manualshive.com logo in svg

NetModule NB3000-Line-Hd, User Manual

The NetModule NB3000-Line-Hd offers high-speed connectivity and advanced features for industrial applications. Ensure optimal performance with the comprehensive User Manual, available for free download from manualshive.com. Find detailed instructions, troubleshooting tips, and more to maximize the capabilities of your device.

Share
Download
background image

NB3000-Line-Hd User Manual 4.2

5.6.2. IPsec

IPsec is a protocol suite for securing IP communications by authenticating and encrypting

each packet of a communication session and thus establishing a secure virtual private net-

work.

IPsec includes various cryptographic protocols and ciphers for key exchange and data en-

cryption and can be seen as one of the strongest VPN technologies in terms of security. It

uses the following mechanisms:

Mechanism

Description

AH

Authentication Headers (AH) provide connectionless integrity and data origin au-

thentication for IP datagrams and ensure protection against replay attacks.

ESP

Encapsulating Security Payloads (ESP) provide confidentiality, data-origin authen-

tication, connectionless integrity, an anti-replay service and limited traffic-flow

confidentiality.

SA

Security Associations (SA) provide a secure channel and a bundle of algorithms

that provide the parameters necessary to operate the AH and/or ESP operations.

The Internet Security Association Key Management Protocol (ISAKMP) provides a

framework for authenticated key exchange.

Negotating keys for encryption and authentication is generally done by the Internet Key

Exchange protocol (IKE) which consists of two phases:

Phase

Description

IKE

phase

1

IKE authenticates the peer during this phase for setting up an ISAKMP secure as-

sociation. This can be carried out by either using

main

or

aggressive

mode. The

main

mode approach utilizes the Diffie-Hellman key exchange and authentica-

tion is always encrypted with the negotiated key.The

aggressive

mode just uses

hashes of the pre-shared key and therefore represents a less-secure mechanism

which should generally be avoided as it is prone to dictionary attacks.

IKE

phase

2

IKE finally negotiates IPSec SA parameters and keys and sets up matching IPSec

SAs in the peers which is required for AH/ESP later on.

103

Summary of Contents for NB3000-Line-Hd

Page 1: ...NetModule Router NB3000 Line Hd User Manual for Software Version 4 2 Manual Version 1 12 NetModule AG Switzerland November 28 2018...

Page 2: ...ot be copied in any form or by any means stored in a retrieval system adopted or transmitted in any form or by any means electronic mechanical photographic graphic optic or otherwise or translated in...

Page 3: ...16 3 4 9 Power Supply 18 3 4 10 Extension Connector 20 3 5 Data Storage Option Dx 27 3 6 Option NB3711 27 3 6 1 Power Supply NB3711 28 4 Installation 30 4 1 Installation of the SIM Cards 30 4 2 Insta...

Page 4: ...6 2 IPsec 103 5 6 3 PPTP 109 5 6 4 GRE 112 5 6 5 Dial In 113 5 7 SERVICES 115 5 7 1 SDK 115 5 7 2 DHCP Server 124 5 7 3 DNS Server 126 5 7 4 NTP Server 128 5 7 5 Dynamic DNS 129 5 7 6 E Mail 131 5 7...

Page 5: ...g Status Information 180 6 7 Scanning Networks 181 6 8 Sending E Mail or SMS 181 6 9 Updating System Facilities 182 6 10 Manage keys and certi cates 182 6 11 Restarting Services 183 6 12 Debug System...

Page 6: ...O Ports 74 5 20 Static Routing 79 5 21 Extended Routing 81 5 22 Multipath Routes 82 5 23 Mobile IP 85 5 24 Firewall Groups 91 5 25 Firewall Rules 92 5 26 Masquerading 94 5 27 Inbound NAPT 95 5 28 Ope...

Page 7: ...Administration 146 5 50 System 152 5 51 Regional settings 155 5 52 User Accounts 158 5 53 Remote Authentication 159 5 54 Manual File Con guration 164 5 55 Automatic File Con guration 165 5 56 Factory...

Page 8: ...and Outputs 20 3 20 Audio Port Speci cation 21 3 21 Pin Assignments of Audio Port Signals EP1 EP2 21 3 22 CAN Port Speci cation 22 3 23 Pin Assignments of CAN Port Signals EP1 EP2 22 3 24 IBIS Port Sp...

Page 9: ...NB3000 Line Hd User Manual 4 2 5 143 Certi cate Operations 171 A 1 Abbreviations 191 A 2 System Events 193 A 3 SDK Examples 216 9...

Page 10: ...the router and its features The following chapters describe any aspects of commis sioning the device installation procedure and provide helpful information towards con gu ration and maintenance Pleas...

Page 11: ...nternational laws and with any special restrictions regulating the utilization of the communication module in prescribed applications and environments Information about the accessories changes to the...

Page 12: ...ted only with applicable Regula tory Domain con gured Special attention must be paid to country number of antennas and the antenna gain see also chapter 5 3 4 The maximum allowed gain is 3dBi in the r...

Page 13: ...ystem con guration It can be easily applied to a newer software release afterwards 2 2 Declaration of Conformity NetModule hereby declares that under our own responsibility that the routers comply wit...

Page 14: ...open source codes covered by these licenses please contact our technical support at router support netmodule com Acknowledgements This product includes PHP freely available from http www php net Soft...

Page 15: ...3 Speci cations 3 1 Appearance 6...

Page 16: ...M card slots Extension port The NB3000 Line Hd can be equipped with the following options LTE LTE 450MHz LTE US CDMA 450MHz WLAN IEEE 802 11ac GPS GNSS GSM R RS 232 RS 485 IBIS CAN Audio 1 TB internal...

Page 17: ...es 25 C to 55 C Class T2 according to EN 50155 Storage Temperature Range 40 C to 85 C Humidity 0 to 95 non condensing Altitude Variant Pa up to 4000m Altitude Variant Pb up to 2000m Over Voltage Categ...

