NetModule NG800 User Manual Download | Manualshive

Page: 99 / 223

background image

NG800
User Manual for NRSW version 4.5.0.100

5.6.2. IPsec

IPsec is a protocol suite for securing IP communications by authenticating and encrypting each packet
of a communication session and thus establishing a secure virtual private network.

IPsec includes various cryptographic protocols and ciphers for key exchange and data encryption and
can be seen as one of the strongest VPN technologies in terms of security. It uses the following
mechanisms:

Mechanism

Description

AH

Authentication Headers (AH) provide connectionless integrity and data origin authentica-
tion for IP datagrams and ensure protection against replay attacks.

ESP

Encapsulating Security Payloads (ESP) provide confidentiality, data-origin authentication,
connectionless integrity, an anti-replay service and limited traffic-flow confidentiality.

SA

Security Associations (SA) provide a secure channel and a bundle of algorithms that pro-
vide the parameters necessary to operate the AH and/or ESP operations. The Internet
Security Association Key Management Protocol (ISAKMP) provides a framework for au-
thenticated key exchange.

Negotating keys for encryption and authentication is generally done by the Internet Key Exchange
protocol (IKE) which consists of two phases:

Phase

Description

IKE
phase 1

IKE authenticates the peer during this phase for setting up an ISAKMP secure associa-
tion. This can be carried out by either using

main

or

aggressive

mode. The

main

mode

approach utilizes the Diffie-Hellman key exchange and authentication is always encrypted
with the negotiated key.The

aggressive

mode just uses hashes of the pre-shared key and

therefore represents a less-secure mechanism which should generally be avoided as it is
prone to dictionary attacks.

IKE
phase 2

IKE finally negotiates IPSec SA parameters and keys and sets up matching IPSec SAs in
the peers which is required for AH/ESP later on.

99

«
...
97
98
99
100
101
...
»

Summary of Contents for NG800

Page 1: ...NetModule Automotive Gateway NG800 User Manual for Software Version 4 5 0 100 Manual Version 2 272 NetModule AG Switzerland December 15 2020 ...

Page 2: ...y portion of it may not be copied in any form or by any means stored in a retrieval system adopted or transmitted in any form or by any means electronic mechanical photographic graphic optic or otherwise or translated in any language or computer language without the prior written permission of NetModule A large amount of the source code to this product is available under licenses which are both fr...

Page 3: ...t Ethernet 100 Base Tx Interface 24 3 4 11 Automotive Ethernet 100 Base T1 Interface 24 3 4 12 2x CAN Interface 26 3 4 13 Serial RS 232 27 4 Installation 28 4 1 Installation of SIM 28 4 2 Installation of the GSM UMTS LTE Antenna 28 4 3 Installation of the WLAN Antennas 29 4 4 Installation of the Bluetooth Antenna 29 4 5 Installation of the Local Area Network Fast Ethernet 29 4 6 Installation of th...

Page 4: ...al In 110 5 7 SERVICES 112 5 7 1 SDK 112 5 7 2 DHCP Server 121 5 7 3 DNS Server 123 5 7 4 NTP Server 126 5 7 5 Dynamic DNS 127 5 7 6 E Mail 129 5 7 7 Events 131 5 7 8 SMS 132 5 7 9 SSH Telnet Server 134 5 7 10 SNMP Agent 136 5 7 11 Web Server 141 5 7 12 MQTT Broker 142 5 7 13 Softflow 143 5 7 14 Discovery 144 5 7 15 Redundancy 145 5 7 16 ITxPT 147 5 7 17 Voice Gateway 155 5 8 SYSTEM 161 5 8 1 Syst...

Page 5: ... Status Information 187 6 7 Scanning Networks 188 6 8 Sending E Mail or SMS 188 6 9 Updating System Facilities 188 6 10 Manage keys and certificates 189 6 11 Restarting Services 189 6 12 Debug System 190 6 13 Resetting System 190 6 14 Rebooting System 191 6 15 Running Shell Commands 191 6 16 Working with History 191 6 17 CLI PHP 191 A Appendix 197 A 1 Abbrevations 197 A 2 System Events 198 A 3 Fac...

Page 6: ...n 66 5 16 Serial Port Settings 67 5 17 Static Routing 74 5 18 Extended Routing 76 5 19 Multipath Routes 77 5 20 Mobile IP 80 5 21 Firewall Groups 87 5 22 Firewall Rules 88 5 23 Masquerading 90 5 24 Inbound NAPT 91 5 25 OpenVPN Administration 93 5 26 OpenVPN Configuration 94 5 27 OpenVPN Client Management 98 5 28 IPsec Administration 100 5 29 IPsec Configuration 101 5 30 PPTP Administration 105 5 3...

Page 7: ...TxPT VEHICLEtoIP 154 5 51 Voice Gateway Administration 155 5 52 System 161 5 53 Regional settings 163 5 54 User Accounts 165 5 55 Remote Authentication 166 5 56 Manual File Configuration 171 5 57 Automatic File Configuration 172 5 58 Factory Configuration 173 5 59 Log Viewer 175 5 60 Tech Support File 176 5 61 Keys and certificates 177 5 62 Certificate Configuration 179 5 63 Licensing 182 7 ...

Page 8: ...t Ethernet Port Specification 24 3 14 Pin Assignments of Fast Ethernet Connector 24 3 15 Automotive Ethernet Port Specification 25 3 16 Pin Assignments of Automotive Ethernet Port 1 25 3 17 Pin Assignments of Automotive Ethernet Port 2 25 3 18 Specification of 2xCAN Interface 26 3 19 Pin Assignments of 2xCAN Interface 26 3 20 RS 232 Port Specification 27 3 21 Pin Assignments of RS 232 Interface 27...

Page 9: ... you an introduction to the device and its features The following chapters describe any aspects of commissioning the device installation procedure and provide helpful information towards configuration and maintenance Please find further imformation such as sample SDK script or configuration samples in our wiki on http wiki netmodule com 9 ...

Page 10: ... of a vehicle Connections for antennas may only exit the building or the vehicle hull if transient overvoltages according to IEC 62368 1 are limited by external protection circuits down to 1 500 Vpeak All other connections must remain within the building or the vehicle hull Always keep a distance of more than 40 cm from the antenna in order to reduce exposure to electromagnetic fields below the le...

Page 11: ...re release afterwards 2 2 Declaration of Conformity NetModule hereby declares that under our own responsibility that the gateways comply with the relevant standards following the provisions of the RED Directive 2014 53 EU The signed version of the Declaration of Conformity can be obtained from http www netmodule com downloads 2 3 Waste Disposal In accordance with the requirements of the Council Di...

Page 12: ...ing open source codes covered by these licenses please contact our techni cal support at router support netmodule com Acknowledgements This product includes PHP freely available from http www php net Software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org Cryptographic software written by Eric Young eay cryptsoft com Software written by Tim Hudson tjh cryptsof...

Page 13: ...NG800 User Manual for NRSW version 4 5 0 100 3 Specifications 3 1 Appearance 13 ...

Page 14: ...ter software The NG800 can optionally be equipped with Software Keys for for additional functionality Due to its modular approach the NG800 router and its hardware components can be arbitrarily as sembled according to its indented usage or application Please contact us in case of special project requirements 3 3 Environmental Conditions Parameter Rating Nominal Input Voltage 12 VDC to 24 VDC Absol...

Page 15: ...ary antenna 3 A3 WLAN BT FAKRA male connector for WLAN Bluetooth main antenna 2 4 GHz 5 GHz 4 A4 WLAN FAKRA male connector for WLAN auxiliary antenna 2 4 GHz 5 A5 GNSS FAKRA male connector for GNSS 6 LED 1 Status LED 7 LED 2 Link LED 8 X48 48 pin CMC Molex interface for all wired connections 9 Earthing cable Earthing the base plate is optional protective earth is not compulsory Table 3 2 NG800 Int...

Page 16: ...cators 3 4 3 Reset NG800 does not have a built in reset button An external reset can be triggered as described below e g by installing an external reset button The reset button has two functions 1 Reboot the system Apply reset signal for at least 3 seconds to release a system reboot The reboot is indicated with the blinking STAT LED 2 Factory reset Apply reset signal for at least 10 seconds to rel...

Page 17: ...ce not used If the serial interface is used in the application a break before make switch must be used The switch is required to protect the terminal equipment from the battery voltage In the inactive position the serial interface is connected between the terminal and the device allowing serial communication In the active position the terminal is disconnected and the receiver input is connected to...

Page 18: ... 850 B8 900 Table 3 4 Mobile Interface Further modems for regions NA APAC on request The mobile antenna ports have the following specification Feature Specification Max allowed cable length 30 m Max allowed antenna gain including cable attenuation 2 5 dBi Min distance between collocated ra dio transmitter antennas 20 cm Min distance between people and an tenna 40 cm Connector type FAKRA D Code Bor...

Page 19: ... 1x1 in 5 GHz The WLAN antenna ports have the following specification Feature Specification Max allowed cable length 30 m Max allowed antenna gain including cable attenuation 3 0 dBi1 Min distance between collocated ra dio transmitter antennas 20 cm Min distance between people and an tenna 40 cm Connector type FAKRA I Code Beige Table 3 7 WLAN Antenna Port Specification 1 Note WLAN antennas with a...

Page 20: ... 5m CEP Dead Reckoning Modes UDR Untethered Dead Reckoning Supported antennas Active and passive Table 3 8 GNSS Specifications The GNSS antenna port has the following specification Feature Specification Max allowed cable length 30 m Max allowed active antenna gain 26 dB including the cable attenuation Min distance between collocated ra dio transmitter antennas 20 cm Active antenna supply 3 0 V 100...

