies a subnet which should be routed to the mobile n...

Page 81: ...must be reconnected Administrative status mobile node home agent disabled Primary home agent address 194 29 27 205 Secondary home agent address optional Home address 10 20 0 13 SPI 103 Authentication...

Page 82: ...ersion 4 5 0 100 Parameter Mobile IP Node Configuration Shared secret The shared secret used for authentication of the mobile node at the home agent This can be either a 128 bit hexadecimal value or a...

Page 83: ...ation section can be used to define the WAN interfaces on which QoS should be active Parameter QoS Interface Parameters Interface The WAN interface on which QoS should be active Bandwidth congestion T...

Page 84: ...in case the total bandwidth of all queues exceeds the set upstream bandwidth of QoS Interface Parameters Set TOS The TOS DiffServ value to set on matching packets You can now configure and assign any...

Page 85: ...st groups on a particular interface and distribute incoming multicast packets towards the downstream interfaces on which hosts have joined the groups Parameter Multicast Routing Settings Administrativ...

Page 86: ...The interfaces tab is used to define OSPF specific settings for the IP interfaces of the router If no settings are defined for a specific interface default settings will be used Parameter OSPF Interf...

Page 87: ...le BGP when VRRP slave Disables the BGP protocol when the router is set to slave mode by the VRRP redundancy protocol The neighbors tab is used to configure all the BGP routers to peer with Parameter...

Page 88: ...TTPS SSH or TELNET by default but block any other packets coming from the WAN interface 5 5 2 Adress Port Groups This menu can be used to form address or port groups which can be later used for firewa...

Page 89: ...nd targeting its services Packets which are not matching any of the rules below will be ALLOWED Description Action Source Destination Port s DENY WAN ALL DENY ANY on WAN ANY ANY Apply Clear HOME INTER...

Page 90: ...l of matching packets UDP TCP or ICMP Destination port s The destination port of matching packets which can be specified by a single port or a range of ports only UDP TCP The statistics page can be us...

Page 91: ...configure the interfaces on which masquerading will be performed Interface Source WAN ANY HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 26 Masquerading The administration page...

Page 92: ...igure network address port translation rules for inbound packets Description Source Target Redirect to Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 27 Inbound NAPT Please...

Page 93: ...ule for port range translation in outbound rules Use net work based mapping there NAPT Outbound Rules Outbound rules will modify the source section of IP packets and can be used to establish 1 1 NAT m...

Page 94: ...Client Management IPsec Administration Tunnel Configuration PPTP Administration Tunnel Configuration Client Management GRE Administration Tunnel Configuration L2TP Administration Tunnel Configuration...

Page 95: ...stration Tunnel Configuration L2TP Administration Tunnel Configuration OpenVPN Tunnel 1 Configuration Operation mode disabled client server standard expert Server port 1194 Type TUN Protocol UDP Netwo...

Page 96: ...ed for bridged networks Protocol The tunnel protocol to be used for the transport connection Network mode Defines how the packets should be forwarded which can be either routed or bridged from to a pa...

Page 97: ...ertificate against local CRL negotiate DNS If enabled the system will use the nameservers which have been negotiated over the tunnel OpenVPN Expert Configuration Client The expert configuration mode o...

Page 98: ...r crt Certificate file server key Private key file dh1024 pem Diffie Hellman parameters file ccd A directory containing client specific configuration files Keep in mind that a certificate becomes vali...

Page 99: ...1 dynamic Download HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 30 OpenVPN Client Management In the Networking section you can specify a fixed tunnel endpoint address for each...

Page 100: ...SA provide a secure channel and a bundle of algorithms that pro vide the parameters necessary to operate the AH and or ESP operations The Internet Security Association Key Management Protocol ISAKMP...

Page 101: ...T traversal Restart on link change Apply Restart HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 31 IPsec Administration This page can be used to enable disable IPsec you may also...

Page 102: ...on General For setting up the tunnel you will have to configure the following parameters first Parameter IPsec General Settings Remote peer IP address or host name of the remote IPsec peer You may spe...