Page 18: ...y to any modem by con guration 4 USB USB 2 0 host port can be used for software con guration updates 5 ETH 1 3 FastEthernet switch ports can be used as LAN or WAN interface 6 ETH 4 5 Gigabit Ethernet...

Page 19: ...arked cable with at least 6mm2 copper area Avoid corrosion and protect the screws against loosening 11 PWR Power supply galvanically isolated 12 EXT Galvanically isolated extension ports M12 connector...

Page 20: ...onnection 2 is up l blinking Mobile connection 2 is being established m off Mobile connection 2 is down WLAN1 lll 1 on WLAN connection 1 is up l blinking WLAN connection 1 is being established m off W...

Page 21: ...lent Table 3 3 NB3000 Line Hd Status Indicators Ethernet LEDs The following table describes the Ethernet status indicators Label Color State Function ETH1 5 l on Link on 10 Mbit s 100 Mbit s or 1000 M...

Page 22: ...s Uplink 50 Mbit s CDMA450 Band Class 5 Block Designators A B Downlink 14 7 Mbit s Uplink 5 4 Mbit s LTE Advanced Cat 6 B30 2300 WCS B41 TDD 2500 B29 US 700de Lower B26 US 850 Ext B25 1900 B5 850 B20...

Page 23: ...and 802 11ac support 2x2 MIMO The WLAN antenna ports have the following speci cation Feature Speci cation Max allowed cable length 30 m Max allowed antenna gain including cable attenuation 3 0 dBi1 M...

Page 24: ...elerometer and 3D gyro scope Feature Speci cation Systems GPS GLONASS BeiDu Galileo ready Data stream NMEA or UBX Tracking sensitivity 160 dBm Channels 72 Accuracy 2m Supported antennas Active and pas...

Page 25: ...rt Speci cation 3 4 8 M12 Ethernet Connectors Speci cation The Ethernet ports have following speci cation Feature Speci cation Isolation to enclosure 1500 VDC Speed Fast Ethernet 10 100 Mbit s Gigabit...

Page 26: ...female Pin Signal Pinning 1 Tx 2 Rx 3 Tx 4 Rx Table 3 14 Pin Assignments of 4 Poles Ethernet Connectors Pin Assignment on M12 8 poles X coded female Pin Signal Pinning 1 M1 2 M1 3 M0 4 M0 5 M2 6 M2 7...

Page 27: ...Voltage range 24 VDC to 60 VDC 30 5 Max power consumption 25 W Max cable length 30m Cable shield not required Galvanic isolation yes 1500 VDC according to EN 50155 EN 62368 1 Power interruption Class...

Page 28: ...d not required Galvanic isolation yes 1500 VDC according to EN 50155 EN 62368 1 Power interruption Class S2 Sustains interruptions up to 10 ms there are no batteries included Supply change over Class...

Page 29: ...and pin 5 to 8 represent Ex tension Port 2 EP2 On both EP1 and EP2 the following interfaces may be present Non isolated RS 232 Default con guration on EP1 Audio Option A CAN Option C IBIS Option I Is...

Page 30: ...z Input galvanic isolation to enclo sure functional max 250 VDC Output impedance 100 signal level 2 Vpp Output bandwidth 300 Hz 4 kHz Output galvanic isolation to enclo sure functional max 250 VDC Max...

Page 31: ...al bus termination none External bus termination2 120 Max cable length 100 m Cable shield mandatory Cable type twisted pair Max number of nodes 110 Reactionless Option Cb CAN Passive monotioring only...

Page 32: ...ype IBIS Peripherieger t according to VDV300 and VDV301 Speed 1200 Baud Galvanic isolation to enclosure 1500 VDC Max cable length 100 m Cable shield not required Table 3 24 IBIS Port Speci cation EP P...

Page 33: ...D TXD RXD Baud rate 300 1 200 2 400 4 800 9 600 19 200 38 400 57 600 115 200 230 400 460 800 Data bits 7 bit 8 bit Parity none odd even Stop bits 1 2 Software ow control none XON XOFF Hardware ow cont...

Page 34: ...XD Baud rate 600 1 200 2 400 4 800 9 600 19 200 38 400 57 600 115 200 230 400 460 800 921 600 Data bits 7 bit 8 bit Parity none odd even Stop bits 1 2 Software ow control none XON XOFF Hardware ow con...

Page 35: ...400 460 800 Data bits 7 bit 8 bit Parity none odd even Stop bits 1 2 Software ow control none XON XOFF Hardware ow control none Galvanic isolation to enclosure 1500 VDC Internal bus termination none...

Page 36: ...or further details section 2 2 Media Mount The following options are available Option Capacity Da 32 GB Flash Db 64 GB Flash Dc 128 GB SSD Dd 256 GB SSD De 512 GB SSD Df 1 TB SSD Table 3 32 Storage Sp...

Page 37: ...Voltage range 24 VDC to 60 VDC 30 5 Max power consumption 15 W Max cable length 30m Cable shield not required Galvanic isolation yes 1500 VDC according to EN 50155 EN 60950 Power interruption Class S...

Page 38: ...s according to EN 50155 EN 60950 Power interruption Class S2 Sustains power interruptions up to 10 ms there are no batteries included Supply change over Class C1 0 6 Un during 100 ms w o inter ruption...

Page 39: ...in the same manner The SIM card will then rebounds and can be pulled out SIMs can be assigned exibly to any modem in the system It is also possible to switch a SIM to a different modem during operatio...

Page 40: ...le 4 1 LTE UMTS antenna port types Attention Following points must be observed when installing the antennas A minimum clearance of at least 40 cm between people and the antennas must always be ensured...

Page 41: ...ion of maximum 3dBi in the rele vant frequency range WLAN antennas with a higher ampli cation may be used with the NetModule router Enhanced RF Con guration software li cense and the antenna gain and...

Page 42: ...Only a shielded Ethernet cable may be used To guarantee the IP65 protection class the cable and the connector have also to be IP65 certi ed The connector has to screwed on with 0 4Nm If no cable is c...

Page 43: ...Line Interface CLI and set con guration parameters directly The IP address of Ethernet1 is 192 168 1 1 and the Dynamic Host Con guration Protocol DHCP is activated on the interface by default The fol...