Page 21: ...Group Pin Signal Description 100 Base T1 Interface 0 A1 BRDR1 TRXP terminal for transmit receive signal B1 BRDR1 TRXN terminal for transmit receive signal 100 Base T1 Interface 1 A2 BRDR2 TRXP terminal for transmit receive signal B2 BRDR2 TRXN terminal for transmit receive signal 100 Base Tx Interface A3 ETH1 RxP B3 ETH1 RxN A4 ETH1 TxP B4 ETH1 TxN CAN Interface 1 D1 CAN1 L Low Level CAN bus line ...

Page 22: ... input KL30 Power entry L3 Ignition Input KL15 Ignition sense input L4 Power Ground VM1 M4 Power Ground VM2 Signal Ground C1 C2 C4 L2 M2 Ground Ground Ground Ground Ground Extension Module E1 K4 Reserved for Extension Module Table 3 10 Pin Assignments of X48 Note The following mating material for X48 cable connection may be used Molex 0643201311 CMC48 female connector for crimp contacts Molex 0643...

Page 23: ...on 7 W average 10 W max Power Down 2 mA 24V Max cable length 30 m Cable shield not required Ignition Threshold 6 0V Input impedance 400 kΩ Reverse polarity protection Yes Table 3 11 Power Specifications Requires external fuse recommended type Littlefuse ATOF Blade Fuse 32V 3A 0287003 PXCN Minimal cable cross section 0 75mm2 AWG 20 Pin Assignment Pin Signal M3 Power input KL30 L3 Ignition Input KL1...

Page 24: ... length 100 m Cable type CAT5e or better Cable shield Optional Connector type Molex CMC48 Table 3 13 Fast Ethernet Port Specification Pin Assignment Pin Signal A3 ETH1 RxP B3 ETH1 RxN A4 ETH1 TxP B4 ETH1 TxN Table 3 14 Pin Assignments of Fast Ethernet Connector 3 4 11 Automotive Ethernet 100 Base T1 Interface Specification The Automotive Ethernet port is specified as follows Feature Specification ...

Page 25: ...Specification Pin Assignment 100 Base T1 Interface 1 A1 BRDR1 TRXP terminal for transmit receive signal B1 BRDR1 TRXN terminal for transmit receive signal Table 3 16 Pin Assignments of Automotive Ethernet Port 1 Pin Assignment 100 Base T1 Interface 2 A2 BRDR2 TRXP terminal for transmit receive signal B2 BRDR2 TRXN terminal for transmit receive signal Table 3 17 Pin Assignments of Automotive Ethern...

Page 26: ...rmination Bus access With option Cm Passive read access only With option Cn Active read write access Connector type Molex CMC48 Table 3 18 Specification of 2xCAN Interface Pin Assignment Pin Signal Description D1 CAN1 L Low Level CAN bus line D2 CAN1 H High Level CAN bus line D3 CAN2 L Low Level CAN bus line D4 CAN2 H High Level CAN bus line C3 CAN2 T 120 Ω termination resistor Connect to pin D3 t...

Page 27: ...19 200 38 400 57 600 115 200 Data bits 7 bit 8 bit Parity none odd even Stop bits 1 2 Software flow control none XON XOFF Hardware flow control none Galvanic isolation to enclosure none Max cable length 3 m Cable shield not required Connector type Molex CMC48 Table 3 20 RS 232 Port Specification Pin Assignment Pin Signal Description L1 RS232 RXD Receive signal input M1 RS232 TXD Transmit signal ou...

Page 28: ...of SIM profiles For evaluation purposes NG800 can be shipped with a housing which can be opened IP55 protec tion These devices contain a Micro SIM card connector where a SIM card can be inserted Warning The IP55 housing may only be opened by qualified personnel Please request instructions for SIM change 4 2 Installation of the GSM UMTS LTE Antenna NetModule routers will only operate efficiently in...

Page 29: ...er throughput and coverage we highly recommend using two antennas Only use antennas with cables shorter than 3 meters Attention Following points must be observed when installing the antennas A minimum clearance of at least 40 cm between people and the antennas must always be ensured If one WLAN inerface transmit simultaneously with other collocated radio transmitters the separation distance of 20 ...

Page 30: ...e a vehicle battery It must be ensured by installation that the input current of the gateway cannot exceed 3A This can be accomplished by using a 3A fuse This fuse must be installed close to the power supply in order to protect the power supply cable which otherwise could heat up significantly e g due to a short circuit and as a result damage its isolation You may also refer to chapter 3 4 9 Atten...

Page 31: ...nfiguration parameters directly The IP address of Ethernet1 is 192 168 1 1 and the Dynamic Host Configuration Protocol DHCP is activated on the interface by default The following steps need to be taken to establish your first Web Manager session 1 Connect the Ethernet port of your computer to the gateway Please refer to chapter 3 4 10 2 If not yet activated enable DHCP on your computer s Ethernet ...

Page 32: ...h can be used to access the device via the serial console telnet SSH or to enter the bootloader You may also configure additional users which will only be granted to access the summary page or retrieve status information but not to set any configuration parameters A set of services USB Autorun CLI PHP are by default activated in factory state and will be disabled as soon as the admin password has ...

Page 33: ...an be loaded into RAM via TFTP and executed It offers a minimal system image for running a software update or doing other modifications You will be provided with two files recovery image and recovery dtb which must be placed in the root directory of a TFTP server connected via LAN1 and address 192 168 1 254 The recovery image can be launched from the boot loader using a serial connection You will ...

Page 34: ...LL VPN SERVICES SYSTEM LOGOUT Figure 5 2 Home Summary This page offers a short summary about the administrative and operational status of the router s inter faces WAN This page offers details about any enabled Wide Area Network WAN links such as the IP addresses network information signal strength etc The information about the amount of downloaded uploaded data is stored in non volatile memory thu...

Page 35: ...h interfaces DHCP This page offers details about any activated DHCP service including a list of issued DHCP leases OpenVPN This page provides information about the OpenVPN tunnel status IPSec This page provides information about the IPsec tunnel status PPTP This page provides information about the PPTP tunnel status GRE This page provides information about the GRE tunnel status L2TP This page prov...

Page 36: ... routing protocol DynDNS This page provides information about Dynamic DNS System Status The system status page displays various details of your NG800 router including system details infor mation about mounted modules and software release information SDK This section will list all webpages generated by SDK scripts 36 ...

Page 37: ...nt Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS WAN Link Management In case a WAN link goes down the system will automatically switch over to the next link in order of priority A link can be either established when the switch occurs or permanently to minimize link...

Page 38: ...ble 2nd priority The first fallback link it can be enabled permanently or being dialed as soon as Link 1 goes down 3rd priority The second fallback link it can be enabled permanently or being di aled as soon as Link 2 goes down 4th priority The third fallback link it can be enabled permanently or being dialed as soon as Link 3 goes down Links are being triggered periodically and put to sleep in ca...

Page 39: ...ll be dialled if previous links failed distributed Link is member of a load distribution group Parameter WAN Link Settings Operation mode The operation mode of the link Weight The weight ratio of a distributed link Switch back Specifies the switch back condition of a switchover link and the time after an active hotlink will be teared down Bridging interface1 If WLAN client the LAN interface to whi...

Page 40: ...Simulator Hostname NB1600 Software Version 4 4 0 103 2004 2020 NetModule AG WAN Link Management Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS TCP Maximum Segment Size The maximum segment size defines the largest amount of data of TCP packets usually MTU minus 40 Yo...

Page 41: ... pings on each WAN link to authoritative hosts The link will be declared as down in case all trials failed You may further specify an emergency action if a certain downtime is reached Link Hosts Emergency Action ANY 8 8 8 8 8 8 4 4 none HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 5 Link Supervision Parameter Supervision Settings Link The WAN link to be monitored can be ANY...

Page 42: ...pings are re transmitted in case a first ping failed Max number of failed trials The maximum number of failed ping trials until the link will be declared as down Emergency action The emergency action which should be taken after a maximum down time has been reached Using reboot would perform a reboot of the system restart link services will restart all link related applica tions including a reset o...

Page 43: ...ule AG WAN Link Management Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS Ethernet 1 Administrative status enabled disabled Network interface LAN1 Ethernet 2 Administrative status enabled disabled Network interface LAN2 Apply HOME INTERFACES ROUTING FIREWALL VPN SER...

Page 44: ...tiation can be set for each Ethernet port individually Most devices support auto negotiation which will configure the link speed automatically to comply with other devices in the network In case of negotiation problems you may assign the modes manually but it has to be ensured that all devices in the network utilize the same settings then VLAN Management NetModule routers support Virtual LAN accor...

Page 45: ... LAN1 2 5 LAN1 background routed HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 8 VLAN Management In order to form a distinctive subnet the network interface of a remote LAN host must be configured with the same VLAN ID as defined on the router Further 802 1P introduces a priority field which influences packet scheduling in the TCP IP stack The following priority levels from ...

Page 46: ...t Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS IP Address Management Network Interface Mode IP Address Mode IP Address Netmask LAN1 LAN Static IP 192 168 1 1 24 LAN1 1 LAN Static IP 192 168 101 1 24 LAN1 2 LAN Static IP 192 168 102 1 24 LAN2 WAN DHCP mode n a 1 HO...

Page 47: ...erver will be retrieved from a DHCP server in the network You may also define static values but caution has to be taken to assign an unique IP address as it would otherwise raise IP conflicts in the network PPPoE is commonly used when communicating with another WAN access device like a DSL modem The following settings can be applied Parameter PPPoE Configuration User name PPPoE user name for authe...

Page 48: ...t Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS Mobile SIMs This menu can be used to assign a default modem to each SIM which will also be used by SMS and GSM voice services A SIM card can get switched in case of multiple WWAN interfaces sharing the same modem SIM Default Current SIM State SIM ...

Page 49: ...in order to restart PIN unlocking and trigger another network registration attempt Under some circumstances e g in case the modem flaps between base stations it might be nec essary to set a specific service type or assign a fixed operator The list of operators around can be obtained by initiating a network scan may take up to 60 seconds Further details can be retrieved by querying the modem direct...

