manualshive.com logo in svg

NetModule NB3710, User Manual

Share
Download
NetModule NB3710 User Manual Download Page 97

NB3710 User Manual 4.0

5.6.2. IPsec

IPsec is a protocol suite for securing IP communications by authenticating and encrypt-
ing each packet of a communication session and thus establishing a secure virtual private
network.

IPsec includes various cryptographic protocols and ciphers for key exchange and data
encryption and can be seen as one of the strongest VPN technologies in terms of security.
It uses the following mechanisms:

Mechanism

Description

AH

Authentication Headers (AH) provide connectionless integrity and data origin
authentication for IP datagrams and ensure protection against replay attacks.

ESP

Encapsulating Security Payloads (ESP) provide confidentiality, data-origin
authentication, connectionless integrity, an anti-replay service and limited
traffic-flow confidentiality.

SA

Security Associations (SA) provide a secure channel and a bundle of algo-
rithms that provide the parameters necessary to operate the AH and/or ESP
operations. The Internet Security Association Key Management Protocol
(ISAKMP) provides a framework for authenticated key exchange.

Negotating keys for encryption and authentication is generally done by the Internet Key
Exchange protocol (IKE) which consists of two phases:

Phase

Description

IKE
phase
1

IKE authenticates the peer during this phase for setting up an ISAKMP se-
cure association. This can be carried out by either using

main

or

aggressive

mode. The

main

mode approach utilizes the Diffie-Hellman key exchange and

authentication is always encrypted with the negotiated key.The

aggressive

mode just uses hashes of the pre-shared key and therefore represents a less-
secure mechanism which should generally be avoided as it is prone to dictio-
nary attacks.

IKE
phase
2

IKE finally negotiates IPSec SA parameters and keys and sets up matching
IPSec SAs in the peers which is required for AH/ESP later on.

Administration

This page can be used to enable/disable IPsec, you may also specify whether NAT-
Traversal should be used.

NAT-Traversal is mainly used for connections which traverse a path where a router

97

Summary of Contents for NB3710

Page 1: ...NetModule Router NB3710 User Manual for Software Version 4 0 Manual Version 1 8 NetModule AG Switzerland September 15 2016...

Page 2: ...trieval system adopted or transmitted in any form or by any means electronic mechanical photographic graphic optic or otherwise or translated in any language or computer language without the prior wri...

Page 3: ...2 3 3 3 WLAN 12 3 3 4 GPS 12 3 3 5 USB 2 0 Host Port 13 3 3 6 M12 Ethernet Connectors 13 3 3 7 Power Supply 14 3 3 8 Digital Inputs and Outputs 15 3 3 9 Extension Connector 16 4 Installation 22 4 1 En...

Page 4: ...Routes 65 5 4 2 Extended Routing 67 5 4 3 Multipath Routes 69 5 4 4 Mobile IP 70 5 4 5 Quality Of Service 73 5 4 6 Multicast 75 5 4 7 OSPF 76 5 4 8 BGP 78 5 5 FIREWALL 79 5 5 1 Administration 79 5 5 2...

Page 5: ...ice 167 5 9 LOGOUT 168 6 Command Line Interface 169 6 1 General Usage 169 6 2 Print Help 170 6 3 Getting Config Parameters 171 6 4 Setting Config Parameters 171 6 5 Getting Status Information 172 6 6...

Page 6: ...AN IP Configuration 54 5 15 USB Administration 55 5 16 USB Device Management 56 5 17 Serial Port Administration 58 5 18 Serial Port Settings 59 5 19 Digital I O Ports 61 5 20 Static Routing 65 5 21 Ex...

Page 7: ...5 49 Voice Gateway Administration 139 5 50 Voice Gateway Endpoint Configuration 141 5 51 Voice Gateway Routing Configuration 144 5 52 System 146 5 53 Regional settings 148 5 54 User Accounts 149 5 55...

Page 8: ...f Audio Port Signals EP1 EP2 18 3 19 CAN Port Specification 18 3 20 Pin Assignments of CAN Port Signals EP1 EP2 18 3 21 IBIS Port Specification 19 3 22 Pin Assignments of IBIS Port Signals EP1 EP2 19...

Page 9: ...the router and its features The following chapters describe any aspects of commissioning the device installation procedure and provide helpful information towards configuration and maintenance Please...

Page 10: ...Possible antenna circuits must be limited to over voltage transient levels below 1 500 VDC according to IEC 60950 1 TNV 1 circuit levels by using safety approved components NB3710 routers shall only...

Page 11: ...f a working system configuration It can be downloaded using the Web Manager and easily applied to a newer software release afterwards as we generally guarantee backward compatibility 2 2 Declaration o...

Page 12: ...source codes covered by these licenses please contact our technical support at router support netmodule com Acknowledgements This product includes PHP freely available from http www php net Software d...

Page 13: ...options LTE LTE 450MHz LTE US CDMA 450MHz WLAN IEEE 802 11abgn GPS GNSS GSM R RS 232 RS 485 IBIS CAN Audio Power Supply 72 96 110 VDC 64 GB internal storage Software Key GPS Software Key Mobile IP So...