Page 44: ...state and will be disabled as soon as the admin password has been set They can be enabled again afterwards in the relevant sections Other services SSH Telnet Console can be accessed in factory state...

Page 45: ...ill be provided with two les recovery image and recovery dtb which must be placed in the root directory of a TFTP server connected via LAN1 and address 192 168 1 254 The recovery image can be launched...

Page 46: ...k information signal strength etc The information about the amount of downloaded uploaded data is stored in non volatile memory thus survive a reboot of the system The counters can be reset by pressin...

Page 47: ...tion about the OpenVPN tunnel status IPSec This page provides information about the IPsec tunnel status PPTP This page provides information about the PPTP tunnel status GRE This page provides informat...

Page 48: ...tus The system status page displays various details of your NB3000 Line Hd router including system details information about mounted modules and software release information SDK This section will list...

Page 49: ...ing on your hardware model WAN links can be made up of either Wireless Wide Area Network WWAN Wireless LAN WLAN Ethernet or PPP over Ethernet PPPoE connections Please note that each WAN link has to be...

Page 50: ...d priority The rst fallback link it can be enabled permanently or being dialed as soon as Link 1 goes down 3rd priority The second fallback link it can be enabled permanently or be ing dialed as soon...

Page 51: ...manently on switchover Link is being established on switchover it will be dialled if pre vious links failed distributed Link is member of a load distribution group Parameter WAN Link Settings Operatio...

Page 52: ...e Hd User Manual 4 2 Parameter IP Pass Through Settings Interface Speci es the interface on which the address shall be passed through WAN network Speci es the WAN network WAN netmask Speci es the WAN...

Page 53: ...oid any negative side effects the number of bytes in the data segment and the headers must not add up to more than the number of bytes in the Maximum Transmission Unit MTU The MTU can be con gured per...

Page 54: ...onitored can be ANY Mode Speci es whether the link shall only be monitored if being up e g for using a VPN tunnel or if connectivity shall be also validated at connection establishment default Primary...

Page 55: ...Max number of failed tri als The maximum number of failed ping trials until the link will be declared as down Emergency action The emergency action which should be taken after a maximum downtime has b...

Page 56: ...ng a WAN link The LAN10 interface will be available as soon as a pre con gured USB Ethernet device has been plugged in Ethernet Port Assignment Figure 5 6 Ethernet Ports This menu can be used to indiv...

Page 57: ...nually but it has to be ensured that all devices in the network utilize the same settings then VLAN Management NetModule routers support Virtual LAN according to IEEE 802 1Q which can be used to cre a...

Page 58: ...ned on the router Further 802 1P introduces a priority eld which in uences packet scheduling in the TCP IP stack The following priority levels from lowest to highest exist Parameter VLAN Priority Lev...

Page 59: ...it will use the interface speci c name servers e g the ones being retrieved over DHCP and update the resolver con guration accordingly Figure 5 9 LAN IP Con guration Parameter LAN IP Settings Mode De...

Page 60: ...network You may also de ne static values but caution has to be taken to assign an unique IP address as it would otherwise raise IP con icts in the network PPPoE is commonly used when communicating wit...

Page 61: ...balance of a prepaid account SIMs Figure 5 10 SIMs The SIM page gives an overview about the available SIM cards their assigned modems and the current state Once a SIM card has been inserted assigned t...

Page 62: ...ns it might be necessary to set a speci c service type or assign a xed operator The list of operators around can be obtained by initiating a network scan may take up to 60 seconds Further details can...

Page 63: ...unlocking the SIM card PUK code The PUK code for unlocking the SIM card optional Default modem The default modem assigned to this SIM card Preferred service The preferred service to be used with this...

Page 64: ...goes on as soon as the connection is up Refer to section 5 8 7 or consult the system log les for troubleshooting the problem in case the connection did not come up Figure 5 11 WWAN Interfaces The fol...

Page 65: ...on you may con gure the following advanced settings Parameter WAN Advanced Parameters Required signal strength Sets a minimum required signal strength before the connec tion is dialed Home network onl...

Page 66: ...Ethernet LAN interface does As mesh point it can create a wireless mesh network to provide a backhaul connectivity with dynamic path selection As dual mode it is possible to run access point and clie...

Page 67: ...or dual mode you can further con gure the following settings Parameter WLAN Management Operation type Speci es the desired IEEE 802 11 operation mode Radio band Selects the radio band to be used for...

Page 68: ...WLAN Mesh Point Management Operation type Speci es the desired IEEE 802 11 operation mode Radio band Selects the radio band to be used for connections depending on your module it could be 2 4 or 5 GH...

Page 69: ...back You can perform a WLAN network scan and pick the settings from the discovered information directly The authentication credentials have to be obtained by the operator of the remote access point P...

Page 70: ...access point mode you can create up to 4 SSIDs with each running their own network con guration The networks can be individually bridged to a LAN interface or oper ate as dedicated interface in routi...

Page 71: ...her wise the key passphrase for WPA EAP TLS Force PMF Enables Protected Management Frames Hide SSID Hides the SSID Isolate clients Disables client to client communication Accounting Sets accounting pr...

Page 72: ...n the wireless net work connect to the other mesh partners with the same ID and sercurtiy credentials The authentication credentials have to be obtained by the operator of the mesh network Parameter W...

Page 73: ...des can be con gured Parameter WLAN Mesh Point Security Modes Off MESHID is disabled None No authentication provides an open network SAE SAE Simultaneous Authentication of Equals is a secure password...

Page 74: ...mend to set up separated interfaces in routing mode in order to avoid unwanted access and tra c between the interfaces The corresponding DHCP server for each network can be con gured in afterwards as...

Page 75: ...arameter Bridge Settings Administrative status Enables or disables the bridge interface If you need an inter face to the local system you need to de ne an IP address for the local device IP Address IP...

Page 76: ...her devices shall be recognized Enable hotplug Speci es whether device shall be recognized if plugged in dur ing runtime or only at bootup Enable USB IP device server Speci es if devices shall be expo...

