NetModule NB3000-Line-Hd User Manual
  1. Manuals
  2. Brands
  3. NetModule Manuals
  4. Network Router
  5. NB3000-Line-Hd
  6. User manual

NetModule NB3000-Line-Hd User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
NetModule Router NB3000-Line-Hd
User Manual for Software Version 4.2
Manual Version 1.12
NetModule AG, Switzerland
November 28, 2018

Advertisement

Table of Contents
loading

Related Manuals for NetModule NB3000-Line-Hd

Summary of Contents for NetModule NB3000-Line-Hd

  • Page 1 NetModule Router NB3000-Line-Hd User Manual for Software Version 4.2 Manual Version 1.12 NetModule AG, Switzerland November 28, 2018...
  • Page 2 The following description of software, hard- ware or process of NetModule or other third party provider may be included with your product and will be subject to the software, hardware or other license agreements.

  • Page 3: Table Of Contents

    Contents Welcome to NetModule ....... . . Conformity ........
  • Page 4 NB3000-Line-Hd User Manual 4.2 5.3.8. Digital I/O ........74 5.3.9.
  • Page 5 NB3000-Line-Hd User Manual 4.2 5.8.9. Licensing ........175 5.8.10.Legal Notice...
  • Page 6 List of Figures 5.1. Initial Login ........35 5.2.
  • Page 7 NB3000-Line-Hd User Manual 4.2 5.45. SSH and Telnet Server ....... . 135 5.46.
  • Page 8 ......10 3.3. NB3000-Line-Hd Status Indicators ......12 3.4.
  • Page 9 NB3000-Line-Hd User Manual 4.2 5.143. Certi cate Operations ....... . 171 A.1.

  • Page 10: Welcome To Netmodule

    1. Welcome to NetModule Thank you for purchasing a NetModule Router. This document should give you an introduc- tion to the router and its features. The following chapters describe any aspects of commis- sioning the device, installation procedure and provide helpful information towards con gu- ration and maintenance.

  • Page 11: Conformity

    • Changes made to the device or the use of non-authorized accessories will render the warranty null and void and potentially invalidate the operating license. • NetModule routers must not be opened (SIM cards may be used according to the instructions).
  • Page 12 NB3000-Line-Hd User Manual 4.2 Information about the device interfaces: • All systems that are connected to the NetModule router interfaces must meet the requirements for SELV (Safety Extra Low Voltage) systems. • Interconnections must not leave the building nor penetrate the body shell of a vehicle.

  • Page 13: Declaration Of Conformity

    • Exercise particular caution near personal medical aids, such as pacemakers and hearing aids. • The NetModule routers may also cause interference in the nearer distance of TV sets, radio receivers and personal computers. • Never perform work on the antenna system during a thunderstorm.

  • Page 14: Open Source Software

    NB3000-Line-Hd User Manual 4.2 2.5. Open Source Software We inform you that NetModule products may contain in part open-source software. We are distributing such open-source software to you under the terms of GNU General Public License (GPL) , GNU Lesser General Public License (LGPL)

  • Page 15: Speci Cations

    3. Speci cations 3.1. Appearance...

  • Page 16: Features

    NB3000-Line-Hd User Manual 4.2 3.2. Features The standard Type of the NB3000-Line-Hd router (with IP65 compliant case) is the NB3800 with following functionalities: • Galvanically isolated power supply • 2 Gbit Ethernet ports (M12, x-coded) • 3 Fast Ethernet ports (M12, d-coded) •...

  • Page 17: Environmental Conditions

    NB3000-Line-Hd User Manual 4.2 3.3. Environmental Conditions Parameter Rating Input Voltage (Variant Pa) 24 V to 60 V ( 30% / +5%) Input Voltage (Variant Pb) 72 V to 110 V ( 30% / +25%) Operating Temperature Range 40 C to +70 C •Up to 4 radio modules...

  • Page 18: Interfaces

    NB3000-Line-Hd User Manual 4.2 3.4. Interfaces 3.4.1. Overview Nr. Label Function LED Indicators LED Indicators for the different interfaces Reset Reboot and factory reset button SIM 1-4 SIM 1-4, they can be assigned dynamically to any modem by con- guration.

  • Page 19: Nb3000-Line-Hd Interfaces

    NB3000-Line-Hd User Manual 4.2 Nr. Label Function Earth protection connector, connected to the ground of the power supply V . If used, connect a yellow-green marked cable with at least 6 copper area. Avoid corrosion and protect the screws against loosening.

  • Page 20: Led Indicators

    NB3000-Line-Hd User Manual 4.2 3.4.2. LED Indicators Status LEDs The following table describes the NB3000-Line-Hd status indicators. Label Color State Function STAT blinking The device is busy due to startup, software or con gura- tion update. The device is ready. The captions of the top bank apply.

  • Page 21: Reset

    The color of the LED represents the signal quality for wireless links. red means low yellow means moderate green means good or excellent Table 3.3.: NB3000-Line-Hd Status Indicators Ethernet LEDs The following table describes the Ethernet status indicators. Label Color...

  • Page 22: Mobile

    NB3000-Line-Hd User Manual 4.2 3.4.4. Mobile The various variants of the NB3000-Line-Hd support up to 4 WWAN modules for mobile communication. Standard Bands Data rate 4G (LTE/FDD) B1(2100), B2(1900), B3(1800), B5(850), Downlink: 100 Mbit/s B7(2600), B8(900), B20(800) Uplink: 50 Mbit/s...

  • Page 23: Wlan

    Table 3.8.: WLAN Antenna Port Speci cation Note: WLAN antennas with a higher ampli cation may be used with the NetModule router "Enhanced-RF- Con guration" software license and the antenna gain and cable attenuation that have been correctly con g-...

  • Page 24: Gnss

    NB3000-Line-Hd User Manual 4.2 3.4.6. GNSS GNSS (Option G) The GNSS is used from a WWAN Module. Feature Speci cation Systems GPS/GLONASS Data stream JSON or NMEA Tracking sensitivity -154 dBm Supported antennas Active and passive Table 3.9.: GNSS Speci cations option G...

  • Page 25: Usb 2.0 Host Port

    NB3000-Line-Hd User Manual 4.2 3.4.7. USB 2.0 Host Port The USB 2.0 host port has the following speci cation: Feature Speci cation Speed Low, Full & Hi-Speed Current max. 500 mA Max. cable length Cable shield mandatory Connector type Type A Table 3.12.: USB 2.0 Host Port Speci cation...

  • Page 26: Pin Assignments Of 4 Poles Ethernet Connectors

    NB3000-Line-Hd User Manual 4.2 Pin Assignment on M12, 4 poles, D-coded female Signal Pinning Table 3.14.: Pin Assignments of 4 Poles Ethernet Connectors Pin Assignment on M12, 8 poles, X-coded female Signal Pinning Table 3.15.: Pin Assignments of 8 Poles Ethernet Connectors...

  • Page 27: Power Supply

    NB3000-Line-Hd User Manual 4.2 3.4.9. Power Supply Standard variant Pa (24 V to 60 V The power input has the following speci cations: Feature Speci cation Power supply nominal voltages 24 V , 36 V and 48 V (according to EN 50155)

  • Page 28: Power Input Speci Cations Variant Pb

    NB3000-Line-Hd User Manual 4.2 Variant Pb (72 V to 110 V The power input has the following speci cations: Feature Speci cation Power supply nominal voltages 72 V , 96 V and 110 V (according to EN 50155) Voltage range...

  • Page 29: Extension Connector

    3.4.10. Extension Connector Available Options The NB3000-Line-Hd has an M12 extension connector with 8 pins. The 8 pins are split into two logical ports: Pins 1 to 4 represent Extension Port 1 (EP1) and pin 5 to 8 represent Ex- tension Port 2 (EP2).

  • Page 30: Audio Port Speci Cation

    NB3000-Line-Hd User Manual 4.2 Audio Port Speci cation (Option A) The Audio port has the following speci cation: Feature Speci cation Protocol Audio Line In/Out Input impedance 44 kΩ, signal level 2 V Input bandwidth 100 Hz- 15 kHz Input galvanic isolation to enclo- functional (max.

  • Page 31: Can Port Speci Cation

    NB3000-Line-Hd User Manual 4.2 CAN Port Speci cation (Option C) The CAN port has the following speci cation: Feature Speci cation Protocol CAN V2.0B Speed Up to 1 Mbit/s Default: 125 kbit/s Galvanic isolation to enclosure 1500 V Internal bus termination...