Page 14: ...e connection 2 is up l blinking Mobile connection 2 is being established m off Mobile connection 2 is down WLAN1 lll 1 on WLAN connection 1 is up l blinking WLAN connection 1 is being established m of...

Page 15: ...port 1 is not set DI2 l on Input port 2 is set m off Input port 2 is not set Ext1 l on Extension port 1 is on m off Extension port 1 is off Ext2 l on Extension port 2 is on m off Extension port 2 is...

Page 16: ...used connect a yellow green marked cable with at least 6mm2 copper area Avoid corrosion and protect the screws against loosening Power Front Power supply galvanically isolated Digital I O Front Galva...

Page 17: ...50 MHz UMTS Band 1 2100 MHz UMTS Band 8 900 MHz CDMA450 Band Class 5 Block Designators A B Table 3 3 Mobile Interface The LTE modules support 2x2 MIMO Data rates LTE max 100 Mbps downlink 50 Mbps upli...

Page 18: ...Feature Specification Systems GPS GLONASS BeiDu Galileo ready Data stream NMEA or UBX Tracking sensitivity 160 dBm Channels 72 Accuracy 2m Supported antennas Active and passive Table 3 6 GNSS Specific...

Page 19: ...ectors 3 3 7 Power Supply The power input has the following specifications Feature Specification Power supply nominal voltages 24 VDC 36 VDC and 48 VDC according to EN 50155 Voltage range 12 VDC to 60...

Page 20: ...cification in common Feature Specification Isolation to enclosure GND 1 000 VAC Isolation to adjacent I O functional Table 3 12 Common Digital I O Specification Isolated Outputs The isolated digital o...

Page 21: ...ontact relay normally open 6 DO1 Dry contact relay normally open 7 DO2 Dry contact relay normally closed 8 DO2 Dry contact relay normally closed Table 3 15 Pin Assignments of Digital Inputs and Output...

Page 22: ...uts Audio Port Specification Option A The Audio port has the following specification Feature Specification Protocol Audio Line In Out Input impedance 44 k signal level 2 Vpp Input bandwidth 100 Hz 15...

Page 23: ...V2 0B Speed up to 1 Mbps Galvanic isolation 1500 VDC Internal bus termination none Table 3 19 CAN Port Specification EP Pins Signal 1 5 GND 2 6 H 3 7 L 4 8 Table 3 20 Pin Assignments of CAN Port Signa...

Page 24: ...wire RS 232 Port Specification The non isolated 3 wire RS 232 port has the following specification Option S Feature Specification Protocol 3 wire RS 232 GND TXD RXD Baud rate 300 1 200 2 400 4 800 9...

Page 25: ...D RXD Baud rate 600 1 200 2 400 4 800 9 600 19 200 38 400 57 600 115 200 230 400 460 800 921 600 Data bits 7 bit 8 bit Parity none odd even Stop bits 1 2 Software flow control None XON XOFF Hardware f...

Page 26: ...230 400 460 800 Data bits 7 bit 8 bit Parity none odd even Stop bits 1 2 Software flow control None XON XOFF Hardware flow control None Galvanic isolation 1500 VDC Internal bus termination none Table...

Page 27: ...ng to EN 50155 Humidity 0 to 95 non condensing Altitude up to 4000m Over Voltage Category I Pollution Degree 2 Ingress Protection Rating IP40 with SIM and USB covers mounted Table 4 1 Operating Condit...

Page 28: ...antenna will be suitable for most applications However in some circum stances it might be necessary to use remote antennas together with an extended cable to reach a better location offering an adequa...

Page 29: ...might other wise experience sporadical link loss during operation The Link Act LED will lit up as soon as the device has synced If not it might be necessary to configure a different link setting as d...

Page 30: ...mand Line Interface CLI and set configuration parameters directly The IP address of Ethernet1 is 192 168 1 1 and the Dynamic Host Configuration Pro tocol DHCP is activated on the interface by default...

Page 31: ...the admin password will be also applied for the root user which can be used to access the device via the serial console telnet SSH or to enter the bootloader You may also configure additional users wh...

Page 32: ...he serial port of your local computer You will also see the kernel messages at bootup there 3 Recovery Image In severe cases we can provide a recovery image on demand which can be loaded into RAM via...

Page 33: ...router s interfaces WAN This page offers details about any enabled Wide Area Network WAN links such as the IP addresses network information signal strength etc The information about the amount of dow...

Page 34: ...ion LAN This page shows information about the LAN interfaces plus the neighborhood informa tion DHCP This page offers details about any activated DHCP service including a list of issued DHCP leases Op...

Page 35: ...Open Shortest Path First routing protocol DynDNS This page provides information about Dynamic DNS System Status The system status page displays various details of your NB3710 router including system d...

Page 36: ...on your hardware model WAN links can be made up of either Wireless Wide Area Network WWAN Wireless LAN WLAN Ethernet or PPP over Ethernet PPPoE connections Please note that each WAN link has to be co...

