manualshive.com logo in svg

NetModule NB3711, User Manual

The NetModule NB3711 is a robust industrial router designed for reliable communication in demanding environments. Ensure smooth operation by downloading the free User Manual from our website. This comprehensive manual includes step-by-step instructions and troubleshooting tips to optimize the performance of your NetModule NB3711. Download now from manualshive.com.

Share
Download
background image

NB3711 User Manual 4.0

5.6.2. IPsec

IPsec is a protocol suite for securing IP communications by authenticating and encrypt-
ing each packet of a communication session and thus establishing a secure virtual private
network.

IPsec includes various cryptographic protocols and ciphers for key exchange and data
encryption and can be seen as one of the strongest VPN technologies in terms of security.
It uses the following mechanisms:

Mechanism

Description

AH

Authentication Headers (AH) provide connectionless integrity and data origin
authentication for IP datagrams and ensure protection against replay attacks.

ESP

Encapsulating Security Payloads (ESP) provide confidentiality, data-origin
authentication, connectionless integrity, an anti-replay service and limited
traffic-flow confidentiality.

SA

Security Associations (SA) provide a secure channel and a bundle of algo-
rithms that provide the parameters necessary to operate the AH and/or ESP
operations. The Internet Security Association Key Management Protocol
(ISAKMP) provides a framework for authenticated key exchange.

Negotating keys for encryption and authentication is generally done by the Internet Key
Exchange protocol (IKE) which consists of two phases:

Phase

Description

IKE
phase
1

IKE authenticates the peer during this phase for setting up an ISAKMP se-
cure association. This can be carried out by either using

main

or

aggressive

mode. The

main

mode approach utilizes the Diffie-Hellman key exchange and

authentication is always encrypted with the negotiated key.The

aggressive

mode just uses hashes of the pre-shared key and therefore represents a less-
secure mechanism which should generally be avoided as it is prone to dictio-
nary attacks.

IKE
phase
2

IKE finally negotiates IPSec SA parameters and keys and sets up matching
IPSec SAs in the peers which is required for AH/ESP later on.

Administration

This page can be used to enable/disable IPsec, you may also specify whether NAT-
Traversal should be used.

NAT-Traversal is mainly used for connections which traverse a path where a router

97

Summary of Contents for NB3711

Page 1: ...NetModule Router NB3711 User Manual for Software Version 4 0 Manual Version 0 9 Draft NetModule AG Switzerland August 3 2016...

Page 2: ...rieval system adopted or transmitted in any form or by any means electronic mechanical photographic graphic optic or otherwise or translated in any language or computer language without the prior writ...

Page 3: ...PS 12 3 2 5 USB 2 0 Host Port 12 3 2 6 M12 Ethernet Connectors 13 3 2 7 Power Supply 14 3 2 8 Digital Inputs and Outputs 15 3 2 9 Extension Connector 16 3 3 Data Storage Option Dx 21 4 Installation 22...

Page 4: ...outes 65 5 4 2 Extended Routing 67 5 4 3 Multipath Routes 69 5 4 4 Mobile IP 70 5 4 5 Quality Of Service 73 5 4 6 Multicast 75 5 4 7 OSPF 76 5 4 8 BGP 78 5 5 FIREWALL 79 5 5 1 Administration 79 5 5 2...

Page 5: ...ce 169 5 9 LOGOUT 170 6 Command Line Interface 171 6 1 General Usage 171 6 2 Print Help 172 6 3 Getting Config Parameters 173 6 4 Setting Config Parameters 173 6 5 Getting Status Information 174 6 6 S...

Page 6: ...N IP Configuration 54 5 15 USB Administration 55 5 16 USB Device Management 56 5 17 Serial Port Administration 58 5 18 Serial Port Settings 59 5 19 Digital I O Ports 61 5 20 Static Routing 65 5 21 Ext...

Page 7: ...5 49 Voice Gateway Administration 139 5 50 Voice Gateway Endpoint Configuration 141 5 51 Voice Gateway Routing Configuration 144 5 52 System 146 5 53 Regional settings 148 5 54 User Accounts 151 5 55...

Page 8: ...P1 EP2 17 3 19 CAN Port Specification 17 3 20 Pin Assignments of CAN Port Signals EP1 EP2 18 3 21 IBIS Port Specification 18 3 22 Pin Assignments of IBIS Port Signals EP1 EP2 18 3 23 Non isolated RS 2...

Page 9: ...the router and its features The following chapters describe any aspects of commissioning the device installation procedure and provide helpful information towards configuration and maintenance Please...

Page 10: ...Possible antenna circuits must be limited to over voltage transient levels below 1 500 VDC according to IEC 60950 1 TNV 1 circuit levels by using safety approved components NB3711 routers shall only b...

Page 11: ...a working system configuration It can be downloaded using the Web Manager and easily applied to a newer software release afterwards as we generally guarantee backward compatibility 2 2 Declaration of...

Page 12: ...ource codes covered by these licenses please contact our technical support at router support netmodule com Acknowledgements This product includes PHP freely available from http www php net Software de...

Page 13: ...1 is being established m off Mobile connection 1 is down Mob2 lll 1 on Mobile connection 2 is up l blinking Mobile connection 2 is being established m off Mobile connection 2 is down WLAN1 lll 1 on W...

Page 14: ...f Normally closed output port 2 is open DI1 l on Input port 1 is set m off Input port 1 is not set DI2 l on Input port 2 is set m off Input port 2 is not set Ext1 l on Extension port 1 is on m off Ext...