Page 77: ...nd it can be used to enable a speci c device based on its Vendor and Product ID Only enabled devices will be recognized by the system and raise additional ports and interfaces Figure 5 16 USB Device M...

Page 78: ...which can be used for setting up more systems with different admin passwords For new devices with an empty password the hash key e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 can b...

Page 79: ...kernel messages and spawns a login shell so that users can login to the system device server The serial port will be exposed over a TCP IP port and can be used to implement a Serial IP gateway modem...

Page 80: ...number of data bits contained in each frame Parity Speci es the parity used for every frame that is transmitted or received Stop bits Speci es the number of stop bits used to indicate the end of a fra...

Page 81: ...in seconds before the port will be disconnected if there is no activity on it A zero value disables this function Allow remote control Allow remote control ala RFC 2217 of the serial port Show banner...

Page 82: ...rt Baud rate Speci es the baud rate run on the serial port Hardware ow control You may enable RTS CTS hardware ow control so that the RTS and CTS lines are used to control the ow of data Parameter Inc...

Page 83: ...Ports You can apply the following settings Parameter Digital I O Settings DO1 after reboot Initial status of DO1 after system has booted DO2 after reboot Initial status of DO2 after system has booted...

Page 84: ...page can be used to pre con gure the audio module It can be later used for the voice gateway It can be con gured as follows Parameter Audio Settings Volume level Default volume level for line out Audi...

Page 85: ...operation either standalone or assisted for A GPS Antenna type The type of the connected GPS antenna either passive or ac tively 3 volt powered Accuracy The desired accuracy in meters Fix frame interv...

Page 86: ...recision as stated in GPGSA frames Furtheron each satellite also comes with the following details Parameter GNSS Satellite Information PRN The PRN code of the satelitte also referred as satellite ID a...

Page 87: ...gency action The corresponding emergency action You can either let just restart the server which will also re initialize the GPS function on the module or reset the module in severe cases Please note...

Page 88: ...both If interface is set to ANY the system will choose the route interface automatically depending on the best matching network con gured for an interface Figure 5 20 Static Routing In general host r...

Page 89: ...routing metric of the interface default 0 higher metrics have the effect of making a route less favorable Flags A ctive P ersistent H ost Route N etwork Route D efault Route The ags obtain the followi...

Page 90: ...vice TOS of packets Parameter Extended Route Con guration Source address The source address of a packet Source netmask The source address of a packet Destination address The destination address of a p...

Page 91: ...interfaces have to be de ned to establish multipath routing Additional inter faces can be added by pressing the plus sign Parameter Add Multipath Routes Target network netmask De nes the target netwo...

Page 92: ...the mobile node as its destination address To prevent problems with rewalls and private IP addressing the MIP implementation al ways employs reverse tunneling which means that all tra c sent by a mobi...

Page 93: ...e mobile node at the home agent This can be either a 128 bit hexadecimal value or a random length ASCII string Life time The lifetime of security associations in seconds UDP encapsulation Speci es whe...

Page 94: ...SPI identifying the security context for the tunnel between the mobile node and the home agent This is used to distinguish mobile nodes from each other Therefore each mobile node needs to be assigned...

Page 95: ...tion can be used to de ne the WAN interfaces on which QoS should be active Parameter QoS Interface Parameters Interface The WAN interface on which QoS should be active Bandwidth congestion The bandwid...

Page 96: ...se the total bandwidth of all queues exceeds the set upstream band width of QoS Interface Parameters Set TOS The TOS DiffServ value to set on matching packets You can now con gure and assign any servi...

Page 97: ...s on a particular interface and dis tribute incoming multicast packets towards the downstream interfaces on which hosts have joined the groups Parameter Multicast Routing Settings Administrative statu...

Page 98: ...e interfaces tab is used to de ne OSPF speci c settings for the IP interfaces of the router If no settings are de ned for a speci c interface default settings will be used Parameter OSPF Interfaces In...

Page 99: ...GP when VRRP slave Disables the BGP protocol when the router is set to slave mode by the VRRP redundancy protocol The neighbors tab is used to con gure all the BGP routers to peer with Parameter BGP N...

Page 100: ...ion page can be used to enable and disable rewalling When turning it on a shortcut can be used to generate a prede ned set of rules which allow administration over HTTP HTTPS SSH or TELNET by default...

Page 101: ...Parameter Firewall Rule Con guration Description A meaningful description about the purpose of this rule Action Speci es whether the packets of this rule should be allowed or denied log matches Throw...

Page 102: ...atching packets UDP TCP or ICMP Destination port s The destination port of matching packets which can be speci ed by a single port or a range of ports only UDP TCP The statistics page can be used to g...

Page 103: ...you specify the interfaces on which masquerading will be per formed NAT will hereby use the address of the selected interface and choose a random source port for outgoing connections and thus enables...

Page 104: ...peci ed rules are processed by order that means traversing the list from top to bottom until a matching rule is found If there is no matching rule found the packet will pass as is Parameter Inbound NA...

Page 105: ...r port range translation in outbound rules Use network based mapping there NAPT Outbound Rules Outbound rules will modify the source section of IP packets and can be used to establish 1 1 NAT mappings...

Page 106: ...NB3000 Line Hd User Manual 4 2 5 6 VPN 5 6 1 OpenVPN OpenVPN Administration Figure 5 28 OpenVPN Administration 97...

Page 107: ...hich has been created in advance Refer to chapter 5 6 1 to learn more about how to manage clients and generate the les Figure 5 29 OpenVPN Con guration Parameter OpenVPN Con guration Operation mode Sp...

Page 108: ...ridged networks Protocol The tunnel protocol to be used for the transport connection Network mode De nes how the packets should be forwarded which can be either routed or bridged from to a particular...

Page 109: ...Check peer certi cate against local CRL negotiate DNS If enabled the system will use the nameservers which have been negotiated over the tunnel OpenVPN Expert Con guration Client The expert con gurati...

