NetModule NB2700 User Manual
  1. Manuals
  2. Brands
  3. NetModule Manuals
  4. Network Router
  5. NB2700
  6. User manual

NetModule NB2700 User Manual

Netmodule router
Hide thumbs Also See for NB2700:
Table of Contents

Advertisement

Quick Links

WWW.INFOPULSAS.LT / info@infopulsas.lt
NetModule Router NB2700
User Manual
Manual Version 1.0
NetModule AG, Switzerland
November 28, 2012

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NB2700 and is the answer not in the manual?

Questions and answers

Related Manuals for NetModule NB2700

Summary of Contents for NetModule NB2700

  • Page 1 WWW.INFOPULSAS.LT / info@infopulsas.lt NetModule Router NB2700 User Manual Manual Version 1.0 NetModule AG, Switzerland November 28, 2012...

  • Page 2: Table Of Contents

    Contents 1 Welcome to NetModule 2 Conformity 2.1 Safety Instructions ......
  • Page 3 NB2700 User Manual 5.1 First Steps ........

  • Page 4: List Of Figures

    5.8.2 Authentication ......100 5.8.3 Software Update ......102 5.8.4 Configuration .
  • Page 5 NB2700 User Manual 5.3 WAN Settings ....... . . 5.4 Link Supervision .

  • Page 6: List Of Tables

    ........111 List of Tables 3.1 NB2700 Status Indicators ......
  • Page 7 NB2700 User Manual 5.7 Certificate/Key Terms ......108 5.8 Certificate Attributes ......108 A.1 Abbreviations...

  • Page 8: Welcome To Netmodule

    1. Welcome to NetModule Thank you for purchasing a NetModule Router. This document should give you an introduction to the router and its features. The following chapters describe any aspects of commissioning the device, installation procedure and provide helpful information...

  • Page 9: Conformity

    Possible antenna circuits must be limited to over-voltage transient levels below 1500 Volts according to IEC 60950-1, TNV-1 circuit levels using safety approved components. NB2700 routers shall be only used with certified (CSA or equivalent) power supply, which must have a limited and SELV circuit output. They are basically designed for indoor use.

  • Page 10: Declaration Of Conformity

    2.2. Declaration of Conformity NetModule hereby declares that under our own responsibility that the routers comply with the relevant standards following the provisions of the Council Directive 1999/5/EC. The signed version of the Declara- tions of Conformity can be found at: http://www.netmodule.com/...

  • Page 11: Italy

    NB2700 User Manual 2.4.2. Italy This product meets the national radio interface regulations and requirements specified in the National Frequency Allocation Table for Italy. Unless operating within the bound- aries of the owner’s property, the use of this Wireless LAN product requires a general authorization.

  • Page 12: Turkey

    NB2700 User Manual Frequency Power (EIRP) Restrictions 5650-5825 MHz 100 mW (20 dBm) Permitted to use on board of the aircraft during a flight at a altitude not less than 3000 m 2.4.7. Turkey Frequency Restrictions 5470-5725 MHz Not implemented...

  • Page 13: Specifications

    • NB2700 Mobile • NB2700 Mobile & WLAN • NB2700 WLAN 3.1. Operating Elements The following table describes the NB2700 status indicators. The color of the LED represents the signal quality for wireless links. red means low yellow means moderate...

  • Page 14: Nb2700 Status Indicators

    Normally closed output port 2 is closed. off Normally closed output port 2 is open. Input port 1 is set. off Input port 1 is not set. Input port 2 is set. off Input port 2 is not set. Table 3.1.: NB2700 Status Indicators...

  • Page 15: Interfaces

    Reset button, press at least 3 seconds for reboot and at least 5 second for a factory reset. The start of the factory reset is confirmed by all LEDs lighting up for a second. The button can be released then again. Table 3.2.: NB2700 Interfaces...

  • Page 16: Usb 2.0 Host Port

    NB2700 User Manual 3.2.2. USB 2.0 Host Port The USB 2.0 host port has the following specification: Feature Specification Speed Low, Full & Hi-Speed Current max. 500 mA Table 3.3.: USB 2.0 Host Port Specification 3.2.3. RJ45 Ethernet Connectors Specification The Ethernet ports are specified as follows:...

  • Page 17: Pin Terminal Block

    NB2700 User Manual 3.2.4. 13 Pin Terminal Block Power Supply NB2700 routers provide a non-isolated power supply input. The power port has the following specifications: Feature Specification Power supply nominal voltages 12 V , 24 V , 36 V and 48 V...

  • Page 18: Isolated Digital Outputs Specification

    NB2700 User Manual Feature Specification Maximum switching capacity 60 W Table 3.8.: Isolated Digital Outputs Specification Isolated Inputs The isolated digital input ports have the following specification: Feature Specification Number of inputs maximum input voltage 40 V Minimum voltage for level 1 (set) 7.2 V...

  • Page 19: Pin Assignments Of Terminal Block

    NB2700 User Manual Pin Signal DI2+ Table 3.10.: Pin Assignments of Terminal Block...

  • Page 20: Installation

    IP40 (with SIM and USB covers mounted) Table 4.1.: Operating Conditions 4.2. Installation of the Router The NB2700 is designed for mounting it on a worktop or wall. Please consider the safety instructions and the environmental conditions in chapter 2. 4.3. Installation of SIM Cards SIM cards can be inserted by sliding it into one of the designated holes on the front panel.