Page 15: ...sed connect a yellow green marked cable with at least 6mm2 copper area Avoid corrosion and protect the screws against loosening Power Front Power supply galvanically isolated Digital I O Front Galvani...

Page 16: ...Mbps downlink 50 Mbps uplink DC HSPA 42 5 76 GSM R Option Gr Feature Specification Frequency bands GSM R EGSM900 GSM1800 Mode Data only Data rate GPRS class 10 up to 85 6 kbps DL and 42 8 kbps UL Tabl...

Page 17: ...passive Table 3 6 GPS Specifications GNSS Option Ge The GNSS module supports Dead Reckoning with onboard 3D accelerometer and 3D gyroscope Feature Specification Systems GPS GLONASS BeiDu Galileo read...

Page 18: ...tion The five Ethernet ports have following specification Feature Specification Isolation 1500 Vrms Speed 10 100 Mbps Mode Half Full Duplex Crossover Automatic MDI MDI X Table 3 9 Ethernet Port Specif...

Page 19: ...Max power consumption 15 W Galvanic isolation yes 1500 VDC according to EN 50155 EN 60950 Power Interruption Class S2 Sustains interruptions up to 10 ms there are no batteries included Connector type...

Page 20: ...3 13 Isolated Digital Outputs Specification Isolated Inputs The isolated digital input ports have the following specification Feature Specification Number of inputs 2 Maximum input voltage 40 VDC Mini...

Page 21: ...ports Pins 1 to 4 represent Extension Port 1 EP1 and pin 5 to 8 represent Extension Port 2 EP2 On both EP1 and EP2 the following interfaces may be present Non isolated RS 232 Default configuration on...

Page 22: ...ic isolation functional max 250 VDC Table 3 17 Audio Port Specification EP Pins Signal 1 5 Input Channel 2 6 Input Channel 3 7 Output Channel 4 8 Output Channel Table 3 18 Pin Assignments of Audio Por...

Page 23: ...type IBIS Peripherieger t according to VDV300 and VDV301 Speed 1200 Baud Galvanic isolation 1500 VDC Table 3 21 IBIS Port Specification EP Pins Signal 1 5 Call Signal 2 6 Call GND Aufrufbus 3 7 Reply...

Page 24: ...30 400 460 800 Data bits 7 bit 8 bit Parity none odd even Stop bits 1 2 Software flow control None XON XOFF Hardware flow control None Galvanic isolation None Table 3 23 Non isolated RS 232 Port Speci...

Page 25: ...ty none odd even Stop bits 1 2 Software flow control None XON XOFF Hardware flow control None Galvanic isolation 1500 VDC Table 3 25 Isolated RS 232 Port Specification EP Pins Signal 1 5 GND 2 6 TxD 3...

Page 26: ...TxD RxD B 4 8 Table 3 28 Pin Assignments of RS 485 Port Signals EP1 EP2 3 3 Data Storage Option Dx The integrated mass storage works independently of any router functionalities and is dedicated for c...

Page 27: ...egree 2 Ingress Protection Rating IP40 with SIM and USB covers mounted Table 4 1 Operating Conditions Important When using the Pb variant with an input voltage greather than 60 VDC the router MUST be...

Page 28: ...e necessary to use remote antennas together with an extended cable to reach a better location offering an adequate signal In doubt please contact us and we would be pleased to assist you in figuring o...

Page 29: ...ight other wise experience sporadical link loss during operation The Link Act LED will lit up as soon as the device has synced If not it might be necessary to configure a different link setting as des...

Page 30: ...and Line Interface CLI and set configuration parameters directly The IP address of Ethernet1 is 192 168 1 1 and the Dynamic Host Configuration Pro tocol DHCP is activated on the interface by default T...

Page 31: ...e admin password will be also applied for the root user which can be used to access the device via the serial console telnet SSH or to enter the bootloader You may also configure additional users whic...

Page 32: ...of your local computer You will also see the kernel messages at bootup there 3 Recovery Image In severe cases we can provide a recovery image on demand which can be loaded into RAM via TFTP and execu...

Page 33: ...outer s interfaces WAN This page offers details about any enabled Wide Area Network WAN links such as the IP addresses network information signal strength etc The information about the amount of downl...

Page 34: ...on LAN This page shows information about the LAN interfaces plus the neighborhood informa tion DHCP This page offers details about any activated DHCP service including a list of issued DHCP leases Ope...

Page 35: ...en Shortest Path First routing protocol DynDNS This page provides information about Dynamic DNS System Status The system status page displays various details of your NB3711 router including system det...

Page 36: ...n your hardware model WAN links can be made up of either Wireless Wide Area Network WWAN Wireless LAN WLAN Ethernet or PPP over Ethernet PPPoE connections Please note that each WAN link has to be conf...

Page 37: ...permanently in order to minimize link downtime Parameter WAN Link Priorities 1st priority The primary link which will be used whenever possible 2nd priority The first fallback link it can be enabled p...

Page 38: ...e of firewall issues Once established the Web Manager can be reached over port 8080 using the WAN address but still over the LAN1 interface using port 80 Parameter WAN Link Operation Modes disabled Li...

Page 39: ...any negative side effects the number of bytes in the data segment and the headers must not add up to more than the number of bytes in the Maximum Transmission Unit MTU The MTU can be configured per e...