Page 37: ...r permanently in order to minimize link downtime Parameter WAN Link Priorities 1st priority The primary link which will be used whenever possible 2nd priority The first fallback link it can be enabled...

Page 38: ...se of firewall issues Once established the Web Manager can be reached over port 8080 using the WAN address but still over the LAN1 interface using port 80 Parameter WAN Link Operation Modes disabled L...

Page 39: ...d any negative side effects the number of bytes in the data segment and the headers must not add up to more than the number of bytes in the Maximum Transmission Unit MTU The MTU can be configured per...

Page 40: ...vision Settings Link The WAN link to be monitored can be ANY Mode Specifies whether the link shall only be monitored if being up e g for using a VPN tunnel or if connectivity shall be also validated a...

Page 41: ...e transmitted in case a first ping failed Max number of failed trials The maximum number of failed ping trials until the link will be declared as down Emergency action The emergency action which shoul...

Page 42: ...connect other LAN segments or for configuring a WAN link The LAN10 interface will be available as soon as a pre configured USB Ethernet device has been plugged in Ethernet Port Assignment Figure 5 6 E...

Page 43: ...h Ethernet port individually Most devices support auto negotiation which will configure the link speed automatically to comply with other devices in the network In case of negotiation problems you may...

Page 44: ...iated virtual interface Any untagged packets as well as packets with an unassigned ID will be distributed to the native interface Figure 5 8 VLAN Management In order to form a distinctive subnet the n...

Page 45: ...NB3710 User Manual 4 0 Parameter VLAN Priority Levels 3 Critical Applications 4 Video 100 ms latency and jitter 5 Voice 10 ms latency and jitter 6 Internetwork Control 7 Network Control...

Page 46: ...bally in the DNS server config uration menu But as soon as a link comes up it will use the interface specific name servers e g the ones being retrieved over DHCP and update the resolver configuration...

Page 47: ...settings address subnet gateway DNS server will be retrieved from a DHCP server in the network You may also define static values but caution has to be taken to assign an unique IP address as it would...

Page 48: ...registering to a network usually takes some time and depends on signal strength and possible radio interferences You may hit the Update button at any time in order to restart PIN unlocking and trigger...

Page 49: ...ode Please check the account details associated with your purchased SIM and figure out whether it is protected with a PIN PIN code The PIN code for unlocking the SIM card SMS gateway The service cente...

Page 50: ...NB3710 User Manual 4 0 mentary Service Data USSD requests e g for querying the available balance of a prepaid account...

Page 51: ...to section 5 8 7 or consult the system log files for troubleshooting the problem in case the connection did not come up Figure 5 11 WWAN Interfaces The following mobile settings are required Paramete...

Page 52: ...tings Parameter WAN Advanced Parameters Required signal strength Sets a minimum required signal strength before the connec tion is dialed Home network only Determines whether the connection should onl...

Page 53: ...ntained IP interface which can be used for routing and to provide services such as DHCP DNS NTP in the same way like an Ethernet LAN interface does Figure 5 12 WLAN Management If the administrative st...

Page 54: ...e country the Router operates in Number of antennas Set the number of connected antennas Antenna gain Specify the antenna gain for the connected antennas Please refer to the antennas datasheet for the...

Page 55: ...40 80 MHz 866 7 Mbit s Table 5 18 IEEE 802 11 Network Standards Note NetModule Routers with 802 11n and 802 11ac support 2x2 MIMO Prior to setting up an access point it is always a good idea to run a...

Page 56: ...ained by the operator of the remote access point Parameter WLAN Client Configuration SSID The network name called SSID Security mode The desired security mode WPA WPA2 mixed mode WPA2 should be prefer...

Page 57: ...cess point mode you can create up to 4 SSIDs with each running their own network configuration The networks can be individually bridged to a LAN interface or operate as dedicated interface in routing...

Page 58: ...wise the key passphrase for WPA EAP TLS Force PMF Enables Protected Management Frames Hide SSID Hides the SSID Isolate clients Disables client to client communication Accounting Sets accounting profil...

Page 59: ...e subnet However for multiple SSIDs we strongly recommend to set up separated interfaces in routing mode in order to avoid unwanted access and traffic between the interfaces The corresponding DHCP ser...

Page 60: ...dministrative status Specifies whether devices shall be recognized Enable hotplug Specifies whether device shall be recognized if plugged in during runtime or only at bootup Enable USB IP device serve...

Page 61: ...USB Devices This page show the currently connected devices and it can be used to enable a specific device based on its Vendor and Product ID Only enabled devices will be recognized by the system and...

Page 62: ...ine dur ing authentication which can be used for setting up more systems with different admin passwords For new devices with an empty password the hash key e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b...

Page 63: ...which can be ac cessed with a serial terminal client from the other side It will provide helpful bootup and kernel messages and spawns a login shell so that users can login to the system device serve...

Page 64: ...f data bits contained in each frame Parity Specifies the parity used for every frame that is transmitted or received Stop bits Specifies the number of stop bits used to indicate the end of a frame Sof...