Page 110: ...Certi cate le server key Private key le dh1024 pem Di e Hellman parameters le ccd A directory containing client speci c con guration les Keep in mind that a certi cate becomes valid once its validity...

Page 111: ...xed address for a particular client you would have to apply xed addresses to the other ones as well You may specify the network behind the clients as well as the routes to be pushed to each client Th...

Page 112: ...vide a secure channel and a bundle of algorithms that provide the parameters necessary to operate the AH and or ESP operations The Internet Security Association Key Management Protocol ISAKMP provides...

Page 113: ...ly used for connections which traverse a path where a router modi es the IP address port of packets It encapsulates packets in UDP and therefore requires a slight overhead which has to be taken into a...

Page 114: ...ther Dead Peer Detection see RFC 3706 shall be used DPD will detect any broken IPSec connections in par ticular the ISAKMP tunnel and refresh the corresponding SAs Security Associations and SPIs Secur...

Page 115: ...of identi cation for the local ID which can be a FQDN username FQDN or IP address Local ID The local ID value Remote ID Type The type of identi cation for the remote ID Remote ID The remote ID value...

Page 116: ...tration of the key exchange protocol and prevents compromisation of previous keys Pseudo random function PRF algorithms that can optionally be used IPsec Proposal This section can be used to con gure...

Page 117: ...network Local netmask The netmask of your local area network Peer network The address of the remote network behind the peer Peer netmask The netmask of the remote network behind the peer NAT address...

Page 118: ...insecure but it still provides a straightforward way for establishing tunnels Figure 5 33 PPTP Administration When setting up a PPTP tunnel you would need to choose between server or client A client t...

Page 119: ...quires the following settings Parameter PPTP Server Settings Listen address Speci es on which IP address should be listened for incoming client connections Server address The server address within the...

Page 120: ...ement PPTP clients for a server tunnel need to be con gured here They are made up of user name and password A xed IP address can be assigned to them which can be used to point any routes to a dedicate...

Page 121: ...e required for setting up a tunnel Parameter GRE Con guration Peer address The IP address of the remote peer Interface The device type for this tunnel Local tunnel address The local IP address of the...

Page 122: ...on is not possible Figure 5 36 Dial in Server Settings The following settings can be set Parameter Dial in Server Con guration Administrative status Speci es whether incoming calls shall be answered o...

Page 123: ...NB3000 Line Hd User Manual 4 2 Please note that Dial In connections are generally discouraged As they are implemented as GSM voice calls they suffer from unreliability and poor bandwidth 114...

Page 124: ...Anyone reasonably experienced in the C language will nd an environment that is easy to dig in However feel free to contact us via router support netmodule com and we will happily support you in nding...

Page 125: ...Transfer les over HTTP FTP 12 Perform con g software updates 13 Control the LEDs 14 Get system events restart services or reboot system 15 Scan for networks in range 16 Create your own web pages 17 V...

Page 126: ...TION_COUNTRY_CODE string 2 ch LOCATION_COUNTRY string 11 Switzerland LOCATION_POSTCODE string 4 8001 LOCATION_STATE string 6 Zurich LOCATION_LATITUDE string 9 47 3778058 LOCATION_LONGITUDE string 8 8...

Page 127: ...the router when the script is to be executed This can be either time based e g each Monday or triggered by one of the pre de ned system events e g wan up as described in Events chapter 5 7 7 With both...

Page 128: ...duling priority Speci es the process priority of the sdkhost higher priorities will speed up scheduling your scripts lower ones will have less impact to the host system Enable watchdog This option wil...

Page 129: ...he trigger either time based or event based Condition Speci es the time condition for time based triggers e g hourly Timespec The time speci cation which together with the condition speci es the time...

Page 130: ...be created by using the following parameters Parameter SDK Job Parameters Name A meaningful name to identify the job Trigger Speci es the trigger that should launch the job Script Speci es the script...

Page 131: ...nexpected expecting SDK Sample Application As an introduction you can step through a sample application namely the SMS control script which implements remote control over short messages and can be use...

Page 132: ...e system output 1 on Turns on the rst digital output port output 1 off Turns off the rst digital output port output 2 on Turns on the second digital output port output 2 off Turns off the second digit...

Page 133: ...e note that WLAN interfaces for each SSID will pop up here as well in case you have con gured an access point respectively Figure 5 39 DHCP Server The following settings for each interface can be appl...

Page 134: ...current DNS server addresses if not con gured elsewise You can specify xed addresses here Only allow static hosts Any requests coming from none static hosts will be ignored It is also possible to con...

Page 135: ...es but it can be also used for serving xed addresses for particular host names Figure 5 40 DNS Server The following settings can be applied Parameter DNS Server Settings Administrative status Enables...

Page 136: ...ic hosts for serving xed IP addresses for various host names Parameter DNS Static Hosts Settings Address The IP address of the static host Hostname The hostname of the static host Please remember to p...

Page 137: ...r each interface can be applied then Parameter NTP Server Settings Administrative status Speci es whether the NTP server is enabled or not Poll interval De nes the polling interval 64 2048 seconds for...

Page 138: ...ng the current Internet address which can be useful in NAT scenarios The DynDNS client will be triggered whenever a WAN or VPN link comes up Figure 5 42 Dynamic DNS Settings We provide support for a b...

Page 139: ...name provided by your DynDNS service e g my box dyndns org Port The HTTP port of the service typically 80 Username The user name used for authenticating at the service Password The password used for a...

Page 140: ...nt Settings E mail client status Administrative status of the E Mail client From e mail address E Mail address of the sender Server address SMTP server address Server port SMTP server port typically 2...

Page 141: ...SNMP host The SNMP host or address to which the trap shall be sent SNMP port The port of the remote SNMP service Username The username for accessing the remote SNMP service Password The password for...

Page 142: ...er roaming to foreign networks where other fees may apply You can manually assign a xed network by LAI in the Mobile SIMs section see 5 3 3 Sending messages heavily depends on the registration state o...

Page 143: ...ce when you want to avoid using any expensive service or international numbers Both types of rules form a list will be processed by order forwarding outgoing messages over the speci ed modem or droppi...