Page 40: ...sion Settings Link The WAN link to be monitored can be ANY Mode Specifies whether the link shall only be monitored if being up e g for using a VPN tunnel or if connectivity shall be also validated at...

Page 41: ...transmitted in case a first ping failed Max number of failed trials The maximum number of failed ping trials until the link will be declared as down Emergency action The emergency action which should...

Page 42: ...WAN link The LAN10 interface will be available as soon as a pre configured USB Ethernet device has been plugged in Ethernet Port Assignment Figure 5 6 Ethernet Ports This menu can be used to individua...

Page 43: ...Ethernet port individually Most devices support auto negotiation which will configure the link speed automatically to comply with other devices in the network In case of negotiation problems you may...

Page 44: ...ted virtual interface Any untagged packets as well as packets with an unassigned ID will be distributed to the native interface Figure 5 8 VLAN Management In order to form a distinctive subnet the net...

Page 45: ...NB3711 User Manual 4 0 Parameter VLAN Priority Levels 3 Critical Applications 4 Video 100 ms latency and jitter 5 Voice 10 ms latency and jitter 6 Internetwork Control 7 Network Control 45...

Page 46: ...lly in the DNS server config uration menu But as soon as a link comes up it will use the interface specific name servers e g the ones being retrieved over DHCP and update the resolver configuration ac...

Page 47: ...ettings address subnet gateway DNS server will be retrieved from a DHCP server in the network You may also define static values but caution has to be taken to assign an unique IP address as it would o...

Page 48: ...egistering to a network usually takes some time and depends on signal strength and possible radio interferences You may hit the Update button at any time in order to restart PIN unlocking and trigger...

Page 49: ...e Please check the account details associated with your purchased SIM and figure out whether it is protected with a PIN PIN code The PIN code for unlocking the SIM card SMS gateway The service center...

Page 50: ...NB3711 User Manual 4 0 mentary Service Data USSD requests e g for querying the available balance of a prepaid account 50...

Page 51: ...to section 5 8 7 or consult the system log files for troubleshooting the problem in case the connection did not come up Figure 5 11 WWAN Interfaces The following mobile settings are required Parameter...

Page 52: ...ings Parameter WAN Advanced Parameters Required signal strength Sets a minimum required signal strength before the connec tion is dialed Home network only Determines whether the connection should only...

Page 53: ...ained IP interface which can be used for routing and to provide services such as DHCP DNS NTP in the same way like an Ethernet LAN interface does Figure 5 12 WLAN Management If the administrative stat...

Page 54: ...country the Router operates in Number of antennas Set the number of connected antennas Antenna gain Specify the antenna gain for the connected antennas Please refer to the antennas datasheet for the...

Page 55: ...40 80 MHz 866 7 Mbit s Table 5 18 IEEE 802 11 Network Standards Note NetModule Routers with 802 11n and 802 11ac support 2x2 MIMO Prior to setting up an access point it is always a good idea to run a...

Page 56: ...ned by the operator of the remote access point Parameter WLAN Client Configuration SSID The network name called SSID Security mode The desired security mode WPA WPA2 mixed mode WPA2 should be preferre...

Page 57: ...ess point mode you can create up to 4 SSIDs with each running their own network configuration The networks can be individually bridged to a LAN interface or operate as dedicated interface in routing m...

Page 58: ...ise the key passphrase for WPA EAP TLS Force PMF Enables Protected Management Frames Hide SSID Hides the SSID Isolate clients Disables client to client communication Accounting Sets accounting profile...

Page 59: ...subnet However for multiple SSIDs we strongly recommend to set up separated interfaces in routing mode in order to avoid unwanted access and traffic between the interfaces The corresponding DHCP serv...

Page 60: ...inistrative status Specifies whether devices shall be recognized Enable hotplug Specifies whether device shall be recognized if plugged in during runtime or only at bootup Enable USB IP device server...

Page 61: ...USB Devices This page show the currently connected devices and it can be used to enable a specific device based on its Vendor and Product ID Only enabled devices will be recognized by the system and r...

Page 62: ...e dur ing authentication which can be used for setting up more systems with different admin passwords For new devices with an empty password the hash key e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b93...

Page 63: ...ed to open a console which can be ac cessed with a serial terminal client from the other side It will provide helpful bootup and kernel messages and spawns a login shell so that users can login to the...

Page 64: ...data bits contained in each frame Parity Specifies the parity used for every frame that is transmitted or received Stop bits Specifies the number of stop bits used to indicate the end of a frame Softw...

Page 65: ...conds before the port will be disconnected if there is no activity on it A zero value disables this function Allow remote control Allow remote control ala RFC 2217 of the serial port Show banner Show...

Page 66: ...s You can apply the following settings Parameter Digital I O Settings DO1 after reboot Initial status of DO1 after system has booted DO2 after reboot Initial status of DO2 after system has booted Besi...

Page 67: ...either standalone or assisted for A GPS Antenna type The type of the connected GPS antenna either passive or actively 3 volt powered Accuracy The desired accuracy in meters Fix frame interval The amo...

Page 68: ...ating the position as stated in GPGGA frames Dilution of precision The dilution of precision as stated in GPGSA frames Furtheron each satellite also comes with the following details Parameter GNSS Sat...

Page 69: ...tion after which an emergency action will be taken Emergency action The corresponding emergency action You can either let just restart the server which also re initializes GPS on the module or also re...