Page 50: ...ode for unlocking the SIM card PUK code The PUK code for unlocking the SIM card optional Default modem The default modem assigned to this SIM card Preferred service The preferred service to be used with this SIM card Remember that the link manager might change this in case of different settings The default is to use automatic in areas with interfering base stations you can force a specific type e ...

Page 51: ...103 2004 2020 NetModule AG WAN Link Management Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS Mobile Interfaces Interface Modem SIM PDP Number Service APN User WWAN1 Mobile1 SIM1 PDP1 99 1 automatic internet telekom tm HOME INTERFACES ROUTING FIREWALL VPN SERVICES S...

Page 52: ...urtheron you may configure the following advanced settings Parameter WAN Advanced Parameters Required signal strength Sets a minimum required signal strength before the connection is di aled Home network only Determines whether the connection should only be dialed when reg istered to a home network Negotiate DNS Specifies whether the DNS negotiation should be performed and the retrieved name serve...

Page 53: ...Software Version 4 4 0 103 2004 2020 NetModule AG WAN Link Management Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS WLAN Management Administrative status enabled disabled Operational mode client access point mesh point dual modes Regulatory domain European Union Op...

Page 54: ...ther configure the following settings Parameter WLAN Management Operation type Specifies the desired IEEE 802 11 operation mode Radio band Selects the radio band to be used for connections depending on your module it could be 2 4 or 5 GHz Bandwidth Specify the channel bandwidth operation mode Channel Specifies the channel to be used Short Guard Interval Enables the Short Guard Interval SGI Running...

Page 55: ...nual for NRSW version 4 5 0 100 Standard Frequencies Bandwidth Data Rate 802 11g 2 4 GHz 20 MHz 54 Mbit s 802 11n 2 4 GHz 20 MHz 144 Mbit s 802 11n 5 GHz 40 MHz 150 Mbit s Table 5 20 IEEE 802 11 Network Standards 55 ...

Page 56: ...ngs Parameter WLAN Mesh Point Management Operation type Specifies the desired IEEE 802 11 operation mode Radio band Selects the radio band to be used for connections depending on your module it could be 2 4 or 5 GHz Channel Specifies the channel to be used Note 802 11n with 2x2 MIMO in 2 4 GHz and 1x1 in 5 GHz 56 ...

Page 57: ...network name called SSID Security mode The desired security mode WPA WPA2 mixed mode WPA2 should be preferred over WPA1 running WPA WPA2 mixed mode offers both WPA cipher The WPA cipher to be used the default is to run both TKIP and CCMP Identity The identity used for WPA RADIUS and WPA EAP TLS Passphrase The passphrase used for authentication with WPA PSK otherwise the key passphrase for WPA EAP ...

Page 58: ...lator Hostname NB1600 Software Version 4 4 0 103 2004 2020 NetModule AG WAN Link Management Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS WLAN Access Point Configuration Interface SSID Security Mode WPA Cipher WLAN1 NB1600 Private WPA PSK WPA WPA2 TKIP CCMP HOME IN...

Page 59: ...PA EAP TLS Force PMF Enables Protected Management Frames Hide SSID Hides the SSID Isolate clients Disables client to client communication Band steering master The WLAN interface which the client should be steered to Accounting Sets accounting profile The following security modes can be configured Parameter WLAN Security Modes Off SSID is disabled None No authentication provides an open network WEP...

Page 60: ...cally join the wireless network connect to the other mesh partners with the same ID and sercurtiy credentials The authentication credentials have to be obtained by the operator of the mesh network Parameter WLAN Mesh Point Configuration MESHID The network name called MESHID Security mode The desired security mode enable gate announcements To enable gate announcments for the mesh network 60 ...

Page 61: ...urity modes can be configured Parameter WLAN Mesh Point Security Modes Off MESHID is disabled None No authentication provides an open network SAE SAE Simultaneous Authentication of Equals is a secure password based authentication and key establishment protocol 61 ...

Page 62: ...5 255 0 Apply Continue HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 14 WLAN IP Configuration The access point networks can be bridged to any LAN interface for letting WLAN clients and Ethernet hosts operate in the same subnet However for multiple SSIDs we strongly recommend to set up separated interfaces in routing mode in order to avoid unwanted access and traffic between ...

Page 63: ...llowing feature can be configured if the WLAN interface is bridged Parameter WLAN Bridging features IAPP Enables the Inter Access Point Protocol feature Pre auth Enables the pre authentication mechanism for roaming clients if sup ported by the client 63 ...

Page 64: ...follows Parameter Bridge Settings Administrative status Enables or disables the bridge interface If you need an interface to the local system you need to define an IP address for the local device IP Address IP address of the local interface available only if Enabled with local interface was selected Netmask Netmask of the local interface available only if Enabled with local interface was selected ...

Page 65: ... login shell so that users can login to the system If more than one serial inrterface is available one serial interface can be configured as login console at a time device server The serial port will be exposed over a TCP IP port and can be used to implement a Serial IP gateway modem bridge Bridges the Serial Interface to the Modem TTY of an intergrated WWAN Modem modem emulator Emulates a classic...

Page 66: ... Management Supervision Settings Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges USB Serial Digital I O GNSS SERIAL1 is used by none login console device server modem emulator SDK Apply Back HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 15 Serial Port Administration 66 ...

Page 67: ...top bits 1 stop bit Software flow control None Hardware flow control None Server Configuration Protocol on IP port Telnet Port 2000 Timeout endless numbered 600 Allow remote control RFC 2217 Show banner Allow clients from everywhere specify Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 16 Serial Port Settings Parameter Serial Settings Physical protocol Selects the desi...

Page 68: ...rver Settings Protocol on IP port Selects the desired IP protocol TCP or Telnet Port Specifies the TCP port on which the server will be available Timeout The time in seconds before the port will be disconnected if there is no activity on it A zero value disables this function Allow remote control Allow remote control ala RFC 2217 of the serial port Show banner Show a banner when clients connect St...

Page 69: ...l port Baud rate Specifies the baud rate run on the serial port Hardware flow control You may enable RTS CTS hardware flow control so that the RTS and CTS lines are used to control the flow of data Parameter Incoming connections via Telnet Port The TCP port for the device server Parameter Phonebook Entries Number Phone number that will get an alias IP address IP address the number will become Port...

Page 70: ...d as follows Parameter Bluetooth Settings Administrative status Enables the module for SDK or Virtualization If you enable the module for SDK usage you need a SDK script that handles the hardware interface You can start advertising or scanning mode and setup parameters via SDK Please have a look at the SDK API for detailed description If you enable the module for Virtualization there will be no in...

Page 71: ...curacy based on the satellite information and compares it with this accuracy thresh old in meters If the calculated position accuracy is better than the accuracy threshold the position is reported Adjust this parameter to a higher threshold in case the GNSS receiver does not report a posi tion fix or when it takes a long time to calculate a fix This could be caused when there is no clear sky view ...

Page 72: ...n a client connects You can specify on request which typically requires an R to be sent Data will be sent instantly in case of raw mode which will provide NMEA frames or super raw which includes the original data of the GPS receiver If the client supports the JSON format i e newer libgps is used the json mode can be specified Please consider to restrict access to the server port either by a specif...

Page 73: ...ormation PRN The PRN code of the satelitte also referred as satellite ID as stated in GPGSA frames Elevation The elevation up down angle between the dish pointing direction in degrees as stated in GPGSV frames Azimuth The azimuth rotation around the vertical axis in degrees as stated in GPGSV frames SNR The SNR Signal to Noise Ratio often referred as signal strength Please note that the values are...

Page 74: ...fication Static Routes This menu shows all routing entries of the system they can consist of active and configured ones The flags are as follows A ctive P ersistent H ost Route N etwork Route D efault Route Netmasks can be specified in CIDR notation Destination Netmask Gateway Interface MetricFlags 192 168 1 0 255 255 255 0 0 0 0 0 LAN1 0 AN 192 168 101 0 255 255 255 0 0 0 0 0 LAN1 1 0 AN 192 168 ...

Page 75: ...ric The routing metric of the interface default 0 higher metrics have the effect of making a route less favorable Flags A ctive P ersistent H ost Route N etwork Route D efault Route The flags obtain the following meanings Flag Description A The route is considered active it might be inactive if the interface for this route is not yet up P The route is persistent which means it is a configured rout...

Page 76: ...INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 18 Extended Routing In contrast to statis routes extended routes can be made up not only of a destination address net mask but also a source address netmask incoming interface and the type of service TOS of packets Parameter Extended Route Configuration Source address The source address of a packet Source netmask The source address of...

Page 77: ...will perform weighted IP session distribution for particular subnets across multiple interfaces Destination Distribution 8 8 4 4 32 WWAN1 50 LAN2 50 HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 19 Multipath Routes At least two interfaces have to be defined to establish multipath routing Additional interfaces can be added by pressing the plus sign Parameter Add Multipath Rou...

Page 78: ... a mobile node is relayed via the tunnel to the home agent instead of directly being conveyed to the final destination This fact also empowers MIP to be used as a lightweight VPN replacement without payload secrecy The MIP implementation supports RFCs 3344 5177 3024 and 3519 For applications requiring vast numbers of mobile nodes interoperability with the Cisco 2900 Series home agent implementatio...

Page 79: ...fies whether UDP encapsulation shall be used or not To allow NAT traversal UDP encapsulation must be enabled Mobile network address Optionally specifies a subnet which should be routed to the mobile node This information is forwarded via Network Mobility NEMO ex tensions to the home agent The home agent can then automatically add IP routes to the subnet via the mobile node Note that this fea ture ...