Page 103: ...type of identification for the local ID which can be a FQDN username FQDN or IP address Local ID The local ID value Remote ID Type The type of identification for the remote ID Remote ID The remote ID...

Page 104: ...c Proposal This section can be used to configure the phase 2 settings Parameter IPsec Proposal Settings Encapsulation mode The desired encapsulation mode Tunnel or Transport IPsec protocol The desired...

Page 105: ...he remote network behind the peer NAT address Optionally you can apply NAT masquerading for packets coming from a different local network The NAT address must reside in the network previously specifie...

Page 106: ...nt IPsec Administration Tunnel Configuration PPTP Administration Tunnel Configuration Client Management GRE Administration Tunnel Configuration L2TP Administration Tunnel Configuration PPTP Administra...

Page 107: ...TP Tunnel 1 Configuration Operation mode disabled client server Server listen address ANY specify Server address 192 168 250 1 Client address range 192 168 250 10 to 192 168 250 13 Username admin Pass...

Page 108: ...nnel NetModule Router Simulator Hostname NB1600 Software Version 4 4 0 103 2004 2020 NetModule AG OpenVPN Administration Tunnel Configuration Client Management IPsec Administration Tunnel Configuratio...

Page 109: ...uration Peer address The IP address of the remote peer Interface The device type for this tunnel Local tunnel address The local IP address of the tunnel Local tunnel netmask The local subnet mask of t...

Page 110: ...ress of the tunnel Remote port The remote port address of the tunnel Local tunnel ID The local tunnel ID identifies the tunnel into which the session will be created Remote tunnel ID The remote tunnel...

Page 111: ...nnection is not possible Figure 5 36 Dial in Server Settings The following settings can be set Parameter Dial in Server Configuration Administrative status Specifies whether incoming calls shall be an...

Page 112: ...800 User Manual for NRSW version 4 5 0 100 Please note that Dial In connections are generally discouraged As they are implemented as GSM voice calls they suffer from unreliability and poor bandwidth...

Page 113: ...uter Anyone reasonably experienced in the C language will find an environment that is easy to dig in However feel free to contact us via router support netmodule com and we will happily support you in...

Page 114: ...slog 11 Transfer files over HTTP FTP 12 Perform config software updates 13 Control the LEDs 14 Get system events restart services or reboot system 15 Scan for networks in range 16 Create your own web...

Page 115: ...rich LOCATION_COUNTRY_CODE string 2 ch LOCATION_COUNTRY string 11 Switzerland LOCATION_POSTCODE string 4 8001 LOCATION_STATE string 6 Zurich LOCATION_LATITUDE string 9 47 3778058 LOCATION_LONGITUDE st...

Page 116: ...lling the router when the script is to be executed This can be either time based e g each Monday or triggered by one of the pre defined system events e g wan up as described in Events chapter 5 7 7 Wi...

Page 117: ...og Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 37 SDK Administration This page can be used to control the SDK host and apply the following settings Parameter SDK Adminis...

Page 118: ...undancy Voice Gateway Name Trigger Script Arguments config_summary manual_trigger config_summary HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 38 SDK Jobs This page can be used...

Page 119: ...ript You are ready to set up a job afterwards it can be created by using the following parameters Parameter SDK Job Parameters Name A meaningful name to identify the job Trigger Specifies the trigger...

Page 120: ...e error unexpected expecting SDK Sample Application As an introduction you can step through a sample application namely the SMS control script which implements remote control over short messages and c...

Page 121: ...oot of the system output 1 on Turns on the first digital output port output 1 off Turns off the first digital output port output 2 on Turns on the second digital output port output 2 off Turns off the...

Page 122: ...mail Events SMS SSH Telnet Server SNMP Agent Web Server Softflow Discovery Redundancy Voice Gateway DHCP Server Management Network Interface Operation Mode DHCP Range Relay Server Lease Time LAN1 Serv...

Page 123: ...the current DNS server addresses if not configured else wise You can specify fixed addresses here Only allow static hosts Any requests coming from none static hosts will be ignored It is also possible...