Page 70: ...choose the route interface automatically depending on the best matching network configured for an interface Figure 5 20 Static Routing In general host routes precede network routes and network routes...

Page 71: ...ace default 0 higher met rics have the effect of making a route less favorable Flags A ctive P ersistent H ost Route N etwork Route D efault Route The flags obtain the following meanings Flag Descript...

Page 72: ...k but also a source address netmask incoming interface and the type of service TOS of packets Parameter Extended Route Configuration Source address The source address of a packet Source netmask The so...

Page 73: ...Manual 4 0 Parameter Extended Route Configuration Route to Specifies the target interface or gateway to where the packet should get routed to discard if down Discard packets if the specified interface...

Page 74: ...rfaces have to be defined to establish multipath routing Additional interfaces can be added by pressing the plus sign Parameter Add Multipath Routes Target network net mask Defines the target network...

Page 75: ...ss called the care of address in MIP terms of the mobile node has changed The home agent will then encapsulate packets destined to a mobile node s home address into a tunnel packet containing the curr...

Page 76: ...This is a 32 bit hexadecimal value Authentication type The used authentication algorithm This can be prefix suffix md5 default for MIP or hmac md5 Shared secret The shared secret used for authenticati...

Page 77: ...identifying the secu rity context for the tunnel between the mobile node and the home agent This is used to distinguish mobile nodes from each other Therefore each mobile node needs to be assigned a...

Page 78: ...ch QoS should be active Parameter QoS Interface Parameters Interface The WAN interface on which QoS should be active Bandwidth congestion The bandwidth congestion method In case of auto the system wil...

Page 79: ...tream bandwidth of QoS Interface Parameters Set TOS The TOS DiffServ value to set on matching packets You can now configure and assign any services to each queue The following parameters apply Paramet...

Page 80: ...owards the down stream interfaces on which hosts have joined the groups Parameter Multicast Routing Settings Administrative status Specifies whether multicast routing is active Incoming interface The...

Page 81: ...he VRRP redundancy protocol The interfaces tab is used to define OSPF specific settings for the IP interfaces of the router If no settings are defined for a specific interface default settings will be...

Page 82: ...NB3711 User Manual 4 0 Parameter OSPF Networks Area Routing area to which this interface belongs 0 65535 0 means backbone 82...

Page 83: ...n VRRP slave Disables the BGP protocol when the router is set to slave mode by the VRRP redundancy protocol The neighbors tab is used to configure all the BGP routers to peer with Parameter BGP Neighb...

Page 84: ...page can be used to enable and disable firewalling When turning it on a shortcut can be used to generate a predefined set of rules which allow administration over HTTP HTTPS SSH or TELNET by default b...

Page 85: ...ckets which are not matching any of the rules configured will be ALLOWED Figure 5 25 Firewall Rules Parameter Firewall Rule Configuration Description A meaningful description about the purpose of this...

Page 86: ...interface The interface on which matching packets are received Protocol The used IP protocol of matching packets UDP TCP or ICMP Destination port s The destination port of matching packets which can...

Page 87: ...6 Masquerading The administration page lets you specify the interfaces on which masquerading will be performed NAT will hereby use the address of the selected interface and choose a random source port...

Page 88: ...ningful description of this rule Incoming interface The interface from which matching packets are received Source The source address or network from which matching packets are received Target address...

Page 89: ...ts optional Protocol The used protocol of matching packets Ports The used UDP TCP port of matching packets Rewrite source address The address to which the source address of matching packets shall be r...

Page 90: ...NB3711 User Manual 4 0 Figure 5 27 Inbound NAPT 90...

Page 91: ...ndard configuration or upload an expert mode file which has been created in advance Refer to chapter 5 6 1 to learn more about how to manage clients and generate the files Parameter OpenVPN Configurat...

Page 92: ...NB3711 User Manual 4 0 Figure 5 29 OpenVPN Configuration 92...

Page 93: ...e tunnel protocol to be used for the transport connection Network mode Defines how the packets should be forwarded which can be either routed or bridged from to a particular LAN interface If required...

Page 94: ...ameservers which have been negotiated over the tunnel OpenVPN Expert Configuration Client The expert configuration mode offers a straightforward way to configure a tunnel by simply uploading a zip pac...

Page 95: ...clients can be seen on this page including the connect time and IP address You may kick connected clients by disabling them In the Networking section you can specify a fixed tunnel endpoint address f...

Page 96: ...NB3711 User Manual 4 0 Figure 5 30 OpenVPN Client Management 96...

Page 97: ...and or ESP operations The Internet Security Association Key Management Protocol ISAKMP provides a framework for authenticated key exchange Negotating keys for encryption and authentication is general...

Page 98: ...NB3711 User Manual 4 0 Figure 5 31 IPsec Administration 98...

Page 99: ...ning NAT Traversal makes IKE using UDP port 4500 rather than 500 which has to be taken into account when setting up firewall rules Configuration Figure 5 32 IPsec Configuration General For setting up...

Page 100: ...pre shared keys PSK or certifi cates within a public key infrastructure Extended Authentication XAUTH leverages RADIUS like authentication and can be used to apply user level access control over IPSec...

Page 101: ...we recommend AES256 Authentication algo rithm The desired IKE authentication method we prefer SHA1 over MD5 IKE Diffie Hellman Group The IKE Diffie Hellman Group SA life time The lifetime of Security...