Page 65: ...seconds before the port will be disconnected if there is no activity on it A zero value disables this function Allow remote control Allow remote control ala RFC 2217 of the serial port Show banner Sho...

Page 66: ...ts You can apply the following settings Parameter Digital I O Settings DO1 after reboot Initial status of DO1 after system has booted DO2 after reboot Initial status of DO2 after system has booted Bes...

Page 67: ...on either standalone or assisted for A GPS Antenna type The type of the connected GPS antenna either passive or actively 3 volt powered Accuracy The desired accuracy in meters Fix frame interval The a...

Page 68: ...lating the position as stated in GPGGA frames Dilution of precision The dilution of precision as stated in GPGSA frames Furtheron each satellite also comes with the following details Parameter GNSS Sa...

Page 69: ...ation after which an emergency action will be taken Emergency action The corresponding emergency action You can either let just restart the server which also re initializes GPS on the module or also r...

Page 70: ...l choose the route interface automatically depending on the best matching network configured for an interface Figure 5 20 Static Routing In general host routes precede network routes and network route...

Page 71: ...face default 0 higher met rics have the effect of making a route less favorable Flags A ctive P ersistent H ost Route N etwork Route D efault Route The flags obtain the following meanings Flag Descrip...

Page 72: ...sk but also a source address netmask incoming interface and the type of service TOS of packets Parameter Extended Route Configuration Source address The source address of a packet Source netmask The s...

Page 73: ...r Manual 4 0 Parameter Extended Route Configuration Route to Specifies the target interface or gateway to where the packet should get routed to discard if down Discard packets if the specified interfa...

Page 74: ...erfaces have to be defined to establish multipath routing Additional interfaces can be added by pressing the plus sign Parameter Add Multipath Routes Target network net mask Defines the target network...

Page 75: ...ress called the care of address in MIP terms of the mobile node has changed The home agent will then encapsulate packets destined to a mobile node s home address into a tunnel packet containing the cu...

Page 76: ...I This is a 32 bit hexadecimal value Authentication type The used authentication algorithm This can be prefix suffix md5 default for MIP or hmac md5 Shared secret The shared secret used for authentica...

Page 77: ...I identifying the secu rity context for the tunnel between the mobile node and the home agent This is used to distinguish mobile nodes from each other Therefore each mobile node needs to be assigned a...

Page 78: ...hich QoS should be active Parameter QoS Interface Parameters Interface The WAN interface on which QoS should be active Bandwidth congestion The bandwidth congestion method In case of auto the system w...

Page 79: ...pstream bandwidth of QoS Interface Parameters Set TOS The TOS DiffServ value to set on matching packets You can now configure and assign any services to each queue The following parameters apply Param...

Page 80: ...towards the down stream interfaces on which hosts have joined the groups Parameter Multicast Routing Settings Administrative status Specifies whether multicast routing is active Incoming interface The...

Page 81: ...the VRRP redundancy protocol The interfaces tab is used to define OSPF specific settings for the IP interfaces of the router If no settings are defined for a specific interface default settings will b...

Page 82: ...NB3710 User Manual 4 0 Parameter OSPF Networks Area Routing area to which this interface belongs 0 65535 0 means backbone...

Page 83: ...hen VRRP slave Disables the BGP protocol when the router is set to slave mode by the VRRP redundancy protocol The neighbors tab is used to configure all the BGP routers to peer with Parameter BGP Neig...

Page 84: ...page can be used to enable and disable firewalling When turning it on a shortcut can be used to generate a predefined set of rules which allow administration over HTTP HTTPS SSH or TELNET by default...

Page 85: ...Packets which are not matching any of the rules configured will be ALLOWED Figure 5 25 Firewall Rules Parameter Firewall Rule Configuration Description A meaningful description about the purpose of th...

Page 86: ...ng interface The interface on which matching packets are received Protocol The used IP protocol of matching packets UDP TCP or ICMP Destination port s The destination port of matching packets which ca...

Page 87: ...26 Masquerading The administration page lets you specify the interfaces on which masquerading will be performed NAT will hereby use the address of the selected interface and choose a random source po...

Page 88: ...aningful description of this rule Incoming interface The interface from which matching packets are received Source The source address or network from which matching packets are received Target address...

Page 89: ...ets optional Protocol The used protocol of matching packets Ports The used UDP TCP port of matching packets Rewrite source address The address to which the source address of matching packets shall be...

Page 90: ...NB3710 User Manual 4 0 Figure 5 27 Inbound NAPT...

Page 91: ...andard configuration or upload an expert mode file which has been created in advance Refer to chapter 5 6 1 to learn more about how to manage clients and generate the files Parameter OpenVPN Configura...

Page 92: ...NB3710 User Manual 4 0 Figure 5 29 OpenVPN Configuration...

Page 93: ...The tunnel protocol to be used for the transport connection Network mode Defines how the packets should be forwarded which can be either routed or bridged from to a particular LAN interface If require...

Page 94: ...nameservers which have been negotiated over the tunnel OpenVPN Expert Configuration Client The expert configuration mode offers a straightforward way to configure a tunnel by simply uploading a zip pa...

Page 95: ...ed clients can be seen on this page including the connect time and IP address You may kick connected clients by disabling them In the Networking section you can specify a fixed tunnel endpoint address...

Page 96: ...NB3710 User Manual 4 0 Figure 5 30 OpenVPN Client Management...

Page 97: ...AH and or ESP operations The Internet Security Association Key Management Protocol ISAKMP provides a framework for authenticated key exchange Negotating keys for encryption and authentication is gener...

Page 98: ...NB3710 User Manual 4 0 Figure 5 31 IPsec Administration...

Page 99: ...nning NAT Traversal makes IKE using UDP port 4500 rather than 500 which has to be taken into account when setting up firewall rules Configuration Figure 5 32 IPsec Configuration General For setting up...

Page 100: ...h pre shared keys PSK or certifi cates within a public key infrastructure Extended Authentication XAUTH leverages RADIUS like authentication and can be used to apply user level access control over IPS...

Page 101: ...d we recommend AES256 Authentication algo rithm The desired IKE authentication method we prefer SHA1 over MD5 IKE Diffie Hellman Group The IKE Diffie Hellman Group SA life time The lifetime of Securit...

Page 102: ...tted when a valid SA with matching source and destination network is present Therefore you may need to specify the networks right and left of the endpoints by applying the following settings Parameter...

Page 103: ...ecure but it still provides a straightforward way for establishing tunnels Figure 5 33 PPTP Administration When setting up a PPTP tunnel you would need to choose between server or client A client tunn...

Page 104: ...NB3710 User Manual 4 0 Figure 5 34 PPTP Tunnel Configuration...

Page 105: ...ons Server address The server address within the tunnel Client address range Specifies a range of IP addresses assigned to each client PPTP Client Management PPTP clients for a server tunnel need to b...

Page 106: ...equired for setting up a tunnel Parameter GRE Configuration Peer address The IP address of the remote peer Interface The device type for this tunnel Local tunnel address The local IP address of the tu...

Page 107: ...Settings The following settings can be set Parameter Dial in Server Configuration Administrative status Specifies whether incoming calls shall be answered or not Modem Specifies the modem on which cal...

Page 108: ...NB3710 User Manual 4 0 as GSM voice calls they suffer from unreliability and poor bandwidth...

Page 109: ...ule specific Application Programming Interface API which ships with a comprehensive set of functions for accessing hardware interfaces e g digital IO ports GPS external storage media serial ports but...

Page 110: ...obtained from the NetModule support web page gives a detailed introduction of the language including a description of all available functions SDK API Functions The current range of API functions can...

Page 111: ...re of variables for a specific section a list of available sections can be obtained by running cli status h By using the dump function you can figure out the content of the returned structure dump cur...

Page 112: ...r Manual 4 0 wanlink 0 mode wanlink 0 name wanlink 0 prio wanlink 0 weight Running the CLI in interactive mode you will be also able to step through possible configuration parameters by the help of th...

Page 113: ...s telling the router when the script is to be executed This can be either time based e g each Monday or triggered by one of the pre defined system events e g wan up as described in Events chapter 5 7...

Page 114: ...NB3710 User Manual 4 0 Figure 5 37 SDK Administration...

Page 115: ...provides an overview about any finished jobs you can also stop a running job there and view the script output in the troubleshooting section where you will also find links for downloading the manuals...

Page 116: ...fies the trigger that should launch the job Script Specifies the script to be executed Arguments Defines arguments which can be passed to the script sup ports quoting they will precede the arguments y...

Page 117: ...NB3710 User Manual 4 0 Figure 5 38 SDK Jobs...

Page 118: ...ender The source code is listed in the appendix Once enabled you can send a message to the phone number associated with a SIM modem It generally requires a password to be given on the first line and a...

Page 119: ...st digital output port output 2 on Turns on the second digital output port output 2 off Turns off the second digital output port Table 5 79 SMS Control Commands A response to the status command typica...

Page 120: ...this range Lease duration Number of seconds how long a given lease shall be valid until it has to be requested again Persistent leases By turning on this option the router will remember issued leases...

Page 121: ...NB3710 User Manual 4 0 Figure 5 39 DHCP Server...

Page 122: ...ddresses for particular host names Figure 5 40 DNS Server The following settings can be applied Parameter DNS Server Settings Administrative status Enables or disables the DNS server Domain name The d...

Page 123: ...Manual 4 0 names Parameter DNS Static Hosts Settings Address The IP address of the static host Hostname The hostname of the static host Please remember to point DNS lookups of local hosts to the route...

Page 124: ...ach interface can be applied then Parameter NTP Server Settings Administrative status Specifies whether the NTP server is enabled or not Poll interval Defines the polling interval 64 2048 seconds for...

Page 125: ...ss which can be useful in NAT scenarios The DynDNS client will be triggered whenever a WAN or VPN link comes up Figure 5 42 Dynamic DNS Settings We provide support for a bunch of common DynDNS operato...