  • Page 21: Installation Of The Gsm/Umts Antenna

    Further information about SIM configuration can be found in chapter 5.3.3. 4.4. Installation of the GSM/UMTS Antenna NetModule routers will only operate efficiently in the cellular network if there is a good signal. The stub antenna will be suitable for most applications. However, in some circumstances it might be necessary to use remote antennas together with an extended cable to reach a better location offering an adequate signal.

  • Page 22: Installation Of The Power Supply

    NB2700 User Manual 4.7. Installation of the Power Supply The router can be powered with an external source supplying between 12 V and 48 V It is to be used with a certified (CE or equivalent) power supply, which must have a...

  • Page 23: Configuration

    3.6. 5.1. First Steps NetModule routers can be easily set up by using the HTTP-based configuration interface, called the Web Manager. Advanced users may also use the Command Line Interface (CLI) and set configuration parameters directly.

  • Page 24: Recovery

    NB2700 User Manual Please note that the admin password will be also applied for the root user which can be used to access the device via the serial console, telnet, SSH or to enter the bootloader. You may also configure additional users which will only be granted to access the summary page or retrieve status information but not to set any configuration parameters.

  • Page 25: Home

    NB2700 User Manual 5.2. HOME This page provides a status overview of established connections and enabled features. It offers a summary about the administrative and operational status of the router’s interfaces. Further details about any enabled Wide Area Network (WAN) links (such as the IP addresses, network information, signal strength, etc.) will be shown on additional...

  • Page 26: Wan Link Prerequisites

    NB2700 User Manual 5.3. INTERFACES 5.3.1. WAN Link Management Depending on your hardware model, WAN links can be made up of either Wireless Wide Area Network (WWAN), Wireless LAN (WLAN), Ethernet or PPP over Ethernet (PPPoE) connections. Please note that each WAN link has to be configured and enabled in order to appear on this page.

  • Page 27: Wan Links

    NB2700 User Manual Figure 5.2.: WAN Links soon as Link 3 goes down. Links are being triggered periodically and put to sleep in case it was not possible to establish them within a certain amount of time. Hence it might happen that permanent links will be dialed in background and, as soon as they got established, replace low- priority links again.

  • Page 28: Wan Settings

    NB2700 User Manual Figure 5.3.: WAN Settings Supervision Network outage detection can be performed by sending pings on each link to some authoritative hosts. A link will be declared as down in case all trials have failed and only as up if at least one host can be reached.

  • Page 29: Link Supervision

    NB2700 User Manual Figure 5.4.: Link Supervision will restart all link-related applications including a reset of the modems. Maximum downtime: The maximum amount of downtime in minutes for which no WAN link could be established...

  • Page 30: Ethernet

    NB2700 User Manual 5.3.2. Ethernet Port Settings Figure 5.5.: LAN Ports This menu can be used to individually assign each Ethernet port to a LAN interface, just in case you want to have different subnets per port or use one port as WAN interface. You may assign multiple ports to the same interface.

  • Page 31: Lan Link Settings

    NB2700 User Manual Figure 5.6.: LAN Link Settings Please keep in mind that the DNS servers can be set globally in the DNS server config- uration menu. But as soon as a link comes up it will use the interface-specific name- servers (e.g.

  • Page 32: Lan Ip Configuration

    NB2700 User Manual Figure 5.7.: LAN IP Configuration in the network. You may also define static values but caution has to be taken to assign an unique IP address as it would otherwise raise IP conflicts in the network. PPPoE is commonly used when communicating with another WAN access device (like a DSL modem).

  • Page 33: Mobile

    NB2700 User Manual 5.3.3. Mobile SIMs Figure 5.8.: SIMs The SIM page gives an overview about the available SIM cards, their assigned modems and the current state. Once a SIM card has been inserted, assigned to a modem and successfully unlocked, the card should remain in state ready and the network registration status should have turned to registered.
  • Page 34 NB2700 User Manual A SIM card is generally assigned to a default modem but might be switched, for instance if you set up two WWAN interfaces with one modem but different SIM cards. Close attention has to be paid when other services (such as SMS or Voice) are operating on that modem, as a SIM switch will naturally affect their operation.

  • Page 35: Wwan Interfaces

    NB2700 User Manual WWAN Interfaces This page can be used to manage your WWAN interfaces. The resulting link will pop up automatically as WAN link once an interface has been added. Please refer to chap- 5.3.1 for how to manage them.
  • Page 36 NB2700 User Manual phone number to be dialed in international format (e.g. +41xx). Access point name: The access point name (APN) being used Authentication: The authentication scheme being used, if required this can be PAP or/and CHAP Username: The user-name used for authentication Password: The password used for authentication Furtheron, you may configure the following advanced settings:...

  • Page 37: Wlan Management

    NB2700 User Manual 5.3.4. WLAN WLAN Management In case your router is shipping with a WLAN (or Wi-Fi) module you can operate it either as client or access point. As a client it can create an additional WAN link which for instance can be used as backup link. As access point, it can form another LAN...