Page 124: ...rver SNMP Agent Web Server Softflow Discovery Redundancy Voice Gateway DNS Server Administration Administrative status enabled disabled DNS Server Configuration Domain name Primary name server 10 74 2...

Page 125: ...NBB 800 User Manual for NRSW version 4 5 0 100 125...

Page 126: ...ure static hosts for serving fixed IP addresses for various host names Parameter DNS Static Hosts Settings Address The IP address of the static host Hostname The hostname of the static host Please rem...

Page 127: ...tration Administrative status enabled disabled NTP Server Configuration Poll interval 256 seconds Allowed hosts Address 192 168 1 0 Netmask 255 255 255 0 Apply HOME INTERFACES ROUTING FIREWALL VPN SER...

Page 128: ...Administration Job Management Testing DHCP Server DNS Server NTP Server Dynamic DNS E mail Events SMS SSH Telnet Server SNMP Agent Web Server Softflow Discovery Redundancy Voice Gateway DynDNS Admini...

Page 129: ...he host name provided by your DynDNS service e g my box dyndns org Port The HTTP port of the service typically 80 Username The user name used for authenticating at the service Password The password us...

Page 130: ...rom address router netmodule com Server address mail netmodule com Server port 25 Authentication automatic Encryption tls Username router netmodule com Password Apply HOME INTERFACES ROUTING FIREWALL...

Page 131: ...NBB 800 User Manual for NRSW version 4 5 0 100 Parameter E Mail Client Settings Password Password used for authentication 131...

Page 132: ...be enabled SNMP host The SNMP host or address to which the trap shall be sent SNMP port The port of the remote SNMP service Username The username for accessing the remote SNMP service Password The pas...

Page 133: ...d whether the provided SMS Center service works and may fail You may use the sms report received event to figure out whether a message has been successfully sent Received messages are pulled from the...

Page 134: ...an also define rules to drop outgoing messages for instance when you want to avoid using any expensive service or international numbers Both types of rules form a list will be processed by order forwa...

Page 135: ...S Server NTP Server Dynamic DNS E mail Events SMS SSH Telnet Server SNMP Agent Web Server Softflow Discovery Redundancy Voice Gateway Telnet Server Configuration Administrative status enabled disabled...

Page 136: ...r Settings Administrative status Whether the SSH service is enabled or disabled Server port The TCP port of the service usually 22 Disable admin login Disable login for admin users Disable password ba...

Page 137: ...95 LLDP EXT MED MIB 1 3 6 1 4 1 31496 VENDOR MIB The VENDOR MIB tables offer some additional information over the system and its WWAN GNSS and WLAN interfaces They can be accessed over the following O...

Page 138: ...s enabled disabled Operation mode v1 v2c v3 v3 only Contact Location Listening port 161 Download MIB Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 46 SNMP Agent The follow...

Page 139: ...host which is allowed for admin access Attention must be paid to the fact that SNMP passwords have to be more than 8 characters long Shorter passwords will be doubled for SNMP e g admin01 becomes admi...

Page 140: ...g the configuration update status snmpget v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 12 0 The return value can be one of succeeded 1 failed 2 inprogres...

Page 141: ...1 3 6 1 4 1 31496 10 40 18 0 Getting the alternative software version snmpget v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 19 0 Getting the alternative...

Page 142: ...TP Server Dynamic DNS E mail Events SMS SSH Telnet Server SNMP Agent Web Server Softflow Discovery Redundancy Voice Gateway Web Server Configuration HTTP Administrative status enabled redirect to http...

Page 143: ...want to restrict access to the MQTT Broker Keys and certificates for TLS encryption are managed via Keys Certificates see chapter 5 8 8 The MQTT Broker service can receive the following parameters Par...

Page 144: ...Parameter Softflow Settings Interface Interface on which to listen for traffic Host Address Destination address of the traffic data Port Port of the destination address Protocol Version Protocol vers...

Page 145: ...f enabled discovery protocols The following protocols are supported Parameter Discovery Configuration LLDP Link Layer Discovery Protocol CDP Cisco Discovery Protocol FDP Foundry Discovery Protocol SON...