Page 126: ...service e g my box dyndns org Port The HTTP port of the service typically 80 Username The user name used for authenticating at the service Password The password used for authentication Protocol The p...

Page 127: ...arameter E Mail Client Settings E mail client status Administrative status of the E Mail client From e mail address E Mail address of the sender Server address SMTP server address Server port SMTP ser...

Page 128: ...NB3710 User Manual 4 0 Parameter E Mail Client Settings Password Password used for authentication...

Page 129: ...SNMP host The SNMP host or address to which the trap shall be sent SNMP port The port of the remote SNMP service Username The username for accessing the remote SNMP service Password The password for...

Page 130: ...e sms report received event to figure out whether a message has been successfully sent Received messages are pulled from the SIMs and temporarily stored on the router but get cleared after a system re...

Page 131: ...NB3710 User Manual 4 0 Figure 5 44 SMS Configuration...

Page 132: ...ng or allowing them on a per modem basis The created rules are processed by order and in case of matches will either drop or forward the incoming message before entering the system All non matching me...

Page 133: ...ers will only be able to view status values the admin user will obtain privileges to modify the system Figure 5 45 SSH and Telnet Server Please note that these services will be accessible from the WAN...

Page 134: ...r the SSH service is enabled or disabled Server port The TCP port of the service usually 22 Disable admin login Disable login for admin users Disable password based login By turning on this option all...

Page 135: ...P EXT MED MIB 1 3 6 1 4 1 31496 VENDOR MIB The VENDOR MIB tables offer some additional information over the system and its WWAN GNSS and WLAN interfaces They can be accessed over the following OIDs Pa...

Page 136: ...P Configuration Administrative status Enable or disable the SNMP agent Operation mode Specifies if agent should run in compatibilty mode or for SNMPv3 only Contact System maintainer or other contact i...

Page 137: ...to set any values However it is possible to define its communities and authoritive host which will be granted administrative access Parameter SNMPv1 v2c Authentication Read community Defines the commu...

Page 138: ...hNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 4 0 Getting the current config hash snmpget v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 314...

Page 139: ...on package It can be later activated using the following switch operators Switching to alternative software snmpset v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 3149...

Page 140: ...pset v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 53 10 0 i 1 Setting digital OUT2 snmpset v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1...

Page 141: ...mmunication will be encrypted and thus avoids any misuse of the system In order to enable HTTPS you would need to generate or upload a server certificate in the section 5 8 8 Figure 5 47 Web Server Pa...

Page 142: ...packets accordingly A takeover will happen within approximately 3 seconds as soon as the partner is not reachable anymore checked via multicast packets This may happen when one device is rebooting or...

Page 143: ...kup VID The Virtual Router ID you can theoretically run multiple instances Interface Interface on which VRRP should be performed Virtual gateway address The virtual gateway address formed by the parti...

Page 144: ...e used to set it up Parameter Voice Gateway Administration Settings Administrative status Specifies whether the gateway shall be enabled or disabled Call routing Defines who will be responsible for ca...

Page 145: ...port Specifies the agent s listening port SIP user name Specifies the username used in from headers SIP register expires Specifies the registration interval in seconds In case you are running multiple...

Page 146: ...supported Parameter Voice Gateway Endpoint Types Voice Over Mobile Endpoint for GSM UMTS LTE calls can be used for calls to mobile or landline phones SIP registrar SIP endpoint which can be a client r...

Page 147: ...ris tics and noise pickup Although the echo delay is typically short 16 ms with all headsets the echo return loss char acteristics can vary significantly and are not well known a priori to the handset...

Page 148: ...Subscriber The subscriber name of the SIP agent Host The IP address of the SIP agent Port The port of the SIP agent Username The username to authenticate at the SIP agent Password The password used f...

Page 149: ...n of calls per endpoint registration status and so on Using the SDK you can also initiate or accept a call adjust its volume level or do a hangup Anyway for simple scenarios the generic method should...

Page 150: ...r proxy Parameter X Lite Configuration User ID SIP username used in from headers i e subscriber name Domain SIP Domain used in from headers optional Authorization name Username used for authentication...

Page 151: ...the system Application area The desired application area which influences the system behaviour such as registration timeouts or other adaptions when operating in mobile enviroments Syslog redirect add...

Page 152: ...tom and are either indicating the connection status or the digital IO port status You may configure toggle mode so that the LEDs periodically cycle between the two states Time Region This page can be...

Page 153: ...Set the local time zone Daylight saving changes Enable disable daylight saving changes Figure 5 53 Regional settings Reboot This page can be used to set up a periodic automatic reboot but also to trig...

Page 154: ...s can only login via HTTPS ssh Secure authentication preferred Users will be redirected to HTTPS but can sill login via HTTP telnet User Accounts By using this page you can manage the user accounts on...

Page 155: ...irmed new password of the user Please note when adding additional admin users you are required to provide the pass word of the default administrator Remote Authentication A RADIUS server can be used f...

Page 156: ...NB3710 User Manual 4 0 Figure 5 55 Remote Authentication...

Page 157: ...ious software within the same release line which is accomplished by sorting out unknown configuration directives which actually may lead to loss of settings and features Therefore it s always a good i...

Page 158: ...cated by a faster green blinking of the Status LED 5 8 4 Module Firmware Update This menu can be used to perform a firmware update of a specific module Parameter Module Firmware Update Update operatio...

Page 159: ...other essential files such as certificates in the root directory Manual File Configuration Figure 5 56 Manual File Configuration This section can be used to download the currently running system conf...

Page 160: ...NB3710 User Manual 4 0 Figure 5 57 Automatic File Configuration...

Page 161: ...ll be lost This procedure can also be initiated by pressing and holding the Reset button for at least five seconds A successfully initiated factory reset can be noticed by all LEDs having been turned...

Page 162: ...NB3710 User Manual 4 0 the default settings can be achieved by restoring the original factory configuration and initiating the factory reset again...

Page 163: ...as root and typing tail log Furthermore the system log can be redirected to a syslog server see section 5 8 1 Tech Support You can generate and download a tech support file here We strongly recommend...

Page 164: ...NB3710 User Manual 4 0 Figure 5 59 Log Viewer...

Page 165: ...NB3710 User Manual 4 0 Figure 5 60 Tech Support File...

Page 166: ...61 Keys and certificates The entry pages shows an overview about installed keys and certificates The following sections may appear Type Description Root CA The root Certificate Authority CA which issu...

Page 167: ...ions Operation Description generate locally Generate key and certificate locally on the box see 5 8 8 for more options upload files Key and certificate will be uploaded We support files in PKCS12 PKCS...

Page 168: ...igning requests are generated locally the following settings will be take into account Parameter Certificate Configuration Organisation O The certificate owner s organization Department OU The name of...

Page 169: ...s and also run a certificate revokation list CRL When importing keys the certificate and key file can be uploaded individually encoded in PEM DER or PKCS7 format All files CA certificate certificate a...

Page 170: ...errupted enrollment request and it will be resumed using the previously generated key In case a request has been rejected you are required to erase the certificate first and then start the enrollment...

Page 171: ...id license to be present in the system some of them also depend on the mounted modules Please contact us for getting a valid license for available components and we will provide a license file based o...

Page 172: ...ss or implied To obtain the corresponding open source codes covered by these licenses please contact our technical support at router support netmodule com Acknowledgements This product includes PHP fr...

Page 173: ...NB3710 User Manual 4 0 5 9 LOGOUT Please use this menu to log out from the Web Manager...

Page 174: ...e shell Please note that each CLI session will perform an automatic logout as soon as a certain time of inactivity 10 minutes by default has been reached It can be turned off by the command no autolog...

Page 175: ...the line CTRL t Drag the character before point forward moving point forward as well if point is at the end of the line then this transposes the two characters before the point ALT t Drag the word bef...

Page 176: ...actory defaults reboot Reboot system shell Run shell command help Print help for command no autologout Turn off auto logout history Show command history exit Exit 6 3 Getting Config Parameters The get...

Page 177: ...system System information configuration Configuration information license License information wwan WWAN module status wlan WLAN module status gnss GNSS GPS module status eth Ethernet interface status...

Page 178: ...t 6 7 Sending E Mail or SMS The send command can be used to send a message via E Mail SMS to the specified address or phone number send h Usage send h type dest msg Options type type of message to be...

Page 179: ...ou may also run update software latest to install the latest version from our server 6 9 Manage keys and certificates The cert command can be used to manage keys and certificates cert h Usage cert h p...

Page 180: ...network Networking openvpn OpenVPN connections pptp PPTP connections qos QoS daemon smsd SMS daemon snmpd SNMP daemon surveyor Supervision daemon syslog Syslog daemon telnet Telnet server usbipd USB...

Page 181: ...ing System The reset command can be used to reset the router back to factory defaults reset h Usage reset h 6 13 Rebooting System The reboot command can be used to reboot the router reboot h Usage reb...

Page 182: ...e cliphp status configuration parameter cliphp status 0 Service is disabled cliphp status 1 Service is enabled This section describes the CLI PHP interface for Version 2 It accepts POST and GET reques...

Page 183: ...n the format return msg with return values of OK if succeeded and ERROR if failed Any output from the commands will be appended Examples OK status command successful ERROR authentication failed status...

Page 184: ...ey usage command set arg0 config key arg1 config value arg2 config key arg3 config value Notes In contrast to the other commands this command requires a set of tuples because of the reserved char i e...

Page 185: ...html usr admin pwd admin01 command reboot reset Run factory reset Key usage command reset Examples http 192 168 1 1 cli php version 2 output html usr admin pwd admin01 command reset update Update sys...

Page 186: ...international format such as 123456789 including a leading plus sign which can be encoded with 2B The SMS daemon must be properly configured prior to using that function Examples http 192 168 1 1 cli...

Page 187: ...p 192 168 1 1 cli php version 2 output mime usr admin pwd admin01 command send arg0 techsupport arg1 stdout http 192 168 1 1 cli php version 2 output html usr admin pwd admin01 command send arg0 techs...

