NetModule NB1600 User Manual
  1. Manuals
  2. Brands
  3. NetModule Manuals
  4. Network Router
  5. NB1600
  6. User manual

NetModule NB1600 User Manual

Hide thumbs Also See for NB1600:
Table of Contents

Advertisement

Quick Links

NetModule Router NB1600
User Manual
Manual Version 1.0
NetModule AG, Switzerland
November 28, 2012

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NB1600 and is the answer not in the manual?

Questions and answers

Related Manuals for NetModule NB1600

Summary of Contents for NetModule NB1600

  • Page 1 NetModule Router NB1600 User Manual Manual Version 1.0 NetModule AG, Switzerland November 28, 2012...

  • Page 2: Table Of Contents

    Contents 1 Welcome to NetModule 2 Conformity 2.1 Safety Instructions ......
  • Page 3 NB1600 User Manual 5.1 First Steps ........

  • Page 4: List Of Figures

    5.8.4 Configuration ......107 5.8.5 Troubleshooting ......110 5.8.6 Keys and Certificates .
  • Page 5 NB1600 User Manual 5.5 LAN Ports ........

  • Page 6: List Of Tables

    ........117 List of Tables 3.1 NB1600 Status Indicators ......
  • Page 7 NB1600 User Manual A.3 SDK Examples ....... . 145...

  • Page 8: Welcome To Netmodule

    1. Welcome to NetModule Thank you for purchasing a NetModule Router. This document should give you an introduction to the router and its features. The following chapters describe any aspects of commissioning the device, installation procedure and provide helpful information...

  • Page 9: Conformity

    Possible antenna circuits must be limited to over-voltage transient levels below 1500 Volts according to IEC 60950-1, TNV-1 circuit levels using safety approved components. NB1600 routers shall be only used with certified (CSA or equivalent) power supply, which must have a limited and SELV circuit output. They are basically designed for indoor use.

  • Page 10: Declaration Of Conformity

    2.2. Declaration of Conformity NetModule hereby declares that under our own responsibility that the routers comply with the relevant standards following the provisions of the Council Directive 1999/5/EC. The signed version of the Declara- tions of Conformity can be found at: http://www.netmodule.com/...

  • Page 11: Italy

    NB1600 User Manual 2.4.2. Italy This product meets the national radio interface regulations and requirements specified in the National Frequency Allocation Table for Italy. Unless operating within the bound- aries of the owner’s property, the use of this Wireless LAN product requires a general authorization.

  • Page 12: Turkey

    NB1600 User Manual Frequency Power (EIRP) Restrictions 5650-5825 MHz 100 mW (20 dBm) Permitted to use on board of the aircraft during a flight at a altitude not less than 3000 m 2.4.7. Turkey Frequency Restrictions 5470-5725 MHz Not implemented...

  • Page 13: Specifications

    3. Specifications There are currently four different models of NB1600 available: • NB1600 Mobile • NB1600 Mobile & WLAN • NB1600 WLAN • NB1600 Wireline 3.1. Operating Elements The following table describes the router’s status indicators. The color of the LED represents the signal quality for wireless links.

  • Page 14: Nb1600 Status Indicators

    Normally closed output port 2 is closed. off Normally closed output port 2 is open. Input port 1 is set. off Input port 1 is not set. Input port 2 is set. off Input port 2 is not set. Table 3.1.: NB1600 Status Indicators...

  • Page 15: Interfaces

    5 second for a factory reset. The start of the factory reset is confirmed by all LEDs lighting up for a second. The button can be released then again. Table 3.2.: NB1600 Interfaces 3.2.2. USB 2.0 Host Port The USB 2.0 host port comes with the following specification:...

  • Page 16: Rj45 Ethernet Connectors

    NB1600 User Manual Feature Specification Speed Low, Full & Hi-Speed Current max. 500mA Table 3.3.: USB 2.0 Host Port Specification 3.2.3. RJ45 Ethernet Connectors Specification The two Ethernet ports are specified as follows: Feature Specification Isolation 1500 Vrms Speed 10/100 Mbps Mode Half- &...

  • Page 17: Pin Terminal Block

    NB1600 User Manual 3.2.4. 15 Pin Terminal Block Power Supply NB1600 routers provide two non-isolated power supply inputs. The power is sourced from the input with the higher voltage applied to. The power ports have the following specifications: Feature Specification...

  • Page 18: Isolated Digital Outputs Specification

    NB1600 User Manual Feature Specification Maximum switching voltage 60 V , 42 V Maximum switching capacity 60 W Table 3.8.: Isolated Digital Outputs Specification Isolated Inputs The isolated digital inputs have the following specification: Feature Specification Number of inputs Maximum input voltage...

  • Page 19: Pin Assignments Of Terminal Block

    NB1600 User Manual Pin Signal DO2: Dry contact relay normally closed DI1+ DI2+ Table 3.10.: Pin Assignments of Terminal Block...