Page 146: ...ent down Same applies when the WAN link goes down NetModule Router Simulator Hostname NB1600 Software Version 4 4 0 103 2004 2020 NetModule AG SDK Administration Job Management Testing DHCP Server DNS...

Page 147: ...Virtual Router ID you can theoretically run multiple instances Interface Interface on which VRRP should be performed Virtual gateway address The virtual gateway address formed by the participating hos...

Page 148: ...Specifications v2 0 1 Configuration Figure 5 49 ITxPT configuration The following parameters can be used to set it up Parameter ITxPT Administration Administrative status Specifies whether the ITxPT f...

Page 149: ...Specifies whether the FMS to IP functionality should be enabled or disabled Multicast period How frequent the FMS to IP multicast is sent Set to zero to redirect incoming can messages immediately CAN...

Page 150: ...d the Suspect Parameter Number SPN The PGN contains of one or more signals The SPN is used to give an unique identifier to a signal More information can be found in SAE J1939 standard name EBFF pgn 60...

Page 151: ...contains PGN objects that define a PGN with the following types PGN Definition Parameter PGN definition name Name of the pgn pgn The PGN number in decimal length Length of the can message spns Array c...

Page 152: ...ue formatOffset The numerical offset of the value units The physical unit of the value name Name of the SPN number The SPN number type 0 Nummerical SPN Parameter Status SPN bitSize Size of the data in...

Page 153: ...NBB 800 User Manual for NRSW version 4 5 0 100 ITxPT GNSS Figure 5 51 ITxPT GNSS Parameter ITxPT GNSS Enable Specifies whether the ITxPT GNSS should be enabled or disabled 153...

Page 154: ...NBB 800 User Manual for NRSW version 4 5 0 100 ITxPT Time Figure 5 52 ITxPT Time Parameter ITxPT Time Enable Specifies whether the ITxPT Time should be enabled or disabled 154...

Page 155: ...ersion 4 5 0 100 VEHICLE to IP Figure 5 53 ITxPT VEHICLEtoIP Parameter ITxPT VEHICLEtoIP Enable Specifies whether the ITxPT VEHICLEtoIP should be enabled or dis abled A VEHICLEtoIP database is necessa...

Page 156: ...ministrative status enabled disabled Call Routing Generic SIP Settings SIP status enabled disabled SIP interface LAN1 SIP port 5060 SIP register expires 150 seconds Apply HOME INTERFACES ROUTING FIREW...

Page 157: ...calls directly routed to a SIP agent without registration SIP user agent Endpoint acting as SIP user agent towards a remote registrar Based on your equipment we recommend to adjust the modem s audio...

Page 158: ...em Specifies the modem which will be used for voice over mobile calls Audio profile Specifies the modem s audio profile Volume level Specifies the modem s volume level 1 low Parameter Endpoint Setting...

Page 159: ...r NRSW version 4 5 0 100 Parameter Endpoint Settings SIP user agent Register Selects whether the user agent shall register at the registrar Expires The expiry time in seconds after registration will b...

Page 160: ...r endpoint registration status and so on Using the SDK you can also initiate or accept a call adjust its volume level or do a hangup Anyway for simple scenarios the generic method should be sufficient...

Page 161: ...s registrar proxy Parameter X Lite Configuration User ID SIP username used in from headers i e subscriber name Domain SIP Domain used in from headers optional Authorization name Username used for auth...

Page 162: ...ebugging Tech Support Keys Certificates Licensing Legal Notice Local hostname NB1600 Application area stationary Reboot delay 3 seconds Enable TCP timestamps Apply HOME INTERFACES ROUTING FIREWALL VPN...

Page 163: ...ax filesize The maximum size of the log files in kB until they will get rotated Redirect address Specifies an IP address to which log messages should be redirected to A tiny system log server for Wind...

Page 164: ...on t have a battery backed clock RTC In this case the system time is set during boot to the last valide time e g before power off NetModule Router Simulator Hostname NB1600 Software Version 4 4 0 103...

Page 165: ...ng in a guest environment view it as a stand alone system General settings Parameter Virtualization Settings Administrative status Defines whether virtualization is enabled or not The following parame...