Page 102: ...ed when a valid SA with matching source and destination network is present Therefore you may need to specify the networks right and left of the endpoints by applying the following settings Parameter I...

Page 103: ...ure but it still provides a straightforward way for establishing tunnels Figure 5 33 PPTP Administration When setting up a PPTP tunnel you would need to choose between server or client A client tunnel...

Page 104: ...NB3711 User Manual 4 0 Figure 5 34 PPTP Tunnel Configuration 104...

Page 105: ...s Server address The server address within the tunnel Client address range Specifies a range of IP addresses assigned to each client PPTP Client Management PPTP clients for a server tunnel need to be...

Page 106: ...uired for setting up a tunnel Parameter GRE Configuration Peer address The IP address of the remote peer Interface The device type for this tunnel Local tunnel address The local IP address of the tunn...

Page 107: ...ttings The following settings can be set Parameter Dial in Server Configuration Administrative status Specifies whether incoming calls shall be answered or not Modem Specifies the modem on which calls...

Page 108: ...NB3711 User Manual 4 0 as GSM voice calls they suffer from unreliability and poor bandwidth 108...

Page 109: ...e specific Application Programming Interface API which ships with a comprehensive set of functions for accessing hardware interfaces e g digital IO ports GPS external storage media serial ports but al...

Page 110: ...btained from the NetModule support web page gives a detailed introduction of the language including a description of all available functions SDK API Functions The current range of API functions can be...

Page 111: ...of variables for a specific section a list of available sections can be obtained by running cli status h By using the dump function you can figure out the content of the returned structure dump curre...

Page 112: ...Manual 4 0 wanlink 0 mode wanlink 0 name wanlink 0 prio wanlink 0 weight Running the CLI in interactive mode you will be also able to step through possible configuration parameters by the help of the...

Page 113: ...telling the router when the script is to be executed This can be either time based e g each Monday or triggered by one of the pre defined system events e g wan up as described in Events chapter 5 7 7...

Page 114: ...NB3711 User Manual 4 0 Figure 5 37 SDK Administration 114...

Page 115: ...ovides an overview about any finished jobs you can also stop a running job there and view the script output in the troubleshooting section where you will also find links for downloading the manuals an...

Page 116: ...es the trigger that should launch the job Script Specifies the script to be executed Arguments Defines arguments which can be passed to the script sup ports quoting they will precede the arguments you...

Page 117: ...NB3711 User Manual 4 0 Figure 5 38 SDK Jobs 117...

Page 118: ...der The source code is listed in the appendix Once enabled you can send a message to the phone number associated with a SIM modem It generally requires a password to be given on the first line and a c...

Page 119: ...digital output port output 2 on Turns on the second digital output port output 2 off Turns off the second digital output port Table 5 79 SMS Control Commands A response to the status command typicall...

Page 120: ...his range Lease duration Number of seconds how long a given lease shall be valid until it has to be requested again Persistent leases By turning on this option the router will remember issued leases e...

Page 121: ...NB3711 User Manual 4 0 Figure 5 39 DHCP Server 121...

Page 122: ...resses for particular host names Figure 5 40 DNS Server The following settings can be applied Parameter DNS Server Settings Administrative status Enables or disables the DNS server Domain name The dom...

Page 123: ...nual 4 0 names Parameter DNS Static Hosts Settings Address The IP address of the static host Hostname The hostname of the static host Please remember to point DNS lookups of local hosts to the router...

Page 124: ...h interface can be applied then Parameter NTP Server Settings Administrative status Specifies whether the NTP server is enabled or not Poll interval Defines the polling interval 64 2048 seconds for sy...

Page 125: ...which can be useful in NAT scenarios The DynDNS client will be triggered whenever a WAN or VPN link comes up Figure 5 42 Dynamic DNS Settings We provide support for a bunch of common DynDNS operators...

Page 126: ...ervice e g my box dyndns org Port The HTTP port of the service typically 80 Username The user name used for authenticating at the service Password The password used for authentication Protocol The pro...

Page 127: ...ameter E Mail Client Settings E mail client status Administrative status of the E Mail client From e mail address E Mail address of the sender Server address SMTP server address Server port SMTP serve...

Page 128: ...NB3711 User Manual 4 0 Parameter E Mail Client Settings Password Password used for authentication 128...

Page 129: ...NMP host The SNMP host or address to which the trap shall be sent SNMP port The port of the remote SNMP service Username The username for accessing the remote SNMP service Password The password for ac...

Page 130: ...sms report received event to figure out whether a message has been successfully sent Received messages are pulled from the SIMs and temporarily stored on the router but get cleared after a system rebo...

Page 131: ...NB3711 User Manual 4 0 Figure 5 44 SMS Configuration 131...

Page 132: ...or allowing them on a per modem basis The created rules are processed by order and in case of matches will either drop or forward the incoming message before entering the system All non matching mess...

Page 133: ...s will only be able to view status values the admin user will obtain privileges to modify the system Figure 5 45 SSH and Telnet Server Please note that these services will be accessible from the WAN i...

Page 134: ...the SSH service is enabled or disabled Server port The TCP port of the service usually 22 Disable admin login Disable login for admin users Disable password based login By turning on this option all u...

Page 135: ...1 5 4795 LLDP EXT MED MIB 1 3 6 1 4 1 31496 VENDOR MIB The VENDOR MIB tables offer some additional information over the system and its WWAN GNSS and WLAN interfaces They can be accessed over the follo...