Page 80: ...must be reconnected Administrative status mobile node home agent disabled Primary home agent address 194 29 27 205 Secondary home agent address optional Home address 10 20 0 13 SPI 103 Authentication type hmac md5 Shared secret ASCII Life time 1800 MTU 1468 UDP encapsulation enabled disabled Mobile network address optional Mobile network mask optional Apply HOME INTERFACES ROUTING FIREWALL VPN SER...

Page 81: ...ersion 4 5 0 100 Parameter Mobile IP Node Configuration Shared secret The shared secret used for authentication of the mobile node at the home agent This can be either a 128 bit hexadecimal value or a random length ASCII string 81 ...

Page 82: ...ation section can be used to define the WAN interfaces on which QoS should be active Parameter QoS Interface Parameters Interface The WAN interface on which QoS should be active Bandwidth congestion The bandwidth congestion method In case of auto the system will try to apply limits in a best effort way However it is suggested to set fixed bandwidth limits as they also offer a way of tuning the QoS...

Page 83: ...in case the total bandwidth of all queues exceeds the set upstream bandwidth of QoS Interface Parameters Set TOS The TOS DiffServ value to set on matching packets You can now configure and assign any services to each queue The following parameters apply Parameter QoS Service Parameters Interface The QoS interface of the queue Queue The QoS queue to which this service shall be assigned Source Speci...

Page 84: ...st groups on a particular interface and distribute incoming multicast packets towards the downstream interfaces on which hosts have joined the groups Parameter Multicast Routing Settings Administrative status Specifies whether multicast routing is active Incoming interface The upstream interface on which multicast groups are joined and on which multicast packets come in Distribute to Specifies the...

Page 85: ... The interfaces tab is used to define OSPF specific settings for the IP interfaces of the router If no settings are defined for a specific interface default settings will be used Parameter OSPF Interfaces Interface The name of the interface for which settings shall be defined Authentication The authentication protocol to be used on the interface to authenticate OSPF packets Key The key to be used ...

Page 86: ...le BGP when VRRP slave Disables the BGP protocol when the router is set to slave mode by the VRRP redundancy protocol The neighbors tab is used to configure all the BGP routers to peer with Parameter BGP Neighbors IP address IP address of the peer router As number Autonomous system number of the peer router 1 4294967295 Password Password for authentication with the peer router If left blank authen...

Page 87: ...TTPS SSH or TELNET by default but block any other packets coming from the WAN interface 5 5 2 Adress Port Groups This menu can be used to form address or port groups which can be later used for firewall rules in order to reduce the number of rules If address or port groups have been referenced packets will match if one of the configured entities apply to the packet Address Groups Port Groups NetMo...

Page 88: ...nd targeting its services Packets which are not matching any of the rules below will be ALLOWED Description Action Source Destination Port s DENY WAN ALL DENY ANY on WAN ANY ANY Apply Clear HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 22 Firewall Rules Parameter Firewall Rule Configuration Description A meaningful description about the purpose of this rule Action Specifies ...

Page 89: ...l of matching packets UDP TCP or ICMP Destination port s The destination port of matching packets which can be specified by a single port or a range of ports only UDP TCP The statistics page can be used to figure out if rules have matched any packets and provides a conve nient way to debug your firewall setup 89 ...

Page 90: ... configure the interfaces on which masquerading will be performed Interface Source WAN ANY HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 23 Masquerading The administration page lets you specify the interfaces on which masquerading will be performed NAT will hereby use the address of the selected interface and choose a random source port for outgoing connections and thus enab...

Page 91: ...igure network address port translation rules for inbound packets Description Source Target Redirect to Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 24 Inbound NAPT Please note that the specified rules are processed by order that means traversing the list from top to bottom until a matching rule is found If there is no matching rule found the packet will pass as is Par...

Page 92: ...ule for port range translation in outbound rules Use net work based mapping there NAPT Outbound Rules Outbound rules will modify the source section of IP packets and can be used to establish 1 1 NAT mappings but also to redirect packets to a specific service Parameter Outbound NAPT Rules Description A meaningful description of this rule Outgoing interface The outgoing interface on which matching p...

Page 93: ... Client Management IPsec Administration Tunnel Configuration PPTP Administration Tunnel Configuration Client Management GRE Administration Tunnel Configuration L2TP Administration Tunnel Configuration OpenVPN Administration OpenVPN administrative status enabled disabled Restart on link change Multipath TCP support Apply Restart HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 2...

Page 94: ...stration Tunnel Configuration L2TP Administration Tunnel Configuration OpenVPN Tunnel 1 Configuration Operation mode disabled client server standard expert Server port 1194 Type TUN Protocol UDP Network mode routed MTU bridged Cipher AES 256 CBC Authentication certificate based HMAC digest SHA256 root certificate server certificate and server key are missing Manage keys and certificates Options us...

Page 95: ...ed for bridged networks Protocol The tunnel protocol to be used for the transport connection Network mode Defines how the packets should be forwarded which can be either routed or bridged from to a particular LAN interface If required you can also specify the maximum transfer unit for the tunnel interface MTU The Maximum Transmission Unit of the tunnel interface Encryption The required cipher mech...

Page 96: ...ertificate against local CRL negotiate DNS If enabled the system will use the nameservers which have been negotiated over the tunnel OpenVPN Expert Configuration Client The expert configuration mode offers a straightforward way to configure a tunnel by simply uploading a zip package containing the required configuration and optionally key certificate files A client tunnel usually consists of the f...

Page 97: ...r crt Certificate file server key Private key file dh1024 pem Diffie Hellman parameters file ccd A directory containing client specific configuration files Keep in mind that a certificate becomes valid once its validity time has been reached thus an accurate system has to be set prior to creating certificates and establishing a tunnel connection Please ensure that all NTP servers are reachable Usi...

Page 98: ...1 dynamic Download HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 27 OpenVPN Client Management In the Networking section you can specify a fixed tunnel endpoint address for each client Please note that if you intend to use a fixed address for a particular client you would have to apply fixed addresses to the other ones as well You may specify the network behind the clients as...

Page 99: ...s SA provide a secure channel and a bundle of algorithms that pro vide the parameters necessary to operate the AH and or ESP operations The Internet Security Association Key Management Protocol ISAKMP provides a framework for au thenticated key exchange Negotating keys for encryption and authentication is generally done by the Internet Key Exchange protocol IKE which consists of two phases Phase D...

Page 100: ...T traversal Restart on link change Apply Restart HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 28 IPsec Administration This page can be used to enable disable IPsec you may also specify whether NAT Traversal should be used NAT Traversal is mainly used for connections which traverse a path where a router modifies the IP address port of packets It encapsulates packets in UDP a...

Page 101: ...on General For setting up the tunnel you will have to configure the following parameters first Parameter IPsec General Settings Remote peer IP address or host name of the remote IPsec peer You may specify 0 0 0 0 to act as a responder for roadwarrior clients DPD Status Specifies whether Dead Peer Detection see RFC 3706 shall be used DPD will detect any broken IPSec connections in particu lar the I...

Page 102: ...type of identification for the local ID which can be a FQDN username FQDN or IP address Local ID The local ID value Remote ID Type The type of identification for the remote ID Remote ID The remote ID value When using certificates you would need to specify the operation mode When run as PKI client ini tiator you can create a Certificate Signing Request CSR in the certificates section which needs to...

Page 103: ...c Proposal This section can be used to configure the phase 2 settings Parameter IPsec Proposal Settings Encapsulation mode The desired encapsulation mode Tunnel or Transport IPsec protocol The desired IPsec protocol AH or ESP Encryption algorithm The desired IKE encryption method we recommend AES256 Authentication algorithm The desired IKE authentication method we prefer SHA1 over MD5 SA life time...

Page 104: ...he remote network behind the peer NAT address Optionally you can apply NAT masquerading for packets coming from a different local network The NAT address must reside in the network previously specified as local network Client Management Once you have successfully set up an IPsec tunnel you can manage and enable clients connecting to your service It is possible to generate and download expert mode ...

Page 105: ...nt IPsec Administration Tunnel Configuration PPTP Administration Tunnel Configuration Client Management GRE Administration Tunnel Configuration L2TP Administration Tunnel Configuration PPTP Administration PPTP administrative status enabled disabled Apply Restart HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 30 PPTP Administration When setting up a PPTP tunnel you would need ...

Page 106: ...TP Tunnel 1 Configuration Operation mode disabled client server Server listen address ANY specify Server address 192 168 250 1 Client address range 192 168 250 10 to 192 168 250 13 Username admin Password Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 31 PPTP Tunnel Configuration Setting up a server requires the following settings Parameter PPTP Server Settings Listen a...

Page 107: ...nnel NetModule Router Simulator Hostname NB1600 Software Version 4 4 0 103 2004 2020 NetModule AG OpenVPN Administration Tunnel Configuration Client Management IPsec Administration Tunnel Configuration PPTP Administration Tunnel Configuration Client Management GRE Administration Tunnel Configuration L2TP Administration Tunnel Configuration PPTP Clients Username Address HOME INTERFACES ROUTING FIRE...

Page 108: ...uration Peer address The IP address of the remote peer Interface The device type for this tunnel Local tunnel address The local IP address of the tunnel Local tunnel netmask The local subnet mask of the tunnel Remote network The remote network address of the tunnel Remote netmask The remote subnet mask of the tunnel Tunnel key Gre tunnel key allows the remote server to distinguish between GRE pack...

Page 109: ...ress of the tunnel Remote port The remote port address of the tunnel Local tunnel ID The local tunnel ID identifies the tunnel into which the session will be created Remote tunnel ID The remote tunnel ID identifies the tunnel assigned by the peer Local Session ID The local session ID identifies the session being created Remote Session ID The remote session ID identifies the session assigned by the...

Page 110: ...nnection is not possible Figure 5 33 Dial in Server Settings The following settings can be set Parameter Dial in Server Configuration Administrative status Specifies whether incoming calls shall be answered or not Modem Specifies the modem on which calls can come in User Specifies the username for the incoming PPP connection Password Specifies the password for the incoming PPP connection Address r...