  • Page 32: Ibis Port Speci Cation

    NB3000-Line-Hd User Manual 4.2 IBIS Port Speci cation (Option I) The IBIS port has the following speci cation: Feature Speci cation Protocol ’IBIS Wagenbus’, according to VDV300 and VDV301 Device type ’IBIS Peripheriegerät’, according to VDV300 and VDV301 Speed 1200 Baud...

  • Page 33: Non-Isolated Rs-232 Port Speci Cation

    NB3000-Line-Hd User Manual 4.2 Non-isolated 3-wire RS-232 Port Speci cation Option S The non-isolated 3-wire RS-232 port has the following speci cation (bold characters show the default con guration): Feature Speci cation Protocol 3-wire RS-232: GND, TXD, RXD Baud rate...

  • Page 34: Isolated Rs-232 Port Speci Cation

    NB3000-Line-Hd User Manual 4.2 Isolated 3-wire RS-232 Port Speci cation (Option Sb) The isolated 3-wire RS-232 port has the following speci cation (bold characters show the default con guration): Feature Speci cation Protocol 3-wire RS-232: GND, TXD, RXD Baud rate...

  • Page 35: Port Speci Cation

    NB3000-Line-Hd User Manual 4.2 RS-485 Port Speci cation (Option Sa) The RS-485 port has the following speci cation (bold characters show the default con gura- tion): Feature Speci cation Protocol 3-wire RS-485 (GND, A, B) Baud rate 600, 1 200, 2 400, 4 800, 9 600, 19 200,...

  • Page 36: Data Storage (Option Dx)

    1 TB SSD Table 3.32.: Storage Speci cations 3.6. Option NB3711 As an option the NB3000-Line-Hd routers can be con gured as NB3711 Type. In contrast to the NB3800 Type, this option has following limitations: • No Gigabit Ethernet ports •...

  • Page 37: Power Supply Nb3711

    NB3000-Line-Hd User Manual 4.2 3.6.1. Power Supply NB3711 Standard variant Pa (24 V to 60 V The power input has the following speci cations: Feature Speci cation Power supply nominal voltages 24 V , 36 V and 48 V (according to EN 50155)

  • Page 38: Power Input Speci Cations Nb3711 Variant Pb

    NB3000-Line-Hd User Manual 4.2 Variant Pb (50 V to 136 V The power input has the following speci cations: Feature Speci cation Power supply nominal voltages 72 V , 96 V and 110 V (according to EN 50155) Voltage range...

  • Page 39: Installation

    0.4Nm to get IP65 protection class. 4.2. Installation of the GSM/UMTS/LTE Antenna NetModule routers will only operate e ciently in the cellular network if there is a good sig- nal. A stub antenna will be suitable for most applications. However, in some circumstances...

  • Page 40: Installation Of The Wlan Antennas

    The following table shows how to connect the WLAN antennas. The number of attached an- tennas can be con gured with the NetModule router "Enhanced-RF-Con guration" software license. If only one antenna is used, it must be attached to the main port. However, for...

  • Page 41: Installation Of The Gnss Antenna

    • WLAN antennas may have an ampli cation of maximum 3dBi in the rele- vant frequency range. WLAN antennas with a higher ampli cation may be used with the NetModule router "Enhanced-RF-Con guration" software li- cense and the antenna gain and cable attenuation that have been correctly con gured by certi ed specialized personnel.

  • Page 42: Installation Of The Local Area Network

    The router is now ready for getting engaged. Attention: Only CE-compliant power supplies with a current-limited SELV out- put voltage range (for NetModule routers with "Pb" option with a correspond- ingly higher output voltage range and in accordance with appropriate compa-...

  • Page 43: Con Guration

    5.1. First Steps NetModule routers can be easily set up by using the HTTP-based con guration interface, called the Web Manager. It is supported by the latest web browsers (e.g. Microsoft Internet Explorer 11, Mozilla Firefox 28.0, Safari 7 and many others). Please ensure to have JavaScript turned on.

  • Page 44: Recovery

    NB3000-Line-Hd User Manual 4.2 as one that contains numbers, letters and punctuation characters). The password shall have a minimum length of 6 characters. It shall contain a minimum of 2 numbers and 2 letters. Figure 5.1.: Initial Login Please note that the admin password will be also applied for the root user which can be used to access the device via the serial console, telnet, SSH or to enter the bootloader.
  • Page 45 NB3000-Line-Hd User Manual 4.2 connection (115200 8N1) attached to the serial port of your local computer. You will also see the kernel messages at bootup there. 3. Recovery Image: In severe cases we can provide a recovery image on demand which can be loaded into RAM via TFTP and executed.

  • Page 46: Home

    NB3000-Line-Hd User Manual 4.2 5.2. HOME This page provides a status overview of enabled features and connections. Figure 5.2.: Home Summary This page offers a short summary about the administrative and operational status of the router’s interfaces. This page offers details about any enabled Wide Area Network (WAN) links (such as the IP addresses, network information, signal strength, etc.) The information about the amount of...
  • Page 47 NB3000-Line-Hd User Manual 4.2 GNSS This page displays the position status values, such as latitude/longitude, the satellites in view and more details about the used satellites. Ethernet This page shows information about the Ethernet interfaces and packet statistics information. This page shows information about the LAN interfaces plus the neighborhood information.
  • Page 48 NB3000-Line-Hd User Manual 4.2 System Status The system status page displays various details of your NB3000-Line-Hd router, including system details, information about mounted modules and software release information. This section will list all webpages generated by SDK scripts.

  • Page 49: Interfaces

    NB3000-Line-Hd User Manual 4.2 5.3. INTERFACES 5.3.1. WAN Link Management Depending on your hardware model, WAN links can be made up of either Wireless Wide Area Network (WWAN), Wireless LAN (WLAN), Ethernet or PPP over Ethernet (PPPoE) connections. Please note that each WAN link has to be con gured and enabled in order to appear on this page.
  • Page 50 NB3000-Line-Hd User Manual 4.2 In general, a link will be only dialed or declared as up if the following prerequisites are met: Condition WWAN WLAN PPPoE Modem is registered Registered with valid service type Valid SIM state Su cient signal strength...
  • Page 51 If WLAN client, the LAN interface to which the WAN link should be bridged. NetModule routers provide a feature called IP pass-through (aka Drop-In mode). If enabled, the WAN address will be be passed-through to the rst DHCP client of the speci ed LAN interface.
  • Page 52 NB3000-Line-Hd User Manual 4.2 Parameter IP Pass-Through Settings Interface Speci es the interface on which the address shall be passed- through WAN network Speci es the WAN network WAN netmask Speci es the WAN netmask...

  • Page 53: Wan Settings

    NB3000-Line-Hd User Manual 4.2 WAN Settings This page can be used to con gure WAN speci c settings like the Maximum Segment Size (MSS). The MSS corresponds to the largest amount of data (in bytes) that the router can handle in a single, unfragmented TCP segment. In order to avoid any negative side effects the number of bytes in the data segment and the headers must not add up to more than the number of bytes in the Maximum Transmission Unit (MTU).

  • Page 54: Link Supervision

    NB3000-Line-Hd User Manual 4.2 Supervision Network outage detection on a per-link basis can be performed by sending pings on each link to some authoritative hosts. A link will be declared as down in case all trials have failed and only as up if at least one host can be reached.
  • Page 55 NB3000-Line-Hd User Manual 4.2 Parameter Supervision Settings Retry interval The interval in seconds at which pings are re-transmitted in case a rst ping failed Max. number of failed tri- The maximum number of failed ping trials until the link will be...

  • Page 56: Ethernet

    NB3000-Line-Hd User Manual 4.2 5.3.2. Ethernet ETH1 usually forms the LAN1 interface which should be used for LAN purposes. Other inter- faces can be used to connect other LAN segments or for con guring a WAN link. The LAN10 interface will be available as soon as a pre-con gured USB Ethernet device has been plugged Ethernet Port Assignment Figure 5.6.: Ethernet Ports...

  • Page 57: Ethernet Link Settings

    VLAN Management NetModule routers support Virtual LAN according to IEEE 802.1Q which can be used to cre- ate virtual interfaces on top of an Ethernet interface. The VLAN protocol inserts an additional header to Ethernet frames carrying a VLAN Identi er (VLAN ID) which is used for distributing the packets to the associated virtual interface.