Page 136: ...Administrative status Enable or disable the SNMP agent Operation mode Specifies if agent should run in compatibilty mode or for SNMPv3 only Contact System maintainer or other contact information Locat...

Page 137: ...alues However it is possible to define its communities and authoritive host which will be granted administrative access Parameter SNMPv1 v2c Authentication Read community Defines the community name fo...

Page 138: ...oPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 4 0 Getting the current config hash snmpget v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496...

Page 139: ...package It can be later activated using the following switch operators Switching to alternative software snmpset v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496...

Page 140: ...et v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 53 10 0 i 1 Setting digital OUT2 snmpset v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1...

Page 141: ...unication will be encrypted and thus avoids any misuse of the system In order to enable HTTPS you would need to generate or upload a server certificate in the section 5 8 8 Figure 5 47 Web Server Para...

Page 142: ...ckets accordingly A takeover will happen within approximately 3 seconds as soon as the partner is not reachable anymore checked via multicast packets This may happen when one device is rebooting or th...

Page 143: ...p VID The Virtual Router ID you can theoretically run multiple instances Interface Interface on which VRRP should be performed Virtual gateway address The virtual gateway address formed by the partici...

Page 144: ...used to set it up Parameter Voice Gateway Administration Settings Administrative status Specifies whether the gateway shall be enabled or disabled Call routing Defines who will be responsible for call...

Page 145: ...rt Specifies the agent s listening port SIP user name Specifies the username used in from headers SIP register expires Specifies the registration interval in seconds In case you are running multiple W...

Page 146: ...pported Parameter Voice Gateway Endpoint Types Voice Over Mobile Endpoint for GSM UMTS LTE calls can be used for calls to mobile or landline phones SIP registrar SIP endpoint which can be a client reg...

Page 147: ...s tics and noise pickup Although the echo delay is typically short 16 ms with all headsets the echo return loss char acteristics can vary significantly and are not well known a priori to the handset d...

Page 148: ...ubscriber The subscriber name of the SIP agent Host The IP address of the SIP agent Port The port of the SIP agent Username The username to authenticate at the SIP agent Password The password used for...

Page 149: ...of calls per endpoint registration status and so on Using the SDK you can also initiate or accept a call adjust its volume level or do a hangup Anyway for simple scenarios the generic method should be...

Page 150: ...proxy Parameter X Lite Configuration User ID SIP username used in from headers i e subscriber name Domain SIP Domain used in from headers optional Authorization name Username used for authentication i...

Page 151: ...e system Application area The desired application area which influences the system behaviour such as registration timeouts or other adaptions when operating in mobile enviroments Syslog redirect addre...

Page 152: ...m and are either indicating the connection status or the digital IO port status You may configure toggle mode so that the LEDs periodically cycle between the two states Time Region This page can be us...

Page 153: ...multiple isolated guests on top of the host system Parameter Virtualization Techniques OS level virtualization In operating system level virtualization a system is virtual ized at the operating system...

Page 154: ...Storage Specifies the storage device on which the root filesystem of the guest will be located After having set up the guest you are required to install your favourite root filesystem to the path show...

Page 155: ...r to limit the ressources for a guest the following settings can be applied Parameter Guest Limits CPU The number of CPUs used for the guest Memory The amount of memory available for the guest Reboot...

Page 156: ...can only login via HTTPS ssh Secure authentication preferred Users will be redirected to HTTPS but can sill login via HTTP telnet User Accounts By using this page you can manage the user accounts on t...

Page 157: ...med new password of the user Please note when adding additional admin users you are required to provide the pass word of the default administrator Remote Authentication A RADIUS server can be used for...

Page 158: ...NB3711 User Manual 4 0 Figure 5 55 Remote Authentication 158...

Page 159: ...us software within the same release line which is accomplished by sorting out unknown configuration directives which actually may lead to loss of settings and features Therefore it s always a good ide...

Page 160: ...ted by a faster green blinking of the Status LED 5 8 4 Module Firmware Update This menu can be used to perform a firmware update of a specific module Parameter Module Firmware Update Update operation...

Page 161: ...ther essential files such as certificates in the root directory Manual File Configuration Figure 5 56 Manual File Configuration This section can be used to download the currently running system config...

Page 162: ...NB3711 User Manual 4 0 Figure 5 57 Automatic File Configuration 162...

Page 163: ...be lost This procedure can also be initiated by pressing and holding the Reset button for at least five seconds A successfully initiated factory reset can be noticed by all LEDs having been turned on...

Page 164: ...NB3711 User Manual 4 0 the default settings can be achieved by restoring the original factory configuration and initiating the factory reset again 164...

Page 165: ...s root and typing tail log Furthermore the system log can be redirected to a syslog server see section 5 8 1 Tech Support You can generate and download a tech support file here We strongly recommend p...

Page 166: ...NB3711 User Manual 4 0 Figure 5 59 Log Viewer 166...

Page 167: ...NB3711 User Manual 4 0 Figure 5 60 Tech Support File 167...

Page 168: ...Keys and certificates The entry pages shows an overview about installed keys and certificates The following sections may appear Type Description Root CA The root Certificate Authority CA which issues...

Page 169: ...ns Operation Description generate locally Generate key and certificate locally on the box see 5 8 8 for more options upload files Key and certificate will be uploaded We support files in PKCS12 PKCS7...

Page 170: ...ning requests are generated locally the following settings will be take into account Parameter Certificate Configuration Organisation O The certificate owner s organization Department OU The name of t...

Page 171: ...and also run a certificate revokation list CRL When importing keys the certificate and key file can be uploaded individually encoded in PEM DER or PKCS7 format All files CA certificate certificate and...

Page 172: ...rupted enrollment request and it will be resumed using the previously generated key In case a request has been rejected you are required to erase the certificate first and then start the enrollment pr...

Page 173: ...license to be present in the system some of them also depend on the mounted modules Please contact us for getting a valid license for available components and we will provide a license file based on...

Page 174: ...or implied To obtain the corresponding open source codes covered by these licenses please contact our technical support at router support netmodule com Acknowledgements This product includes PHP free...

Page 175: ...NB3711 User Manual 4 0 5 9 LOGOUT Please use this menu to log out from the Web Manager 175...

Page 176: ...shell Please note that each CLI session will perform an automatic logout as soon as a certain time of inactivity 10 minutes by default has been reached It can be turned off by the command no autologou...

Page 177: ...e line CTRL t Drag the character before point forward moving point forward as well if point is at the end of the line then this transposes the two characters before the point ALT t Drag the word befor...

Page 178: ...tory defaults reboot Reboot system shell Run shell command help Print help for command no autologout Turn off auto logout history Show command history exit Exit 6 3 Getting Config Parameters The get c...

Page 179: ...ystem System information configuration Configuration information license License information wwan WWAN module status wlan WLAN module status gnss GNSS GPS module status eth Ethernet interface status l...

Page 180: ...6 7 Sending E Mail or SMS The send command can be used to send a message via E Mail SMS to the specified address or phone number send h Usage send h type dest msg Options type type of message to be se...

Page 181: ...may also run update software latest to install the latest version from our server 6 9 Manage keys and certificates The cert command can be used to manage keys and certificates cert h Usage cert h p p...

Page 182: ...etwork Networking openvpn OpenVPN connections pptp PPTP connections qos QoS daemon smsd SMS daemon snmpd SNMP daemon surveyor Supervision daemon syslog Syslog daemon telnet Telnet server usbipd USB IP...

Page 183: ...g System The reset command can be used to reset the router back to factory defaults reset h Usage reset h 6 13 Rebooting System The reboot command can be used to reboot the router reboot h Usage reboo...

Page 184: ...cliphp status configuration parameter cliphp status 0 Service is disabled cliphp status 1 Service is enabled This section describes the CLI PHP interface for Version 2 It accepts POST and GET requests...

Page 185: ...e format return msg with return values of OK if succeeded and ERROR if failed Any output from the commands will be appended Examples OK status command successful ERROR authentication failed status Dis...

Page 186: ...usage command set arg0 config key arg1 config value arg2 config key arg3 config value Notes In contrast to the other commands this command requires a set of tuples because of the reserved char i e ar...

Page 187: ...ml usr admin pwd admin01 command reboot reset Run factory reset Key usage command reset Examples http 19 2 16 8 1 1 cli php version 2 output html usr admin pwd admin01 command reset update Update syst...

Page 188: ...international format such as 123456789 including a leading plus sign which can be encoded with 2B The SMS daemon must be properly configured prior to using that function Examples http 19 2 168 1 1 cli...

Page 189: ...2 16 8 1 1 cli php version 2 output mime usr admin pwd admin01 command send arg0 techsupport arg1 stdout http 19 2 168 1 1 cli php version 2 output html usr admin pwd admin01 command send arg0 techsup...

Page 190: ...tunnel interface based on TUN TAPx Specifies an OpenVPN tunnel interface based on TAP PPTPx Specifies a PPTP tunnel interface MOBILEIPx Refers to a Mobile IP tunnel interface SIMx Specifies the SIM sl...

Page 191: ...used to program ap plications CLI Command Line Interface a generic interface to query the router or perform system tasks SIM Subscriber Identity Module SMS Short Message Service SSID Service Set Ident...

Page 192: ...er case and may have a different naming Their index starts from zero whereas interfaces seen by the user will be written in capital letters starting from one A 2 System Events ID Event Description 101...

Page 193: ...412 gre up GRE connection came up 413 gre down GRE connection went down 501 system login failed User login failed 502 system login succeeded User login succeeded 503 system logout User logged out 504...

Page 194: ...age device has been added 902 usb storage removed USB storage device has been removed 903 usb eth added USB Ethernet device has been added 904 usb eth removed USB Ethernet device has been removed 905...

Page 195: ...ation The factory configuration including default values for any configuration parameter can be derived from the file etc config factory config cfg on the router You may also call cli get f parameter...

Page 196: ...ODULE IDENTITY LAST UPDATED 201607121200 Z ORGANIZATION NetModule AG CONTACT INFO NetModule AG Switzerland DESCRIPTION MIB module which defines the NB router specific entities REVISION 201607121200 Z...

Page 197: ...e currently installed kernel version admin 2 serialNumber OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION The serial number of the device admin 3 configDesc OBJECT TYP...

Page 198: ...when the alternative configuration shall be activated admin 14 Configuration Update configUpdate OBJECT TYPE SYNTAX URLString MAX ACCESS read write STATUS current DESCRIPTION Update the system configu...

Page 199: ...admin 26 softwareUpdateError OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION The error code of the last software update admin 27 softwareUpdated OBJECT TYPE SYNTAX DateAn...