Page 144: ...any other user whereas normal users will only be able to view status values the admin user will obtain privileges to modify the system Figure 5 45 SSH and Telnet Server Please note that these services...

Page 145: ...ngs Administrative status Whether the SSH service is enabled or disabled Server port The TCP port of the service usually 22 Disable admin login Disable login for admin users Disable password based log...

Page 146: ...EXT MED MIB 1 3 6 1 4 1 31496 VENDOR MIB The VENDOR MIB tables offer some additional information over the system and its WWAN GNSS and WLAN interfaces They can be accessed over the following OIDs Par...

Page 147: ...Con guration Administrative status Enable or disable the SNMP agent Operation mode Speci es if agent should run in compatibilty mode or for SN MPv3 only Contact System maintainer or other contact info...

Page 148: ...is allowed for admin access Attention must be paid to the fact that SNMP passwords have to be more than 8 characters long Shorter passwords will be doubled for SNMP e g admin01 becomes admin01admin01...

Page 149: ...uration update status snmpget v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 12 0 The return value can be one of succeeded 1 failed 2 inprogress 3 notstart...

Page 150: ...1 31496 10 40 18 0 Getting the alternative software version snmpget v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 19 0 Getting the alternative software h...

Page 151: ...ommunication will be encrypted and thus avoids any misuse of the system In order to enable HTTPS you would need to generate or upload a server certi cate in the section 5 8 8 Figure 5 47 Web Server Pa...

Page 152: ...d discovery protocols The following protocols are supported Parameter Discovery Con guration LLDP Link Layer Discovery Protocol CDP Cisco Discovery Protocol FDP Foundry Discovery Protocol SONMP Nortel...

Page 153: ...ot reach able anymore checked via multicast packets This may happen when one device is reboot ing or the Ethernet link went down Same applies when the WAN link goes down Figure 5 48 VRRP Con guration...

Page 154: ...ce Interface on which VRRP should be performed Virtual gateway address The virtual gateway address formed by the participating hosts We assign a priority of 100 to the master and 1 to the backup route...

Page 155: ...Administrative status Speci es whether the gateway shall be enabled or disabled Call routing De nes who will be responsible for call routing If SDK has been speci ed you would need to install a script...

Page 156: ...int acting as SIP user agent towards a remote registrar Based on your equipment we recommend to adjust the modem s audio pro le for a better sound experience The following pro les are available Parame...

Page 157: ...d and could give added delay to the system Parameter Endpoint Settings Voice Over Mobile Modem Speci es the modem which will be used for voice over mobile calls Audio pro le Speci es the modem s audio...

Page 158: ...strar Subscriber The subscriber name used at the registrar Username The username to authenticate at the registrar Password The password used for autentication Register Selects whether the user agent s...

Page 159: ...point registration status and so on Using the SDK you can also initiate or accept a call adjust its volume level or do a hangup Anyway for simple scenarios the generic method should be su cient and ca...

Page 160: ...ar proxy Parameter X Lite Con guration User ID SIP username used in from headers i e subscriber name Domain SIP Domain used in from headers optional Authorization name Username used for authentication...

Page 161: ...Settings Local hostname The hostname of the system Application area The desired application area which in uences the system be haviour such as registration timeouts or other adaptions when operating i...

Page 162: ...evice on which log les shall be stored Max lesize The maximum size of the log les in kB until they will get rotated Redirect address Speci es an IP address to which log messages should be redi rected...

Page 163: ...Password The password used to unlock the bootloader If empty the admin password will be used Time Region This page can be used for setting the system time and con guring the time zone You may further...

Page 164: ...bled Parameter Time Zone Time Zone Set the local time zone Daylight saving changes Enable disable daylight saving changes Virtualization Virtualization techniques can be used to run multiple isolated...

Page 165: ...tftp If you uploaded the the image to the router in advance you can also use le followed by the local path of the le We can provide various tailored Linux distribution images such as Debian on demand...

Page 166: ...e guest system Parameter Guest Devices Enable devices Enable or disable device for the guest In order to limit the ressources for a guest the following settings can be applied Parameter Guest Limits C...

Page 167: ...but can sill login via HTTP tel net User Accounts By using this page you can manage the user accounts on the system Figure 5 52 User Accounts The admin user is a built in power user which represents t...

Page 168: ...The name of the user Role Either admin or user Old password The old password of the user New password The new password of the user Con rm new password The con rmed new password of the user Please note...

Page 169: ...n RADIUS server The RADIUS server address RADIUS secret The secret used to authenticate against the RADIUS server Authentication port The port used for authentication Accounting port The port used for...

Page 170: ...de the administrator password if you want to downgrade to a release 4 1 x and lower The same passphrase will be used for bootloader login as well All users which have no password stored on the device...

Page 171: ...a while Automatic Software Update This menu can be used to run a automatic software update of the system Parameter Automatic software update Status Enable disable automatic software update Time of da...

Page 172: ...ath file Supported protocols are TFTP HTTP HTTPS and FTP For boxes with lim ited amount of ash you may also use usb0 path to firmware package A rmware package ZIP usually consists of a ash utility an...

Page 173: ...te package zip containing the con guration le and a packed version of other essential les such as certi cates in the root directory Manual File Con guration Figure 5 54 Manual File Con guration This s...

Page 174: ...atic con guration update of the system It is con g ured as follows Parameter Automatic File Con guration Status Enable disable an automatic con guration update Time of day Time of day when the system...

Page 175: ...rned on The factory reset will set the IP address of the rst Ethernet interface back to 192 168 1 1 You will be able to communicate again with the device using the default network parameters You may s...

Page 176: ...ty can be used to verify whether a remote host can be reached via IP Time of day The traceroute utility can be used to print the route packets trace to a remote host Tcpdump The tcpdump utility genera...

Page 177: ...he option Debug log or if you are interested in the boot log select Boot log Another way to see what is going on on the box is opening a SSH or Telnet session as root and typing tail log Furthermore t...