Page 166: ...s interface either routed or bridged Address The IP address of the interface inside the guest Netmask The netmask of the interface inside the guest Gateway The gateway used inside the guest which is a...

Page 167: ...scription Shell admin administrator Administrator cli user user User cli HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 57 User Accounts The admin user is a built in power user w...

Page 168: ...Time Region Reboot Authentication User Accounts Remote Authentication Software Update Software Update Modem Firmware Update Software Profiles Configuration File Configuration Factory Configuration Tr...

Page 169: ...et The secret used to authenticate against the RADIUS server Authentication port The port used for authentication Accounting port The port used for accounting messages Use for login This option enable...

Page 170: ...ovide the administrator password if you want to downgrade to a release 4 1 x and lower The same passphrase will be used for bootloader login as well All users which have no password stored on the devi...

Page 171: ...r Automatic software update Status Enable disable automatic software update Time of day Every day at this time the router will do a check for updates Operation Download latest image from the the serve...

Page 172: ...0 path to firmware package A firmware package ZIP usually consists of a flash utility an info file and the corresponding firmware files Please follow http www netmodule com support supportform aspx in...

Page 173: ...uthentication Software Update Software Update Modem Firmware Update Software Profiles Configuration File Configuration Factory Configuration Troubleshooting Network Debugging System Debugging Tech Sup...

Page 174: ...twork Debugging System Debugging Tech Support Keys Certificates Licensing Legal Notice Automatic Updates Status enabled disabled Time of day 00 00 URL Apply HOME INTERFACES ROUTING FIREWALL VPN SERVIC...

Page 175: ...tion as factory defaults This configuration will be activated whenever a factory reset has been triggered Store HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 61 Factory Configur...

Page 176: ...g utility can be used to verify whether a remote host can be reached via IP Time of day The traceroute utility can be used to print the route packets trace to a remote host Tcpdump The tcpdump utility...

Page 177: ...manager 27880 wanlink0 permanent link is suspended for 10s set suspended auto Jan 9 02 02 15 NB1600 user err mobile node 17795 Could not determine care of address No route to home agent Jan 9 02 02 15...

Page 178: ...iguration Factory Configuration Troubleshooting Network Debugging System Debugging Tech Support Keys Certificates Licensing Legal Notice Tech Support You can generate and download a tech support file...

Page 179: ...SSL certicates used by the Web server missing MQTT Broker The SSL certicates used by the Web server missing SSH Server The host keys used by the SSH server installed SSH Authorization The keys used f...

Page 180: ...sible to perform the following operations Operation Description generate locally Generate key and certificate locally on the box see 5 8 8 for more options upload files Key and certificate will be upl...

Page 181: ...rland Common Name CN NB1600 E Mail router support netmodule com Expiry period 7300 days Key size 2048 bits DH primes 2048 bits Signature sha256 Cipher aes256 Passphrase SCEP Configuration SCEP Status...

Page 182: ...loaded individually encoded in PEM DER or PKCS7 format All files CA certificate certificate and private key can also be uploaded in one stroke by using the container format PKCS12 RSA DSS keys can be...

Page 183: ...tions as used by SDK functions or when downloading configuration software images you might upload a list of CA certificates which are considered trusted To obtain the CA certificate from a particular...

Page 184: ...re Update Software Update Modem Firmware Update Software Profiles Configuration File Configuration Factory Configuration Troubleshooting Network Debugging System Debugging Tech Support Keys Certificat...

Page 185: ...ther express or implied To obtain the corresponding open source codes covered by these licenses please contact our techni cal support at router support netmodule com Acknowledgements This product incl...

Page 186: ...NBB 800 User Manual for NRSW version 4 5 0 100 5 9 LOGOUT Please use this menu to log out from the Web Manager 186...

Page 187: ...current point between entered characters or use the Up and Down keys to search the history of entered commands Typing exit as well as pressing CTRL c twice or CTRL d on an empty command line will exi...

Page 188: ...ds when called without arguments otherwise it will print the usage of the specified command help Usage help command Available commands get Get config parameters set Set config parameters done Check do...

Page 189: ...eted after a config change done h Usage done h 6 6 Getting Status Information The status command can be used to get various status information of the system status h Usage status hs section Options s...

Page 190: ...6 7 Scanning Networks The scan command can be used to scan for available WWAN and WLAN networks scan h Usage scan hs interface Options s generate sourceable output 6 8 Sending E Mail or SMS The send c...

Page 191: ...rver 6 10 Manage keys and certificates The cert command can be used to manage keys and certificates cert h Usage cert h p phrase operation cert url Possible operations install install a certificate fr...

Page 192: ...bipd USB IP daemon voiced Voice daemon vrrpd VRRP daemon wlan WLAN interfaces wwan manager WWAN manager 6 12 Debug System The debug command can be used to obtain debug log messages debug h Usage debug...

Page 193: ...e cleared by history c 6 17 CLI PHP CLI PHP the HTTP frontend to the CLI application can be used to configure and control the router remotely It is enabled in factory configuration thus can be used fo...

Page 194: ...ters in the URL must be specified according to RFC1738 usually done by common clients such as wget lynx curl Response The returned response will always contain a status line in the format return msg w...

Page 195: ...contrast to the other commands this command requires a set of tuples because of the reserved char i e arg0 key0 arg1 val0 arg2 key1 arg3 val1 arg4 key2 arg5 val2 etc Examples http 1 9 2 1 6 8 1 1 cli...

Page 196: ...dmin01 command update arg0 software arg1 tftp 192 168 1 254 latest http 1 9 2 1 6 8 1 1 cli php version 2 output html usr admin pwd admin01 command update arg0 config arg1 tftp 192 168 1 254 user conf...

Page 197: ...ommand send arg0 techsupport arg1 address arg2 subject Notes The address has to be a valid E Mail address such as abc abc com the at sign can be encoded with 40 The E Mail client must be properly conf...

Page 198: ...NBB 800 User Manual for NRSW version 4 5 0 100 http 1 9 2 1 6 8 1 1 cli php version 2 output html usr admin pwd admin01 command send arg0 ussd arg1 0 arg2 2A100 23 198...

Page 199: ...tem module Mobilex Identifies a WWAN modem SERIALx Identifies a serial port OUTx Specifies a digital I O output port DOx INx Specifies a digital I O input port DIx ANY Generally includes all options o...

Page 200: ...LAI Location Area Identification LAC Location Area Code MCC Mobile Country Code MNC Mobile Network Code CID Cell ID MSISDN Mobile Subscriber Integrated Services Digital Network Number ICCID Integrate...

Page 201: ...connection went down 408 dialin up Dial In connection came up 409 dialin down Dial In connection went down 410 mobileip up Mobile IP connection came up 411 mobileip down Mobile IP connection went down...

Page 202: ...NS update succeeded 802 ddns update failed Dynamic DNS update failed 901 usb storage added USB storage device has been added 902 usb storage removed USB storage device has been removed 903 usb eth add...

Page 203: ...ory Configuration The factory configuration including default values for any configuration parameter can be derived from the file etc config factory config cfg on the router You may also call cli get...

Page 204: ...ule AG Switzerland DESCRIPTION MIB module which defines the NB router specific entities REVISION 202008181230 Z DESCRIPTION MIB for software release 4 5 REVISION 202001130900 Z DESCRIPTION MIB for sof...

Page 205: ...DENTIFIER products 61 nb650 OBJECT IDENTIFIER products 62 ng800 OBJECT IDENTIFIER products 63 Textual Conventions FloatSyntax TEXTUAL CONVENTION DISPLAY HINT d 1 STATUS current DESCRIPTION Fixed point...

Page 206: ...YPE SYNTAX INTEGER update 0 store 1 MAX ACCESS read write STATUS current DESCRIPTION The desired operation for configuration or software updates admin 11 switchOperation OBJECT TYPE SYNTAX INTEGER sof...

Page 207: ...the last configuration update admin 23 configUpdateMode OBJECT TYPE SYNTAX INTEGER full 0 partial 1 MAX ACCESS read write STATUS current DESCRIPTION The desired system configuration update mode full...