Page 188: ...N tunnel interface based on TUN TAPx Specifies an OpenVPN tunnel interface based on TAP PPTPx Specifies a PPTP tunnel interface MOBILEIPx Refers to a Mobile IP tunnel interface SIMx Specifies the SIM...

Page 189: ...e used to program ap plications CLI Command Line Interface a generic interface to query the router or perform system tasks SIM Subscriber Identity Module SMS Short Message Service SSID Service Set Ide...

Page 190: ...ower case and may have a different naming Their index starts from zero whereas interfaces seen by the user will be written in capital letters starting from one A 2 System Events ID Event Description 1...

Page 191: ...wn 412 gre up GRE connection came up 413 gre down GRE connection went down 501 system login failed User login failed 502 system login succeeded User login succeeded 503 system logout User logged out 5...

Page 192: ...orage device has been added 902 usb storage removed USB storage device has been removed 903 usb eth added USB Ethernet device has been added 904 usb eth removed USB Ethernet device has been removed 90...

Page 193: ...uration The factory configuration including default values for any configuration parameter can be derived from the file etc config factory config cfg on the router You may also call cli get f paramete...

Page 194: ...MODULE IDENTITY LAST UPDATED 201607121200 Z ORGANIZATION NetModule AG CONTACT INFO NetModule AG Switzerland DESCRIPTION MIB module which defines the NB router specific entities REVISION 201607121200...

Page 195: ...The currently installed kernel version admin 2 serialNumber OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION The serial number of the device admin 3 configDesc OBJECT T...

Page 196: ...e when the alternative configuration shall be activated admin 14 Configuration Update configUpdate OBJECT TYPE SYNTAX URLString MAX ACCESS read write STATUS current DESCRIPTION Update the system confi...

Page 197: ...le admin 26 softwareUpdateError OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION The error code of the last software update admin 27 softwareUpdated OBJECT TYPE SYNTAX Date...

Page 198: ...ECT TYPE SYNTAX INTEGER succeeded 1 failed 2 inprogress 3 notstarted 4 MAX ACCESS read only STATUS current DESCRIPTION The status of the last syslog upload cycle admin 41 Upload Config configUpload OB...

Page 199: ...MAX ACCESS read only STATUS current DESCRIPTION WWAN modem type nbWwanEntry 3 wwanServiceType OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION The current service type...

Page 200: ...T TYPE SYNTAX NBGnssEntry MAX ACCESS not accessible STATUS current DESCRIPTION An entry describing a GNSS device and its current settings INDEX gnssIndex nbGnssTable 1 NBGnssEntry SEQUENCE gnssIndex I...

Page 201: ...lanEntry OBJECT TYPE SYNTAX NBWlanEntry MAX ACCESS not accessible STATUS current DESCRIPTION An entry describing a WLAN modem and its current settings INDEX wlanModuleIndex nbWlanTable 1 NBWlanEntry S...

Page 202: ...splayString wanLinkAddress DisplayString wanLinkGateway DisplayString wanLinkPassthru DisplayString wanDialAttempts Integer32 wanDialSuccess Integer32 wanDialFailures Integer32 wanDataDownloaded Integ...

Page 203: ...ialAttempts OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION WAN link dial attempts nbWanEntry 10 wanDialSuccess OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS cu...

Page 204: ...of digital I O port IN2 dio 2 dioStatusOut1 OBJECT TYPE SYNTAX INTEGER off 0 on 1 MAX ACCESS read only STATUS current DESCRIPTION The current value of digital I O port OUT1 dio 3 dioStatusOut2 OBJECT...

Page 205: ...out1 on NOTIFICATION TYPE STATUS current DESCRIPTION DIO OUT1 turned on events 205 dio out1 off NOTIFICATION TYPE STATUS current DESCRIPTION DIO OUT1 turned off events 206 dio out2 on NOTIFICATION TY...

Page 206: ...N GRE connection came up events 412 gre down NOTIFICATION TYPE STATUS current DESCRIPTION GRE connection went down events 413 system login failed NOTIFICATION TYPE STATUS current DESCRIPTION User logi...

Page 207: ...ents 801 ddns update failed NOTIFICATION TYPE STATUS current DESCRIPTION Dynamic DNS update failed events 802 usb storage added NOTIFICATION TYPE STATUS current DESCRIPTION USB storage device has been...

Page 208: ...script implements a lightweight SMTP server which is able to receive mail and forward them as SMS to a phone number etherwake are This script can be used to wake up a sleeping host WakeOn Lan gps bro...

Page 209: ...an are This script can be used to switch the WLAN client network according to availability send mail are This script will send an E Mail to the specified address send sms are This script will send an...

Page 210: ...e This script sends a message to a TCP server tcpserver are This script implements a TCP server which is able to receive messages techsupport are This transfers a techsupport to a remote FTP server tr...

Page 211: ...NB3710 User Manual 4 0 Event Description Table A 3 SDK Examples...

Reviews:

No comments

Brands by name

Popular brands

Load more brands