  • Page 38: Wlan Scan

    NB2700 User Manual 802.11n Radio band: Selects the radio band to be used for connections, depending on your module it could be 2.4 or 5 GHz Channel: Specifies the channel to be used Prior to setting up an access point, it is always a good idea to run a network scan for getting a list of neighboring WLAN networks and then choose the less interfering channel.

  • Page 39: Wlan Interfaces

    NB2700 User Manual Figure 5.12.: WLAN Interfaces WLAN Configuration Running in access point mode you can define up to 4 SSIDs with each running their own network configuration. This section can be used to configure security-related set- tings. SSID: The network name (called SSID) Security mode: The desired security mode (such as WPA PSK), WPA (802.1x) can be...

  • Page 40: Wlan Configuration

    NB2700 User Manual Figure 5.13.: WLAN Configuration clients and Ethernet hosts operate in the same subnet. However, for multiple SSIDs we strongly recommend to set up separated interfaces in routing-mode in order to avoid unwanted access and traffic between the interfaces. The corresponding DHCP server for each network can be configured in afterwards as described in chapter 5.7.2.

  • Page 41: Wlan Ip Configuration

    NB2700 User Manual Figure 5.14.: WLAN IP Configuration 5.3.5. USB NetModule routers ship with a standard USB 2.0 host port which can be used to connect any arbitrary USB device. USB Autorun This feature can be used to automatically launch a shell script or perform a software/- config update as soon as an USB storage stick has been plugged in.

  • Page 42: Usb Device Server

    NB2700 User Manual USB Device Server As soon as the USB device server has been enabled you can refresh the discovered USB devices plugged in and attach them to the USB/IP server. Enabled devices can now be exported to a remote host. You will need an additional driver on the remote site (a pre-packed Windows driver package can be obtained from http://www.netmodule.

  • Page 43: Serial Port

    NB2700 User Manual 5.3.6. Serial Port This page can be used to manage your serial ports. They can be used for various purposes on the system. When set to none it will be disabled, when set to login console you would be able to get a login shell when connecting to the serial port (115200 8N1).
  • Page 44 NB2700 User Manual RTS and CTS lines are used to control the flow of data Protocol on TCP/IP: You may choose the IP protocols Telnet or TCP raw for the device server Port: The TCP port for the device server...

  • Page 45: Digital I/O

    NB2700 User Manual 5.3.7. Digital I/O The Digital I/O page displays the current status of the I/O ports and can be used to turn output ports on or off. You can apply the following settings: DO1 after reboot: Initial status of DO1 after system has booted...
  • Page 46 NB2700 User Manual 5.3.8. GPS Administration The GPS page lets you enable or disable the GPS modules present in the system and can be used to configure the daemon that can be used to share access to receivers without contention or loss of data and to respond to queries with a format that is substantially easier to parse than the NMEA 0183 emitted directly by the GPS device.
  • Page 47 NB2700 User Manual Azimuth: The azimuth (rotation around the vertical axis) in degrees as stated in GPGSV frames SNR: The SNR (Signal to Noise Ratio), often referred as signal strength Please note that the values are shown as calculated by the daemon, their accuracy might...

  • Page 48: Static Routes

    NB2700 User Manual 5.4. ROUTING 5.4.1. Static Routes This menu shows all routing entries of the system. They are typically formed by an address/netmask couple (represented in IPv4 dotted decimal notation) which specify the destination of a packet. The packets can be directed to either a gateway or an interface or both.

  • Page 49: Static Route Flags

    NB2700 User Manual Interface: The network interface on which a packet will be transmitted in order to reach the gateway or network behind it Metric: The routing metric of the interface (default 0), higher metrics have the effect of making a route less favorable Flags: (A)ctive, (P)ersistent, (H)ost Route, (N)etwork Route, (D)efault Route The flags obtain the following meanings:...

  • Page 50: Extended Routing

    NB2700 User Manual 5.4.2. Extended Routing Extended routes can be used to perform policy-based routing, they generally precede static routes. Figure 5.18.: Extended Routing In contrast to statis routes, extended routes can be made up, not only of a destination address/netmask, but also a source address/netmask, incoming interface and the type of service (TOS) of packets.

  • Page 51: Bridging

    NB2700 User Manual 5.4.3. Bridging This menu shows the currently configured bridge groups and their interface members. Please refer to section for a list of interface abbrevations. Figure 5.19.: Bridging...

  • Page 52: Mobile Ip

    Effectively, any WAN link switch causes very small outages during switchover while keeping all IP connections alive. Moreover, NetModule routers also support NAT-Traversal for mobile nodes running behind a firewall (performing NAT), which makes mobile nodes even there accessible from a central office via their home address, and thus, bypassing any complicated VPN...

  • Page 53: Mobile Ip

    NB2700 User Manual Figure 5.20.: Mobile IP Shared secret: The shared secret used for authentication of the mobile node at the home agent. This can be either a 128-bit hexadecimal value or a random length ASCII string. Life time: The lifetime of security associations in seconds UDP encapsulation: Specifies whether UDP encapsulation shall be used or not.
  • Page 54 NB2700 User Manual SPI. This is a 32-bit hexadecimal value. Authentication type: The used authentication algorithm. This can be prefix-suffix- md5 (default for mobile IP) or hmac-md5. Shared secret: The shared secret used for authentication of the mobile node at the home agent.