  • Page 58: Vlan Management

    NB3000-Line-Hd User Manual 4.2 Figure 5.8.: VLAN Management In order to form a distinctive subnet, the network interface of a remote LAN host must be con gured with the same VLAN ID as de ned on the router. Further, 802.1P introduces a priority eld which in uences packet scheduling in the TCP/IP stack.

  • Page 59: Lan Ip Con Guration

    NB3000-Line-Hd User Manual 4.2 IP Settings This page can be used to con gure IP addressing for your LAN/WAN Ethernet interfaces. In addition to the primary IP address/subnet mask you may de ne an additional IP address alias on the interface.
  • Page 60 NB3000-Line-Hd User Manual 4.2 When running in WAN mode, the interface may be con gured with the following settings: Parameter WAN IP Settings WAN mode The WAN operation mode, de nes whether the interface should run as DHCP client, statically con gured or over PPPoE.

  • Page 61: Mobile

    NB3000-Line-Hd User Manual 4.2 5.3.3. Mobile Modems Con guration This page lists all available WWAN modems. They can be disabled on demand. Query This page allows you to send Hayes AT commands to the modem. Besides the 3GPP-conforming AT command-set further modem-speci c commands can be applicable which we can provide on demand.
  • Page 62 NB3000-Line-Hd User Manual 4.2 Under some circumstances (e.g. in case the modem aps between base stations) it might be necessary to set a speci c service type or assign a xed operator. The list of operators around can be obtained by initiating a network scan (may take up to 60 seconds). Further details can be retrieved by querying the modem directly, a set of suitable commands can be provided on request.
  • Page 63 NB3000-Line-Hd User Manual 4.2 Con guration A SIM card is generally assigned to a default modem but might be switched, for instance if you set up two WWAN interfaces with one modem but different SIM cards. Close attention has to be paid when other services (such as SMS or Voice) are operating on that modem, as a SIM switch will naturally affect their operation.

  • Page 64: Wwan Interfaces

    NB3000-Line-Hd User Manual 4.2 WWAN Interfaces This page can be used to manage your WWAN interfaces. The resulting link will pop up automatically as WAN link once an interface has been added. Please refer to chapter 5.3.1 for how to manage them.
  • Page 65 NB3000-Line-Hd User Manual 4.2 Generally, the connection settings are derived automatically as soon as the modem has registered and the network provider has been found in our database. Otherwise, it will be required to con gure the following settings manually:...

  • Page 66: Wlan

    NB3000-Line-Hd User Manual 4.2 5.3.4. WLAN WLAN Management In case your router is shipping with a WLAN (or Wi-Fi) module you can operate it either as client, access point, mesh point or certain dual modes. As a client it can create an additional WAN link which for instance can be used as backup link.

  • Page 67: Ieee 802.11 Network Standards

    20 MHz 11 Mbit/s 802.11g 2.4 GHz 20 MHz 54 Mbit/s 802.11n 2.4/5 GHz 20/40 MHz 300 Mbit/s 802.11ac 5 GHz 20/40/80 MHz 866.7 Mbit/s Table 5.19.: IEEE 802.11 Network Standards Only available for NetModule Routers NB2800, NB3701, NB3711 and NB3800...
  • Page 68 Radio band Selects the radio band to be used for connections, depending on your module it could be 2.4 or 5 GHz Channel Speci es the channel to be used Note: NetModule Routers with 802.11n and 802.11ac support 2x2 MIMO...
  • Page 69 NB3000-Line-Hd User Manual 4.2 Prior to setting up an access point, it is always a good idea to run a network scan for getting a list of neighboring WLAN networks and then choose the less interfering channel. Please note that two adequate channels are required for getting good throughputs with 802.11n and a bandwidth of 40 MHz.

  • Page 70: Wlan Con Guration

    NB3000-Line-Hd User Manual 4.2 Running in access-point mode you can create up to 4 SSIDs with each running their own network con guration. The networks can be individually bridged to a LAN interface or oper- ate as dedicated interface in routing-mode.
  • Page 71 NB3000-Line-Hd User Manual 4.2 This section can be used to con gure security-related settings. Parameter WLAN Access-Point Con guration SSID The network name (called SSID) Security mode The desired security mode WPA/WPA2 mixed mode WPA2 should be preferred over WPA1, running WPA/WPA2 mixed-mode offers both.
  • Page 72 NB3000-Line-Hd User Manual 4.2 Running in mesh point mode, it is possible to connect to one or more mesh points within the mesh network at the same time. The system will automatically join the wireless net- work, connect to the other mesh partners with the same ID and sercurtiy credentials. The authentication credentials have to be obtained by the operator of the mesh network.
  • Page 73 NB3000-Line-Hd User Manual 4.2 The following security modes can be con gured: Parameter WLAN Mesh-Point Security Modes MESHID is disabled None No authentication, provides an open network SAE (Simultaneous Authentication of Equals) is a secure password-based authentication and key establishment proto-...

  • Page 74: Wlan Ip Con Guration

    NB3000-Line-Hd User Manual 4.2 WLAN IP Settings This section lets you con gure the TCP/IP settings of your WLAN network. A client interface can be run over DHCP or with a statically con gured address and default gateway. Figure 5.14.: WLAN IP Con guration The access point networks can be bridged to any LAN interface for letting WLAN clients and Ethernet hosts operate in the same subnet.

  • Page 75: Software Bridges

    NB3000-Line-Hd User Manual 4.2 5.3.5. Software Bridges Software bridges can be used to bridge layer-2 devices like OpenVPN TAP, GRE or WLAN interfaces without the need for a physical LAN interface. Bridge Settings This page can be used to enable/disable software bridges.

  • Page 76: Usb

    NB3000-Line-Hd User Manual 4.2 5.3.6. USB NetModule routers ship with a standard USB host port which can be used to connect a storage, network or serial USB device. Please contact our support in order to get a list of supported devices.

  • Page 77: Usb Device Management

    NB3000-Line-Hd User Manual 4.2 Please note that some USB devices behave latency-sensitive which may raise problems when operating over a slow IP connection. Some devices may generally not work with the USB/IP driver. Please contact our support in case of compatibility issues.
  • Page 78 NB3000-Line-Hd User Manual 4.2 USB Autorun This feature can be used to automatically launch a shell script or perform a software/con g update as soon as an USB storage stick has been plugged in. For authentication, a le called autorun.key must exist in the root directory of a FAT16/32 formatted stick. It can be down- loaded from that page and holds the SHA256 hash key of the admin password.

  • Page 79: Serial Port

    NB3000-Line-Hd User Manual 4.2 5.3.7. Serial Port This page can be used to manage your serial ports. A serial port can be used by: Parameter Serial Port Usage none The serial port is not used login console The serial port is used to open a console which can be accessed with a serial terminal client from the other side.

  • Page 80: Serial Port Settings

    NB3000-Line-Hd User Manual 4.2 Running a device server, the following settings can be applied: Figure 5.18.: Serial Port Settings Parameter Serial Settings Physical protocol Selects the desired physical protocol on the serial port Baud rate Speci es the baud rate run on the serial port...
  • Page 81 NB3000-Line-Hd User Manual 4.2 Parameter Serial Settings You may choose the IP protocols Telnet or TCP raw for the Protocol on TCP/IP device server Port The TCP port for the device server Timeout The timeout until a client is declared as disconnected...
  • Page 82 NB3000-Line-Hd User Manual 4.2 When running the serial port as AT modem emulator the following settings can be applied: Parameter Serial Port Settings Physical protocol Selects the desired physical protocol on the serial port Baud rate Speci es the baud rate run on the serial port...

  • Page 83: Digital I/O

    NB3000-Line-Hd User Manual 4.2 5.3.8. Digital I/O The Digital I/O page displays the current status of the I/O ports and can be used to turn output ports on or off. Figure 5.19.: Digital I/O Ports You can apply the following settings:...

  • Page 84: Audio

    NB3000-Line-Hd User Manual 4.2 5.3.9. Audio Audio Administration This page can be used to pre-con gure the audio module. It can be later used for the voice gateway. It can be con gured as follows: Parameter Audio Settings Volume level...