Page 111: ...G800 User Manual for NRSW version 4 5 0 100 Please note that Dial In connections are generally discouraged As they are implemented as GSM voice calls they suffer from unreliability and poor bandwidth 111 ...

Page 112: ...uter Anyone reasonably experienced in the C language will find an environment that is easy to dig in However feel free to contact us via router support netmodule com and we will happily support you in finding a programming solution to your specific problem The Language The arena scripting language offers a broad range of POSIX functions like printf or open and provides together with tailor made AP...

Page 113: ...slog 11 Transfer files over HTTP FTP 12 Perform config software updates 13 Control the LEDs 14 Get system events restart services or reboot system 15 Scan for networks in range 16 Create your own web pages 17 Voice control functions 18 SNMP functions 19 CAN socket functions 20 Various network related functions 21 Other system related functions The SDK API manual which can be downloaded from the ro...

Page 114: ...rich LOCATION_COUNTRY_CODE string 2 ch LOCATION_COUNTRY string 11 Switzerland LOCATION_POSTCODE string 4 8001 LOCATION_STATE string 6 Zurich LOCATION_LATITUDE string 9 47 3778058 LOCATION_LONGITUDE string 8 8 5412757 In combination with the nb_config_set function it is possible to start a re configuration of any parts of the system upon status changes You may query possible sections and parameters...

Page 115: ...lling the router when the script is to be executed This can be either time based e g each Monday or triggered by one of the pre defined system events e g wan up as described in Events chapter 5 7 7 With both a script and a trigger you can finally set up an SDK job now The test event usually serves as a good facility to check whether your job is doing well The admin section also offers facilities t...

Page 116: ...og Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 34 SDK Administration This page can be used to control the SDK host and apply the following settings Parameter SDK Administration Settings Administrative status Specifies whether SDK scripts should run or not Storage The storage device on which the sandbox shall be stored see chap ter 5 8 1 Max size The maximum amount of...

Page 117: ...undancy Voice Gateway Name Trigger Script Arguments config_summary manual_trigger config_summary HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 35 SDK Jobs This page can be used to set up scripts triggers and jobs It is usually a good idea to create a trigger first which is made up by the following parameters Parameter SDK Trigger Parameters Name A meaningful name to identify...

Page 118: ...ript You are ready to set up a job afterwards it can be created by using the following parameters Parameter SDK Job Parameters Name A meaningful name to identify the job Trigger Specifies the trigger that should launch the job Script Specifies the script to be executed Arguments Defines arguments which can be passed to the script supports quot ing they will precede the arguments you formerly may h...

Page 119: ...e error unexpected expecting SDK Sample Application As an introduction you can step through a sample application namely the SMS control script which implements remote control over short messages and can be used to send a status of the system back to the sender The source code is listed in the appendix Once enabled you can send a message to the phone number associated with a SIM modem It generally ...

Page 120: ...oot of the system output 1 on Turns on the first digital output port output 1 off Turns off the first digital output port output 2 on Turns on the second digital output port output 2 off Turns off the second digital output port Table 5 92 SMS Control Commands A response to the status command typically looks like System NB2700 hostname 00 11 22 AA BB CC WAN1 WWAN1 is up 10 0 0 1 Mobile1 UMTS 83 dBm...

Page 121: ...mail Events SMS SSH Telnet Server SNMP Agent Web Server Softflow Discovery Redundancy Voice Gateway DHCP Server Management Network Interface Operation Mode DHCP Range Relay Server Lease Time LAN1 Server 192 168 1 100 192 168 1 199 7200 LAN1 1 Server 192 168 101 100 192 168 101 199 7200 LAN1 2 Server 192 168 102 100 192 168 102 199 7200 WLAN1 Server 192 168 200 100 192 168 200 199 7200 HOME INTERFA...

Page 122: ...the current DNS server addresses if not configured else wise You can specify fixed addresses here Only allow static hosts Any requests coming from none static hosts will be ignored It is also possible to configure specific lease addresses for particular clients Parameter DHCP Static Hosts Settings IP address The IP address of the lease Identified by Specifies by which criteria the client shall be ...

Page 123: ...rver SNMP Agent Web Server Softflow Discovery Redundancy Voice Gateway DNS Server Administration Administrative status enabled disabled DNS Server Configuration Domain name Primary name server 10 74 210 210 Secondary name server 10 74 210 211 Current name servers 10 74 210 210 10 74 210 211 Static Hosts Hostname Address Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 37 ...

Page 124: ...NG800 User Manual for NRSW version 4 5 0 100 124 ...

Page 125: ...ure static hosts for serving fixed IP addresses for various host names Parameter DNS Static Hosts Settings Address The IP address of the static host Hostname The hostname of the static host Please remember to point DNS lookups of local hosts to the router s address 125 ...

Page 126: ...tration Administrative status enabled disabled NTP Server Configuration Poll interval 256 seconds Allowed hosts Address 192 168 1 0 Netmask 255 255 255 0 Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 38 NTP Server The following settings for each interface can be applied then Parameter NTP Server Settings Administrative status Specifies whether the NTP server is enabled...

Page 127: ... Administration Job Management Testing DHCP Server DNS Server NTP Server Dynamic DNS E mail Events SMS SSH Telnet Server SNMP Agent Web Server Softflow Discovery Redundancy Voice Gateway DynDNS Administration Administrative status enabled disabled DynDNS server active inactive DynDNS Update Services Provider URL Host Status Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5...

Page 128: ...he host name provided by your DynDNS service e g my box dyndns org Port The HTTP port of the service typically 80 Username The user name used for authenticating at the service Password The password used for authentication Protocol The protocol used for authentication HTTP HTTPS Server address The address of the server which shall be updated Server port The port of the server which shall be updated...

Page 129: ...rom address router netmodule com Server address mail netmodule com Server port 25 Authentication automatic Encryption tls Username router netmodule com Password Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 40 E Mail Settings It can be enabled by applying the following settings Parameter E Mail Client Settings E mail client status Administrative status of the E Mail cl...

Page 130: ...NG800 User Manual for NRSW version 4 5 0 100 Parameter E Mail Client Settings Password Password used for authentication 130 ...

Page 131: ...be enabled SNMP host The SNMP host or address to which the trap shall be sent SNMP port The port of the remote SNMP service Username The username for accessing the remote SNMP service Password The password for accessing the remote SNMP service Authentication The authentication algorithm for accessing the remote SNMP service MD5 or SHA Encryption The encryption algorithm for accessing the remote SN...

Page 132: ...d whether the provided SMS Center service works and may fail You may use the sms report received event to figure out whether a message has been successfully sent Received messages are pulled from the SIMs and temporarily stored on the router but get cleared after a system reboot Please consider to consult an SDK script in case you want to process or copy them Administration Routing Status Testing ...

Page 133: ...an also define rules to drop outgoing messages for instance when you want to avoid using any expensive service or international numbers Both types of rules form a list will be processed by order forwarding outgoing messages over the specified modem or dropping them Messages which are not matching any of the rules below will be dispatched to the first available modem Filtering serves a concept of f...

Page 134: ...S Server NTP Server Dynamic DNS E mail Events SMS SSH Telnet Server SNMP Agent Web Server Softflow Discovery Redundancy Voice Gateway Telnet Server Configuration Administrative status enabled disabled Server port 23 SSH Server Configuration Administrative status enabled disabled Server port 22 Disable admin login Disable password based login upload authorized keys Apply HOME INTERFACES ROUTING FIR...

Page 135: ...r Settings Administrative status Whether the SSH service is enabled or disabled Server port The TCP port of the service usually 22 Disable admin login Disable login for admin users Disable password based lo gin By turning on this option all users will have to authenticate by SSH keys which can be uploaded to the router 135 ...

Page 136: ...95 LLDP EXT MED MIB 1 3 6 1 4 1 31496 VENDOR MIB The VENDOR MIB tables offer some additional information over the system and its WWAN GNSS and WLAN interfaces They can be accessed over the following OIDs Parameter Vendor MIB OID Assignment NBAdminTable 1 3 6 1 4 1 31496 10 40 NBWwanTable 1 3 6 1 4 1 31496 10 50 NBGnssTable 1 3 6 1 4 1 31496 10 51 NBDioTable 1 3 6 1 4 1 31496 10 53 NBWlanTable 1 3 ...

Page 137: ...s enabled disabled Operation mode v1 v2c v3 v3 only Contact Location Listening port 161 Download MIB Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 43 SNMP Agent The following parameters can be used to configure the SNMP agent Parameter SNMP Configuration Administrative status Enable or disable the SNMP agent Operation mode Specifies if agent should run in compatibilty ...

Page 138: ...host which is allowed for admin access Attention must be paid to the fact that SNMP passwords have to be more than 8 characters long Shorter passwords will be doubled for SNMP e g admin01 becomes admin01admin01 Please note that the SNMP daemon is also listening on WAN interfaces and it is therefore suggested to restrict the access with the firewall Typical SNMP Commands Setting MIB values and trig...

Page 139: ...g the configuration update status snmpget v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 12 0 The return value can be one of succeeded 1 failed 2 inprogress 3 notstarted 4 Running a software update snmpset v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 13 0 s http server directory Getting the software update ...

Page 140: ... 1 3 6 1 4 1 31496 10 40 18 0 Getting the alternative software version snmpget v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 19 0 Getting the alternative software hash snmpget v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 20 0 Setting digital OUT1 snmpset v 3 u admin n l authNoPriv a MD5 x DES A admin01admi...

Page 141: ...TP Server Dynamic DNS E mail Events SMS SSH Telnet Server SNMP Agent Web Server Softflow Discovery Redundancy Voice Gateway Web Server Configuration HTTP Administrative status enabled redirect to https HTTP port 80 HTTPS Administrative status enabled disabled HTTPS port 443 HTTPS certificate missing Manage keys and certificates HTTPS security modern Firefox 27 Chrome 30 IE 11 on Windows 7 old Fire...