  • Page 55: Firewall

    NB2700 User Manual 5.5. FIREWALL 5.5.1. Administration NetModule routers use Linux’s netfilter/iptables firewall framework (see http://www. for more information) which supports stateful inspection, that is, grant- netfilter.org ing the same permissions for inherited connections within an IP session (e.g. FTP which builds up a control and data connection).

  • Page 56: Napt Administration

    NB2700 User Manual 5.5.3. NAPT This page can be used to configure Network Address and Port Translation (NAPT) for packets traversing the system. NAPT hereby modifies IP addresses or/and TCP/UDP ports in matching IP packets. By tracking those connections, it will also automatically adjust the returning packets of an IP session.

  • Page 57: Inbound Napt

    NB2700 User Manual Description: A meaningful description of this rule Incoming interface: The interface from which matching packets are received Target address: The destination address of matching packets (optional) Protocol: The used protocol of matching packets Ports: The used UDP/TCP port of matching packets...

  • Page 58: Outbound Napt

    NB2700 User Manual Rewrite source address: The address to which the source address of matching packets shall be rewritten Rewrite source port: The port to which the source port of matching packets shall be rewritten Figure 5.23.: Outbound NAPT...

  • Page 59: Openvpn Administration

    Figure 5.24.: OpenVPN Administration Tunnel Configuration NetModule routers support one single server tunnel and up to four client tunnels. You can specify tunnel parameters either in standard configuration or upload an expert mode file which has been created in advance. Refer to chapter 5.6.1...
  • Page 60 NB2700 User Manual Setting up a tunnel server just requires the server port to be set, the settings mentioned below apply for both, server and client tunnels: Type: The encapsulation type for this tunnel which can be either TUN (typically used for routed connections) or TAP (needed for bridged networks) Network mode: Defines how the packets should be forwarded, which can be either...

  • Page 61: Openvpn Configuration

    NB2700 User Manual Figure 5.25.: OpenVPN Configuration server.crt: Certificate file server.key: Private key file dh1024.pem: Diffie-Hellman parameters file ccd: A directory containing client-specific configuration files Keep in mind that a certificate becomes valid once its validity time has been reached, thus an accurate system has to be set prior to creating certificates and establishing a...

  • Page 62: Openvpn Client Management

    NB2700 User Manual Finally, you can generate and download all expert mode files for enabled clients which can be used to easily populate each client. Figure 5.26.: OpenVPN Client Management...

  • Page 63: Ipsec

    NB2700 User Manual 5.6.2. IPsec IPsec is a protocol suite for securing IP communications by authenticating and encrypt- ing each packet of a communication session and thus establishing a secure virtual private network. IPsec includes various cryptographic protocols and ciphers for key exchange and data encryption and can be seen as one of the strongest VPN technologies in terms of security.

  • Page 64: Ipsec Administration

    NB2700 User Manual Figure 5.27.: IPsec Administration Administration This page can be used to enable/disable IPsec, you may also specify whether NAT- Traversal should be used. NAT-Traversal is mainly used for connections which traverse a path where a router modifies the IP address/port of packets. It encapsulates packets in UDP and therefore requires a slight overhead which has to be taken into account when running over small- sized MTU interfaces.

  • Page 65: Ipsec Configuration

    (the router will then try to re-establish a dead connection auto- matically) IKE Authentication NetModule routers support IKE authentication through pre-shared keys (PSK) or cer- tificates within a public key infrastructure. Using PSK requires the following settings: PSK: The pre-shared key used to authenticate at the peer Local ID Type: The type of identification for the local ID which can be a FQDN, username@FQDN...
  • Page 66 NB2700 User Manual afterwards. In PKI server mode the router represents the Certificate Authority and issues the certificates for remote peers. IKE Proposal This section can be used to configure the phase 1 settings: Negotiation mode: Choose the desired negotiation mode. Preferably, main mode should be used but aggressive mode might be applicable when dealing with dynamic endpoint addresses.

  • Page 67: Pptp Administration

    NB2700 User Manual 5.6.3. PPTP Figure 5.29.: PPTP Administration The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks between two hosts. PPTP is easy to configure and widely deployed amongst Microsoft Dial-up networking servers. However, due to its weak encryption algorithms, it is nowadays considered insecure but it still provides a straightforward way for establishing tunnels.

  • Page 68: Pptp Tunnel Configuration

    NB2700 User Manual Figure 5.30.: PPTP Tunnel Configuration PPTP Client Management PPTP clients for a server tunnel need to be configured here. They are made up of user- name and password. A fixed IP address can be assigned to them which can be used to...

  • Page 69: Dial-In

    NB2700 User Manual Figure 5.31.: PPTP Client Management 5.6.4. Dial-In On this page you can configure the Dial-In server in order to establish a data connection over GSM calls. Thus, one would generally apply a required service type of 2G-only, so that the modem registers to GSM only.

  • Page 70: Services

    Figure 5.32.: Dial-in Server Settings 5.7. SERVICES 5.7.1. SDK NetModule routers are shipping with a Software Development Kit (SDK) which offers a simple and fast way to implement customer-specific functions and applications. It consists of: 1. An SDK host which defines the runtime environment (a so-called sandbox), that...
  • Page 71 NB2700 User Manual Anyone, reasonably experienced in the C language, will find an environment that is easy to dig in. However, feel free to contact us via router@support.netmodule.com and we will happily support you in finding a programming solution to your specific problem.
  • Page 72 NB2700 User Manual /* We are going to eavesdrop on the first serial port * and turn on lights via a digital I / O output port , * otherwise we d have to send a short message . ( attempts = 0; attempts < 3; attempts ++) { ( nb_serial_read ( "...
  • Page 73 NB2700 User Manual Please note that some functions require the corresponding services (e.g. E-Mail, SMS) to be properly configured prior to utilizing them in the SDK. Let’s now pay some attention to the very powerful API function nb_status. It can be used to query the router’s status values in the same manner as they can be shown...
  • Page 74 NB2700 User Manual Here is an example how one might adopt those functions: /* check current city and enable the second WAN link */ location = nb_status ( " location " ( location ) { city = struct_get ( location , "...

  • Page 75: Sdk Administration

    NB2700 User Manual Figure 5.33.: SDK Administration Administration This page can be used to control the SDK host and apply the following settings: Parameter: Description Administrative status: Specifies whether SDK scripts should run or not Scheduling priority: Specifies the process priority of the sdkhost, higher priorities will...
  • Page 76 NB2700 User Manual Type: The type of the trigger, either time-based or event-based Condition: Specifies the time condition for time-based triggers (e.g. hourly) Timespec: The time specification which, together with the condition, specifies the time(s) when the trigger should be pulled...

  • Page 77: Sdk Jobs

    NB2700 User Manual Figure 5.34.: SDK Jobs /scripts/testrun:2:10:FATAL: parse error, unexpected $, expecting ’;’ SDK Sample Application As an introduction, you can step through a sample application, namely the SMS control script, which implements remote control over short messages and can be used to send a status of the system back to the sender.

  • Page 78: Sdk Testing

    Turns off the second digital output port Table 5.5.: SMS Control Commands A response to the status command typically looks like: System: NB2700 hostname (00:11:22:AA:BB:CC) WAN1: WWAN1 is up (10.0.0.1, Mobile1, UMTS, -83 dBm, LAI 12345) GPS: lat 47.377894, lon 8.540055, alt 282.200 OVPN: client on tun0 is up (10.0.8.4)

  • Page 79: Dhcp Server

    NB2700 User Manual 5.7.2. DHCP Server This section can be used to individually configure the Dynamic Host Configuration Protocol (DHCP) service for each LAN interface which will serve dynamic IP addresses to hosts in the local network. You may also have a look to the leases page where you can find an overview about negotiated client addresses.

  • Page 80: Dhcp Server

    NB2700 User Manual gateway and the current DNS server addresses if not configured elsewise. You can specify fixed addresses here. Figure 5.37.: DHCP Server...

  • Page 81: Dns Server

    NB2700 User Manual 5.7.3. DNS Server The DNS server can be used to proxy DNS requests towards servers on the net which have for instance been negotiated during WAN link negotiation. By pointing DNS requests to the router, one can reduce outbound DNS traffic as it is caching already resolved names but it can be also used for serving fixed addresses for particular host names.

  • Page 82: Dyndns

    Username: The user-name used for authenticating at the service Password: The password used for authentication Please note that your NetModule router can operate as DynDNS service as well, provided that you hold a valid SERVER license and have your hosts pointed to the DNS service...

  • Page 83: E-Mail Settings

    NB2700 User Manual 5.7.5. E-Mail The E-Mail client can be used to send notifications to a particular E-Mail address upon certain events or by SDK scripts. Figure 5.40.: E-Mail Settings It can be enabled by applying the following settings. E-mail client status: Administrative status of the E-Mail client...

  • Page 84: Event Notification Settings

    NB2700 User Manual 5.7.6. Events By using the event manager you can notify one or more recipients by SMS or E-Mail upon certain system events. The messages will contain a description provided by you and a short system info. A list of all system events can be found in the appendix A.2.

  • Page 85: Sms Configuration

    5.7.7. SMS Administration On NetModule routers it is possible to receive or send short messages (SMS) over each mounted modem (depending on the assembly options). Messages are received by query- ing the SIM card over a modem, so prior to that, the required assignment of a SIM card to a modem needs to be specified on the SIMs page.

  • Page 86: Sms Number Expressions

    NB2700 User Manual The relevant page can be used to enable the SMS service and specify on which it should operate. Routing & Filtering By using SMS routing you can specify outbound rules which will be applied whenever message are sent. On the one hand, you can forward them to an enabled modem. For a particular number, you can for instance enforce messages being sent over a dedicated SIM.
  • Page 87 NB2700 User Manual This page can be used to test whether SMS sending in general or filtering/routing rules works. The maximum length per message part is limited to 160 characters, we also suggest to exclusively use characters which are supported by the GSM 7-bit alphabet.

  • Page 88: Ssh And Telnet Server

    NB2700 User Manual 5.7.8. SSH/Telnet Server Apart from the Web Manager, the SSH and Telnet services can be used to log into the system. Valid users include root and admin as well as additional users as they can be created in the User Accounts section. Please note, that a regular system shell will only...

  • Page 89: Snmp Agent

    NB2700 User Manual 5.7.9. SNMP Agent NetModule routers are equipped with an SNMP daemon, supporting basic MIB tables (such as ifTable), plus additional enterprise MIBs to manage multiple systems. The corresponding VENDOR MIB can be found in the appendix or downloaded from the router.
  • Page 90 NB2700 User Manual You can use TFTP, HTTP, HTTPS and FTP URLs, specifying a username/password or a port is not yet supported. Please note that config updates expect a zip-file named <serial-number>.zip in the specified directory. Listing 5.6: Getting the configuration update status:...

  • Page 91: Snmp Agent

    NB2700 User Manual Figure 5.44.: SNMP Agent Once the SNMP agent is enabled, SNMP traps are generated in case of the following events: • Start-up of the box • Shutdown of the box • VPN connected • VPN disconnected • Signal strength fell below the strength trap threshold The start-up trap is implemented using the standard cold start &...

  • Page 92: Web Server

    NB2700 User Manual 5.7.10. Web Server This page can be used to configure different ports for accessing the Web Manager via HTTP/HTTPS. We strongly recommend to use HTTPS when accessing the web service via a WAN interface as the communication will be encrypted and thus avoids any misuse of the system.

  • Page 93: Vrrp Configuration

    NB2700 User Manual 5.7.11. Redundancy This page can be used to set up a redundant pair of NetModule routers (or other systems) by running the Virtual Router Redundancy Protocol (VRRP) between them. A typical VRRP scenario defines a first host playing the master and another the backup device, they both define a virtual gateway IP address which will be distributed by gratuitous...
  • Page 94 NB2700 User Manual Interface: Interface on which VRRP should be performed Virtual gateway address: The virtual gateway address formed by the participating hosts We assign a priority of 100 to the master and 1 to the backup router. Please adapt the...

  • Page 95: Voice Gateway

    NB2700 User Manual 5.7.12. Voice Gateway Depending on your hardware, you can set up a voice gateway on the router which can be connected by any VoIP client from the local network capable of the SIP protocol. It hereby listens for arriving SIP calls and forwards them as a GSM call on the modem which has been configured.
  • Page 96 NB2700 User Manual Client Configuration The sip client should be configured to use the router as a voice gateway. The easiest way to achieve this is to configure the router as proxy. The Voice Gateway does not require authenticationi however it may be necessary to fill in dummy values as user ID, Domain and Password.

  • Page 97: Voice Client Configuration

    NB2700 User Manual Figure 5.48.: Voice Client Configuration...

  • Page 98: System

    NB2700 User Manual 5.8. SYSTEM 5.8.1. System System Settings Figure 5.49.: System The following system parameters can be set: Local hostname: The hostname of the system Syslog redirect address: Specifies an IP address to which system log messages should be redirected to. A tiny system log server for Windows is included in TFTP32 which can be downloaded from our website.

  • Page 99: Regional Settings

    (e.g. automatically switching from summer to winter time) for your specific time zone. NetModule routers can synchronize their system time by using one or more servers by the help of the Network Time Protocol (NTP) or via GPS. If enabled, the time synchronization is usually triggered after a WAN link has come up but before starting any VPN connections.

  • Page 100: Authentication

    NB2700 User Manual Figure 5.51.: System information 5.8.2. Authentication This pages offers a simple shortcut to only allow secure connections (SSH, HTTPS) for managing the router. User Accounts By using this page you can manage the user accounts on the system. The standard admin user is a built-in power user that has permission to access the Web Manager and other administrative services and is used by several services as default user.

  • Page 101: User Accounts

    NB2700 User Manual Figure 5.52.: User Accounts Remote Authentication A RADIUS server can be used for authenticating remote users. This applies for the Web Manager, the WLAN network and other services supporting and incorporating remote authentication. It can be configured as follows: Administrative status: Defines whether a remote server should be used for authentica-...

  • Page 102: Software Update

    NB2700 User Manual Figure 5.53.: Remote Authentication 5.8.3. Software Update Manual Software Update This menu can be used to run a manual software update of the system. Update operation: The update operation method being used. You can upload the image, download it from an URL or use the latest version from our server URL: The server URL where the software update image should be downloaded from.

  • Page 103: Configuration

    NB2700 User Manual 5.8.4. Configuration Configuration via the Web Manager becomes tedious for larger volumes of devices. The router therefore offers automatic and manual file-based configuration to automate things. Once you have successfully set up the system you can back up the configuration and restore the system with it afterwards.

  • Page 104: Automatic File Configuration

    NB2700 User Manual Figure 5.55.: Automatic File Configuration Time of day: Time of day when the system should check for updates URL: The URL where the configuration file should be retrieved from (supported proto- cols are HTTP, HTTPS, TFTP, FTP) Factory Configuration...

  • Page 105: Troubleshooting

    NB2700 User Manual Figure 5.56.: Factory Configuration 5.8.5. Troubleshooting Network Debugging Log Files You can view the system log here by selection the option Debug log or if you are interested in the boot log select Boot log. Another way to see what is going on on the box is opening a SSH or Telnet session as root and typing tail-log.

  • Page 106: Log Viewer

    NB2700 User Manual Figure 5.57.: Log Viewer This can be achieved by logging onto the box and start a network packet capture by using the tool tcdump. We recommend to use the -n switch to bypass name resolution (e.g. tcpdump -n -i lan0). You may also generate a dump in PCAP format using the Web Manager, download it to your computer and perform further inspections with Wireshark (available at www.wireshark.org).

  • Page 107: Keys And Certificates

    NB2700 User Manual Figure 5.58.: Tech Support File 5.8.6. Keys and Certificates The key and certificate page lets you generate required files for securing your services (such as the HTTP and SSH server). The following terms are used: Term Description Root CA The root Certificate Authority (CA) which issues certifi-...
  • Page 108 NB2700 User Manual Term Description An encryption algorithm based on the fact that factorization of large integers is difficult DSS/DSA An encryption algorithm based on the discrete logarithm problem Phrase A password used for protecting keys Table 5.7.: Certificate/Key Terms A single certificate can obtain the following ASN.1 attributes:...

  • Page 109: Keys And Certificates Management

    NB2700 User Manual Figure 5.59.: Keys and certificates management can further revoke and invalidate client certificates again (for instance if they have been compromised or lost).

  • Page 110: Licensing

    NB2700 User Manual 5.8.7. Licensing Certain features of NetModule routers require a valid license to be present in the system, some of them also depend on the mounted modules. Please contact us for getting a valid license for available components and we will provide a license file based on your serial number which can be installed to the router afterwards.

  • Page 111: Logout

    NB2700 User Manual 5.9. LOGOUT Please use this menu to log out from Web Manager. Figure 5.61.: Logout...

  • Page 112: Command Line Interface

    6. Command Line Interface ihe Command Line Interface (CLI) offers a unified control interface to the router and can be used to get/set configuration parameters, apply updates, restart services or perform other system tasks. It will be started automatically in interactive mode when logging in as admin user or by running cli -i.

  • Page 113: Print Help

    NB2700 User Manual Key Sequence Action Clear the screen leaving the current line at the top of the CTRL-l screen, with an argument given refresh the current line with- out clearing the screen. Fetch the previous command from the history list, moving CTRL-p back in the list.

  • Page 114: Getting Config Parameters

    NB2700 User Manual Usage : help [<command >] Available commands : Get config parameters Set config parameters status Get status information send Send message or mail update Update system facilities restart Restart service reset Reset system to factory defaults reboot...

  • Page 115: Getting Status Information

    NB2700 User Manual validate config parameter use legacy syntax with & separator 6.5. Getting Status Information The status command can be used to get various status information of the system. > status Usage : status [ hs ] <section> Options :...

  • Page 116: Updating System Facilities

    NB2700 User Manual Usage : send [ h ] <type> <dest> <msg> Options : <type> type of message to be sent ( mail or sms ) <dest> destination of message ( mail address or phone number ) <msg> message to be sent 6.7.

  • Page 117: Resetting System

    NB2700 User Manual wwan manager WWAN manager wlan WLAN interfaces network Networking dnsmasq DNS / DHCP server configd Configuration daemon firewall Firewall and NAPT lighttpd HTTP server openvpn OpenVPN connections ipsec IPsec connections pptp PPTP connections snmpd SNMP daemon syslog...

  • Page 118: Cli-Php

    NB2700 User Manual > shell Usage : shell [ h ] [<cmd >] 6.12. CLI-PHP CLI-PHP, an HTTP frontend to the CLI application, can be used to configure and control the router remotely. It is enabled in factory configuration, thus can be used for deployment purposes, but disabled as soon as the admin account has been set up.
  • Page 119 NB2700 User Manual $ cli get " admin . password " " admin . debug " " admin . access " It supports whitespaces but please be aware that any special characters in the URL must be specified according to RFC1738 ( which usually done by common clients such as wget , lynx , curl ) .
  • Page 120 NB2700 User Manual command=get&arg0=<config key>[&arg1=<config key > . . ] Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php ? version=2&output=html&usr=admin&pwd= admin01&command=get&arg0=config . version http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php ? version=2&output=html&usr=admin&pwd= admin01&command=get&arg0=openvpn .
  • Page 121 NB2700 User Manual Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php ? version=2&output=html&usr=admin&pwd= admin01&command=restart&arg0= h http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php ? version=2&output=html&usr=admin&pwd= admin01&command=restart&arg0=link manager...
  • Page 122 NB2700 User Manual admin01&command=update&arg0=software&arg1=tftp : / / 1 9 2 . 1 6 8 . 1 . 2 5 4 / latest http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php ? version=2&output=html&usr=admin&pwd= admin01&command=update&arg0=config&arg1=tftp : / / 1 9 2 .

  • Page 123: Technical Support

    7. Technical Support NetModule’s mission statement is to provide you with state of the art products, technolo- gies and services for your embedded applications. This certainly includes a professional and friendly team of support engineers which will be pleased to offer consultancy, pro- vide assistance and deliver solutions in case of technical issues.

  • Page 124: Legal Notice

    NetModule does not warrant that this document is error-free. NetModule and NB2700 are trademarks and the logo is a service mark of NetModule AG, Switzerland. All other products or company names mentioned herein are used for identification pur- poses only and may be trademarks or registered trademarks of their respective owners.
  • Page 125 firmware upgrades, troubleshooting tips, press releases or any other concerns. NetModule AG Tel +41 31 985 25 10 Meriedweg 11 Fax +41 31 985 25 11 CH -3172 Niederwangen info@netmodule . com Switzerland http : // www . netmodule . com Copyright ©2012 NetModule AG, Switzerland All rights reserved...

