NetModule NB3000-Line-Hd Скачать руководство пользователя страница 92

Страница: 92 / 225

NB3000-Line-Hd User Manual 4.2

5.4.4. Mobile IP

Mobile IP (MIP) can be used to enable seamless switching between different kinds of WAN

links (e.g. WWAN/WLAN). The

mobile node

hereby remains reachable via the same IP ad-

dress (

home address

) at any time, independently of the WAN link being used. Effectively,

any WAN link switch causes very small outages during switchover while keeping all IP con-

nections alive.

Moreover, NetModule routers also support NAT-Traversal for mobile nodes running behind

a ﬁrewall (performing NAT), which makes mobile nodes even there accessible from a central

oﬃce via their home address, and thus, bypassing any complicated VPN setups.

The

home agent

accomplishes this by establishing a tunnel (similar to a VPN tunnel) be-

tween itself and the

mobile node

. WAN link switching works by telling the

home agent

that

the WAN IP address (called the

care-of address

in MIP terms) of the

mobile node

has

changed. The

home agent

will then encapsulate packets destined to a

mobile node

’s home

address into a tunnel packet containing the current

care-of address

of the

mobile node

its destination address.

To prevent problems with ﬁrewalls and private IP addressing, the MIP implementation al-

ways employs reverse tunneling, which means that all traﬃc sent by a

mobile node

is re-

layed via the tunnel to the

home agent

instead of directly being conveyed to the ﬁnal desti-

nation. This fact also empowers MIP to be used as a lightweight VPN replacement (without

payload secrecy).

The MIP implementation supports RFCs 3344, 5177, 3024 and 3519. For applications requir-

ing vast numbers of mobile nodes, interoperability with the Cisco 2900 Series

home agent

implementation has been veriﬁed. However, since NetModule routers implement a

mobile

node

as well as a

home agent

, a MIP network with up to 10 mobile nodes can be imple-

mented without requiring expensive third party routers.

If MIP is run as a

mobile node

, the following settings can be conﬁgured:

Parameter

Mobile IP Conﬁguration

Primary home agent ad-

dress

The address of the primary

home agent

Secondary

home

agent

address

The address of the secondary

home agent

. The mobile node

will try to register with this home agent, if the primary

home

agent

is not reachable.

Home address

The permanent home address of the

mobile node

which can

be used to reach the mobile router at any time

Содержание NB3000-Line-Hd

Страница 1: ...NetModule Router NB3000 Line Hd User Manual for Software Version 4 2 Manual Version 1 12 NetModule AG Switzerland November 28 2018...

Страница 2: ...ot be copied in any form or by any means stored in a retrieval system adopted or transmitted in any form or by any means electronic mechanical photographic graphic optic or otherwise or translated in...

Страница 3: ...16 3 4 9 Power Supply 18 3 4 10 Extension Connector 20 3 5 Data Storage Option Dx 27 3 6 Option NB3711 27 3 6 1 Power Supply NB3711 28 4 Installation 30 4 1 Installation of the SIM Cards 30 4 2 Insta...

Страница 4: ...6 2 IPsec 103 5 6 3 PPTP 109 5 6 4 GRE 112 5 6 5 Dial In 113 5 7 SERVICES 115 5 7 1 SDK 115 5 7 2 DHCP Server 124 5 7 3 DNS Server 126 5 7 4 NTP Server 128 5 7 5 Dynamic DNS 129 5 7 6 E Mail 131 5 7...

Страница 5: ...g Status Information 180 6 7 Scanning Networks 181 6 8 Sending E Mail or SMS 181 6 9 Updating System Facilities 182 6 10 Manage keys and certi cates 182 6 11 Restarting Services 183 6 12 Debug System...

Страница 6: ...O Ports 74 5 20 Static Routing 79 5 21 Extended Routing 81 5 22 Multipath Routes 82 5 23 Mobile IP 85 5 24 Firewall Groups 91 5 25 Firewall Rules 92 5 26 Masquerading 94 5 27 Inbound NAPT 95 5 28 Ope...

Страница 7: ...Administration 146 5 50 System 152 5 51 Regional settings 155 5 52 User Accounts 158 5 53 Remote Authentication 159 5 54 Manual File Con guration 164 5 55 Automatic File Con guration 165 5 56 Factory...

Страница 8: ...and Outputs 20 3 20 Audio Port Speci cation 21 3 21 Pin Assignments of Audio Port Signals EP1 EP2 21 3 22 CAN Port Speci cation 22 3 23 Pin Assignments of CAN Port Signals EP1 EP2 22 3 24 IBIS Port Sp...

Страница 9: ...NB3000 Line Hd User Manual 4 2 5 143 Certi cate Operations 171 A 1 Abbreviations 191 A 2 System Events 193 A 3 SDK Examples 216 9...

Страница 10: ...the router and its features The following chapters describe any aspects of commis sioning the device installation procedure and provide helpful information towards con gu ration and maintenance Pleas...

Страница 11: ...nternational laws and with any special restrictions regulating the utilization of the communication module in prescribed applications and environments Information about the accessories changes to the...

Страница 12: ...ted only with applicable Regula tory Domain con gured Special attention must be paid to country number of antennas and the antenna gain see also chapter 5 3 4 The maximum allowed gain is 3dBi in the r...

Страница 13: ...ystem con guration It can be easily applied to a newer software release afterwards 2 2 Declaration of Conformity NetModule hereby declares that under our own responsibility that the routers comply wit...

Страница 14: ...open source codes covered by these licenses please contact our technical support at router support netmodule com Acknowledgements This product includes PHP freely available from http www php net Soft...

Страница 15: ...3 Speci cations 3 1 Appearance 6...

Страница 16: ...M card slots Extension port The NB3000 Line Hd can be equipped with the following options LTE LTE 450MHz LTE US CDMA 450MHz WLAN IEEE 802 11ac GPS GNSS GSM R RS 232 RS 485 IBIS CAN Audio 1 TB internal...

Страница 17: ...es 25 C to 55 C Class T2 according to EN 50155 Storage Temperature Range 40 C to 85 C Humidity 0 to 95 non condensing Altitude Variant Pa up to 4000m Altitude Variant Pb up to 2000m Over Voltage Categ...

Страница 18: ...y to any modem by con guration 4 USB USB 2 0 host port can be used for software con guration updates 5 ETH 1 3 FastEthernet switch ports can be used as LAN or WAN interface 6 ETH 4 5 Gigabit Ethernet...

Страница 19: ...arked cable with at least 6mm2 copper area Avoid corrosion and protect the screws against loosening 11 PWR Power supply galvanically isolated 12 EXT Galvanically isolated extension ports M12 connector...

Страница 20: ...onnection 2 is up l blinking Mobile connection 2 is being established m off Mobile connection 2 is down WLAN1 lll 1 on WLAN connection 1 is up l blinking WLAN connection 1 is being established m off W...

Страница 21: ...lent Table 3 3 NB3000 Line Hd Status Indicators Ethernet LEDs The following table describes the Ethernet status indicators Label Color State Function ETH1 5 l on Link on 10 Mbit s 100 Mbit s or 1000 M...

Страница 22: ...s Uplink 50 Mbit s CDMA450 Band Class 5 Block Designators A B Downlink 14 7 Mbit s Uplink 5 4 Mbit s LTE Advanced Cat 6 B30 2300 WCS B41 TDD 2500 B29 US 700de Lower B26 US 850 Ext B25 1900 B5 850 B20...

Страница 23: ...and 802 11ac support 2x2 MIMO The WLAN antenna ports have the following speci cation Feature Speci cation Max allowed cable length 30 m Max allowed antenna gain including cable attenuation 3 0 dBi1 M...

Страница 24: ...elerometer and 3D gyro scope Feature Speci cation Systems GPS GLONASS BeiDu Galileo ready Data stream NMEA or UBX Tracking sensitivity 160 dBm Channels 72 Accuracy 2m Supported antennas Active and pas...

Страница 25: ...rt Speci cation 3 4 8 M12 Ethernet Connectors Speci cation The Ethernet ports have following speci cation Feature Speci cation Isolation to enclosure 1500 VDC Speed Fast Ethernet 10 100 Mbit s Gigabit...

Страница 26: ...female Pin Signal Pinning 1 Tx 2 Rx 3 Tx 4 Rx Table 3 14 Pin Assignments of 4 Poles Ethernet Connectors Pin Assignment on M12 8 poles X coded female Pin Signal Pinning 1 M1 2 M1 3 M0 4 M0 5 M2 6 M2 7...

Страница 27: ...Voltage range 24 VDC to 60 VDC 30 5 Max power consumption 25 W Max cable length 30m Cable shield not required Galvanic isolation yes 1500 VDC according to EN 50155 EN 62368 1 Power interruption Class...

Страница 28: ...d not required Galvanic isolation yes 1500 VDC according to EN 50155 EN 62368 1 Power interruption Class S2 Sustains interruptions up to 10 ms there are no batteries included Supply change over Class...

Страница 29: ...and pin 5 to 8 represent Ex tension Port 2 EP2 On both EP1 and EP2 the following interfaces may be present Non isolated RS 232 Default con guration on EP1 Audio Option A CAN Option C IBIS Option I Is...

Страница 30: ...z Input galvanic isolation to enclo sure functional max 250 VDC Output impedance 100 signal level 2 Vpp Output bandwidth 300 Hz 4 kHz Output galvanic isolation to enclo sure functional max 250 VDC Max...

Страница 31: ...al bus termination none External bus termination2 120 Max cable length 100 m Cable shield mandatory Cable type twisted pair Max number of nodes 110 Reactionless Option Cb CAN Passive monotioring only...

Страница 32: ...ype IBIS Peripherieger t according to VDV300 and VDV301 Speed 1200 Baud Galvanic isolation to enclosure 1500 VDC Max cable length 100 m Cable shield not required Table 3 24 IBIS Port Speci cation EP P...

Страница 33: ...D TXD RXD Baud rate 300 1 200 2 400 4 800 9 600 19 200 38 400 57 600 115 200 230 400 460 800 Data bits 7 bit 8 bit Parity none odd even Stop bits 1 2 Software ow control none XON XOFF Hardware ow cont...

Страница 34: ...XD Baud rate 600 1 200 2 400 4 800 9 600 19 200 38 400 57 600 115 200 230 400 460 800 921 600 Data bits 7 bit 8 bit Parity none odd even Stop bits 1 2 Software ow control none XON XOFF Hardware ow con...

Страница 35: ...400 460 800 Data bits 7 bit 8 bit Parity none odd even Stop bits 1 2 Software ow control none XON XOFF Hardware ow control none Galvanic isolation to enclosure 1500 VDC Internal bus termination none...

Страница 36: ...or further details section 2 2 Media Mount The following options are available Option Capacity Da 32 GB Flash Db 64 GB Flash Dc 128 GB SSD Dd 256 GB SSD De 512 GB SSD Df 1 TB SSD Table 3 32 Storage Sp...

Страница 37: ...Voltage range 24 VDC to 60 VDC 30 5 Max power consumption 15 W Max cable length 30m Cable shield not required Galvanic isolation yes 1500 VDC according to EN 50155 EN 60950 Power interruption Class S...

Страница 38: ...s according to EN 50155 EN 60950 Power interruption Class S2 Sustains power interruptions up to 10 ms there are no batteries included Supply change over Class C1 0 6 Un during 100 ms w o inter ruption...

Страница 39: ...in the same manner The SIM card will then rebounds and can be pulled out SIMs can be assigned exibly to any modem in the system It is also possible to switch a SIM to a different modem during operatio...

Страница 40: ...le 4 1 LTE UMTS antenna port types Attention Following points must be observed when installing the antennas A minimum clearance of at least 40 cm between people and the antennas must always be ensured...

Страница 41: ...ion of maximum 3dBi in the rele vant frequency range WLAN antennas with a higher ampli cation may be used with the NetModule router Enhanced RF Con guration software li cense and the antenna gain and...

Страница 42: ...Only a shielded Ethernet cable may be used To guarantee the IP65 protection class the cable and the connector have also to be IP65 certi ed The connector has to screwed on with 0 4Nm If no cable is c...

Страница 43: ...Line Interface CLI and set con guration parameters directly The IP address of Ethernet1 is 192 168 1 1 and the Dynamic Host Con guration Protocol DHCP is activated on the interface by default The fol...

Страница 44: ...state and will be disabled as soon as the admin password has been set They can be enabled again afterwards in the relevant sections Other services SSH Telnet Console can be accessed in factory state...

Страница 45: ...ill be provided with two les recovery image and recovery dtb which must be placed in the root directory of a TFTP server connected via LAN1 and address 192 168 1 254 The recovery image can be launched...

Страница 46: ...k information signal strength etc The information about the amount of downloaded uploaded data is stored in non volatile memory thus survive a reboot of the system The counters can be reset by pressin...

Страница 47: ...tion about the OpenVPN tunnel status IPSec This page provides information about the IPsec tunnel status PPTP This page provides information about the PPTP tunnel status GRE This page provides informat...

Страница 48: ...tus The system status page displays various details of your NB3000 Line Hd router including system details information about mounted modules and software release information SDK This section will list...

Страница 49: ...ing on your hardware model WAN links can be made up of either Wireless Wide Area Network WWAN Wireless LAN WLAN Ethernet or PPP over Ethernet PPPoE connections Please note that each WAN link has to be...

Страница 50: ...d priority The rst fallback link it can be enabled permanently or being dialed as soon as Link 1 goes down 3rd priority The second fallback link it can be enabled permanently or be ing dialed as soon...

Страница 51: ...manently on switchover Link is being established on switchover it will be dialled if pre vious links failed distributed Link is member of a load distribution group Parameter WAN Link Settings Operatio...

Страница 52: ...e Hd User Manual 4 2 Parameter IP Pass Through Settings Interface Speci es the interface on which the address shall be passed through WAN network Speci es the WAN network WAN netmask Speci es the WAN...

Страница 53: ...oid any negative side effects the number of bytes in the data segment and the headers must not add up to more than the number of bytes in the Maximum Transmission Unit MTU The MTU can be con gured per...

Страница 54: ...onitored can be ANY Mode Speci es whether the link shall only be monitored if being up e g for using a VPN tunnel or if connectivity shall be also validated at connection establishment default Primary...

Страница 55: ...Max number of failed tri als The maximum number of failed ping trials until the link will be declared as down Emergency action The emergency action which should be taken after a maximum downtime has b...

Страница 56: ...ng a WAN link The LAN10 interface will be available as soon as a pre con gured USB Ethernet device has been plugged in Ethernet Port Assignment Figure 5 6 Ethernet Ports This menu can be used to indiv...

Страница 57: ...nually but it has to be ensured that all devices in the network utilize the same settings then VLAN Management NetModule routers support Virtual LAN according to IEEE 802 1Q which can be used to cre a...

Страница 58: ...ned on the router Further 802 1P introduces a priority eld which in uences packet scheduling in the TCP IP stack The following priority levels from lowest to highest exist Parameter VLAN Priority Lev...

Страница 59: ...it will use the interface speci c name servers e g the ones being retrieved over DHCP and update the resolver con guration accordingly Figure 5 9 LAN IP Con guration Parameter LAN IP Settings Mode De...

Страница 60: ...network You may also de ne static values but caution has to be taken to assign an unique IP address as it would otherwise raise IP con icts in the network PPPoE is commonly used when communicating wit...

Страница 61: ...balance of a prepaid account SIMs Figure 5 10 SIMs The SIM page gives an overview about the available SIM cards their assigned modems and the current state Once a SIM card has been inserted assigned t...

Страница 62: ...ns it might be necessary to set a speci c service type or assign a xed operator The list of operators around can be obtained by initiating a network scan may take up to 60 seconds Further details can...

Страница 63: ...unlocking the SIM card PUK code The PUK code for unlocking the SIM card optional Default modem The default modem assigned to this SIM card Preferred service The preferred service to be used with this...

Страница 64: ...goes on as soon as the connection is up Refer to section 5 8 7 or consult the system log les for troubleshooting the problem in case the connection did not come up Figure 5 11 WWAN Interfaces The fol...

Страница 65: ...on you may con gure the following advanced settings Parameter WAN Advanced Parameters Required signal strength Sets a minimum required signal strength before the connec tion is dialed Home network onl...

Страница 66: ...Ethernet LAN interface does As mesh point it can create a wireless mesh network to provide a backhaul connectivity with dynamic path selection As dual mode it is possible to run access point and clie...

Страница 67: ...or dual mode you can further con gure the following settings Parameter WLAN Management Operation type Speci es the desired IEEE 802 11 operation mode Radio band Selects the radio band to be used for...

Страница 68: ...WLAN Mesh Point Management Operation type Speci es the desired IEEE 802 11 operation mode Radio band Selects the radio band to be used for connections depending on your module it could be 2 4 or 5 GH...

Страница 69: ...back You can perform a WLAN network scan and pick the settings from the discovered information directly The authentication credentials have to be obtained by the operator of the remote access point P...

Страница 70: ...access point mode you can create up to 4 SSIDs with each running their own network con guration The networks can be individually bridged to a LAN interface or oper ate as dedicated interface in routi...

Страница 71: ...her wise the key passphrase for WPA EAP TLS Force PMF Enables Protected Management Frames Hide SSID Hides the SSID Isolate clients Disables client to client communication Accounting Sets accounting pr...

Страница 72: ...n the wireless net work connect to the other mesh partners with the same ID and sercurtiy credentials The authentication credentials have to be obtained by the operator of the mesh network Parameter W...

Страница 73: ...des can be con gured Parameter WLAN Mesh Point Security Modes Off MESHID is disabled None No authentication provides an open network SAE SAE Simultaneous Authentication of Equals is a secure password...

Страница 74: ...mend to set up separated interfaces in routing mode in order to avoid unwanted access and tra c between the interfaces The corresponding DHCP server for each network can be con gured in afterwards as...

Страница 75: ...arameter Bridge Settings Administrative status Enables or disables the bridge interface If you need an inter face to the local system you need to de ne an IP address for the local device IP Address IP...

Страница 76: ...her devices shall be recognized Enable hotplug Speci es whether device shall be recognized if plugged in dur ing runtime or only at bootup Enable USB IP device server Speci es if devices shall be expo...

Страница 77: ...nd it can be used to enable a speci c device based on its Vendor and Product ID Only enabled devices will be recognized by the system and raise additional ports and interfaces Figure 5 16 USB Device M...

Страница 78: ...which can be used for setting up more systems with different admin passwords For new devices with an empty password the hash key e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 can b...

Страница 79: ...kernel messages and spawns a login shell so that users can login to the system device server The serial port will be exposed over a TCP IP port and can be used to implement a Serial IP gateway modem...

Страница 80: ...number of data bits contained in each frame Parity Speci es the parity used for every frame that is transmitted or received Stop bits Speci es the number of stop bits used to indicate the end of a fra...

Страница 81: ...in seconds before the port will be disconnected if there is no activity on it A zero value disables this function Allow remote control Allow remote control ala RFC 2217 of the serial port Show banner...

Страница 82: ...rt Baud rate Speci es the baud rate run on the serial port Hardware ow control You may enable RTS CTS hardware ow control so that the RTS and CTS lines are used to control the ow of data Parameter Inc...

Страница 83: ...Ports You can apply the following settings Parameter Digital I O Settings DO1 after reboot Initial status of DO1 after system has booted DO2 after reboot Initial status of DO2 after system has booted...

Страница 84: ...page can be used to pre con gure the audio module It can be later used for the voice gateway It can be con gured as follows Parameter Audio Settings Volume level Default volume level for line out Audi...

Страница 85: ...operation either standalone or assisted for A GPS Antenna type The type of the connected GPS antenna either passive or ac tively 3 volt powered Accuracy The desired accuracy in meters Fix frame interv...

Страница 86: ...recision as stated in GPGSA frames Furtheron each satellite also comes with the following details Parameter GNSS Satellite Information PRN The PRN code of the satelitte also referred as satellite ID a...

Страница 87: ...gency action The corresponding emergency action You can either let just restart the server which will also re initialize the GPS function on the module or reset the module in severe cases Please note...

Страница 88: ...both If interface is set to ANY the system will choose the route interface automatically depending on the best matching network con gured for an interface Figure 5 20 Static Routing In general host r...

Страница 89: ...routing metric of the interface default 0 higher metrics have the effect of making a route less favorable Flags A ctive P ersistent H ost Route N etwork Route D efault Route The ags obtain the followi...

Страница 90: ...vice TOS of packets Parameter Extended Route Con guration Source address The source address of a packet Source netmask The source address of a packet Destination address The destination address of a p...

Страница 91: ...interfaces have to be de ned to establish multipath routing Additional inter faces can be added by pressing the plus sign Parameter Add Multipath Routes Target network netmask De nes the target netwo...

Страница 92: ...the mobile node as its destination address To prevent problems with rewalls and private IP addressing the MIP implementation al ways employs reverse tunneling which means that all tra c sent by a mobi...

Страница 93: ...e mobile node at the home agent This can be either a 128 bit hexadecimal value or a random length ASCII string Life time The lifetime of security associations in seconds UDP encapsulation Speci es whe...

Страница 94: ...SPI identifying the security context for the tunnel between the mobile node and the home agent This is used to distinguish mobile nodes from each other Therefore each mobile node needs to be assigned...

Страница 95: ...tion can be used to de ne the WAN interfaces on which QoS should be active Parameter QoS Interface Parameters Interface The WAN interface on which QoS should be active Bandwidth congestion The bandwid...

Страница 96: ...se the total bandwidth of all queues exceeds the set upstream band width of QoS Interface Parameters Set TOS The TOS DiffServ value to set on matching packets You can now con gure and assign any servi...

Страница 97: ...s on a particular interface and dis tribute incoming multicast packets towards the downstream interfaces on which hosts have joined the groups Parameter Multicast Routing Settings Administrative statu...

Страница 98: ...e interfaces tab is used to de ne OSPF speci c settings for the IP interfaces of the router If no settings are de ned for a speci c interface default settings will be used Parameter OSPF Interfaces In...

Страница 99: ...GP when VRRP slave Disables the BGP protocol when the router is set to slave mode by the VRRP redundancy protocol The neighbors tab is used to con gure all the BGP routers to peer with Parameter BGP N...

Страница 100: ...ion page can be used to enable and disable rewalling When turning it on a shortcut can be used to generate a prede ned set of rules which allow administration over HTTP HTTPS SSH or TELNET by default...

Страница 101: ...Parameter Firewall Rule Con guration Description A meaningful description about the purpose of this rule Action Speci es whether the packets of this rule should be allowed or denied log matches Throw...

Страница 102: ...atching packets UDP TCP or ICMP Destination port s The destination port of matching packets which can be speci ed by a single port or a range of ports only UDP TCP The statistics page can be used to g...

Страница 103: ...you specify the interfaces on which masquerading will be per formed NAT will hereby use the address of the selected interface and choose a random source port for outgoing connections and thus enables...

Страница 104: ...peci ed rules are processed by order that means traversing the list from top to bottom until a matching rule is found If there is no matching rule found the packet will pass as is Parameter Inbound NA...

Страница 105: ...r port range translation in outbound rules Use network based mapping there NAPT Outbound Rules Outbound rules will modify the source section of IP packets and can be used to establish 1 1 NAT mappings...

Страница 106: ...NB3000 Line Hd User Manual 4 2 5 6 VPN 5 6 1 OpenVPN OpenVPN Administration Figure 5 28 OpenVPN Administration 97...

Страница 107: ...hich has been created in advance Refer to chapter 5 6 1 to learn more about how to manage clients and generate the les Figure 5 29 OpenVPN Con guration Parameter OpenVPN Con guration Operation mode Sp...

Страница 108: ...ridged networks Protocol The tunnel protocol to be used for the transport connection Network mode De nes how the packets should be forwarded which can be either routed or bridged from to a particular...

Страница 109: ...Check peer certi cate against local CRL negotiate DNS If enabled the system will use the nameservers which have been negotiated over the tunnel OpenVPN Expert Con guration Client The expert con gurati...

Страница 110: ...Certi cate le server key Private key le dh1024 pem Di e Hellman parameters le ccd A directory containing client speci c con guration les Keep in mind that a certi cate becomes valid once its validity...

Страница 111: ...xed address for a particular client you would have to apply xed addresses to the other ones as well You may specify the network behind the clients as well as the routes to be pushed to each client Th...

Страница 112: ...vide a secure channel and a bundle of algorithms that provide the parameters necessary to operate the AH and or ESP operations The Internet Security Association Key Management Protocol ISAKMP provides...

Страница 113: ...ly used for connections which traverse a path where a router modi es the IP address port of packets It encapsulates packets in UDP and therefore requires a slight overhead which has to be taken into a...

Страница 114: ...ther Dead Peer Detection see RFC 3706 shall be used DPD will detect any broken IPSec connections in par ticular the ISAKMP tunnel and refresh the corresponding SAs Security Associations and SPIs Secur...

Страница 115: ...of identi cation for the local ID which can be a FQDN username FQDN or IP address Local ID The local ID value Remote ID Type The type of identi cation for the remote ID Remote ID The remote ID value...

Страница 116: ...tration of the key exchange protocol and prevents compromisation of previous keys Pseudo random function PRF algorithms that can optionally be used IPsec Proposal This section can be used to con gure...

Страница 117: ...network Local netmask The netmask of your local area network Peer network The address of the remote network behind the peer Peer netmask The netmask of the remote network behind the peer NAT address...

Страница 118: ...insecure but it still provides a straightforward way for establishing tunnels Figure 5 33 PPTP Administration When setting up a PPTP tunnel you would need to choose between server or client A client t...

Страница 119: ...quires the following settings Parameter PPTP Server Settings Listen address Speci es on which IP address should be listened for incoming client connections Server address The server address within the...

Страница 120: ...ement PPTP clients for a server tunnel need to be con gured here They are made up of user name and password A xed IP address can be assigned to them which can be used to point any routes to a dedicate...

Страница 121: ...e required for setting up a tunnel Parameter GRE Con guration Peer address The IP address of the remote peer Interface The device type for this tunnel Local tunnel address The local IP address of the...

Страница 122: ...on is not possible Figure 5 36 Dial in Server Settings The following settings can be set Parameter Dial in Server Con guration Administrative status Speci es whether incoming calls shall be answered o...

Страница 123: ...NB3000 Line Hd User Manual 4 2 Please note that Dial In connections are generally discouraged As they are implemented as GSM voice calls they suffer from unreliability and poor bandwidth 114...

Страница 124: ...Anyone reasonably experienced in the C language will nd an environment that is easy to dig in However feel free to contact us via router support netmodule com and we will happily support you in nding...

Страница 125: ...Transfer les over HTTP FTP 12 Perform con g software updates 13 Control the LEDs 14 Get system events restart services or reboot system 15 Scan for networks in range 16 Create your own web pages 17 V...

Страница 126: ...TION_COUNTRY_CODE string 2 ch LOCATION_COUNTRY string 11 Switzerland LOCATION_POSTCODE string 4 8001 LOCATION_STATE string 6 Zurich LOCATION_LATITUDE string 9 47 3778058 LOCATION_LONGITUDE string 8 8...

Страница 127: ...the router when the script is to be executed This can be either time based e g each Monday or triggered by one of the pre de ned system events e g wan up as described in Events chapter 5 7 7 With both...

Страница 128: ...duling priority Speci es the process priority of the sdkhost higher priorities will speed up scheduling your scripts lower ones will have less impact to the host system Enable watchdog This option wil...

Страница 129: ...he trigger either time based or event based Condition Speci es the time condition for time based triggers e g hourly Timespec The time speci cation which together with the condition speci es the time...

Страница 130: ...be created by using the following parameters Parameter SDK Job Parameters Name A meaningful name to identify the job Trigger Speci es the trigger that should launch the job Script Speci es the script...

Страница 131: ...nexpected expecting SDK Sample Application As an introduction you can step through a sample application namely the SMS control script which implements remote control over short messages and can be use...

Страница 132: ...e system output 1 on Turns on the rst digital output port output 1 off Turns off the rst digital output port output 2 on Turns on the second digital output port output 2 off Turns off the second digit...

Страница 133: ...e note that WLAN interfaces for each SSID will pop up here as well in case you have con gured an access point respectively Figure 5 39 DHCP Server The following settings for each interface can be appl...

Страница 134: ...current DNS server addresses if not con gured elsewise You can specify xed addresses here Only allow static hosts Any requests coming from none static hosts will be ignored It is also possible to con...

Страница 135: ...es but it can be also used for serving xed addresses for particular host names Figure 5 40 DNS Server The following settings can be applied Parameter DNS Server Settings Administrative status Enables...

Страница 136: ...ic hosts for serving xed IP addresses for various host names Parameter DNS Static Hosts Settings Address The IP address of the static host Hostname The hostname of the static host Please remember to p...

Страница 137: ...r each interface can be applied then Parameter NTP Server Settings Administrative status Speci es whether the NTP server is enabled or not Poll interval De nes the polling interval 64 2048 seconds for...

