NETMODULE NB1600 Router User Manual

User Manual for NETMODULE models including: NB1600 Router, NB1600, Router

NetModule Router NB1600

User Manual for Software Version 4.6.0.105

NRSW

NetModule AG, Switzerland

NB1600 Manual 4.6.0.105

Index of /public/system-software/4.6/4.6.0.105

File Info : application/pdf, 221 Pages, 4.96MB

NB1600 Manual 4.6.0.105

NetModule Router NB1600
User Manual for Software Version 4.6.0.105
Manual Version 2.1139
NetModule AG, Switzerland November 23, 2022

NB1600 User Manual for NRSW version 4.6.0.105

NetModule Router NB1600
This manual covers all variants of the NB1600 product type.
The specifications and information regarding the products in this manual are subject to change without notice. We would like to point out that NetModule makes no representation or warranties with respect to the contents herein and shall not be responsible for any loss or damage caused to the user by the direct or indirect use of this information This document may contain information about third party products or processes. Such third party information is generally out of influence of NetModule and therefore NetModule shall not be responsible for the correctness or legitimacy of this information. Users must take full responsibility for their application of any products.

This document contains proprietary information of NetModule. No parts of the work described herein may be reproduced. Reverse engineering of the hardware or software is prohibited and protected by patent law. This material or any portion of it may not be copied in any form or by any means, stored in a retrieval system, adopted or transmitted in any form or by any means (electronic, mechanical, photographic, graphic, optic or otherwise), or translated in any language or computer language without the prior written permission of NetModule.
A large amount of the source code to this product is available under licenses which are both free and open source. Most of it is covered by the GNU General Public License which can be obtained from www.gnu.org. The remainder of the open source software which is not under the GPL, is usually available under one of a variety of more permissive licenses. A detailed license information for a particular software package can be provided on request.
All other products or company names mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective owners. The following description of software, hardware or process of NetModule or other third party provider may be included with your product and will be subject to the software, hardware or other license agreements.

Contact
www.netmodule.com/support

NetModule AG Maulbeerstrasse 10 CH-3011 Bern Switzerland

Tel +41 31 985 25 10 Fax +41 31 985 25 11 info@netmodule.com https://www.netmodule.com

NB1600 User Manual for NRSW version 4.6.0.105
Contents
1. Welcome to NetModule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2. Conformity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.1. Safety Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2. Declaration of Conformity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.3. Waste Disposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.4. National Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.5. Open Source Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3. Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.1. Appearance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.2. Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.3. Environmental Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.4. Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.4.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.4.2. LED Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.4.3. Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.4.4. Mobile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.4.5. WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.4.6. GNSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.4.7. USB 2.0 Host Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.4.8. RJ45 Ethernet Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.4.9. 15 Pin Terminal Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4. Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 4.1. Installation of the Mini-SIM Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 4.2. Installation of the GSM/UMTS/LTE Antenna . . . . . . . . . . . . . . . . . . . . . . . . 29 4.3. Installation of the WLAN Antennas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 4.4. Installation of the GPS Antenna . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 4.5. Installation of the Local Area Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 4.6. Installation of the Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 5. Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 5.1. First Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 5.1.1. Initial Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 5.1.2. Automatic Mobile Data Connection . . . . . . . . . . . . . . . . . . . . . . . . . 33 5.1.3. Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 5.2. HOME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 5.3. INTERFACES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 5.3.1. WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 5.3.2. Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 5.3.3. Mobile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 5.3.4. WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 5.3.5. Software Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 5.3.6. USB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 5.3.7. Serial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 5.3.8. Digital I/O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 5.3.9. GNSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 5.4. ROUTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 5.4.1. Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 5.4.2. Extended Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 5.4.3. Multipath Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
3

NB1600 User Manual for NRSW version 4.6.0.105
5.4.4. Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 5.4.5. BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 5.4.6. OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 5.4.7. Mobile IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 5.4.8. Quality Of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 5.5. FIREWALL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 5.5.1. Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 5.5.2. Adress/Port Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 5.5.3. Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 5.5.4. NAPT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 5.6. VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 5.6.1. OpenVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 5.6.2. IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 5.6.3. PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 5.6.4. GRE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 5.6.5. L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 5.6.6. Dial-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 5.7. SERVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 5.7.1. SDK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 5.7.2. DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 5.7.3. DNS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 5.7.4. NTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 5.7.5. Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 5.7.6. E-Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 5.7.7. Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 5.7.8. SMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 5.7.9. SSH/Telnet Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 5.7.10. SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 5.7.11. Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 5.7.12. Softflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 5.7.13. Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 5.7.14. Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 5.8. SYSTEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 5.8.1. System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 5.8.2. Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 5.8.3. Software Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 5.8.4. Module Firmware Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 5.8.5. Software Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 5.8.6. Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 5.8.7. Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 5.8.8. Keys and Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 5.8.9. Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 5.8.10. Legal Notice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 5.9. LOGOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 6. Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 6.1. General Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 6.2. Print Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 6.3. Getting Config Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 6.4. Setting Config Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
4

NB1600 User Manual for NRSW version 4.6.0.105
6.5. Checking Config Completed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 6.6. Getting Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 6.7. Scanning Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 6.8. Sending E-Mail or SMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 6.9. Updating System Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 6.10. Manage keys and certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 6.11. Restarting Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 6.12. Debug System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 6.13. Resetting System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 6.14. Rebooting System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 6.15. Running Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 6.16. Working with History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 6.17. CLI-PHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 A. Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 A.1. Abbrevations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 A.2. System Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 A.3. Factory Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 A.4. SNMP VENDOR MIB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 A.5. SDK Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
5

NB1600 User Manual for NRSW version 4.6.0.105
List of Figures
5.1. Initial Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 5.2. Home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 5.3. WAN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 5.4. Link Supervision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 5.5. WAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 5.6. Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 5.7. Ethernet Link Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 5.8. VLAN Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 5.9. LAN IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 5.10. LAN IP Configuration - LAN Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 5.11. LAN IP Configuration - WAN Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 5.12. SIMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 5.13. eSIM Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 5.14. Add eUICC Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 5.15. WWAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 5.16. WLAN Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 5.17. WLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 5.18. WLAN IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 5.19. USB Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 5.20. USB Device Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 5.21. Serial Port Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 5.22. Serial Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 5.23. Digital I/O Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 5.24. Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 5.25. Extended Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 5.26. Multipath Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 5.27. Mobile IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 5.28. Firewall Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 5.29. Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 5.30. Masquerading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 5.31. Inbound NAPT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 5.32. OpenVPN Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 5.33. OpenVPN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 5.34. OpenVPN Client Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 5.35. IPsec Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 5.36. IPsec Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 5.37. PPTP Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 5.38. PPTP Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 5.39. PPTP Client Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 5.40. Dial-in Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 5.41. SDK Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 5.42. SDK Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 5.43. DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 5.44. DNS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 5.45. NTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 5.46. Dynamic DNS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 5.47. E-Mail Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
6

NB1600 User Manual for NRSW version 4.6.0.105
5.48. SMS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 5.49. SSH and Telnet Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 5.50. SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 5.51. Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 5.52. VRRP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 5.53. System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 5.54. Regional settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 5.55. User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 5.56. Remote Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 5.57. Manual File Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 5.58. Automatic File Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 5.59. Factory Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 5.60. Log Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 5.61. Tech Support File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 5.62. Keys and certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 5.63. Certificate Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 5.64. Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
7

NB1600 User Manual for NRSW version 4.6.0.105
List of Tables
3.1. Environmental Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2. NB1600 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.3. NB1600 Status Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.4. Ethernet Status Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.5. Mobile Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.6. Mobile Antenna Port Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.7. IEEE 802.11 Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.8. WLAN Antenna Port Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.9. GNSS Specifications option G . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.10. GNSS / GPS Antenna Port Specification . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.11. USB 2.0 Host Port Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.12. Ethernet Port Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.13. Pin Assignments of RJ45 Ethernet Connectors . . . . . . . . . . . . . . . . . . . . . . 24 3.14. 15 Pin Terminal Block Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.15. Pin Assignments of Terminal Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.16. Power Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.17. RS-232 Port Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.18. Isolated Digital Outputs Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.19. Isolated Digital Inputs Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.1. LTE/UMTS antenna port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 4.2. WLAN antenna port types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 5.24. IEEE 802.11 Network Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 5.52. Static Route Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 5.100. SMS Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 5.112. SMS Number Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 5.139. Certificate Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 5.140. Certificate Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 A.1. Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 A.2. Systemereignisse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 A.3. SDK Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
8

NB1600 User Manual for NRSW version 4.6.0.105
1. Welcome to NetModule
Thank you for purchasing a NetModule product. This document should give you an introduction to the device and its features. The following chapters describe any aspects of commissioning the device, installation procedure and provide helpful information towards configuration and maintenance. Please find further information such as sample SDK scripts or configuration samples in our wiki on https://wiki.netmodule.com.
9

NB1600 User Manual for NRSW version 4.6.0.105
2. Conformity
This chapter provides general information for putting the router into operation.
2.1. Safety Instructions
Please carefully observe all safety instructions in the manual that are marked with the symbol . Compliance information: The NetModule routers must be used in compliance with any and all applicable national and international laws and with any special restrictions regulating the utilization of the communication module in prescribed applications and environments. Information about the accessories / changes to the device: Please only use original accessories to prevent injuries and health risks. Changes made to the device or the use of non-authorized accessories will render the warranty null and void and potentially invalidate the operating license. NetModule routers must not be opened (SIM cards may be used according to the instructions).
10

NB1600 User Manual for NRSW version 4.6.0.105
Information about the device interfaces: All systems that are connected to the NetModule router interfaces must meet the
requirements for SELV (Safety Extra Low Voltage) systems. Interconnections must not leave the building nor penetrate the body shell of a vehicle. Connections for antennas may only exit the building or the vehicle hull if transient
overvoltages (according to IEC 62368-1) are limited by external protection circuits down to 1 500 Vpeak. All other connections must remain within the building or the vehicle hull. Always keep a distance of more than 40 cm from the antenna in order to reduce exposure to electromagnetic fields below the legal limits. Devices with a WLAN interface may be operated only with applicable Regulatory Domain configured. Special attention must be paid to country, number of antennas and the antenna gain (see also chapter 5.3.4). The maximum allowed gain is 3dBi in the relevant frequency range. WLAN antennas with a higher amplification may be used with the NetModule router "Enhanced-RF-Configuration" software license and the antenna gain and cable attenuation that have been correctly configured by certified specialized personnel. A misconfiguration will lead to loss of the approval. Cellular antennas attached to the router must have an antenna gain of equal or less than 2.5 dBi. The user is responsible for the compliance with the legal regulations. Only CE-compliant power supplies with a current-limited SELV output voltage range may be used with the NetModule routers.
General safety instructions: Observe the usage limitations of radio units at filling stations, in chemical plants, in
systems with explosives or potentially explosive locations. The devices may not be used in airplanes. Exercise particular caution near personal medical aids, such as pacemakers and hear-
ing aids. The NetModule routers may also cause interference in the nearer distance of TV sets,
radio receivers and personal computers. Never perform work on the antenna system during a thunderstorm. The devices are generally designed for normal indoor use. Do not expose the devices
to extraordinary environmental conditions worse than IP40. Protect them against aggressive chemical atmospheres and humidity or temperatures
outside specifications. We highly recommended creating a copy of a working system configuration. It can be
easily applied to a newer software release afterwards.
11

NB1600 User Manual for NRSW version 4.6.0.105
2.2. Declaration of Conformity
NetModule hereby declares that under our own responsibility that the routers comply with the relevant standards following the provisions of the RED Directive 2014/53/EU. The signed version of the Declaration of Conformity can be obtained from https://www.netmodule.com/downloads
2.3. Waste Disposal
In accordance with the requirements of the Council Directive 2012/19/EU regarding Waste Electrical and Electronic Equipment (WEEE), you are urged to ensure that this product will be segregated from other waste at end-of-life and delivered to the WEEE collection system in your country for proper recycling.
2.4. National Restrictions
This product may be generally used in all EU countries (and other countries following the RED Directive 2014/53/EU) without any limitation. Please refer to our WLAN Regulatory Database for getting further national radio interface regulations and requirements for a particular country.
12

NB1600 User Manual for NRSW version 4.6.0.105
2.5. Open Source Software
We inform you that NetModule products may contain in part open-source software. We are distributing such open-source software to you under the terms of GNU General Public License (GPL)1, GNU Lesser General Public License (LGPL)2 or other open-source licenses3. These licenses allow you to run, copy, distribute, study, change and improve any software covered by GPL, Lesser GPL, or other open-source licenses without any restrictions from us or our end user license agreement on what you may do with that software. Unless required by applicable law or agreed to in writing, software distributed under open-source licenses is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. To obtain the corresponding open source codes covered by these licenses, please contact our technical support at router@support.netmodule.com.
Acknowledgements This product includes:
PHP, freely available from http://www.php.net Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org) Cryptographic software written by Eric Young (eay@cryptsoft.com) Software written by Tim Hudson (tjh@cryptsoft.com) Software written Jean-loup Gailly and Mark Adler MD5 Message-Digest Algorithm by RSA Data Security, Inc. An implementation of the AES encryption algorithm based on code released by Dr Brian Glad-
man Multiple-precision arithmetic code originally written by David Ireland Software from The FreeBSD Project (http://www.freebsd.org)
1Please find the GPL text under http://www.gnu.org/licenses/gpl-2.0.txt 2Please find the LGPL text under http://www.gnu.org/licenses/lgpl.txt 3Please find the license texts of OSI licenses (ISC License, MIT License, PHP License v3.0, zlib License) under
http://opensource.org/licenses
13

NB1600 User Manual for NRSW version 4.6.0.105
3. Specifications
3.1. Appearance
14

NB1600 User Manual for NRSW version 4.6.0.105
3.2. Features
All models of NB1600 have following standard functionalities: Redundant power input 2 Ethernet ports (10/100 Mbit/s) 2 digital inputs, 2 digital outputs 1 serial port (RS-232) 1 USB 2.0 host port 1 SIM card slot
The NB1600 can be equipped with the following options: UMTS / LTE WLAN IEEE 802.11abgn GPS/GNSS 64 GB internal storage Software Key Server 15

NB1600 User Manual for NRSW version 4.6.0.105

Due to its modular approach, the NB1600 router and its hardware components can be arbitrarily assembled according to its indented usage or application. Please contact us in case of special project requirements.

3.3. Environmental Conditions

Parameter Input Voltage Operating Temperature Range Storage Temperature Range Humidity Altitude Over-Voltage Category Pollution Degree Ingress Protection Rating

Rating 12 VDC to 48 VDC (-15% / +20%) -25 C to +70 C -40 C to +85 C 0 to 95% (non-condensing) up to 4000m I 2 IP40

Table 3.1.: Environmental Conditions

NB1600 User Manual for NRSW version 4.6.0.105
3.4. Interfaces
3.4.1. Overview

Nr. Label 1 LED Indicators 2 USB
3 Ethernet 4 Mobile/
Mobile 1 5 Mobile 2 6 WLAN1 7 WLAN2 8 GNSS 9
10 Power

Panel Front Front
Front Front

Function LED Indicators for the status and different interfaces USB 2.0 host port, can be used as USB device server or for software/configuration updates. FastEthernet ports, can be used as LAN or WAN interfaces SMA female connector for the main GSM/UMTS antenna

Front Front Front Front Top
Top

SMA female connector for second LTE antenna
SMA female connector for first WLAN antenna (main)
SMA female connector for second WLAN antenna (diversity)
SMA female connector for GNSS
Earth protection connector (earthing is optional), connected to the ground of the power supply VGND. If used, connect a yellowgreen marked cable with at least 6mm2 copper area. Avoid corrosion and protect the screws against loosening
Power supply 12-48 VDC (Pins 1 and 2). Additional power supply (redundancy) 12-48 VDC (Pins 3 and 4)

NB1600 User Manual for NRSW version 4.6.0.105

Nr. Label 11 RS-232
12 Outputs 13 Inputs 14 Reset

Panel Top
Top Top Top

Function Non-isolated serial RS-232 interface (Pins 5 to 7) which can be used for console administration, serial device server or other serial based communication applications
Galvanic isolated digital outputs (Pins 8 to 11)
Galvanic isolated digital inputs (Pins 12 to 15)
Reboot and factory reset button

Table 3.2.: NB1600 Interfaces

3.4.2. LED Indicators The following table describes the NB1600 status indicators.

Label Status

Color

PPPoE1 Mobile1
VPN WLAN1
GNSS
DO1 DO2 DI1

[2] [2]

State blinking
on on on off on blinking off on off on blinking off on blinking off on off on off on off

Function The device is busy due to startup, software or configuration update. The device is ready. The captions of the right bank apply. The device is ready. The captions of the left bank apply. PPPoE connection is up. PPPoE connection is down. Mobile connection is up. Mobile connection is being established. Mobile connection is down. VPN connection is up. VPN connection is down. WLAN connection is up. WLAN connection is being established. WLAN connection is down. GNSS is turned on and a valid NMEA stream is available. GNSS is searching for satellites. GNSS is turned off or no valid NMEA stream is available. Normally open output port 1 is closed. Normally open output port 1 is open. Normally closed output port 2 is closed. Normally closed output port 2 is open. Input port 1 is set. Input port 1 is not set.

NB1600 User Manual for NRSW version 4.6.0.105

Label

Color

State Function

DI2

Input port 2 is set.

off

Input port 2 is not set.

[2] The color of the LED represents the signal quality for wireless links.

red means low

yellow means moderate

green means good or excellent

Table 3.3.: NB1600 Status Indicators

Ethernet LEDs The following table describes the Ethernet status indicators.

Label Ethernet

Color

State on
blinking off

Function Link on (10 Mbit/s, 100 Mbit/s) Activity no Link

Table 3.4.: Ethernet Status Indicators

3.4.3. Reset
The reset button has two functions: 1. Reboot the system: Press at least 3 seconds to trigger a system reboot. The reboot is indicated with the red blinking Status LED. 2. Factory reset: Press at least 10 seconds to trigger a factory reset. The start of the factory reset is confirmed by all LEDs lighting up for a second.

1Not available on all models.
19

NB1600 User Manual for NRSW version 4.6.0.105

3.4.4. Mobile The various variants of the NB1600supports multiple multimode modules for mobile communication.

Standard

Bands

Data rate

4G (LTE/FDD)

B1(2100), B2(1900), B3(1800), B5(850), Downlink: 100 Mbit/s

B7(2600), B8(900), B20(800)

Uplink: 50 Mbit/s

3G (DC-HSPA+/UMTS) B5(850), B8(900), B2(1900), B1(2100)

Downlink: 42 Mbit/s Uplink: 5.76 Mbit/s

2G (EDGE/GPRS/GSM) B9(900), B3(1800), B2(1900)

Downlink: 236.8 kbit/s Uplink: 236.8 kbit/s

LTE450

LTE Band 3 (1800 MHz), LTE Band 7 (2600 MHz), LTE Band 20 (800 MHz), LTE Band 31 (450 MHz), UMTS Band 1 (2100 MHz), UMTS Band 8 (900 MHz)

Downlink: 100 Mbit/s Uplink: 50 Mbit/s

Table 3.5.: Mobile Interface

The LTE modules support 2x2 MIMO.

The mobile antenna ports have the following specification:

Feature

Specification

Max. allowed cable length

30 m

Max. allowed antenna gain including cable attenuation

2.5 dBi

Min. distance between collocated ra- 20 cm dio transmitter antennas (Example: MOB1 to MOB2)

Min. distance between people and an- 40 cm tenna

Connector type

SMA

Table 3.6.: Mobile Antenna Port Specification

NB1600 User Manual for NRSW version 4.6.0.105

3.4.5. WLAN
The variants of the NB1600support a 802.11 a/b/g/n WLAN module. It can operate either as client or access point.

Standard 802.11a 802.11b 802.11g 802.11n

Frequencies 5 GHz 2.4 GHz 2.4 GHz 2.4/5 GHz

Bandwidth 20 MHz 20 MHz 20 MHz 20/40 MHz

Data Rate 54 Mbit/s 11 Mbit/s 54 Mbit/s 300 Mbit/s

Table 3.7.: IEEE 802.11 Standards

Note: 802.11n supports 2x2 MIMO

The WLAN antenna ports have the following specification:

Feature

Specification

Max. allowed cable length

30 m

Max. allowed antenna gain including cable attenuation

3.0 dBi1

Min. distance between collocated ra- 20 cm dio transmitter antennas (Example: WLAN1 to MOB1)

Min. distance between people and an- 40 cm tenna

Connector type

SMA

Table 3.8.: WLAN Antenna Port Specification

1Note: WLAN antennas with a higher amplification may be used with the NetModule router "Enhanced-RF-Configuration" software license and the antenna gain and cable attenuation that have been correctly configured by certified specialized personnel.
21

NB1600 User Manual for NRSW version 4.6.0.105

3.4.6. GNSS GNSS (Option G) The GNSS is used from a WWAN Module.
Feature Systems Data stream Tracking sensitivity Supported antennas

Specification GPS/GLONASS JSON or NMEA -154 dBm Active and passive

Table 3.9.: GNSS Specifications option G

The GNSS antenna port have the following specification:

Feature

Specification

Max. allowed cable length

30 m

Max. allowed antenna gain

3.0 dBi

Min. distance between collocated ra- 20 cm dio transmitter antennas (Example: WLAN1 to MOB1)

Connector type

SMA

Table 3.10.: GNSS / GPS Antenna Port Specification

3.4.7. USB 2.0 Host Port The USB 2.0 host port has the following specification:

Feature Speed Current Max. cable length Cable shield Connector type

Specification Low, Full & Hi-Speed max. 500 mA 3m mandatory Type A

Table 3.11.: USB 2.0 Host Port Specification

3.4.8. RJ45 Ethernet Connectors

Specification The two Ethernet ports are specified as follows:

NB1600 User Manual for NRSW version 4.6.0.105

Feature Isolation to enclosure Speed Mode Crossover Max. cable length Cable type Cable shield Connector type

Specification 1414 VDC 10/100 Mbit/s Half- & Full-Duplex Automatic MDI/MDI-X 100 m CAT5e or better mandatory RJ45

Table 3.12.: Ethernet Port Specification

NB1600 User Manual for NRSW version 4.6.0.105

Pin Assignment

Pin Signal 1 TX+ 2 TX- 3 RX+ 456 RX- 78-
Table 3.13.: Pin Assignments of RJ45 Ethernet Connectors
Note: Pairs 4-5 and 7-8 have an internal 100 termination.

3.4.9. 15 Pin Terminal Block

Connector The power supply, the serial interface and the digital input/output shares the 15 pin terminal block.

Feature Connector pitch Connector in router Mating part on cable

Specification 5.00 mm Phoenix Contact MSTBA 2,5/15-G Phoenix Contact MSTB 2,5/15-ST

Table 3.14.: 15 Pin Terminal Block Specifications

NB1600 User Manual for NRSW version 4.6.0.105

Pin Assignment

Power

RS232

Pin Name Description

VGND Power Ground

V+ 12 VDC to 48 VDC

VGND Power Ground

V+ 12 VDC to 48 VDC

RxD RS-232 RxD (non-isolated)

TxD RS-232 TxD (non-isolated)

7 GND RS-232 GND (non-isolated)

8 DO1 Dry contact relay normally open

9 DO1 Dry contact relay normally open

10 DO2 Dry contact relay normally closed

11 DO2 Dry contact relay normally closed

12 DI1- Digital Input 1 (negative)

13 DI1+ Digital Input 1 (positive)

14 DI2- Digital Input 2 (negative)

15 DI2+ Digital Input 2 (positive)

Outputs

Inputs

Table 3.15.: Pin Assignments of Terminal Block

Power Supply NB1600 routers provide two non-isolated power supply inputs. The power is sourced from the input with the higher voltage applied to. The power ports have the following specifications:

Feature Power supply nominal voltages Voltage range Max. power consumption Max. cable length Cable shield

Specification 12 VDC, 24 VDC, 36 VDC and 48 VDC 12 VDC to 48 VDC (-15% / +20%) 5W 30 m not required

Table 3.16.: Power Specifications

NB1600 User Manual for NRSW version 4.6.0.105

RS-232 The RS-232 port has the following specification (bold characters show the default configuration):

Feature Protocol Baud rate
Data bits Parity Stop bits Software flow control Hardware flow control Galvanic isolation to enclosure Max. cable length Cable shield

Specification 3-wire RS-232: GND, TXD, RXD 300, 1 200, 2 400, 4 800, 9 600, 19 200, 38 400, 57 600, 115 200, 230 400, 460 800 7 bit, 8 bit none, odd, even 1, 2 none, XON/XOFF none none 10 m not required

Table 3.17.: RS-232 Port Specification

Isolated Outputs The isolated digital output ports have the following specification:

Feature Number of outputs Limiting continuous current Maximum switching voltage Maximum switching capacity

Specification 2 1A 60 VDC, 42 VAC ( Vrms) 60 W

Table 3.18.: Isolated Digital Outputs Specification

NB1600 User Manual for NRSW version 4.6.0.105

Isolated Inputs The isolated digital input ports have the following specification:

Feature Number of inputs Maximum input voltage Minimum voltage for level 1 (set) Maximum voltage for level 0 (not set)

Specification 2 40 VDC
7.2 VDC
5.0 VDC

Table 3.19.: Isolated Digital Inputs Specification

Note: A negative input voltage is not recognized.

NB1600 User Manual for NRSW version 4.6.0.105
4. Installation
The NB1600 is designed for mounting on a DIN rail, wall or worktop. Please consider the safety instructions in chapter 2 and the environmental conditions in chapter 3.3. The following precautions must be taken before installing a NB1600 router:
Avoid direct solar radiation Protect the device from humidity, steam and aggressive fluids Guarantee sufficient circulation of air around the device The device is for indoor use only
Attention: NetModule routers are not intended for the end consumer market. The device must be installed and commissioned by a certified expert.
4.1. Installation of the Mini-SIM Card
One Mini-SIM cards can be inserted in a NB1600 router. To install a SIM card, you will have to remove the SIM cover first. The card holder is opened by sliding it slightly until it shifts up. You can now insert the SIM card, press the holder and shift it back until it is locked. Ensure to have the contacts placed correctly, otherwise the holder will not lock. The cover has to be closed again afterwards.
28

NB1600 User Manual for NRSW version 4.6.0.105

4.2. Installation of the GSM/UMTS/LTE Antenna
NetModule routers will only operate efficiently in the cellular network if there is a good signal. A stub antenna will be suitable for most applications. However, in some circumstances it might be necessary to use remote antennas together with an extended cable to reach a better location offering an adequate signal. In doubt, please contact us and we would be pleased to assist you in figuring out the best matching antenna setup for your application. Keep in mind that effects caused by Faraday cages such as large metal surfaces (elevators, machine housings, etc.), close meshed iron constructions and others may reduce signal reception significantly. The mounted antennas or antenna cables should be fixed with a wrench. The following table shows how to connect the LTE/UMTS antennas. Generally, LTE antennas use both, main and auxiliary ports, but UMTS requrires only main ports.

Antenna Port Mobile 1 Mobile 2

Type Main Auxiliary

Table 4.1.: LTE/UMTS antenna port types

Attention: Following points must be observed when installing the antennas: A minimum clearance of at least 40 cm between people and the antennas must always
be ensured.
If one mobile interface transmit simultaneously with other collocated radio transmitters the separation distance of 20 cm between the antennas must be maintained at all times. As a consequence, the antenna ports of different modems shall never be connected to the ports of a single combined antenna.
Antennas which are installed outside a building or the vehicle hull must limit transient overvoltages (according to IEC 62368-1) to below a peak of 1500 V through external protection circuits.
Mobile communications antennas may have an amplification of maximum 2.5dBi, including the cable attenuation, in the relevant frequency range.

NB1600 User Manual for NRSW version 4.6.0.105

4.3. Installation of the WLAN Antennas
The following table shows how to connect the WLAN antennas. The number of attached antennas can be configured in the software. If only one antenna is used, it must be attached to the main port. However, for better diversity and thus better throughput and coverage, we highly recommend using two antennas.

Antenna Port WLAN 1 WLAN 2

Type Main Auxiliary

Table 4.2.: WLAN antenna port types

Attention: Following points must be observed when installing the antennas: A minimum clearance of at least 40 cm between people and the antennas must always
be ensured.
If one WLAN interface transmit simultaneously with other collocated radio transmitters the separation distance of 20 cm between the antennas must be maintained at all times.
WLAN antennas must only be installed in buildings or within vehicle hulls.
WLAN antennas may have an amplification of maximum 3dBi in the relevant frequency range. WLAN antennas with a higher amplification may be used with the NetModule router "Enhanced-RF-Configuration" software license and the antenna gain and cable attenuation that have been correctly configured by certified specialized personnel.

4.4. Installation of the GPS Antenna
The GNSS antenna must be mounted to the connector GNSS. Whether the antenna is an active or passive GNSS antenna has to be configured in the software. We recommend active GPS antennas for highly accurate GPS tracking.
Attention: Following points must be observed when installing the antenna: A minimum clearance of at least 40 cm between people and the antenna must always
be ensured. Antennas which are installed outside a building or the vehicle hull must limit transient
overvoltages (according to IEC 62368-1) to below a peak of 1500 V through external protection circuits.

NB1600 User Manual for NRSW version 4.6.0.105
4.5. Installation of the Local Area Network
Up to two 10/100 Mbps Ethernet devices can be directly connected to the router, further devices can be attached via an addtional Ethernet switch. Please ensure that the connector has been plugged in properly and remains in a fixed state, you might otherwise experience sporadical link loss during operation. The Link/Act LED will lit up as soon as the device has synced. If not, it might be necessary to configure a different link setting as described in chapter 5.3.2.
Attention: Only a shielded Ethernet cable may be used.
4.6. Installation of the Power Supply
The router can be powered with an external source supplying between 12 VDC and 48 VDC. It is to be used with a certified (CE or equivalent) power supply, which must have a limited and SELV circuit output. The router is now ready for getting engaged.
Attention: Only CE-compliant power supplies with a current-limited SELV output voltage range may be used with the NetModule routers.
31

NB1600 User Manual for NRSW version 4.6.0.105
5. Configuration
The following chapters provide information on setting up the router and configuring its functions as provided with system software 4.6.0.105.
NetModule provides regularly updated router software with new functions, bug fixes and closed vulnerabilities. Please keep your router software up to date. ftp://share.netmodule.com/router/public/system-software/
5.1. First Steps
NetModule routers can be easily set up by using the HTTP-based configuration interface, called the Web Manager. It is supported by the latest web browsers. Please ensure to have JavaScript turned on. Any submitted configuration via the Web Manager will be applied immediately to the system when pressing the Apply button. When configuring subsystems which require multiple steps (for instance WLAN) you can use the Continue button to store any settings temporarily and apply them at a later time. Please note that those settings will be neglected at logout unless applied. You may also upload configuration files via SNMP, SSH, HTTP or USB in case you intend to deploy a larger numbers of routers. Advanced users may also use the Command Line Interface (CLI) and set configuration parameters directly. The IP address of Ethernet 1 is 192.168.1.1 and DHCP is activated on the interface by default. The following steps need to be taken to establish your first Web Manager session:
1. Connect the Ethernet port of your computer to the Ethernet 1 (FastEthernet) port of the router using a shielded CAT5 cable with RJ45 (or M12) connector.
2. If not yet activated, enable DHCP on your computer's Ethernet interface so that an IP address can be obtained automatically from the router. This usually takes a short amount of time until your PC has received the corresponding parameters (IP address, subnet mask, default gateway, name server). You may track the progress by having a look to your network control panel and check whether your PC has correctly retrieved an IP address of the range 192.168.1.100 to 192.168.1.199.
3. Launch your favorite web browser and point it to the IP address of the router (the URL is http://192.168.1.1).
4. Please follow the instructions of the Web Manager for configuring the router. Most of the menus are self-explanatory, further details are given in the following chapters.
5.1.1. Initial Access
In factory state you will be prompted for a new administrator password. Please choose a password which is both, easy to remember but also robust against dictionary attacks (such as one that contains numbers, letters and punctuation characters). The password shall have a minimum length of 6 characters. It shall contain a minimum of 2 numbers and 2 letters.
32

NB1600 User Manual for NRSW version 4.6.0.105

Admin Password Setup
Please set a password for the admin account. It shall have a minimum length of 6 characters and contain at least 2 numbers and 2 letters.

Username: Enter new password: Confirm new password:
I agree to the terms and conditions

admin

Configure automatic mobile data connection

Apply

NetModule Insights
Subscribe to our mailing and get the latest news about software releases and much more

Figure 5.1.: Initial Login
Please note that the admin password will be also applied for the root user which can be used to access the device via the serial console, Telnet, SSH or to enter the bootloader. You may also configure additional users which will only be granted to access the summary page or retrieve status information but not to set any configuration parameters. A set of services (USB Autorun, CLI-PHP) are by default activated in factory state and will be disabled as soon as the admin password has been set. They can be enabled again afterwards in the relevant sections. Other services (SSH, Telnet, Console) can be accessed in factory state by providing an empty or no password. The passphrase which is used to store and access generated and uploaded private keys is initialized to a random value. It can be changed as described in chapter 5.8.8.
5.1.2. Automatic Mobile Data Connection
If you put a SIM with disabled PIN into the first SIM slot and select 'Configure automatic mobile data connection' the router will try to select matching credentials from a database of known providers and

NB1600 User Manual for NRSW version 4.6.0.105
esteblish a mobile data connection automatically. This feature is highly dependent on the SIM card features and the available networks. This Option is only availble if the router is equipped with a cellular module. 5.1.3. Recovery Following actions might be taken in case the router has been misconfigured and cannot be reached anymore:
1. Factory Reset: You can initiate a reset back to factory settings via the Web Manager, by running the command factory-reset or by pressing the reset button. The latter would require a slim needle or paper clip which must be inserted into the holeat the top front. The button must be hold pressed for up to 5 seconds until all LEDs flash up.
2. Serial Console Login: It is also possible to log into the system via the serial port. This requires a terminal emulator (such as PuTTY or HyperTerminal) and an RS232 connection (115200 8N1) attached to the serial port of your local computer. You will also see the kernel messages at bootup there.
3. Recovery Image: In severe cases we can provide a recovery image on demand which can be loaded into RAM via TFTP and executed. It offers a minimal system image for running a software update or doing other modifications. You will be provided with two files, recovery-image and recovery-dtb, which must be placed in the root directory of a TFTP server (connected via LAN1 and address 192.168.1.254). The recovery image can be launched from the bootloader using a serial connection. You will have to stop the boot process by pressing s and enter the bootloader. You can then issue run recovery to load the image and start the system which can be accessed via HTTP/SSH/Telnet and its IP address 192.168.1.1 afterwards. This procedure can be also initiated by holding the factory reset button longer than 15 seconds.
34

NB1600 User Manual for NRSW version 4.6.0.105

5.2. HOME
This page provides a status overview of enabled features and connections.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Status Summary WAN WWAN WLAN GNSS Ethernet LAN Bridges DHCP OpenVPN IPsec PPTP MobileIP Firewall System

Summary Description LAN2 WWAN1 WLAN1 IPsec1 PPTP1 MobileIP

Administrative Status enabled enabled enabled, access-point enabled enabled, server enabled

Operational Status dialing down up down up down

LOGOUT

NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG
Figure 5.2.: Home
Summary This page offers a short summary about the administrative and operational status of the router's interfaces. WAN This page offers details about any enabled Wide Area Network (WAN) links (such as the IP addresses, network information, signal strength, etc.) The information about the amount of downloaded/uploaded data is stored in non-volatile memory, thus survive a reboot of the system. The counters can be reset by pressing the Reset button. WWAN This page shows information about modems and their network status. WLAN The WLAN page offers details about the enabled WLAN interfaces when operating in access-point mode. This includes the SSID, IP and MAC address and the currently used frequency and transmit
35

NB1600 User Manual for NRSW version 4.6.0.105
power of the interface as well as the list of associated stations. GNSS This page displays the position status values, such as latitude/longitude, the satellites in view and more details about the used satellites. Ethernet This page shows information about the Ethernet interfaces and packet statistics information. LAN This page shows information about the LAN interfaces plus the neighborhood information. Bridges This page shows information about configured virtual bridge devices. Bluetooth This page shows information about Bluetooth interfaces. DHCP This page offers details about any activated DHCP service, including a list of issued DHCP leases. OpenVPN This page provides information about the OpenVPN tunnel status. IPSec This page provides information about the IPsec tunnel status. PPTP This page provides information about the PPTP tunnel status. GRE This page provides information about the GRE tunnel status. L2TP This page provides information about the L2TP tunnel status. MobileIP This page provides information about Mobile IP connections. Firewall This page offers information about any firewall rules and their matching statistics. It can be used to debug the firewall. QoS This page provides information about the used QoS queues. BGP This page provides information about the Border Gateway Protocol.
36

NB1600 User Manual for NRSW version 4.6.0.105 OSPF This page provides information about the Open Shortest Path First routing protocol. DynDNS This page provides information about Dynamic DNS. System Status The system status page displays various details of your NB1600 router, including system details, information about mounted modules and software release information. SDK This section will list all webpages generated by SDK scripts.
37

NB1600 User Manual for NRSW version 4.6.0.105

5.3. INTERFACES
5.3.1. WAN
Link Management Depending on your hardware model, WAN links can be made up of either Wireless Wide Area Network (WWAN), Wireless LAN (WLAN), Ethernet or PPP over Ethernet (PPPoE) connections. Please note that each WAN link has to be configured and enabled in order to appear on this page.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

WAN Link Management
In case a WAN link goes down, the system will automatically switch over to the next link in order of priority. A link can be either established when the switch occurs or permanently to minimize link downtime. Outgoing traffic can also be distributed over multiple links on a per IP session basis.

Priority Interface 1st LAN2 2nd WWAN1

Operation Mode permanent permanent

Apply

Figure 5.3.: WAN Links

NB1600 User Manual for NRSW version 4.6.0.105

In general, a link will be only dialed or declared as up if the following prerequisites are met:

Condition Modem is registered Registered with valid service type Valid SIM state Sufficient signal strength Client is associated Client is authenticated Valid DHCP address retrieved Link is up and holds address Ping check succeeded

WWAN X X X X
X X X

WLAN
X X X X X X

ETH
X X X

PPPoE
X X X

The menu can be used further to prioritize your WAN links. The highest priority link which has been established successfully will become the so-called hotlink which holds the default route for outgoing packets.
In case a link goes down, the system will automatically switch over to the next link in the priority list. You can configure each link to be either established when the switch occurs or permanently in order to minimize link downtime.

Parameter 1st priority 2nd priority
3rd priority
4th priority

WAN Link Priorities
The primary link which will be used whenever possible.
The first fallback link, it can be enabled permanently or being dialed as soon as Link 1 goes down.
The second fallback link, it can be enabled permanently or being dialed as soon as Link 2 goes down.
The third fallback link, it can be enabled permanently or being dialed as soon as Link 3 goes down.

Links are being triggered periodically and put to sleep in case it was not possible to establish them within a certain amount of time. Hence it might happen that permanent links will be dialed in background and replace links with lower priority again as soon as they got established. In case of interfering links sharing the same resources (for instance in dual-SIM operation) you may define a switch-back interval after which an active hotlink is forced to go down in order to let the higher-prio link getting dialed again.
We recommend to use the permanent operation mode for WAN links in general. However, in case of time-limited mobile tariffs for instance, the switchover mode might be applicable. By using the distributed mode, it is possible to distribute outgoing traffic over multiple WAN links based on their weight ratio.

NB1600 User Manual for NRSW version 4.6.0.105

Attention: You can have concurrent WWAN links which share a common resource like one WWAN module using SIM cards of different providers. In that case it would not be possible to find out if the link with the higher priority is available without putting down the low priority link. Therefore, such a link will behave like a switchover, even if configured as permanent.

For mobile links, it is further possible to pass through the WAN address towards a local host (also called Drop-In or IP Pass-through). In particular, the first DHCP client will receive the public IP address. More or less, the system acts like a modem in such case which can be helpful in case of firewall issues. Once established, the Web Manager can be reached over port 8080 using the WAN address but still over the LAN1 interface using port 80.

Parameter disabled permanent on switchover
distributed

WAN Link Operation Modes Link is disabled Link is being established permanently Link is being established on switchover, it will be dialed if previous links failed Link is member of a load distribution group

Parameter Operation mode Weight Switch-back
Bridging interface1

WAN Link Settings The operation mode of the link
The weight ratio of a distributed link
Specifies the switch-back condition of a switchover link and the time after an active hotlink will be teared down
If WLAN client, the LAN interface to which the WAN link should be bridged.

NetModule routers provide a feature called IP pass-through (aka Drop-In mode). If enabled, the WAN address will be be passed-through to the first DHCP client of the specified LAN interface. As Ethernetbased communication requires additional addresses, we pick an appropriate subnet to talk to the LAN host. In case this overlaps with other addresses of your WAN network, you may optionally specify the network given by your provider to avoid any address conflicts.

Parameter IP Pass-through Interface WAN network WAN netmask

IP Pass-Through Settings Enables or disables IP pass-through Specifies the interface on which the address shall be passed-through Specifies the WAN network Specifies the WAN netmask

1This options requires an Access Point with four address frame format support.

NB1600 User Manual for NRSW version 4.6.0.105

Supervision
Network outage detection on a per-link basis can be performed by sending pings on each link to some authoritative hosts. A link will be declared as down in case all trials have failed and only as up if at least one host can be reached.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Link Supervision

Network outage detection can be performed by sending pings on each WAN link to authoritative hosts. The link will be declared as down in case all trials failed. You may further specify an emergency action if a certain downtime is reached.

Link

Hosts

Emergency Action

ANY

8.8.8.8, 8.8.4.4

none

Parameter Link Mode
Primary host Secondary host Ping timeout

Figure 5.4.: Link Supervision
Supervision Settings The WAN link to be monitored (can be ANY) Specifies whether the link shall only be monitored if being up (e.g. for using a VPN tunnel) or if connectivity shall be also validated at connection establishment (default) The primary host to be monitored The secondary host to be monitored (optional) The amount of time in milliseconds a response for a single ping can take, consider to increase this value in case of slow and tardy links (such as 2G connections)

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Ping interval Retry interval Max. number of failed trials Emergency action

Supervision Settings
The interval in seconds at which pings are transmitted on each interface
The interval in seconds at which pings are re-transmitted in case a first ping failed
The maximum number of failed ping trials until the link will be declared as down
The emergency action which should be taken after a maximum downtime has been reached. Using reboot would perform a reboot of the system, restart link services will restart all link-related applications including a reset of the modem.

WAN Settings
This page can be used to configure WAN specific settings like the Maximum Segment Size (MSS). The MSS corresponds to the largest amount of data (in bytes) that the router can handle in a single, unfragmented TCP segment. In order to avoid any negative side effects, the number of bytes in the data segment and the headers must not add up to more than the number of bytes in the Maximum Transmission Unit (MTU). The MTU can be configured per each interface and corresponds to the largest packet size that can be transmitted.

NB1600 User Manual for NRSW version 4.6.0.105

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

TCP Maximum Segment Size

The maximum segment size defines the largest amount of data of TCP packets (usually MTU minus 40). You may decrease the value in case of fragmentation issues or link-based limits.

MSS adjustment: Maximum segment size:

enabled disabled
1380

Apply

Figure 5.5.: WAN Settings

Parameter MSS adjustment Maximum segment size

TCP MSS Settings Enable or disable MSS adjustment on WAN interfaces. Maximum number of bytes in a TCP data segment.

NB1600 User Manual for NRSW version 4.6.0.105

5.3.2. Ethernet
NB1600 routers ship with 2 dedicated Ethernet ports (ETH1 and ETH2) which can be linked via RJ45 connectors. ETH1 usually forms the LAN1 interface which should be used for LAN purposes. Other interfaces can be used to connect other LAN segments or for configuring a WAN link. The LAN10 interface will be available as soon as a pre-configured USB Ethernet device has been plugged in.
Ethernet Port Assignment

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Port Assignment

Link Settings

Ethernet 1 Administrative status: Network interface:
Ethernet 2 Administrative status: Network interface:

enabled disabled LAN1
enabled disabled LAN2

Apply

LOGOUT

Figure 5.6.: Ethernet Ports
This menu can be used to individually assign each Ethernet port to a LAN interface, just in case you want to have different subnets per port or use one port as WAN interface. You may assign multiple ports to the same interface.

NB1600 User Manual for NRSW version 4.6.0.105

Please note that NB1600 routers don't have a switch but single PHY ports. If both ports are assigned to the same LAN interface the ports will be bridged by software. The following options exist:

Parameter Enable bridge filtering Enable RSTP

Ethernet Softbridge Settings If enabled, the firewall rules will also match packets between the ports
If enabled, the Rapid Spanning Tree Protocol (IEEE 802.1D-2004) rather than the Spanning Tree Protocol will be activated

Ethernet Link Settings

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Port Assignment

Link Settings

Link speed for Ethernet 1: Link speed for Ethernet 2:
Apply

auto-negotiated auto-negotiated

LOGOUT

Figure 5.7.: Ethernet Link Settings
Link negotiation can be set for each Ethernet port individually. Most devices support auto-negotiation which will configure the link speed automatically to comply with other devices in the network. In case of negotiation problems, you may assign the modes manually but it has to be ensured that all devices in the network utilize the same settings then.

NB1600 User Manual for NRSW version 4.6.0.105

Authentication via IEEE 802.1X NetModule-routers support authentication via the IEEE 802.1X standard. This can be configured for each Ethernet port individually. The following options exist:

Parameter Wired 802.1X status EAP type Anonymous identity Identity Password Certificates

Wired IEEE 802.1X Settings If enabled, the router will authenticate on this port via IEEE 802.1X Which protocol to use to authenticate The anonymous identify for PEAP authentication The identify for EAP-TLS or PEAP authentication (required) The password for PEAP authentication (required) Certificates for authentication via EAP-TLS or PEAP. Can be configured in chapter 5.8.8

VLAN Management
NetModule routers support Virtual LAN according to IEEE 802.1Q which can be used to create virtual interfaces on top of an Ethernet interface. The VLAN protocol inserts an additional header to Ethernet frames carrying a VLAN Identifier (VLAN ID) which is used for distributing the packets to the associated virtual interface. Any untagged packets, as well as packets with an unassigned ID, will be distributed to the native interface.

NB1600 User Manual for NRSW version 4.6.0.105

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

VLAN Management

VLAN ID
Interface

LAN1-1

Network Interface Priority

LAN1

default

LAN1-2

LAN1

background

Mode routed routed

LOGOUT

Figure 5.8.: VLAN Management

In order to form a distinctive subnet, the network interface of a remote LAN host must be configured with the same VLAN ID as defined on the router. Further, 802.1P introduces a priority field which influences packet scheduling in the TCP/IP stack.
The following priority levels (from lowest to highest) exist:

Parameter 0 1 2 3 4 5 6 7

VLAN Priority Levels Background Best Effort Excellent Effort Critical Applications Video (< 100 ms latency and jitter) Voice (< 10 ms latency and jitter) Internetwork Control Network Control

NB1600 User Manual for NRSW version 4.6.0.105

IP Settings This page can be used to configure IP addressing for your LAN/WAN Ethernet interfaces.

Parameter Mode MTU

LAN IP Settings Defines whether this interface is being used as LAN or WAN interface.
The Maximum Transmission Unit for the interface, if provided it will specify the largest size of a packet transmitted on the interface.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
GNSS
NB2800 NetModule Router Hostname NB2800 Software Version 4.6.0.100 © 2004-2021, NetModule AG

IP Address Management

Network Interface

Mode IP Address Mode

LAN1

LAN STATIC

LAN1-1

LAN STATIC

LAN1-2

LAN STATIC

LAN2

WAN DHCP

IP Address 192.168.1.1 192.168.101.1 192.168.102.1 -

Netmask 255.255.255.0 255.255.255.0 255.255.255.0 -

Figure 5.9.: LAN IP Configuration

NB1600 User Manual for NRSW version 4.6.0.105

LAN-Mode When running in LAN mode, the interface may be configured with the following settings:

Parameter IP address Netmask Alias IP address Alias Netmask MAC

LAN IP Settings The IP interface address The netmask for this interface Optional alias IP interface address Optional alias netmask for this interface Custom MAC adress for this interface (not supported for VLANs)

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
GNSS
NB2800 NetModule Router Hostname NB2800 Software Version 4.6.0.100 © 2004-2021, NetModule AG

IP Settings LAN1 Mode: Static Configuration IP address: Netmask: Alias IP address: Alias Netmask: MTU: MAC:
Apply

LAN WAN
192.168.1.1 255.255.255.0

LOGOUT

Figure 5.10.: LAN IP Configuration - LAN Interface

NB1600 User Manual for NRSW version 4.6.0.105

WAN-Mode When running in WAN mode, the interface may be configured with two IP versions in the following way:

Parameter IPv4 IPv6 Dual-Stack

Description Only Internet Protocol Version 4 Only Internet Protocol Version 6 Run Internet Protocol Version 4 and Version 6 in parallel

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
GNSS
NB2800 NetModule Router Hostname NB2800 Software Version 4.6.0.100 © 2004-2021, NetModule AG

IP Settings LAN1 Mode:
IP version: IPv4 Configuration IPv4 WAN mode: IPv6 Configuration IPv6 WAN mode: MTU: MAC:
Apply

LAN WAN IPv4 IPv6 Dual-Stack
DHCP Static PPPoE
SLAAC Static

LOGOUT

Figure 5.11.: LAN IP Configuration - WAN Interface

NB1600 User Manual for NRSW version 4.6.0.105

Depending on the selected IP version you can configure your interface with the following settings:

IPv4 Settings The router can configure its IPv4 address the following ways:

Parameter DHCP
Static
PPPoE

IPv4 WAN-Modes
When running as DHCP client, no further configuration is required because all IP-related settings (address, subnet, gateway, DNS server) will be retrieved from a DHCP server in the network.
Allows you to define static values. Caution has to be taken to assign a unique IP address as it would otherwise raise IP conflicts in the network.
PPPoE is commonly used when communicating with another WAN access device (like a DSL modem).

IPv4-PPPoE Settings The following settings can be applied:

Parameter User name Password Service name
Access concentrator name

PPPoE Configuration
PPPoE user name for authenticating at the access device
PPPoE password for authenticating at the access device
Specifies the service name set of the access concentrator and can be left blank unless you have multiple services on the same physical network and need to specify the one you want to connect to.
The name of the concentrator (the PPPoE client will connect to any access concentrator if left blank)

NB1600 User Manual for NRSW version 4.6.0.105

IPv6 Settings The router can configure its IPv6 address the following ways:

Parameter SLAAC
Static

IPv6 WAN-Modes
All IP-related settings (address, prefix, routes, DNS server) will be retrieved by the neighbor-discovery-protocol through stateless-addressautoconfiguration.
Allows you to define static values. Caution has to be taken to assign a unique IP address as it would otherwise raise IP conflicts in the network. You can only configure global addresses. The link-local address is automatically generated via the MAC address.

DNS Server
When all enabled IP versions are set to Static, you may configure an interface-specific nameserver. To override the interface-specific nameservers see chapter 5.7.3.

NB1600 User Manual for NRSW version 4.6.0.105

5.3.3. Mobile
Modems Configuration This page lists all available WWAN modems. They can be disabled on demand.
Query This page allows you to send Hayes AT commands to the modem. Besides the 3GPP-conforming AT command-set further modem-specific commands can be applicable which we can provide on demand. Some modems also support running Unstructured Supplementary Service Data (USSD) requests, e.g. for querying the available balance of a prepaid account. SIMs

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Mobile SIMs
This menu can be used to assign a default modem to each SIM which will also be used by SMS and GSM voice services. A SIM card can get switched in case of multiple WWAN interfaces sharing the same modem.

SIM Default SIM1 Mobile1

Current Mobile1

SIM State missing

SIM Lock unknown

Registered no

Update

Figure 5.12.: SIMs
The SIM page gives an overview about the available SIM cards, their assigned modems and the current state. Once a SIM card has been inserted, assigned to a modem and successfully unlocked, the card should remain in state ready and the network registration status should have turned to registered. If

NB1600 User Manual for NRSW version 4.6.0.105 not, please double-check your PIN. Please keep in mind that registering to a network usually takes some time and depends on signal strength and possible radio interferences. You may hit the Update button at any time in order to restart PIN unlocking and trigger another network registration attempt. Under some circumstances (e.g. in case the modem flaps between base stations) it might be necessary to set a specific service type or assign a fixed operator. The list of operators around can be obtained by initiating a network scan (may take up to 60 seconds). Further details can be retrieved by querying the modem directly, a set of suitable commands can be provided on request.
54

NB1600 User Manual for NRSW version 4.6.0.105

Configuration
A SIM card is generally assigned to a default modem but might be switched, for instance if you set up two WWAN interfaces with one modem but different SIM cards. Close attention has to be paid when other services (such as SMS or Voice) are operating on that modem, as a SIM switch will naturally affect their operation. The following settings can be applied:

Parameter PIN code PUK code Default modem Preferred service
Registration mode Network selection

WWAN SIM Configuration
The PIN code for unlocking the SIM card
The PUK code for unlocking the SIM card (optional)
The default modem assigned to this SIM card
The preferred service to be used with this SIM card. Remember that the link manager might change this in case of different settings. The default is to use automatic, in areas with interfering base stations you can force a specific type (e.g. 3G-only) in order to prevent any flapping between the stations around.
The desired registration mode
Defines which network shall be selected. This can be bound to a specific provider ID (PLMN) which can be retrieved by running a network scan.

NB1600 User Manual for NRSW version 4.6.0.105

eSIM / eUICC

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
Serial
GNSS
CAN
Bluetooth
NG800 NetModule Router Hostname Simulator Software Version 4.6.0.100 © 2004-2021, NetModule AG

SIM Card

eSIM Profiles

Profile configuration for embedded SIM1

ICCID

Operator

Name

EID: 89033032426180001000002063768022

Nickname

LOGOUT

Figure 5.13.: eSIM Profiles
Selected router models contain an eUICC (embedded universal integrated circuit card) which allows you to download eSIM profiles from the internet to the router instead of having to insert a physical SIM card into the router. The eSIM profiles to be installed must be compliant to the GSMA RSP Technical Specification SGP.22. These are the same eSIM profiles that are used with current mobile phones. Profiles according to the older GSMA SGP.02 specification are not supported. eSIM profiles can be managed on the "eSIM Profiles" tab of the "Mobile / SIMs" configuration page. The management page allows you to display all installed eSIM profiles as well as to install, enable, disable and delete eSIM profiles. It is also possible to store a nickname for each profile. The eUICC can store up to about 7 eSIM profiles depending on the size of the profiles. Only one of those profiles can be active at a time. In order to install new eSIM profiles, you need to first establish IP connectivity to the internet so that the router can download the profile from the mobile network operator's server.

NB1600 User Manual for NRSW version 4.6.0.105

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
Serial
GNSS
CAN
Bluetooth
NG800 NetModule Router Hostname Simulator Software Version 4.6.0.100 © 2004-2021, NetModule AG

Add eUICC profile to SIM1 Method:
Activation code: ? Confirmation code:
Apply

Activation/QR Code Root discovery service scan or upload QR code

LOGOUT

Figure 5.14.: Add eUICC Profile
The following two ways are supported to install eSIM profiles and can be selected on the eSIM profiles configuration page:
1. QR code provided by the network operator To download the eSIM profile using this method your mobile network operator provides you a QR code which contains the information about the eSIM profile to be installed. If the device you are using to access the configuration GUI of the router has a camera, you can scan the QR code using the camera. Otherwise you can also upload an image file of the QR code. Or it is also possible to enter the contents of the QR code manually into the corresponding input field.
2. GSMA Root Discovery Service When using this method, you need to provide the EID, which is a unique number that identifies the eUICC of the router, to your mobile network operator. The EID is displayed on the eSIM profiles configuration page. The operator will then prepare the eSIM profile for your router on his provisioning servers. Afterwards, you can use the GSMA Root Discovery Service method to retrieve the eSIM profile without having to specify any additional information for the download. Note: Most mobile network operators allow only one download of an eSIM profile. So, if you download the profile once and delete it afterwards, you will not be able to download the same profile a second

NB1600 User Manual for NRSW version 4.6.0.105 time. In this case you would need to request a new eSIM profile from your operator.
58

NB1600 User Manual for NRSW version 4.6.0.105

WWAN Interfaces
This page can be used to manage your WWAN interfaces. The resulting link will pop up automatically as WAN link once an interface has been added. Please refer to chapter 5.3.1 for how to manage them.
The Mobile LED will be blinking during the connection establishment process and goes on as soon as the connection is up. Refer to section 5.8.7 or consult the system log files for troubleshooting the problem in case the connection did not come up.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Mobile Interfaces Interface Modem SIM PDP WWAN1 Mobile1 SIM1 PDP1

Number Service APN / User *99***1# automatic internet.telekom / tm

LOGOUT

Figure 5.15.: WWAN Interfaces

The following mobile settings are required:

Parameter Modem SIM Service type

WWAN Mobile Parameters The modem to be used for this WWAN interface The SIM card to be used for this WWAN interface The required service type

Please note that these settings supersede the general SIM based settings as soon as the link is being dialed.

NB1600 User Manual for NRSW version 4.6.0.105

Generally, the connection settings are derived automatically as soon as the modem has registered and the network provider has been found in our database. Otherwise, it will be required to configure the following settings manually:

Parameter Phone number
Access point name IP version
Authentication Username Password

WWAN Connection Parameters
The phone number to be dialed, for 3G+ connections this commonly refers to be *99***1#. For circuit-switched 2G connections you can enter the fixed phone number to be dialed in international format (e.g. +41xx).
The access point name (APN) being used
What IP version to use. Dual-stack lets you use IPv4 and IPv6 together. Please note, that your provider might not support all IP versions.
The authentication scheme being used, if required this can be PAP or/and CHAP
The user-name used for authentication
The password used for authentication

Furtheron, you may configure the following advanced settings:

Parameter Required signal strength Home network only Negotiate DNS Call to ISDN Header compression
Data compression Client address MTU

WAN Advanced Parameters
Sets a minimum required signal strength before the connection is dialed
Determines whether the connection should only be dialed when registered to a home network
Specifies whether the DNS negotiation should be performed and the retrieved name-servers should be applied to the system
Has to be enabled in case of 2G connections talking to an ISDN modem
Enables or disables 3GPP header compression which may improve TCP/IP performance over slow serial links. Has to be supported by your provider.
Enables or disables 3GPP data compression which shrinks the size of packets to improve throughput. Has to be supported by your provider.
Specifies a fixed client IP address if assigned by the provider
The Maximum Transmission Unit for this interface

NB1600 User Manual for NRSW version 4.6.0.105

5.3.4. WLAN
WLAN Management In case your router is shipping with a WLAN (or Wi-Fi) module you can operate it either as client, access point, mesh point or certain dual modes. As a client it can create an additional WAN link which for instance can be used as backup link. As access point, it can form another LAN interface which can be either bridged to an Ethernet-based LAN interface or create a self-contained IP interface which can be used for routing and to provide services (such as DHCP/DNS/NTP) in the same way like an Ethernet LAN interface does. As mesh point, it can create a wireless mesh network to provide a backhaul connectivity with dynamic path selection. As dual mode, it is possible to run access point and client or mesh point and access point functionality on the same radio module.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WLAN Management Administrative status:

Operational mode:

Regulatory domain: Operation type: Radio band: Bandwidth: Channel: Number of antennas: Antenna gain:

Apply

Continue

enabled disabled client access point mesh point dual modes European Union 802.11b 2.4 GHz 20 MHz
Auto
2 0 dB

Channel utilisation

LOGOUT

Figure 5.16.: WLAN Management
If the administrative status is set to disabled, the module will be powered off in order to reduce the overall power consumption. Regarding antennas, we generally recommend using two antennas for better coverage and throughput. A second antenna is definitely mandatory if you want to achieve higher throughput rates as in 802.11n. A WLAN client and a mesh point will automatically became a WAN link and can be managed as described in chapter 5.3.1.

NB1600 User Manual for NRSW version 4.6.0.105

Configurable parameters for access-point, client mode, mesh point and any dual mode:

Parameter Regulatory Domain Number of antennas Antenna gain
Tx power Disable low data rates

WLAN Management Select the country the Router operates in Set the number of connected antennas Specify the antenna gain for the connected antennas. Please refer to the antennas datasheet for the correct gain value. Specifies the max. transmit power used in dBm. Avoid sticky clients by disabling low data rates.

Warning Please be aware that any inappropriate parameters can lead to an infringement of conformity regulations.

Running as access point or dual mode, you can further configure the following settings:

Parameter Operation type Radio band
Outdoor Bandwidth Channel enable client tracking Short Guard Interval

WLAN Management Specifies the desired IEEE 802.11 operation mode Selects the radio band to be used for connections, depending on your module it could be 2.4 or 5 GHz Shows the 5 GHz outdoor channels Specify the channel bandwidth operation mode Specifies the channel to be used Enables the tracking of non associated clients Enables the Short Guard Interval (SGI)

Running as client, you can further configure the following settings:

Parameter Scan channels
2.4 GHz 5 GHz

WLAN Management Select if all supported channels should be scanned or just user defined channels Set the channels which should be scanned in 2.4 GHz Set the channels which should be scanned in 5 GHz

Available operation modes are:

NB1600 User Manual for NRSW version 4.6.0.105

Standard 802.11a 802.11b 802.11g 802.11n 802.11ac

Frequencies 5 GHz 2.4 GHz 2.4 GHz 2.4/5 GHz 5 GHz

Bandwidth 20 MHz 20 MHz 20 MHz 20/40 MHz 20/40/80 MHz

Table 5.24.: IEEE 802.11 Network Standards

Data Rate 54 Mbit/s 11 Mbit/s 54 Mbit/s 300 Mbit/s 866.7 Mbit/s

NB1600 User Manual for NRSW version 4.6.0.105

Running as mesh point, you can further configure the following settings:

Parameter Radio band
Channel

WLAN Mesh-Point Management Selects the radio band to be used for connections, depending on your module it could be 2.4 or 5 GHz
Specifies the channel to be used

Note: NetModule Routers with 802.11n and 802.11ac support 2x2 MIMO

NB1600 User Manual for NRSW version 4.6.0.105

Prior to setting up an access point, it is always a good idea to run a network scan for getting a list of neighboring WLAN networks and then choose the less interfering channel. Please note that two adequate channels are required for getting good throughputs with 802.11n and a bandwidth of 40 MHz.
WLAN Configuration Running in client mode, it is possible to connect to one ore more remote access-points. The system will switch to the next network in the list in case one goes down and return to the highest-prioritized network as soon as it comes back. You can perform a WLAN network scan and pick the settings from the discovered information directly. The authentication credentials have to be obtained by the operator of the remote access point.

Parameter SSID Security mode WPA mode
WPA cipher
Identity Passphrase
Force PMF Enable fast transition
Required signal strength

WLAN Client Configuration The network name (called SSID)
The desired security mode
The desired encryption method. WPA3 should be preferred over WPA2 and WPA1
The WPA cipher to be used, the default is to run both (TKIP and CCMP)
The identity used for WPA-RADIUS and WPA-EAP-TLS
The passphrase used for authentication with WPA-Personal, otherwise the key passphrase for WPA-EAP-TLS
Enables Protected Management Frames
If client, enable fast roaming capabilites via FT. FT is only performed if the AP supports this feature, too
Required signal strength to esablish the connection

The client is performing background scans for the purpose of roaming within an ESS. The background scans are based on the current signal strenght.

Parameter Threshold
Long interval
Short interval

WLAN Client Background Scan Parameters
The signal strength threshold in dBm when the long or short time interval should occur
The time in seconds when a background scan should be performed if the threshold is above the given threshold value
The time in seconds when a background scan should be performed if the threshold is below the given threshold value

NB1600 User Manual for NRSW version 4.6.0.105

Running in access-point mode you can create up to 8 SSIDs with each running their own network configuration. The networks can be individually bridged to a LAN interface or operate as dedicated interface in routing-mode.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WLAN Access-Point Configuration

Interface

SSID

WLAN1

NB1600-Private

Security Mode WPA / Cipher

WPA-PSK

WPA + WPA2 / TKIP + CCMP

Figure 5.17.: WLAN Configuration

NB1600 User Manual for NRSW version 4.6.0.105

This section can be used to configure security-related settings.

Parameter

WLAN Access-Point Configuration

SSID

The network name (called SSID)

Security mode

The desired security mode

WPA mode

The desired encryption method. WPA3 + WPA2 mixed mode should be preferred

WPA cipher

The WPA cipher to be used, the default is to run both (TKIP and CCMP)

Passphrase

The passphrase used for authentication with WPA-Personal.

Force PMF

Enables Protected Management Frames

Hide SSID

Hides the SSID

Isolate clients

Disables client-to-client communication

Band steering master

The WLAN interface which the client should be steered to

Opportunistic Wireless En- The WLAN interface for a seamless transition from an OPEN WLAN

cryption transition

to an OWE encrypted WLAN interface

Accounting

Sets accounting profile

The following security modes can be configured:

Parameter Off None WEP WPA-Personal
WPA-Enterprise
WPA-RADIUS
WPA-TLS
OWE

WLAN Security Modes
SSID is disabled
No authentication, provides an open network
WEP (is nowadays discouraged)
WPA-Personal (TKIP, CCMP), provides password-based authentication
WPA-Enterprise in AP mode, can be used to authenticate against a remote RADIUS server which can be configured in chapter 5.8.2
EAP-PEAP/MSCHAPv2 in client mode, can be used to authenticate against a remote RADIUS server which can be configured in chapter 5.8.2
EAP-TLS in client mode, performs authentication using certificates which can be configured in chapter 5.8.8
Opportunistic Wireless Encryption alias Enhanced OPEN provides encryption WLAN without any authentication

NB1600 User Manual for NRSW version 4.6.0.105

Running in mesh point mode, it is possible to connect to one or more mesh points within the mesh network at the same time. The system will automatically join the wireless network, connect to the other mesh partners with the same ID and sercurtiy credentials. The authentication credentials have to be obtained by the operator of the mesh network.

Parameter

WLAN Mesh-Point Configuration

MESHID

The network name (called MESHID)

Security mode

The desired security mode

enable gate announcements To enable gate announcments for the mesh network

NB1600 User Manual for NRSW version 4.6.0.105

The following security modes can be configured:

Parameter Off None SAE

WLAN Mesh-Point Security Modes MESHID is disabled No authentication, provides an open network SAE (Simultaneous Authentication of Equals) is a secure passwordbased authentication and key establishment protocol

NB1600 User Manual for NRSW version 4.6.0.105

WLAN IP Settings
This section lets you configure the TCP/IP settings of your WLAN network. A client and mesh point interface can be run over DHCP or with a statically configured address and default gateway.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WLAN1 IP Settings Network mode: IP address: Netmask:

Apply

Continue

bridged routed 192.168.200.1 255.255.255.0

LOGOUT

Figure 5.18.: WLAN IP Configuration

The access point networks can be bridged to any LAN interface for letting WLAN clients and Ethernet hosts operate in the same subnet. However, for multiple SSIDs we strongly recommend to set up separated interfaces in routing-mode in order to avoid unwanted access and traffic between the interfaces. The corresponding DHCP server for each network can be configured in afterwards as described in chapter 5.7.2.

Parameter Network mode
Bridge interface
IP address / netmask

WLAN IP Settings
Choose whether the interface shall be operated bridged or in routingmode
If bridged, the LAN interface to which the WLAN network should be bridged
In routing-mode, the IP address and netmask for this WLAN network

NB1600 User Manual for NRSW version 4.6.0.105

The following feature can be configured if the WLAN interface is bridged

Parameter 4addr frame IAPP Pre-auth
Fast transition

WLAN Bridging features
Enables the 4-address frame format (required for bridge links)
Enables the Inter-Access Point Protocol feature
Enables the pre-authentication mechanism for roaming clients (if supported by the client). Pre-auth is only supported with WPA2Enterprise with CCMP
Enables fast transistion (FT) capabilities for roaming client (if supported by the client)

The following fast transistion parameters can be configured

Parameter Mobility domain Preshared key Fast transition clients only

WLAN Bridging features The mobility domain of the FT network The PSK for the FT network If enabled, the AP will only accept clients that support FT

NB1600 User Manual for NRSW version 4.6.0.105

5.3.5. Software Bridges
Software bridges can be used to bridge layer-2 devices like OpenVPN TAP, GRE or WLAN interfaces without the need for a physical LAN interface.
Bridge Settings This page can be used to enable/disable software bridges. It can be configured as follows:

Parameter Administrative status IP Address Netmask MTU

Bridge Settings
Enables or disables the bridge interface. If you need an interface to the local system you need to define an IP address for the local device.
IP address of the local interface (available only if "Enabled with local interface" was selected
Netmask of the local interface (available only if "Enabled with local interface" was selected
Optional MTU size for the local interface (available only if "Enabled with local interface" was selected

NB1600 User Manual for NRSW version 4.6.0.105

5.3.6. USB
NetModule routers ship with a standard USB host port which can be used to connect a storage, network or serial USB device. Please contact our support in order to get a list of supported devices.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Administration USB Administration

Devices

Autorun

This menu can be used to activate USB-based serial and network devices.

Administrative status:

enabled disabled

Enable hotplug:

Apply

LOGOUT

USB Administration
Parameter Administrative status Enable hotplug

Figure 5.19.: USB Administration
USB Administration Specifies whether devices shall be recognized Specifies whether device shall be recognized if plugged in during runtime or only at bootup

NB1600 User Manual for NRSW version 4.6.0.105

USB Devices
This page shows the currently connected devices and it can be used to enable a specific device based on its Vendor and Product ID. Only enabled devices will be recognized by the system and raise additional ports and interfaces.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Administration

Devices

Autorun

Connected USB Devices Vendor ID Product ID Bus ID Manufacturer

Device

Enabled USB Devices Vendor ID Product ID Bus ID Module

Type

Refresh

LOGOUT
Type Attached

Figure 5.20.: USB Device Management

Parameter Vendor ID Product ID Module

USB Devices The USB Vendor ID of the device The USB Product ID of the device The USB module and type of driver to be applied for this device

Any ID must be specified in hexadecimal notation, wildcards are supported (e.g. AB[0-1][2-3] or AB*) A USB network device will be referenced as LAN10.

NB1600 User Manual for NRSW version 4.6.0.105

5.3.7. Serial This page can be used to manage your serial ports. A serial port can be used by:

Parameter none login console
device server modem bridge modem emulator
SDK

Serial Port Usage
The serial port is not used
The serial port is used to open a console which can be accessed with a serial terminal client from the other side. It will provide helpful bootup and kernel messages and spawns a login shell, so that users can login to the system. If more than one serial interface is available, one serial interface can be configured as 'login console' at a time.
The serial port will be exposed over a TCP/IP port and can be used to implement a Serial/IP gateway.
Bridges the serial interface to the Modem TTY of an intergrated WWAN Modem.
Emulates a classical AT command driven modem on the serial interface. See http://wiki.netmodule.com/app-notes/hayes-modemat-simulator for detailed information.
The serial port will be reserved for SDK scripts.

NB1600 User Manual for NRSW version 4.6.0.105

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Administration

Port Settings

SERIAL1 is used by:

Apply

Back

none login console device server modem emulator SDK

Figure 5.21.: Serial Port Administration

LOGOUT

NB1600 User Manual for NRSW version 4.6.0.105

Running a device server, the following settings can be applied:

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges USB Serial Digital I/O GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Administration

Port Settings

SERIAL1 Port Settings

Physical protocol: Baud rate: Data bits: Parity: Stop bits: Software flow control: Hardware flow control: Server Configuration Protocol on IP port: Port:
Timeout: Allow remote control (RFC 2217): Show banner:
Allow clients from:

Apply

RS232 115200 8 data bits None 1 stop bit None None

Telnet

2000

endless

numbered

600

everywhere specify

Figure 5.22.: Serial Port Settings

LOGOUT

Parameter Physical protocol Baud rate Data bits Parity
Stop bits

Serial Settings Selects the desired physical protocol on the serial port Specifies the baud rate run on the serial port Specifies the number of data bits contained in each frame Specifies the parity used for every frame that is transmitted or received Specifies the number of stop bits used to indicate the end of a frame
77

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Software flow control
Hardware flow control Protocol on TCP/IP Port Timeout

Serial Settings
Defines the software flow control for the serial port, XOFF will send a stop, XON a start character to the other end to control the rate of any incoming data
You may enable RTS/CTS hardware flow control, so that the RTS and CTS lines are used to control the flow of data
You may choose the IP protocols Telnet or TCP raw for the device server
The TCP port for the device server
The timeout until a client is declared as disconnected

Parameter Protocol on IP port Port Timeout
Allow remote control Show banner Stop bits Allow clients from

Server Settings Selects the desired IP protocol (TCP or Telnet) Specifies the TCP port on which the server will be available The time in seconds before the port will be disconnected if there is no activity on it. A zero value disables this function. Allow remote control (ala RFC 2217) of the serial port Show a banner when clients connect Specifies the number of stop bits used to indicate the end of a frame Specifies which clients are allowed to connect to the server

Please note that the device server does not provide authentication or encryption and clients will be able connect from everywhere. Please consider to restrict access to a limited network/host or block packets by using the firewall.
When running the serial port as AT modem emulator the following settings can be applied:

Parameter Physical protocol Baud rate Hardware flow control

Serial Port Settings Selects the desired physical protocol on the serial port Specifies the baud rate run on the serial port You may enable RTS/CTS hardware flow control, so that the RTS and CTS lines are used to control the flow of data

Parameter Port

Incoming connections via Telnet The TCP port for the device server

Parameter Number

Phonebook Entries Phone number that will get an alias

NB1600 User Manual for NRSW version 4.6.0.105

Parameter IP address Port

Phonebook Entries IP address the number will become Port value for the IP address

NB1600 User Manual for NRSW version 4.6.0.105

5.3.8. Digital I/O
The Digital I/O page displays the current status of the I/O ports and can be used to turn output ports on or off.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Digital I/O Status DI1: DI2: DO1: DO2:
Digital I/O Configuration
DO1 after reboot: DO2 after reboot:
Apply

off on

off

turn on

turn off

default default

LOGOUT

Figure 5.23.: Digital I/O Ports

You can apply the following settings:

Parameter DO1 after reboot DO2 after reboot

Digital I/O Settings Initial status of DO1 after system has booted Initial status of DO2 after system has booted

Besides on and off you may keep the default status as the hardware has initialized it after power-up. The digital inputs and outputs can also be monitored and controlled by SDK scripts.

NB1600 User Manual for NRSW version 4.6.0.105

5.3.9. GNSS

Configuration
The GNSS page lets you enable or disable the GNSS modules present in the system and can be used to configure the daemon that can be used to share access to receivers without contention or loss of data and to respond to queries with a format that is substantially easier to parse than the NMEA 0183 emitted directly by the GNSS device.
We are currently running the Berlios GPS daemon (version 3.15), supporting the new JSON format. Please navigate to http://www.catb.org/gpsd/ for getting more information about how to connect any clients to the daemon remotely. The position values can also be queried by the CLI and used in SDK scripts.

Parameter Administrative status Operation mode Antenna type Accuracy
Fix frame interval

GNSS Module Configuration
Enable or disable the GNSS module
The mode of operation, either standalone or assisted (for A-GPS)
The type of the connected GPS antenna, either passive or actively 3 volt powered
The GNSS receiver compares the calculated position accuracy based on the satellite information and compares it with this accuracy threshold in meters. If the calculated position accuracy is better than the accuracy threshold, the position is reported. Adjust this parameter to a higher threshold in case the GNSS receiver does not report a position fix, or when it takes a long time to calculate a fix. This could be caused when there is no clear sky view of the GNSS antenna which is the case in tunnels, beside tall buildings, trees, and so on.
The amount of time to wait between fix attempts

If the GNSS module does support AssistNow and the operation mode is assisted the following configuration can be done:

Parameter Primary URL Secondary URL

GNSS Assisted GPS Configuration The primary AssistNow URL The secondary AssistNow URL

Information about AssistNow: If you have a lot of devices in the field that use the AssistNow service, please consider creating your own AssistNow token at http://www. u-blox.com. If there are too many requests per time, the service may not work as expected. If you have further questions, please contact our support.

Parameter Server port

GNSS Server Configuration
The TCP port on which the daemon is listening for incoming connections

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Allow clients from
Clients start mode

GNSS Server Configuration
Specifies where clients can connect from, can be either everywhere or from a specific network
Specifies how data transferal is accomplished when a client connects. You can specify on request which typically requires an R to be sent. Data will be sent instantly in case of raw mode which will provide NMEA frames or super-raw which includes the original data of the GPS receiver. If the client supports the JSON format (i.e. newer libgps is used) the json mode can be specified.

Please consider to restrict access to the server port, either by a specifying a dedicated client network or by using a firewall rule.

Information about Dead Reckoning: If you have a device which supports Dead Reckoning, please consult the GNSS Dead Reckoning installation guide for further information or please contact our support.

NB1600 User Manual for NRSW version 4.6.0.105

Position This pages provides further information about the satellites in view and values derived from them:

Parameter Latitude Longitude Altitude Satellites in view Speed
Satellites used
Dilution of precision

GNSS Information The geographic coordinate specifying the north-south position The geographic coordinate specifying the east-west position The height above sea level of the current location The number of satellites in view as stated in GPGSV frames The horizontal and vertical speed in meter per second as stated in GPRMC frames The number of satellites used for calculating the position as stated in GPGGA frames The dilution of precision as stated in GPGSA frames

Furtheron, each satellite also comes with the following details:

Parameter PRN Elevation Azimuth SNR

GNSS Satellite Information
The PRN code of the satelitte (also referred as satellite ID) as stated in GPGSA frames
The elevation (up-down angle between the dish pointing direction) in degrees as stated in GPGSV frames
The azimuth (rotation around the vertical axis) in degrees as stated in GPGSV frames
The SNR (Signal to Noise Ratio), often referred as signal strength

Please note that the values are shown as calculated by the daemon, their accuracy might be suggestive.
Supervision

Parameter Administrative status Mode Max. downtime
Emergency action

GNSS Supervision
Enable or disable GNSS supervision
Specifies whether to monitor the NMEA stream or GPS fixes
The period of time without valid NMEA stream or GPS fix after which an emergency action shall be taken
The corresponding emergency action. You can either let just restart the server, which will also re-initialize the GPS function on the module, or reset the module in severe cases. Please note that this may have effects on any running WWAN/SMS services.

NB1600 User Manual for NRSW version 4.6.0.105

5.4. ROUTING
5.4.1. Static Routes
This menu shows all routing entries of the system. They are typically formed by an address/netmask couple (represented in IPv4 dotted decimal notation) which specify the destination of a packet. The packets can be directed to either a gateway or an interface or both. If interface is set to ANY, the system will choose the route interface automatically, depending on the best matching network configured for an interface.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Static Routes Extended Routes Multipath Routes Multicast
IGMP Proxy Static Routes BGP OSPF Mobile IP Administration QoS Administration Classification

Static Routes

This menu shows all routing entries of the system, they can consist of active and configured ones. The flags are as follows: (A)ctive, (P)ersistent, (H)ost Route, (N)etwork Route, (D)efault Route (Netmasks can be specified in CIDR notation)

Destination Netmask

Gateway

Interface Metric Flags

192.168.1.0 255.255.255.0 0.0.0.0

LAN1 0 AN

192.168.101.0 255.255.255.0 0.0.0.0

LAN1-1 0 AN

192.168.102.0 255.255.255.0 0.0.0.0

LAN1-2 0 AN

192.168.200.0 255.255.255.0 0.0.0.0

WLAN1 0 AN

Route lookup

NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG
Figure 5.24.: Static Routing
In general, host routes precede network routes and network routes precede default routes. Additionally, a metric can be used to determine the priority of a route, a packet will go in the direction with the lowest metric in case a destination matches multiple routes. Netmasks can be specified in CIDR notation (i.e. /24 expands to 255.255.255.0).

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Destination Netmask
Gateway Interface Metric Flags

Static Route Configuration
The destination address of a packet
The subnet mask which forms, in combination with the destination, the network to be addressed. A single host can be specified by a netmask of 255.255.255.255, a default route corresponds to 0.0.0.0.
The next hop which operates as gateway for this network (can be omitted on peer-to-peer links)
The network interface on which a packet will be transmitted in order to reach the gateway or network behind it
The routing metric of the interface (default 0), higher metrics have the effect of making a route less favorable
(A)ctive, (P)ersistent, (H)ost Route, (N)etwork Route, (D)efault Route

The flags obtain the following meanings:

Flag

Description

The route is considered active, it might be inactive if the interface for this route is not yet

up.

The route is persistent, which means it is a configured route, otherwise it corresponds to

an interface route.

The route is a host route, typically the netmask is set to 255.255.255.255.

The route is a network route, consisting of an address and netmask which forms the

subnet to be addressed.

The route is a default route, address and netmask are set to 0.0.0.0, thus matching any

packet.

Table 5.52.: Static Route Flags

NB1600 User Manual for NRSW version 4.6.0.105

5.4.2. Extended Routing Extended routes can be used to perform policy-based routing, they generally precede static routes.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Static Routes Extended Routes
Multipath Routes Multicast
IGMP Proxy Static Routes BGP OSPF Mobile IP Administration QoS Administration Classification

Extended Routes

Extended routes can be used to perform policy-based routing. In general, they precede any other static routes.

Interface Source

Destination

TOS Route to

ANY

4.4.4.4/32

8.8.8.8/32

any WWAN1

Figure 5.25.: Extended Routing

In contrast to static routes, extended routes can be made up, not only of a destination address/netmask, but also a source address/netmask, incoming interface and the type of service (TOS) of packets.

Parameter Source address Source netmask Destination address Destination netmask Incoming interface Type of service Route to
discard if down

Extended Route Configuration The source address of a packet The source address of a packet The destination address of a packet The destination address of a packet The interface on which the packet enters the system The TOS value within the header of the packet Specifies the target interface or gateway to where the packet should get routed to Discard packets if the specified interface is down

NB1600 User Manual for NRSW version 4.6.0.105

5.4.3. Multipath Routes
Multipath routes will perform weighted IP-session distribution for particular subnets across multiple interfaces.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Static Routes Extended Routes Multipath Routes Multicast
IGMP Proxy Static Routes BGP OSPF Mobile IP Administration QoS Administration Classification

Multipath Routes Multipath routes will perform weighted IP-session distribution for particular subnets across multiple interfaces.

Destination 8.8.4.4/32

Distribution
WWAN1 (50%) LAN2 (50%)

Figure 5.26.: Multipath Routes

At least two interfaces have to be defined to establish multipath routing. Additional interfaces can be added by pressing the plus sign.

Parameter Target network/netmask Interface Weight NextHop

Add Multipath Routes Defines the target network for which multipath routing shall be applied Selects the interface for one path Weight of the interface in relation to the others Overrides the default gateway of this interface

NB1600 User Manual for NRSW version 4.6.0.105

5.4.4. Multicast
Multicast distributes IP packets to subscribers in a one-to-many relationship. The subscribers use multicast messages to subscribe to a MCR group and receive the data in form of multicast packets. Therefore the messages are sent by the packet sink to the packet source. Multicast routing (MCR) is used to farward multicast data from one network to another.
Attention: As multicast is used to send data from one source to several destinations on the same network it is quite common for testing applications to set the TTL of multicast packets to 1 to prevent the packets from spilling into other networks. If you want to route multicast packets (that's why it is called MCR) you'll have to make sure to send your data with a TTL > 1.

Multicast routing can be configured and managed by a daemon. Only one MCR daemon can be used at a time.
NetModule routers ship with two different MCR daemons to select from depending on your dependencies:

Parameter IGMP proxy
static routes
disabled

Administrative Status
Forwarding of multicast messages that are dynamically detected on a given interface to another interface
List of MCR rules to forward messages of dedicated source and group from a given interface to another
Disable routing of multicast messages

IGMP proxy IGMP proxy which is able to maintain multicast groups on a particular interface and distribute incoming multicast packets towards the downstream interfaces on which hosts have joined the groups.

Parameter Incoming interface
Sender network Sender netmask Distribute to

Multicast Routing Settings The upstream interface on which multicast groups are joined and on which multicast packets come in
The multicast source network address
The multicast source network mask
Specifies the downstream interfaces to which multicast packets will be forwarded

Static Routes Routes multicast packets in different directions depending on their origin and group based on a given set of MCR rules:

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Group Source Incoming interface Outgoing interface

Static Multicast Route IP address of MCR group Source-IP of the packets Interface to the packet source Interface to forward the packets to

NB1600 User Manual for NRSW version 4.6.0.105

5.4.5. BGP

The BGP tab allows to set up peerings of the NetModule router with other Border Gateway Protocol enabled routers.

Parameter

BGP General Settings

Administrative status

Specifies whether the BGP routing protocol is active

AS number

The number of the autonomous system to which the NetModule router belongs (1-4294967295)

Redistribute routes

connected Redistribute routes to networks which are directly connected to the NetModule router

Redistribute local routes

Redistribute routes from the NetModule router's own routing table

Redistribute OSPF routes Redistribute routes learned via the OSPF routing protocol

Disable when redundancy Disables the BGP protocol when the router is set to slave mode by

backup

the VRRP redundancy protocol

Keepalive timer

The interval in seconds of sending keepalive message

Holddown timer

The time in seconds how long the router will wait for incomming BGP messages until the router will assume the neighbor is dead

The neighbors tab is used to configure all the BGP routers to peer with.

Parameter IP address As number Password
Multihop
Weight

BGP Neighbors IP address of the peer router Autonomous system number of the peer router (1-4294967295) Password for authentication with the peer router. If left blank authentication is disabled. Allow multiple hops between this router and the peer router instead of requiring the peer to be directly connected. This parameter specifies the default weight for the neighbor route

The Networks tab allows to add IP network prefixes that shall be distributed via BGP in addition to the networks that are redistributed from other sources as defined on the general tab.

Parameter Prefix Prefix length

BGP Networks Prefix of the network to be distributed Length of the prefix to be distributed

NB1600 User Manual for NRSW version 4.6.0.105

5.4.6. OSPF

The OSPF menu allows the NetModule router to be added to a network of OSPF routers.

Parameter

OSPF General Settings

Administrative status

Specifies whether the OSPF routing protocol is active

Router ID

The router-id is a unique identity to the NetModule router. If no routerid is specified, the system will automatically choose the highest IP address as the router-id.

Redistribute routes

connected Redistribute routes to networks which are directly connected to the NetModule router

Redistribute local routes

Redistribute routes from the NetModule router's own routing table

Redistribute BGP routes

Redistribute routes learned via the BGP routing protocol

Redistribute default route Redistribute the routers default route

Disable when redundancy Disables the OSPF protocol when the router is set to slave mode by

backup

the VRRP redundancy protocol

The interfaces tab is used to define OSPF specific settings for the IP interfaces of the router. If no settings are defined for a specific interface, default settings will be used.

Parameter Interface Authentication
Key Key ID Cost
Passive

OSPF Interfaces The name of the interface for which settings shall be defined The authentication protocol to be used on the interface to authenticate OSPF packets The key to be used for authentication The ID of the key to be used for authentication (1-255) The cost for sending packets via this interface. If not specified or set to 0 OSPF defaults are used. Do not send out OSPF packets on this interface

The networks tab defines the IP networks to be handled in OSPF as well as to which routing area they belong.

Parameter Prefix Prefix length Area

OSPF Networks Prefix of the network Length of the prefix Routing area to which this interface belongs (0-65535, 0 means backbone)

NB1600 User Manual for NRSW version 4.6.0.105

5.4.7. Mobile IP
Mobile IP (MIP) can be used to enable seamless switching between different kinds of WAN links (e.g. WWAN/WLAN). The mobile node hereby remains reachable via the same IP address (home address) at any time, independently of the WAN link being used. Effectively, any WAN link switch causes very small outages during switchover while keeping all IP connections alive.

Moreover, NetModule routers also support NAT-Traversal for mobile nodes running behind a firewall (performing NAT), which makes mobile nodes even there accessible from a central office via their home address, and thus, bypassing any complicated VPN setups.

The home agent accomplishes this by establishing a tunnel (similar to a VPN tunnel) between itself and the mobile node. WAN link switching works by telling the home agent that the WAN IP address (called the care-of address in MIP terms) of the mobile node has changed. The home agent will then encapsulate packets destined to a mobile node's home address into a tunnel packet containing the current care-of address of the mobile node as its destination address.

To prevent problems with firewalls and private IP addressing, the MIP implementation always employs reverse tunneling, which means that all traffic sent by a mobile node is relayed via the tunnel to the home agent instead of directly being conveyed to the final destination. This fact also empowers MIP to be used as a lightweight VPN replacement (without payload secrecy).

The MIP implementation supports RFCs 3344, 5177, 3024 and 3519. For applications requiring vast numbers of mobile nodes, interoperability with the Cisco 2900 Series home agent implementation has been verified. However, since NetModule routers implement a mobile node as well as a home agent, a MIP network with up to 10 mobile nodes can be implemented without requiring expensive third party routers.

If MIP is run as a mobile node, the following settings can be configured:

Parameter

Mobile IP Configuration

Primary home agent ad- The address of the primary home agent dress

Secondary home agent ad- The address of the secondary home agent. The mobile node will try to

dress

able.

Home address

The permanent home address of the mobile node which can be used to reach the mobile router at any time.

SPI

The Security Parameter Index (SPI) identifying the security context for

the mobile IP tunnel between the mobile node and the home agent.

This is used to distinguish mobile nodes from each other. Therefore

each mobile node needs to be assigned a unique SPI. This is a 32-bit

hexadecimal value.

Authentication type

The used authentication algorithm. This can be prefix-suffix-md5 (default for MIP) or hmac-md5.

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Shared secret
Life time UDP encapsulation Mobile network address
Mobile network mask

Mobile IP Configuration
The shared secret used for authentication of the mobile node at the home agent. This can be either a 128-bit hexadecimal value or a random length ASCII string.
The lifetime of security associations in seconds.
Specifies whether UDP encapsulation shall be used or not. To allow NAT traversal, UDP encapsulation must be enabled.
Optionally specifies a subnet which should be routed to the mobile node. This information is forwarded via Network Mobility (NEMO) extensions to the home agent. The home agent can then automatically add IP routes to the subnet via the mobile node. Note that this feature is not supported by all third party home agent implementations.
The network mask for the optional routed network.

NB1600 User Manual for NRSW version 4.6.0.105

If MIP is run as a home agent, you will have to set up a home address and network mask for the home agent first. Then you will need to add the configuration for all mobile nodes which is made up of the following settings:

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Static Routes Extended Routes Multipath Routes Multicast
IGMP Proxy Static Routes BGP OSPF Mobile IP Administration QoS Administration Classification
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Mobile IP
Mobile IP can be used to move from one network to another while maintaining a permanent IP address and thus avoiding that running IP sessions (including VPN tunnels) must be reconnected.

Administrative status:
Primary home agent address: Secondary home agent address: Home address: SPI: Authentication type: Shared secret: Life time: MTU: UDP encapsulation: Mobile network address: Mobile network mask:

mobile node home agent disabled

194.29.27.205

(optional)

10.20.0.13

103

hmac-md5

ASCII

········

1800

1468

enabled

disabled

(optional) (optional)

Apply

Figure 5.27.: Mobile IP

Parameter SPI
Authentication type

Mobile IP Node Configuration
The Security Parameter Index (SPI) identifying the security context for the tunnel between the mobile node and the home agent. This is used to distinguish mobile nodes from each other. Therefore each mobile node needs to be assigned a unique SPI. This is a 32-bit hexadecimal value.
The used authentication algorithm. This can be prefix-suffix-md5 (default for mobile IP) or hmac-md5.

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Shared secret

Mobile IP Node Configuration
The shared secret used for authentication of the mobile node at the home agent. This can be either a 128-bit hexadecimal value or a random length ASCII string.

NB1600 User Manual for NRSW version 4.6.0.105

5.4.8. Quality Of Service
NetModule routers are able to prioritize and shape certain kinds of IP traffic. This is currently limited on egress, which means that only outgoing traffic can be stipulated. The current QoS solution is using Stochastic Fairness Queueing (SFQ) classes in combination with Hierarchy Token Bucket (HTB) qdiscs. Its principle of operation can be summarized as ceiling the max. throughput per link and shaping traffic by reflecting the specified queue priorities. In general, the lowest priority number of a queue gets most out of the available bandwidth. In case of demands for other class or qdisc algorithms please contact our support team in order to evaluate the best approach for your application.
QoS Administration The administration page can be used to enable and disable QoS.
QoS Classification The classification section can be used to define the WAN interfaces on which QoS should be active.

Parameter Interface Bandwidth congestion
Downstream bandwidth Upstream bandwidth IP to ping (primary)
IP to ping (secondary)

QoS Interface Parameters
The WAN interface on which QoS should be active
The bandwidth congestion method. In case of auto the system will try to apply limits in a best-effort way. However, it is suggested to set fixed bandwidth limits as they also offer a way of tuning the QoS behaviour.
The available bandwidth for incoming traffic
The available bandwidth for outgoing traffic
An IP, which answers ICMP echo requests to determine the bandwidth of the link
An IP, which answers ICMP echo requests to determine the bandwidth of the link

When defining limits, you should consider bandwidth limits which are at least possible as most shaping and queues algorithms will not work correctly if the specified limits cannot be achieved. In particular, any WWAN interfaces operating in a mobile environment are suffering variable bandwidths, thus rather lower values should be used.

NB1600 User Manual for NRSW version 4.6.0.105

In case an interface has been activated, the system will automatically create the following queues:

Parameter high
default low

QoS Default Queues
A high priority queue which may hold any latency-critical services (such as VoIP)
A default queue which will handle all other services
A low priority queue which may hold less-critical services for which shaping is intended

Each queue can be configured as follows:

Parameter Name Priority Bandwidth
Set TOS

QoS Queue Parameters
The name of the QoS queue
A numerical priority for the queue, lower values indicate higher priorities
The maximum possible bandwidth for this queue in case the total bandwidth of all queues exceeds the set upstream bandwidth of "QoS Interface Parameters"
The TOS/DiffServ value to set on matching packets

You can now configure and assign any services to each queue. The following parameters apply:

Parameter Interface Queue Source
Destination
Protocol Source Port Destination Port Type of Service

QoS Service Parameters The QoS interface of the queue The QoS queue to which this service shall be assigned Specifies a network address and netmask used to match the source address of packets Specifies a network address and netmask used to match the destination (target) address of packets Specifies the protocol for packets to be matched Specifies the source port for packets to be matched Specifies the destination port for packets to be matched Specifies the TOS/DiffServ for packets to be matched

NB1600 User Manual for NRSW version 4.6.0.105

5.5. FIREWALL
5.5.1. Administration
NetModule routers use Linux's netfilter/iptables firewall framework (see http://www.netfilter.org for more information) which supports stateful inspection, that is, granting the same permissions for inherited connections within an IP session (e.g. FTP which builds up a control and data connection). The administration page can be used to enable and disable firewalling. When turning it on, a shortcut can be used to generate a predefined set of rules which allow administration (over HTTP, HTTPS, SSH or TELNET) by default but block any other packets coming from the WAN interface.
5.5.2. Adress/Port Groups
This menu can be used to form address or port groups which can be later used for firewall rules in order to reduce the number of rules. If address or port groups have been referenced, packets will match if one of the configured entities apply to the packet.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Firewall Administration Address / Port Groups Filtering Rules
NAPT Masquerading Inbound Rules Outbound Rules

Address Groups

Port Groups

Firewall Address Groups Description LAN1 Subnet

Addresses 192.168.1.0/24

LOGOUT

Figure 5.28.: Firewall Groups

NB1600 User Manual for NRSW version 4.6.0.105

5.5.3. Rules
In general, the firewall is set up of a range of rules which control each packet's permission to pass the router. Please note that the rules are processed by order, that means traversing the list from top to bottom until a matching rule is found. Packets which are not matching any of the rules configured will be ALLOWED.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Firewall Administration Address / Port Groups Filtering Rules
NAPT Masquerading Inbound Rules Outbound Rules

Firewall Filtering Rules

This menu can be used to filter the packets passing the device and targeting its services. Packets which are not matching any of the rules below will be ALLOWED.

Description

Action Source

Destination

Port(s)

DENY-WAN-ALL

DENY

ANY on WAN

ANY

Apply Clear

LOGOUT

NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG
Parameter Description Action log matches Source
Destination Incoming interface

Figure 5.29.: Firewall Rules
Firewall Rule Configuration A meaningful description about the purpose of this rule Specifies whether the packets of this rule should be allowed or denied Throw a syslog message if rule matches The source address of matching packets, can be any or specified by address/network. Selecting on source MAC addreses is possible as well. The destination address of matching packets, can be any, local (addressed to the system itself) or specified by address/network The interface on which matching packets are received

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Protocol Destination port(s)

Firewall Rule Configuration The used IP protocol of matching packets (UDP, TCP or ICMP)
The destination port of matching packets, which can be specified by a single port or a range of ports (only UDP/TCP).

The statistics page can be used to figure out if rules have matched any packets and provides a convenient way to debug your firewall setup.

100

NB1600 User Manual for NRSW version 4.6.0.105

5.5.4. NAPT
This page can be used to configure Network Address and Port Translation (NAPT) for packets traversing the system. NAPT hereby modifies IP addresses or/and TCP/UDP ports in matching IP packets. By tracking those connections, it will also automatically adjust the returning packets of an IP session.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Firewall Administration Address / Port Groups Filtering Rules
NAPT Masquerading Inbound Rules Outbound Rules

Masquerading This menu can be used to configure the interfaces on which masquerading will be performed.

Interface WAN

Source ANY

Figure 5.30.: Masquerading

The administration page lets you specify the interfaces on which masquerading will be performed. NAT will hereby use the address of the selected interface and choose a random source port for outgoing connections and thus enables communication between hosts from a private local area network towards hosts on the public network.

Parameter Interface Source address
Source netmask

Masqerading Rules
The outgoing interface on which connections will be masqueraded
The source address or network from which matching packets are masqueraded
The source netmask of the network from which matching packets are masqueraded

101

NB1600 User Manual for NRSW version 4.6.0.105

NAPT Inbound Rules
Inbound rules can be used to modify the target section of IP packets and, for instance, forward a service or port to an internal host. By doing so, you can expose that service and make it available from the Internet. You may also establish 1:1 NAT mapping for a single host using additional outbound rules.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Firewall Administration Address / Port Groups Filtering Rules
NAPT Masquerading Inbound Rules Outbound Rules

NAPT Rules Inbound

This menu can be used to configure network address/port translation rules for inbound packets.

Description

Source

Target

Redirect to

Apply

Figure 5.31.: Inbound NAPT

Please note that the specified rules are processed by order, that means, traversing the list from top to bottom until a matching rule is found. If there is no matching rule found, the packet will pass as is.

Parameter Description Map Incoming interface Source
Target address Protocol

Inbound NAPT Rules A meaningful description of this rule Context for this rule: Host, Network or Port-Range - see table below The interface from which matching packets are received The source address or network from which matching packets are received The destination address of matching packets (optional) The used protocol of matching packets

102

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Ports Redirect to Redirect port

Inbound NAPT Rules The used UDP/TCP port of matching packets The address to which matching packets shall be redirected The port to which matching packets will be redirected

Select mapping context according to your needs:

Parameter host
network
port range

Mapping contexts
Rewrite destination address and port for one given host (i.e. 10.0.0.1:8080 192.168.1.100:80
Rewrite destination address for a full network (i.e. 10.0.0.0/24 192.168.1.0/24
Rewrite destination address and port based on the incoming port (i.e. 10.0.0.1:22000-22255 192.168.1.0/24:22). There is no corresponding rule for port range translation in outbound rules. Use network based mapping there.

NAPT Outbound Rules Outbound rules will modify the source section of IP packets and can be used to establish 1:1 NAT mappings but also to redirect packets to a specific service.

Parameter Description Outgoing interface
Target
Source address Protocol Ports Rewrite source address
Rewrite source port

Outbound NAPT Rules A meaningful description of this rule
The outgoing interface on which matching packets are leaving the router
The target address or network to which matching packets are destined
The source address of matching packets (optional)
The used protocol of matching packets
The used UDP/TCP port of matching packets
The address to which the source address of matching packets shall be rewritten
The port to which the source port of matching packets shall be rewritten

103

NB1600 User Manual for NRSW version 4.6.0.105

5.6. VPN
5.6.1. OpenVPN
OpenVPN Administration

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

OpenVPN Administration Tunnel Configuration Client Management
IPsec Administration Tunnel Configuration
PPTP Administration Tunnel Configuration Client Management
GRE Administration Tunnel Configuration
L2TP Administration Tunnel Configuration

OpenVPN Administration OpenVPN administrative status: Restart on link change: Multipath TCP support:
Apply Restart

enabled disabled

LOGOUT

Parameter Administrative status Restart on link change Multipath TCP support

Figure 5.32.: OpenVPN Administration
OpenVPN Administration Specifies whether OpenVPN is active restarts the OpenVPN daemon in case of a wanlink change if enabled enables multipath TCP support

104

NB1600 User Manual for NRSW version 4.6.0.105

Tunnel Configuration
NetModule routers support one single server tunnel and up to four client tunnels. You can specify tunnel parameters either in standard configuration or upload an expert mode file which has been created in advance. Refer to chapter 5.6.1 to learn more about how to manage clients and generate the files.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Tunnel 1

Tunnel 2

Tunnel 3

Tunnel 4

OpenVPN Tunnel 1 Configuration Operation mode: Server port: Type: Protocol: Network mode: Cipher:
Authentication:
Options: Apply Erase

disabled client server 1194 TUN UDP routed bridged

standard expert
MTU:

AES-256-CBC certificate-based

HMAC digest:

SHA256

root certificate, server certificate and server key are missing Manage keys and certificates

use compression use keepalive

redirect gateway allow duplicates

verify certs

Download

Parameter Operation mode
Multipath TCP

Figure 5.33.: OpenVPN Configuration
OpenVPN Configuration Specifies whether client or server mode should be used for this tunnel, it further specifies if tunnel shall be configured in a standard way or if an expert mode file shall be used. Enables OpenVPN mulipath TCP support

105

NB1600 User Manual for NRSW version 4.6.0.105

If the tunnel is operated in client mode, the following settings can be applied:

Parameter Peer selection
Server Port

OpenVPN Client Configuration
Specifies how the remote peer shall be selected, besides a single server you may configure multiple servers which can, in case of failures, either be selected sequently (i.e. failover) or randomly (i.e. load balancing)
The address or hostname of the remote server
The port of the remote server (1194 by default)

The following settings can be used to configure a tunnel (client and server mode):

Parameter Interface type
Protocol Network mode
MTU Encryption Digest

OpenVPN Configuration The device type for this tunnel which can be either TUN (typically used for routed connections) or TAP (required for bridged networks)
The tunnel protocol to be used for the transport connection
Defines how the packets should be forwarded, which can be either routed or bridged from/to a particular LAN interface. If required, you can also specify the maximum transfer unit for the tunnel interface.
The Maximum Transmission Unit of the tunnel interface
The required cipher mechanism used for encryption
The digest algorithm used for authenticating

Authentication can be done in the following ways:

Parameter certificate-based
credential-based both none

OpenVPN Authentication Certificates and keys for authenticating the tunnel. Please take care that the proper keys/certificates have been either uploaded or generated (see 5.8.8).
Username and password are used for authentication.
Verifying the tunnel uses certificates and credentials.
Tunnel is not authenticated (discouraged)

106

NB1600 User Manual for NRSW version 4.6.0.105

The following further options can be applied:

Parameter use compression use keepalive redirect gateway
allow duplicates verify certs negotiate DNS

OpenVPN Options
Enable or disable LZO packet compression
Can be used to send a periodic keepalive packet in order to keep the tunnel up despite of inactivity
By redirecting the gateway, all packets will be directed to the VPN tunnel. Please ensure that essential services (such as DNS or NTP servers) can be reached at the network behind the tunnel. In doubt, create an extra static route pointing to the correct interface.
Allow multiple clients with the same common name to concurrently connect. (server mode only)
Check peer certificate against local CRL. (server mode only)
If enabled, the system will use the nameservers which have been negotiated over the tunnel.

OpenVPN Expert Configuration (Client)
The expert configuration mode offers a straightforward way to configure a tunnel by simply uploading a zip package containing the required configuration and optionally key/certificate files. A client tunnel usually consists of the following files:

Parameter client.conf
ca.crt client.crt client.key client.p12 ta.key

Client Expert Files OpenVPN configuration file (see http://www.openvpn.net for available options) Root certificate authority file Certificate file Private key file PKCS#12 file TLS authentication key file

Please note that you may specify arbitrary file names, however, the configuration file suffix must be .conf and all files referred in the configuration file must correspond to relative path names.

107

NB1600 User Manual for NRSW version 4.6.0.105

OpenVPN Expert Configuration (Server) A server tunnel typically requires the following files:

Parameter server.conf ca.crt server.crt server.key dh1024.pem ccd

Server Expert Files OpenVPN configuration file Root certificate authority file Certificate file Private key file Diffie-Hellman parameters file A directory containing client-specific configuration files

Keep in mind that a certificate becomes valid once its validity time has been reached, thus an accurate system time has to be set prior to creating certificates and establishing a tunnel connection. Please ensure that all NTP servers are reachable. Using host names also requires a working DNS server.

108

NB1600 User Manual for NRSW version 4.6.0.105

Client Management
Once you have successfully set up an OpenVPN server tunnel, you can manage and enable clients connecting to your service. Currently connected clients can be seen on this page, including the connect time and IP address. You may kick connected clients by disabling them.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Clients

Networking

Client Management

Client

Address

Client1

dynamic

Networks

Download

LOGOUT

NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG
Figure 5.34.: OpenVPN Client Management
In the Networking section you can specify a fixed tunnel endpoint address for each client. Please note that, if you intend to use a fixed address for a particular client, you would have to apply fixed addresses to the other ones as well. You may specify the network behind the clients as well as the routes to be pushed to each client. This can be useful for routing purposes, e.g. in case you want to redirect traffic for particular networks towards the server. Routing between the clients is generally not allowed but you can enable it if desired. Finally, you can generate and download all expert mode files for enabled clients which can be used to easily populate each client. Operating in server mode with certificates, it is possible to block a specific client by revoking a possibly stolen client certificate (see 5.8.8).

109

NB1600 User Manual for NRSW version 4.6.0.105

5.6.2. IPsec

IPsec is a protocol suite for securing IP communications by authenticating and encrypting each packet of a communication session and thus establishing a secure virtual private network.
IPsec includes various cryptographic protocols and ciphers for key exchange and data encryption and can be seen as one of the strongest VPN technologies in terms of security. It uses the following mechanisms:

MechanismDescription

Authentication Headers (AH) provide connectionless integrity and data origin authentica-

tion for IP datagrams and ensure protection against replay attacks.

ESP

Encapsulating Security Payloads (ESP) provide confidentiality, data-origin authentication, connectionless integrity, an anti-replay service and limited traffic-flow confidentiality.

Security Associations (SA) provide a secure channel and a bundle of algorithms that pro-

vide the parameters necessary to operate the AH and/or ESP operations. The Internet

Security Association Key Management Protocol (ISAKMP) provides a framework for au-

thenticated key exchange.

Negotating keys for encryption and authentication is generally done by the Internet Key Exchange protocol (IKE) which consists of two phases:

Phase Description

IKE phase 1

IKE authenticates the peer during this phase for setting up an ISAKMP secure association. This can be carried out by either using main or aggressive mode. The main mode approach utilizes the Diffie-Hellman key exchange and authentication is always encrypted with the negotiated key.The aggressive mode just uses hashes of the pre-shared key and therefore represents a less-secure mechanism which should generally be avoided as it is prone to dictionary attacks.

IKE

IKE finally negotiates IPSec SA parameters and keys and sets up matching IPSec SAs in

phase 2 the peers which is required for AH/ESP later on.

110

NB1600 User Manual for NRSW version 4.6.0.105

Administration

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

OpenVPN Administration Tunnel Configuration
IPsec Administration Tunnel Configuration
PPTP Administration Tunnel Configuration
GRE Administration Tunnel Configuration
L2TP Administration Tunnel Configuration

IPsec Administration IPsec administrative status: Propose NAT traversal: Enable IKEv2 Make-before-Break: Restart on link change:
Apply Restart

enabled disabled

LOGOUT

NB2800 NetModule Router Hostname NB2800 Software Version 4.6.0.100 © 2004-2021, NetModule AG
Figure 5.35.: IPsec Administration
This page can be used to enable/disable IPsec, you may also specify whether NAT-Traversal and IKEv2 Make-before-break should be used. NAT-Traversal is mainly used for connections which traverse a path where a router modifies the IP address/port of packets. It encapsulates packets in UDP and therefore requires a slight overhead which has to be taken into account when running over small-sized MTU interfaces. Please note that running NAT-Traversal makes IKE using UDP port 4500 rather than 500 which has to be taken into account when setting up firewall rules. Make-before-break is an IKEv2 option used to optimize the necessary regular reauthentification by creating an overlapping SA (=make) before deleting the currently used SA (=break). This way, the interruption of the data stream is minimized. Both peers have to be able to handle overlapping SAs to use this option.

111

NB1600 User Manual for NRSW version 4.6.0.105

Configuration

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

IPsec Tunnel Configuration

Name Status Type Peer

IKE

aes256Tunnel1 enabled psk 194.29.27.204
sha256

IPsec
aes256sha256

Local Network Remote Network

Figure 5.36.: IPsec Configuration

General For setting up the tunnel you will have to configure the following parameters first:

Parameter Local IP Remote peer DPD Status
Detection cycle

IPsec General Settings
IP of the local interface. You may specify 0.0.0.0 to allow any IP address.
IP address or host name of the remote IPsec peer. You may specify 0.0.0.0 to act as a responder for roadwarrior clients.
Specifies whether Dead Peer Detection (see RFC 3706) shall be used. DPD will detect any broken IPSec connections, in particular the ISAKMP tunnel, and refresh the corresponding SAs (Security Associations) and SPIs (Security Payload Identifier) for a faster re-establishment of the tunnel.
The delay (in seconds) between DPD keepalives that are sent for this connection (default 30 seconds)

112

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Failure threshold
Action

IPsec General Settings
The number of unanswered DPD requests until the IPsec peer is considered dead (the router will then try to re-establish a dead connection automatically)
The action to perform if a peer disconnects. Available choices from the drop-down menu are to clear, hold or to Restart the peer.

IKE Authentication
NetModule routers support IKE authentication through pre-shared keys (PSK) or certificates within a public key infrastructure. Extended Authentication (XAUTH) leverages RADIUS-like authentication and can be used to apply user level access control over IPSec. Using PSK requires the following settings:

Parameter PSK Local ID Type
Local ID Remote ID Type Remote ID

IPsec IKE Authentication Settings The pre-shared key used to authenticate at the peer The type of identification for the local ID which can be a FQDN, username@FQDN or IP address The local ID value The type of identification for the remote ID The remote ID value

When using certificates you would need to specify the operation mode. When run as PKI client (initiator) you can create a Certificate Signing Request (CSR) in the certificates section which needs to be submitted at your Certificate Authority and imported to the router afterwards. In PKI server mode (concentrator), the router represents the Certificate Authority and issues the certificates for remote peers. They are revokable.
Using XAUTH the following settings can be made:

Parameter User name User password Group name Group password

IPsec XAUTH Settings The name of the XAUTH user The password of the XAUTH user The group ID The group secret

113

NB1600 User Manual for NRSW version 4.6.0.105

IKE Proposal This section can be used to configure the phase 1 settings:

Parameter Negotiation mode
Encryption algorithm Authentication algorithm IKE Diffie-Hellman Group SA life time Pseudo-random function

IPsec IKE Proposal Settings Choose the desired negotiation mode. Preferably, main mode should be used but aggressive mode might be applicable when dealing with dynamic endpoint addresses. The desired IKE encryption method (we recommend AES256) The desired IKE authentication method (we prefer SHA1 over MD5) The IKE Diffie-Hellman Group The lifetime of Security Associations PRF algorithms that can optionally be used.

IPsec Proposal This section can be used to configure the phase 2 settings:

Parameter

IPsec Proposal Settings

Encapsulation mode

The desired encapsulation mode (Tunnel or Transport)

IPsec protocol

The desired IPsec protocol (AH or ESP)

Encryption algorithm

The desired IKE encryption method (we recommend AES256)

Authentication algorithm

The desired IKE authentication method (we prefer SHA1 over MD5)

SA life time

The lifetime of Security Associations

Perfect (PFS)

forward

secrecy Specifies whether Perfect Forward Secrecy (PFS) should be used. This feature increases security as PFS avoids penetration of the keyexchange protocol and prevents compromisation of previous keys.

Force encapsulation

Force UDP encapsulation for ESP packets even if no NAT situation is detected.

Networks
When creating Security Associations, IPsec will keep track of routed networks within the tunnel. Packets will be only transmitted when a valid SA with matching source and destination network is present. Therefore, you may need to specify the networks right and left of the endpoints by applying the following settings:

Parameter Local network Local netmask

IPsec Network Settings The address of your local area network The netmask of your local area network

114

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Peer network Peer netmask NAT address

IPsec Network Settings
The address of the remote network behind the peer
The netmask of the remote network behind the peer
Optionally, you can apply NAT (masquerading) for packets coming from a different local network. The NAT address must reside in the network previously specified as local network. If NAT address is enabled but the value is empty the router will try to guess a valid NAT address (not recommended).

Client Management
Once you have successfully set up an IPsec tunnel, you can manage and enable clients connecting to your service. It is possible to generate and download expert mode files for enabled clients which can be used to easily populate each client.

115

NB1600 User Manual for NRSW version 4.6.0.105

5.6.3. PPTP
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks between two hosts. PPTP is easy to configure and widely deployed amongst Microsoft Dial-up networking servers. However, due to its weak encryption algorithms, it is nowadays considered insecure but it still provides a straightforward way for establishing tunnels.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

PPTP Administration PPTP administrative status:
Apply Restart

enabled disabled

LOGOUT

Figure 5.37.: PPTP Administration

When setting up a PPTP tunnel, you would need to choose between server or client. A client tunnel requires the following parameters to be set:

Parameter Server address Username Password

PPTP Client Settings The address of the remote server The user-name used for authentication The password used for authentication

Please note that username and password are not used when setting up clients with fixed addresses.

116

NB1600 User Manual for NRSW version 4.6.0.105

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Tunnel 1

Tunnel 2

Tunnel 3

Tunnel 4

PPTP Tunnel 1 Configuration Operation mode:
Server listen address: Server address: Client address range: Username: Password:

disabled client server ANY specify 192.168.250.1 192.168.250.10 admin ········

to 192.168.250.13

Apply

LOGOUT

Figure 5.38.: PPTP Tunnel Configuration

Setting up a server requires the following settings:

Parameter Listen address
Server address Client address range

PPTP Server Settings Specifies on which IP address should be listened for incoming client connections The server address within the tunnel Specifies a range of IP addresses assigned to each client

117

NB1600 User Manual for NRSW version 4.6.0.105

PPTP Client Management
PPTP clients for a server tunnel need to be configured here. They are made up of user-name and password. A fixed IP address can be assigned to them which can be used to point any routes to a dedicated tunnel.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

PPTP Clients Username

Address

LOGOUT

Figure 5.39.: PPTP Client Management

118

NB1600 User Manual for NRSW version 4.6.0.105

5.6.4. GRE
The Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over IP. GRE is defined in RFC 1701, 1702 and 2784. It does not provide encryption nor authorization but can be used on an address-basis on top of other VPN techniques (such as IPsec) for tunneling purposes. The following parameters are required for setting up a tunnel:

Parameter Local address
Peer address Interface Local tunnel address Local tunnel netmask Remote network Remote netmask Tunnel key

GRE Configuration The IP address which is used as sender address of the GRE packets (optional) The IP address of the remote peer The device type for this tunnel The local IP address of the tunnel The local subnet mask of the tunnel The remote network address of the tunnel The remote subnet mask of the tunnel Gre tunnel key allows the remote server to distinguish between GRE packets from different communication partners

In general, the local tunnel address/netmask should not conflict with any other interface addresses. The remote network/netmask will result in an additional route entry in order to control which packets should be encapsulated and transferred over the tunnel.

119

NB1600 User Manual for NRSW version 4.6.0.105

5.6.5. L2TP
The Layer 2 Tunneling Protocol is a tunneling protocol which does not support any encryption or confidentiality. It relies on an encryption protocol that it passes within the tunnel to provide privacy. The following parameters are required for setting up a tunnel:

Parameter Transport protocol Local IP Remote IP Local port Remote port Local tunnel ID
Remote tunnel ID Local Session ID Remote Session ID Local Cookie
Remote Cookie
MTU Bridge Interface

L2TP Configuration The transport portocol which shall be used The local IP address of the tunnel The remote IP address of the tunnel The local port address of the tunnel The remote port address of the tunnel The local tunnel ID identifies the tunnel into which the session will be created The remote tunnel ID identifies the tunnel assigned by the peer The local session ID identifies the session being created The remote session ID identifies the session assigned by the peer The local cookie sets an optional cookie value to be assigned to the session The remote cookie set an optional pper cookie value to be assigned to the session The Maximum Transmission Unit of the tunnel interface The interface to which the guest interace shall be bridged

120

NB1600 User Manual for NRSW version 4.6.0.105
5.6.6. Dial-In On this page you can configure the Dial-In server in order to establish a data connection over GSM calls. Thus, one would generally apply a required service type of 2G-only, so that the modem registers to GSM only. Naturally, a concurrent use of outgoing WWAN interfaces and Dial-In connection is not possible.

Figure 5.40.: Dial-in Server Settings

The following settings can be set:

Parameter Administrative status Modem User Password Address range start Address range size

Dial-in Server Configuration Specifies whether incoming calls shall be answered or not Specifies the modem on which calls can come in Specifies the username for the incoming PPP connection Specifies the password for the incoming PPP connection Start of the IP address range assigned to incoming clients Number of addresses for client IP address range

121

NB1600 User Manual for NRSW version 4.6.0.105 Please note that Dial-In connections are generally discouraged. As they are implemented as GSM voice calls, they suffer from unreliability and poor bandwidth.
122

NB1600 User Manual for NRSW version 4.6.0.105
5.7. SERVICES
5.7.1. SDK
NetModule routers are shipping with a Software Development Kit (SDK) which offers a simple and fast way to implement customer-specific functions and applications. It consists of:
1. An SDK host which defines the runtime environment (a so-called sandbox), that is, controlling access to system resources (such as memory, storage and CPU) and, by doing so, catering for the right scalability
2. An interpreter language called arena, a light-weight scripting language optimized for embedded systems, which uses a syntax similar to ANSI-C but adds support for exceptions, automatic memory management and runtime polymorphism on top of that
3. A NetModule-specific Application Programming Interface (API), which ships with a comprehensive set of functions for accessing hardware interfaces (e.g. digital IO ports, GPS, external storage media, serial ports) but also for retrieving system status parameters, sending E-Mail or SMS messages or simply just to configure the router
Anyone, reasonably experienced in the C language, will find an environment that is easy to dig in. However, feel free to contact us via support@netmodule.com and we will happily support you in finding a programming solution to your specific problem.
The Language
The arena scripting language offers a broad range of POSIX functions (like printf or open) and provides, together with tailor-made API functions, a simple platform for implementing any sort of applications to interconnect your favourite device or service with the router. Here comes a short example:
/* We are going to eavesdrop on the first serial port * and turn on lights via a digital I/O output port , * otherwise we d have to send a short message. */
for (attempts = 0; attempts < 3; attempts ++) { if (nb_serial_read("serial0") == "Knock Knock!") { nb_serial_write("serial0", "Who s there?");
if (nb_serial_read("serial0") == "Santa") { printf (" Hurray !\ n"); nb_dio_set("out1", 1);
} } } nb_sms_send("+123456789", "No presents this year :(")
A set of example scripts can be downloaded directly from the router, you can find a list of them in the appendix. The manual which can be obtained from the NetModule support web page gives a detailed introduction of the language, including a description of all available functions.
123

NB1600 User Manual for NRSW version 4.6.0.105
SDK API Functions The current range of API functions can be used to implement the following features:
1. Send/Retrieve SMS 2. Send E-mail 3. Read/Write from/to serial device 4. Control digital input/output ports 5. Run TCP/UDP servers 6. Run IP/TCP/UDP clients 7. Access files of mounted media (e.g. an USB stick) 8. Retrieve status information from the system 9. Get or set configuration parameters 10. Write to syslog 11. Transfer files over HTTP/FTP 12. Perform config/software updates 13. Control the LEDs 14. Get system events, restart services or reboot system 15. Scan for networks in range 16. Create your own web pages 17. Voice control functions 18. SNMP functions 19. CAN socket functions 20. Various network-related functions 21. Other system-related functions
The SDK API manual (which can be downloaded from the router) provides an overview but also explains all functions in detail. Please note that some functions require the corresponding services (e.g. E-Mail, SMS) or configured interfaces (e.g. CAN) to be properly configured prior to utilizing them in the SDK.
124

NB1600 User Manual for NRSW version 4.6.0.105

Let's now pay some attention to the very powerful API function nb_status. It can be used to query the router's status values in the same manner as they can be shown with the CLI. It returns a structure of variables for a specific section (a list of available sections can be obtained by running cli status -h). By using the dump function you can figure out the content of the returned structure:
/* dump current location */
dump(nb_status("location"));

The script will then generate lines like maybe these:

struct(8): {

.LOCATION_STREET

= string[11]: "Bahnhofquai"

.LOCATION_CITY

= string[10]: "Zurich"

.LOCATION_COUNTRY_CODE = string[2]: "ch"

.LOCATION_COUNTRY

= string[11]: "Switzerland"

.LOCATION_POSTCODE

= string[4]: "8001"

.LOCATION_STATE

= string[6]: "Zurich"

.LOCATION_LATITUDE

= string[9]: "47.3778058"

.LOCATION_LONGITUDE = string[8]: "8.5412757"

}

In combination with the nb_config_set function, it is possible to start a re-configuration of any parts of the system upon status changes. You may query possible sections and parameters again with the CLI:

~ $ cli get -c wanlink.0 cli get -c wanlink.0 Showing configuration entities (matching 'wanlink.0'):

wanlink.0.mode wanlink.0.options wanlink.0.suspend

wanlink.0.multipath wanlink.0.passthru wanlink.0.switchback

wanlink.0.name wanlink.0.prio wanlink.0.weight

Running the CLI in interactive mode, you will be also able to step through possible configuration parameters by the help of the TAB key.

125

NB1600 User Manual for NRSW version 4.6.0.105
Here is an example how one might adopt those functions:
/* check current city and enable the second WAN link */ location = nb_status("location"); if (location) {
city = struct_get(location , "LOCATION_CITY"); if (city == "Wonderland") {
for (led = 0; led < 5; led++) { nb_led_set(led , LED_BLINK_FAST|LED_COLOR_RED);
} } else {
printf("You ll never walk alone in %s ...\n", city); nb_config_set (" wanlink .1. mode =1 "); } }
Running SDK In the SDK, we are speaking of scripts and triggers which form jobs. Any arena script can be uploaded to the router or imported by using dedicated user configuration packages. You may also edit the script directly at the Web Manager or select one of our examples. You will further have a testing section on the router which can be used to check your syntax or doing test runs. Once uploaded, you will have to specify a trigger, that is, telling the router when the script is to be executed. This can be either time-based (e.g. each Monday) or triggered by one of the pre-defined system events (e.g. wan-up) as described in Events chapter 5.7.7. With both, a script and a trigger, you can finally set up an SDK job now. The test event usually serves as a good facility to check whether your job is doing well. The admin section also offers facilities to troubleshoot any issues and control running jobs. The SDK host (sdkhost) corresponds to the daemon managing the scripts and their operations and thus avoiding any harm to the system. In terms of resources, it will limit CPU and memory for running scripts and also provide a pre-defined portion of the available space of the storage device. You may, however, extend it by external USB storage or (depending on your model) extended flash storage. Files written to /tmp will be hold in memory and will be cleared upon a restart of the script. As your scripts operate in the sandbox, you will have no access to tools on the system (such as ifconfig).
126

NB1600 User Manual for NRSW version 4.6.0.105

Administration

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

SDK Administration Job Management Testing
DHCP Server DNS Server NTP Server Dynamic DNS E-mail Events SMS SSH/Telnet Server SNMP Agent Web Server Softflow Discovery Redundancy Voice Gateway
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Administration

Status

Troubleshooting

SDK Administration This kit provides a sandbox environment for running system jobs by means of self-scripted applications.

Administrative status: Storage:

enabled disabled
flash root

Max. size: Scheduling priority: Enable watchdog:

normal

(max. 16 MB)

Apply

Figure 5.41.: SDK Administration

This page can be used to control the SDK host and apply the following settings:

Parameter Administrative status Storage Max. size Scheduling priority
Enable watchdog

SDK Administration Settings
Specifies whether SDK scripts should run or not
The storage device on which the sandbox shall be stored (see chapter 5.8.1)
The maximum amount of MBytes your scripts can can consume on the storage device
Specifies the process priority of the sdkhost, higher priorities will speed up scheduling your scripts, lower ones will have less impact to the host system
This option will enable watchdog supervision for each script which leads to a reboot of the system if the script does not respond or stopped with an exit code not equal zero.

127

NB1600 User Manual for NRSW version 4.6.0.105

The status page informs you about the current status of the SDK. It provides an overview about any finished jobs, you can also stop a running job there and view the script output in the troubleshooting section where you will also find links for downloading the manuals and examples.
Job Management

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Jobs Name config_summary

Scripts Trigger manual_trigger

Triggers Script config_summary

Arguments

LOGOUT

Figure 5.42.: SDK Jobs

This page can be used to set up scripts, triggers and jobs. It is usually a good idea to create a trigger first which is made up by the following parameters:

Parameter Name Type Condition Timespec
Event

SDK Trigger Parameters A meaningful name to identify the trigger The type of the trigger, either time-based or event-based Specifies the time condition for time-based triggers (e.g. hourly) The time specification which, together with the condition, specifies the time(s) when the trigger should be pulled The system event upon which the trigger should be pulled

You can now add your personal script to the system by applying the following parameters:

128

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Name Description Arguments Action

SDK Script Parameters A meaningful name to identify the script An optional description of the script An optional set of arguments passed to the script (supports quoting) You may either edit a script, upload it to the system or select one of the example scripts or an already uploaded script

You are ready to set up a job afterwards, it can be created by using the following parameters:

Parameter Name Trigger Script Arguments

SDK Job Parameters A meaningful name to identify the job
Specifies the trigger that should launch the job
Specifies the script to be executed
Defines arguments which can be passed to the script (supports quoting), they will precede the arguments you formerly may have assigned to the script itself

You can trigger each configured job directly which can be helpful for testing purposes.

Pages Any programmed SDK pages will show up here.

129

NB1600 User Manual for NRSW version 4.6.0.105

Testing
The testing page offers an editor and an input field for optional arguments which can be used to perform test runs of your script or test dedicated portions of it or upload an entire file. Please note that you might need to quote arguments as they will otherwise be separated by white-spaces.

/* arguments: schnick schnack "s c h n u c k"

for (i = 0; i < argc; i++) { printf("argv%d: %s\n", i, argv[i]);
}

/* generates:

argv0: scriptname

argv1: schnick

argv2: schnack

argv3: s c h n u c k

In case of syntax errors, arena will usually print error messages as follows (indicating the line and position where the parsing error occurred):

/scripts/testrun:2:10:FATAL: parse error, unexpected $, expecting ';'

SDK Sample Application As an introduction, you can step through a sample application, namely the SMS control script, which implements remote control over short messages and can be used to send a status of the system back to the sender. The source code is listed in the appendix. Once enabled, you can send a message to the phone number associated with a SIM / modem. It generally requires a password to be given on the first line and a command on the second, such as:
admin01 status
We strongly recommend to use authentication in order to avoid any unintended access, however you may pass noauth as argument to disable it. You can then skip the first line containing the password. Having a closer look to the script, you will see that you will also be able to restrict the list of permitted senders. Please inspect the system log for troubleshooting any issues.

130

NB1600 User Manual for NRSW version 4.6.0.105

The following commands are supported:

Command status connect disconnect reboot output 1 on output 1 off output 2 on output 2 off

Action Will reply a message to the sender including a short system overview Will enable the first WAN link configured on the system Will disable the first WAN link configured on the system Initiates a reboot of the system Turns on the first digital output port Turns off the first digital output port Turns on the second digital output port Turns off the second digital output port

Table 5.100.: SMS Control Commands

A response to the status command typically looks like:

System: NB2700 hostname (00:11:22:AA:BB:CC) WAN1: WWAN1 is up (10.0.0.1, Mobile1, UMTS, -83 dBm, LAI 12345) GPS: lat 47.377894, lon 8.540055, alt 282.200 OVPN: client on tun0 is up (10.0.8.4) DIO: IN1=off, IN2=off, OUT1=on, OUT2=off

131

NB1600 User Manual for NRSW version 4.6.0.105

5.7.2. DHCP Server
This section can be used to individually configure the Dynamic Host Configuration Protocol (DHCP) service for each LAN interface which will serve dynamic IP addresses to hosts in the local network. You may also have a look to the status page where you can find an overview about negotiated client addresses. Please note that WLAN interfaces (for each SSID) will pop up here as well in case you have configured an access point respectively.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

DHCP Server Management

Network Interface LAN1
LAN1-1
LAN1-2
WLAN1

Operation Mode Server
Server
Server
Server

DHCP Range
192.168.1.100 192.168.1.199 192.168.101.100 192.168.101.199 192.168.102.100 192.168.102.199 192.168.200.100 192.168.200.199

LOGOUT
Lease Relay Server
Time 7200 7200 7200 7200

Figure 5.43.: DHCP Server

The following settings for each interface can be applied then:

Parameter Operation mode

DHCP Administrative Settings Specifies whether the DHCP mode is server, relay or disabled

Parameter First lease address

DHCP Server Settings The first address out of the range of IP addresses given to hosts

132

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Last lease address Lease duration Persistent leases
DHCP options
Only allow static hosts

DHCP Server Settings
The last address out of this range
Number of seconds how long a given lease shall be valid until it has to be requested again
By turning on this option the router will remember issued leases even after a reboot. This can be used to ensure that the same IP address will be assigned to a particular host.
By default the DHCP will hand out the interface address as default gateway and the current DNS server addresses if not configured elsewise. You can specify fixed addresses here.
Any requests coming from none-static hosts will be ignored.

Parameter Primary relay server Secondary relay server

DHCP Relay Settings The primary DHCP relay server The secondary DHCP relay server

It is also possible to configure specific lease addresses for particular clients.

Parameter IP address Identified by MAC address hostname port

DHCP Static Hosts Settings The IP address of the lease Specifies by which criteria the client shall be identified The MAC address of the client The client identifier (DHCP option 61) The Ethernet port on which the DHCP request is received

133

NB1600 User Manual for NRSW version 4.6.0.105

5.7.3. DNS Server
The DNS server can be used to proxy DNS requests towards servers on the net which have for instance been negotiated during WAN link negotiation. By pointing DNS requests to the router, one can reduce outbound DNS traffic as it is caching already resolved names but it can be also used for serving fixed addresses for particular host names.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

DNS Server Administration
Administrative status: DNS Server Configuration
Domain name: Primary name server: Secondary name server: Current name servers: Static Hosts Hostname
Apply

enabled disabled
10.74.210.210 10.74.210.211 10.74.210.210 10.74.210.211
Address

LOGOUT

Figure 5.44.: DNS Server

The following settings can be applied:

Parameter Administrative status Domain name Primary name server
Secondary name server

DNS Server Settings Enables or disables the DNS server
The domain name used for short name lookups
The primary default name server which will be used instead of negotiated name servers
The secondary default name server which will be used instead of negotiated name servers

134

NB1600 User Manual for NRSW version 4.6.0.105
135

NB1600 User Manual for NRSW version 4.6.0.105

You may further configure static hosts for serving fixed IP addresses for various host names.

Parameter Address Hostname

DNS Static Hosts Settings The IP address of the static host The hostname of the static host

Please remember to point DNS lookups of local hosts to the router's address.

136

NB1600 User Manual for NRSW version 4.6.0.105

5.7.4. NTP Server This section can be used to individually configure the Network Time Protocol (NTP) server function.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

NTP Server Administration Administrative status:
NTP Server Configuration Poll interval: Allowed hosts:
Apply

enabled disabled

256 seconds

Address: Netmask:

192.168.1.0 255.255.255.0

LOGOUT

Figure 5.45.: NTP Server

The following settings for each interface can be applied then:

Parameter Administrative status Poll interval
Allowed hosts

NTP Server Settings Specifies whether the NTP server is enabled or not Defines the polling interval (64..2048 seconds) for synchronizing the time with the master clock servers Defines the IP address range which is allowed to poll the NTP server

For setting the system time of the device see 5.8.1.

137

NB1600 User Manual for NRSW version 4.6.0.105

5.7.5. Dynamic DNS
The Dynamic DNS client can be used to tell one or multiple DynDNS providers the current IP address of your system. This address can be derived from the current hotlink interface or the outgoing interface which will be used when contacting the server. We further support to ask the CheckIP service at dyndns.org for obtaining the current Internet address which can be useful in NAT scenarios. The DynDNS client will be triggered whenever a WAN or VPN link comes up.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

DynDNS Administration

Administrative status:

DynDNS server:

DynDNS Update Services

Provider

URL / Host

Apply

enabled disabled active inactive
Status

LOGOUT

Figure 5.46.: Dynamic DNS Settings
We provide support for a bunch of common DynDNS operators but it is also possible to define a custom update URL. Please note that your NetModule router can operate as DynDNS server on its own, provided that you have your hosts pointed to the DNS service of the router. We can further operate the GnuDIP protocol and RFC2136-like dynamic DNS updates. The latter is in general secured by a TSIG key.

138

NB1600 User Manual for NRSW version 4.6.0.105

A DynDNS service can receive the following parameters:

Parameter Provider Dynamic address
Hostname
Port Username Password Protocol Server address Server port TSIG key name TSIG key

Dynamic DNS Settings You can choose one of the listed providers or provide a custom URL Specifies whether the address is derived from the hot-link or via an external service The host-name provided by your DynDNS service (e.g. mybox.dyndns.org) The HTTP port of the service (typically 80) The user-name used for authenticating at the service The password used for authentication The protocol used for authentication (HTTP, HTTPS) The address of the server which shall be updated The port of the server which shall be updated The name of the TSIG key which is allowed to perform updates The TSIG key encoded in base64

139

NB1600 User Manual for NRSW version 4.6.0.105

5.7.6. E-Mail
The E-Mail client can be used to send notifications to a particular E-Mail address upon certain events or by SDK scripts.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Configuration

Testing

E-mail Client Configuration

Administrative status:
From address: Server address: Server port: Authentication: Encryption: Username: Password:

Apply

enabled disabled router@netmodule.com mail.netmodule.com 25 automatic tls router@netmodule.com ········

LOGOUT

Figure 5.47.: E-Mail Settings

It can be enabled by applying the following settings.

Parameter E-mail client status From e-mail address Server address Server port Authentication method
Encryption Username

E-Mail Client Settings Administrative status of the E-Mail client E-Mail address of the sender SMTP server address SMTP server port (typically 25) Select the required authentication method which will be used to authenticate against the SMTP server Select the encryption. Can be STARTTLS or none. User name used for authentication

140

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Password

E-Mail Client Settings Password used for authentication

141

NB1600 User Manual for NRSW version 4.6.0.105

5.7.7. Events
By using the event manager you can notify remote systems about system events. A notification can be sent using E-Mail, SMS or SNMP traps.

Parameter E-Mail address
Phone number
SNMP host SNMP port Username Password Authentication
Encryption
Engine ID

Event Notification Settings The E-Mail address to which the notification shall be sent (E-Mail client must be enabled)
The phone number to which the notification shall be sent (SMS service must be enabled)
The SNMP host or address to which the trap shall be sent
The port of the remote SNMP service
The username for accessing the remote SNMP service
The password for accessing the remote SNMP service
The authentication algorithm for accessing the remote SNMP service (MD5 or SHA)
The encryption algorithm for accessing the remote SNMP service (DES or SHA)
The engine ID of the remote SNMP service

The messages will contain a description provided by you and a short system information. A list of all system events can be found in the appendix A.2.

142

NB1600 User Manual for NRSW version 4.6.0.105

5.7.8. SMS
Administration
NetModule routers can receive or send short messages (SMS) if enabled by your SIM provider. Messages are received/sent by the modem which has been assigned to a SIM, so one has to properly configure a SMS-capable default modem as described in chapter 5.3.3. Please note that the system may switch SIMs in case you are running multiple WWAN interfaces sharing the same SIM. Thus, it may happen that a different modem will be used for communication or, if the SIM is unassigned, any operation will even stop. Please do not forget that modems might register roaming to foreign networks where other fees may apply. You can manually assign a fixed network (by PLMN) in the Mobile SIMs section (see 5.3.3). Sending messages heavily depends on the registration state of the modem and whether the provided SMS Center service works and may fail. You may use the sms-report-received event to figure out whether a message has been successfully sent. Received messages are pulled from the SIMs and temporarily stored on the router but get cleared after a system reboot. Please consider to consult an SDK script in case you want to process or copy them.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Administration

Routing

SMS Administration

Status

Testing

Administrative status: Request delivery report: Activated SIMs SIM Gateway

Modem

enabled disabled enabled disabled

State

Registered

Apply

LOGOUT

Figure 5.48.: SMS Configuration The relevant page can be used to enable the SMS service and specify on which it should operate. We
143

NB1600 User Manual for NRSW version 4.6.0.105

identify SIMs based on their IMEI number and track their statistics in a non-volatile manner.

Parameter SMS gateway

SMS SIM Configuration
The service center number for sending short messages. It is generally retrieved automatically from your SIM card but you may define a fix number here.

Routing & Filtering
By using SMS routing you can specify outbound rules which will be applied whenever message are sent. On the one hand, you can forward them to an enabled modem. For a particular number, you can for instance enforce messages being sent over a dedicated SIM. Phone numbers can also be specified by regular expressions, here are some examples:

Number +12345678 +1* +1*9 +[12]*

Result Specifies a fixed number Specifies any numbers starting with +1 Specifies any numbers starting with +1 and ending with 9 Specifies any numbers starting with either +1 or 2

Table 5.112.: SMS Number Expressions

Please note that numbers have to be entered in international format including a valid prefix.
On the other hand, you can also define rules to drop outgoing messages, for instance, when you want to avoid using any expensive service or international numbers.
Both types of rules form a list will be processed by order, forwarding outgoing messages over the specified modem or dropping them. Messages which are not matching any of the rules below will be dispatched to the first available modem.
Filtering serves a concept of firewalling incoming messages, thus either dropping or allowing them on a per-modem basis. The created rules are processed by order and in case of matches will either drop or forward the incoming message before entering the system. All non-matching messages will be allowed.

Status
The status page can be used to the current modem status and get information about any sent or received messages. There is a small SMS inbox reader which can be used to view or delete the messages. Please note that the inbox will be cleared each midnight in case it exceeds 512 kBytes of flash usage.

Testing
This page can be used to test whether SMS sending in general or filtering/routing rules works. The maximum length per message part is limited to 160 characters, we also suggest to exclusively use characters which are supported by the GSM 7-bit alphabet.

144

NB1600 User Manual for NRSW version 4.6.0.105

5.7.9. SSH/Telnet Server
Apart from the Web Manager, the SSH and Telnet services can be used to log into the system. Valid users include root and admin as well as additional users as they can be created in the User Accounts section. Please note, that a regular system shell will only be provided for the root user, the CLI will be launched for any other user whereas normal users will only be able to view status values, the admin user will obtain privileges to modify the system.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Telnet Server Configuration Administrative status: Server port:
SSH Server Configuration Administrative status: Server port: Disable admin login: Disable password-based login:
Apply

enabled disabled 23
enabled disabled 22

LOGOUT
upload authorized keys

Figure 5.49.: SSH and Telnet Server

Please note that these services will be accessible from the WAN interface also. In doubt, please consider to disable or restrict access to them by applying applicable firewall rules. The following parameters can be applied to the Telnet service:

Parameter Administrative status Server port

Telnet Server Settings Whether the Telnet service is enabled or disabled The TCP port of the service (usually 23)

145

NB1600 User Manual for NRSW version 4.6.0.105

The following parameters can be applied to the SSH service:

Parameter

SSH Server Settings

Administrative status

Whether the SSH service is enabled or disabled

Server port

The TCP port of the service (usually 22)

Disable admin login

Disable login for admin users

Disable password-based lo- By turning on this option, all users will have to authenticate by SSH

gin

keys which can be uploaded to the router.

146

NB1600 User Manual for NRSW version 4.6.0.105

5.7.10. SNMP Agent
NetModule routers are equipped with an SNMP daemon, supporting basic MIB tables (such as ifTable), plus additional enterprise MIBs to manage multiple systems.

Parameter .1.3.6.1.2.1 .1.3.6.1.2.1.2.1 .1.3.6.1.2.1.4 .1.3.6.1.2.1.10.131 .1.3.6.1.2.25 .1.3.6.1.6.3.10 .1.3.6.1.6.3.11 .1.0.8802.1.1.2 .1.0.8802.1.1.2.1.5.4795 .1.3.6.1.4.1.31496

Supported MIBs MIB-II (RFC1213), SNMPv2-MIB (RFC3418) IF-MIB (RFC2863) IP-MIB (RFC1213) TUNNEL-MIB (RFC4087) HOST-RESOURCES-MIB (RFC2790) SNMP-FRAMEWORK-MIB SNMPv2-SMI (RFC2578) LLDP-MIB LLDP-EXT-MED-MIB VENDOR-MIB

The VENDOR-MIB tables offer some additional information over the system and its WWAN, GNSS and WLAN interfaces. They can be accessed over the following OIDs:

Parameter NBAdminTable NBWwanTable NBGnssTable NBDioTable NBWlanTable NBWanTable

Vendor MIB OID Assignment .1.3.6.1.4.1.31496.10.40 .1.3.6.1.4.1.31496.10.50 .1.3.6.1.4.1.31496.10.51 .1.3.6.1.4.1.31496.10.53 .1.3.6.1.4.1.31496.10.60 .1.3.6.1.4.1.31496.10.22

They offer facilities for:
rebooting the device updating to a new system software via FTP/TFTP/HTTP updating to a new system configuration via FTP/TFTP/HTTP getting WWAN/GNSS/WLAN/DIO information
Our VENDOR-MIB is listed in the appendix or can be downloaded directly from the router.

147

NB1600 User Manual for NRSW version 4.6.0.105

SNMP Configuration

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Configuration

Authentication

SNMP Agent Configuration Administrative status: Operation mode: Contact: Location: Listening port:

enabled disabled v1 | v2c | v3
161

Apply

v3 only

LOGOUT
Download MIB

Figure 5.50.: SNMP Agent The following parameters can be used to configure the SNMP agent:

Parameter Administrative status Operation mode Contact Location Listening Port

SNMP Configuration Enable or disable the SNMP agent Specifies if agent should run in compatibilty mode or for SNMPv3 only System maintainer or other contact information Location of the device SNMP agent port

Once the SNMP agent is enabled, SNMP traps can be generated using SDK scripts.

148

NB1600 User Manual for NRSW version 4.6.0.105

SNMP Authentication When running in SNMPv3, it is possible to configure the following authentication settings:

Parameter Authentication Encryption

SNMPv3 Authentication Defines the authentication (MD5 or SHA) Defines the privacy protocols to use (DES or AES)

In general, the admin user can read and write any values. Read access will be granted to any other system users.
There is no authentication/encryption in SNMPv1/v2c and should not be used to set any values. However, it is possible to define its communities and authoritive host which will be granted administrative access.

Parameter Read community Admin community Allowed host

SNMPv1/v2c Authentication Defines the community name for read access Defines the community name for admin access Defines the host which is allowed for admin access

Attention must be paid to the fact that SNMP passwords have to be more than 8 characters long. Shorter passwords will be doubled for SNMP (e.g. admin01 becomes admin01admin01). Due to the use of passphrases in SNMP it is mandatory to store passwords of users who shall be able to authenticate against the SNMP server. Please refer to chapter 5.8.2 for more information. Please note that the SNMP daemon is also listening on WAN interfaces and it is therefore suggested to restrict the access with the firewall.
Typical SNMP Commands Setting MIB values and triggering extensions is generally limited to the SNMPv3 admin user. It is possible to specify an administrative host for SNMP v1/2c. The SNMP extensions can be read and triggered as follows:
Getting the software version of the system:
snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1 1.3.6.1.4.1.31496.10.40.1.0
Getting the kernel version: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.2.0
Getting the serial number: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
149

NB1600 User Manual for NRSW version 4.6.0.105
1.3.6.1.4.1.31496.10.40.3.0
Getting the current config description: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.4.0
Getting the current config hash: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.5.0
Restarting the device: snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.10.0 i 1
Running a configuration update: snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.11.0 s "http://server/directory" You can use TFTP, HTTP, HTTPS and FTP URLs (specifying a username/password or a port is not yet supported). Please note that config updates expect a zip-file named <serial-number>.zip in the specified directory. Getting the configuration update status: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.12.0 The return value can be one of: succeeded (1), failed (2), inprogress (3), notstarted (4). Running a software update: snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.13.0 s "http://server/directory"
Getting the software update status: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.14.0 The return value can be one of: succeeded (1), failed (2), inprogress (3), notstarted (4). Setting the update operation: snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.15.0 i 1 By default, the update operation is set to update (0) which results in an immediate update of software or configuration once triggered. One may also set the operation to store (1) which will only store the software or configuration package. It can be later activated using the following switch operators.
150

NB1600 User Manual for NRSW version 4.6.0.105
Switching to alternative software: snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.16.0 i 0 The return value can be derived from the software update status. Switching to alternative config: snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.16.0 i 1 The return value can be derived from the config update status. Getting the alternative config description: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.17.0
Getting the alternative config hash: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.18.0
Getting the alternative software version: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.19.0
Getting the alternative software hash: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
1.3.6.1.4.1.31496.10.40.20.0
Setting digital OUT1: snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
.1.3.6.1.4.1.31496.10.53.10.0 i 0 snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
.1.3.6.1.4.1.31496.10.53.10.0 i 1
Setting digital OUT2: snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
.1.3.6.1.4.1.31496.10.53.11.0 i 0 snmpset -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
.1.3.6.1.4.1.31496.10.53.11.0 i 1
Listing discovered devices: snmpget -v 3 -u admin -n "" -l authNoPriv -a MD5 -x DES -A admin01admin01 192.168.1.1
.1.0.8802.1.1
151

NB1600 User Manual for NRSW version 4.6.0.105

5.7.11. Web Server
This page can be used to configure different ports for accessing the Web Manager via HTTP/HTTPS. We strongly recommend to use HTTPS when accessing the web service via a WAN interface as the communication will be encrypted and thus avoids any misuse of the system. In order to enable HTTPS you would need to generate or upload a server certificate in the section 5.8.8.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Web Server Configuration
HTTP Administrative status: HTTP port:
HTTPS Administrative status: HTTPS port: HTTPS certificate:
HTTPS security Enable CLI-PHP:
Apply

enabled redirect to https 80
enabled disabled 443 missing Manage keys and certificates modern (Firefox 27, Chrome 30, IE 11 on Windows 7, ...) old (Firefox 1, Chrome 1, IE 7, ...) none (Windows XP IE6, Java 6)

Parameter Administrative Status HTTP port HTTPS port Enable CLI-PHP

Figure 5.51.: Web Server
Web Server Settings Enable or disable the Web server Web server port for HTTP connections Web server port for HTTPS connections Enable CLI-PHP service (see chapter 6.17)

152

NB1600 User Manual for NRSW version 4.6.0.105

5.7.12. Softflow

This page can be used to configure the network traffic analyser daemon softflowd used for exporting NetFlow traffic data.

Parameter Interface Host Address Port Protocol Version Maximum Flows Track Level Sample Rate

Softflow Settings Interface on which to listen for traffic Destination address of the traffic data Port of the destination address Protocol version of the data The maximum number of flows to concurrently track Flow elements that should be used to define a flow Periodical sampling rate

153

NB1600 User Manual for NRSW version 4.6.0.105

5.7.13. Discovery
This page can be used to enabled discovery protocols which can be used to discover and to get discovered by other hosts.

Parameter Administrative status Enabled protocols

Discovery Configuration Administrative status List of enabled discovery protocols

The following protocols are supported:

Parameter LLDP CDP FDP SONMP EDP IRDP

Discovery Configuration Link Layer Discovery Protocol Cisco Discovery Protocol Foundry Discovery Protocol Nortel Discovery Protocol Extreme Discovery Protocol ICMP Router Discovery Protocol

IRDP implements RFC1256 and can also inform locally connected hosts about the nexthop gateway. Any discovered hosts will be exposed to the LLDP-MIB and can be queried over SNMP or CLI/GUI.

154

NB1600 User Manual for NRSW version 4.6.0.105

5.7.14. Redundancy
This page can be used to set up a redundant pair of NetModule routers (or other systems) by running the Virtual Router Redundancy Protocol (VRRP) between them. A typical VRRP scenario defines a first host playing the master and another the backup device, they both define a virtual gateway IP address which will be distributed by gratuitous ARP messages for updating the ARP cache of all LAN hosts and thus redirecting the packets accordingly. A takeover will happen within approximately 3 seconds as soon as the partner is not reachable anymore (checked via multicast packets). This may happen when one device is rebooting or the Ethernet link went down. Same applies when the WAN link goes down.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Redundancy

Rule

Interface

Address

LOGOUT

Figure 5.52.: VRRP Configuration

In case DHCP has been activated, please keep in mind that you will need to reconfigure the DHCP gateway address offered by the server and let them point to the virtual gateway address. In order to avoid conflicts you may turn off DHCP on the backup device or even better, split the DHCP lease range across both routers in order to prevent any lease duplication.

Parameter Administrative status

Redundancy Configuration Administrative status

155

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Role VID Interface Virtual gateway address

Redundancy Configuration The role of this system (either master or backup) The Virtual Router ID (you can theoretically run multiple instances) Interface on which VRRP should be performed The virtual gateway address formed by the participating hosts

We assign a priority of 100 to the master and 1 to the backup router. Please adapt the priority of your third-party device appropriately.

156

NB1600 User Manual for NRSW version 4.6.0.105

5.8. SYSTEM
5.8.1. System
System Settings

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

System Settings Time & Region Reboot
Authentication User Accounts Remote Authentication
Software Update Software Update Modem Firmware Update Software Profiles
Configuration File Configuration Factory Configuration
Troubleshooting Network Debugging System Debugging Tech Support
Keys & Certificates
Licensing
Legal Notice
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

System

Syslog

LEDs

Bootloader

Local hostname: Application area: Reboot delay: Enable TCP timestamps:
Apply

NB1600

stationary

seconds

LOGOUT

Figure 5.53.: System

System The following system parameters can be set:

Parameter Local hostname Application area
Reboot delay

System Settings
The hostname of the system
The desired application area which influences the system behaviour such as registration timeouts or other adaptions when operating in mobile environments.
The number of seconds which will be waited before regular system reboots (might be needed for system-rebooting events)

157

NB1600 User Manual for NRSW version 4.6.0.105

Parameter

System Settings

Enable TCP timestamps

Enable TCP timestamps for system wide TCP communication. This is needed for Protection Against Wrapped Sequence numbers (PAWS), but with these timestamps enabled a remote attacker can guess the uptime of the system. The uptime is a lower bound for the age of the main system components like the kernel. If the system has an uptime of 3 years it's unlikely that recent security patches were applied.

Show messages and infos Show error messages and notifications on login screen. If this option

on log-in screen

is enabled these messages are also shown before logging in with user

credentials.

Syslog The following syslog parameters can be set:

Parameter Storage Max. filesize Redirect address

Syslog Settings
The storage device on which log files shall be stored.
The maximum size of the log files (in kB) until they will get rotated.
Specifies an IP address to which log messages should be redirected to. A tiny system log server for Windows is included in TFTP32 which can be downloaded from our website.

In general, the box comes with an internal flash device which can be used to store data. Depending on your model this can be extended by additional flash or USB disks. The following storage devices exist:

Parameter flash root flash data extended disk USB disk

Storage Devices The root partition of the internal flash The data partition of the internal flash An extended storage disk A storage disk connected to the external USB port

LEDs The following LED parameters can be set:

Parameter LED

LED Settings
You can customize the behavior of all status LEDs on the front panel of your device. They are usually divided into two banks (left/right)(top/bottom). You may configure toggle mode, so that the LEDs periodically cycle between two separated configured LED schemes.

158

NB1600 User Manual for NRSW version 4.6.0.105

Bootloader The following bootloader parameters can be set:

Parameter Password

Bootloader Settings
The password used to unlock the bootloader. If empty, the admin password will be used.

Autorun
This feature can be used to automatically launch a shell script or perform a software/config update as soon as an external storage device has been plugged in. For authentication, a file called autorun.key must exist in the root directory of a FAT16/32 formatted device. It can be downloaded from that page and holds the SHA256 hash key of the autorun password. The file can hold multiple hashes which will be processed line-by-line during authentication which can be used for setting up more systems with different admin passwords. For new devices with an empty password the hash key
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 can be used. The hash keys can be generated by running the command echo -n "<password>" | sha256sum on a Linux system or an Internet hash key generator (search for "sha-256 hash calculator"). Once authentication has succeeded, the system scans for other files in the root directory which can perform the following actions:
1. For running a script: autorun.sh 2. For a configuration update: cfg-<SERIALNO>.zip (e.g. cfg-00112B000815.zip), or if not avail-
able cfg.zip 3. For a software update: sw-update.img
Time & Region This page can be used for setting the system time and configuring the time zone. You may further enable daylight saving changes for your specific time zone. NetModule routers can synchronize their system time by using one or more servers by the help of the Network Time Protocol (NTP) or via GNSS. If enabled, the time synchronization is usually triggered after a WAN link has come up but before starting any VPN connections. Further time synchronization cycles are scheduled in background. Most routers don't have a battery backed clock (RTC). In this case the system time is set during boot to the last valide time, e.g. before power off.

159

NB1600 User Manual for NRSW version 4.6.0.105

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

System Time Current system time:
Time Synchronisation Primary NTP server: Secondary NTP server: Preferred NTP server: Ping check: Sync time from GNSS:
Time Zone Time zone: Daylight saving changes:
Apply Sync

2020-01-09 02:03:05

Set time

0.pool.ntp.org 1.pool.ntp.org Primary NTP Server
enabled

UTC+01:00 Zurich

LOGOUT

Parameter NTP server NTP server 2 Ping check
Sync time from GNSS

Figure 5.54.: Regional settings
Time Synchronisation Address of the primary NTP server Optionally, the address of a second NTP server Uses an ICMP ping to check whether NTP servers are available when running initial time update Derive time from first GNSS device (if enabled)

Parameter Time Zone Daylight saving changes

Time Zone Set the local time zone. Enable/disable daylight saving changes.

Reboot This page can be used to set up a periodic automatic reboot but also to trigger a manual reboot which will be issued immediately.

160

NB1600 User Manual for NRSW version 4.6.0.105

5.8.2. Authentication
User Accounts By using this page you can manage the user accounts on the system.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

User Accounts

Admin accounts represent users with administrative privileges that can alter the system configuration. Other users only have the permission to view status information and can be used for VPN access.

Username

Role

Description

Shell

admin

administrator

Administrator

cli

user

User

cli

Figure 5.55.: User Accounts

The admin user is a built-in power user which represents the default administrator of the system. Please note that the admin password will be also applied to the root user which is able to enter a system shell. Further admin accounts with administrative privileges can be added, they can also alter the system configuration or perform administrative system tasks. Other users only have the permission to view status information. They can be also used for VPN access.
The Web Manager supports up to 5 concurrent users. Inactive users will be kicked after being idle for 30 minutes. If login was successful, any duplicate users from other remote hosts will be logged out. Remote hosts will be blocked for 5 minutes after 10 failed login attempts.

Parameter Username Description

User accounts management The name of the user A short description for the user

161

NB1600 User Manual for NRSW version 4.6.0.105

Parameter

User accounts management

Role

Either admin or user

Shell

Specifies if the user gets the CLI or a SHELL

Store password unen- If this option is selected the user password is stored unencrypted on

crypted

the device (not recommended)

Old password

The old password of the user

New password

The new password of the user

Confirm new password

The confirmed new password of the user

Please note, when adding additional admin users you are required to provide the password of the default administrator.

Storing Passwords Normally the password for a user is only stored as a cryptographic hash, which is the recommended way to handle passwords on devices. Unfortunately the SNMP implementation makes it mandatory to store the password on the device unencrypted. Make sure to grant access rights to your users in a restrictive manner.

Remote Authentication A RADIUS server can be used for authenticating remote users. This applies for the Web Manager, the WLAN network and other services supporting and incorporating remote authentication.

162

NB1600 User Manual for NRSW version 4.6.0.105

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Remote Authentication Administrative Status: Use for login:
Primary RADIUS Configuration Server address: Secret: Authentication port: Accounting port:
Secondary RADIUS Configuration Server address: Secret: Authentication port: Accounting port:
Apply

enabled disabled
192.168.1.200 ········ 1812 1813
1812 1813

LOGOUT

Figure 5.56.: Remote Authentication

It can be configured as follows:

Parameter Administrative status RADIUS server RADIUS secret Authentication port Accounting port Use for login

Remote authentication settings Defines whether a remote server should be used for authentication The RADIUS server address The secret used to authenticate against the RADIUS server The port used for authentication The port used for accounting messages This option enables remotely-defined users to access the Web Manager, otherwise it is only used by services which have explicitly configured it (e.g. WLAN)

163

NB1600 User Manual for NRSW version 4.6.0.105

5.8.3. Software Update

Manual Software Update This menu can be used to run a manual software update of the system.

Parameter Update operation
URL
Administrator password

Manual Software Update
The update operation method being used. You can upload the image, download it from an URL or use the latest version from our server
The server URL where the software update image should be downloaded from
Administrator password for downgrade to releases before 4.2.x

Attention Starting with SW release 4.2 we set default to not saving passwords using password hashes instead. Storing passwords for users can be enabled, but is not recommended for new applications. Older SW releases require the passwords to be stored encrypted on the device. As we don't have them any more in release version 4.2 and later you will have to provide the administrator password if you want to downgrade to a release 4.1.x and lower. The same passphrase will be used for bootloader login as well. All users which have no password stored on the device will not be able to login after downgrade until new passwords have been applied.

An Uniform Resource Locator (URL) can have the following format:
http://<username>:<password>@<host>:<port>/<path> https://<username>:<password>@<host>:<port>/<path> ftp://<username>:<password>@<host>:<port>/<path> sftp://<username>:<password>@<host>:<port>/<path> tftp://<host>/<path> file:///<path>
When issuing a software update, the current configuration (including files like keys/certificates) will be backuped. Any other modifications to the filesystem will be erased. The configuration is generally backward-compatible. We also apply forward compatibility when downgrading to a previous software within the same release line, which is accomplished by sorting out unknown configuration directives which actually may lead to loss of settings and features. Therefore, it's always a good idea to keep a copy of the working configuration.

164

NB1600 User Manual for NRSW version 4.6.0.105

Attention In case you perform a major downgrade with a previous release line (e.g. 3.7.0 to 3.6.0), please ensure to always use the latest release of that branch (i.e. 3.6.0.X) as only those tend to be fully forward-compatible. Also keep in mind, that some hardware features may not work (e.g. if not implemented in that version). In doubt, please consult our support team.

A software image can be either uploaded via the Web Manager or retrieved from a specific URL. It will be unpacked and deployed to a spare partition which gets activated if the update completed successfully. The whole procedure is accompanied by all green LEDs flashing up, the subsequent system reboot gets denoted by a slowly blinking Status LED. The backuped configuration will be applied at bootup and the Status LED will blink faster during this operation. Depending on your configuration, this may take a while.
Automatic Software Update This menu can be used to run a automatic software update of the system.

Parameter Status Time of day Operation

Automatic software update
Enable/disable automatic software update
Every day at this time the router will do a check for updates
Download latest image from the server or specify the URL where the software update package should be downloaded from. Supported protocols are TFTP, HTTP, HTTPS, and FTP. Provide a URL like protocol://server/path/file

Remark: SSL certificates of HTTPS URLs will be only verified if a list of CA root certificates are provided under 5.8.8.
After the new software has been installed, the latest running configuration will be applied afterwards during bootup. This is indicated by a faster green blinking of the Status LED.

5.8.4. Module Firmware Update This menu can be used to perform a firmware update of a specific module.

Parameter Update operation
Module Storage

Module Firmware Update
The update operation method being used. You can either upload a firmware package or download it from a specifc URL.
The module which shall be updated.
The temporary storage which shall be used for the update procedure. For boxes with limited amount of flash it is possible to use an USB stick which must be properly set up in the USB section and hold a proper filesystem such as ext4.

165

NB1600 User Manual for NRSW version 4.6.0.105

Parameter URL

Module Firmware Update
The server URL where the firmware package should be downloaded from (e.g. protocol://server/path/file). Supported protocols are TFTP, HTTP, HTTPS, and FTP. For boxes with limited amount of flash you may also use usb0://<path-to-firmware-package>.

A firmware package (ZIP) usually consists of a flash utility, an info file and the corresponding firmware files. Please follow https://www.netmodule.com/en/support in order to get the latest version.
5.8.5. Software Profiles
The system consists of two root partitions which can hold different software versions and this menu can be used to switch between them. By doing so, you can test a newer software version and simply switch-back if things go wrong.

166

NB1600 User Manual for NRSW version 4.6.0.105

5.8.6. Configuration
Configuration via the Web Manager becomes tedious for larger volumes of devices. The router therefore offers automatic and manual file-based configuration to automate things. Once you have successfully set up the system you can back up the configuration and restore the system with it afterwards. You can either upload a single configuration file (.cfg) or a complete package (.zip) containing the configuration file and a packed version of other essential files (such as certificates) in the root directory.
Manual File Configuration

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

File Configuration Automatic Updates

Current Configuration Description: Version: Last modified: Hash:
File Configuration
Operation:

NB1600 1.13 n/a a2fa4d8240355d99d201271beacf16cb
Download configuration file Upload configuration file Update configuration from URL

Download

LOGOUT Set

Figure 5.57.: Manual File Configuration
This section can be used to download the currently running system configuration (including essential files such as certificates). In order to restore a particular configuration you can upload a configuration previously downloaded. You can choose between missing configuration directives set to factory defaults or getting ignored, that means, potentially existing configuration directives will be kept at the system.

167

NB1600 User Manual for NRSW version 4.6.0.105

Automatic File Configuration

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

File Configuration Automatic Updates

Automatic Updates
Status: Time of day: URL:

enabled disabled 00:00

Apply

LOGOUT

Figure 5.58.: Automatic File Configuration

This menu can be used to run an automatic configuration update of the system. It is configured as follows:

Parameter Status Time of day URL

Automatic File Configuration Enable/disable an automatic configuration update Time of day when the system should check for updates The URL where the configuration file should be retrieved from (supported protocols are HTTP, HTTPS, TFTP, FTP)

168

NB1600 User Manual for NRSW version 4.6.0.105

Factory Configuration

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Initiate Factory Reset This operation will reset all settings to factory defaults. Your current configuration will be lost. You may consider backing up the current configuration prior to running a reset.
Reset Factory Default Configuration You may store the currently running configuration as factory defaults. This configuration will be activated whenever a factory reset has been triggered.
Store

LOGOUT

Figure 5.59.: Factory Configuration
This menu can be used to reset the device to factory defaults. Your current configuration will be lost. A successfully initiated factory reset can be noticed by all LEDs having been turned on. The factory reset will set the IP address of the first Ethernet interface back to 192.168.1.1. You will be able to communicate again with the device using the default network parameters. You may store the currently running configuration as factory defaults which will reside active even when a factory reset has been initiated (e.g. by your service staff). Please ensure that this corresponds to a working configuration. A real factory reset to the default settings can be achieved by restoring the original factory configuration and initiating the factory reset again.

169

NB1600 User Manual for NRSW version 4.6.0.105

5.8.7. Troubleshooting

Network Debugging There are serveral tools for network debugging like ping, traceroute, tcpdump and darkstat.

Parameter Ping
Traceroute
Tcpdump

Automatic software update
The ping utility can be used to verify whether a remote host can be reached via IP.
The traceroute utility can be used to print the route packets trace to a remote host.
The tcpdump utility generates a network capture (PCAP) of an interface which can be later analyzed with Wireshark.

170

NB1600 User Manual for NRSW version 4.6.0.105

System Debugging You can view the system log here by selection the option Debug log or if you are interested in the boot log select Boot log. Another way to see what is going on on the box is opening a SSH or Telnet session as root and typing tail-log. Furthermore the system log can be redirected to a syslog server, see section 5.8.1.

HOME INTERFACES
System Settings Time & Region Reboot
Authentication User Accounts Remote Authentication
Software Update Software Update Modem Firmware Update Software Profiles
Configuration File Configuration Factory Configuration
Troubleshooting Network Debugging System Debugging Tech Support
Keys & Certificates Licensing Legal Notice

ROUTING

Jan 9 02:01:30 NB1600 user.err link-manager[27880]: wanlink0: link is dialing too long (36s)

Jan 9 02:01:31 NB1600 user.notice link-manager[27880]: wanlink0: permanent link is suspended for

10s (set suspended [auto])

Jan 9 02:01:36 NB1600 user.notice link-manager[27880]: wanlink1: suspending link after 5 attempts

Jan 9 02:01:36 NB1600 user.notice link-manager[27880]: wanlink1: permanent link is suspended for

10s (set suspended [auto])

FJIaRnE9W02A:0L1L:36 NBV16P0N0 user.nSotEicRe VlinIkC-mEaSnager[2S7Y88S0T]: EwaMnlink0: permanent link is unsuspended now
(reset suspended [auto])

Jan 9 02:01:45 NB1600 user.err mobile-node[17795]: Could not determine care-of address! (No route to

home agent?)

Jan 9 02:01:45 NB1600 user.err mobile-node[17795]: Could not determine care of address! SJyanste9m02D:0e1b:4u5gNgBin1g600 user.err mobile-node[17795]: TunnelController::sendRegistrationRequest()

failed! Jan 9Lo02g:0V1i:e4w5 eNrB1600 userD.eerrbmugobLielev-neolsde[17795]: Could not send registration request!

Jan 9 02:01:49 NB1600 user.notice link-manager[27880]: wanlink1: permanent link is unsuspended now

S(rheosewt suspaellnded [auto])

of system log

Jan 9 02:01:49 NB1600 user.notice link-manager[27880]: wanlink1: notify wwan0 setup 0 automatic

Jan 9 02:01:54 NB1600 daemon.debug hostapd: wlan0: WPA rekeying GTK

Jan 9 02:02:13 NB1600 user.err link-manager[27880]: wanlink0: link is dialing too long (36s)

Jan 9 02:02:13 NB1600 user.notice link-manager[27880]: wanlink0: permanent link is suspended for

10s (set suspended [auto])

Jan 9 02:02:15 NB1600 user.err mobile-node[17795]: Could not determine care-of address! (No route to

home agent?)

Jan 9 02:02:15 NB1600 user.err mobile-node[17795]: Could not determine care of address!

Jan 9 02:02:15 NB1600 user.err mobile-node[17795]: TunnelController::sendRegistrationRequest()

failed!

Jan 9 02:02:15 NB1600 user.err mobile-node[17795]: Could not send registration request!

Jan 9 02:02:18 NB1600 user.notice link-manager[27880]: wanlink1: suspending link after 5 attempts

Jan 9 02:02:19 NB1600 user.notice link-manager[27880]: wanlink1: permanent link is suspended for

10s (set suspended [auto])

Jan 9 02:02:19 NB1600 user.notice link-manager[27880]: wanlink0: permanent link is unsuspended now

(reset suspended [auto])

Jan 9 02:02:31 NB1600 user.notice link-manager[27880]: wanlink1: permanent link is unsuspended now

(reset suspended [auto])

Jan 9 02:02:31 NB1600 user.notice link-manager[27880]: wanlink1: notify wwan0 setup 0 automatic

Jan 9 02:02:37 NB1600 user.err surveyor[27912]: ipsec tunnel0 is down since 60s, reloading

Jan 9 02:02:45 NB1600 user.err mobile-node[17795]: Could not determine care-of address! (No route to

home agent?)

Jan 9 02:02:45 NB1600 user.err mobile-node[17795]: Could not determine care of address!

Jan 9 02:02:45 NB1600 user.err mobile-node[17795]: TunnelController::sendRegistrationRequest()

failed!

Jan 9 02:02:45 NB1600 user.err mobile-node[17795]: Could not send registration request!

Jan 9 02:02:54 NB1600 user.err link-manager[27880]: wanlink0: link is dialing too long (36s)

Jan 9 02:02:54 NB1600 user.notice link-manager[27880]: wanlink0: permanent link is suspended for

10s (set suspended [auto])

Jan 9 02:03:00 NB1600 user.warn configd[25199]: get values: key [network.lan.200.address] does not

exist

Jan 9 02:03:00 NB1600 user.warn configd[25199]: get values: key [network.lan.200.netmask] does not

exist

Jan 9 02:03:00 NB1600 user.warn configd[25199]: get values: key [network.lan.200.mode] does not

exist

Jan 9 02:03:01 NB1600 user.notice link-manager[27880]: wanlink1: suspending link after 5 attempts

Jan 9 02:03:01 NB1600 user.notice link-manager[27880]: wanlink1: permanent link is suspended for

10s (set suspended [auto])

Jan 9 02:03:01 NB1600 user.notice link-manager[27880]: wanlink0: permanent link is unsuspended now

(reset suspended [auto])

LOGOUT Reset

Figure 5.60.: Log Viewer

171

NB1600 User Manual for NRSW version 4.6.0.105

Tech Support
You can generate and download a tech support file here. We strongly recommend providing this file when getting in touch with our support team, either by e-mail or via our on-line support form, as it would significantly speed up the process of analyzing and resolving your problem. Log files can be viewed, downloaded and reset here. Please study them carefully in case of any issues. Various tools reside on this page for further analysis of potential configuration issues.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Tech Support You can generate and download a tech support file here. We strongly recommend to provide this when getting in touch with our support team (either by E-Mail or via our online support form) as it would significantly speed up the process of analyzing and resolving your problem.
Exclude secrets: Encrypt file:
Download

Figure 5.61.: Tech Support File
It is possible to trace any IP interface and inspect individual packet flows between hosts. This can be achieved by logging onto the box and start a network packet capture by using the tool tcpdump. We recommend to use the -n switch to bypass name resolution (e.g. tcpdump -n -i lan0). You may also generate a dump in PCAP format using the Web Manager, download it to your computer and perform further inspections with Wireshark (available at www.wireshark.org).

172

NB1600 User Manual for NRSW version 4.6.0.105

5.8.8. Keys and Certificates
The key and certificate page lets you generate required files for securing your services (such as HTTP and SSH server) but also to implement authentication and encryption for certificate-based VPN tunnels and WLAN clients.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Keys & Certificates Configuration

Name

Description

Root CA

The root authority used for issuing local certificates

Web Server

The SSL certicates used by the Web server

MQTT Broker The SSL certicates used by the Web server

SSH Server

The host keys used by the SSH server

SSH Authorization The keys used for SSH authorization

SSH 'user'

The keys used for SSH authorization of the user 'user'

OpenVPN1

The certificates used for authenticating OpenVPN Tunnel 1

Authorities

Other certificate authorities which we trust

Erase

LOGOUT
Status missing missing missing installed missing missing missing missing

Figure 5.62.: Keys and certificates

The entry pages shows an overview about installed keys and certificates. The following sections may appear:

Type Root CA Web Server MQTT Broker SSH Server

Description
The root Certificate Authority (CA) which issues certificates, its key can be used to certify it at trusted third party on other systems
The certificates for the Web server required for running HTTP over SSL (HTTPS).
The certificates for the MQTT Broker required for running MQTT over TLS encrypted connection.
The DSS/DSA keys for the SSH server.

173

NB1600 User Manual for NRSW version 4.6.0.105

Type SSH Authorization OpenVPN IPsec WLAN
ETH
Authorities

Description The keys used for SSH authorization.
Server or client keys and certificates for running OpenVPN tunnels.
Server or client keys and certificates for running IPsec tunnels.
Keys and certificates for implementing certificate-based WLAN authentication (e.g. WPA-EAP-TLS).
Keys and certificates for authentication via IEEE 802.1X on Ethernet ports.
Other certificate authorities which we trust when establishing SSL client connections.

Table 5.139.: Certificate Sections

For each certificate section it is possible to perform the following operations:

Operation generate locally upload files
enroll via SCEP download certificate create signing request erase certificate

Description
Generate key and certificate locally on the box (see 5.8.8 for more options)
Key and certificate will be uploaded. We support files in PKCS12, PKCS7, PEM/DER format as well as RSA/DSS keys in OpenSSH or Dropbear format.
Enroll key and certificate via SCEP (see 5.8.8 for more options)
Download key and certificate in ZIP format (files will be encoded in PEM format)
Generate key locally and create a signing request to retrieve a certificate signed by another authority
Erase all keys and certificates associated with this section

Table 5.140.: Certificate Operations

174

NB1600 User Manual for NRSW version 4.6.0.105

Configuration

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

System Settings Time & Region Reboot
Authentication User Accounts Remote Authentication
Software Update Software Update Modem Firmware Update Software Profiles
Configuration File Configuration Factory Configuration
Troubleshooting Network Debugging System Debugging Tech Support
Keys & Certificates Licensing Legal Notice
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Keys & Certificates Configuration

Organization (O) Department (OU) Location (L) State (ST) Country (C) Common Name (CN) E-Mail Expiry period: Key size: DH primes: Signature: Cipher: Passphrase: SCEP Configuration
SCEP Status:
Apply

NetModule Networking Switzerland Switzerland Switzerland NB1600 router@support.netmodule.com 7300 days 2048 bits 2048 bits sha256 aes256 ········
enabled disabled

LOGOUT

Figure 5.63.: Certificate Configuration

This page provides some general configuration options which will be applied when operating on keys and certificates.
If keys, certificates and signing requests are generated locally, the following settings will be take into account:

Parameter Organisation (O) Department (OU)
Location (L) State (ST)

Certificate Configuration The certificate owner's organization The name of the organizational unit to which the certificate issuer belongs The certificate owner's location The certificate owner's state

175

NB1600 User Manual for NRSW version 4.6.0.105

Parameter Country (C) Common Name (CN) E-Mail Expiry period Key size DH primes Signature Passphrase

Certificate Configuration The certificate owner's country (usually a TLD abbreviation) The certificate owner's common name, mainly used to identify a host The certificate owner's email address The number of days a certificate will be valid from now on The length of the private key in bits The number of bits for custom Diffie-Hellman primes The signature algorithm when signing certificates The passphrase for accessing/opening a private key. This passphrase is initialized to a random string the first time you log in. (see 5.1.1)

Please be aware of the fact, that the local random number generator (RNG) provides pretty good randomness for most applications. If stronger cryptography is mandatory, we suggest to create the keys at an external RNG device or manage all certificates completely on a remote certification server. Nevertheless, using a local certificate authority can issue and manage all required certificates and also run a certificate revokation list (CRL).
When importing keys, the certificate and key file can be uploaded individually encoded in PEM/DER or PKCS7 format. All files (CA certificate, certificate and private key) can also be uploaded in one stroke by using the container format PKCS12. RSA/DSS keys can be converted from OpenSSH or Dropbear formats. It is possible to specify the passphrase for opening the private key. Please note that the system will generally apply the system-wide certificate passphrase on a key when installing the certificate. Thus, changing the general passphrase will result in all local keys getting equipped with the new one.

SCEP Configuration
If certificates are getting enrolled by using the Simple Certificate Enrollment Protocol (SCEP) the following settings can be configured:

Parameter SCEP status URL
CA fingerprint
Fingerprint algorithm Poll interval Request timeout ID type Password

SCEP Configuration

Specifies whether SCEP is enabled or not

The

SCEP

URL,

usually

the

form

http://<host>/<path>/pkiclient.exe

The fingerprint of the certificate used to identify the remote authority. If left empty, any CA will be trusted.

The fingerprint algorithm for identifying the CA (MD5 or SHA1)

The polling interval in seconds for a certificate request

The max. polling time in seconds for a certificate request

Can be IP, Email or DNS

The password for the scep server.

176

NB1600 User Manual for NRSW version 4.6.0.105
When enrolling certificates, the CA certificate will be initially fetched from the specified SCEP URL using the getca operation. It will be shown on the configuration page and it has to be verified that it belongs to the correct authority. Otherwise, the CA must be rejected. This part is essential when using SCEP as it builds up the chain of trust. If a certificate enrollment request times out, it is possible to re-trigger the interrupted enrollment request and it will be resumed using the previously generated key. In case a request has been rejected, you are required to erase the certificate first and then start the enrollment process all over again. Authorities For SSL client connections (as used by SDK functions or when downloading configuration/software images) you might upload a list of CA certificates which are considered trusted. To obtain the CA certificate from a particular site with Mozilla Firefox, the following steps will be required:
Point the browser to the relevant HTTPS website Click the padlock in the address bar Click the More Information and the View Certificate button Select the Details tab press the Export button Choose a path for the file (e.g. website.pem) Certificates from self-signed authoritites can also be retrieved by running: echo quit | \ openssl s_client -showcerts -connect <host>:443 | \ sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > other.crt The PEM-encoded X.509 certificate files can be edited and concatenated using a simple editor (if required) and then uploaded to the box. Once installed, an SSL client connection will terminate if verification with any of those CA certificates fails.
177

NB1600 User Manual for NRSW version 4.6.0.105

5.8.9. Licensing
Certain features of NetModule routers require a valid license to be present in the system, some of them also depend on the mounted modules. Please contact us for getting a valid license for available components and we will provide a license file based on your serial number which can be installed to the router afterwards.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

System Settings Time & Region Reboot
Authentication User Accounts Remote Authentication
Software Update Software Update Modem Firmware Update Software Profiles
Configuration File Configuration Factory Configuration
Troubleshooting Network Debugging System Debugging Tech Support
Keys & Certificates Licensing Legal Notice
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

License Installation
Operation: License file: Install

Upload license file Download license from URL
Choose File No file selected

Licensing Status Serial number: License status:
Feature FMS2IP GPS GSM ITXPT LTE SERVER TX_ADV UMTS VIRT VOICE WLAN

Availability no yes yes no yes yes yes yes no yes yes

00112B025026 A valid license is installed.
Licensing Status unlicensed licensed licensed unlicensed licensed licensed licensed licensed licensed licensed licensed

LOGOUT

Figure 5.64.: Licensing

178

NB1600 User Manual for NRSW version 4.6.0.105
5.8.10. Legal Notice OSS Notice We inform you that NetModule products may contain in part open-source software. We are distributing such open-source software to you under the terms of GNU General Public License (GPL), GNU Lesser General Public License (LGPL) or other open-source licenses. These licenses allow you to run, copy, distribute, study, change and improve any software covered by GPL, Lesser GPL, or other open-source licenses without any restrictions from us or our end user license agreement on what you may do with that software. Unless required by applicable law or agreed to in writing, software distributed under open-source licenses is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. To obtain the corresponding open source codes covered by these licenses, please contact our technical support at support@netmodule.com.
Acknowledgements This product includes PHP, freely available from http://www.php.net. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young(eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). This product includes software written Jean-loup Gailly and Mark Adler. This product includes software MD5 Message-Digest Algorithm by RSA Data Security, Inc. This product includes an implementation of the AES encryption algorithm based on code released by Dr Brian Gladman. Multiple-precision arithmetic code originally written by David Ireland Software from The FreeBSD Project (www.freebsd.org) Copyright (C) 2022, NetModule. All rights reserved.
179

NB1600 User Manual for NRSW version 4.6.0.105
5.9. LOGOUT
Please use this menu to log out from the Web Manager.
180

NB1600 User Manual for NRSW version 4.6.0.105

6. Command Line Interface

The Command Line Interface (CLI) offers a generic control interface to the router and can be used to get/set configuration parameters, apply updates, restart services or perform other system tasks.
It will be started automatically in interactive mode when logging in as admin user or by running cli -i. However, the same syntax can be used when calling it from the system shell. A list of available commands can be displayed by running cli -l.
The CLI supports TAB completion, that is expanding entered words or fragments by hitting the TAB key at any time. This applies to commands but also to some arguments and generally offers a convenient way for working on the shell.
Please note that each CLI session will perform an automatic logout as soon as a certain time of inactivity (10 minutes by default) has been reached. It can be turned off by the command no-autologout.

6.1. General Usage
When operating the CLI in interactive mode, each entered command will be executed by the RETURN key. You can use the Left and Right keys to move the current point between entered characters or use the Up and Down keys to search the history of entered commands. Typing exit as well as pressing CTRL-c twice or CTRL-d on an empty command line will exit the CLI.

List of supported key sequences:

Key Sequence CTRL-a CTRL-e CTRL-f CTRL-b ALT-f ALT-b CTRL-l
CTRL-p CTRL-n ALT-< ALT-> CTRL-r CTRL-s CTRL-q CTRL-d CTRL-t

Action Move to the start of the current line Move to the end of the line Move forward a character Move back a character Move forward to the end of the next word Move back to the start of the current or previous word Clear the screen leaving the current line at the top of the screen; with an argument given, refresh the current line without clearing the screen Fetch the previous command from the history list, moving back in the list Fetch the next command from the history list, moving forward in the list Move to the first line in the history Move to the end of the input history Search backward starting at the current line and moving up through the history Freeze session Reactivate frozen session Delete character at point or exit CLI if at the beginning of the line Drag the character before point forward moving point forward as well; if point is at the end of the line, then this transposes the two characters before the point

181

NB1600 User Manual for NRSW version 4.6.0.105

Key Sequence ALT-t
CTRL-k CTRL-y

Action
Drag the word before point past the word after point, moving point over that word as well. If point is at the end of the line, this transposes the last two words on the line.
Delete the text from point to the end of the line
Yank the top of the deleted text into the buffer at point

Please note, that it can be required to apply quotes (") when entering commands with arguments containing whitespaces.

6.2. Print Help
The help command can be used to get the list of available commands when called without arguments, otherwise it will print the usage of the specified command.

> help Usage :
help [ <command >]
Available commands :
get set done update cert status scan send restart debug reset reboot shell help no-autologout history exit

Get config parameters Set config parameters Check done Update system facilities Manage keys and certificates Get status information Scan networks Send message , mail , techsupport or ussd Restart service Debug system Reset system to factory defaults Reboot system Run shell command Print help for command Turn off auto-logout Show command history Exit

6.3. Getting Config Parameters
The get command can be used to get configuration values.

> get -h Usage :
get [-hsvfc ] <parameter> [ <parameter > . . ]

Options : -s

generate sourceable output

182

NB1600 User Manual for NRSW version 4.6.0.105

-v

validate config parameter

-f

get factory default rather than current value

-c

show configuration sections

6.4. Setting Config Parameters
The set command can be used to set configuration values.

> set -h Usage :
set [-hv ] <parameter >=<value > [ < parameter >=<value > . . ]

Options : -v

validate config parameter

6.5. Checking Config Completed
The done command can be used to check if all modify scripts have completed after a config change.
> done -h Usage :
done [-h ]

6.6. Getting Status Information
The status command can be used to get various status information of the system.

> status -h Usage :
status [-hs ] <section>

Options : -s

generate sourceable output

Available sections :

summary info config system configuration license wwan wlan gnss eth lan wan openvpn

Short status summary System and config information Current configuration System information Configuration information License information WWAN module status WLAN module status GNSS ( GPS ) module status Ethernet interface status LAN interface status WAN interface status OpenVPN connection status

183

NB1600 User Manual for NRSW version 4.6.0.105

ipsec pptp gre dialin mobileip dio audio can uart ibis redundancy sms firewall qos neigh location

IPsec connection status PPTP connection status GRE connection status Dial-In connection status MobileIP status Digital IO status Audio module status CAN module status UART module status IBIS module status Redundancy status SMS status Firewall status QoS status Neighborhood status Current Location

6.7. Scanning Networks
The scan command can be used to scan for available WWAN and WLAN networks.

> scan -h Usage :
scan [-hs ] <interface>

Options : -s

generate sourceable output

6.8. Sending E-Mail or SMS
The send command can be used to send a message via E-Mail/SMS to the specified address or phone number.

> send -h Usage :
send [-h ] <type> <dest> <msg>

Options : <type> <dest> <msg>

type of message to be sent ( mail , sms , techsupport , ussd ) destination of message ( mail-address , phone-number or index ) message to be sent

6.9. Updating System Facilities
The update command can be used to perform various system updates.
> update -h Usage :
update [-hfrsn ] <software | config | license | sshkeys> <URL>

184

NB1600 User Manual for NRSW version 4.6.0.105

Options : -r -f -n -s

reboot after update force update don t reset missing config values with factory defaults show update status

Available update targets:

software firmware config license sshkeys

Perform software update Perform module firmware update Update configuration Update licenses Install SSH authorized keys

You may also run update software latest to install the latest version from our server.

6.10. Manage keys and certificates
The cert command can be used to manage keys and certificates.

> cert -h

Usage : cert [-h ] [-p phrase ] <operation> <cert> [ <url >]

Possible operations :

install create enroll erase view

install a certificate from specified URL create a certificate locally enroll a certificate via SCEP erase an installed certificate view an installed certificate

6.11. Restarting Services
The restart command can be used to restart system services.

> restart -h Usage :
restart [-h ] <service>

Available services :

configd dnsmasq dropbear firewall gpsd gre

Configuration daemon DNS / DHCP server SSH server Firewall and NAPT GPS daemon GRE connections

185

NB1600 User Manual for NRSW version 4.6.0.105

ipsec lighttpd link-manager network openvpn pptp qos smsd snmpd surveyor syslog telnet usbipd voiced vrrpd wlan wwan-manager

IPsec connections HTTP server WAN links Networking OpenVPN connections PPTP connections QoS daemon SMS daemon SNMP daemon Supervision daemon Syslog daemon Telnet server USB / IP daemon Voice daemon VRRP daemon WLAN interfaces WWAN manager

6.12. Debug System
The debug command can be used to obtain debug/log messages.
> debug -h Usage :
debug [-h ] <target>
Available debug targets :
configd event-manager home-agent led-manager link-manager mobile-node qmid qosd scripts sdkhost ser2net smsd surveyor swupdate system voiced watchdog wwan-manager wwanmd

6.13. Resetting System
The reset command can be used to reset the router back to factory defaults.

186

NB1600 User Manual for NRSW version 4.6.0.105

> reset -h Usage :
reset [-h ]

6.14. Rebooting System
The reboot command can be used to reboot the router.
> reboot -h Usage :
reboot [-h ]

6.15. Running Shell Commands
The shell command can be used to execute a system shell and run any arbitrary application or script.
> shell -h Usage :
shell [-h ] [ <cmd >]

6.16. Working with History
The history command will print the list of entered commands on a per-user basis.

> history -h Usage :
history [-c ]
It can be cleared by history -c.

6.17. CLI-PHP
CLI-PHP, the HTTP frontend to the CLI application, can be used to configure and control the router remotely. It is enabled in factory configuration, thus can be used for deployment purposes, but disabled as soon as the admin account has been set up. The service can later be turned on/off by setting the cliphp.status configuration parameter:

cliphp . status=0 cliphp . status=1

Service is disabled Service is enabled

This section describes the CLI-PHP interface for Version 2. It accepts POST and GET requests.

187

NB1600 User Manual for NRSW version 4.6.0.105

Attention The examples only show the usage of this interface for demonstration purpose. For productive environments it is recommended to use POST and HTTPS instead of GET and HTTP. Please be aware that your browser history will store GET requests including passwords and other sensitive information if you use GET requests to test this interface.

Running with GET requests, the general usage is defined as follows:

Usage : http ( s ) : / / cli . php?<key1 >=<value1 >&<key2 >=<value2 > . . < keyN >=<valueN >

Available keys :

output usr pwd command arg0 . . arg31

Output format ( html , plain ) Username to be used for authentication Password to be used for authentication Command to be executed Arguments passed to commands

Notes : The commands correspond to CLI commands as seen by cli -l , the arguments ( arg0 . . arg31 ) will be directly passed to cli .

Thus , an URL containing the following sequence :

command=get&arg0=admin . password&arg1=admin . debug

will lead to cli being called as :

cli get "admin.password" "admin.debug"

It supports whitespaces but please be aware that any special characters in the URL must be specified according to RFC1738 ( usually done by common clients such as wget , lynx , curl ) .

Response : The returned response will always contain a status line in the format :

with return values of OK if succeeded and ERROR if failed . Any output from the commands will be appended .

Examples : OK : status command successful ERROR : authentication failed

status - Display status information

188

NB1600 User Manual for NRSW version 4.6.0.105
Key usage : command=status [& arg0=<section >]
Notes : Available sections can be retrieved by running command=status&arg0=-h . Please note that the status summary can be displayed without authentication .
Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= status&arg0=-h http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= status&arg0=summary http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&command=status
get - Get configuration parameter
Key usage : command=get&arg0=<config-key >[& arg1=<config-key > . . ]
Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= get&arg0=config . version http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= get&arg0=openvpn . status&arg1=snmp . status&arg2=ipsec . status
set - Set configuration parameter
Key usage : command=set&arg0=<config-key>&arg1=<config-value >[& arg2=<config-key>&arg3=< config-value > . . ]
Notes : In contrast to the other commands , this command requires a set of tuples because of the reserved = char , i . e . [ arg0=key0 , arg1=val0 ] , [ arg2=key1 , arg3=val1 ] , [ arg4=key2 , arg5=val2 ] , etc
Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= set&arg0=snmp . status&arg1=1 http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= set&arg0=snmp . status&arg1=0&arg2=openvpn . status&arg3=1
restart - Restart a system service
Key usage :
189

NB1600 User Manual for NRSW version 4.6.0.105
command=restart&arg0=<service > Notes :
Available services can be retrieved by running command=restart&arg0=-h Examples :
http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= restart&arg0=-h http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= restart&arg0=link-manager
reboot - Trigger system reboot
Key usage : command=reboot
Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= reboot
reset - Run factory reset
Key usage : command=reset
Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= reset
update - Update system facilities
Key usage : command=update&arg0=<facility >&arg1=<URL>
Notes : Available facilities can be retrieved by running command=update&arg0=-h
Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= update&arg0=software&arg1=tftp : / / 1 9 2 . 1 6 8 . 1 . 2 5 4 / latest http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= update&arg0=config&arg1=tftp : / / 1 9 2 . 1 6 8 . 1 . 2 5 4 / user-config . zip http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= update&arg0=license&arg1=http : / / 1 9 2 . 1 6 8 . 1 . 2 5 4 / xxx . lic http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= update&arg0=firmware&arg1=wwan0&arg2=tftp : / / 1 9 2 . 1 6 8 . 1 . 2 5 4 / firmware
190

NB1600 User Manual for NRSW version 4.6.0.105
send - Send SMS
Key usage : command=send&arg0=sms&arg1=<number>&arg2=<text >
Notes : The phone number has to be specified in international format such as +123456789 including a leading plus sign ( which can be encoded with %2B ) . The SMS daemon must be properly configured prior to using that function . Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= send&arg0=sms&arg1=%2B123456789&arg2=test
send - Send E-Mail
Key usage : command=send&arg0=mail&arg1=<address>&arg2=<text >
Notes : The address has to be a valid E-Mail address such as abc@abc . com ( the at-sign can
be encoded with %40) . The E-Mail client must be properly configured prior to using that function . Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= send&arg0=mail&arg1=abc%40abc . com&arg2=test
send - Send TechSupport
Key usage : command=send&arg0=techsupport&arg1=stdout command=send&arg0=techsupport&arg1=<address>&arg2=<subject >
Notes : The address has to be a valid E-Mail address such as abc@abc . com ( the at-sign can
be encoded with %40) . The E-Mail client must be properly configured prior to using that function . In case of stdout , the downloaded techsupport file will be called download . Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=mime&usr=admin&pwd=admin01&command= send&arg0=techsupport&arg1=stdout http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= send&arg0=techsupport&arg1=abc%40abc . com&arg2=subject
191

NB1600 User Manual for NRSW version 4.6.0.105
send - Send USSD code Key usage :
command=send&arg0=ussd&arg1=<card>&arg2=<code > Notes : The argument card specifies the card module index ( e . g . 0 for wwan0 ) . The USSD code can consist of digits , plus signs , asterisks ( can be encoded with \%2A ) and dashes ( can be encoded with \%23) . Examples : http : / / 1 9 2 . 1 6 8 . 1 . 1 / cli . php?version=2&output=html&usr=admin&pwd=admin01&command= send&arg0=ussd&arg1=0&arg2=%2A100%23
192

NB1600 User Manual for NRSW version 4.6.0.105

A. Appendix
A.1. Abbrevations
Abbreviation ANY APN ASU CID
CID CLI
DHCP DNS ETHx FQDN GNSSx ICCID IMEI IMSI INx LAC LAC
LAI LAI
LANx
MCC MEID MNC Mobilex MOBILEIPx MSISDN MSS

Description Generally includes all options offered by the current section Access Point Name Arbitrary Strength Unit A Cell ID is a generally unique number used to identify each Base Transceiver Station (BTS). Cell-ID Command Line Interface, a generic interface to query the router or perform system tasks Dynamic Host Configuration Protocol Domain Name System Corresponds to Ethernet interfaces (either single or switched ones) Fully qualified domain name Specifies a Global Navigation Satellite System module Integrated Circuit Card Identifier International Mobile Station Equipment Identity International Mobile Subscriber Identity Specifies a digital I/O input port (DIx) Location Area Code The Location Area Code corresponds to an identifier of a set of base stations that are grouped together to optimize signaling Location Area Identification The Location Area Identity is a globally unique number that identifies the country, network provider and location area LAN interfaces which are generally based on Ethernet interfaces (including bridges) Mobile Country Code Mobile Equipment Identifier Mobile Network Code Identifies a WWAN modem Refers to a Mobile IP tunnel interface Mobile Subscriber Integrated Services Digital Network Number Maximum Segment Size

193

NB1600 User Manual for NRSW version 4.6.0.105

Abbreviation MTU NAPT OUTx PPTPx RSRP RSRQ SDK SERIALx SIMx SIM SMS SSID
STP TAPx TUNx USSD VPN VRRP WAN
WLANx
WWANx

Description Maximum Transmission Unit Network Address and Port Translation Specifies a digital I/O output port (DOx) Specifies a PPTP tunnel interface Referenz Signal Received Power Reference Signal Received Quality Script Development Kit which can be used to program applications Identifies a serial port Specifies the SIM slot as seen on the front panel Subscriber Identity Module Short Message Service Service Set Identifiers, can be used to define multiple WLAN networks on a module Spanning Tree Protocol Specifies an OpenVPN tunnel interface (based on TAP) Specifies an OpenVPN tunnel interface (based on TUN) Unstructured Supplementary Service Data Virtual Private Network Virtual Router Redundancy Protocol WAN links include all Wide Area Network interfaces which are currently activated in the system Refers to a Wireless LAN interface which will be represented as additional LAN interface when configured as access point Refers to a Wireless Wide Area Network (2G/3G/4G) connection

Table A.1.: Abbreviations

In general, internal interfaces are written lower-case and may have a different naming. Their index starts from zero, whereas interfaces seen by the user will be written in capital letters starting from one.

A.2. System Events

Ereignis

Beschreibung

101

wan-up

WAN-Verbindung aufgebaut

102

wan-down

WAN-Verbindung unterbrochen

201

dio-in1-on

DIO IN1 eingeschaltet

194

NB1600 User Manual for NRSW version 4.6.0.105

Ereignis

Beschreibung

202

dio-in1-off

DIO IN1 ausgeschaltet

203

dio-in2-on

DIO IN2 eingeschaltet

204

dio-in2-off

DIO IN2 ausgeschaltet

205

dio-out1-on

DIO OUT1 eingeschaltet

206

dio-out1-off

DIO OUT1 ausgeschaltet

207

dio-out2-on

DIO OUT2 eingeschaltet

208

dio-out2-off

DIO OUT2 ausgeschaltet

301

gps-up

GPS-Signal verfügbar

302

gps-down

GPS-Signal nicht verfügbar

401

openvpn-up

OpenVPN-Verbindung aufgebaut

402

openvpn-down

OpenVPN-Verbindung unterbrochen

403

ipsec-up

IPsec-Verbindung aufgebaut

404

ipsec-down

IPsec-Verbindung unterbrochen

406

pptp-up

PPTP-Verbindung aufgebaut

407

pptp-down

PPTP-Verbindung unterbrochen

408

dialin-up

Dial-In-Verbindung aufgebaut

409

dialin-down

Dial-In-Verbindung unterbrochen

410

mobileip-up

Mobile IP-Verbindung aufgebaut

411

mobileip-down

Mobile IP-Verbindung unterbrochen

412

gre-up

GRE-Verbindung aufgebaut

413

gre-down

GRE-Verbindung unterbrochen

501

system-login-failed

Anmeldung fehlgeschlagen

502

system-login-

Anmeldung erfolgtreich

succeeded

503

system-logout

Benutzer abgemeldet

504

system-rebooting

Systemneustart eingeleitet

505

system-startup

System gestartet

506

test

Testereignis

507

sdk-startup

SDK gestartet

508

system-time-updated Systemzeit aktualisiert

509

system-poweroff

Systemabschaltung ausgelöst

510

system-error

System befindet sich im Fehlerzustand

511

system-no-error

System hat Fehlerzustand verlassen

195

NB1600 User Manual for NRSW version 4.6.0.105

ID 601 602 603 604 701 702 801
802 901 902 903 904 905 906 1001 1002

Ereignis sms-sent sms-notsent sms-received sms-report-received call-incoming call-outgoing ddns-updatesucceeded ddns-update-failed usb-storage-added usb-storage-removed usb-eth-added usb-eth-removed usb-serial-added usb-serial-removed redundancy-master redundancy-backup

Beschreibung SMS gesendet SMS nicht gesendet SMS empfangen SMS-Bericht empfangen Eingehender Sprachanruf Abgehender Sprachanruf wird aufgebaut Aktualisierung des Dynamic DNS erfolgreich
Aktualisierung des Dynamic DNS fehlgeschlagen USB-Speichergerät hinzugefügt USB-Speichergerät entfernt USB-Ethernet-Gerät hinzugefügt USB-Ethernet-Gerät entfernt Serielles USB-Gerät hinzugefügt Serielles USB-Gerät entfernt Router ist jetzt der Master-Router Router ist jetzt der Backup-Router

Table A.2.: Systemereignisse

196

NB1600 User Manual for NRSW version 4.6.0.105
A.3. Factory Configuration
The factory configuration including default values for any configuration parameter can be derived from the file /etc/config/factory-config.cfg on the router. You may also call cli get -f <parameter> for obtaining a specific default value.
197

NB1600 User Manual for NRSW version 4.6.0.105

A.4. SNMP VENDOR MIB

-- **************************************************************************** -- NetModule AG VENDOR MIB ---- (c) COPYRIGHT 2022 by NetModule AG , Switzerland -- All rights reserved. ---- ****************************************************************************

NB -MIB DEFINITIONS ::= BEGIN

-- **************************************************************************** -- imports -- ****************************************************************************

IMPORTS

MODULE -IDENTITY , OBJECT -TYPE , NOTIFICATION -TYPE ,

Integer32 , Counter64 , enterprises

FROM SNMPv2 -SMI

TEXTUAL -CONVENTION , DisplayString ,

DateAndTime

FROM SNMPv2 -TC

MODULE -COMPLIANCE , OBJECT -GROUP ,

NOTIFICATION -GROUP

FROM SNMPv2 -CONF

URLString

FROM NETWORK -SERVICES -MIB;

-- **************************************************************************** -- module definition -- ****************************************************************************

nb MODULE -IDENTITY LAST -UPDATED "202206301200Z" ORGANIZATION "NetModule AG" CONTACT -INFO "NetModule AG , Switzerland" DESCRIPTION "MIB module which defines the NB router specific entities"

REVISION "202206301200Z" DESCRIPTION
"MIB for software release 4.6"

REVISION "202103031200Z" DESCRIPTION
"MIB for software release 4.5"

REVISION "202001130900Z" DESCRIPTION
"MIB for software release 4.4"

REVISION "201910151045Z" DESCRIPTION
"MIB for software release 4.4"

REVISION "201908051530Z" DESCRIPTION
"MIB for software release 4.3"

REVISION "201908041530Z" DESCRIPTION
"MIB for software release 4.2"

REVISION "201806261330Z" DESCRIPTION
"MIB for software release 4.1"

REVISION "201610181200Z" DESCRIPTION
"MIB for software release 4.0"

REVISION "201607121200Z" DESCRIPTION
"MIB for software release 4.0"

REVISION "201603021200Z" DESCRIPTION
"MIB for software release 3.9"

REVISION "201411241000Z" DESCRIPTION
"MIB for software release 3.8"

REVISION "201405091000Z" DESCRIPTION
"MIB for software release 3.7"

REVISION "201212191000Z" DESCRIPTION
"MIB for software release 3.6" ::= { netmodule 10 }

198

NB1600 User Manual for NRSW version 4.6.0.105

-- **************************************************************************** -- root anchor -- ****************************************************************************

netmodule OBJECT IDENTIFIER ::= { enterprises 31496 }

-- **************************************************************************** -- compliances and conformance -- ****************************************************************************

nbConformance OBJECT IDENTIFIER ::= { nb 2 }

nbCompliances OBJECT IDENTIFIER ::= { nbConformance 1 }

nbGroups

OBJECT IDENTIFIER ::= { nbConformance 2 }

nbCompliance MODULE -COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the nb MIB." MODULE -- this module MANDATORY -GROUPS { nbAdminGroup , nbWwanGroup , nbGnssGroup , nbWlanGroup , nbWlanStationGroup , nbWanGroup , nbDioGroup , nbSerialGroup , nbEventGroup }

::= { nbCompliances 1 }

-- **************************************************************************** -- table definitions -- ****************************************************************************

-- ::= { nb -- ::= { nb admin dio sdk traps

1 } this OID is obsolete 10 } this OID is obsolete
OBJECT IDENTIFIER ::= { nb 40 } OBJECT IDENTIFIER ::= { nb 53 } OBJECT IDENTIFIER ::= { nb 90 } OBJECT IDENTIFIER ::= { nb 100 }

-- **************************************************************************** -- Textual -Conventions -- ****************************************************************************

FloatSyntax ::= TEXTUAL -CONVENTION

DISPLAY -HINT "d-1"

STATUS

current

DESCRIPTION "Fixed point , one decimal"

SYNTAX

Integer32

-- **************************************************************************** -- nb groups -- ****************************************************************************

nbAdminGroup OBJECT -GROUP OBJECTS { swVersion , kernelVersion , serialNumber , configDesc , configHash , softwareHash , systemStatus , systemError , systemDate , deviceRestart , updateOperation , switchOperation , softwareActivationDate , configActivationDate , softwareActivatedDate , configUpdate , configUpdateStatus , configUpdateError , configUpdated , configUpdateMode , softwareUpdate , softwareUpdateStatus , softwareUpdateError , softwareUpdated , altConfigDesc , altConfigHash , altConfigUpdated , altSoftwareVersion , altSoftwareHash , altSoftwareUpdated , syslogUpload , syslogUploadStatus , configUpload , configUploadStatus , systemTemperature , systemStatisticsReset }

199

NB1600 User Manual for NRSW version 4.6.0.105

STATUS current DESCRIPTION
"A group of system objects for basic adminstration." ::= { nbGroups 1 }

nbWwanGroup OBJECT -GROUP OBJECTS { wwanModemName , wwanModemType , wwanServiceType , wwanRegistrationState , wwanSignalStrength , wwanNetworkName , wwanLocalAreaIdentification , wwanLocalAreaCode , wwanCellId , wwanTemperature , wwanIccid , wwanRSRP , wwanRSRQ , wwanSINR , wwanRSCP , wwanECIO , wwanSignalLevel , wwanSignalQuality } STATUS current DESCRIPTION "A group of WWAN objects for WWAN ::= { nbGroups 2 }

statistics."

nbGnssGroup OBJECT -GROUP OBJECTS { gnssName ,
gnssSystem , gnssLat , gnssLon , gnssAlt , gnssNumSat , gnssNumSatUsed , gnssHorizontalSpeed , gnssVerticalSpeed , gnssTrackAngle } STATUS current DESCRIPTION "A group of GNSS objects for GNSS statistics." ::= { nbGroups 3 }

nbWlanGroup OBJECT -GROUP OBJECTS { wlanModuleName ,
wlanModuleType , wlanNumClients , wlanModuleChannel , wlanModuleFrequency , wlanSignalStrength } STATUS current DESCRIPTION "A group of WLAN objects for WLAN statistics." ::= { nbGroups 4 }

nbWlanStationGroup OBJECT -GROUP OBJECTS { wlanStationInterface ,
wlanStationMac , wlanStationSignalStrength , wlanStationBitrate , wlanStationRxBytes , wlanStationTxBytes , wlanStationInactive } STATUS current DESCRIPTION "A group of WLAN station objects for WLAN stations statistics." ::= { nbGroups 5 }

nbWanGroup OBJECT -GROUP OBJECTS { nbHotLink ,
wanLinkName , wanLinkState , wanLinkSince , wanLinkType , wanLinkInterface , wanLinkAddress , wanLinkGateway , wanLinkNetmask , wanDialAttempts , wanDialSuccess , wanDialFailures , wanDataDownloaded , wanDataUploaded , wanDownloadRate , wanUploadRate , wanDataDownloadedRoaming , wanDataUploadedRoaming } STATUS current DESCRIPTION "A group of WAN objects for WAN statistics." ::= { nbGroups 6 }

nbDioGroup OBJECT -GROUP

200

NB1600 User Manual for NRSW version 4.6.0.105

OBJECTS { dioStatusIn1 , dioStatusIn2 , dioStatusOut1 , dioStatusOut2 , dioSetOUT1 , dioSetOUT2 }
STATUS current DESCRIPTION
"A group of DIO objects for DIO statistics and management." ::= { nbGroups 7 }

nbSerialGroup OBJECT -GROUP OBJECTS { serialName ,
serialState , serialRxBytes , serialTxBytes , serialFrameErrors , serialOverrunErrors , serialParityErrors , serialBrkErrors , serialBufferOverrunErrors } STATUS current DESCRIPTION "A group of serial objects for ::= { nbGroups 8 }

serial

statistics."

nbEventGroup NOTIFICATION -GROUP NOTIFICATIONS { sdk -trap ,
wan -up , wan -down , dio -in1 -on , dio -in1 -off , dio -in2 -on , dio -in2 -off , dio -out1 -on , dio -out1 -off , dio -out2 -on , dio -out2 -off , gps -up , gps -down , openvpn -up , openvpn -down , ipsec -up , ipsec -down , pptp -up , pptp -down , dialin -up , dialin -down , mobileip -up , mobileip -down , gre -up , gre -down , l2tp -up , l2tp -down , system -login -failed , system -login -succeeded , system -logout , system -rebooting , system -startup , test , sdk -startup , system -time -updated , system -poweroff , system -error , system -no -error , sms -sent , sms -notsent , sms -received , sms -report -received , call -incoming , call -outgoing , ddns -update -succeeded , ddns -update -failed , usb -storage -added , usb -storage -removed , usb -eth -added , usb -eth -removed , usb -serial -added , usb -serial -removed , redundancy -master , redundancy -backup , poe -off , poe -on} STATUS current DESCRIPTION "A group of event notification objects for event statistics." ::= { nbGroups 9 }

-- **************************************************************************** -- nbAdminTable -- ****************************************************************************

swVersion OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

201

NB1600 User Manual for NRSW version 4.6.0.105

STATUS

current

DESCRIPTION

"The currently installed system software version"

::= { admin 1 }

kernelVersion OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The currently installed kernel version"

::= { admin 2 }

serialNumber OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The serial number of the device"

::= { admin 3 }

configDesc OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The description of the current configuration"

::= { admin 4 }

configHash OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The hash of the current configuration"

::= { admin 5 }

softwareHash OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The hash of the current software"

::= { admin 6 }

systemStatus OBJECT -TYPE

SYNTAX INTEGER {

ok (1),

degraded (2),

outoforder (3)

}

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The global system status"

::= { admin 7 }

systemError OBJECT -TYPE

SYNTAX DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"A comma -separated list of services which are in error state"

::= { admin 8 }

systemDate OBJECT -TYPE

SYNTAX

DateAndTime

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current local date and time of day."

::= { admin 9 }

deviceRestart OBJECT -TYPE SYNTAX INTEGER { restart (1) } MAX -ACCESS read -write STATUS current DESCRIPTION "Force a device restart" ::= { admin 10 }

-- Update --

updateOperation OBJECT -TYPE SYNTAX INTEGER { update (0), store (1) } MAX -ACCESS read -write STATUS current DESCRIPTION "The desired operation for configuration or software updates" ::= { admin 11 }

202

NB1600 User Manual for NRSW version 4.6.0.105

switchOperation OBJECT -TYPE SYNTAX INTEGER { software (0), config (1) } MAX -ACCESS read -write STATUS current DESCRIPTION "The operation trigger to switch to alternative software or configuration" ::= { admin 12 }

softwareActivationDate OBJECT -TYPE

SYNTAX

DateAndTime

MAX -ACCESS read -write

STATUS current

DESCRIPTION

"The date and time when the alternative software shall be activated"

::= { admin 13 }

configActivationDate OBJECT -TYPE

SYNTAX

DateAndTime

MAX -ACCESS read -write

STATUS current

DESCRIPTION

"The date and time when the alternative configuration shall be activated"

::= { admin 14 }

softwareActivatedDate OBJECT -TYPE

SYNTAX

DateAndTime

MAX -ACCESS read -write

STATUS current

DESCRIPTION

"The Date and Time when the current running software was booted the first time"

::= { admin 15 }

-- Configuration Update --

configUpdate OBJECT -TYPE SYNTAX URLString MAX -ACCESS read -write STATUS current DESCRIPTION "Update the system configuration from the specified URL , the URL must be preceded by a valid prefix (e.g. tftp://, sftp://, ftp://, https:// or http://) and either point to the update package or to a server directory which contains a file named <serial -number >.zip" ::= { admin 20 }

configUpdateStatus OBJECT -TYPE SYNTAX INTEGER { stored (0), succeeded (1), failed (2), inprogress (3), notstarted (4) } MAX -ACCESS read -only STATUS current DESCRIPTION "The status of the last configuration update cycle" ::= { admin 21 }

configUpdateError OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS current

DESCRIPTION

"The error code of the last configuration update"

::= { admin 22 }

configUpdated OBJECT -TYPE

SYNTAX

DateAndTime

MAX -ACCESS read -only

STATUS current

DESCRIPTION

"The date of the last configuration update"

::= { admin 23 }

configUpdateMode OBJECT -TYPE SYNTAX INTEGER { full (0), partial (1) } MAX -ACCESS read -write STATUS current DESCRIPTION "The desired system configuration update mode (full or partial)" ::= { admin 24 }

-- Software Update --

softwareUpdate OBJECT -TYPE SYNTAX URLString MAX -ACCESS read -write

203

NB1600 User Manual for NRSW version 4.6.0.105

STATUS current DESCRIPTION
"Update the system software from the specified URL , the URL must be preceded by a valid prefix (e.g. tftp://, sftp://, ftp://, https:// or http://) and point to the to be installed image"
::= { admin 25 }

softwareUpdateStatus OBJECT -TYPE SYNTAX INTEGER { stored (0), succeeded (1), failed (2), inprogress (3), notstarted (4) } MAX -ACCESS read -only STATUS current DESCRIPTION "The status of the last software update cycle" ::= { admin 26 }

softwareUpdateError OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS current

DESCRIPTION

"The error code of the last software update"

::= { admin 27 }

softwareUpdated OBJECT -TYPE

SYNTAX

DateAndTime

MAX -ACCESS read -only

STATUS current

DESCRIPTION

"The date of the last software update"

::= { admin 28 }

-- Alternative Configuration --

altConfigDesc OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS current

DESCRIPTION

"The description of the alternative configuration"

::= { admin 30 }

altConfigHash OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS current

DESCRIPTION

"The hash of the alternative configuration"

::= { admin 31 }

altConfigUpdated OBJECT -TYPE

SYNTAX

DateAndTime

MAX -ACCESS read -only

STATUS current

DESCRIPTION

"The date of the last alternative configuration update"

::= { admin 32 }

-- Alternative Software --

altSoftwareVersion OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS current

DESCRIPTION

"The version of the alternative software"

::= { admin 35 }

altSoftwareHash OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS current

DESCRIPTION

"The hash of the alternative software"

::= { admin 36 }

altSoftwareUpdated OBJECT -TYPE

SYNTAX

DateAndTime

MAX -ACCESS read -only

STATUS current

DESCRIPTION

"The date of the last alternative software update"

::= { admin 37 }

-- Upload Syslog --

syslogUpload OBJECT -TYPE SYNTAX URLString MAX -ACCESS read -write STATUS current

204

NB1600 User Manual for NRSW version 4.6.0.105

DESCRIPTION "Upload the current system logs to the specified URL , the URL must be preceded by a valid prefix (e.g. tftp://, sftp://, ftp://, https:// or http://) and point to the path where the system log shall be stored."
::= { admin 40 }

syslogUploadStatus OBJECT -TYPE SYNTAX INTEGER { succeeded (1), failed (2), inprogress (3), notstarted (4) } MAX -ACCESS read -only STATUS current DESCRIPTION "The status of the last syslog upload cycle" ::= { admin 41 }

-- Upload Config --

configUpload OBJECT -TYPE SYNTAX URLString MAX -ACCESS read -write STATUS current DESCRIPTION "Upload the current configuration to the specified URL , the URL must be preceded by a valid prefix (e.g. tftp://, sftp://, ftp://, https:// or http://) and point to the path where the config shall be stored." ::= { admin 42 }

configUploadStatus OBJECT -TYPE SYNTAX INTEGER { succeeded (1), failed (2), inprogress (3), notstarted (4) } MAX -ACCESS read -only STATUS current DESCRIPTION "The status of the last config upload cycle" ::= { admin 43 }

-- Further System Paramters --

systemTemperature OBJECT -TYPE

SYNTAX

FloatSyntax

UNITS

"Celsius"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current temperature of the System"

::= { admin 50 }

systemStatisticsReset OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -write

STATUS

current

DESCRIPTION

"Reset statistics for the given wanlink"

::= { admin 60 }

-- **************************************************************************** -- nbWwanTable -- ****************************************************************************

nbWwanTable OBJECT -TYPE

SYNTAX

SEQUENCE OF NBWwanEntry

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION "The table describing any WWAN modems and their current settings"

::= { nb 50 }

nbWwanEntry OBJECT -TYPE

SYNTAX

NBWwanEntry

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION "An entry describing a WWAN modem and its current settings"

INDEX

{ wwanModemIndex }

::= { nbWwanTable 1 }

NBWwanEntry ::= SEQUENCE { wwanModemIndex Integer32 , wwanModemName DisplayString , wwanModemType DisplayString , wwanServiceType DisplayString , wwanRegistrationState DisplayString , wwanSignalStrength Integer32 , wwanNetworkName DisplayString , wwanLocalAreaIdentification DisplayString , wwanLocalAreaCode DisplayString , wwanCellId DisplayString , wwanTemperature DisplayString , wwanIccid DisplayString ,

205

NB1600 User Manual for NRSW version 4.6.0.105

wwanRSRP DisplayString , wwanRSRQ DisplayString , wwanSINR DisplayString , wwanRSCP DisplayString , wwanECIO DisplayString , wwanSignalLevel Integer32 , wwanSignalQuality DisplayString }

wwanModemIndex OBJECT -TYPE

SYNTAX

Integer32 (0..254)

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"WWAN modem index"

::= { nbWwanEntry 1 }

wwanModemName OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WWAN modem name"

::= { nbWwanEntry 2 }

wwanModemType OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WWAN modem type"

::= { nbWwanEntry 3 }

wwanServiceType OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current service type of the WWAN modem"

::= { nbWwanEntry 4 }

wwanRegistrationState OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current registration state of the WWAN modem"

::= { nbWwanEntry 5 }

wwanSignalStrength OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current signal strength of the WWAN modem (-999 means unknown)"

::= { nbWwanEntry 6 }

wwanNetworkName OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The network name to which the WWAN modem is currently registered"

::= { nbWwanEntry 7 }

wwanLocalAreaIdentification OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The Local Area Identification (LAI) to which the WWAN modem is currently registered"

::= { nbWwanEntry 8 }

wwanLocalAreaCode OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The Local Area Code (LAC) to which the WWAN modem is currently registered"

::= { nbWwanEntry 9 }

wwanCellId OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The Cell ID (CID) to which the WWAN modem is currently registered"

::= { nbWwanEntry 10 }

wwanTemperature OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current temperature of the WWAN modem"

206

NB1600 User Manual for NRSW version 4.6.0.105

::= { nbWwanEntry 11 }

wwanIccid OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The Integrated Circuit Card Identifier (ICCID) of the SIM connected to the WWAN modem"

::= { nbWwanEntry 12 }

wwanRSRP OBJECT -TYPE

SYNTAX

DisplayString

UNITS

"dBm"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION "The current Reference Signal Received Power (LTE) of the WWAN modem"

::= { nbWwanEntry 13 }

wwanRSRQ OBJECT -TYPE

SYNTAX

DisplayString

UNITS

"dB"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION "The current Reference Signal Received Quality (LTE) of the WWAN modem"

::= { nbWwanEntry 14 }

wwanSINR OBJECT -TYPE

SYNTAX

DisplayString

UNITS

"dB"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION "The current Signal to interference plus noise ratio (LTE) of the WWAN modem"

::= { nbWwanEntry 15 }

wwanRSCP OBJECT -TYPE

SYNTAX

DisplayString

UNITS

"dBm"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION "The current Received Signal Code Power (UMTS) of the WWAN modem"

::= { nbWwanEntry 16 }

wwanECIO OBJECT -TYPE

SYNTAX

DisplayString

UNITS

"dB"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION "The current ratio of Received power of the carrier to the all over Noise (UMTS) of the WWAN modem"

::= { nbWwanEntry 17 }

wwanSignalLevel OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION "The current signal level of the WWAN modem"

::= { nbWwanEntry 18 }

wwanSignalQuality OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION "The current signal quality of the WWAN modem"

::= { nbWwanEntry 19 }

-- **************************************************************************** -- nbGnssTable -- ****************************************************************************

nbGnssTable OBJECT -TYPE

SYNTAX

SEQUENCE OF NBGnssEntry

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"The table describing any GNSS devices and their current settings"

::= { nb 51 }

nbGnssEntry OBJECT -TYPE

SYNTAX

NBGnssEntry

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"An entry describing a GNSS device and its current settings"

INDEX

{ gnssIndex }

::= { nbGnssTable 1 }

NBGnssEntry ::= SEQUENCE { gnssIndex Integer32 , gnssName DisplayString , gnssSystem DisplayString , gnssLat DisplayString , gnssLon DisplayString , gnssAlt DisplayString , gnssNumSat Integer32 , gnssNumSatUsed Integer32 , gnssHorizontalSpeed DisplayString ,

207

NB1600 User Manual for NRSW version 4.6.0.105

gnssVerticalSpeed DisplayString , gnssTrackAngle DisplayString }

gnssIndex OBJECT -TYPE

SYNTAX

Integer32 (0..254)

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"GNSS device index"

::= { nbGnssEntry 1 }

gnssName OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"GNSS device name"

::= { nbGnssEntry 2 }

gnssSystem OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"GNSS system used by the device"

::= { nbGnssEntry 3 }

gnssLat OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current latitude value received by the GNSS device"

::= { nbGnssEntry 4 }

gnssLon OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current longitude value received by the GNSS device"

::= { nbGnssEntry 5 }

gnssAlt OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current altitude value received by the GNSS device"

::= { nbGnssEntry 6 }

gnssNumSat OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current number of satellites in view for the GNSS device"

::= { nbGnssEntry 7 }

gnssNumSatUsed OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current number of used satellites for the GNSS device"

::= { nbGnssEntry 8 }

gnssHorizontalSpeed OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current horizontal speed over the ground value in meter per second received by the GNSS device"

::= { nbGnssEntry 9 }

gnssVerticalSpeed OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current vertical speed value in meter per second received by the GNSS device"

::= { nbGnssEntry 10 }

gnssTrackAngle OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current track angle value in degrees received by the GNSS device"

::= { nbGnssEntry 11 }

-- **************************************************************************** -- nbWlanTable

208

NB1600 User Manual for NRSW version 4.6.0.105

-- ****************************************************************************

nbWlanTable OBJECT -TYPE

SYNTAX

SEQUENCE OF NBWlanEntry

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"A table describing any WLAN modems and their current settings."

::= { nb 60 }

nbWlanEntry OBJECT -TYPE

SYNTAX

NBWlanEntry

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"An entry describing a WLAN modem and its current settings."

INDEX

{ wlanModuleIndex }

::= { nbWlanTable 1 }

NBWlanEntry ::= SEQUENCE { wlanModuleIndex Integer32 , wlanModuleName DisplayString , wlanModuleType DisplayString , wlanNumClients Integer32 , wlanModuleChannel Integer32 , wlanModuleFrequency Integer32 , wlanSignalStrength Integer32
}

wlanModuleIndex OBJECT -TYPE

SYNTAX

Integer32 (0..254)

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"WLAN module index"

::= { nbWlanEntry 1 }

wlanModuleName OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WLAN module name"

::= { nbWlanEntry 2 }

wlanModuleType OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WLAN module type"

::= { nbWlanEntry 3 }

wlanNumClients OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"Current number of clients connected to the WLAN module in access -point mode"

::= { nbWlanEntry 4 }

wlanModuleChannel OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"Current channel of the WLAN module"

::= { nbWlanEntry 5 }

wlanModuleFrequency OBJECT -TYPE

SYNTAX

Integer32

UNITS

"MHz"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"Current frequency of the WLAN module"

::= { nbWlanEntry 6 }

wlanSignalStrength OBJECT -TYPE

SYNTAX

Integer32

UNITS

"dBm"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"Current signal strength of the WLAN module in client mode"

::= { nbWlanEntry 7 }

-- **************************************************************************** -- nbWlanStationTable -- ****************************************************************************

nbWlanStationTable OBJECT -TYPE

SYNTAX

SEQUENCE OF NBWlanStationEntry

MAX -ACCESS not -accessible

STATUS

current

209

NB1600 User Manual for NRSW version 4.6.0.105

DESCRIPTION "A table shows current connected clients "
::= { nb 61 }

nbWlanStationEntry OBJECT -TYPE

SYNTAX

NBWlanStationEntry

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"An entry descibes one connected client"

INDEX

{ wlanStationIndex }

::= { nbWlanStationTable 1 }

NBWlanStationEntry ::= SEQUENCE { wlanStationIndex Integer32 , wlanStationInterface DisplayString , wlanStationMac DisplayString , wlanStationSignalStrength Integer32 , wlanStationBitrate Integer32 , wlanStationRxBytes Counter64 , wlanStationTxBytes Counter64 , wlanStationInactive Integer32
}

wlanStationIndex OBJECT -TYPE

SYNTAX

Integer32 (0..254)

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"WLAN station index"

::= { nbWlanStationEntry 1 }

wlanStationInterface OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The WLAN interface name"

::= { nbWlanStationEntry 2 }

wlanStationMac OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The MAC address of a connected station"

::= { nbWlanStationEntry 3 }

wlanStationSignalStrength OBJECT -TYPE

SYNTAX

Integer32

UNITS

"dBm"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The signal strength of a connected station"

::= { nbWlanStationEntry 4 }

wlanStationBitrate OBJECT -TYPE

SYNTAX

Integer32

UNITS

"Mbit/s"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The bitrate of a connected station"

::= { nbWlanStationEntry 5 }

wlanStationRxBytes OBJECT -TYPE

SYNTAX

Counter64

UNITS

"bytes"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The number of received bytes of a connected station"

::= { nbWlanStationEntry 6 }

wlanStationTxBytes OBJECT -TYPE

SYNTAX

Counter64

UNITS

"bytes"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The number of transmitted bytes of a connected station"

::= { nbWlanStationEntry 7 }

wlanStationInactive OBJECT -TYPE

SYNTAX

Integer32

UNITS

"ms"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The inactivity time of a connected station"

::= { nbWlanStationEntry 8 }

-- ****************************************************************************

210

NB1600 User Manual for NRSW version 4.6.0.105

-- nbWanTable -- ****************************************************************************

nbHotLink OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS current

DESCRIPTION

"The active WAN link"

::= { nb 70 }

nbWanTable OBJECT -TYPE

SYNTAX

SEQUENCE OF NBWanEntry

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION "The table describing any WAN link and their current status"

::= { nb 71 }

nbWanEntry OBJECT -TYPE

SYNTAX

NBWanEntry

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION "An entry describing a WAN link and its current status"

INDEX

{ wanLinkIndex }

::= { nbWanTable 1 }

NBWanEntry ::= SEQUENCE { wanLinkIndex Integer32 , wanLinkName DisplayString , wanLinkState DisplayString , wanLinkSince DisplayString , wanLinkType DisplayString , wanLinkInterface DisplayString , wanLinkAddress DisplayString , wanLinkGateway DisplayString , wanLinkNetmask DisplayString , wanDialAttempts Integer32 , wanDialSuccess Integer32 , wanDialFailures Integer32 , wanDataDownloaded Counter64 , wanDataUploaded Counter64 , wanDownloadRate Integer32 , wanUploadRate Integer32 , wanDataDownloadedRoaming Counter64 , wanDataUploadedRoaming Counter64
}

wanLinkIndex OBJECT -TYPE

SYNTAX

Integer32 (0..254)

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"WAN link index"

::= { nbWanEntry 1 }

wanLinkName OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link name"

::= { nbWanEntry 2 }

wanLinkState OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link state"

::= { nbWanEntry 3 }

wanLinkSince OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link since up"

::= { nbWanEntry 4 }

wanLinkType OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link type"

::= { nbWanEntry 5 }

wanLinkInterface OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link interface"

::= { nbWanEntry 6 }

211

NB1600 User Manual for NRSW version 4.6.0.105

wanLinkAddress OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link address"

::= { nbWanEntry 7 }

wanLinkGateway OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link gateway"

::= { nbWanEntry 8 }

wanLinkNetmask OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link netmask"

::= { nbWanEntry 9 }

wanDialAttempts OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link dial attempts"

::= { nbWanEntry 10 }

wanDialSuccess OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link dial success"

::= { nbWanEntry 11 }

wanDialFailures OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link dial failures"

::= { nbWanEntry 12 }

wanDataDownloaded OBJECT -TYPE

SYNTAX

Counter64

UNITS

"bytes"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link data downloaded"

::= { nbWanEntry 13 }

wanDataUploaded OBJECT -TYPE

SYNTAX

Counter64

UNITS

"bytes"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link data uploaded"

::= { nbWanEntry 14 }

wanDownloadRate OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link download rate"

::= { nbWanEntry 15 }

wanUploadRate OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link upload rate"

::= { nbWanEntry 16 }

wanDataDownloadedRoaming OBJECT -TYPE

SYNTAX

Counter64

UNITS

"bytes"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link data downloaded during roaming"

::= { nbWanEntry 17 }

212

NB1600 User Manual for NRSW version 4.6.0.105

wanDataUploadedRoaming OBJECT -TYPE

SYNTAX

Counter64

UNITS

"bytes"

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"WAN link data uploaded during roaming"

::= { nbWanEntry 18 }

-- **************************************************************************** -- nbDioTable -- ****************************************************************************

dioStatusIn1 OBJECT -TYPE SYNTAX INTEGER { off (0), on (1) } MAX -ACCESS read -only STATUS current DESCRIPTION "The current value of digital I/O port IN1" ::= { dio 1 }

dioStatusIn2 OBJECT -TYPE SYNTAX INTEGER { off (0), on (1) } MAX -ACCESS read -only STATUS current DESCRIPTION "The current value of digital I/O port IN2" ::= { dio 2 }

dioStatusOut1 OBJECT -TYPE SYNTAX INTEGER { off (0), on (1) } MAX -ACCESS read -only STATUS current DESCRIPTION "The current value of digital I/O port OUT1" ::= { dio 3 }

dioStatusOut2 OBJECT -TYPE SYNTAX INTEGER { off (0), on (1) } MAX -ACCESS read -only STATUS current DESCRIPTION "The current value of digital I/O port OUT2" ::= { dio 4 }

dioSetOUT1 OBJECT -TYPE SYNTAX INTEGER { off (0), on (1) } MAX -ACCESS read -write STATUS current DESCRIPTION "The update value for digital I/O port OUT1" ::= { dio 10 }

dioSetOUT2 OBJECT -TYPE SYNTAX INTEGER { off (0), on (1) } MAX -ACCESS read -write STATUS current DESCRIPTION "The update value for digital I/O port OUT2" ::= { dio 11 }

-- **************************************************************************** -- nbSerialTable -- ****************************************************************************

nbSerialTable OBJECT -TYPE

SYNTAX

SEQUENCE OF NBSerialEntry

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"The table describing any serial ports and their current statistics"

::= { nb 54 }

nbSerialEntry OBJECT -TYPE

SYNTAX

NBSerialEntry

213

NB1600 User Manual for NRSW version 4.6.0.105

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"An entry describing a serial port and its current statistics"

INDEX

{ serialIndex }

::= { nbSerialTable 1 }

NBSerialEntry ::= SEQUENCE { serialIndex Integer32 , serialName DisplayString , serialState Integer32 , serialRxBytes Integer32 , serialTxBytes Integer32 , serialFrameErrors Integer32 , serialOverrunErrors Integer32 , serialParityErrors Integer32 , serialBrkErrors Integer32 , serialBufferOverrunErrors Integer32
}

serialIndex OBJECT -TYPE

SYNTAX

Integer32 (0..254)

MAX -ACCESS not -accessible

STATUS

current

DESCRIPTION

"Serial port index"

::= { nbSerialEntry 1 }

serialName OBJECT -TYPE

SYNTAX

DisplayString

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"Serial port name"

::= { nbSerialEntry 2 }

serialState OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The current state of the serial port"

::= { nbSerialEntry 3 }

serialRxBytes OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The number of bytes received on the serial port"

::= { nbSerialEntry 4 }

serialTxBytes OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The number of bytes transmitted on the serial port"

::= { nbSerialEntry 5 }

serialFrameErrors OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The number of frame errors on the serial port"

::= { nbSerialEntry 6 }

serialOverrunErrors OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The number of overrun errors on the serial port"

::= { nbSerialEntry 7 }

serialParityErrors OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The number of parity errors on the serial port"

::= { nbSerialEntry 8 }

serialBrkErrors OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

STATUS

current

DESCRIPTION

"The number of BRK errors on the serial port"

::= { nbSerialEntry 9 }

serialBufferOverrunErrors OBJECT -TYPE

SYNTAX

Integer32

MAX -ACCESS read -only

214

NB1600 User Manual for NRSW version 4.6.0.105

STATUS

current

DESCRIPTION

"The number of buffer overrun errors on the serial port"

::= { nbSerialEntry 10 }

-- **************************************************************************** -- nbTrapHistoryTable -- ****************************************************************************

-- ::= { nb 80 } this OID is obsolete

-- **************************************************************************** -- trap objects -- ****************************************************************************

events

OBJECT IDENTIFIER ::= { traps 0 }

sdk -trap NOTIFICATION -TYPE STATUS current DESCRIPTION "SDK trap" ::= { events 1 }

wan -up NOTIFICATION -TYPE STATUS current DESCRIPTION "WAN link came up" ::= { events 101 }

wan -down NOTIFICATION -TYPE STATUS current DESCRIPTION "WAN link went down" ::= { events 102 }

dio -in1 -on NOTIFICATION -TYPE STATUS current DESCRIPTION "DIO IN1 turned on" ::= { events 201 }

dio -in1 -off NOTIFICATION -TYPE STATUS current DESCRIPTION "DIO IN1 turned off" ::= { events 202 }

dio -in2 -on NOTIFICATION -TYPE STATUS current DESCRIPTION "DIO IN2 turned on" ::= { events 203 }

dio -in2 -off NOTIFICATION -TYPE STATUS current DESCRIPTION "DIO IN2 turned off" ::= { events 204 }

dio -out1 -on NOTIFICATION -TYPE STATUS current DESCRIPTION "DIO OUT1 turned on" ::= { events 205 }

dio -out1 -off NOTIFICATION -TYPE STATUS current DESCRIPTION "DIO OUT1 turned off" ::= { events 206 }

dio -out2 -on NOTIFICATION -TYPE STATUS current DESCRIPTION "DIO OUT2 turned on" ::= { events 207 }

dio -out2 -off NOTIFICATION -TYPE STATUS current DESCRIPTION "DIO OUT2 turned off" ::= { events 208 }

gps -up NOTIFICATION -TYPE STATUS current DESCRIPTION "GPS signal is available" ::= { events 301 }

gps -down NOTIFICATION -TYPE STATUS current DESCRIPTION "GPS signal is not available" ::= { events 302 }

openvpn -up NOTIFICATION -TYPE STATUS current DESCRIPTION "OpenVPN connection came up" ::= { events 401 }

openvpn -down NOTIFICATION -TYPE STATUS current DESCRIPTION "OpenVPN connection went down" ::= { events 402 }

ipsec -up NOTIFICATION -TYPE STATUS current

215

NB1600 User Manual for NRSW version 4.6.0.105

DESCRIPTION "IPsec connection came up" ::= { events 403 }
ipsec -down NOTIFICATION -TYPE STATUS current DESCRIPTION "IPsec connection went down" ::= { events 404 }
pptp -up NOTIFICATION -TYPE STATUS current DESCRIPTION "PPTP connection came up" ::= { events 406 }
pptp -down NOTIFICATION -TYPE STATUS current DESCRIPTION "PPTP connection went down" ::= { events 407 }
dialin -up NOTIFICATION -TYPE STATUS current DESCRIPTION "Dial -In connection came up" ::= { events 408 }
dialin -down NOTIFICATION -TYPE STATUS current DESCRIPTION "Dial -In connection went down" ::= { events 409 }
mobileip -up NOTIFICATION -TYPE STATUS current DESCRIPTION "Mobile IP connection came up" ::= { events 410 }
mobileip -down NOTIFICATION -TYPE STATUS current DESCRIPTION "Mobile IP connection went down" ::= { events 411 }
gre -up NOTIFICATION -TYPE STATUS current DESCRIPTION "GRE connection came up" ::= { events 412 }
gre -down NOTIFICATION -TYPE STATUS current DESCRIPTION "GRE connection went down" ::= { events 413 }
l2tp -up NOTIFICATION -TYPE STATUS current DESCRIPTION "L2TP connection came up" ::= { events 414 }
l2tp -down NOTIFICATION -TYPE STATUS current DESCRIPTION "L2TP connection went down" ::= { events 415 }
system -login -failed NOTIFICATION -TYPE STATUS current DESCRIPTION "User login failed" ::= { events 501 }
system -login -succeeded NOTIFICATION -TYPE STATUS current DESCRIPTION "User login succeeded" ::= { events 502 }
system -logout NOTIFICATION -TYPE STATUS current DESCRIPTION "User logged out" ::= { events 503 }
system -rebooting NOTIFICATION -TYPE STATUS current DESCRIPTION "System reboot has been triggered" ::= { events 504 }
system -startup NOTIFICATION -TYPE STATUS current DESCRIPTION "System has been started" ::= { events 505 }
test NOTIFICATION -TYPE STATUS current DESCRIPTION "test event" ::= { events 506 }
sdk -startup NOTIFICATION -TYPE STATUS current DESCRIPTION "SDK has been started" ::= { events 507 }
system -time -updated NOTIFICATION -TYPE STATUS current

216

NB1600 User Manual for NRSW version 4.6.0.105
DESCRIPTION "System time has been updated" ::= { events 508 }
system -poweroff NOTIFICATION -TYPE STATUS current DESCRIPTION "System poweroff has been triggered" ::= { events 509 }
system -error NOTIFICATION -TYPE STATUS current DESCRIPTION "System is in error state" ::= { events 510 }
system -no -error NOTIFICATION -TYPE STATUS current DESCRIPTION "System left error state" ::= { events 511 }
sms -sent NOTIFICATION -TYPE STATUS current DESCRIPTION "SMS has been sent" ::= { events 601 }
sms -notsent NOTIFICATION -TYPE STATUS current DESCRIPTION "SMS has not been sent" ::= { events 602 }
sms -received NOTIFICATION -TYPE STATUS current DESCRIPTION "SMS has been received" ::= { events 603 }
sms -report -received NOTIFICATION -TYPE STATUS current DESCRIPTION "SMS report has been received" ::= { events 604 }
call -incoming NOTIFICATION -TYPE STATUS current DESCRIPTION "A voice call is coming in" ::= { events 701 }
call -outgoing NOTIFICATION -TYPE STATUS current DESCRIPTION "Outgoing voice call is being established" ::= { events 702 }
ddns -update -succeeded NOTIFICATION -TYPE STATUS current DESCRIPTION "Dynamic DNS update succeeded" ::= { events 801 }
ddns -update -failed NOTIFICATION -TYPE STATUS current DESCRIPTION "Dynamic DNS update failed" ::= { events 802 }
usb -storage -added NOTIFICATION -TYPE STATUS current DESCRIPTION "USB storage device has been added" ::= { events 901 }
usb -storage -removed NOTIFICATION -TYPE STATUS current DESCRIPTION "USB storage device has been removed" ::= { events 902 }
usb -eth -added NOTIFICATION -TYPE STATUS current DESCRIPTION "USB Ethernet device has been added" ::= { events 903 }
usb -eth -removed NOTIFICATION -TYPE STATUS current DESCRIPTION "USB Ethernet device has been removed" ::= { events 904 }
usb -serial -added NOTIFICATION -TYPE STATUS current DESCRIPTION "USB serial device has been added" ::= { events 905 }
usb -serial -removed NOTIFICATION -TYPE STATUS current DESCRIPTION "USB serial device has been removed" ::= { events 906 }
redundancy -master NOTIFICATION -TYPE STATUS current DESCRIPTION "System is now master router" ::= { events 1001 }
redundancy -backup NOTIFICATION -TYPE STATUS current
217

NB1600 User Manual for NRSW version 4.6.0.105
DESCRIPTION "System is now backup router" ::= { events 1002 } poe -off NOTIFICATION -TYPE STATUS current DESCRIPTION "POE turned off" ::= { events 1101 } poe -on NOTIFICATION -TYPE STATUS current DESCRIPTION "POE turned on" ::= { events 1102 } END
218

NB1600 User Manual for NRSW version 4.6.0.105

A.5. SDK Examples

Event

Description

best-operator.are

This script will scan for operators on startup and choose the one with the best signal

candump.are

This script can be used to receive CAN messages

config-summary.are

This script shows a summary of the currently running configuration.

dio.are

This script can be used to set a digital output port.

dio-monitor.are

This script monitors the DIO ports and sends a SMS to the specified phone number.

dio-server.are

This script implements a TCP server which can be used to control the DIO ports.

dynamic-operator.are

This script will scan Mobile2 and dial the appropriate SIM on Mobile1

email-to-sms.are

This script implements a lightweight SMTP server which is able to receive mail and forward them as SMS to a phone number.

etherwake.are

This script can be used to wake up a sleeping host (WakeOnLan)

gps-broadcast.are

This script sends the local GPS NMEA stream to a remote UDP server (incl. device identity).

gps-monitor.are

A script for activating WLAN as soon as GPS position (lat,lon) is within a specified range.

gps-udp-client.are

This script sends the local GPS NMEA stream to a remote UDP server.

gps-udp-client-compat.are This script sends the local GPS NMEA stream (incl. serial/checksum) to a remote UDP server.

led.are

This script can be used to set a LED

modbus-rtu-master.are

This script can be used to read messages from the serial port.

modbus-rtu-slave.are

This script implements a modbus slave server

modbus-tcp-rtu-gateway.are This script implements a Modbus TCP RTU gateway

mount-media.are

This script can be used to mount an USB storage stick.

opcua-browse.are

This script will browse for nodes at a remote OPC-UA server.

opcua-json.are

This script polls any temperature nodes of an OPC-UA server and sends them JSON-encoded to a remote server.

opcua-read.are

This script will read the node value at a OPC-UA server.

opcua-write.are

This script will write a new value to a node at a OPC-UA server.

ping-supervision.are

This script will supervise a specified host.

read-config.are

This script can be used to read a configuration parameter.

219

NB1600 User Manual for NRSW version 4.6.0.105

Event remote-mail.are
scan-mobile.are
scan-wlan.are
send-mail.are send-sms.are send-techsupport.are
serial-read.are serial-readwrite.are serial-tcp-broadcast.are
serial-tcsetattr.are serial-udp-server.are
serial-write.are set-ipsec-route.are
sms-confirm.are sms-control.are sms-delete-inbox.are sms-read-inbox.are sms-to-email.are
sms-to-serial.are snmp-agent.are snmp-cmd.are snmp-trap.are status.are syslog.are tcpclient.are tcpserver.are
techsupport.are

Description This script reads and sends mails from a remote IMAP/POP3/SMTP server This script can be used to switch the Mobile LAI according to available networks This script can be used to switch the WLAN client network according to availability This script will send an E-Mail to the specified address. This script will send an SMS to the specified phone number. This script will generate a techsupport and send it to the specified E-Mail address. This script can be used to read messages from the serial port. This script will write to and read from the serial port. This script reads messages coming from the serial port and forwards them via TCP to remote hosts (and vice versa). This script can be used to set/get the attributes of the serial port. This script reads messages coming from the serial port and forwards them via UDP to a remote host (and vice versa). This script can be used to write a message to the serial port. set route to IPSEC server depending on active WWAN / WLAN network This script will send out a message and confirm its delivery. This script will execute commands received by SMS. This script can be used to flush the SMS inbox. This script can be used to read the SMS inbox. This script will forward incoming SMS messages to a given E-mail address. This script can be used to write a received SMS to the serial port. This script extends MIB entries of the SNMP agent This script issues SNMP set/get commands This script can be used to send SNMP traps This script can be used to display all status variables Throw a simple syslog message. This script sends a message to a TCP server. This script implements a TCP server which is able to receive messages. This transfers a techsupport to a remote FTP server

220

NB1600 User Manual for NRSW version 4.6.0.105

Event transfer.are transfer-file.are udpclient.are udp-msg-server.are
udpserver.are
update-config.are voice-dispatcher-audio.are webpage.are
write-config.are

Description This scripts stores the latest GNSS positions in a remote FTP file This scripts archives a remote file This script sends a message to a remote UDP server. This script will run an UDP server which is able to receive messages and forward them as SMS/E-Mail. This script implements an UDP server which is able to receive messages. This script can be used to perform a configuration update This script implements an audio voice dispatcher This script will generate a page which can be viewed in the Web Manager This script can be used to set a configuration parameter.

Table A.3.: SDK Examples

221

NetModule Router NB1600

User Manual for Software Version 4.6.0.105

NRSW

NetModule AG, Switzerland

NB1600 Manual 4.6.0.105

References