Page 178: ...in case of any issues Various tools reside on this page for further analysis of potential con guration issues Figure 5 58 Tech Support File It is possible to trace any IP interface and inspect indivi...

Page 179: ...ages shows an overview about installed keys and certi cates The following sec tions may appear Type Description Root CA The root Certi cate Authority CA which issues certi cates its key can be used to...

Page 180: ...ate locally Generate key and certi cate locally on the box see 5 8 8 for more options upload les Key and certi cate will be uploaded We support les in PKCS12 PKCS7 PEM DER format as well as RSA DSS ke...

Page 181: ...will be take into account Parameter Certi cate Con guration Organisation O The certi cate owner s organization Department OU The name of the organizational unit to which the certi cate issuer belongs...

Page 182: ...can also be uploaded in one stroke by using the container format PKCS12 RSA DSS keys can be con verted from OpenSSH or Dropbear formats It is possible to specify the passphrase for opening the privat...

Page 183: ...as used by SDK functions or when downloading con guration software images you might upload a list of CA certi cates which are considered trusted To obtain the CA certi cate from a particular site wit...

Page 184: ...valid license to be present in the system some of them also depend on the mounted modules Please contact us for getting a valid license for available components and we will provide a license le based...

Page 185: ...ress or implied To obtain the corresponding open source codes covered by these licenses please contact our technical support at router support netmodule com Acknowledgements This product includes PHP...

Page 186: ...NB3000 Line Hd User Manual 4 2 5 9 LOGOUT Please use this menu to log out from the Web Manager 177...

Page 187: ...ogout 6 1 General Usage When operating the CLI in interactive mode each entered command will be executed by the RETURN key You can use the Left and Right keys to move the current point between entered...

Page 188: ...nd of the line CTRL y Yank the top of the deleted text into the buffer at point Please note that it can be required to apply quotes when entering commands with argu ments containing whitespaces 6 2 Pr...

Page 189: ...configuration sections 6 4 Setting Con g Parameters The set command can be used to set con guration values set h Usage set hv parameter value parameter value Options v validate config parameter 6 5 C...

Page 190: ...nnection status pptp PPTP connection status gre GRE connection status dialin Dial In connection status mobileip MobileIP status dio Digital IO status audio Audio module status can CAN module status ua...

Page 191: ...rce update n don t reset missing config values with factory defaults s show update status Available update targets software Perform software update firmware Perform module firmware update config Updat...

Page 192: ...Firewall and NAPT gpsd GPS daemon gre GRE connections ipsec IPsec connections lighttpd HTTP server link manager WAN links network Networking openvpn OpenVPN connections pptp PPTP connections qos QoS...

Page 193: ...r wwanmd 6 13 Resetting System The reset command can be used to reset the router back to factory defaults reset h Usage reset h 6 14 Rebooting System The reboot command can be used to reboot the route...

Page 194: ...This section describes the CLI PHP interface for Version 2 It accepts POST and GET requests Running with GET requests the general usage is de ned as follows Usage http s cli php key1 value1 key2 valu...

Page 195: ...running command status arg0 h Please note that the status summary can be displayed without authentication Examples http 19 2 1 68 1 1 cli php version 2 output html usr admin pwd admin01 command status...

Page 196: ...1 cli php version 2 output html usr admin pwd admin01 command set arg0 snmp status arg1 0 arg2 openvpn status arg3 1 restart Restart a system service Key usage command restart arg0 service Notes Avail...

Page 197: ...2 168 1 254 user config zip http 19 2 1 68 1 1 cli php version 2 output html usr admin pwd admin01 command update arg0 license arg1 http 192 168 1 254 xxx lic http 19 2 1 68 1 1 cli php version 2 outp...

Page 198: ...e encoded with 40 The E Mail client must be properly configured prior to using that function In case of stdout the downloaded techsupport file will be called download Examples http 19 2 1 68 1 1 cli p...

Page 199: ...i es the SIM slot as seen on the front panel GNSSx Speci es a Global Navigation Satellite System module Mobilex Identi es a WWAN modem SERIALx Identi es a serial port OUTx Speci es a digital I O outpu...

Page 200: ...a Network interfaces which are currently activated in the system FQDN Fully quali ed domain name ASU Arbitrary Strength Unit RSRP Referenz Signal Received Power RSRQ Reference Signal Received Quality...

Page 201: ...02 gps down GPS signal is not available 401 openvpn up OpenVPN connection came up 402 openvpn down OpenVPN connection went down 403 ipsec up IPsec connection came up 404 ipsec down IPsec connection we...

Page 202: ...port received SMS report has been received 701 call incoming A voice call is coming in 702 call outgoing Outgoing voice call is being established 801 ddns update succeeded Dynamic DNS update succeeded...

Page 203: ...on guration The factory con guration including default values for any con guration parameter can be derived from the le etc config factory config cfg on the router You may also call cli get f paramete...

Page 204: ...T UPDATED 201806261330 Z ORGANIZATION NetModule AG CONTACT INFO NetModule AG Switzerland DESCRIPTION MIB module which defines the NB router specific entities REVISION 201806261330 Z DESCRIPTION MIB fo...

Page 205: ...only STATUS current DESCRIPTION The currently installed kernel version admin 2 serialNumber OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION The serial number of the d...

Page 206: ...SCRIPTION The date and time when the alternative software shall be activated admin 13 configActivationDate OBJECT TYPE SYNTAX DateAndTime MAX ACCESS read write STATUS current DESCRIPTION The date and...

Page 207: ...t be preceded by a valid prefix e g tftp sftp ftp https or http and point to the to be installed image admin 25 softwareUpdateStatus OBJECT TYPE SYNTAX INTEGER stored 0 succeeded 1 failed 2 inprogress...

Page 208: ...IPTION Upload the current system logs to the specified URL the URL must be preceded by a valid prefix e g tftp sftp ftp https or http and point to the path where the system log shall be stored admin 4...

Page 209: ...lity DisplayString wwanModemIndex OBJECT TYPE SYNTAX Integer32 0 254 MAX ACCESS not accessible STATUS current DESCRIPTION WWAN modem index nbWwanEntry 1 wwanModemName OBJECT TYPE SYNTAX DisplayString...