Страница 138: ...ng the current Internet address which can be useful in NAT scenarios The DynDNS client will be triggered whenever a WAN or VPN link comes up Figure 5 42 Dynamic DNS Settings We provide support for a b...

Страница 139: ...name provided by your DynDNS service e g my box dyndns org Port The HTTP port of the service typically 80 Username The user name used for authenticating at the service Password The password used for a...

Страница 140: ...nt Settings E mail client status Administrative status of the E Mail client From e mail address E Mail address of the sender Server address SMTP server address Server port SMTP server port typically 2...

Страница 141: ...SNMP host The SNMP host or address to which the trap shall be sent SNMP port The port of the remote SNMP service Username The username for accessing the remote SNMP service Password The password for...

Страница 142: ...er roaming to foreign networks where other fees may apply You can manually assign a xed network by LAI in the Mobile SIMs section see 5 3 3 Sending messages heavily depends on the registration state o...

Страница 143: ...ce when you want to avoid using any expensive service or international numbers Both types of rules form a list will be processed by order forwarding outgoing messages over the speci ed modem or droppi...

Страница 144: ...any other user whereas normal users will only be able to view status values the admin user will obtain privileges to modify the system Figure 5 45 SSH and Telnet Server Please note that these services...

Страница 145: ...ngs Administrative status Whether the SSH service is enabled or disabled Server port The TCP port of the service usually 22 Disable admin login Disable login for admin users Disable password based log...

Страница 146: ...EXT MED MIB 1 3 6 1 4 1 31496 VENDOR MIB The VENDOR MIB tables offer some additional information over the system and its WWAN GNSS and WLAN interfaces They can be accessed over the following OIDs Par...

Страница 147: ...Con guration Administrative status Enable or disable the SNMP agent Operation mode Speci es if agent should run in compatibilty mode or for SN MPv3 only Contact System maintainer or other contact info...

Страница 148: ...is allowed for admin access Attention must be paid to the fact that SNMP passwords have to be more than 8 characters long Shorter passwords will be doubled for SNMP e g admin01 becomes admin01admin01...

Страница 149: ...uration update status snmpget v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 12 0 The return value can be one of succeeded 1 failed 2 inprogress 3 notstart...

Страница 150: ...1 31496 10 40 18 0 Getting the alternative software version snmpget v 3 u admin n l authNoPriv a MD5 x DES A admin01admin01 192 168 1 1 1 3 6 1 4 1 31496 10 40 19 0 Getting the alternative software h...

Страница 151: ...ommunication will be encrypted and thus avoids any misuse of the system In order to enable HTTPS you would need to generate or upload a server certi cate in the section 5 8 8 Figure 5 47 Web Server Pa...

Страница 152: ...d discovery protocols The following protocols are supported Parameter Discovery Con guration LLDP Link Layer Discovery Protocol CDP Cisco Discovery Protocol FDP Foundry Discovery Protocol SONMP Nortel...

Страница 153: ...ot reach able anymore checked via multicast packets This may happen when one device is reboot ing or the Ethernet link went down Same applies when the WAN link goes down Figure 5 48 VRRP Con guration...

Страница 154: ...ce Interface on which VRRP should be performed Virtual gateway address The virtual gateway address formed by the participating hosts We assign a priority of 100 to the master and 1 to the backup route...

Страница 155: ...Administrative status Speci es whether the gateway shall be enabled or disabled Call routing De nes who will be responsible for call routing If SDK has been speci ed you would need to install a script...

Страница 156: ...int acting as SIP user agent towards a remote registrar Based on your equipment we recommend to adjust the modem s audio pro le for a better sound experience The following pro les are available Parame...

Страница 157: ...d and could give added delay to the system Parameter Endpoint Settings Voice Over Mobile Modem Speci es the modem which will be used for voice over mobile calls Audio pro le Speci es the modem s audio...

Страница 158: ...strar Subscriber The subscriber name used at the registrar Username The username to authenticate at the registrar Password The password used for autentication Register Selects whether the user agent s...

Страница 159: ...point registration status and so on Using the SDK you can also initiate or accept a call adjust its volume level or do a hangup Anyway for simple scenarios the generic method should be su cient and ca...

Страница 160: ...ar proxy Parameter X Lite Con guration User ID SIP username used in from headers i e subscriber name Domain SIP Domain used in from headers optional Authorization name Username used for authentication...

Страница 161: ...Settings Local hostname The hostname of the system Application area The desired application area which in uences the system be haviour such as registration timeouts or other adaptions when operating i...

Страница 162: ...evice on which log les shall be stored Max lesize The maximum size of the log les in kB until they will get rotated Redirect address Speci es an IP address to which log messages should be redi rected...

Страница 163: ...Password The password used to unlock the bootloader If empty the admin password will be used Time Region This page can be used for setting the system time and con guring the time zone You may further...

Страница 164: ...bled Parameter Time Zone Time Zone Set the local time zone Daylight saving changes Enable disable daylight saving changes Virtualization Virtualization techniques can be used to run multiple isolated...

Страница 165: ...tftp If you uploaded the the image to the router in advance you can also use le followed by the local path of the le We can provide various tailored Linux distribution images such as Debian on demand...

Страница 166: ...e guest system Parameter Guest Devices Enable devices Enable or disable device for the guest In order to limit the ressources for a guest the following settings can be applied Parameter Guest Limits C...

Страница 167: ...but can sill login via HTTP tel net User Accounts By using this page you can manage the user accounts on the system Figure 5 52 User Accounts The admin user is a built in power user which represents t...

Страница 168: ...The name of the user Role Either admin or user Old password The old password of the user New password The new password of the user Con rm new password The con rmed new password of the user Please note...

Страница 169: ...n RADIUS server The RADIUS server address RADIUS secret The secret used to authenticate against the RADIUS server Authentication port The port used for authentication Accounting port The port used for...

Страница 170: ...de the administrator password if you want to downgrade to a release 4 1 x and lower The same passphrase will be used for bootloader login as well All users which have no password stored on the device...

Страница 171: ...a while Automatic Software Update This menu can be used to run a automatic software update of the system Parameter Automatic software update Status Enable disable automatic software update Time of da...

Страница 172: ...ath file Supported protocols are TFTP HTTP HTTPS and FTP For boxes with lim ited amount of ash you may also use usb0 path to firmware package A rmware package ZIP usually consists of a ash utility an...

Страница 173: ...te package zip containing the con guration le and a packed version of other essential les such as certi cates in the root directory Manual File Con guration Figure 5 54 Manual File Con guration This s...

Страница 174: ...atic con guration update of the system It is con g ured as follows Parameter Automatic File Con guration Status Enable disable an automatic con guration update Time of day Time of day when the system...

Страница 175: ...rned on The factory reset will set the IP address of the rst Ethernet interface back to 192 168 1 1 You will be able to communicate again with the device using the default network parameters You may s...

Страница 176: ...ty can be used to verify whether a remote host can be reached via IP Time of day The traceroute utility can be used to print the route packets trace to a remote host Tcpdump The tcpdump utility genera...

Страница 177: ...he option Debug log or if you are interested in the boot log select Boot log Another way to see what is going on on the box is opening a SSH or Telnet session as root and typing tail log Furthermore t...

Страница 178: ...in case of any issues Various tools reside on this page for further analysis of potential con guration issues Figure 5 58 Tech Support File It is possible to trace any IP interface and inspect indivi...

Страница 179: ...ages shows an overview about installed keys and certi cates The following sec tions may appear Type Description Root CA The root Certi cate Authority CA which issues certi cates its key can be used to...

Страница 180: ...ate locally Generate key and certi cate locally on the box see 5 8 8 for more options upload les Key and certi cate will be uploaded We support les in PKCS12 PKCS7 PEM DER format as well as RSA DSS ke...

Страница 181: ...will be take into account Parameter Certi cate Con guration Organisation O The certi cate owner s organization Department OU The name of the organizational unit to which the certi cate issuer belongs...

Страница 182: ...can also be uploaded in one stroke by using the container format PKCS12 RSA DSS keys can be con verted from OpenSSH or Dropbear formats It is possible to specify the passphrase for opening the privat...

Страница 183: ...as used by SDK functions or when downloading con guration software images you might upload a list of CA certi cates which are considered trusted To obtain the CA certi cate from a particular site wit...

Страница 184: ...valid license to be present in the system some of them also depend on the mounted modules Please contact us for getting a valid license for available components and we will provide a license le based...

Страница 185: ...ress or implied To obtain the corresponding open source codes covered by these licenses please contact our technical support at router support netmodule com Acknowledgements This product includes PHP...

Страница 186: ...NB3000 Line Hd User Manual 4 2 5 9 LOGOUT Please use this menu to log out from the Web Manager 177...

Страница 187: ...ogout 6 1 General Usage When operating the CLI in interactive mode each entered command will be executed by the RETURN key You can use the Left and Right keys to move the current point between entered...

Страница 188: ...nd of the line CTRL y Yank the top of the deleted text into the buffer at point Please note that it can be required to apply quotes when entering commands with argu ments containing whitespaces 6 2 Pr...

Страница 189: ...configuration sections 6 4 Setting Con g Parameters The set command can be used to set con guration values set h Usage set hv parameter value parameter value Options v validate config parameter 6 5 C...

Страница 190: ...nnection status pptp PPTP connection status gre GRE connection status dialin Dial In connection status mobileip MobileIP status dio Digital IO status audio Audio module status can CAN module status ua...

Страница 191: ...rce update n don t reset missing config values with factory defaults s show update status Available update targets software Perform software update firmware Perform module firmware update config Updat...

Страница 192: ...Firewall and NAPT gpsd GPS daemon gre GRE connections ipsec IPsec connections lighttpd HTTP server link manager WAN links network Networking openvpn OpenVPN connections pptp PPTP connections qos QoS...

Страница 193: ...r wwanmd 6 13 Resetting System The reset command can be used to reset the router back to factory defaults reset h Usage reset h 6 14 Rebooting System The reboot command can be used to reboot the route...

Страница 194: ...This section describes the CLI PHP interface for Version 2 It accepts POST and GET requests Running with GET requests the general usage is de ned as follows Usage http s cli php key1 value1 key2 valu...

Страница 195: ...running command status arg0 h Please note that the status summary can be displayed without authentication Examples http 19 2 1 68 1 1 cli php version 2 output html usr admin pwd admin01 command status...

Страница 196: ...1 cli php version 2 output html usr admin pwd admin01 command set arg0 snmp status arg1 0 arg2 openvpn status arg3 1 restart Restart a system service Key usage command restart arg0 service Notes Avail...

Страница 197: ...2 168 1 254 user config zip http 19 2 1 68 1 1 cli php version 2 output html usr admin pwd admin01 command update arg0 license arg1 http 192 168 1 254 xxx lic http 19 2 1 68 1 1 cli php version 2 outp...

Страница 198: ...e encoded with 40 The E Mail client must be properly configured prior to using that function In case of stdout the downloaded techsupport file will be called download Examples http 19 2 1 68 1 1 cli p...

Страница 199: ...i es the SIM slot as seen on the front panel GNSSx Speci es a Global Navigation Satellite System module Mobilex Identi es a WWAN modem SERIALx Identi es a serial port OUTx Speci es a digital I O outpu...

Страница 200: ...a Network interfaces which are currently activated in the system FQDN Fully quali ed domain name ASU Arbitrary Strength Unit RSRP Referenz Signal Received Power RSRQ Reference Signal Received Quality...

Страница 201: ...02 gps down GPS signal is not available 401 openvpn up OpenVPN connection came up 402 openvpn down OpenVPN connection went down 403 ipsec up IPsec connection came up 404 ipsec down IPsec connection we...

Страница 202: ...port received SMS report has been received 701 call incoming A voice call is coming in 702 call outgoing Outgoing voice call is being established 801 ddns update succeeded Dynamic DNS update succeeded...

Страница 203: ...on guration The factory con guration including default values for any con guration parameter can be derived from the le etc config factory config cfg on the router You may also call cli get f paramete...

Страница 204: ...T UPDATED 201806261330 Z ORGANIZATION NetModule AG CONTACT INFO NetModule AG Switzerland DESCRIPTION MIB module which defines the NB router specific entities REVISION 201806261330 Z DESCRIPTION MIB fo...

Страница 205: ...only STATUS current DESCRIPTION The currently installed kernel version admin 2 serialNumber OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION The serial number of the d...

Страница 206: ...SCRIPTION The date and time when the alternative software shall be activated admin 13 configActivationDate OBJECT TYPE SYNTAX DateAndTime MAX ACCESS read write STATUS current DESCRIPTION The date and...

Страница 207: ...t be preceded by a valid prefix e g tftp sftp ftp https or http and point to the to be installed image admin 25 softwareUpdateStatus OBJECT TYPE SYNTAX INTEGER stored 0 succeeded 1 failed 2 inprogress...

Страница 208: ...IPTION Upload the current system logs to the specified URL the URL must be preceded by a valid prefix e g tftp sftp ftp https or http and point to the path where the system log shall be stored admin 4...

Страница 209: ...lity DisplayString wwanModemIndex OBJECT TYPE SYNTAX Integer32 0 254 MAX ACCESS not accessible STATUS current DESCRIPTION WWAN modem index nbWwanEntry 1 wwanModemName OBJECT TYPE SYNTAX DisplayString...

Страница 210: ...try 12 wwanRSRP OBJECT TYPE SYNTAX DisplayString UNITS dBm MAX ACCESS read only STATUS current DESCRIPTION The current Reference Signal Received Power LTE of the WWAN modem nbWwanEntry 13 wwanRSRQ OBJ...

Страница 211: ...layString gnssVerticalSpeed DisplayString gnssTrackAngle DisplayString gnssIndex OBJECT TYPE SYNTAX Integer32 0 254 MAX ACCESS not accessible STATUS current DESCRIPTION GNSS device index nbGnssEntry 1...

Страница 212: ...DESCRIPTION The current track angle value in degrees received by the GNSS device nbGnssEntry 11 NBWlanTable nbWlanTable OBJECT TYPE SYNTAX SEQUENCE OF NBWlanEntry MAX ACCESS not accessible STATUS cur...

Страница 213: ...able OBJECT TYPE SYNTAX SEQUENCE OF NBWlanStationEntry MAX ACCESS not accessible STATUS current DESCRIPTION A table shows current connected clients nb 61 nbWlanStationEntry OBJECT TYPE SYNTAX NBWlanSt...

Страница 214: ...ation nbWlanStationEntry 7 wlanStationInactive OBJECT TYPE SYNTAX Integer32 UNITS ms MAX ACCESS read only STATUS current DESCRIPTION The inactivity time of a connected station nbWlanStationEntry 8 NBW...

Страница 215: ...read only STATUS current DESCRIPTION WAN link since up nbWanEntry 4 wanLinkType OBJECT TYPE SYNTAX DisplayString MAX ACCESS read only STATUS current DESCRIPTION WAN link type nbWanEntry 5 wanLinkInter...

Страница 216: ...TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION WAN link download rate nbWanEntry 15 wanUploadRate OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION WA...

Страница 217: ...write STATUS current DESCRIPTION The update value for digital I O port OUT2 dio 11 NBSerialTable nbSerialTable OBJECT TYPE SYNTAX SEQUENCE OF NBSerialEntry MAX ACCESS not accessible STATUS current DES...

Страница 218: ...ad only STATUS current DESCRIPTION The number of frame errors on the serial port nbSerialEntry 6 serialOverrunErrors OBJECT TYPE SYNTAX Integer32 MAX ACCESS read only STATUS current DESCRIPTION The nu...

Страница 219: ...unter64 UNITS seconds MAX ACCESS read only STATUS current DESCRIPTION The uptime of the router when the SNMP trap occured nbTrapHistoryEntry 3 trapHistoryEvent OBJECT TYPE SYNTAX Integer32 MAX ACCESS...

Страница 220: ...events 402 ipsec up NOTIFICATION TYPE STATUS current DESCRIPTION IPsec connection came up events 403 ipsec down NOTIFICATION TYPE STATUS current DESCRIPTION IPsec connection went down events 404 pptp...

Страница 221: ...tem poweroff NOTIFICATION TYPE STATUS current DESCRIPTION System poweroff has been triggered events 509 system error NOTIFICATION TYPE STATUS current DESCRIPTION System is in error state events 510 sy...

Страница 222: ...DESCRIPTION USB Ethernet device has been added events 903 usb eth removed NOTIFICATION TYPE STATUS current DESCRIPTION USB Ethernet device has been removed events 904 usb serial added NOTIFICATION TY...

Страница 223: ...leeping host WakeOn Lan gps broadcast are This script sends the local GPS NMEA stream to a remote UDP server incl device identity gps monitor are A script for activating WLAN as soon as GPS position l...

Страница 224: ...read from the serial port serial tcp broadcast are This script reads messages coming from the serial port and forwards them via TCP to remote hosts and vice versa serial tcsetattr are This script can...

Страница 225: ...nsfer are This scripts stores the latest GNSS positions in a remote FTP le udp msg server are This script will run an UDP server which is able to receive mes sages and forward them as SMS E Mail udpcl...

Результаты поиска

Содержание NB3000-Line-Hd

Отзывы:

Похожие инструкции для NB3000-Line-Hd

Бренды по названию

Популярные бренды

NetModule NB3000-Line-Hd, Руководство пользователя

Результаты поиска

Содержание NB3000-Line-Hd

Отзывы:

Похожие инструкции для NB3000-Line-Hd

Бренды по названию

Популярные бренды