  • Page 20: Installation

    Table 4.1.: Operating Conditions 4.2. Installation of the Router The NB1600 is designed for mounting it on a DIN rail or wall but it can also be put on a worktop. Please consider the safety instructions and the environmental conditions in chapter 2.

  • Page 21: Installation Of The Gsm/Umts Antenna

    NB1600 User Manual 4.4. Installation of the GSM/UMTS Antenna NetModule routers will only operate efficiently in the cellular network if there is a good signal. The stub antenna will be suitable for most applications. However, in some circumstances it might be necessary to use remote antennas together with an extended cable to reach a better location offering an adequate signal.

  • Page 22: Configuration

    3.6. 5.1. First Steps NetModule routers can be easily set up by using the HTTP-based configuration interface, called the Web Manager. Advanced users may also use the Command Line Interface (CLI) and set configuration parameters directly.

  • Page 23: Recovery

    NB1600 User Manual Please note that the admin password will be also applied for the root user which can be used to access the device via the serial console, telnet, SSH or to enter the bootloader. You may also configure additional users which will only be granted to access the summary page or retrieve status information but not to set any configuration parameters.

  • Page 24: Home

    NB1600 User Manual 5.2. HOME This page provides a status overview of established connections and enabled features. It offers a summary about the administrative and operational status of the router’s interfaces. Further details about any enabled Wide Area Network (WAN) links (such as the IP addresses, network information, signal strength, etc.) will be shown on additional...

  • Page 25: Interfaces

    NB1600 User Manual 5.3. INTERFACES 5.3.1. WAN Link Management Depending on your hardware model, WAN links can be made up of either Wireless Wide Area Network (WWAN), Wireless LAN (WLAN), Ethernet or PPP over Ethernet (PPPoE) connections. Please note that each WAN link has to be configured and enabled in order to appear on this page.

  • Page 26: Wan Links

    NB1600 User Manual Figure 5.2.: WAN Links...

  • Page 27: Wan Settings

    NB1600 User Manual soon as Link 3 goes down. Links are being triggered periodically and put to sleep in case it was not possible to establish them within a certain amount of time. Hence it might happen that permanent links will be dialed in background and, as soon as they got established, replace low- priority links again.

  • Page 28: Link Supervision

    NB1600 User Manual Supervision Network outage detection can be performed by sending pings on each link to some authoritative hosts. A link will be declared as down in case all trials have failed and only as up if at least one host can be reached.
  • Page 29 NB1600 User Manual reached. Using reboot would perform a reboot of the system, restart services will restart all link-related applications including a reset of the modems. Maximum downtime: The maximum amount of downtime in minutes for which no WAN link could be established...

  • Page 30: Ethernet

    NB1600 User Manual 5.3.2. Ethernet Port Settings Figure 5.5.: LAN Ports This menu can be used to individually assign each Ethernet port to a LAN interface, just in case you want to have different subnets per port or use one port as WAN interface. You may assign multiple ports to the same interface.

  • Page 31: Lan Link Settings

    NB1600 User Manual Figure 5.6.: LAN Link Settings...

  • Page 32: Lan Ip Configuration

    NB1600 User Manual Please keep in mind that the DNS servers can be set globally in the DNS server config- uration menu. But as soon as a link comes up it will use the interface-specific name- servers (e.g. the ones being retrieved over DHCP) and update the resolver configuration accordingly.
  • Page 33 NB1600 User Manual in the network. You may also define static values but caution has to be taken to assign an unique IP address as it would otherwise raise IP conflicts in the network. PPPoE is commonly used when communicating with another WAN access device (like a DSL modem).

  • Page 34: Mobile

    NB1600 User Manual 5.3.3. Mobile SIMs Figure 5.8.: SIMs The SIM page gives an overview about the available SIM cards, their assigned modems and the current state. Once a SIM card has been inserted, assigned to a modem and successfully unlocked, the card should remain in state ready and the network registration status should have turned to registered.
  • Page 35 NB1600 User Manual Configuration A SIM card is generally assigned to a default modem but might be switched, for instance if you set up two WWAN interfaces with one modem but different SIM cards. Close attention has to be paid when other services (such as SMS or Voice) are operating on that modem, as a SIM switch will naturally affect their operation.

  • Page 36: Wwan Interfaces

    NB1600 User Manual WWAN Interfaces This page can be used to manage your WWAN interfaces. The resulting link will pop up automatically as WAN link once an interface has been added. Please refer to chap- 5.3.1 for how to manage them.
  • Page 37 NB1600 User Manual refers to be *99***1#. For circuit-switched 2G connections you can enter the fixed phone number to be dialed in international format (e.g. +41xx). Access point name: The access point name (APN) being used Authentication: The authentication scheme being used, if required this can be PAP...

  • Page 38: Wlan

    NB1600 User Manual 5.3.4. WLAN WLAN Management In case your router is shipping with a WLAN (or Wi-Fi) module you can operate it either as client or access point. As a client it can create an additional WAN link which for instance can be used as backup link. As access point, it can form another LAN...