Page 208: ...CT TYPE SYNTAX DateAndTime MAX ACCESS read only STATUS current DESCRIPTION The date of the last alternative software update admin 37 Upload Syslog syslogUpload OBJECT TYPE SYNTAX URLString MAX ACCESS...

Page 209: ...wwanModemIndex Integer32 wwanModemName DisplayString wwanModemType DisplayString wwanServiceType DisplayString wwanRegistrationState DisplayString wwanSignalStrength Integer32 wwanNetworkName Display...

Page 210: ...ry 9 wwanCellId OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION The Cell ID CID to which the WWAN modem is currently registered nbWwanEntry 10 wwanTemperature OBJECT T...

Page 211: ...SYNTAX NBGnssEntry MAX ACCESS not accessible STATUS current DESCRIPTION An entry describing a GNSS device and its current settings INDEX gnssIndex nbGnssTable 1 NBGnssEntry SEQUENCE gnssIndex Integer...

Page 212: ...CESS read only STATUS current DESCRIPTION The current vertical speed value in meter per second received by the GNSS device nbGnssEntry 10 gnssTrackAngle OBJECT TYPE SYNTAX DisplayString MAX ACCESS rea...

Page 213: ...DESCRIPTION Current signal strength of the WLAN module in client mode nbWlanEntry 7 nbWlanStationTable nbWlanStationTable OBJECT TYPE SYNTAX SEQUENCE OF NBWlanStationEntry MAX ACCESS not accessible ST...

Page 214: ...mitted bytes of a connected station nbWlanStationEntry 7 wlanStationInactive OBJECT TYPE SYNTAX Integer32 UNITS ms MAX ACCESS read only STATUS current DESCRIPTION The inactivity time of a connected st...

Page 215: ...nbWanEntry 4 wanLinkType OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION WAN link type nbWanEntry 5 wanLinkInterface OBJECT TYPE SYNTAX DisplayString MAX ACCESS read o...

Page 216: ...Rate OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION WAN link upload rate nbWanEntry 16 wanDataDownloadedRoaming OBJECT TYPE SYNTAX Counter64 UNITS bytes MAX ACCESS read o...

Page 217: ...urrent DESCRIPTION The table describing any serial ports and their current statistics nb 54 nbSerialEntry OBJECT TYPE SYNTAX NBSerialEntry MAX ACCESS not accessible STATUS current DESCRIPTION An entry...

Page 218: ...rent DESCRIPTION The number of parity errors on the serial port nbSerialEntry 8 serialBrkErrors OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION The number of BRK errors on...

Page 219: ...STATUS current DESCRIPTION WAN link came up events 101 wan down NOTIFICATION TYPE STATUS current DESCRIPTION WAN link went down events 102 dio in1 on NOTIFICATION TYPE STATUS current DESCRIPTION DIO...

Page 220: ...YPE STATUS current DESCRIPTION Dial In connection went down events 409 mobileip up NOTIFICATION TYPE STATUS current DESCRIPTION Mobile IP connection came up events 410 mobileip down NOTIFICATION TYPE...

Page 221: ...ent events 602 sms received NOTIFICATION TYPE STATUS current DESCRIPTION SMS has been received events 603 sms report received NOTIFICATION TYPE STATUS current DESCRIPTION SMS report has been received...

Page 222: ...ded events 905 usb serial removed NOTIFICATION TYPE STATUS current DESCRIPTION USB serial device has been removed events 906 redundancy master NOTIFICATION TYPE STATUS current DESCRIPTION System is no...

Page 223: ...server incl device identity gps monitor are A script for activating WLAN as soon as GPS position lat lon is within a specified range gps udp client are This script sends the local GPS NMEA stream to...

Page 224: ...ads messages coming from the serial port and forwards them via UDP to a remote host and vice versa serial write are This script can be used to write a message to the serial port set ipsec route are se...

Page 225: ...an UDP server which is able to receive messages and forward them as SMS E Mail udpserver are This script implements an UDP server which is able to receive mes sages update config are This script can...

Reviews: