Page 1 NetModule AG Router NB2800 User Manual for Software Version 4.8.0.103 Manual Version 2.1788 NetModule AG, Switzerland June 6, 2024...
Page 2 NetModule AG Router NB2800 This manual covers all variants of the NB2800 product type. The naming of copyrighted trademarks in this manual, even when not specially indicated, should not be taken to mean that these names may be considered as free in the sense of the trademark and tradename protection law and hence that they may be freely used by anyone.
Page 3: Table Of Contents
Contents 1. Welcome to NetModule ........2.
Page 4 6.3.6......... . . 6.3.7.
Page 5 6.8.3. Software Update ........215 6.8.4.
Page 6 List of Figures 6.1. Initial Login ......... . . 6.2.
Page 7 6.48. SMS Conﬁguration ........160 6.49.
Page 8 List of Tables 4.1. Environmental Conditions ........4.2.
Page 9 6.197. Certiﬁcate Operations ........225 A.1.
Page 10: Welcome To Netmodule
1. Welcome to NetModule Thank you for purchasing a NetModule AG product. This document should give you an introduction to the device and its features. The following chapters describe any aspects of commissioning the device, installation procedure and provide helpful information towards conﬁguration and maintenance. Please ﬁnd further information such as sample SDK scripts or conﬁguration samples in our wiki on https://wiki.netmodule.com.
Page 11: Conformity
2. Conformity This chapter provides general information for putting the router into operation. 2.1. Safety Instructions Please carefully observe all safety instructions in the manual that are marked with the symbol Compliance information: The NetModule routers must be used in compliance with any and all applicable national and international laws and with any special restrictions regulating the utilization of the communication module in prescribed applications and environments.
Page 12 Information about the device interfaces: – All systems that are connected to the NetModule router interfaces must meet the requirements for SELV (Safety Extra Low Voltage) systems. – Interconnections must not leave the building nor penetrate the body shell of a vehicle. –...
Page 13: Declaration Of Conformity
FCC Warning: – Any Changes or modiﬁcations not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. – This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: –...
Page 14 WLAN maximum output power IEE 802.11b/g/n Operation frequency range: 2412-2472 MHz (13 channels) Maximum output power: 14.93 dBm EIRP average (on antenna port) IEE 802.11a/n/ac Operation frequency range: 5180-5350 MHz / 5470-5700 MHz (19 channels) Maximum output power: 22.91 dBm EIRP average (on antenna port) Cellular maximum output power GSM Band 900 Operation frequency range: 880-915, 925-960 MHz...
Page 15 LTE FDD Band 20 Operation frequency range: 832-862, 791-821 MHz Maximum output power: 25 dBm rated LTE FDD Band 28 Operation frequency range: 703-748, 758-803 Maximum output power: 25 dBm rated LTE FDD Band 38 Operation frequency range: 2570-2620 MHz Maximum output power: 25 dBm rated LTE FDD Band 40 Operation frequency range: 2300-2400 MHz...
Page 16: Waste Disposal
Maximum output power: 25 dBm rated 5G NR Band 77 Operation frequency range: 3300-4200 MHz Maximum output power: 25 dBm rated 5G NR Band 78 Operation frequency range: 3300-3800 MHz Maximum output power: 25 dBm rated 2.3. Waste Disposal In accordance with the requirements of the Council Directive 2012/19/EU regard- ing Waste Electrical and Electronic Equipment (WEEE), you are urged to ensure that this product will be segregated from other waste at end-of-life and delivered to the WEEE collection system in your country for proper recycling.
Page 17: Foss
3. FOSS This chapter provides information about FOSS, Free Open Source Software. 3.1. Open Source Software used in the product The product contains, among other things, Open Source Software ﬁles, as deﬁned below, developed by third parties and licensed under an Open Source Software license. These Open Source Software ﬁles are protected by copyright.
Page 18: Reverse Engineering Permission (Only For Lgpl Licensed Components)
For the remaining open source components, the liability exclusions of the rights holders in the respec- tive license texts apply. Technical support, if any, will only be provided for unmodiﬁed software. 3.3. Reverse Engineering Permission (only for LGPL licensed components) To give this permission to the customer, all software third party supplier of the product must give NetModule AG this permission too.
Page 19: Specifications
4. Speciﬁcations 4.1. Appearance 4.2. Features All models of NB2800 have following standard functionalities: – Power input with Ingition Sense – 2x Ethernet ports (10/100/1000 Mbit/s) – 1x serial port (RS-232) – 1x USB 3.0 host port – 4x micro SIM card slots (3FF) –...
Page 20: Environmental Conditions
– RS-232 – RS-485 – IBIS – CAN – Audio – Audio-PTT – Digital I/O – 1 TB internal storage – Software Keys Due to its modular approach, the NB2800 router and its hardware components can be arbitrarily assembled according to its indented usage or application. Please contact us in case of special project requirements.
Page 21: Interfaces
4.4. Interfaces 4.4.1. Overview Nr. Label Panel Function LED Indicators Front LED Indicators for the different interfaces Front USB 3.0 host port, can be used for software/conﬁguration up- dates. SIM 1-4 Front SIM 1-4 (3FF), they can be assigned dynamically to any modem by conﬁguration.
Page 22: Led Indicators
Nr. Label Panel Function MOB 3/WLAN 2 Rear 2 FAKRA coding I/D jacks for MIMO WLAN 2 or MIMO cellular antenna Rear Auxiliary port MOB 4/WLAN 1 Rear 2 FAKRA coding I/D jacks for MIMO WLAN or MIMO cellular antenna Rear Audio/CAN/IBIS/RS-232/RS-485/Audio-PTT extension.
Page 23: Reset
Label Color State Function USR1-5 User deﬁned. User deﬁned. EXT1 Extension port 1 is on. Extension port 1 is off. EXT2 Extension port 2 is on. Extension port 2 is off. The color of the LED represents the signal quality for wireless links. red means low yellow means moderate green means good or excellent...
Page 24: Mobile
4.4.4. Mobile The various variants of the NB2800 support up to 4 WWAN modules for mobile communication. The LTE modules support 2x2 MIMO. The Variant with 5G modules support 4x4 MIMO. Here you will ﬁnd an overview of the different modems and the individual bands The mobile antenna ports have the following speciﬁcation: Feature Speciﬁcation...
Page 25: Wlan
4.4.5. WLAN The variants of the NB2800 support up to 2 802.11 a/b/g/n/ac WLAN modules. Standard Frequencies Bandwidth Data Rate 802.11a 5 GHz 20 MHz 54 Mbit/s 802.11b 2.4 GHz 20 MHz 11 Mbit/s 802.11g 2.4 GHz 20 MHz 54 Mbit/s 802.11n 2.4/5 GHz 20/40 MHz...
Page 26: Gnss
4.4.6. GNSS GNSS (Option G) The GNSS is used from a WWAN Module. Feature Speciﬁcation Systems GPS/GLONASS, (GALILEO/BEIDOU depending on module) Data stream JSON or NMEA Tracking sensitivity Up to -165 dBm Supported antennas Active and passive Table 4.8.: GNSS Speciﬁcations option G GNSS (Option Gd) The GNSS module supports Dead Reckoning with onboard 3D accelerometer and 3D gyroscope.
Page 27: Usb 3.0 Host Port
4.4.7. USB 3.0 Host Port The USB 3.0 host port has the following speciﬁcation: Feature Speciﬁcation Speed Low, Full, Hi & Super-Speed Current max. 950 mA Max. cable length Cable shield mandatory Connector type Type A Table 4.11.: USB 3.0 Host Port Speciﬁcation 4.4.8.
Page 28: Power Supply
Pin Assignment Signal Table 4.13.: Pin Assignments of RJ45 Ethernet Connectors 4.4.9. Power Supply NB2800 routers provide a non-isolated power supply input. The power port has the following speciﬁ- cations: Feature Speciﬁcation Power supply nominal voltages 12 V , 24 V , 36 V and 48 V Voltage range...
Page 29: Pin Terminal Block
4.4.10. RS-232 The RS-232 port is speciﬁed as follows (bold characters show the default conﬁguration): Feature Speciﬁcation Protocol 3-wire RS-232: GND, TXD, RXD Baud rate 300, 1 200, 2 400, 4 800, 9 600, 19 200, 38 400, 57 600, 115 200 7 bit, 8 bit Data bits none, odd, even...
Page 30: Extension Port
4.4.12. Extension Port Available Options The NB2800 has an optional RJ45 extension connector with 8 pins. On this connector one of the following interfaces may be present: – Audio (Option A) – CAN (Option C) – 2xCAN (Option 2C) – IBIS (Option I) –...
Page 31: Audio Port Specification
Audio Port Speciﬁcation (Option A) The Audio port has the following speciﬁcation: Feature Speciﬁcation Protocol Audio Line In/Out Input reference level 0dBFS Signal level 1.9 V Input Impedance 21 kΩ Input bandwidth 100 Hz- 15 kHz Input galvanic isolation to enclosure functional (max.
Page 32: Can Port Specification
CAN Port Speciﬁcation (Option C) The CAN port has the following speciﬁcation: Feature Speciﬁcation Protocol CAN V2.0B Speed Up to 1 Mbit/s Default: 125 kbit/s Galvanic isolation to enclosure 1500 V Internal bus termination none External bus termination 120 Ω Max.
Page 33: Pin Assignments Of Rj45 Dual Can Connector
If a Variant with 2 CAN interfaces is used (Option 2C) following pin out will be assigned: Signal CAN1_GND CAN1_L CAN1_H CAN2_GND CAN2_L CAN2_H Table 4.22.: Pin Assignments of RJ45 dual CAN Connector NB2800 User Manual for NRSW version 4.8.0.103...
Page 34: Ibis Port Specification
IBIS Port Speciﬁcation (Option I) The IBIS port has the following speciﬁcation: Feature Speciﬁcation Protocol ’IBIS Wagenbus’, according to VDV300 and VDV301 Device type ’IBIS Peripheriegerät’, according to VDV300 and VDV301 Speed 1200 Baud Galvanic isolation to enclosure 1500 V Max.
Page 35: Isolated Rs-232 Port Specification
Isolated 5-wire RS-232 Port Speciﬁcation (Option Sb) The isolated 5-wire RS-232 port has the following speciﬁcation (bold characters show the default con- ﬁguration): Feature Speciﬁcation Protocol 5-wire RS-232: GND, TXD, RXD Baud rate 600, 1 200, 2 400, 4 800, 9 600, 19 200, 38 400, 57 600, 115 200 7 bit, 8 bit Data bits...
Page 36: Port Specification
Isolated RS-485 Port Speciﬁcation (Option Sa) The RS-485 port has the following speciﬁcation (bold characters show the default conﬁguration): Feature Speciﬁcation Protocol 3-wire RS-485 (GND, A, B) Baud rate 600, 1 200, 2 400, 4 800, 9 600, 19 200, 38 400, 57 600, 115 200 Data bits 7 bit, 8 bit...
Page 37: Common Ptt Specification
Autio-PTT Speciﬁcation (Option Ap) The Audio-PTT (push to talk) has the following speciﬁcation in common: Feature Speciﬁcation Isolation to enclosure/GND functional (max. 100 V Max. cable length 30 m Cable shield mandatory Connector type RJ45 Table 4.29.: Common PTT Speciﬁcation The Audio signal have the following speciﬁcation: Feature Speciﬁcation...
Page 38: Digital Output Specification
The Digital Output signal have the following speciﬁcation: Feature Speciﬁcation Number of ports 1x Digital Out (NO) Max. continuous output current Max. switching output voltage 60 V , 42 V Max. switching capacity Table 4.32.: Digital Output Speciﬁcation Signal Line IN + Line IN Digital IN + Digital OUT +...
Page 39: Common Digital I/O Specification
Digital Inputs and Outputs (Option 2D) The isolated input and output ports have the following speciﬁcation in common: Feature Speciﬁcation Isolation to enclosure/GND 1’500 V Max. cable length 30 m Cable shield not required Connector type RJ45 Table 4.34.: Common Digital I/O Speciﬁcation The Digital Input signal have the following speciﬁcation: Feature Speciﬁcation...
Page 40: Isolated Digital Output Specification
The Digital Output signal have the following speciﬁcation: Feature Speciﬁcation Number of ports 1xNO / 1xNC Max. continuous output current Max. switching output voltage 60 V , 42 V Max. switching capacity Table 4.36.: Isolated Digital Output Speciﬁcation Signal DI1+ DI2+ DO1: Normally open DO1: Normally open...
Page 41: Data Storage (Option Dx)
4.5. Data Storage (Option Dx) The integrated mass storage works independently of any router functionalities and is dedicated for cus- tomer applications such as data collection or passenger entertainment. The storage can be accessed via the SDK. Please refer to SDK API Manual for further details, section 2.2 Media Mount. The following options are available: Option Capacity...
Page 42: Installation
5. Installation The NB2800 is designed for mounting it on a worktop or wall (Only suitable for mounting at heights smaller equal 2 m), https://www.netmodule.com/support/downloads/drawings Please consider the safety instructions in chapter and the environmental conditions in chapter 4.3. The following precautions must be taken before installing a NB2800 router: –...
Page 43: Cellular Antenna Port Types
Keep in mind that effects caused by Faraday cages such as large metal surfaces (elevators, machine housings, etc.), close meshed iron constructions and others may reduce signal reception signiﬁcantly. The following table shows how to connect the cellular antennas. 4G-LTE antennas require both the main and auxiliary ports to be connected.
Page 44: Variant With 5G Module, Antenna Assignment
MOB 1 MOB 2 MOB 3 MOB 4 Antenna Port A1 A2 A3 A4 A6 A7 A9 A10 NB2800-2N-G 5G Mobile 1 5G Mobile 2 5G Mobile 1 5G Mobile 2 NB2800-NWac-G 5G Mobile 1 5G Mobile 1 WLAN 1 NB2800-N2Wac-G 5G Mobile 1 5G Mobile 1 WLAN 2...
Page 45: Installation Of The Wlan Antennas
5.3. Installation of the WLAN Antennas The following table shows how to connect the WLAN antennas. The number of attached antennas can be conﬁgured in the software. If only one antenna is used, it must be attached to the main port. However, for better diversity and thus better throughput and coverage, we highly recommend using two antennas.
Page 46: Installation Of The Power Supply & Delayed Power Off
5.6. Installation of the Power Supply & Delayed Power Off The router can be powered with an external source supplying between 12 V and 48 V . It is to be used with a certiﬁed (CE or equivalent) power supply, which must have a limited and SELV circuit out- put.
Page 47: Configuration
6. Conﬁguration The following chapters provide information on setting up the router and conﬁguring its functions as provided with system software 4.8.0.103. NetModule provides regularly updated router software with new functions, bug ﬁxes and closed vulnerabilities. Please keep your router software up to date. ftp://share.netmodule.com/router/public/system-software/ 6.1.
Page 48: Automatic Mobile Data Connection
Admin Password Setup Please set a password for the admin account. It shall have a minimum length of 6 characters and contain at least 2 numbers and 2 letters. Username: admin Enter new password: Confirm new password: I agree to the terms and conditions Configure automatic mobile data connection Apply...
Page 49: Recovery
esteblish a mobile data connection automatically. This feature is highly dependent on the SIM card features and the available networks. This Option is only availble if the router is equipped with a cellular module. 6.1.3. Recovery Following actions might be taken in case the router has been misconﬁgured and cannot be reached anymore: 1.
Page 50: Home
6.2. HOME This page provides a status overview of enabled features and connections. LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Status Summary Summary Description Administrative Status Operational Status WWAN LAN2 enabled dialing WLAN WWAN1 enabled down GNSS Ethernet WLAN1 enabled, access-point IPsec1 enabled down...
Page 51 WLAN The WLAN page offers details about the enabled WLAN interfaces when operating in access-point mode. This includes the SSID, IP and MAC address and the currently used frequency and transmit power of the interface as well as the list of associated stations. GNSS This page displays the position status values, such as latitude/longitude, the satellites in view and more details about the used satellites.
Page 52 This page provides information about the Border Gateway Protocol. OSPF This page provides information about the Open Shortest Path First routing protocol. DynDNS This page provides information about Dynamic DNS. System Status The system status page displays various details of your NB2800 router, including system details, information about mounted modules and software release information.
Page 53: Interfaces
6.3. INTERFACES 6.3.1. WAN Link Management Depending on your hardware model, WAN links can be made up of either Wireless Wide Area Network (WWAN), Wireless LAN (WLAN), Ethernet or PPP over Ethernet (PPPoE) connections. Please note that each WAN link has to be conﬁgured and enabled in order to appear on this page. LOGOUT HOME INTERFACES...
Page 54 In general, a link will be only dialed or declared as up if the following prerequisites are met: Condition WWAN WLAN PPPoE Modem is registered Registered with valid service type Valid SIM state Sufﬁcient signal strength Client is associated Client is authenticated Valid DHCP address retrieved Link is up and holds address Ping check succeeded...
Page 55 Attention: You can have concurrent WWAN links which share a common resource like one WWAN module using SIM cards of different providers. In that case it would not be possible to ﬁnd out if the link with the higher priority is available without putting down the low priority link.
Page 56: Link Supervision
WAN address will be be passed-through to the ﬁrst DHCP client of the speciﬁed LAN interface. As Ethernet-based communication requires additional addresses, we pick an appropriate subnet to talk to the LAN host. In case this overlaps with other addresses of your WAN network, you may optionally specify the network given by your provider to avoid any address conﬂicts.
Page 57 Parameter Supervision Settings Link The WAN link to be monitored (can be ANY) Mode Speciﬁes whether the link shall only be monitored if being up (e.g. for using a VPN tunnel) or if connectivity shall be also validated at connection establishment (default) Primary host The primary host to be monitored Secondary host...
Page 58: Wan Settings
LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM TCP Maximum Segment Size Link Management Supervision The maximum segment size defines the largest amount of data of TCP packets (usually MTU minus 40). You Settings may decrease the value in case of fragmentation issues or link-based limits. Ethernet enabled Port Setup...
Page 59: Ethernet
6.3.2. Ethernet NB2800 routers ship with 2 dedicated Gigabit Ethernet ports (ETH1 and ETH2) and an additional extension port which can be linked via RJ45 connectors. ETH1 usually forms the LAN1 interface which should be used for LAN purposes. Other interfaces can be used to connect other LAN segments or for conﬁguring a WAN link.
Page 60: Ethernet Link Settings
Please note that NB2800 routers don’t have a switch but single PHY ports. If both ports are assigned to the same LAN interface the ports will be bridged by software. The following options exist: Parameter Ethernet Softbridge Settings Enable bridge ﬁltering If enabled, the ﬁrewall rules will also match packets between the ports Enable RSTP If enabled, the Rapid Spanning Tree Protocol (IEEE 802.1D-2004)
Page 61: Authentication Via Ieee 802.1X
Authentication via IEEE 802.1X LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Port Assignment Link Settings Wired 802.1X Link Management Supervision Settings Ethernet 1 Ethernet disabled Port Setup Client Wired 802.1X status: VLAN Management IP Settings Authenticator Mobile Ethernet 2 Modems disabled SIMs Client...
Page 62 Parameter Wired IEEE 802.1X Client Settings Wired 802.1X status If set to Client, the router will authenticate on this port via IEEE 802.1X EAP type Which protocol to use to authenticate Anonymous identity The anonymous identify for PEAP authentication Identity The identify for EAP-TLS or PEAP authentication (required) Password The password for PEAP authentication (required)
Page 63: Vlan Management
LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM VLAN Management Link Management VLAN Network Interface Priority Mode Supervision Interface Settings LAN1-1 LAN1 default routed Ethernet LAN1-2 LAN1 background routed Port Setup VLAN Management IP Settings Mobile Modems SIMs Interfaces WLAN Administration Configuration IP Settings Bridges...
Page 64: Lan Ip Configuration
IP Settings This page can be used to conﬁgure IP addressing for your LAN/WAN Ethernet interfaces. Parameter LAN IP Settings Mode Deﬁnes whether this interface is being used as LAN or WAN interface. The Maximum Transmission Unit for the interface, if provided it will specify the largest size of a packet transmitted on the interface.
Page 65: Lan Ip Configuration - Lan Interface
LAN-Mode When running in LAN mode, the interface may be conﬁgured with the following settings: Parameter LAN IP Settings IP address The IP interface address Netmask The netmask for this interface Alias IP address Optional alias IP interface address Alias Netmask Optional alias netmask for this interface Custom MAC adress for this interface (not supported for VLANs) LOGOUT...
Page 66: Lan Ip Configuration - Wan Interface
WAN-Mode When running in WAN mode, the interface may be conﬁgured with two IP versions in the following way: Parameter Description IPv4 Only Internet Protocol Version 4 IPv6 Only Internet Protocol Version 6 Dual-Stack Run Internet Protocol Version 4 and Version 6 in parallel LOGOUT HOME INTERFACES...
Page 67 Depending on the selected IP version you can conﬁgure your interface with the following settings: IPv4 Settings The router can conﬁgure its IPv4 address the following ways: Parameter IPv4 WAN-Modes DHCP When running as DHCP client, no further conﬁguration is required be- cause all IP-related settings (address, subnet, gateway, DNS server) will be retrieved from a DHCP server in the network.
Page 68 IPv6 Settings The router can conﬁgure its IPv6 address the following ways: Parameter IPv6 WAN-Modes SLAAC All IP-related settings (address, preﬁx, routes, DNS server) will be re- trieved by the neighbor-discovery-protocol through stateless-address- autoconﬁguration. Static Allows you to deﬁne static values. Caution has to be taken to assign a unique IP address as it would otherwise raise IP conﬂicts in the network.
Page 69: Mobile
6.3.3. Mobile Modems Conﬁguration This page lists all available WWAN modems. They can be disabled on demand. Query This page allows you to send Hayes AT commands to the modem. Besides the 3GPP-conforming AT command-set further modem-speciﬁc commands can be applicable which we can provide on demand. Some modems also support running Unstructured Supplementary Service Data (USSD) requests, e.g.
Page 70 not, please double-check your PIN. Please keep in mind that registering to a network usually takes some time and depends on signal strength and possible radio interferences. You may hit the Update button at any time in order to restart PIN unlocking and trigger another network registration attempt.
Page 71 Conﬁguration A SIM card is generally assigned to a default modem but might be switched, for instance if you set up two WWAN interfaces with one modem but different SIM cards. Close attention has to be paid when other services (such as SMS or Voice) are operating on that modem, as a SIM switch will naturally affect their operation.
Page 72: Esim Profiles
eSIM / eUICC Attention: Note that eUICC proﬁles are NOT affected by a factory reset. To remove an eUICC proﬁle from a device, manually remove it before performing the factory reset. LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM SIM Card eSIM Profiles Link Management Supervision...
Page 73: Add Euicc Profile
the router can download the proﬁle from the mobile network operator’s server. LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Link Management Add eUICC profile to SIM1 Supervision Settings Activation/QR Code Method: Root discovery service Ethernet Port Setup scan or upload QR code VLAN Management IP Settings Activation code:...
Page 74 proﬁle without having to specify any additional information for the download. Note: Most mobile network operators allow only one download of an eSIM proﬁle. So, if you download the proﬁle once and delete it afterwards, you will not be able to download the same proﬁle a second time.
Page 75: Wwan Interfaces
WWAN Interfaces This page can be used to manage your WWAN interfaces. The resulting link will pop up automatically as WAN link once an interface has been added. Please refer to chapter 6.3.1 for how to manage them. The Mobile LED will be blinking during the connection establishment process and goes on as soon as the connection is up.
Page 76 Generally, the connection settings are derived automatically as soon as the modem has registered and the network provider has been found in our database. Otherwise, it will be required to conﬁgure the following settings manually: Parameter WWAN Connection Parameters Phone number The phone number to be dialed, for 3G+ connections this commonly refers to be *99***1#.
Page 77: Wlan
6.3.4. WLAN WLAN Management In case your router is shipping with a WLAN (or Wi-Fi) module you can operate it either as client, access point, mesh point or certain dual modes. As a client it can create an additional WAN link which for instance can be used as backup link.
Page 78 Conﬁgurable parameters for access-point, client mode, mesh point and any dual mode: Parameter WLAN Management Regulatory Domain Select the country the Router operates in Number of antennas Set the number of connected antennas Antenna gain Specify the antenna gain for the connected antennas. Please refer to the antennas datasheet for the correct gain value.
Page 79: Ieee 802.11 Network Standards
Standard Frequencies Bandwidth Data Rate 802.11a 5 GHz 20 MHz 54 Mbit/s 802.11b 2.4 GHz 20 MHz 11 Mbit/s 802.11g 2.4 GHz 20 MHz 54 Mbit/s 802.11n 2.4/5 GHz 20/40 MHz 300 Mbit/s 802.11ac 5 GHz 20/40/80 MHz 866.7 Mbit/s Table 6.26.: IEEE 802.11 Network Standards NB2800 User Manual for NRSW version 4.8.0.103...
Page 80 Running as mesh point, you can further conﬁgure the following settings: Parameter WLAN Mesh-Point Management Radio band Selects the radio band to be used for connections, depending on your module it could be 2.4 or 5 GHz Channel Speciﬁes the channel to be used Note: NetModule Routers with 802.11n and 802.11ac support 2x2 MIMO NB2800 User Manual for NRSW version 4.8.0.103...
Page 81 Prior to setting up an access point, it is always a good idea to run a network scan for getting a list of neighboring WLAN networks and then choose the less interfering channel. Please note that two adequate channels are required for getting good throughputs with 802.11n and a bandwidth of 40 MHz.
Page 82: Wlan Configuration
Running in access-point mode you can create up to 8 SSIDs with each running their own network conﬁguration. The networks can be individually bridged to a LAN interface or operate as dedicated interface in routing-mode. LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM WLAN Access-Point Configuration...
Page 83 This section can be used to conﬁgure security-related settings. Parameter WLAN Access-Point Conﬁguration SSID The network name (called SSID) Security mode The desired security mode WPA mode The desired encryption method. WPA3 + WPA2 mixed mode should be preferred WPA cipher The WPA cipher to be used, the default is to run both (TKIP and CCMP) Passphrase...
Page 84 Running in mesh point mode, it is possible to connect to one or more mesh points within the mesh network at the same time. The system will automatically join the wireless network, connect to the other mesh partners with the same ID and sercurtiy credentials. The authentication credentials have to be obtained by the operator of the mesh network.
Page 85 The following security modes can be conﬁgured: Parameter WLAN Mesh-Point Security Modes MESHID is disabled None No authentication, provides an open network SAE (Simultaneous Authentication of Equals) is a secure password- based authentication and key establishment protocol NB2800 User Manual for NRSW version 4.8.0.103...
Page 86: Wlan Ip Configuration
WLAN IP Settings This section lets you conﬁgure the TCP/IP settings of your WLAN network. A client and mesh point interface can be run over DHCP or with a statically conﬁgured address and default gateway. LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Link Management...
Page 87 The following feature can be conﬁgured if the WLAN interface is bridged Parameter WLAN Bridging features 4addr frame Enables the 4-address frame format (required for bridge links) IAPP Enables the Inter-Access Point Protocol feature Pre-auth Enables the pre-authentication mechanism for roaming clients (if supported by the client).
Page 88: Software Bridges
6.3.5. Software Bridges Software bridges can be used to bridge layer-2 devices like OpenVPN TAP, GRE or WLAN interfaces without the need for a physical LAN interface. Bridge Settings This page can be used to enable/disable software bridges. It can be conﬁgured as follows: Parameter Bridge Settings Administrative status...
Page 89: Usb
6.3.6. USB NetModule AG routers ship with a standard USB host port which can be used to connect a storage, network or serial USB device. Please contact our support in order to get a list of supported devices. LOGOUT HOME INTERFACES ROUTING FIREWALL...
Page 90: Usb Device Management
USB Devices This page shows the currently connected devices and it can be used to enable a speciﬁc device based on its Vendor and Product ID. Only enabled devices will be recognized by the system and raise additional ports and interfaces. LOGOUT HOME INTERFACES...
Page 91: Serial
6.3.7. Serial This page can be used to manage your serial ports. A serial port can be used by: Parameter Serial Port Usage none The serial port is not used login console The serial port is used to open a console which can be accessed with a serial terminal client from the other side.
Page 92: Serial Port Administration
LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Administration Port Settings Link Management Supervision Settings none Ethernet login console Port Setup device server SERIAL1 is used by: VLAN Management IP Settings modem emulator Mobile Modems Apply Back SIMs Interfaces WLAN Administration Configuration IP Settings Bridges...
Page 93: Serial Port Settings
Running a device server, the following settings can be applied: LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Administration Port Settings Link Management Supervision SERIAL1 Port Settings Settings Ethernet Physical protocol: RS232 Port Setup VLAN Management Baud rate: 115200 IP Settings Data bits: 8 data bits Mobile...
Page 94 Parameter Serial Settings Deﬁnes the software ﬂow control for the serial port, XOFF will send a Software ﬂow control stop, XON a start character to the other end to control the rate of any incoming data Hardware ﬂow control You may enable RTS/CTS hardware ﬂow control, so that the RTS and CTS lines are used to control the ﬂow of data You may choose the IP protocols Telnet or TCP raw for the device Protocol on TCP/IP...
Page 95 Parameter Phonebook Entries IP address IP address the number will become Port Port value for the IP address NB2800 User Manual for NRSW version 4.8.0.103...
Page 96: Audio
6.3.8. Audio Audio Administration This page can be used to pre-conﬁgure the audio module. It can be later used for the voice gateway. It can be conﬁgured as follows: Parameter Audio Settings Volume level Default volume level for line-out Audio Testing This page can be used to play or record an audio sample.
Page 97: Gnss
6.3.9. GNSS Conﬁguration The GNSS page lets you enable or disable the GNSS modules present in the system and can be used to conﬁgure the daemon that can be used to share access to receivers without contention or loss of data and to respond to queries with a format that is substantially easier to parse than the NMEA 0183 emitted directly by the GNSS device.
Page 98 Parameter GNSS Server Conﬁguration Speciﬁes where clients can connect from, can be either everywhere Allow clients from or from a speciﬁc network Clients start mode Speciﬁes how data transferal is accomplished when a client connects. You can specify on request which typically requires an R to be sent. Data will be sent instantly in case of raw mode which will provide NMEA frames or super-raw which includes the original data of the GPS receiver.
Page 99 Position This pages provides further information about the satellites in view and values derived from them: Parameter GNSS Information Latitude The geographic coordinate specifying the north-south position Longitude The geographic coordinate specifying the east-west position Altitude The height above sea level of the current location Satellites in view The number of satellites in view as stated in GPGSV frames Speed...
Page 100: Routing
6.4. ROUTING 6.4.1. Static Routes This menu shows all routing entries of the system. They are typically formed by an address/netmask couple (represented in IPv4 dotted decimal notation) which specify the destination of a packet. The packets can be directed to either a gateway or an interface or both. If interface is set to ANY, the system will choose the route interface automatically, depending on the best matching network conﬁgured for an interface.
Page 101: Static Route Flags
Parameter Static Route Conﬁguration Destination The destination address of a packet Netmask The subnet mask which forms, in combination with the destination, the network to be addressed. A single host can be speciﬁed by a netmask of 255.255.255.255, a default route corresponds to 0.0.0.0. Gateway The next hop which operates as gateway for this network (can be omitted on peer-to-peer links)
Page 102: Extended Routing
6.4.2. Extended Routing Extended routes can be used to perform policy-based routing, they generally precede static routes. LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Static Routes Extended Routes Extended Routes Extended routes can be used to perform policy-based routing. In general, they precede any other static routes. Interface Source Destination Route to...
Page 103: Multipath Routes
6.4.3. Multipath Routes Multipath routes will perform weighted IP-session distribution for particular subnets across multiple interfaces. LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Static Routes Multipath Routes Extended Routes Multipath routes will perform weighted IP-session distribution for particular subnets across multiple interfaces. Multipath Routes Destination Distribution...
Page 104: Multicast
6.4.4. Multicast Multicast distributes IP packets to subscribers in a one-to-many relationship. The subscribers use multicast messages to subscribe to a MCR group and receive the data in form of multicast packets. Therefore the messages are sent by the packet sink to the packet source. Multicast routing (MCR) is used to farward multicast data from one network to another.
Page 105 Parameter Static Multicast Route Group IP address of MCR group Source Source-IP of the packets Incoming interface Interface to the packet source Outgoing interface Interface to forward the packets to NB2800 User Manual for NRSW version 4.8.0.103...
Page 106: Bgp
6.4.5. BGP The BGP tab allows to set up peerings of the NetModule AG router with other Border Gateway Protocol enabled routers. Parameter BGP General Settings Administrative status Speciﬁes whether the BGP routing protocol is active Router ID Optionally the router ID can be deﬁned in form of a dotted IPv4 rep- resentation like 1.2.3.4.
Page 107 Parameter BGP Networks Preﬁx length Length of the preﬁx to be distributed NB2800 User Manual for NRSW version 4.8.0.103...
Page 108: Ospf
6.4.6. OSPF The OSPF menu allows the NetModule AG router to be added to a network of OSPF routers. Parameter OSPF General Settings Administrative status Speciﬁes whether the OSPF routing protocol is active Router ID The router-id is a unique identity to the NetModule AG router. If no router-id is speciﬁed, the system will automatically choose the highest IP address as the router-id.
Page 109: Mobile Ip
6.4.7. Mobile IP Mobile IP (MIP) can be used to enable seamless switching between different kinds of WAN links (e.g. WWAN/WLAN). The mobile node hereby remains reachable via the same IP address (home address) at any time, independently of the WAN link being used. Effectively, any WAN link switch causes very small outages during switchover while keeping all IP connections alive.
Page 110 Parameter Mobile IP Conﬁguration The shared secret used for authentication of the mobile node at the Shared secret home agent. This can be either a 128-bit hexadecimal value or a random length ASCII string. Life time The lifetime of security associations in seconds. The maximum transmission unit in byte, default value 1468.
Page 111: Mobile Ip
If MIP is run as a home agent, you will have to set up a home address and network mask for the home agent ﬁrst. Then you will need to add the conﬁguration for all mobile nodes which is made up of the following settings: LOGOUT HOME...
Page 112: Quality Of Service
6.4.8. Quality Of Service NetModule AG routers are able to prioritize and shape certain kinds of IP trafﬁc. This is currently limited on egress, which means that only outgoing trafﬁc can be stipulated. The current QoS solution is using Stochastic Fairness Queueing (SFQ) classes in combination with Hierarchy Token Bucket (HTB) qdiscs.
Page 113 In case an interface has been activated, the system will automatically create the following queues: Parameter QoS Default Queues high A high priority queue which may hold any latency-critical services (such as VoIP) default A default queue which will handle all other services A low priority queue which may hold less-critical services for which shaping is intended Each queue can be conﬁgured as follows:...
Page 114: Firewall
6.5. FIREWALL 6.5.1. Administration NetModule AG routers use Linux’s netﬁlter/iptables ﬁrewall framework http://www.netfilter.org (see for more information) which supports stateful inspection, that is, granting the same permissions for inherited connections within an IP session (e.g. FTP which builds up a control and data connection). The administration page can be used to enable and disable ﬁrewalling.
Page 115: Rules
6.5.3. Rules In general, the ﬁrewall is set up of a range of rules which control each packet’s permission to pass the router. Please note that the rules are processed by order, that means traversing the list from top to bottom until a matching rule is found.
Page 116 Parameter Firewall Rule Conﬁguration Outgoing interface The interface on which matching packets are send Protocol The used IP protocol of matching packets (UDP, TCP, ICMP, ESP, GRE or OSPF) The statistics page can be used to ﬁgure out if rules have matched any packets and provides a conve- nient way to debug your ﬁrewall setup.
Page 117: Napt
6.5.4. NAPT This page can be used to conﬁgure Network Address and Port Translation (NAPT) for packets travers- ing the system. NAPT hereby modiﬁes IP addresses or/and TCP/UDP ports in matching IP packets. By tracking those connections, it will also automatically adjust the returning packets of an IP session. LOGOUT HOME INTERFACES...
Page 118: Inbound Napt
NAPT Inbound Rules Inbound rules can be used to modify the target section of IP packets and, for instance, forward a service or port to an internal host. By doing so, you can expose that service and make it available from the Internet.
Page 119 Parameter Inbound NAPT Rules Ports The used UDP/TCP port of matching packets Redirect to The address to which matching packets shall be redirected Redirect port The port to which matching packets will be redirected Select mapping context according to your needs: Parameter Mapping contexts host...
Page 120: Vpn
6.6. VPN 6.6.1. OpenVPN OpenVPN Administration LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM OpenVPN Administration OpenVPN Administration Tunnel Configuration Client Management enabled OpenVPN administrative status: disabled IPsec Administration Restart on link change: Tunnel Configuration Multipath TCP support: PPTP Administration Tunnel Configuration Apply Restart Client Management...
Page 121: Openvpn Configuration
Tunnel Conﬁguration NetModule AG routers support one single server tunnel and up to four client tunnels. You can specify tunnel parameters either in standard conﬁguration or upload an expert mode ﬁle which has been created in advance. Refer to chapter 6.6.1 to learn more about how to manage clients and generate the ﬁles.
Page 122 If the tunnel is operated in client mode, the following settings can be applied: Parameter OpenVPN Client Conﬁguration Peer selection Speciﬁes how the remote peer shall be selected, besides a single server you may conﬁgure multiple servers which can, in case of fail- ures, either be selected sequently (i.e.
Page 123 The following further options can be applied: Parameter OpenVPN Options use compression Enable or disable LZO packet compression use keepalive Can be used to send a periodic keepalive packet in order to keep the tunnel up despite of inactivity redirect gateway By redirecting the gateway, all packets will be directed to the VPN tunnel.
Page 124 OpenVPN Expert Conﬁguration (Server) A server tunnel typically requires the following ﬁles: Parameter Server Expert Files server.conf OpenVPN conﬁguration ﬁle ca.crt Root certiﬁcate authority ﬁle server.crt Certiﬁcate ﬁle server.key Private key ﬁle dh1024.pem Difﬁe-Hellman parameters ﬁle A directory containing client-speciﬁc conﬁguration ﬁles Keep in mind that a certiﬁcate becomes valid once its validity time has been reached, thus an accurate system time has to be set prior to creating certiﬁcates and establishing a tunnel connection.
Page 125: Openvpn Client Management
Client Management Once you have successfully set up an OpenVPN server tunnel, you can manage and enable clients connecting to your service. Currently connected clients can be seen on this page, including the connect time and IP address. You may kick connected clients by disabling them. LOGOUT HOME INTERFACES...
Page 126: Ipsec
6.6.2. IPsec IPsec is a protocol suite for securing IP communications by authenticating and encrypting each packet of a communication session and thus establishing a secure virtual private network. IPsec includes various cryptographic protocols and ciphers for key exchange and data encryption and can be seen as one of the strongest VPN technologies in terms of security.
Page 127: Ipsec Administration
Administration LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM OpenVPN Administration IPsec Administration Tunnel Configuration enabled IPsec IPsec administrative status: disabled Administration Tunnel Configuration Propose NAT traversal: PPTP Enable IKEv2 Make-before-Break: Administration Restart on link change: Tunnel Configuration Administration Apply Restart Tunnel Configuration L2TP Administration...
Page 128: Ipsec Configuration
Conﬁguration LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM OpenVPN IPsec Tunnel Configuration Administration Name Status Type Peer IPsec Local Network Remote Network Tunnel Configuration aes256- aes256- Client Management Tunnel1 enabled psk 194.29.27.204 sha256 sha256 IPsec Administration Tunnel Configuration PPTP Administration Tunnel Configuration Client Management Administration...
Page 129 Parameter IPsec General Settings Failure threshold The number of unanswered DPD requests until the IPsec peer is con- sidered dead (the router will then try to re-establish a dead connection automatically) Action The action to perform if a peer disconnects. Available choices from the drop-down menu are to clear, hold or to Restart the peer.
Page 130 IKE Proposal This section can be used to conﬁgure the phase 1 settings: Parameter IPsec IKE Proposal Settings Choose the desired negotiation mode. Preferably, main mode should Negotiation mode be used but aggressive mode might be applicable when dealing with dynamic endpoint addresses.
Page 131 Parameter IPsec Network Settings Peer network The address of the remote network behind the peer Peer netmask The netmask of the remote network behind the peer NAT address Optionally, you can apply NAT (masquerading) for packets coming from a different local network. The NAT address must reside in the network previously speciﬁed as local network.
Page 132: Pptp
6.6.3. PPTP The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks between two hosts. PPTP is easy to conﬁgure and widely deployed amongst Microsoft Dial-up net- working servers. However, due to its weak encryption algorithms, it is nowadays considered insecure but it still provides a straightforward way for establishing tunnels.
Page 133: Pptp Tunnel Configuration
LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM OpenVPN Tunnel 1 Tunnel 2 Tunnel 3 Tunnel 4 Administration Tunnel Configuration Client Management PPTP Tunnel 1 Configuration IPsec disabled Administration client Operation mode: Tunnel Configuration server PPTP Administration Server listen address: Tunnel Configuration specify Client Management Server address:...
Page 134: Pptp Client Management
PPTP Client Management PPTP clients for a server tunnel need to be conﬁgured here. They are made up of user-name and password. A ﬁxed IP address can be assigned to them which can be used to point any routes to a dedicated tunnel.
Page 135: Gre
6.6.4. GRE The Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over IP. GRE is deﬁned in RFC 1701, 1702 and 2784. It does not provide encryption nor authorization but can be used on an address-basis on top of other VPN techniques (such as IPsec) for tunneling purposes.
Page 136: L2Tp
6.6.5. L2TP The Layer 2 Tunneling Protocol is a tunneling protocol which does not support any encryption or conﬁdentiality. It relies on an encryption protocol that it passes within the tunnel to provide privacy. The following parameters are required for setting up a tunnel: Parameter L2TP Conﬁguration Transport protocol...
Page 137: Dial-In
6.6.6. Dial-In On this page you can conﬁgure the Dial-In server in order to establish a data connection over GSM calls. Thus, one would generally apply a required service type of 2G-only, so that the modem registers to GSM only. Naturally, a concurrent use of outgoing WWAN interfaces and Dial-In connection is not possible.
Page 138 Please note that Dial-In connections are generally discouraged. As they are implemented as GSM voice calls, they suffer from unreliability and poor bandwidth. NB2800 User Manual for NRSW version 4.8.0.103...
Page 139: Services
6.7. SERVICES 6.7.1. SDK NetModule AG routers are shipping with a Software Development Kit (SDK) which offers a simple and fast way to implement customer-speciﬁc functions and applications. It consists of: 1. An SDK host which deﬁnes the runtime environment (a so-called sandbox), that is, controlling access to system resources (such as memory, storage and CPU) and, by doing so, catering for the right scalability 2.
Page 140 SDK API Functions The current range of API functions can be used to implement the following features: 1. Send/Retrieve SMS 2. Send E-mail 3. Read/Write from/to serial device 4. Control digital input/output ports 5. Run TCP/UDP servers 6. Run IP/TCP/UDP clients 7.
Page 141 Let’s now pay some attention to the very powerful API function nb_status. It can be used to query the router’s status values in the same manner as they can be shown with the CLI. It returns a structure of variables for a speciﬁc section (a list of available sections can be obtained by running cli status -h). By using the dump function you can ﬁgure out the content of the returned structure: /* dump current location */ dump ( nb_status (...
Page 142 Here is an example how one might adopt those functions: /* check current city and enable the second WAN link */ location = nb_status ( " location " ( location ) { city = struct_get ( location , " LOCATION_CITY " ( city == "...
Page 143: Sdk Administration
Administration LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Administration Status Troubleshooting Administration Job Management Testing SDK Administration DHCP Server This kit provides a sandbox environment for running system jobs by means of self-scripted applications. DNS Server enabled Administrative status: NTP Server disabled Dynamic DNS Storage:...
Page 144: Sdk Jobs
The status page informs you about the current status of the SDK. It provides an overview about any ﬁnished jobs, you can also stop a running job there and view the script output in the troubleshooting section where you will also ﬁnd links for downloading the manuals and examples. Job Management LOGOUT HOME...
Page 145 Parameter SDK Script Parameters Name A meaningful name to identify the script Description An optional description of the script Arguments An optional set of arguments passed to the script (supports quoting) Action You may either edit a script, upload it to the system or select one of the example scripts or an already uploaded script You are ready to set up a job afterwards, it can be created by using the following parameters: Parameter...
Page 146 Testing The testing page offers an editor and an input ﬁeld for optional arguments which can be used to perform test runs of your script or test dedicated portions of it or upload an entire ﬁle. Please note that you might need to quote arguments as they will otherwise be separated by white-spaces. /* arguments : schnick schnack "...
Page 147: Sms Control Commands
The following commands are supported: Command Action status Will reply a message to the sender including a short system overview connect Will enable the ﬁrst WAN link conﬁgured on the system disconnect Will disable the ﬁrst WAN link conﬁgured on the system reboot Initiates a reboot of the system output 1 on...
Page 148: Dhcp Server
6.7.2. DHCP Server This section can be used to individually conﬁgure the Dynamic Host Conﬁguration Protocol (DHCP) service for each LAN interface which will serve dynamic IP addresses to hosts in the local network. You may also have a look to the status page where you can ﬁnd an overview about negotiated client addresses.
Page 149 Parameter DHCP Server Settings Last lease address The last address out of this range Lease duration Number of seconds how long a given lease shall be valid until it has to be requested again Persistent leases By turning on this option the router will remember issued leases even after a reboot.
Page 150 Parameter DHCP Custom Options The option, to be sent as a decimal number or as “option:<option- name>” (RFC2132) Value The value of the additional DHCP option to be sent as a string NB2800 User Manual for NRSW version 4.8.0.103...
Page 151: Dns Server
6.7.3. DNS Server The DNS server can be used to proxy DNS requests towards servers on the net which have for instance been negotiated during WAN link negotiation. By pointing DNS requests to the router, one can reduce outbound DNS trafﬁc as it is caching already resolved names but it can be also used for serving ﬁxed addresses for particular host names.
Page 152 NB2800 User Manual for NRSW version 4.8.0.103...
Page 153 You may further conﬁgure static hosts for serving ﬁxed IP addresses for various host names. Parameter DNS Static Hosts Settings Address The IP address of the static host Hostname The hostname of the static host Please remember to point DNS lookups of local hosts to the router’s address. NB2800 User Manual for NRSW version 4.8.0.103...
Page 154: Ntp Server
6.7.4. NTP Server This section can be used to individually conﬁgure the Network Time Protocol (NTP) server function. LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM NTP Server Administration Administration Job Management enabled Testing Administrative status: disabled DHCP Server NTP Server Configuration DNS Server Poll interval: seconds...
Page 155: Dynamic Dns
6.7.5. Dynamic DNS The Dynamic DNS client can be used to tell one or multiple DynDNS providers the current IP address of your system. This address can be derived from the current hotlink interface or the outgoing interface which will be used when contacting the server. We further support to ask the CheckIP service at dyndns.org for obtaining the current Internet address which can be useful in NAT scenarios.
Page 156 A DynDNS service can receive the following parameters: Parameter Dynamic DNS Settings Provider You can choose one of the listed providers or provide a custom URL Dynamic address Speciﬁes whether the address is derived from the hot-link or via an external service Hostname The host-name provided by your DynDNS service (e.g.
Page 157: E-Mail
6.7.6. E-Mail The E-Mail client can be used to send notiﬁcations to a particular E-Mail address upon certain events or by SDK scripts. LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Configuration Testing Administration Job Management E-mail Client Configuration Testing DHCP Server enabled Administrative status: DNS Server...
Page 158 Parameter E-Mail Client Settings Password Password used for authentication NB2800 User Manual for NRSW version 4.8.0.103...
Page 159: Events
6.7.7. Events By using the event manager you can notify remote systems about system events. A notiﬁcation can be sent using E-Mail, SMS or SNMP traps. Parameter Event Notiﬁcation Settings E-Mail address The E-Mail address to which the notiﬁcation shall be sent (E-Mail client must be enabled) Phone number The phone number to which the notiﬁcation shall be sent (SMS ser-...
Page 160: Sms
6.7.8. SMS Administration NetModule AG routers can receive or send short messages (SMS) if enabled by your SIM provider. Messages are received/sent by the modem which has been assigned to a SIM, so one has to properly conﬁgure a SMS-capable default modem as described in chapter 6.3.3. Please note that the system may switch SIMs in case you are running multiple WWAN interfaces sharing the same SIM.
Page 161: Sms Number Expressions
identify SIMs based on their IMEI number and track their statistics in a non-volatile manner. Parameter SMS SIM Conﬁguration SMS gateway The service center number for sending short messages. It is generally retrieved automatically from your SIM card but you may deﬁne a ﬁx number here.
Page 162: Ssh/Telnet Server
6.7.9. SSH/Telnet Server Apart from the Web Manager, the SSH and Telnet services can be used to log into the system. Valid users include root and admin as well as additional users as they can be created in the User Accounts section.
Page 163 The following parameters can be applied to the SSH service: Parameter SSH Server Settings Administrative status Whether the SSH service is enabled or disabled Server port The TCP port of the service (usually 22) Disable admin login Disable login for admin users Disable password-based lo- By turning on this option, all users will have to authenticate by SSH keys which can be uploaded to the router.
Page 164: Snmp Agent
6.7.10. SNMP Agent NetModule AG routers are equipped with an SNMP daemon, supporting basic MIB tables (such as ifTable), plus additional enterprise MIBs to manage multiple systems. Parameter Supported MIBs .1.3.6.1.2.1 MIB-II (RFC1213), SNMPv2-MIB (RFC3418) .1.3.6.1.2.1.2.1 IF-MIB (RFC2863) .1.3.6.1.2.1.4 IP-MIB (RFC1213) .1.3.6.1.2.1.10.131 TUNNEL-MIB (RFC4087) .1.3.6.1.2.25...
Page 165: Snmp Agent
SNMP Conﬁguration LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Configuration Authentication Administration Job Management Testing SNMP Agent Configuration DHCP Server enabled Administrative status: DNS Server disabled NTP Server v1 | v2c | v3 v3 only Operation mode: Dynamic DNS Contact: E-mail Location: Events...
Page 166 SNMP Authentication When running in SNMPv3, it is possible to conﬁgure the following authentication settings: Parameter SNMPv3 Authentication Authentication Deﬁnes the authentication (MD5 or SHA) Encryption Deﬁnes the privacy protocols to use (DES or AES) In general, the admin user can read and write any values. Read access will be granted to any other system users.
Page 167 1.3.6.1.4.1.31496.10.40.3.0 Getting the current conﬁg description: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1 1.3.6.1.4.1.31496.10.40.4.0 Getting the current conﬁg hash: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1 1.3.6.1.4.1.31496.10.40.5.0 Restarting the device: snmpset -v 3 -u admin -n ""...
Page 168 Switching to alternative software: snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1 1.3.6.1.4.1.31496.10.40.16.0 i 0 The return value can be derived from the software update status. Switching to alternative conﬁg: snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1 1.3.6.1.4.1.31496.10.40.16.0 i 1 The return value can be derived from the conﬁg update status.
Page 169: Let's Encrypt
6.7.11. Let’s Encrypt This service allows you to automatically issue TLS certiﬁcates for the web interface of the router using the PKI provided by Let’s Encrypt. If HTTPS is enabled, the web interface will automatically use the Let’s Encrypt certiﬁcate, if Let’s Encrypt is enabled. Make sure that the following preconditions are met in order to be able to issue and use Let’s Encrypt certiﬁcates: –...
Page 170: Web Server
6.7.12. Web Server This page can be used to conﬁgure different ports for accessing the Web Manager via HTTP/HTTPS. We strongly recommend to use HTTPS when accessing the web service via a WAN interface as the communication will be encrypted and thus avoids any misuse of the system. In order to enable HTTPS you would need to generate or upload a server certiﬁcate in the section 6.8.8.
Page 171: Mqtt Broker
6.7.13. MQTT Broker The MQTT Broker can be used to distribute MQTT messages between MQTT clients. Please set up appropriate ﬁrewall rules if you want to restrict access to the MQTT Broker. Keys and certiﬁcates for TLS encryption are managed via Keys & Certiﬁcates (see chapter 6.8.8). The MQTT Broker service can receive the following parameters: Parameter MQTT Broker Settings...
Page 172: Softflow
6.7.14. Softﬂow This page can be used to conﬁgure the network trafﬁc analyser daemon softﬂowd used for exporting NetFlow trafﬁc data. Parameter Softﬂow Settings Interface Interface on which to listen for trafﬁc Host Address Destination address of the trafﬁc data Port Port of the destination address Protocol Version...
Page 173: Discovery
6.7.15. Discovery This page can be used to enabled discovery protocols which can be used to discover and to get discovered by other hosts. Parameter Discovery Conﬁguration Administrative status Administrative status Enabled protocols List of enabled discovery protocols The following protocols are supported: Parameter Discovery Conﬁguration LLDP...
Page 174: Redundancy
6.7.16. Redundancy This page can be used to set up a redundant pair of NetModule AG routers (or other systems) by run- ning the Virtual Router Redundancy Protocol (VRRP) between them. A typical VRRP scenario deﬁnes a ﬁrst host playing the master and another the backup device, they both deﬁne a virtual gateway IP address which will be distributed by gratuitous ARP messages for updating the ARP cache of all LAN hosts and thus redirecting the packets accordingly.
Page 175 Parameter Redundancy Conﬁguration Role The role of this system (either master or backup) The Virtual Router ID (you can theoretically run multiple instances) Interface Interface on which VRRP should be performed Virtual gateway address The virtual gateway address formed by the participating hosts We assign a priority of 100 to the master and 1 to the backup router.
Page 176: Itxpt
6.7.17. ITxPT This is an integration of the ITxPT standard v2.0.1. (see ITxPT Onboard Architecture Speciﬁcations v2.0.1) Conﬁguration Figure 6.53.: ITxPT conﬁguration The following parameters can be used to set it up: Parameter ITxPT Administration Administrative status Speciﬁes whether the ITxPT functionality should be enabled or dis- abled.
Page 177 Parameter ITxPT Administration Multicast TTL Multicast routing (used by ITxPT Service) can be conﬁgured here and is managed by a daemon. The smc routing daemon can be conﬁg- ured to be available on multiple network interfaces and provides the ability to limit or extend the hop limit of the ITxPT service that tra- verses routers.
Page 178: Itxpt Fmstoip
FMS to IP Figure 6.54.: ITxPT FMStoIP On this page you can conﬁgure the FMS to IP functionality. Parameter FMS to IP options Enable Speciﬁes whether the FMS to IP functionality should be enabled or disabled. Multicast period How frequent the FMS to IP multicast is sent. Set to zero to redirect incoming can messages immediately.
Page 179 FMS to IP database format The json ﬁle format is used. The database ﬁle describes the incoming data-packages. There are two basic components to describe any signal used in the FMS standard. The Parameter Group Number (PGN) and the Suspect Parameter Number (SPN). The PGN contains of one or more signals. The SPN is used to give an unique identiﬁer to a signal.
Page 180 The top level structure is an array. It contains PGN objects that deﬁne a PGN with the following types: PGN Deﬁnition Parameter PGN deﬁnition name Name of the pgn. The PGN number in decimal. length Length of the can message. spns Array containing SPN-objects.
Page 181 SPN Deﬁnition The SPN are divided into three types: nummerical, status and string. Parameter Nummerical SPN byteSize Size of the data in bytes. offset The offset in the can-data. formatGain The numerical factor used to give the value. formatOffset The numerical offset of the value. units The physical unit of the value.
Page 182: Itxpt Gnss
ITxPT GNSS Figure 6.55.: ITxPT GNSS Parameter ITxPT GNSS Enable Speciﬁes whether the ITxPT GNSS should be enabled or disabled. NB2800 User Manual for NRSW version 4.8.0.103...
Page 183: Itxpt Time
ITxPT Time Figure 6.56.: ITxPT Time Parameter ITxPT Time Enable Speciﬁes whether the ITxPT Time should be enabled or disabled. NB2800 User Manual for NRSW version 4.8.0.103...
Page 184: Itxpt Vehicletoip
VEHICLE to IP Figure 6.57.: ITxPT VEHICLEtoIP Parameter ITxPT VEHICLEtoIP Enable Speciﬁes whether the ITxPT VEHICLEtoIP should be enabled or dis- abled. A VEHICLEtoIP database is necessary to enable this service. NB2800 User Manual for NRSW version 4.8.0.103...
Page 185: Voice Gateway
6.7.18. Voice Gateway Depending on your hardware, you can set up a voice gateway on the router which can be used to connect mobile calls to VoIP clients and vice versa. Administration LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Administration Endpoints Routing Administration...
Page 186 Parameter Voice Gateway Administration Settings SIP interface Speciﬁes the interface (LAN or WAN) on which the agent should listen for incoming calls SIP port Speciﬁes the agent’s listening port SIP register expires Speciﬁes the registration interval in seconds In case you are running multiple WWAN interfaces sharing the same SIM, please bear in mind that the system may switch SIMs during operation which will also result in different settings for voice commu- nication.
Page 187 Parameter Voice-Over-Mobile Audio Proﬁles Speakerphone Handle situations of loud echo with extreme acoustic distortion. This mode is intended for use with a car kit or speakerphone appli- cations with high volume and high distortion. Acoustic echo in this situation has negative ERL and is impossible to cancel completely. It operates in a half-duplex manner and will be very aggressive in mut- ing the entire signal to prevent any echo blips from being heard.
Page 188 Voice Routing This page can be used to conﬁgure generic voice routing between the endpoints. Enhanced routing facilities are provided via the SDK interface which is able to dispatch voice calls based on their attributes (such as phone number) and other system related status information (e.g. number/duration of calls per endpoint, registration status and so on).
Page 189 Client Conﬁguration Any SIP client must be conﬁgured to use the router as its registrar/proxy. Parameter X-Lite Conﬁguration User ID SIP username used in from headers (i.e. subscriber name) Domain SIP Domain used in from headers (optional) Authorization name Username used for authentication (i.e. subscriber name) Password Password used for authentication Display name...
Page 190: Access Controller Wlan-Ap
6.7.19. Access Controller WLAN-AP This section can be used to conﬁgure the Access Controller (AC) for NetModule AP3400 access points devices. The AC is able to generate AP3400 conﬁgurations, to push the conﬁguration and to read current status information of AP3400 devices. The AC can manage up to 15 AP3400 devices. It will be distinguished between different device states.
Page 191: Ac Wlan-Ap Administration
Administration Figure 6.59.: AC WLAN-AP Administration Parameter AC administration parameters Status Enables or disables the AC functionality Interface The interface where the AC is listening NB2800 User Manual for NRSW version 4.8.0.103...
Page 192 Parameter AC operation parameters Operation command Selects the operation type which shall be performed. For the list of parameters for the ’ﬁrmware update’ or ‘reset‘ operation see table be- The list of found devices where the AC can operate on. The selected operation will take place of all selected devices listed under ID.
Page 193: Ac Wlan-Ap Configuration
Figure 6.60.: AC WLAN-AP Conﬁguration Parameter AC conﬁguration general parameters Administrative status When enabled the device speciﬁed by the ID will be controlled by the Conﬁguration mode The option ’Standard’ uses the parameters conﬁgured over the GUI. ’Expert mode’ opens the possibility to upload an self generated con- ﬁguration ﬁle for the AP3400.
Page 194 Parameter AC conﬁguration general parameters The unique ID (serial number) of the managed device. All discovered devices which are choosable will be shown by using a double click at this ﬁeld. Description The short description of the managed device Hostname The hostname of the managed device Maintainer The maintainer of the managed device...
Page 195 Parameter AC conﬁguration user parameters Username The username used for the managed device Password The password used for the managed device Parameter AC conﬁguration WLAN parameters Administrative status Enables or disabled the given radio of the AP3400 Operation mode The operation mode for the seleted radio module of the AP3400. Re- mark only ’Access Point’...
Page 196: Ac Wlan-Ap Profiles
Figure 6.61.: AC WLAN-AP Proﬁles Parameter AC proﬁle general parameters The unique name for the proﬁle Description The description of the proﬁle Parameter AC proﬁle WLAN parameters Status Enables or disables this proﬁle NB2800 User Manual for NRSW version 4.8.0.103...
Page 197 Parameter AC proﬁle WLAN parameters SSID The network name (called SSID) Description The description of the proﬁle Security mode The desired security mode WPA mode The desired encryption method. WPA3 should be preferred over WPA2 and WPA1 WPA cipher The WPA cipher to be used, the default is to run both (TKIP and CCMP) Passphrase The passphrase used for authentication with WPA-Personal, oth-...
Page 198: Hotspot
6.7.20. Hotspot This section can be used to set up a hotspot (Based on coova chilli) service providing a captive portal on the router, which redirects any connecting client to a landing page before internet access will be granted. Parameter Hotspot basic Name Name of the captive portal...
Page 199 Parameter Advanced parameters Operational Mode Terms-only Service or RADIUS conﬁguration used, see details on fol- lowing tables Access local interfaces If selected, the user can reach services which are connected on a local interface of the router DHCP start DHCP range for connected clients, starting at 2 DHCP end DHCP range for connected clients, ending at 254 Parameter...
Page 200 Parameter RADIUS conﬁguration Change Authorization This allows a RADIUS server to adjust an active client session. (CoA) MAC authentication If this option is given, Radius will try to authenticate all users based on their mac address With the Universal Access Method (UAM) settings it is possible to conﬁgure external services for hotspot e.g.
Page 201 Walled Garden With the Walled Garden settings it is possible to offer free services like web pages to the customer/user without having an account or without accepting the ToS agreements. The services which are conﬁg- ured via an URL and a description will be ignored by the captive portal and the user will reach the services directly.
Page 202: Mobile Wwan Configuration
Conﬁguration (Mobile->Interfaces->Connection) LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM Mobile Interfaces Link Management Interface Modem SIM PDP Number Service APN / User Supervision Settings WWAN1 Mobile1 SIM1 PDP1 *99***1# automatic internet.telekom / tm Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs...
Page 203: Wlan Administration
WLAN Administration (Interfaces->WLAN->Administration) LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM WLAN Management Link Management Supervision enabled Settings Administrative status: disabled Ethernet client Port Setup access point VLAN Management Operational mode: mesh point IP Settings dual modes Mobile Regulatory domain: European Union Modems SIMs Operation type:...
Page 204: Wlan Administration
WLAN Conﬁguration (Interfaces->WLAN->Conﬁguration) LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM WLAN Access-Point Configuration Link Management Interface SSID Security Mode WPA / Cipher Supervision Settings WLAN1 NB1600-Private WPA-PSK WPA + WPA2 / TKIP + CCMP Ethernet Port Setup VLAN Management IP Settings Mobile Modems SIMs...
Page 205 Hotspot Interface (Services->Hotspot) Add hotspot interface by clicking the “+”-button Enable administrative status and continue with following conﬁguration: Parameter Setting Interface Choose “WLAN1” as interface Portal name type “Hotspot” as portal name Apply conﬁguration: press “Apply”-Button Results Now the connected client will be redirected to the captive portal site ﬁrst. NB2800 User Manual for NRSW version 4.8.0.103...
Page 206: System
6.8. SYSTEM 6.8.1. System System Settings LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM System Syslog LEDs Bootloader System Settings Time & Region Reboot Authentication Local hostname: NB1600 User Accounts Application area: stationary Remote Authentication Reboot delay: seconds Software Update Software Update Enable TCP timestamps: Modem Firmware Update Software Profiles...
Page 207 Parameter System Settings Enable TCP timestamps Enable TCP timestamps for system wide TCP communication. This is needed for Protection Against Wrapped Sequence numbers (PAWS), but with these timestamps enabled a remote attacker can guess the uptime of the system. The uptime is a lower bound for the age of the main system components like the kernel.
Page 208 Parameter LED Settings You can customize the behavior of all status LEDs on the front panel of your device. They are usually divided into two banks (top/bottom). You may conﬁgure toggle mode, so that the LEDs periodically cycle between two separated conﬁgured LED schemes. Bootloader The following bootloader parameters can be set: Parameter...
Page 209: Regional Settings
LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM System System Time Settings Current system time: 2020-01-09 02:03:05 Set time Time & Region Reboot Authentication Time Synchronisation User Accounts Primary NTP server: 0.pool.ntp.org Remote Authentication Secondary NTP server: 1.pool.ntp.org Software Update Software Update Preferred NTP server: Primary NTP Server Modem Firmware Update...
Page 210 enabling multiple isolated user-space instances called containers. The same operating system kernel is used to implement the guest environments, applications running in a guest environment view it as a stand-alone system. General settings: Parameter Virtualization Settings Administrative status Deﬁnes whether virtualization is enabled or not The following parameters can be used to conﬁgure a virtual guest: Parameter Guest Settings...
Page 211 The guest devices parameter shows a list of devices (e.g bluetooth, CAN) which can be provided to the guest system. Parameter Guest Devices Enable devices Enable or disable device for the guest In order to limit the ressources for a guest, the following settings can be applied: Parameter Guest Limits The number of CPUs used for the guest...
Page 212: Authentication
6.8.2. Authentication User Accounts By using this page you can manage the user accounts on the system. LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM System User Accounts Settings Admin accounts represent users with administrative privileges that can alter the system configuration. Other Time &...
Page 213 Parameter User accounts management Role Either admin or user Shell Speciﬁes if the user gets the CLI or a SHELL Store password unen- If this option is selected the user password is stored unencrypted on crypted the device (not recommended) Old password The old password of the user New password...
Page 214: Remote Authentication
LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM System Settings Remote Authentication Time & Region Reboot enabled Administrative Status: disabled Authentication User Accounts Use for login: Remote Authentication Primary RADIUS Configuration Software Update Server address: 192.168.1.200 Software Update Modem Firmware Update Secret: ••••••••...
Page 215: Software Update
6.8.3. Software Update Manual Software Update This menu can be used to run a manual software update of the system. Parameter Manual Software Update Update operation The update operation method being used. You can upload the image, download it from an URL or use the latest version from our server The server URL where the software update image should be down- loaded from Administrator password...
Page 216: Module Firmware Update
Attention In case you perform a major downgrade with a previous release line (e.g. 3.7.0 to 3.6.0), please ensure to always use the latest release of that branch (i.e. 3.6.0.X) as only those tend to be fully forward-compatible. Also keep in mind, that some hardware features may not work (e.g.
Page 217: Software Profiles
Parameter Module Firmware Update The server URL where the ﬁrmware package should be downloaded from (e.g. protocol://server/path/file). Supported protocols are TFTP, HTTP, HTTPS, and FTP. For boxes with limited amount of ﬂash you may also use usb0://<path-to-firmware-package>. A ﬁrmware package (ZIP) usually consists of a ﬂash utility, an info ﬁle and the corresponding ﬁrmware ﬁles.
Page 218: Configuration
6.8.6. Conﬁguration Conﬁguration via the Web Manager becomes tedious for larger volumes of devices. The router there- fore offers automatic and manual ﬁle-based conﬁguration to automate things. Once you have success- fully set up the system you can back up the conﬁguration and restore the system with it afterwards. You can either upload a single conﬁguration ﬁle (.cfg) or a complete package (.zip) containing the con- ﬁguration ﬁle and a packed version of other essential ﬁles (such as certiﬁcates) in the root directory.
Page 219: Automatic File Configuration
Automatic File Conﬁguration LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM System File Configuration Automatic Updates Settings Time & Region Reboot Automatic Updates Authentication User Accounts enabled Remote Authentication Status: disabled Software Update Time of day: 00:00 Software Update Modem Firmware Update URL: Software Profiles Configuration...
Page 220: Factory Configuration
Factory Conﬁguration LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM System Settings Initiate Factory Reset Time & Region Reboot This operation will reset all settings to factory defaults. Your current configuration will be lost. You may consider backing up the current configuration prior to running a reset. Authentication User Accounts Remote Authentication...
Page 221: Troubleshooting
6.8.7. Troubleshooting Network Debugging There are serveral tools for network debugging like ping, traceroute, tcpdump and darkstat. Parameter Automatic software update Ping The ping utility can be used to verify whether a remote host can be reached via IP. Traceroute The traceroute utility can be used to print the route packets trace to a remote host.
Page 222: Log Viewer
System Debugging You can view the system log here by selection the option Debug log or if you are interested in the boot log select Boot log. Another way to see what is going on on the box is opening a SSH or Telnet session as root and typing tail-log.