  • Page 39: Wlan Scan

    NB1600 User Manual 802.11n Radio band: Selects the radio band to be used for connections, depending on your module it could be 2.4 or 5 GHz Channel: Specifies the channel to be used Prior to setting up an access point, it is always a good idea to run a network scan for getting a list of neighboring WLAN networks and then choose the less interfering channel.

  • Page 40: Wlan Interfaces

    NB1600 User Manual Figure 5.12.: WLAN Interfaces...

  • Page 41: Wlan Configuration

    NB1600 User Manual Figure 5.13.: WLAN Configuration...

  • Page 42: Wlan Ip Configuration

    NB1600 User Manual WLAN Configuration Running in access point mode you can define up to 4 SSIDs with each running their own network configuration. This section can be used to configure security-related set- tings. SSID: The network name (called SSID) Security mode: The desired security mode (such as WPA PSK), WPA (802.1x) can be...
  • Page 43 NB1600 User Manual The access point networks can be bridged to any LAN interface for letting WLAN clients and Ethernet hosts operate in the same subnet. However, for multiple SSIDs we strongly recommend to set up separated interfaces in routing-mode in order to avoid unwanted access and traffic between the interfaces.

  • Page 44: Usb

    NB1600 User Manual 5.3.5. USB NetModule routers ship with a standard USB 2.0 host port which can be used to connect any arbitrary USB device. USB Autorun This feature can be used to automatically launch a shell script or perform a software/- config update as soon as an USB storage stick has been plugged in.

  • Page 45: Usb Device Server

    NB1600 User Manual Figure 5.15.: USB Device Server...

  • Page 46: Serial Port

    NB1600 User Manual 5.3.6. Serial Port This page can be used to manage your serial ports. They can be used for various purposes on the system. When set to none it will be disabled, when set to login console you would be able to get a login shell when connecting to the serial port (115200 8N1).
  • Page 47 NB1600 User Manual Hardware flow control: You may enable RTS/CTS hardware flow control, so that the RTS and CTS lines are used to control the flow of data Protocol on TCP/IP: You may choose the IP protocols Telnet or TCP raw for the...

  • Page 48: Digital I/O

    NB1600 User Manual 5.3.7. Digital I/O The Digital I/O page displays the current status of the I/O ports and can be used to turn output ports on or off. You can apply the following settings: DO1 after reboot: Initial status of DO1 after system has booted...

  • Page 49: Routing

    NB1600 User Manual 5.4. ROUTING 5.4.1. Static Routes This menu shows all routing entries of the system. They are typically formed by an address/netmask couple (represented in IPv4 dotted decimal notation) which specify the destination of a packet. The packets can be directed to either a gateway or an interface or both.

  • Page 50: Static Route Flags

    NB1600 User Manual Interface: The network interface on which a packet will be transmitted in order to reach the gateway or network behind it Metric: The routing metric of the interface (default 0), higher metrics have the effect of making a route less favorable Flags: (A)ctive, (P)ersistent, (H)ost Route, (N)etwork Route, (D)efault Route The flags obtain the following meanings:...

  • Page 51: Extended Routing

    NB1600 User Manual 5.4.2. Extended Routing Extended routes can be used to perform policy-based routing, they generally precede static routes. Figure 5.18.: Extended Routing In contrast to statis routes, extended routes can be made up, not only of a destination address/netmask, but also a source address/netmask, incoming interface and the type of service (TOS) of packets.

  • Page 52: Bridging

    NB1600 User Manual 5.4.3. Bridging This menu shows the currently configured bridge groups and their interface members. Please refer to section for a list of interface abbrevations. Figure 5.19.: Bridging...

  • Page 53: Mobile Ip

    Effectively, any WAN link switch causes very small outages during switchover while keeping all IP connections alive. Moreover, NetModule routers also support NAT-Traversal for mobile nodes running behind a firewall (performing NAT), which makes mobile nodes even there accessible from a central office via their home address, and thus, bypassing any complicated VPN...

  • Page 54: Mobile Ip

    NB1600 User Manual Figure 5.20.: Mobile IP...
  • Page 55 NB1600 User Manual Shared secret: The shared secret used for authentication of the mobile node at the home agent. This can be either a 128-bit hexadecimal value or a random length ASCII string. Life time: The lifetime of security associations in seconds UDP encapsulation: Specifies whether UDP encapsulation shall be used or not.

  • Page 56: Firewall

    NB1600 User Manual 5.5. FIREWALL 5.5.1. Administration NetModule routers use Linux’s netfilter/iptables firewall framework (see http://www. for more information) which supports stateful inspection, that is, grant- netfilter.org ing the same permissions for inherited connections within an IP session (e.g. FTP which builds up a control and data connection).