  • Page 85: Gnss

    NB3000-Line-Hd User Manual 4.2 5.3.10. GNSS Administration The GNSS page lets you enable or disable the GNSS modules present in the system and can be used to con gure the daemon that can be used to share access to receivers without contention or loss of data and to respond to queries with a format that is substantially easier to parse than the NMEA 0183 emitted directly by the GNSS device.
  • Page 86 NB3000-Line-Hd User Manual 4.2 Position This pages provides further information about the satellites in view and values derived from them: Parameter GNSS Information Latitude The geographic coordinate specifying the north-south position Longitude The geographic coordinate specifying the east-west position Altitude...
  • Page 87 NB3000-Line-Hd User Manual 4.2 Parameter GNSS Supervision Emergency action The corresponding emergency action. You can either let just restart the server, which will also re-initialize the GPS function on the module, or reset the module in severe cases. Please note that this may have effects on any running WWAN/SMS...

  • Page 88: Routing

    NB3000-Line-Hd User Manual 4.2 5.4. ROUTING 5.4.1. Static Routes This menu shows all routing entries of the system. They are typically formed by an ad- dress/netmask couple (represented in IPv4 dotted decimal notation) which specify the des- tination of a packet. The packets can be directed to either a gateway or an interface or both.

  • Page 89: Static Route Flags

    NB3000-Line-Hd User Manual 4.2 Parameter Static Route Con guration Destination The destination address of a packet Netmask The subnet mask which forms, in combination with the des- tination, the network to be addressed. A single host can be speci ed by a netmask of 255.255.255.255, a default route cor- responds to 0.0.0.0.

  • Page 90: Extended Routing

    NB3000-Line-Hd User Manual 4.2 5.4.2. Extended Routing Extended routes can be used to perform policy-based routing, they generally precede static routes. Figure 5.21.: Extended Routing In contrast to statis routes, extended routes can be made up, not only of a destination address/netmask, but also a source address/netmask, incoming interface and the type of service (TOS) of packets.

  • Page 91: Multipath Routes

    NB3000-Line-Hd User Manual 4.2 5.4.3. Multipath Routes Multipath routes will perform weighted IP-session distribution for particular subnets across multiple interfaces. Figure 5.22.: Multipath Routes At least two interfaces have to be de ned to establish multipath routing. Additional inter- faces can be added by pressing the plus sign.

  • Page 92: Mobile Ip

    Cisco 2900 Series home agent implementation has been veri ed. However, since NetModule routers implement a mobile node as well as a home agent, a MIP network with up to 10 mobile nodes can be imple- mented without requiring expensive third party routers.
  • Page 93 NB3000-Line-Hd User Manual 4.2 Parameter Mobile IP Con guration The Security Parameter Index (SPI) identifying the security context for the mobile IP tunnel between the mobile node and the home agent. This is used to distinguish mobile nodes from each other. Therefore each mobile node needs to be assigned a unique SPI.

  • Page 94: Mobile Ip

    NB3000-Line-Hd User Manual 4.2 If MIP is run as a home agent, you will have to set up a home address and network mask for the home agent rst. Then you will need to add the con guration for all mobile nodes which is made up of the following settings: Figure 5.23.: Mobile IP...

  • Page 95: Quality Of Service

    NB3000-Line-Hd User Manual 4.2 5.4.5. Quality Of Service NetModule routers are able to prioritize and shape certain kinds of IP tra c. This is currently limited on egress, which means that only outgoing tra c can be stipulated. The current QoS solution is using Stochastic Fairness Queueing (SFQ) classes in combination with Hierarchy Token Bucket (HTB) qdiscs.
  • Page 96 NB3000-Line-Hd User Manual 4.2 In case an interface has been activated, the system will automatically create the following queues: Parameter QoS Default Queues high A high priority queue which may hold any latency-critical ser- vices (such as VoIP) default A default queue which will handle all other services...

  • Page 97: Multicast

    5.4.6. Multicast Multicast routing (MCR) can be con gured and managed by a daemon. Only one MCR dae- mon can be used at a time. NetModule routers ship with two different MCR daemons to select from depending on your dependencies: Parameter...

  • Page 98: Ospf

    NB3000-Line-Hd User Manual 4.2 5.4.7. OSPF The OSPF tab allows the NetModule router to be added to a network of OSPF routers. Parameter OSPF General Settings OSPF status Speci es whether the OSPF routing protocol is active Redistribute connected Redistribute routes to networks which are directly connected...

  • Page 99: Bgp

    NB3000-Line-Hd User Manual 4.2 5.4.8. BGP The BGP tab allows to set up peerings of the NetModule router with other Border Gateway Protocol enabled routers. Parameter BGP General Settings BGP status Speci es whether the BGP routing protocol is active...

  • Page 100: Firewall

    NB3000-Line-Hd User Manual 4.2 5.5. FIREWALL 5.5.1. Administration NetModule routers use Linux’s net lter/iptables rewall framework http://www.netfilter.org (see for more information) which supports stateful inspection, that is, granting the same permissions for inherited connections within an IP session (e.g. FTP which builds up a control and data connection).

  • Page 101: Rules

    NB3000-Line-Hd User Manual 4.2 5.5.3. Rules In general, the rewall is set up of a range of rules which control each packet’s permission to pass the router. Please note that the rules are processed by order, that means traversing the list from top to bottom until a matching rule is found. Packets which are not matching any of the rules con gured will be ALLOWED.
  • Page 102 NB3000-Line-Hd User Manual 4.2 Parameter Firewall Rule Con guration Protocol The used IP protocol of matching packets (UDP, TCP or ICMP) Destination port(s) The destination port of matching packets, which can be speci- ed by a single port or a range of ports (only UDP/TCP).

  • Page 103: Napt

    NB3000-Line-Hd User Manual 4.2 5.5.4. NAPT This page can be used to con gure Network Address and Port Translation (NAPT) for packets traversing the system. NAPT hereby modi es IP addresses or/and TCP/UDP ports in match- ing IP packets. By tracking those connections, it will also automatically adjust the returning packets of an IP session.

  • Page 104: Inbound Napt

    NB3000-Line-Hd User Manual 4.2 NAPT Inbound Rules Inbound rules can be used to modify the target section of IP packets and, for instance, forward a service or port to an internal host. By doing so, you can expose that service and make it available from the Internet.
  • Page 105 NB3000-Line-Hd User Manual 4.2 Parameter Inbound NAPT Rules Ports The used UDP/TCP port of matching packets Redirect to The address to which matching packets shall be redirected Redirect port The port to which matching packets will be redirected Select mapping context according to your needs:...

  • Page 106: Vpn

    NB3000-Line-Hd User Manual 4.2 5.6. VPN 5.6.1. OpenVPN OpenVPN Administration Figure 5.28.: OpenVPN Administration...

  • Page 107: Openvpn Con Guration

    NB3000-Line-Hd User Manual 4.2 Tunnel Con guration NetModule routers support one single server tunnel and up to four client tunnels. You can specify tunnel parameters either in standard con guration or upload an expert mode le which has been created in advance. Refer to chapter 5.6.1...
  • Page 108 NB3000-Line-Hd User Manual 4.2 If the tunnel is operated in client mode, the following settings can be applied: Parameter OpenVPN Client Con guration Peer selection Speci es how the remote peer shall be selected, besides a sin- gle server you may con gure multiple servers which can, in case of failures, either be selected sequently (i.e.
  • Page 109 NB3000-Line-Hd User Manual 4.2 The following further options can be applied: Parameter OpenVPN Options use compression Enable or disable LZO packet compression use keepalive Can be used to send a periodic keepalive packet in order to keep the tunnel up despite of inactivity...
  • Page 110 NB3000-Line-Hd User Manual 4.2 OpenVPN Expert Con guration (Server) A server tunnel typically requires the following les: Parameter Server Expert Files server.conf OpenVPN con guration le ca.crt Root certi cate authority le server.crt Certi cate le server.key Private key le dh1024.pem...

  • Page 111: Openvpn Client Management

    NB3000-Line-Hd User Manual 4.2 Client Management Once you have successfully set up an OpenVPN server tunnel, you can manage and enable clients connecting to your service. Currently connected clients can be seen on this page, including the connect time and IP address. You may kick connected clients by disabling them.

  • Page 112: Ipsec

    NB3000-Line-Hd User Manual 4.2 5.6.2. IPsec IPsec is a protocol suite for securing IP communications by authenticating and encrypting each packet of a communication session and thus establishing a secure virtual private net- work. IPsec includes various cryptographic protocols and ciphers for key exchange and data en- cryption and can be seen as one of the strongest VPN technologies in terms of security.