  • Page 126: A Appendix

    A. Appendix A.1. Abbrevations Parameter Description ETHx Corresponds to Ethernet interfaces (either single or switched ones) LANx LAN interfaces which are generally based on Ethernet in- terfaces (including bridges) WLANx Refers to a Wireless LAN interface which will be represented as additional LAN interface when configured as access point WWANx Refers to a Wireless Wide Area Network (2G/3G/4G) con-...

  • Page 127: A.1 Abbreviations

    NB2700 User Manual Parameter Description The Location Area Code corresponds to an identifier of a set of base stations that are grouped together to optimize signaling The Location Area Identity is a globally unique number that identifies the country, network provider and location area...

  • Page 128: System Events

    NB2700 User Manual A.2. System Events Event Description wan-up WAN link came up wan-down WAN link went down dio-in1-on DIO IN1 turned on dio-in2-on DIO IN2 turned on dio-in1-off DIO IN1 turned off dio-in2-off DIO IN2 turned off dio-out1-on DIO OUT1 turned on...

  • Page 129: A.2 System Events

    NB2700 User Manual Event Description system-startup System has been started sdk-startup SDK has been started sms-sent SMS has been sent sms-received SMS has been received sms-report-received SMS report has been received call-incoming A GSM call is coming in call-outgoing Outgoing GSM call is being established...

  • Page 130: Factory Configuration

    NB2700 User Manual A.3. Factory Configuration The factory configuration including default values for any configuration parameter can be derived from the file /etc/config/factory-config.cfg on the router. You may also call cli get -f <parameter> for obtaining a specific default value.

  • Page 131: Snmp Vendor Mib

    -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -- NB VENDOR MIB -- ( c ) COPYRIGHT 2012 by NetModule AG , Switzerland -- All rights reserved .
  • Page 132 NB2700 User Manual DESCRIPTION " The currently installed system software version " ::= { admin 1 } kernelVersion OBJECT - TYPE SYNTAX DisplayString MAX - ACCESS read - only STATUS current DESCRIPTION " The currently installed kernel version " ::= { admin 2 }...
  • Page 133 NB2700 User Manual MAX - ACCESS not - accessible STATUS current DESCRIPTION " The table describing all WWAN modems and their current settings " ::= { wwan 1 } nbWwanEntry OBJECT - TYPE SYNTAX NBWwanEntry MAX - ACCESS not - accessible...
  • Page 134 NB2700 User Manual SYNTAX DisplayString MAX - ACCESS read - only STATUS current DESCRIPTION " The current LAI to which the WWAN modem is currently registered " ::= { nbWwanEntry 8 } ww an L oc a l Ar e aC o de OBJECT - TYPE...
  • Page 135 NB2700 User Manual " The latitude value received by the GNSS device " ::= { nbGnssEntry 4 } gnssLon OBJECT - TYPE SYNTAX DisplayString MAX - ACCESS read - only STATUS current DESCRIPTION " The longitude value received by the GNSS device "...
  • Page 136 NB2700 User Manual dioSetOUT2 OBJECT - TYPE SYNTAX INTEGER { off (0) , on (1) MAX - ACCESS read - write STATUS current DESCRIPTION " Update value for digital I / O port OUT2 " ::= { dio 11 }...
  • Page 137 NB2700 User Manual STATUS current DESCRIPTION " Indicates a VPN connection deactivation " ::= { notifs 20 } vpn - up - trap NOTIFICATION - TYPE STATUS current DESCRIPTION " Indicates a VPN connection activation " ::= { notifs 21 }...

  • Page 138: Sdk Examples

    NB2700 User Manual A.5. SDK Examples Event Description config-summary.are This script shows a summary of the currently running con- figuration. dio-monitor.are This script monitors the DIO ports and sends a SMS to the specified phone number. dio-server.are This script implements a TCP server which can be used to control the DIO ports.

  • Page 139: A.3 Sdk Examples

    NB2700 User Manual Event Description status.are This script can be used to display all status variables syslog.are Throw a simple syslog message. tcpclient.are This script sends a message to a TCP server. tcpserver.are This script implements a TCP server which is able to receive messages.

  • Page 140: Sdk Sample Sms Control

    NB2700 User Manual A.6. SDK Sample SMS Control /* This script will execute commands received by SMS and may report the status of the system . */ INTERVAL = 10; /* only run every 10 seconds MAXMSG = 5; /* process max . 5 msgs MAXAGE = 300;...
  • Page 141 NB2700 User Manual ( left ( from , strlen ( sender ) ) == sender ) { allowed = 1; break ( allowed == 0) { nb_syslog ( " rejecting message from unknown sender % s " , from ) ;...
  • Page 142 NB2700 User Manual fp = fopen ( LASTFILE , " r " ( fp ) { /* we have been run at least one time */ str = fread ( fp , 32) ; ( str ) last = ( ) str ;...
  • Page 143 NB2700 User Manual ( left ( cmd ,6) == " output " else if nb_syslog ( " dio out command received " setdio ( cmd ) ; else nb_syslog ( " ignoring invalid message " /* delete message ret = nb_sms_delete ( msgs [ i ]) ;...

Table of Contents