Page 210: ...try 12 wwanRSRP OBJECT TYPE SYNTAX DisplayString UNITS dBm MAX ACCESS read only STATUS current DESCRIPTION The current Reference Signal Received Power LTE of the WWAN modem nbWwanEntry 13 wwanRSRQ OBJ...

Page 211: ...layString gnssVerticalSpeed DisplayString gnssTrackAngle DisplayString gnssIndex OBJECT TYPE SYNTAX Integer32 0 254 MAX ACCESS not accessible STATUS current DESCRIPTION GNSS device index nbGnssEntry 1...

Page 212: ...DESCRIPTION The current track angle value in degrees received by the GNSS device nbGnssEntry 11 NBWlanTable nbWlanTable OBJECT TYPE SYNTAX SEQUENCE OF NBWlanEntry MAX ACCESS not accessible STATUS cur...

Page 213: ...able OBJECT TYPE SYNTAX SEQUENCE OF NBWlanStationEntry MAX ACCESS not accessible STATUS current DESCRIPTION A table shows current connected clients nb 61 nbWlanStationEntry OBJECT TYPE SYNTAX NBWlanSt...

Page 214: ...ation nbWlanStationEntry 7 wlanStationInactive OBJECT TYPE SYNTAX Integer32 UNITS ms MAX ACCESS read only STATUS current DESCRIPTION The inactivity time of a connected station nbWlanStationEntry 8 NBW...

Page 215: ...read only STATUS current DESCRIPTION WAN link since up nbWanEntry 4 wanLinkType OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION WAN link type nbWanEntry 5 wanLinkInter...

Page 216: ...TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION WAN link download rate nbWanEntry 15 wanUploadRate OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION WA...

Page 217: ...write STATUS current DESCRIPTION The update value for digital I O port OUT2 dio 11 NBSerialTable nbSerialTable OBJECT TYPE SYNTAX SEQUENCE OF NBSerialEntry MAX ACCESS not accessible STATUS current DES...

Page 218: ...ad only STATUS current DESCRIPTION The number of frame errors on the serial port nbSerialEntry 6 serialOverrunErrors OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION The nu...

Page 219: ...unter64 UNITS seconds MAX ACCESS read only STATUS current DESCRIPTION The uptime of the router when the SNMP trap occured nbTrapHistoryEntry 3 trapHistoryEvent OBJECT TYPE SYNTAX Integer32 MAX ACCESS...

Page 220: ...events 402 ipsec up NOTIFICATION TYPE STATUS current DESCRIPTION IPsec connection came up events 403 ipsec down NOTIFICATION TYPE STATUS current DESCRIPTION IPsec connection went down events 404 pptp...

Page 221: ...tem poweroff NOTIFICATION TYPE STATUS current DESCRIPTION System poweroff has been triggered events 509 system error NOTIFICATION TYPE STATUS current DESCRIPTION System is in error state events 510 sy...

Page 222: ...DESCRIPTION USB Ethernet device has been added events 903 usb eth removed NOTIFICATION TYPE STATUS current DESCRIPTION USB Ethernet device has been removed events 904 usb serial added NOTIFICATION TY...

Page 223: ...leeping host WakeOn Lan gps broadcast are This script sends the local GPS NMEA stream to a remote UDP server incl device identity gps monitor are A script for activating WLAN as soon as GPS position l...

Page 224: ...read from the serial port serial tcp broadcast are This script reads messages coming from the serial port and forwards them via TCP to remote hosts and vice versa serial tcsetattr are This script can...

Page 225: ...nsfer are This scripts stores the latest GNSS positions in a remote FTP le udp msg server are This script will run an UDP server which is able to receive mes sages and forward them as SMS E Mail udpcl...

Reviews:

No comments

Related manuals for NB3000-Line-Hd

3Com EtherLink 3C509B Quick Manual preview
EtherLink 3C509B
Brand: 3Com Pages: 8
3xLogic V250 Quick Start Manual preview
V250
Brand: 3xLogic Pages: 2
ZyXEL Communications EOC350 Series Quick Start Manual preview
EOC350 Series
Brand: ZyXEL Communications Pages: 2
Dahua NVS0X04DH Quick Start Manual preview
NVS0X04DH
Brand: Dahua Pages: 24
IBM BladeCenter Management Module Installation And User Manual preview
BladeCenter Management Module
Brand: IBM Pages: 184
NETGEAR RP614 v2 Installation Manual preview
RP614 v2
Brand: NETGEAR Pages: 2
TP-Link Archer VR500vd Installation Manual preview
Archer VR500vd
Brand: TP-Link Pages: 7
Lutron Electronics Smart Bridge Quick Start Manual preview
Smart Bridge
Brand: Lutron Electronics Pages: 4
Caton NVE 9100 User Manual preview
NVE 9100
Brand: Caton Pages: 18
Rajant Corporation BreadCrumb CX1 User Manual preview
BreadCrumb CX1
Brand: Rajant Corporation Pages: 40
Paradyne JetFusion 2100 Series User Manual preview
JetFusion 2100 Series
Brand: Paradyne Pages: 296
Dataprobe iBoot Instruction Manual preview
iBoot
Brand: Dataprobe Pages: 16
Alcatel 7270 MSC Specifications preview
7270 MSC
Brand: Alcatel Pages: 4
ADTRAN ENHANCED PSD 239 H2R Product Manual preview
ENHANCED PSD 239 H2R
Brand: ADTRAN Pages: 2
NetComm NB3300 Installation And Setup preview
NB3300
Brand: NetComm Pages: 4
Avocent Cyclades CS4008 Specifications preview
Cyclades CS4008
Brand: Avocent Pages: 2
ZyXEL Communications WAP6804 User Manual preview
WAP6804
Brand: ZyXEL Communications Pages: 114
National Instruments GPIB-120A User Manual preview
GPIB-120A
Brand: National Instruments Pages: 36

Brands by name

Popular brands

Load more brands