Page 200: ...T TYPE SYNTAX INTEGER succeeded 1 failed 2 inprogress 3 notstarted 4 MAX ACCESS read only STATUS current DESCRIPTION The status of the last syslog upload cycle admin 41 Upload Config configUpload OBJE...

Page 201: ...AX ACCESS read only STATUS current DESCRIPTION WWAN modem type nbWwanEntry 3 wwanServiceType OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION The current service type o...

Page 202: ...TYPE SYNTAX NBGnssEntry MAX ACCESS not accessible STATUS current DESCRIPTION An entry describing a GNSS device and its current settings INDEX gnssIndex nbGnssTable 1 NBGnssEntry SEQUENCE gnssIndex Int...

Page 203: ...nEntry OBJECT TYPE SYNTAX NBWlanEntry MAX ACCESS not accessible STATUS current DESCRIPTION An entry describing a WLAN modem and its current settings INDEX wlanModuleIndex nbWlanTable 1 NBWlanEntry SEQ...

Page 204: ...layString wanLinkAddress DisplayString wanLinkGateway DisplayString wanLinkPassthru DisplayString wanDialAttempts Integer32 wanDialSuccess Integer32 wanDialFailures Integer32 wanDataDownloaded Integer...

Page 205: ...lAttempts OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION WAN link dial attempts nbWanEntry 10 wanDialSuccess OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS curr...

Page 206: ...f digital I O port IN2 dio 2 dioStatusOut1 OBJECT TYPE SYNTAX INTEGER off 0 on 1 MAX ACCESS read only STATUS current DESCRIPTION The current value of digital I O port OUT1 dio 3 dioStatusOut2 OBJECT T...

Page 207: ...ut1 on NOTIFICATION TYPE STATUS current DESCRIPTION DIO OUT1 turned on events 205 dio out1 off NOTIFICATION TYPE STATUS current DESCRIPTION DIO OUT1 turned off events 206 dio out2 on NOTIFICATION TYPE...

Page 208: ...GRE connection came up events 412 gre down NOTIFICATION TYPE STATUS current DESCRIPTION GRE connection went down events 413 system login failed NOTIFICATION TYPE STATUS current DESCRIPTION User login...

Page 209: ...ts 801 ddns update failed NOTIFICATION TYPE STATUS current DESCRIPTION Dynamic DNS update failed events 802 usb storage added NOTIFICATION TYPE STATUS current DESCRIPTION USB storage device has been a...

Page 210: ...cript implements a lightweight SMTP server which is able to receive mail and forward them as SMS to a phone number etherwake are This script can be used to wake up a sleeping host WakeOn Lan gps broad...

Page 211: ...are This script can be used to switch the WLAN client network according to availability send mail are This script will send an E Mail to the specified address send sms are This script will send an SM...

Page 212: ...This script sends a message to a TCP server tcpserver are This script implements a TCP server which is able to receive messages techsupport are This transfers a techsupport to a remote FTP server tran...

Page 213: ...NB3711 User Manual 4 0 Event Description Table A 3 SDK Examples 213...

Page 214: ......

Reviews:

No comments

Related manuals for NB3711

Paradyne 4300 Installation Instructions Manual preview
4300
Brand: Paradyne Pages: 22
TDC Netopia User Manual preview
Netopia
Brand: TDC Pages: 27
Danfoss TFX Installation And Operation Manual preview
TFX
Brand: Danfoss Pages: 61
Quantum LightSpeed Appliance QLS250 Owner'S Manual preview
LightSpeed Appliance QLS250
Brand: Quantum Pages: 12
Tripp Lite N48M Series Installation Manual preview
N48M Series
Brand: Tripp Lite Pages: 20
BSD Networks bsg-0800t User Manual preview
bsg-0800t
Brand: BSD Networks Pages: 7
Aruba IntroSpect Analyzer 2 Series Quick Start Manual preview
IntroSpect Analyzer 2 Series
Brand: Aruba Pages: 5
ZyXEL Communications Dimension ES-3124 User Manual preview
Dimension ES-3124
Brand: ZyXEL Communications Pages: 228
RAIDAGE DAGE312UTL-NAS User Manual preview
DAGE312UTL-NAS
Brand: RAIDAGE Pages: 60
Qlogic Storage Networking (Unified Fabric Pilot) Installation Manual preview
Storage Networking (Unified Fabric Pilot)
Brand: Qlogic Pages: 76
UHP UHP-1200 Installation Manual preview
UHP-1200
Brand: UHP Pages: 15
Ubiquiti LiteBeam M5-23 Quick Start Manual preview
LiteBeam M5-23
Brand: Ubiquiti Pages: 21
Lutron Electronics Smart Bridge Quick Start Manual preview
Smart Bridge
Brand: Lutron Electronics Pages: 4
Solwise 3GWIFIMRD User Manual preview
3GWIFIMRD
Brand: Solwise Pages: 231
FiberHome AN5506-04-F User Manual preview
AN5506-04-F
Brand: FiberHome Pages: 2
Microtek MiniLink Operation Manual preview
MiniLink
Brand: Microtek Pages: 25
Extron electronics VERSATOOLS MTP User Manual preview
VERSATOOLS MTP
Brand: Extron electronics Pages: 19
Edge-Core ES3510 Installation Manual preview
ES3510
Brand: Edge-Core Pages: 64

Brands by name

Popular brands

Load more brands