  • Page 113: Ipsec Administration

    NB3000-Line-Hd User Manual 4.2 Administration Figure 5.31.: IPsec Administration This page can be used to enable/disable IPsec, you may also specify whether NAT-Traversal should be used. NAT-Traversal is mainly used for connections which traverse a path where a router modi es the IP address/port of packets.

  • Page 114: Ipsec Con Guration

    NB3000-Line-Hd User Manual 4.2 Con guration Figure 5.32.: IPsec Con guration General For setting up the tunnel you will have to con gure the following parameters rst: Parameter IPsec General Settings Remote peer IP address or host name of the remote IPsec peer. You may specify 0.0.0.0 to act as a responder for roadwarrior clients.
  • Page 115 Restart the peer. IKE Authentication NetModule routers support IKE authentication through pre-shared keys (PSK) or certi cates within a public key infrastructure. Extended Authentication (XAUTH) leverages RADIUS-like authentication and can be used to apply user level access control over IPSec.
  • Page 116 NB3000-Line-Hd User Manual 4.2 IKE Proposal This section can be used to con gure the phase 1 settings: Parameter IPsec IKE Proposal Settings Choose the desired negotiation mode. Preferably, main mode Negotiation mode should be used but aggressive mode might be applicable when dealing with dynamic endpoint addresses.
  • Page 117 NB3000-Line-Hd User Manual 4.2 Networks When creating Security Associations, IPsec will keep track of routed networks within the tun- nel. Packets will be only transmitted when a valid SA with matching source and destination network is present. Therefore, you may need to specify the networks right and left of the...

  • Page 118: Pptp

    NB3000-Line-Hd User Manual 4.2 5.6.3. PPTP The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks between two hosts. PPTP is easy to con gure and widely deployed amongst Mi- crosoft Dial-up networking servers. However, due to its weak encryption algorithms, it is nowadays considered insecure but it still provides a straightforward way for establishing tunnels.

  • Page 119: Pptp Tunnel Con Guration

    NB3000-Line-Hd User Manual 4.2 Figure 5.34.: PPTP Tunnel Con guration Setting up a server requires the following settings: Parameter PPTP Server Settings Listen address Speci es on which IP address should be listened for incoming client connections Server address The server address within the tunnel...

  • Page 120: Pptp Client Management

    NB3000-Line-Hd User Manual 4.2 PPTP Client Management PPTP clients for a server tunnel need to be con gured here. They are made up of user-name and password. A xed IP address can be assigned to them which can be used to point any routes to a dedicated tunnel.

  • Page 121: Gre

    NB3000-Line-Hd User Manual 4.2 5.6.4. GRE The Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over IP. GRE is de ned in RFC 1701, 1702 and 2784. It does not provide encryption nor authorization but can be used on an address-basis on top of other VPN techniques (such as IPsec) for tunneling purposes.

  • Page 122: Dial-In

    NB3000-Line-Hd User Manual 4.2 5.6.5. Dial-In On this page you can con gure the Dial-In server in order to establish a data connection over GSM calls. Thus, one would generally apply a required service type of 2G-only, so that the modem registers to GSM only. Naturally, a concurrent use of outgoing WWAN interfaces and Dial-In connection is not possible.
  • Page 123 NB3000-Line-Hd User Manual 4.2 Please note that Dial-In connections are generally discouraged. As they are implemented as GSM voice calls, they suffer from unreliability and poor bandwidth.

  • Page 124: Services

    5.7. SERVICES 5.7.1. SDK NetModule routers are shipping with a Software Development Kit (SDK) which offers a sim- ple and fast way to implement customer-speci c functions and applications. It consists of: 1. An SDK host which de nes the runtime environment (a so-called sandbox), that is,...
  • Page 125 NB3000-Line-Hd User Manual 4.2 SDK API Functions The current range of API functions can be used to implement the following features: 1. Send/Retrieve SMS 2. Send E-mail 3. Read/Write from/to serial device 4. Control digital input/output ports 5. Run TCP/UDP servers 6.
  • Page 126 NB3000-Line-Hd User Manual 4.2 Let’s now pay some attention to the very powerful API function nb_status. It can be used to query the router’s status values in the same manner as they can be shown with the CLI. It returns a structure of variables for a speci c section (a list of available sections can be obtained by running cli status -h).
  • Page 127 NB3000-Line-Hd User Manual 4.2 Here is an example how one might adopt those functions: /* check current city and enable the second WAN link */ location = nb_status ( " location " ( location ) { city = struct_get ( location , "...

  • Page 128: Sdk Administration

    NB3000-Line-Hd User Manual 4.2 Administration Figure 5.37.: SDK Administration This page can be used to control the SDK host and apply the following settings: Parameter SDK Administration Settings Administrative status Speci es whether SDK scripts should run or not Storage The storage device on which the sandbox shall be stored (see chapter 5.8.1)

  • Page 129: Sdk Jobs

    NB3000-Line-Hd User Manual 4.2 Job Management Figure 5.38.: SDK Jobs This page can be used to set up scripts, triggers and jobs. It is usually a good idea to create a trigger rst which is made up by the following parameters:...
  • Page 130 NB3000-Line-Hd User Manual 4.2 Parameter SDK Script Parameters Arguments An optional set of arguments passed to the script (supports quoting) Action You may either edit a script, upload it to the system or select one of the example scripts or an already uploaded script...
  • Page 131 NB3000-Line-Hd User Manual 4.2 Testing The testing page offers an editor and an input eld for optional arguments which can be used to perform test runs of your script or test dedicated portions of it or upload an entire le. Please note that you might need to quote arguments as they will otherwise be separated by white-spaces.

  • Page 132: Sms Control Commands

    NB3000-Line-Hd User Manual 4.2 The following commands are supported: Command Action status Will reply a message to the sender including a short system overview connect Will enable the rst WAN link con gured on the system disconnect Will disable the rst WAN link con gured on the system...

  • Page 133: Dhcp Server

    NB3000-Line-Hd User Manual 4.2 5.7.2. DHCP Server This section can be used to individually con gure the Dynamic Host Con guration Protocol (DHCP) service for each LAN interface which will serve dynamic IP addresses to hosts in the local network. You may also have a look to the status page where you can nd an overview about negotiated client addresses.
  • Page 134 NB3000-Line-Hd User Manual 4.2 Parameter DHCP Server Settings Persistent leases By turning on this option the router will remember issued leases even after a reboot. This can be used to ensure that the same IP address will be assigned to a particular host.

  • Page 135: Dns Server

    NB3000-Line-Hd User Manual 4.2 5.7.3. DNS Server The DNS server can be used to proxy DNS requests towards servers on the net which have for instance been negotiated during WAN link negotiation. By pointing DNS requests to the router, one can reduce outbound DNS tra c as it is caching already resolved names but it can be also used for serving xed addresses for particular host names.
  • Page 136 NB3000-Line-Hd User Manual 4.2 You may further con gure static hosts for serving xed IP addresses for various host names. Parameter DNS Static Hosts Settings Address The IP address of the static host Hostname The hostname of the static host...

  • Page 137: Ntp Server

    NB3000-Line-Hd User Manual 4.2 5.7.4. NTP Server This section can be used to individually con gure the Network Time Protocol (NTP) server function. Figure 5.41.: NTP Server The following settings for each interface can be applied then: Parameter NTP Server Settings...

  • Page 138: Dynamic Dns

    We provide support for a bunch of common DynDNS operators but it is also possible to de ne a custom update URL. Please note that your NetModule router can operate as DynDNS server on its own, provided that you have your hosts pointed to the DNS service of the router.
  • Page 139 NB3000-Line-Hd User Manual 4.2 A DynDNS service can receive the following parameters: Parameter Dynamic DNS Settings Provider You can choose one of the listed providers or provide a custom Dynamic address Speci es whether the address is derived from the hot-link or...

  • Page 140: E-Mail

    NB3000-Line-Hd User Manual 4.2 5.7.6. E-Mail The E-Mail client can be used to send noti cations to a particular E-Mail address upon certain events or by SDK scripts. Figure 5.43.: E-Mail Settings It can be enabled by applying the following settings.

  • Page 141: Events

    NB3000-Line-Hd User Manual 4.2 5.7.7. Events By using the event manager you can notify remote systems about system events. A noti ca- tion can be sent using E-Mail, SMS or SNMP traps. Parameter Event Noti cation Settings E-Mail address The E-Mail address to which the noti cation shall be sent (E-...

  • Page 142: Sms

    5.7.8. SMS Administration NetModule routers can receive or send short messages (SMS) if enabled by your SIM provider. Messages are received/sent by the modem which has been assigned to a SIM, so one has to properly con gure a SMS-capable default modem as described in chapter 5.3.3.

  • Page 143: Sms Number Expressions

    NB3000-Line-Hd User Manual 4.2 Parameter SMS SIM Con guration SMS gateway The service center number for sending short messages. It is generally retrieved automatically from your SIM card but you may de ne a x number here. Routing & Filtering By using SMS routing you can specify outbound rules which will be applied whenever mes- sage are sent.

  • Page 144: Ssh/Telnet Server

    NB3000-Line-Hd User Manual 4.2 5.7.9. SSH/Telnet Server Apart from the Web Manager, the SSH and Telnet services can be used to log into the system. Valid users include root and admin as well as additional users as they can be created in the User Accounts section.
  • Page 145 NB3000-Line-Hd User Manual 4.2 The following parameters can be applied to the SSH service: Parameter SSH Server Settings Administrative status Whether the SSH service is enabled or disabled Server port The TCP port of the service (usually 22) Disable admin login...

  • Page 146: Snmp Agent

    NB3000-Line-Hd User Manual 4.2 5.7.10. SNMP Agent NetModule routers are equipped with an SNMP daemon, supporting basic MIB tables (such as ifTable), plus additional enterprise MIBs to manage multiple systems. Parameter Supported MIBs .1.3.6.1.2.1 MIB-II (RFC1213), SNMPv2-MIB (RFC3418) .1.3.6.1.2.1.2.1 IF-MIB (RFC2863) .1.3.6.1.2.1.4...

  • Page 147: Snmp Agent

    NB3000-Line-Hd User Manual 4.2 SNMP Con guration Figure 5.46.: SNMP Agent The following parameters can be used to con gure the SNMP agent: Parameter SNMP Con guration Administrative status Enable or disable the SNMP agent Operation mode Speci es if agent should run in compatibilty mode or for SN-...
  • Page 148 NB3000-Line-Hd User Manual 4.2 SNMP Authentication When running in SNMPv3, it is possible to con gure the following authentication settings: Parameter SNMPv3 Authentication Authentication De nes the authentication (MD5 or SHA) Encryption De nes the privacy protocols to use (DES or AES) In general, the admin user can read and write any values.
  • Page 149 NB3000-Line-Hd User Manual 4.2 Getting the current con g description: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1 1.3.6.1.4.1.31496.10.40.4.0 Getting the current con g hash: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1...
  • Page 150 NB3000-Line-Hd User Manual 4.2 Switching to alternative software: snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1 1.3.6.1.4.1.31496.10.40.16.0 i 0 The return value can be derived from the software update status. Switching to alternative con g: snmpset -v 3 -u admin -n ""...

  • Page 151: Web Server

    NB3000-Line-Hd User Manual 4.2 5.7.11. Web Server This page can be used to con gure different ports for accessing the Web Manager via HTTP/HTTPS. We strongly recommend to use HTTPS when accessing the web service via a WAN interface as the communication will be encrypted and thus avoids any misuse of the system.

  • Page 152: Discovery

    NB3000-Line-Hd User Manual 4.2 5.7.12. Discovery This page can be used to enabled discovery protocols which can be used to discover and to get discovered by other hosts. Parameter Discovery Con guration Administrative status Administrative status Enabled protocols List of enabled discovery protocols...

  • Page 153: Redundancy

    NB3000-Line-Hd User Manual 4.2 5.7.13. Redundancy This page can be used to set up a redundant pair of NetModule routers (or other systems) by running the Virtual Router Redundancy Protocol (VRRP) between them. A typical VRRP scenario de nes a rst host playing the master and another the backup device, they both de ne a virtual gateway IP address which will be distributed by gratuitous ARP messages for updating the ARP cache of all LAN hosts and thus redirecting the packets accordingly.
  • Page 154 NB3000-Line-Hd User Manual 4.2 Parameter Redundancy Con guration Interface Interface on which VRRP should be performed Virtual gateway address The virtual gateway address formed by the participating hosts We assign a priority of 100 to the master and 1 to the backup router. Please adapt the...

  • Page 155: Voice Gateway

    NB3000-Line-Hd User Manual 4.2 5.7.14. Voice Gateway Depending on your hardware, you can set up a voice gateway on the router which can be used to connect mobile calls to VoIP clients and vice versa. Administration Figure 5.49.: Voice Gateway Administration...
  • Page 156 NB3000-Line-Hd User Manual 4.2 Parameter Voice Gateway Administration Settings SIP register expires Speci es the registration interval in seconds In case you are running multiple WWAN interfaces sharing the same SIM, please bear in mind that the system may switch SIMs during operation which will also result in different settings for voice communication.
  • Page 157 NB3000-Line-Hd User Manual 4.2 Parameter Voice-Over-Mobile Audio Pro les Speakerphone Handle situations of loud echo with extreme acoustic distor- tion. This mode is intended for use with a car kit or speakerphone applications with high volume and high distortion. Acoustic echo in this situation has negative ERL and is impossible to cancel completely.
  • Page 158 NB3000-Line-Hd User Manual 4.2 Parameter Endpoint Settings SIP (user-agent) Domain The domain name used at the registrar Subscriber The subscriber name used at the registrar Username The username to authenticate at the registrar Password The password used for autentication Register...
  • Page 159 NB3000-Line-Hd User Manual 4.2 Voice Routing This page can be used to con gure generic voice routing between the endpoints. Enhanced routing facilities are provided via the SDK interface which is able to dispatch voice calls based on their attributes (such as phone numer) and other system related status infor- mation (e.g.
  • Page 160 NB3000-Line-Hd User Manual 4.2 Client Con guration Any SIP client must be con gured to use the router as its registrar/proxy. Parameter X-Lite Con guration User ID SIP username used in from headers (i.e. subscriber name) Domain SIP Domain used in from headers (optional) Authorization name Username used for authentication (i.e.

  • Page 161: System

    NB3000-Line-Hd User Manual 4.2 5.8. SYSTEM 5.8.1. System System Settings Figure 5.50.: System System The following system parameters can be set: Parameter System Settings Local hostname The hostname of the system Application area The desired application area which in uences the system be- haviour such as registration timeouts or other adaptions when operating in mobile environments.
  • Page 162 NB3000-Line-Hd User Manual 4.2 Parameter System Settings Enable TCP timestamps Enable TCP timestamps for system wide TCP communication. This is needed for Protection Against Wrapped Sequence num- bers (PAWS), but with these timestamps enabled a remote at- tacker can guess the uptime of the system. The uptime is a lower bound for the age of the main system components like the kernel.
  • Page 163 This page can be used for setting the system time and con guring the time zone. You may further enable daylight saving changes for your speci c time zone. NetModule routers can synchronize their system time by using one or more servers by the help of the Network Time Protocol (NTP) or via GNSS.

  • Page 164: Regional Settings

    Virtualization techniques can be used to run multiple isolated guests on top of the host system. The netmodule routers use OS-level virtualization: A system is virtualized at the op- erating system level, enabling multiple isolated user-space instances called containers. The same operating system kernel is used to implement the guest environments, applications running in a guest environment view it as a stand-alone system.
  • Page 165 NB3000-Line-Hd User Manual 4.2 General settings: Parameter Virtualization Settings Administrative status De nes whether virtualization is enabled or not The following parameters can be used to con gure a virtual guest: Parameter Guest Settings Type De nes which virtualization technique is being used...
  • Page 166 NB3000-Line-Hd User Manual 4.2 Parameter Guest Networking Bridge interface The interface to which the guest interace shall be bridged The guest devices parameter shows a list of devices (e.g bluetooth, CAN) which can be pro- vided to the guest system.

  • Page 167: Authentication

    NB3000-Line-Hd User Manual 4.2 5.8.2. Authentication This page can be used to de ne the access model for all management interfaces (e.g. GUI, SSH/telnet server). Parameter Authentication Methods Authentication required Users can login via HTTP/telnet if authentication succeeds Secure authentication re-...