  • Page 57: Napt

    NB1600 User Manual 5.5.3. NAPT This page can be used to configure Network Address and Port Translation (NAPT) for packets traversing the system. NAPT hereby modifies IP addresses or/and TCP/UDP ports in matching IP packets. By tracking those connections, it will also automatically adjust the returning packets of an IP session.

  • Page 58: Inbound Napt

    NB1600 User Manual found, the packet will pass as is. Description: A meaningful description of this rule Incoming interface: The interface from which matching packets are received Target address: The destination address of matching packets (optional) Protocol: The used protocol of matching packets...

  • Page 59: Outbound Napt

    NB1600 User Manual Ports: The used UDP/TCP port of matching packets Rewrite source address: The address to which the source address of matching packets shall be rewritten Rewrite source port: The port to which the source port of matching packets shall be rewritten Figure 5.23.: Outbound NAPT...

  • Page 60: Vpn

    Figure 5.24.: OpenVPN Administration Tunnel Configuration NetModule routers support one single server tunnel and up to four client tunnels. You can specify tunnel parameters either in standard configuration or upload an expert mode file which has been created in advance. Refer to chapter 5.6.1...
  • Page 61 NB1600 User Manual Setting up a tunnel server just requires the server port to be set, the settings mentioned below apply for both, server and client tunnels: Type: The encapsulation type for this tunnel which can be either TUN (typically used for routed connections) or TAP (needed for bridged networks) Network mode: Defines how the packets should be forwarded, which can be either...

  • Page 62: Openvpn Configuration

    NB1600 User Manual Figure 5.25.: OpenVPN Configuration...
  • Page 63 NB1600 User Manual server.crt: Certificate file server.key: Private key file dh1024.pem: Diffie-Hellman parameters file ccd: A directory containing client-specific configuration files Keep in mind that a certificate becomes valid once its validity time has been reached, thus an accurate system has to be set prior to creating certificates and establishing a tunnel connection.

  • Page 64: Openvpn Client Management

    NB1600 User Manual Figure 5.26.: OpenVPN Client Management...

  • Page 65: Ipsec

    NB1600 User Manual 5.6.2. IPsec IPsec is a protocol suite for securing IP communications by authenticating and encrypt- ing each packet of a communication session and thus establishing a secure virtual private network. IPsec includes various cryptographic protocols and ciphers for key exchange and data encryption and can be seen as one of the strongest VPN technologies in terms of security.

  • Page 66: Ipsec Administration

    NB1600 User Manual Figure 5.27.: IPsec Administration...

  • Page 67: Ipsec Configuration

    NB1600 User Manual Administration This page can be used to enable/disable IPsec, you may also specify whether NAT- Traversal should be used. NAT-Traversal is mainly used for connections which traverse a path where a router modifies the IP address/port of packets. It encapsulates packets in UDP and therefore requires a slight overhead which has to be taken into account when running over small- sized MTU interfaces.
  • Page 68 (the router will then try to re-establish a dead connection auto- matically) IKE Authentication NetModule routers support IKE authentication through pre-shared keys (PSK) or cer- tificates within a public key infrastructure. Using PSK requires the following settings: PSK: The pre-shared key used to authenticate at the peer Local ID Type: The type of identification for the local ID which can be a FQDN, username@FQDN...
  • Page 69 NB1600 User Manual IPsec protocol: The desired IPsec protocol (AH or ESP) Encryption algorithm: The desired IKE encryption method (we recommend AES256) Authentication algorithm: The desired IKE authentication method (we prefer SHA1 over MD5) SA life time: The lifetime of Security Associations...

  • Page 70: Pptp

    NB1600 User Manual 5.6.3. PPTP Figure 5.29.: PPTP Administration The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks between two hosts. PPTP is easy to configure and widely deployed amongst Microsoft Dial-up networking servers. However, due to its weak encryption algorithms, it is nowadays considered insecure but it still provides a straightforward way for establishing tunnels.

  • Page 71: Pptp Tunnel Configuration

    NB1600 User Manual Figure 5.30.: PPTP Tunnel Configuration...

  • Page 72: Pptp Client Management

    NB1600 User Manual PPTP Client Management PPTP clients for a server tunnel need to be configured here. They are made up of user- name and password. A fixed IP address can be assigned to them which can be used to point any routes to a dedicated tunnel.

  • Page 73: Dial-In

    NB1600 User Manual 5.6.4. Dial-In On this page you can configure the Dial-In server in order to establish a data connection over GSM calls. Thus, one would generally apply a required service type of 2G-only, so that the modem registers to GSM only. Naturally, a concurrent use of outgoing WWAN interfaces and Dial-In connection is not possible.

  • Page 74: Services

    NB1600 User Manual 5.7. SERVICES 5.7.1. SDK NetModule routers are shipping with a Software Development Kit (SDK) which offers a simple and fast way to implement customer-specific functions and applications. It consists of: 1. An SDK host which defines the runtime environment (a so-called sandbox), that...
  • Page 75 NB1600 User Manual /* We are going to eavesdrop on the first serial port * and turn on lights via a digital I / O output port , * otherwise we d have to send a short message . ( attempts = 0; attempts < 3; attempts ++) { ( nb_serial_read ( "...
  • Page 76 NB1600 User Manual Please note that some functions require the corresponding services (e.g. E-Mail, SMS) to be properly configured prior to utilizing them in the SDK. Let’s now pay some attention to the very powerful API function nb_status. It can be used to query the router’s status values in the same manner as they can be shown...
  • Page 77 NB1600 User Manual Here is an example how one might adopt those functions: /* check current city and enable the second WAN link */ location = nb_status ( " location " ( location ) { city = struct_get ( location , "...

  • Page 78: Sdk Administration

    NB1600 User Manual Figure 5.33.: SDK Administration...
  • Page 79 NB1600 User Manual Administration This page can be used to control the SDK host and apply the following settings: Parameter: Description Administrative status: Specifies whether SDK scripts should run or not Scheduling priority: Specifies the process priority of the sdkhost, higher priorities will...

  • Page 80: Sdk Jobs

    NB1600 User Manual Figure 5.34.: SDK Jobs...
  • Page 81 NB1600 User Manual Testing The testing page offers an editor and an input field for optional arguments which can be used to perform test runs of your script or test dedicated portions of it. Please note that you might need to quote arguments as they will otherwise be separated by white-spaces.

  • Page 82: Sdk Testing

    NB1600 User Manual Figure 5.35.: SDK Testing...

  • Page 83: Sms Control Commands

    NB1600 User Manual Command Action status Will reply a message to the sender including a short system overview connect Will enable the first WAN link configured on the system disconnect Will disable the first WAN link configured on the system...

  • Page 84: Dhcp Server

    NB1600 User Manual 5.7.2. DHCP Server This section can be used to individually configure the Dynamic Host Configuration Protocol (DHCP) service for each LAN interface which will serve dynamic IP addresses to hosts in the local network. You may also have a look to the leases page where you can find an overview about negotiated client addresses.

  • Page 85: Dhcp Server

    NB1600 User Manual gateway and the current DNS server addresses if not configured elsewise. You can specify fixed addresses here. Figure 5.37.: DHCP Server...

  • Page 86: Dns Server

    NB1600 User Manual 5.7.3. DNS Server The DNS server can be used to proxy DNS requests towards servers on the net which have for instance been negotiated during WAN link negotiation. By pointing DNS requests to the router, one can reduce outbound DNS traffic as it is caching already resolved names but it can be also used for serving fixed addresses for particular host names.

  • Page 87: Dyndns

    Username: The user-name used for authenticating at the service Password: The password used for authentication Please note that your NetModule router can operate as DynDNS service as well, provided that you hold a valid SERVER license and have your hosts pointed to the DNS service...

  • Page 88: E-Mail

    NB1600 User Manual 5.7.5. E-Mail The E-Mail client can be used to send notifications to a particular E-Mail address upon certain events or by SDK scripts. Figure 5.40.: E-Mail Settings It can be enabled by applying the following settings. E-mail client status: Administrative status of the E-Mail client...

  • Page 89: Events

    NB1600 User Manual 5.7.6. Events By using the event manager you can notify one or more recipients by SMS or E-Mail upon certain system events. The messages will contain a description provided by you and a short system info. A list of all system events can be found in the appendix A.2.

  • Page 90: Sms

    5.7.7. SMS Administration On NetModule routers it is possible to receive or send short messages (SMS) over each mounted modem (depending on the assembly options). Messages are received by query- ing the SIM card over a modem, so prior to that, the required assignment of a SIM card to a modem needs to be specified on the SIMs page.

  • Page 91: Sms Configuration

    NB1600 User Manual Figure 5.42.: SMS Configuration...
  • Page 92 NB1600 User Manual prefix. On the other hand, you can also define rules to drop outgoing messages, for instance, when you want to avoid using any expensive service or international numbers. Both types of rules form a list will be processed by order, forwarding outgoing messages over the specified modem or dropping them.

  • Page 93: Ssh/Telnet Server

    NB1600 User Manual 5.7.8. SSH/Telnet Server Apart from the Web Manager, the SSH and Telnet services can be used to log into the system. Valid users include root and admin as well as additional users as they can be created in the User Accounts section. Please note, that a regular system shell will only...

  • Page 94: Snmp Agent

    NB1600 User Manual 5.7.9. SNMP Agent NetModule routers are equipped with an SNMP daemon, supporting basic MIB tables (such as ifTable), plus additional enterprise MIBs to manage multiple systems. The corresponding VENDOR MIB can be found in the appendix or downloaded from the router.
  • Page 95 NB1600 User Manual You can use TFTP, HTTP, HTTPS and FTP URLs, specifying a username/password or a port is not yet supported. Please note that config updates expect a zip-file named <serial-number>.zip in the specified directory. Listing 5.6: Getting the configuration update status:...

  • Page 96: Snmp Agent

    NB1600 User Manual Figure 5.44.: SNMP Agent...
  • Page 97 NB1600 User Manual Once the SNMP agent is enabled, SNMP traps are generated in case of the following events: • Start-up of the box • Shutdown of the box • VPN connected • VPN disconnected • Signal strength fell below the strength trap threshold The start-up trap is implemented using the standard cold start &...

  • Page 98: Web Server

    NB1600 User Manual 5.7.10. Web Server This page can be used to configure different ports for accessing the Web Manager via HTTP/HTTPS. We strongly recommend to use HTTPS when accessing the web service via a WAN interface as the communication will be encrypted and thus avoids any misuse of the system.

  • Page 99: Redundancy

    NB1600 User Manual 5.7.11. Redundancy This page can be used to set up a redundant pair of NetModule routers (or other systems) by running the Virtual Router Redundancy Protocol (VRRP) between them. A typical VRRP scenario defines a first host playing the master and another the backup device, they both define a virtual gateway IP address which will be distributed by gratuitous...
  • Page 100 NB1600 User Manual Interface: Interface on which VRRP should be performed Virtual gateway address: The virtual gateway address formed by the participating hosts We assign a priority of 100 to the master and 1 to the backup router. Please adapt the...

  • Page 101: System

    NB1600 User Manual 5.8. SYSTEM 5.8.1. System System Settings Figure 5.47.: System The following system parameters can be set: Local hostname: The hostname of the system Syslog redirect address: Specifies an IP address to which system log messages should be redirected to. A tiny system log server for Windows is included in TFTP32 which can be downloaded from our website.

  • Page 102: Regional Settings

    (e.g. automatically switching from summer to winter time) for your specific time zone. NetModule routers can synchronize their system time by using one or more servers by the help of the Network Time Protocol (NTP) . If enabled, the time synchronization is usually triggered after a WAN link has come up but before starting any VPN connections.

  • Page 103: System Information

    NB1600 User Manual Figure 5.49.: System information...

  • Page 104: Authentication

    NB1600 User Manual 5.8.2. Authentication This pages offers a simple shortcut to only allow secure connections (SSH, HTTPS) for managing the router. User Accounts By using this page you can manage the user accounts on the system. The standard admin user is a built-in power user that has permission to access the Web Manager and other administrative services and is used by several services as default user.

  • Page 105: Remote Authentication

    NB1600 User Manual Remote Authentication A RADIUS server can be used for authenticating remote users. This applies for the Web Manager, the WLAN network and other services supporting and incorporating remote authentication. Figure 5.51.: Remote Authentication It can be configured as follows: Administrative status: Defines whether a remote server should be used for authentica-...

  • Page 106: Software Update

    NB1600 User Manual 5.8.3. Software Update Manual Software Update This menu can be used to run a manual software update of the system. Update operation: The update operation method being used. You can upload the image, download it from an URL or use the latest version from our server URL: The server URL where the software update image should be downloaded from.

  • Page 107: Configuration

    NB1600 User Manual 5.8.4. Configuration Configuration via the Web Manager becomes tedious for larger volumes of devices. The router therefore offers automatic and manual file-based configuration to automate things. Once you have successfully set up the system you can back up the configuration and restore the system with it afterwards.

  • Page 108: Automatic File Configuration

    NB1600 User Manual Figure 5.53.: Automatic File Configuration...

  • Page 109: Factory Configuration

    NB1600 User Manual Time of day: Time of day when the system should check for updates URL: The URL where the configuration file should be retrieved from (supported proto- cols are HTTP, HTTPS, TFTP, FTP) Factory Configuration Figure 5.54.: Factory Configuration This menu can be used to reset the device to factory defaults.

  • Page 110: Troubleshooting

    NB1600 User Manual 5.8.5. Troubleshooting Network Debugging Log Files You can view the system log here by selection the option Debug log or if you are interested in the boot log select Boot log. Another way to see what is going on on the box is opening a SSH or Telnet session as root and typing tail-log.

  • Page 111: Tech Support File

    NB1600 User Manual Figure 5.56.: Tech Support File...
  • Page 112 NB1600 User Manual This can be achieved by logging onto the box and start a network packet capture by using the tool tcdump. We recommend to use the -n switch to bypass name resolution (e.g. tcpdump -n -i lan0). You may also generate a dump in PCAP format using the Web Manager, download it to your computer and perform further inspections with Wireshark (available at www.wireshark.org).

  • Page 113: Keys And Certificates

    NB1600 User Manual 5.8.6. Keys and Certificates The key and certificate page lets you generate required files for securing your services (such as the HTTP and SSH server). Figure 5.57.: Keys and certificates management The following terms are used: Term...

  • Page 114: Certificate/Key Terms

    NB1600 User Manual Term Description An encryption algorithm based on the fact that factorization of large integers is difficult DSS/DSA An encryption algorithm based on the discrete logarithm problem Phrase A password used for protecting keys Table 5.7.: Certificate/Key Terms A single certificate can obtain the following ASN.1 attributes:...
  • Page 115 NB1600 User Manual can further revoke and invalidate client certificates again (for instance if they have been compromised or lost).

  • Page 116: Licensing

    NB1600 User Manual 5.8.7. Licensing Certain features of NetModule routers require a valid license to be present in the system, some of them also depend on the mounted modules. Please contact us for getting a valid license for available components and we will provide a license file based on your serial number which can be installed to the router afterwards.

  • Page 117: Logout

    NB1600 User Manual 5.9. LOGOUT Please use this menu to log out from Web Manager. Figure 5.59.: Logout...

  • Page 118: Command Line Interface

    6. Command Line Interface ihe Command Line Interface (CLI) offers a unified control interface to the router and can be used to get/set configuration parameters, apply updates, restart services or perform other system tasks. It will be started automatically in interactive mode when logging in as admin user or by running cli -i.

  • Page 119: Print Help

    NB1600 User Manual Key Sequence Action Clear the screen leaving the current line at the top of the CTRL-l screen, with an argument given refresh the current line with- out clearing the screen. Fetch the previous command from the history list, moving CTRL-p back in the list.

  • Page 120: Getting Config Parameters

    NB1600 User Manual Usage : help [<command >] Available commands : Get config parameters Set config parameters status Get status information send Send message or mail update Update system facilities restart Restart service reset Reset system to factory defaults reboot...

  • Page 121: Getting Status Information

    NB1600 User Manual validate config parameter use legacy syntax with & separator 6.5. Getting Status Information The status command can be used to get various status information of the system. > status Usage : status [ hs ] <section> Options :...

  • Page 122: Updating System Facilities

    NB1600 User Manual Usage : send [ h ] <type> <dest> <msg> Options : <type> type of message to be sent ( mail or sms ) <dest> destination of message ( mail address or phone number ) <msg> message to be sent 6.7.

  • Page 123: Resetting System

    NB1600 User Manual wwan manager WWAN manager wlan WLAN interfaces network Networking dnsmasq DNS / DHCP server configd Configuration daemon firewall Firewall and NAPT lighttpd HTTP server openvpn OpenVPN connections ipsec IPsec connections pptp PPTP connections snmpd SNMP daemon syslog...

  • Page 124: Cli-Php

    NB1600 User Manual > shell Usage : shell [ h ] [<cmd >] 6.12. CLI-PHP CLI-PHP, an HTTP frontend to the CLI application, can be used to configure and control the router remotely. It is enabled in factory configuration, thus can be used for deployment purposes, but disabled as soon as the admin account has been set up.
  • Page 125 NB1600 User Manual $ cli get " admin . password " " admin . debug " " admin . access " It supports whitespaces but please be aware that any special characters in the URL must be specified according to RFC1738 ( which usually done by common clients such as wget , lynx , curl ) .
  • Page 126 NB1600 User Manual command=get&arg0=<config key>[&arg1=<config key > . . ] Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php ? version=2&output=html&usr=admin&pwd= admin01&command=get&arg0=config . version http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php ? version=2&output=html&usr=admin&pwd= admin01&command=get&arg0=openvpn .
  • Page 127 NB1600 User Manual Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php ? version=2&output=html&usr=admin&pwd= admin01&command=restart&arg0= h http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php ? version=2&output=html&usr=admin&pwd= admin01&command=restart&arg0=link manager...
  • Page 128 NB1600 User Manual admin01&command=update&arg0=software&arg1=tftp : / / 1 9 2 . 1 6 8 . 1 . 2 5 4 / latest http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php ? version=2&output=html&usr=admin&pwd= admin01&command=update&arg0=config&arg1=tftp : / / 1 9 2 .

  • Page 129: Technical Support

    7. Technical Support NetModule’s mission statement is to provide you with state of the art products, technolo- gies and services for your embedded applications. This certainly includes a professional and friendly team of support engineers which will be pleased to offer consultancy, pro- vide assistance and deliver solutions in case of technical issues.

  • Page 130: Legal Notice

    NetModule does not warrant that this document is error-free. NetModule and NB1600 are trademarks and the logo is a service mark of NetModule AG, Switzerland. All other products or company names mentioned herein are used for identification pur- poses only and may be trademarks or registered trademarks of their respective owners.
  • Page 131 firmware upgrades, troubleshooting tips, press releases or any other concerns. NetModule AG Tel +41 31 985 25 10 Meriedweg 11 Fax +41 31 985 25 11 CH -3172 Niederwangen info@netmodule . com Switzerland http : // www . netmodule . com Copyright ©2012 NetModule AG, Switzerland All rights reserved...