Page 223: Tech Support File
Tech Support You can generate and download a tech support ﬁle here. We strongly recommend providing this ﬁle when getting in touch with our support team, either by e-mail or via our on-line support form, as it would signiﬁcantly speed up the process of analyzing and resolving your problem. Log ﬁles can be viewed, downloaded and reset here.
Page 224: Keys And Certificates
6.8.8. Keys and Certiﬁcates The key and certiﬁcate page lets you generate required ﬁles for securing your services (such as HTTP and SSH server) but also to implement authentication and encryption for certiﬁcate-based VPN tunnels and WLAN clients. LOGOUT HOME INTERFACES ROUTING FIREWALL...
Page 225: Certificate Sections
Type Description SSH Authorization The keys used for SSH authorization. OpenVPN Server or client keys and certiﬁcates for running OpenVPN tunnels. IPsec Server or client keys and certiﬁcates for running IPsec tunnels. WLAN Keys and certiﬁcates for implementing certiﬁcate-based WLAN au- thentication (e.g.
Page 226: Certificate Configuration
Conﬁguration LOGOUT HOME INTERFACES ROUTING FIREWALL SERVICES SYSTEM System Keys & Certificates Configuration Settings Time & Region Reboot Authentication Organization (O) NetModule User Accounts Department (OU) Networking Remote Authentication Location (L) Switzerland Software Update Software Update State (ST) Switzerland Modem Firmware Update Country (C) Switzerland Software Profiles...
Page 227 Parameter Certiﬁcate Conﬁguration Country (C) The certiﬁcate owner’s country (usually a TLD abbreviation) Common Name (CN) The certiﬁcate owner’s common name, mainly used to identify a host E-Mail The certiﬁcate owner’s email address Expiry period The number of days a certiﬁcate will be valid from now on Key size The length of the private key in bits DH primes...
Page 228 When enrolling certiﬁcates, the CA certiﬁcate will be initially fetched from the speciﬁed SCEP URL using the getca operation. It will be shown on the conﬁguration page and it has to be veriﬁed that it belongs to the correct authority. Otherwise, the CA must be rejected. This part is essential when using SCEP as it builds up the chain of trust.
Page 229: Licensing
6.8.9. Licensing Certain features of NetModule AG routers require a valid license to be present in the system, some of them also depend on the mounted modules. Please contact us for getting a valid license for available components and we will provide a license ﬁle based on your serial number which can be installed to the router afterwards.
Page 230: Legal Notice
6.8.10. Legal Notice Attention: Observe chapter about Free and Open Source Software Copyright (C) 2024, NetModule AG. All rights reserved. NB2800 User Manual for NRSW version 4.8.0.103...
Page 231: Logout
6.9. LOGOUT Please use this menu to log out from the Web Manager. NB2800 User Manual for NRSW version 4.8.0.103...
Page 232: Command Line Interface
7. Command Line Interface The Command Line Interface (CLI) offers a generic control interface to the router and can be used to get/set conﬁguration parameters, apply updates, restart services or perform other system tasks. It will be started automatically in interactive mode when logging in as admin user or by running cli -i.
Page 233: Print Help
Key Sequence Action ALT-t Drag the word before point past the word after point, moving point over that word as well. If point is at the end of the line, this transposes the last two words on the line. CTRL-k Delete the text from point to the end of the line CTRL-y Yank the top of the deleted text into the buffer at point...
Page 234: Setting Config Parameters
validate config parameter get factory default rather than current value show configuration sections 7.4. Setting Conﬁg Parameters The set command can be used to set conﬁguration values. > set Usage : set [ hv ] <parameter >=<value > [ < parameter >=<value > . . ] Options : validate config parameter 7.5.
Page 235: Scanning Networks
ipsec IPsec connection status pptp PPTP connection status GRE connection status dialin Dial In connection status mobileip MobileIP status Digital IO status audio Audio module status CAN module status uart UART module status ibis IBIS module status redundancy Redundancy status SMS status firewall Firewall status...
Page 236: Manage Keys And Certificates
Options : reboot after update force update t reset missing config values with factory defaults show update status Available update targets : software Perform software update firmware Perform module firmware update config Update configuration license Update licenses sshkeys Install SSH authorized keys You may also run update software latest to install the latest version...
Page 237: Debug System
ipsec IPsec connections lighttpd HTTP server link manager WAN links network Networking openvpn OpenVPN connections pptp PPTP connections QoS daemon smsd SMS daemon snmpd SNMP daemon surveyor Supervision daemon syslog Syslog daemon telnet Telnet server usbipd USB / IP daemon voiced Voice daemon vrrpd...
Page 238: Rebooting System
> reset Usage : reset [ h ] 7.14. Rebooting System The reboot command can be used to reboot the router. > reboot Usage : reboot [ h ] 7.15. Running Shell Commands The shell command can be used to execute a system shell and run any arbitrary application or script. >...
Page 239 Attention The examples only show the usage of this interface for demonstration purpose. For productive environments it is recommended to use POST and HTTPS instead of GET and HTTP. Please be aware that your browser history will store GET requests including passwords and other sensitive information if you use GET requests to test this interface.
Page 240 Key usage : command=status [& arg0=<section > ] Notes : Available sections can be retrieved by running command=status&arg0= h . Please note that the status summary can be displayed without authentication . Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= status&arg0= h http : / / 1 9 2 .
Page 241 command=restart&arg0=<service > Notes : Available services can be retrieved by running command = restart &arg0=-h Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= restart&arg0= h http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= restart&arg0=link manager reboot - Trigger system reboot Key usage :...
Page 242 send - Send SMS Key usage : command=send&arg0=sms&arg1=<number>&arg2=<text > Notes : The phone number has to be specified in international format such as +123456789 including a leading plus sign ( which can be encoded with %2B ) . The SMS daemon must be properly configured prior to using that function .
Page 243 send - Send USSD code Key usage : command=send&arg0=ussd&arg1=<card>&arg2=<code > Notes : The argument card specifies the card module index ( e . g . 0 for wwan0 ) . The USSD code can consist of digits , plus signs , asterisks ( can be encoded with \%2A ) and dashes ( can be encoded with \%23) .
Page 244: Appendix
A. Appendix A.1. Abbrevations Abbreviation Description Generally includes all options offered by the current section Access Point Name Arbitrary Strength Unit A Cell ID is a generally unique number used to identify each Base Transceiver Station (BTS). Cell-ID Command Line Interface, a generic interface to query the router or perform system tasks DHCP Dynamic Host Conﬁguration Protocol...
Page 245 Abbreviation Description MEID Mobile Equipment Identiﬁer MegaHertz Mobile Network Code Mobilex Identiﬁes a WWAN modem MOBILEIPx Refers to a Mobile IP tunnel interface MSISDN Mobile Subscriber Integrated Services Digital Network Number Maximum Segment Size Maximum Transmission Unit NAPT Network Address and Port Translation Network Address Translation Network Time Protocol OUTx...
Page 246: System Events
Abbreviation Description WAN links include all Wide Area Network interfaces which are cur- rently activated in the system Wireless Distribution System WLANx Refers to a Wireless LAN interface which will be represented as addi- tional LAN interface when conﬁgured as access point WPA2 Wi-Fi Protected Access 2 WPA3...
Page 247 Ereignis Beschreibung dialin-down Dial-In-Verbindung unterbrochen mobileip-up Mobile IP-Verbindung aufgebaut mobileip-down Mobile IP-Verbindung unterbrochen gre-up GRE-Verbindung aufgebaut gre-down GRE-Verbindung unterbrochen system-login-failed Anmeldung fehlgeschlagen system-login- Anmeldung erfolgtreich succeeded system-logout Benutzer abgemeldet system-rebooting Systemneustart eingeleitet system-startup System gestartet test Testereignis sdk-startup SDK gestartet system-time-updated Systemzeit aktualisiert system-poweroff...
Page 248 Ereignis Beschreibung 1002 redundancy-backup Router ist jetzt der Backup-Router Table A.2.: Systemereignisse NB2800 User Manual for NRSW version 4.8.0.103...
Page 249: Factory Configuration
A.3. Factory Conﬁguration The factory conﬁguration including default values for any conﬁguration parameter can be derived from the ﬁle /etc/config/factory-config.cfg on the router. You may also call cli get -f <parameter> for obtaining a speciﬁc default value. NB2800 User Manual for NRSW version 4.8.0.103...
Page 250: Snmp Vendor Mib
A.4. SNMP VENDOR MIB The NetModule SNMP VENDOR MIB can be obtained here, https://share.netmodule.com/public/system-software//4.8.0.103/NETMODULE-VENDOR-MIB-4.8.0.103.mib. NB2800 User Manual for NRSW version 4.8.0.103...
Page 251: Sdk Examples
A.5. SDK Examples Event Description best-operator.are This script will scan for operators on startup and choose the one with the best signal candump.are This script can be used to receive CAN messages conﬁg-summary.are This script shows a summary of the currently running conﬁguration. dio.are This script can be used to set a digital output port.
Page 252 Event Description remote-mail.are This script reads and sends mails from a remote IMAP/POP3/SMTP server scan-mobile.are This script can be used to switch the Mobile LAI according to available networks scan-wlan.are This script can be used to switch the WLAN client network according to availability send-mail.are This script will send an E-Mail to the speciﬁed address.
Page 253 Event Description transfer.are This scripts stores the latest GNSS positions in a remote FTP ﬁle transfer-ﬁle.are This scripts archives a remote ﬁle udpclient.are This script sends a message to a remote UDP server. udp-msg-server.are This script will run an UDP server which is able to receive messages and forward them as SMS/E-Mail.

Hirschmann NetModule NB2800 User Manual

1 Welcome to Netmodule

2 Conformity

3 Foss

4 Specifications

5 Installation

6 Configuration

7 Command Line Interface

Appendix

Quick Links

Need help?

Questions and answers

Related Manuals for Hirschmann NetModule NB2800

Summary of Contents for Hirschmann NetModule NB2800