  • Page 168: Remote Authentication

    NB3000-Line-Hd User Manual 4.2 The Web Manager supports up to 5 concurrent users. Inactive users will be kicked after being idle for 30 minutes. If login was successful, any duplicate users from other remote hosts will be logged out. Remote hosts will be blocked for 5 mintes after 10 failed login attempts.
  • Page 169 NB3000-Line-Hd User Manual 4.2 It can be con gured as follows: Parameter Remote authentication settings Administrative status De nes whether a remote server should be used for authenti- cation RADIUS server The RADIUS server address RADIUS secret The secret used to authenticate against the RADIUS server...

  • Page 170: Software Update

    NB3000-Line-Hd User Manual 4.2 5.8.3. Software Update Manual Software Update This menu can be used to run a manual software update of the system. Parameter Manual Software Update Update operation The update operation method being used. You can upload the...

  • Page 171: Module Firmware Update

    NB3000-Line-Hd User Manual 4.2 Attention In case you perform a major downgrade with a previous release line (e.g. 3.7.0 to 3.6.0), please ensure to always use the latest release of that branch (i.e. 3.6.0.X) as only those tend to be fully forward-compatible. Also keep in mind, that some hardware features may not work (e.g.

  • Page 172: Software Pro Les

    A rmware package (ZIP) usually consists of a ash utility, an info le and the correspond- ing rmware les. Please follow http://www.netmodule.com/support/supportform.aspx in order to get the latest version. 5.8.5. Software Pro les The system consists of two root partitions which can hold different software versions and this menu can be used to switch between them.

  • Page 173: Con Guration

    NB3000-Line-Hd User Manual 4.2 5.8.6. Con guration Con guration via the Web Manager becomes tedious for larger volumes of devices. The router therefore offers automatic and manual le-based con guration to automate things. Once you have successfully set up the system you can back up the con guration and restore the system with it afterwards.

  • Page 174: Automatic File Con Guration

    NB3000-Line-Hd User Manual 4.2 Automatic File Con guration Figure 5.55.: Automatic File Con guration This menu can be used to run an automatic con guration update of the system. It is con g- ured as follows: Parameter Automatic File Con guration...

  • Page 175: Factory Con Guration

    NB3000-Line-Hd User Manual 4.2 Factory Con guration Figure 5.56.: Factory Con guration This menu can be used to reset the device to factory defaults. Your current con guration will be lost. This procedure can also be initiated by pressing and holding the Reset button for at least ve seconds.

  • Page 176: Troubleshooting

    NB3000-Line-Hd User Manual 4.2 5.8.7. Troubleshooting Network Debugging There are serveral tools for network debugging like ping, traceroute, tcpdump and darkstat. Parameter Automatic software update Ping The ping utility can be used to verify whether a remote host can be reached via IP.

  • Page 177: Log Viewer

    NB3000-Line-Hd User Manual 4.2 System Debugging You can view the system log here by selection the option Debug log or if you are interested in the boot log select Boot log. Another way to see what is going on on the box is opening a SSH or Telnet session as root and typing tail-log.

  • Page 178: Tech Support File

    NB3000-Line-Hd User Manual 4.2 Tech Support You can generate and download a tech support le here. We strongly recommend providing this le when getting in touch with our support team, either by e-mail or via our on-line support form, as it would signi cantly speed up the process of analyzing and resolving your problem.

  • Page 179: Keys And Certi Cates

    NB3000-Line-Hd User Manual 4.2 5.8.8. Keys and Certi cates The key and certi cate page lets you generate required les for securing your services (such as HTTP and SSH server) but also to implement authentication and encryption for certi cate- based VPN tunnels and WLAN clients.

  • Page 180: Certi Cate Sections

    NB3000-Line-Hd User Manual 4.2 Type Description IPsec Server or client keys and certi cates for running IPsec tunnels. WLAN Keys and certi cates for implementing certi cate-based WLAN authentication (e.g. WPA-EAP-TLS). Authorities Other certi cate authorities which we trust when establishing SSL client connections.

  • Page 181: Certi Cate Con Guration

    NB3000-Line-Hd User Manual 4.2 Con guration Figure 5.60.: Certi cate Con guration This page provides some general con guration options which will be applied when operating on keys and certi cates. If keys, certi cates and signing requests are generated locally, the following settings will be...
  • Page 182 NB3000-Line-Hd User Manual 4.2 Parameter Certi cate Con guration Expiry period The number of days a certi cate will be valid from now on Key size The length of the private key in bits DH primes The number of bits for custom Di e-Hellman primes...
  • Page 183 NB3000-Line-Hd User Manual 4.2 When enrolling certi cates, the CA certi cate will be initially fetched from the speci ed SCEP URL using the getca operation. It will be shown on the con guration page and it has to be veri ed that it belongs to the correct authority.

  • Page 184: Licensing

    NB3000-Line-Hd User Manual 4.2 5.8.9. Licensing Certain features of NetModule routers require a valid license to be present in the system, some of them also depend on the mounted modules. Please contact us for getting a valid license for available components and we will provide a license le based on your serial number which can be installed to the router afterwards.

  • Page 185: Legal Notice

    5.8.10. Legal Notice OSS Notice We inform you that NetModule products may contain in part open-source software. We are distributing such open-source software to you under the terms of GNU General Public License (GPL), GNU Lesser General Public License (LGPL) or other open-source licenses.

  • Page 186: Logout

    NB3000-Line-Hd User Manual 4.2 5.9. LOGOUT Please use this menu to log out from the Web Manager.

  • Page 187: Command Line Interface

    6. Command Line Interface The Command Line Interface (CLI) offers a generic control interface to the router and can be used to get/set con guration parameters, apply updates, restart services or perform other system tasks. It will be started automatically in interactive mode when logging in as admin user or by running cli -i.

  • Page 188: Print Help

    NB3000-Line-Hd User Manual 4.2 Key Sequence Action CTRL-r Search backward starting at the current line and moving up through the history CTRL-s Freeze session CTRL-q Reactivate frozen session CTRL-d Delete character at point or exit CLI if at the beginning of the line CTRL-t Drag the character before point forward moving point forward as well;...

  • Page 189: Getting Con G Parameters

    NB3000-Line-Hd User Manual 4.2 exit Exit 6.3. Getting Con g Parameters The get command can be used to get con guration values. > get Usage : get [ hsvfc ] <parameter > [ < parameter > . . ] Options :...

  • Page 190: Scanning Networks

    NB3000-Line-Hd User Manual 4.2 Options : generate sourceable output Available sections : summary Short status summary info System and config information config Current configuration system System information configuration Configuration information license License information wwan WWAN module status wlan WLAN module status...

  • Page 191: Updating System Facilities

    NB3000-Line-Hd User Manual 4.2 > send Usage : send [ h ] <type > <dest > <msg > Options : type of message to be sent ( mail , sms , techsupport , <type > ussd ) destination of message ( mail address , phone number or <dest >...

  • Page 192: Restarting Services

    NB3000-Line-Hd User Manual 4.2 enroll enroll a certificate via SCEP erase erase an installed certificate view view an installed certificate 6.11. Restarting Services The restart command can be used to restart system services. > restart Usage : restart [ h ] <service >...

  • Page 193: Resetting System

    NB3000-Line-Hd User Manual 4.2 event manager home agent led manager link manager mobile node qmid qosd scripts sdkhost ser2net smsd surveyor swupdate system voiced watchdog wwan manager wwanmd 6.13. Resetting System The reset command can be used to reset the router back to factory defaults.

  • Page 194: Working With History

    NB3000-Line-Hd User Manual 4.2 6.16. Working with History The history command will print the list of entered commands on a per-user basis. > history Usage : history [ c ] It can be cleared by history -c. 6.17. CLI-PHP CLI-PHP, the HTTP frontend to the CLI application, can be used to con gure and control the router remotely.
  • Page 195 NB3000-Line-Hd User Manual 4.2 the URL must be specified according to RFC1738 ( usually done by common clients such as wget , lynx , curl ) . Response : The returned response will always contain a status line in the format : <return >...
  • Page 196 NB3000-Line-Hd User Manual 4.2 set - Set con guration parameter Key usage : command=set&arg0=<config key>&arg1=<config value >[& arg2=<config key>& arg3=<config value > . . ] Notes : In contrast to the other commands , this command requires a set of tuples because of the reserved ' = ' char , i .
  • Page 197 NB3000-Line-Hd User Manual 4.2 command=reset Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php ? version=2&output=html&usr=admin&pwd=admin01& command=reset update - Update system facilities Key usage : command=update&arg0=<facility >&arg1=<URL >...
  • Page 198 NB3000-Line-Hd User Manual 4.2 command=send&arg0=mail&arg1=<address>&arg2=<text > Notes : The address has to be a valid E Mail address such as abc@abc . com ( the at sign can be encoded with %40) . The E Mail client must be properly configured prior to using that function .

  • Page 199: Appendix

    A. Appendix A.1. Abbrevations Parameter Description ETHx Corresponds to Ethernet interfaces (either single or switched ones) LANx LAN interfaces which are generally based on Ethernet inter- faces (including bridges) WLANx Refers to a Wireless LAN interface which will be represented as additional LAN interface when con gured as access point WWANx Refers to a Wireless Wide Area Network (2G/3G/4G) connec-...
  • Page 200 NB3000-Line-Hd User Manual 4.2 Parameter Description DHCP Dynamic Host Con guration Protocol Script Development Kit which can be used to program applica- tions Command Line Interface, a generic interface to query the router or perform system tasks Subscriber Identity Module...

  • Page 201: System Events

    NB3000-Line-Hd User Manual 4.2 starting from one. A.2. System Events Event Description wan-up WAN link came up wan-down WAN link went down dio-in1-on DIO IN1 turned on dio-in1-off DIO IN1 turned off dio-in2-on DIO IN2 turned on dio-in2-off DIO IN2 turned off...
  • Page 202 NB3000-Line-Hd User Manual 4.2 Event Description system-rebooting System reboot has been triggered system-startup System has been started test test event sdk-startup SDK has been started system-time- System time has been updated updated system-poweroff System poweroff has been triggered system-error System is in error state...

  • Page 203: Factory Con Guration

    NB3000-Line-Hd User Manual 4.2 A.3. Factory Con guration The factory con guration including default values for any con guration parameter can be derived from the le /etc/config/factory-config.cfg on the router. You may also call cli get -f <parameter> for obtaining a speci c default value.

  • Page 204: Snmp Vendor Mib

    -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -- NetModule AG VENDOR MIB -- ( c ) COPYRIGHT 2018 by NetModule AG , Switzerland -- All rights reserved .
  • Page 205 NB3000-Line-Hd User Manual 4.2 OBJECT IDENTIFIER ::= { nb 53 } OBJECT IDENTIFIER ::= { nb 90 } traps OBJECT IDENTIFIER ::= { nb 100 } -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *...
  • Page 206 NB3000-Line-Hd User Manual 4.2 systemDate OBJECT - TYPE SYNTAX DateAndTime MAX - ACCESS read - only STATUS current DESCRIPTION " The current local date and time of day . " ::= { admin 9 } deviceRestart OBJECT - TYPE SYNTAX...
  • Page 207 NB3000-Line-Hd User Manual 4.2 " The status of the last configuration update cycle " ::= { admin 21 } co nf i gU p d at e Er r or OBJECT - TYPE SYNTAX Integer32 MAX - ACCESS read - only...
  • Page 208 NB3000-Line-Hd User Manual 4.2 altC onf ig U pd ate d OBJECT - TYPE SYNTAX DateAndTime MAX - ACCESS read - only STATUS current DESCRIPTION " The date of the last alternative configuration update " ::= { admin 32 }...
  • Page 209 NB3000-Line-Hd User Manual 4.2 MAX - ACCESS not - accessible STATUS current DESCRIPTION " The table describing any WWAN modems and their current settings " ::= { nb 50 } nbWwanEntry OBJECT - TYPE SYNTAX NBWwanEntry MAX - ACCESS not - accessible...
  • Page 210 NB3000-Line-Hd User Manual 4.2 w w a n L o c a l A r e a I d e n t i f i c a t i o n OBJECT - TYPE SYNTAX DisplayString MAX - ACCESS read - only...
  • Page 211 NB3000-Line-Hd User Manual 4.2 SYNTAX DisplayString MAX - ACCESS read - only STATUS current DESCRIPTION " The current signal quality of the WWAN modem " ::= { nbWwanEntry 19 } -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *...
  • Page 212 NB3000-Line-Hd User Manual 4.2 SYNTAX Integer32 MAX - ACCESS read - only STATUS current DESCRIPTION " The current number of satellites in view for the GNSS device " ::= { nbGnssEntry 7 } gnssNumSatUs ed OBJECT - TYPE SYNTAX Integer32...
  • Page 213 NB3000-Line-Hd User Manual 4.2 STATUS current DESCRIPTION " WLAN module type " ::= { nbWlanEntry 3 } wlanNumClien ts OBJECT - TYPE SYNTAX Integer32 MAX - ACCESS read - only STATUS current DESCRIPTION " Current number of clients connected to the WLAN module in access - point mode "...
  • Page 214 NB3000-Line-Hd User Manual 4.2 STATUS current DESCRIPTION " The MAC address of a connected station " ::= { n b Wl a nS t a t i o nE n t r y 3 } w l a n S t a t i o n S i g n a l S t r e n g t h OBJECT - TYPE...
  • Page 215 NB3000-Line-Hd User Manual 4.2 wanD ia lFa ilur es Integer32 , wa n D at a Do w n l o a de d Counter64 , wanD at aUp load ed Counter64 , wanD ow nlo adRa te Integer32 ,...
  • Page 216 NB3000-Line-Hd User Manual 4.2 SYNTAX Integer32 MAX - ACCESS read - only STATUS current DESCRIPTION " WAN link dial success " ::= { nbWanEntry 11 } wanDial Fa ilur es OBJECT - TYPE SYNTAX Integer32 MAX - ACCESS read - only...
  • Page 217 NB3000-Line-Hd User Manual 4.2 on (1) MAX - ACCESS read - only STATUS current DESCRIPTION " The current value of digital I / O port IN2 " ::= { dio 2 } dioStatusOut1 OBJECT - TYPE SYNTAX INTEGER { off (0) ,...
  • Page 218 NB3000-Line-Hd User Manual 4.2 STATUS current DESCRIPTION " Serial port index " ::= { nbSerialEntry 1 } serialName OBJECT - TYPE SYNTAX DisplayString MAX - ACCESS read - only STATUS current DESCRIPTION " Serial port name " ::= { nbSerialEntry 2 }...
  • Page 219 NB3000-Line-Hd User Manual 4.2 n bT r a p H i st o r yE n t r y OBJECT - TYPE SYNTAX N B T ra p Hi s t or y En t ry MAX - ACCESS not - accessible...
  • Page 220 NB3000-Line-Hd User Manual 4.2 dio - out1 - on NOTIFICATION - TYPE STATUS current DESCRIPTION " DIO OUT1 turned on " ::= { events 205 } dio - out1 - off NOTIFICATION - TYPE STATUS current DESCRIPTION " DIO OUT1 turned off "...
  • Page 221 NB3000-Line-Hd User Manual 4.2 system - login - failed NOTIFICATION - TYPE STATUS current DESCRIPTION " User login failed " ::= { events 501 } system - login - succeeded NOTIFICATION - TYPE STATUS current DESCRIPTION " User login succeeded "...
  • Page 222 NB3000-Line-Hd User Manual 4.2 ddns - update - failed NOTIFICATION - TYPE STATUS current DESCRIPTION " Dynamic DNS update failed " ::= { events 802 } usb - storage - added NOTIFICATION - TYPE STATUS current DESCRIPTION " USB storage device has been added "...

  • Page 223: Sdk Examples

    NB3000-Line-Hd User Manual 4.2 A.5. SDK Examples Event Description best-operator.are This script will scan for operators on startup and choose the one with the best signal candump.are This script can be used to receive CAN messages con g-summary.are This script shows a summary of the currently running con gu- ration.
  • Page 224 NB3000-Line-Hd User Manual 4.2 Event Description opcua-write.are This script will write a new value to a node at a OPC-UA server. ping-supervision.are This script will supervise a speci ed host. read-con g.are This script can be used to read a con guration parameter.
  • Page 225 NB3000-Line-Hd User Manual 4.2 Event Description snmp-trap.are This script can be used to send SNMP traps status.are This script can be used to display all status variables syslog.are Throw a simple syslog message. tcpclient.are This script sends a message to a TCP server.

Table of Contents