  • Page 132: A Appendix

    A. Appendix A.1. Abbrevations Parameter Description ETHx Corresponds to Ethernet interfaces (either single or switched ones) LANx LAN interfaces which are generally based on Ethernet in- terfaces (including bridges) WLANx Refers to a Wireless LAN interface which will be represented as additional LAN interface when configured as access point WWANx Refers to a Wireless Wide Area Network (2G/3G/4G) con-...

  • Page 133: Abbreviations

    NB1600 User Manual Parameter Description The Location Area Code corresponds to an identifier of a set of base stations that are grouped together to optimize signaling The Location Area Identity is a globally unique number that identifies the country, network provider and location area...

  • Page 134: System Events

    NB1600 User Manual A.2. System Events Event Description wan-up WAN link came up wan-down WAN link went down dio-in1-on DIO IN1 turned on dio-in2-on DIO IN2 turned on dio-in1-off DIO IN1 turned off dio-in2-off DIO IN2 turned off dio-out1-on DIO OUT1 turned on...

  • Page 135: System Events

    NB1600 User Manual Event Description system-startup System has been started sdk-startup SDK has been started sms-sent SMS has been sent sms-received SMS has been received sms-report-received SMS report has been received call-incoming A GSM call is coming in call-outgoing Outgoing GSM call is being established...

  • Page 136: Factory Configuration

    NB1600 User Manual A.3. Factory Configuration The factory configuration including default values for any configuration parameter can be derived from the file /etc/config/factory-config.cfg on the router. You may also call cli get -f <parameter> for obtaining a specific default value.

  • Page 137: Snmp Vendor Mib

    -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -- NB VENDOR MIB -- ( c ) COPYRIGHT 2012 by NetModule AG , Switzerland -- All rights reserved .
  • Page 138 NB1600 User Manual DESCRIPTION " The currently installed system software version " ::= { admin 1 } kernelVersion OBJECT - TYPE SYNTAX DisplayString MAX - ACCESS read - only STATUS current DESCRIPTION " The currently installed kernel version " ::= { admin 2 }...
  • Page 139 NB1600 User Manual MAX - ACCESS not - accessible STATUS current DESCRIPTION " The table describing all WWAN modems and their current settings " ::= { wwan 1 } nbWwanEntry OBJECT - TYPE SYNTAX NBWwanEntry MAX - ACCESS not - accessible...
  • Page 140 NB1600 User Manual SYNTAX DisplayString MAX - ACCESS read - only STATUS current DESCRIPTION " The current LAI to which the WWAN modem is currently registered " ::= { nbWwanEntry 8 } ww an L oc a l Ar e aC o de OBJECT - TYPE...
  • Page 141 NB1600 User Manual " The latitude value received by the GNSS device " ::= { nbGnssEntry 4 } gnssLon OBJECT - TYPE SYNTAX DisplayString MAX - ACCESS read - only STATUS current DESCRIPTION " The longitude value received by the GNSS device "...
  • Page 142 NB1600 User Manual dioSetOUT2 OBJECT - TYPE SYNTAX INTEGER { off (0) , on (1) MAX - ACCESS read - write STATUS current DESCRIPTION " Update value for digital I / O port OUT2 " ::= { dio 11 }...
  • Page 143 NB1600 User Manual STATUS current DESCRIPTION " Indicates a VPN connection deactivation " ::= { notifs 20 } vpn - up - trap NOTIFICATION - TYPE STATUS current DESCRIPTION " Indicates a VPN connection activation " ::= { notifs 21 }...

  • Page 144: Sdk Examples

    NB1600 User Manual A.5. SDK Examples Event Description config-summary.are This script shows a summary of the currently running con- figuration. dio-monitor.are This script monitors the DIO ports and sends a SMS to the specified phone number. dio-server.are This script implements a TCP server which can be used to control the DIO ports.
  • Page 145 NB1600 User Manual Event Description status.are This script can be used to display all status variables syslog.are Throw a simple syslog message. tcpclient.are This script sends a message to a TCP server. tcpserver.are This script implements a TCP server which is able to receive messages.

  • Page 146: Sdk Sample Sms Control

    NB1600 User Manual A.6. SDK Sample SMS Control /* This script will execute commands received by SMS and may report the status of the system . */ INTERVAL = 10; /* only run every 10 seconds MAXMSG = 5; /* process max . 5 msgs MAXAGE = 300;...
  • Page 147 NB1600 User Manual ( left ( from , strlen ( sender ) ) == sender ) { allowed = 1; break ( allowed == 0) { nb_syslog ( " rejecting message from unknown sender % s " , from ) ;...
  • Page 148 NB1600 User Manual fp = fopen ( LASTFILE , " r " ( fp ) { /* we have been run at least one time */ str = fread ( fp , 32) ; ( str ) last = ( ) str ;...
  • Page 149 NB1600 User Manual ( left ( cmd ,6) == " output " else if nb_syslog ( " dio out command received " setdio ( cmd ) ; else nb_syslog ( " ignoring invalid message " /* delete message ret = nb_sms_delete ( msgs [ i ]) ;...

Table of Contents