Page 142: ...want to restrict access to the MQTT Broker Keys and certificates for TLS encryption are managed via Keys Certificates see chapter 5 8 8 The MQTT Broker service can receive the following parameters Parameter MQTT Broker Settings Administrative Status Enable or disable Service Port Specifies the network port to listen on TLS Encryption Enables or disables TLS encryption for the service 142 ...

Page 143: ... Parameter Softflow Settings Interface Interface on which to listen for traffic Host Address Destination address of the traffic data Port Port of the destination address Protocol Version Protocol version of the data Maximum Flows The maximum number of flows to concurrently track Track Level Flow elements that should be used to define a flow Sample Rate Periodical sampling rate 143 ...

Page 144: ...f enabled discovery protocols The following protocols are supported Parameter Discovery Configuration LLDP Link Layer Discovery Protocol CDP Cisco Discovery Protocol FDP Foundry Discovery Protocol SONMP Nortel Discovery Protocol EDP Extreme Discovery Protocol IRDP ICMP Router Discovery Protocol IRDP implements RFC1256 and can also inform locally connected hosts about the nexthop gateway Any discov...

Page 145: ...ent down Same applies when the WAN link goes down NetModule Router Simulator Hostname NB1600 Software Version 4 4 0 103 2004 2020 NetModule AG SDK Administration Job Management Testing DHCP Server DNS Server NTP Server Dynamic DNS E mail Events SMS SSH Telnet Server SNMP Agent Web Server Softflow Discovery Redundancy Voice Gateway Redundancy Rule Id Interface Address HOME INTERFACES ROUTING FIREWA...

Page 146: ...Virtual Router ID you can theoretically run multiple instances Interface Interface on which VRRP should be performed Virtual gateway address The virtual gateway address formed by the participating hosts We assign a priority of 100 to the master and 1 to the backup router Please adapt the priority of your third party device appropriately 146 ...

Page 147: ...Specifications v2 0 1 Configuration Figure 5 46 ITxPT configuration The following parameters can be used to set it up Parameter ITxPT Administration Administrative status Specifies whether the ITxPT functionality should be enabled or dis abled Network Interface Specifies the network interface on which the Service should operate on Notes 147 ...

Page 148: ... Specifies whether the FMS to IP functionality should be enabled or disabled Multicast period How frequent the FMS to IP multicast is sent Set to zero to redirect incoming can messages immediately CAN interfaces Select the can interfaces that should be processed multiple selec tion Databases Select the FMS to IP databases used to process the can data multi ple selection 148 ...

Page 149: ...d the Suspect Parameter Number SPN The PGN contains of one or more signals The SPN is used to give an unique identifier to a signal More information can be found in SAE J1939 standard name EBFF pgn 60415 length 8 spns name CCVS pgn 65265 length 8 spns byteSize 2 offset 1 formatGain 0 00390625 formatOffset 0 units km h name Wheel Speed number 84 type 0 bitSize 2 bitOffset 4 offset 3 descriptions Pe...

Page 150: ...contains PGN objects that define a PGN with the following types PGN Definition Parameter PGN definition name Name of the pgn pgn The PGN number in decimal length Length of the can message spns Array containing SPN objects The spns array can be left empty if no decodeing is required 150 ...

Page 151: ...ue formatOffset The numerical offset of the value units The physical unit of the value name Name of the SPN number The SPN number type 0 Nummerical SPN Parameter Status SPN bitSize Size of the data in bits bitOffset The offset in bits in the byte offset The offset in bytes descriptions Array containing the status description name Name of the SPN number The SPN number type 1 Status SPN Parameter St...

Page 152: ...NG800 User Manual for NRSW version 4 5 0 100 ITxPT GNSS Figure 5 48 ITxPT GNSS Parameter ITxPT GNSS Enable Specifies whether the ITxPT GNSS should be enabled or disabled 152 ...

Page 153: ...NG800 User Manual for NRSW version 4 5 0 100 ITxPT Time Figure 5 49 ITxPT Time Parameter ITxPT Time Enable Specifies whether the ITxPT Time should be enabled or disabled 153 ...

Page 154: ...ersion 4 5 0 100 VEHICLE to IP Figure 5 50 ITxPT VEHICLEtoIP Parameter ITxPT VEHICLEtoIP Enable Specifies whether the ITxPT VEHICLEtoIP should be enabled or dis abled A VEHICLEtoIP database is necessary to enable this service 154 ...

Page 155: ...ministrative status enabled disabled Call Routing Generic SIP Settings SIP status enabled disabled SIP interface LAN1 SIP port 5060 SIP register expires 150 seconds Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 51 Voice Gateway Administration The following parameters can be used to set it up Parameter Voice Gateway Administration Settings Administrative status Specifie...

Page 156: ... calls directly routed to a SIP agent without registration SIP user agent Endpoint acting as SIP user agent towards a remote registrar Based on your equipment we recommend to adjust the modem s audio profile for a better sound experience The following profiles are available Parameter Voice Over Mobile Audio Profiles Handset Provides a mild echo short delay less than 16 ms dispersion This mode is i...

Page 157: ...em Specifies the modem which will be used for voice over mobile calls Audio profile Specifies the modem s audio profile Volume level Specifies the modem s volume level 1 low Parameter Endpoint Settings SIP registrar Subscriber The subscriber name for a registering SIP client Username The username for a registering SIP client Password The password for a registering SIP client Parameter Endpoint Set...

Page 158: ...r NRSW version 4 5 0 100 Parameter Endpoint Settings SIP user agent Register Selects whether the user agent shall register at the registrar Expires The expiry time in seconds after registration will be triggered again 158 ...

Page 159: ...r endpoint registration status and so on Using the SDK you can also initiate or accept a call adjust its volume level or do a hangup Anyway for simple scenarios the generic method should be sufficient and can be configured as follows Parameter Voice Gateway Routing Settings Source Specifies the source endpoint i e where the call comes in Mode The type of action which shall be applied for the call ...

Page 160: ...s registrar proxy Parameter X Lite Configuration User ID SIP username used in from headers i e subscriber name Domain SIP Domain used in from headers optional Authorization name Username used for authentication i e subscriber name Password Password used for authentication Display name Name to be displayed on the handset 160 ...

Page 161: ...ebugging Tech Support Keys Certificates Licensing Legal Notice Local hostname NB1600 Application area stationary Reboot delay 3 seconds Enable TCP timestamps Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 52 System System The following system parameters can be set Parameter System Settings Local hostname The hostname of the system Application area The desired applicatio...

Page 162: ...ax filesize The maximum size of the log files in kB until they will get rotated Redirect address Specifies an IP address to which log messages should be redirected to A tiny system log server for Windows is included in TFTP32 which can be downloaded from our website In general the box comes with an internal flash device which can be used to store data Depending on your model this can be extended b...

Page 163: ...on t have a battery backed clock RTC In this case the system time is set during boot to the last valide time e g before power off NetModule Router Simulator Hostname NB1600 Software Version 4 4 0 103 2004 2020 NetModule AG System Settings Time Region Reboot Authentication User Accounts Remote Authentication Software Update Software Update Modem Firmware Update Software Profiles Configuration File ...

Page 164: ... ping to check whether NTP servers are available when running initial time update Sync time from GNSS Derive time from first GNSS device if enabled Parameter Time Zone Time Zone Set the local time zone Daylight saving changes Enable disable daylight saving changes Reboot This page can be used to set up a periodic automatic reboot but also to trigger a manual reboot which will be issued immediately...

Page 165: ...scription Shell admin administrator Administrator cli user user User cli HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 54 User Accounts The admin user is a built in power user which represents the default administrator of the system Please note that the admin password will be also applied to the root user which is able to enter a system shell Further admin accounts with admi...

Page 166: ... Time Region Reboot Authentication User Accounts Remote Authentication Software Update Software Update Modem Firmware Update Software Profiles Configuration File Configuration Factory Configuration Troubleshooting Network Debugging System Debugging Tech Support Keys Certificates Licensing Legal Notice Remote Authentication Administrative Status enabled disabled Use for login Primary RADIUS Configu...

Page 167: ...et The secret used to authenticate against the RADIUS server Authentication port The port used for authentication Accounting port The port used for accounting messages Use for login This option enables remotely defined users to access the Web Man ager otherwise it is only used by services which have explicitly con figured it e g WLAN 167 ...

Page 168: ...ovide the administrator password if you want to downgrade to a release 4 1 x and lower The same passphrase will be used for bootloader login as well All users which have no password stored on the device will not be able to login after downgrade until new passwords have been applied An Uniform Resource Locator URL can have the following format http username password host port path https username pa...

Page 169: ...r Automatic software update Status Enable disable automatic software update Time of day Every day at this time the router will do a check for updates Operation Download latest image from the the server or specify the URL where the software update package should be downloaded from Supported protocols are TFTP HTTP HTTPS and FTP Provide a URL like protocol server path file Remark SSL certificates of...

Page 170: ...0 path to firmware package A firmware package ZIP usually consists of a flash utility an info file and the corresponding firmware files Please follow http www netmodule com support supportform aspx in order to get the latest ver sion 5 8 5 Software Profiles The system consists of two root partitions which can hold different software versions and this menu can be used to switch between them By doin...

Page 171: ...uthentication Software Update Software Update Modem Firmware Update Software Profiles Configuration File Configuration Factory Configuration Troubleshooting Network Debugging System Debugging Tech Support Keys Certificates Licensing Legal Notice Current Configuration Description NB1600 Set Version 1 13 Last modified n a Hash a2fa4d8240355d99d201271beacf16cb File Configuration Operation Download co...

Page 172: ...twork Debugging System Debugging Tech Support Keys Certificates Licensing Legal Notice Automatic Updates Status enabled disabled Time of day 00 00 URL Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 57 Automatic File Configuration This menu can be used to run an automatic configuration update of the system It is configured as follows Parameter Automatic File Configuratio...

Page 173: ...tion as factory defaults This configuration will be activated whenever a factory reset has been triggered Store HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 58 Factory Configuration This menu can be used to reset the device to factory defaults Your current configuration will be lost A successfully initiated factory reset can be noticed by all LEDs having been turned on The ...

Page 174: ...g utility can be used to verify whether a remote host can be reached via IP Time of day The traceroute utility can be used to print the route packets trace to a remote host Tcpdump The tcpdump utility generates a network capture PCAP of an inter face which can be later analyzed with Wireshark Darkstat The darkstat utility can be used to visualize your current network con nections and traffic on a ...

Page 175: ...manager 27880 wanlink0 permanent link is suspended for 10s set suspended auto Jan 9 02 02 15 NB1600 user err mobile node 17795 Could not determine care of address No route to home agent Jan 9 02 02 15 NB1600 user err mobile node 17795 Could not determine care of address Jan 9 02 02 15 NB1600 user err mobile node 17795 TunnelController sendRegistrationRequest failed Jan 9 02 02 15 NB1600 user err m...

Page 176: ...iguration Factory Configuration Troubleshooting Network Debugging System Debugging Tech Support Keys Certificates Licensing Legal Notice Tech Support You can generate and download a tech support file here We strongly recommend to provide this when getting in touch with our support team either by E Mail or via our online support form as it would significantly speed up the process of analyzing and r...

Page 177: ... SSL certicates used by the Web server missing MQTT Broker The SSL certicates used by the Web server missing SSH Server The host keys used by the SSH server installed SSH Authorization The keys used for SSH authorization missing SSH user The keys used for SSH authorization of the user user missing OpenVPN1 The certificates used for authenticating OpenVPNTunnel 1 missing Authorities Other certifica...

Page 178: ...sible to perform the following operations Operation Description generate locally Generate key and certificate locally on the box see 5 8 8 for more options upload files Key and certificate will be uploaded We support files in PKCS12 PKCS7 PEM DER format as well as RSA DSS keys in OpenSSH or Dropbear format enroll via SCEP Enroll key and certificate via SCEP see 5 8 8 for more options download cert...

Page 179: ...rland Common Name CN NB1600 E Mail router support netmodule com Expiry period 7300 days Key size 2048 bits DH primes 2048 bits Signature sha256 Cipher aes256 Passphrase SCEP Configuration SCEP Status enabled disabled Apply HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM LOGOUT Figure 5 62 Certificate Configuration This page provides some general configuration options which will be applied whe...

Page 180: ...loaded individually encoded in PEM DER or PKCS7 format All files CA certificate certificate and private key can also be uploaded in one stroke by using the container format PKCS12 RSA DSS keys can be converted from OpenSSH or Dropbear formats It is possible to specify the passphrase for opening the private key Please note that the system will generally apply the system wide certificate passphrase ...

Page 181: ...tions as used by SDK functions or when downloading configuration software images you might upload a list of CA certificates which are considered trusted To obtain the CA certificate from a particular site with Mozilla Firefox the following steps will be re quired Point the browser to the relevant HTTPS website Click the padlock in the address bar Click the More Information and the View Certificate...

Page 182: ...re Update Software Update Modem Firmware Update Software Profiles Configuration File Configuration Factory Configuration Troubleshooting Network Debugging System Debugging Tech Support Keys Certificates Licensing Legal Notice License Installation Operation Upload license file Download license from URL License file No file selected Choose File Install Licensing Status Serial number 00112B025026 Lic...

Page 183: ...ther express or implied To obtain the corresponding open source codes covered by these licenses please contact our techni cal support at router support netmodule com Acknowledgements This product includes PHP freely available from http www php net This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org This product includes cryptographic ...

Page 184: ...NG800 User Manual for NRSW version 4 5 0 100 5 9 LOGOUT Please use this menu to log out from the Web Manager 184 ...

Page 185: ... current point between entered characters or use the Up and Down keys to search the history of entered commands Typing exit as well as pressing CTRL c twice or CTRL d on an empty command line will exit the CLI List of supported key sequences Key Sequence Action CTRL a Move to the start of the current line CTRL e Move to the end of the line CTRL f Move forward a character CTRL b Move back a charact...

Page 186: ...ds when called without arguments otherwise it will print the usage of the specified command help Usage help command Available commands get Get config parameters set Set config parameters done Check done update Update system facilities cert Manage keys and certificates status Get status information scan Scan networks send Send message mail techsupport or ussd restart Restart service debug Debug sys...

Page 187: ...eted after a config change done h Usage done h 6 6 Getting Status Information The status command can be used to get various status information of the system status h Usage status hs section Options s generate sourceable output Available sections summary Short status summary info System and config information config Current configuration system System information configuration Configuration informa...

Page 188: ...6 7 Scanning Networks The scan command can be used to scan for available WWAN and WLAN networks scan h Usage scan hs interface Options s generate sourceable output 6 8 Sending E Mail or SMS The send command can be used to send a message via E Mail SMS to the specified address or phone number send h Usage send h type dest msg Options type type of message to be sent mail sms techsupport ussd dest de...

Page 189: ...rver 6 10 Manage keys and certificates The cert command can be used to manage keys and certificates cert h Usage cert h p phrase operation cert url Possible operations install install a certificate from specified URL create create a certificate locally enroll enroll a certificate via SCEP erase erase an installed certificate view view an installed certificate 6 11 Restarting Services The restart c...

Page 190: ...bipd USB IP daemon voiced Voice daemon vrrpd VRRP daemon wlan WLAN interfaces wwan manager WWAN manager 6 12 Debug System The debug command can be used to obtain debug log messages debug h Usage debug h target Available debug targets configd event manager home agent led manager link manager mobile node qmid qosd scripts sdkhost ser2net smsd surveyor swupdate system voiced watchdog wwan manager wwa...

Page 191: ...e cleared by history c 6 17 CLI PHP CLI PHP the HTTP frontend to the CLI application can be used to configure and control the router remotely It is enabled in factory configuration thus can be used for deployment purposes but disabled as soon as the admin account has been set up The service can later be turned on off by setting the cliphp status configuration parameter cliphp status 0 Service is d...

Page 192: ...ters in the URL must be specified according to RFC1738 usually done by common clients such as wget lynx curl Response The returned response will always contain a status line in the format return msg with return values of OK if succeeded and ERROR if failed Any output from the commands will be appended Examples OK status command successful ERROR authentication failed status Display status informati...

Page 193: ...contrast to the other commands this command requires a set of tuples because of the reserved char i e arg0 key0 arg1 val0 arg2 key1 arg3 val1 arg4 key2 arg5 val2 etc Examples http 1 9 2 1 6 8 1 1 cli php version 2 output html usr admin pwd admin01 command set arg0 snmp status arg1 1 http 1 9 2 1 6 8 1 1 cli php version 2 output html usr admin pwd admin01 command set arg0 snmp status arg1 0 arg2 op...

Page 194: ...dmin01 command update arg0 software arg1 tftp 192 168 1 254 latest http 1 9 2 1 6 8 1 1 cli php version 2 output html usr admin pwd admin01 command update arg0 config arg1 tftp 192 168 1 254 user config zip http 1 9 2 1 6 8 1 1 cli php version 2 output html usr admin pwd admin01 command update arg0 license arg1 http 192 168 1 254 xxx lic http 1 9 2 1 6 8 1 1 cli php version 2 output html usr admin...

Page 195: ...ommand send arg0 techsupport arg1 address arg2 subject Notes The address has to be a valid E Mail address such as abc abc com the at sign can be encoded with 40 The E Mail client must be properly configured prior to using that function In case of stdout the downloaded techsupport file will be called download Examples http 1 9 2 1 6 8 1 1 cli php version 2 output mime usr admin pwd admin01 command ...

Page 196: ...NG800 User Manual for NRSW version 4 5 0 100 http 1 9 2 1 6 8 1 1 cli php version 2 output html usr admin pwd admin01 command send arg0 ussd arg1 0 arg2 2A100 23 196 ...

Page 197: ...tem module Mobilex Identifies a WWAN modem SERIALx Identifies a serial port OUTx Specifies a digital I O output port DOx INx Specifies a digital I O input port DIx ANY Generally includes all options offered by the current section APN Access Point Name CID A Cell ID is a generally unique number used to identify each Base Transceiver Station BTS LAC The Location Area Code corresponds to an identifie...

Page 198: ... LAI Location Area Identification LAC Location Area Code MCC Mobile Country Code MNC Mobile Network Code CID Cell ID MSISDN Mobile Subscriber Integrated Services Digital Network Number ICCID Integrated Circuit Card Identifier MEID Mobile Equipment Identifier IMSI International Mobile Subscriber Identity IMEI International Mobile Station Equipment Identity Table A 1 Abbreviations In general interna...

Page 199: ...connection went down 408 dialin up Dial In connection came up 409 dialin down Dial In connection went down 410 mobileip up Mobile IP connection came up 411 mobileip down Mobile IP connection went down 412 gre up GRE connection came up 413 gre down GRE connection went down 501 system login failed User login failed 502 system login succeeded User login succeeded 503 system logout User logged out 504...

Page 200: ...NS update succeeded 802 ddns update failed Dynamic DNS update failed 901 usb storage added USB storage device has been added 902 usb storage removed USB storage device has been removed 903 usb eth added USB Ethernet device has been added 904 usb eth removed USB Ethernet device has been removed 905 usb serial added USB serial device has been added 906 usb serial removed USB serial device has been r...

Page 201: ...ory Configuration The factory configuration including default values for any configuration parameter can be derived from the file etc config factory config cfg on the router You may also call cli get f parameter for obtaining a specific default value 201 ...

Page 202: ...ule AG Switzerland DESCRIPTION MIB module which defines the NB router specific entities REVISION 202008181230 Z DESCRIPTION MIB for software release 4 5 REVISION 202001130900 Z DESCRIPTION MIB for software release 4 4 REVISION 201910151045 Z DESCRIPTION MIB for software release 4 4 REVISION 201908051530 Z DESCRIPTION MIB for software release 4 3 REVISION 201908041530 Z DESCRIPTION MIB for software...

Page 203: ...DENTIFIER products 61 nb650 OBJECT IDENTIFIER products 62 ng800 OBJECT IDENTIFIER products 63 Textual Conventions FloatSyntax TEXTUAL CONVENTION DISPLAY HINT d 1 STATUS current DESCRIPTION Fixed point one decimal SYNTAX Integer32 nbAdminTable swVersion OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION The currently installed system software version admin 1 kernelVers...

Page 204: ...YPE SYNTAX INTEGER update 0 store 1 MAX ACCESS read write STATUS current DESCRIPTION The desired operation for configuration or software updates admin 11 switchOperation OBJECT TYPE SYNTAX INTEGER software 0 config 1 MAX ACCESS read write STATUS current DESCRIPTION The operation trigger to switch to alternative software or configuration admin 12 softwareActivationDate OBJECT TYPE SYNTAX DateAndTim...

Page 205: ... the last configuration update admin 23 configUpdateMode OBJECT TYPE SYNTAX INTEGER full 0 partial 1 MAX ACCESS read write STATUS current DESCRIPTION The desired system configuration update mode full or partial admin 24 Software Update softwareUpdate OBJECT TYPE SYNTAX URLString MAX ACCESS read write STATUS current DESCRIPTION Update the system software from the specified URL the URL must be prece...

Page 206: ...CT TYPE SYNTAX DateAndTime MAX ACCESS read only STATUS current DESCRIPTION The date of the last alternative software update admin 37 Upload Syslog syslogUpload OBJECT TYPE SYNTAX URLString MAX ACCESS read write STATUS current DESCRIPTION Upload the current system logs to the specified URL the URL must be preceded by a valid prefix e g tftp sftp ftp https or http and point to the path where the sys...

Page 207: ... wwanModemIndex Integer32 wwanModemName DisplayString wwanModemType DisplayString wwanServiceType DisplayString wwanRegistrationState DisplayString wwanSignalStrength Integer32 wwanNetworkName DisplayString wwanLocalAreaIdentification DisplayString wwanLocalAreaCode DisplayString wwanCellId DisplayString wwanTemperature DisplayString wwanIccid DisplayString wwanRSRP DisplayString wwanRSRQ DisplayS...

Page 208: ...ry 9 wwanCellId OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION The Cell ID CID to which the WWAN modem is currently registered nbWwanEntry 10 wwanTemperature OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION The current temperature of the WWAN modem nbWwanEntry 11 wwanIccid OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS...

Page 209: ... SYNTAX NBGnssEntry MAX ACCESS not accessible STATUS current DESCRIPTION An entry describing a GNSS device and its current settings INDEX gnssIndex nbGnssTable 1 NBGnssEntry SEQUENCE gnssIndex Integer32 gnssName DisplayString gnssSystem DisplayString gnssLat DisplayString gnssLon DisplayString gnssAlt DisplayString gnssNumSat Integer32 gnssNumSatUsed Integer32 gnssHorizontalSpeed DisplayString gns...

Page 210: ...CESS read only STATUS current DESCRIPTION The current vertical speed value in meter per second received by the GNSS device nbGnssEntry 10 gnssTrackAngle OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION The current track angle value in degrees received by the GNSS device nbGnssEntry 11 nbWlanTable nbWlanTable OBJECT TYPE SYNTAX SEQUENCE OF NBWlanEntry MAX ACCESS not ...

Page 211: ...DESCRIPTION Current signal strength of the WLAN module in client mode nbWlanEntry 7 nbWlanStationTable nbWlanStationTable OBJECT TYPE SYNTAX SEQUENCE OF NBWlanStationEntry MAX ACCESS not accessible STATUS current DESCRIPTION A table shows current connected clients nb 61 nbWlanStationEntry OBJECT TYPE SYNTAX NBWlanStationEntry MAX ACCESS not accessible STATUS current DESCRIPTION An entry descibes o...

Page 212: ...mitted bytes of a connected station nbWlanStationEntry 7 wlanStationInactive OBJECT TYPE SYNTAX Integer32 UNITS ms MAX ACCESS read only STATUS current DESCRIPTION The inactivity time of a connected station nbWlanStationEntry 8 nbWanTable nbHotLink OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION The active WAN link nb 70 nbWanTable OBJECT TYPE SYNTAX SEQUENCE OF NBW...

Page 213: ...nbWanEntry 4 wanLinkType OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION WAN link type nbWanEntry 5 wanLinkInterface OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION WAN link interface nbWanEntry 6 wanLinkAddress OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION WAN link address nbWanEntry 7 wanLinkGate...

Page 214: ...Rate OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION WAN link upload rate nbWanEntry 16 wanDataDownloadedRoaming OBJECT TYPE SYNTAX Counter64 UNITS bytes MAX ACCESS read only STATUS current DESCRIPTION WAN link data downloaded during roaming nbWanEntry 17 wanDataUploadedRoaming OBJECT TYPE SYNTAX Counter64 UNITS bytes MAX ACCESS read only STATUS current DESCRIPTION WAN...

Page 215: ...urrent DESCRIPTION The table describing any serial ports and their current statistics nb 54 nbSerialEntry OBJECT TYPE SYNTAX NBSerialEntry MAX ACCESS not accessible STATUS current DESCRIPTION An entry describing a serial port and its current statistics INDEX serialIndex nbSerialTable 1 NBSerialEntry SEQUENCE serialIndex Integer32 serialName DisplayString serialState Integer32 serialRxBytes Integer...

Page 216: ...rent DESCRIPTION The number of parity errors on the serial port nbSerialEntry 8 serialBrkErrors OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION The number of BRK errors on the serial port nbSerialEntry 9 serialBufferOverrunErrors OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION The number of buffer overrun errors on the serial port nbSerialE...

Page 217: ... STATUS current DESCRIPTION WAN link came up events 101 wan down NOTIFICATION TYPE STATUS current DESCRIPTION WAN link went down events 102 dio in1 on NOTIFICATION TYPE STATUS current DESCRIPTION DIO IN1 turned on events 201 dio in1 off NOTIFICATION TYPE STATUS current DESCRIPTION DIO IN1 turned off events 202 dio in2 on NOTIFICATION TYPE STATUS current DESCRIPTION DIO IN2 turned on events 203 dio...

Page 218: ...YPE STATUS current DESCRIPTION Dial In connection went down events 409 mobileip up NOTIFICATION TYPE STATUS current DESCRIPTION Mobile IP connection came up events 410 mobileip down NOTIFICATION TYPE STATUS current DESCRIPTION Mobile IP connection went down events 411 gre up NOTIFICATION TYPE STATUS current DESCRIPTION GRE connection came up events 412 gre down NOTIFICATION TYPE STATUS current DES...

Page 219: ...ent events 602 sms received NOTIFICATION TYPE STATUS current DESCRIPTION SMS has been received events 603 sms report received NOTIFICATION TYPE STATUS current DESCRIPTION SMS report has been received events 604 call incoming NOTIFICATION TYPE STATUS current DESCRIPTION A voice call is coming in events 701 call outgoing NOTIFICATION TYPE STATUS current DESCRIPTION Outgoing voice call is being estab...

Page 220: ...ded events 905 usb serial removed NOTIFICATION TYPE STATUS current DESCRIPTION USB serial device has been removed events 906 redundancy master NOTIFICATION TYPE STATUS current DESCRIPTION System is now master router events 1001 redundancy backup NOTIFICATION TYPE STATUS current DESCRIPTION System is now backup router events 1002 END 220 ...

Page 221: ... server incl device identity gps monitor are A script for activating WLAN as soon as GPS position lat lon is within a specified range gps udp client are This script sends the local GPS NMEA stream to a remote UDP server gps udp client compat are This script sends the local GPS NMEA stream incl serial checksum to a remote UDP server led are This script can be used to set a LED modbus rtu master are...

Page 222: ...ads messages coming from the serial port and forwards them via UDP to a remote host and vice versa serial write are This script can be used to write a message to the serial port set ipsec route are set route to IPSEC server depending on active WWAN WLAN net work sms confirm are This script will send out a message and confirm its delivery sms control are This script will execute commands received b...

Page 223: ... an UDP server which is able to receive messages and forward them as SMS E Mail udpserver are This script implements an UDP server which is able to receive mes sages update config are This script can be used to perform a configuration update voice dispatcher audio are This script implements an audio voice dispatcher webpage are This script will generate a page which can be viewed in the Web Man ag...

Reviews:

No comments

Related manuals for NG800

Brand: PAC Pages: 20

OA5305-13maw-EU

Brand: Alcatel Pages: 4

Brand: Zennio Pages: 38

Brand: Doepke Pages: 44

Brand: Harmonic Pages: 40

Brand: Geneko Pages: 158

Sentry 556 Series

Brand: Forum Systems Pages: 21

Brand: Fortinet Pages: 13

Brand: Fortinet Pages: 23

Brand: Comtrend Corporation Pages: 70

Brand: Avid Technology Pages: 152

Brand: Paradyne Pages: 31

Brand: Paradyne Pages: 49

Brand: Paradyne Pages: 78

Brand: SAE Pages: 17

Brand: Rosslare Pages: 28

Brand: Rosslare Pages: 52

Asycube CC-Link Gateway

Brand: Asyril Pages: 21

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands