HIRSCHMANN NB3701 NetModule Router User Manual

June 15, 2024
HIRSCHMANN

HIRSCHMANN NB3701 NetModule Router

Product Information

Product Name: NetModule Router NB3701

User Manual Software Version: 4.8.0.102

Manual Version: 2.1570

Manufacturer: NetModule AG

Country of Origin: Switzerland

Date of Manual: November 20, 2023

Specifications

  • Product Type: Router
  • Variants: Covers all variants of the NB3701 product type
  • Source Code: A large amount of the source code is available under free and open source licenses, mostly covered by the GNU General Public License (GPL)
  • Trademarks: All other products or company names mentioned are used for identification purposes only and may be trademarks or registered trademarks of their respective owners

Contact Information

Product Usage Instructions

Welcome to NetModule
Thank you for purchasing a NetModule product. This document provides an introduction to the device and its features. The following chapters will guide you through the commissioning process, installation procedure, and provide helpful information on configuration and maintenance. For further information, such as sample SDK scripts or configuration samples, please refer to our wiki on https://wiki.netmodule.com.

Conformity

Safety Instructions
This chapter provides general information for putting the router into operation.

Frequently Asked Questions (FAQ)

Q: Where can I find the source code for the product?

A: A large amount of the source code is available under licenses
which are both free and open source, mostly covered by the GNU
General Public License (GPL). You can obtain the GPL from www.gnu.org. For detailed license information on
a particular software package, please contact us.

Q: Are there any trademarks associated with the
product?

A: All other products or company names mentioned herein are used
for identification purposes only and may be trademarks or
registered trademarks of their respective owners.

Q: How can I contact NetModule for support?

A: You can visit our support website at https://support.netmodule.com
or contact us through phone, email, or fax using the provided
contact information.

NetModule Router NB3701
User Manual for Software Version 4.8.0.102
Manual Version 2.1570
NetModule AG, Switzerland November 20, 2023

NetModule Router NB3701
This manual covers all variants of the NB3701 product type.
The specifications and information regarding the products in this manual are subject to change without notice. We would like to point out that NetModule makes no representation or warranties with respect to the contents herein and shall not be responsible for any loss or damage caused to the user by the direct or indirect use of this information This document may contain information about third party products or processes. Such third party information is generally out of influence of NetModule and therefore NetModule shall not be responsible for the correctness or legitimacy of this information. Users must take full responsibility for their application of any products.

Copyright ©2023 NetModule AG, Switzerland All rights reserved

This document contains proprietary information of NetModule. No parts of the work described herein may be reproduced. Reverse engineering of the hardware or software is prohibited and protected by patent law. This material or any portion of it may not be copied in any form or by any means, stored in a retrieval system, adopted or transmitted in any form or by any means (electronic, mechanical, photographic, graphic, optic or otherwise), or translated in any language or computer language without the prior written permission of NetModule.
A large amount of the source code to this product is available under licenses which are both free and open source. Most of it is covered by the GNU General Public License which can be obtained from www.gnu.org. The remainder of the open source software which is not under the GPL, is usually available under one of a variety of more permissive licenses. A detailed license information for a particular software package can be provided on request.
All other products or company names mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective owners. The following description of software, hardware or process of NetModule or other third party provider may be included with your product and will be subject to the software, hardware or other license agreements.

Contact
https://support.netmodule.com

NetModule AG Maulbeerstrasse 10 CH-3011 Bern Switzerland

Tel +41 31 985 25 10 Fax +41 31 985 25 11 info@netmodule.com https://www.netmodule.com

User Manual for NRSW version 4.8.0.102

1. Welcome to NetModule
Thank you for purchasing a NetModule product. This document should give you an introduction to the device and its features. The following chapters describe any aspects of commissioning the device, installation procedure and provide helpful information towards configuration and maintenance. Please find further information such as sample SDK scripts or configuration samples in our wiki on https://wiki.netmodule.com.

NB3701

9

User Manual for NRSW version 4.8.0.102

Conformity

This chapter provides general information for putting the router into operation.

Safety Instructions
Please carefully observe all safety instructions in the manual that are marked with the symbol .
Compliance information: The NetModule routers must be used in compliance with any and all applicable national and international laws and with any special restrictions regulating the utilization of the communication module in prescribed applications and environments.
Information about the accessories / changes to the device: ­ Please only use original accessories to prevent injuries and health risks. ­ Changes made to the device or the use of non-authorized accessories will render the
warranty null and void and potentially invalidate the operating license. ­ NetModule routers must not be opened (SIM cards may be used according to the
instructions).

NB3701

10

User Manual for NRSW version 4.8.0.102

Information about the device interfaces: ­ All systems that are connected to the NetModule router interfaces must meet the
requirements for SELV (Safety Extra Low Voltage) systems.
­ Interconnections must not leave the building nor penetrate the body shell of a vehicle.
­ Connections for antennas may only exit the building or the vehicle hull if transient overvoltages (according to IEC 62368-1) are limited by external protection circuits down to 1 500 Vpeak. All other connections must remain within the building or the vehicle hull.
­ Installed antennas must always be at least 40 cm away from people.
­ All antennas must have a distance of at least 20cm from each other; in the case of combined antennas (mobile radio / WLAN / GNSS), there must be sufficient isolation between the radio technologies.
­ Devices with a WLAN interface may be operated only with applicable Regulatory Domain configured. Special attention must be paid to country, number of antennas and the antenna gain (see also chapter 5.3.4). WLAN antennas with a higher amplification may be used with the NetModule router “Enhanced-RF-Configuration” software license and the antenna gain and cable attenuation that have been correctly configured by certified specialized personnel. A misconfiguration will lead to loss of the approval.
­ The maximum gain of an antenna (incl. the attenuation of the connection cables) must not exceed the following values in the corresponding frequency range:
­ Mobile radio (600MHz .. 1GHz) < 3.2dBi
­ Mobile radio (1.7GHz .. 2GHz) < 6.0dBi
­ Mobile radio (2.5GHz .. 4.2GHz) < 6.0dBi
­ WiFi (2.4GHz .. 2.5GHz) < 3.2dBi
­ WiFi (5.1GHz .. 5.9GHz) < 4.5dBi
­ Note that GNSS signals can be obfuscated or blocked by malicious third-party devices.
­ Only CE-compliant power supplies with a current-limited SELV output voltage range may be used with the NetModule routers.

0Note: Power supplies for routers with the Pb option (72-110 VDC) cannot be a SELV circuit, since the voltage is greater than 60 VDC.

NB3701

11

User Manual for NRSW version 4.8.0.102

General safety instructions: ­ Observe the usage limitations of radio units at filling stations, in chemical plants, in
systems with explosives or potentially explosive locations. ­ The devices may not be used in airplanes. ­ Exercise particular caution near personal medical aids, such as pacemakers and hear-
ing aids. ­ The NetModule routers may also cause interference in the nearer distance of TV sets,
radio receivers and personal computers. ­ Never perform work on the antenna system during a thunderstorm. ­ The devices are generally designed for normal indoor use. Do not expose the devices
to extraordinary environmental conditions worse than IP40. ­ Protect them against aggressive chemical atmospheres and humidity or temperatures
outside specifications. ­ We highly recommended creating a copy of a working system configuration. It can be
easily applied to a newer software release afterwards.
2.2. Declaration of Conformity
NetModule hereby declares that under our own responsibility that the routers comply with the relevant standards following the provisions of the RED Directive 2014/53/EU. The signed version of the Declaration of Conformity can be obtained from https://www.netmodule.com/downloads
Operating frequency bands and related maximum radio frequency power transmitted is shown below, according to RED Directive 2014/53/EU, Article 10 (8a, 8b).
WLAN maximum output power
IEE 802.11b/g/n Operation frequency range: 2412-2472 MHz (13 channels) Maximum output power: 14.93 dBm EIRP average (on antenna port)
IEE 802.11a/n/ac Operation frequency range: 5180-5350 MHz / 5470-5700 MHz (19 channels) Maximum output power: 22.91 dBm EIRP average (on antenna port)
Cellular maximum output power
GSM Band 900 Operation frequency range: 880-915, 925-960 MHz Maximum output power: 33.5 dBm rated

NB3701

12

User Manual for NRSW version 4.8.0.102

GSM Band 1800 Operation frequency range: 1710-1785, 1805-1880 MHz Maximum output power: 30.5 dBm rated
WCDMA Band I Operation frequency range: 1920-1980, 2110-2170 MHz Maximum output power: 25.7 dBm rated
WCDMA Band III Operation frequency range: 1710-1785, 1805-1880 MHz Maximum output power: 25.7 dBm rated
WCDMA Band VIII Operation frequency range: 880-915, 925-960 MHz Maximum output power: 25.7 dBm rated
LTE FDD Band 1 Operation frequency range: 1920-1980, 2110-2170 MHz Maximum output power: 25 dBm rated
LTE FDD Band 3 Operation frequency range: 1710-1785, 1805-1880 MHz Maximum output power: 25 dBm rated
LTE FDD Band 7 Operation frequency range: 2500-2570, 2620-2690 MHz Maximum output power: 25 dBm rated
LTE FDD Band 8 Operation frequency range: 880-915, 925-960 MHz Maximum output power: 25 dBm rated
LTE FDD Band 20 Operation frequency range: 832-862, 791-821 MHz Maximum output power: 25 dBm rated
LTE FDD Band 28 Operation frequency range: 703-748, 758-803 Maximum output power: 25 dBm rated

NB3701

13

User Manual for NRSW version 4.8.0.102

2.3. Waste Disposal
In accordance with the requirements of the Council Directive 2012/19/EU regarding Waste Electrical and Electronic Equipment (WEEE), you are urged to ensure that this product will be segregated from other waste at end-of-life and delivered to the WEEE collection system in your country for proper recycling.
2.4. National Restrictions
This product may be generally used in all EU countries (and other countries following the RED Directive 2014/53/EU) without any limitation. Please refer to our WLAN Regulatory Database for getting further national radio interface regulations and requirements for a particular country.

NB3701

14

User Manual for NRSW version 4.8.0.102

2.5. Open Source Software
We inform you that NetModule products may contain in part open-source software. We are distributing such open-source software to you under the terms of GNU General Public License (GPL)1, GNU Lesser General Public License (LGPL)2 or other open-source licenses3. These licenses allow you to run, copy, distribute, study, change and improve any software covered by GPL, Lesser GPL, or other open-source licenses without any restrictions from us or our end user license agreement on what you may do with that software. Unless required by applicable law or agreed to in writing, software distributed under open-source licenses is distributed on an “AS IS” basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. To obtain the corresponding open source codes covered by these licenses, please contact our technical support at router@support.netmodule.com.
Acknowledgements
This product includes:
­ PHP, freely available from http://www.php.net ­ Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org) ­ Cryptographic software written by Eric Young (eay@cryptsoft.com) ­ Software written by Tim Hudson (tjh@cryptsoft.com) ­ Software written Jean-loup Gailly and Mark Adler ­ MD5 Message-Digest Algorithm by RSA Data Security, Inc. ­ An implementation of the AES encryption algorithm based on code released by Dr Brian Glad-
man ­ Multiple-precision arithmetic code originally written by David Ireland ­ Software from The FreeBSD Project (http://www.freebsd.org)

1Please find the GPL text under http://www.gnu.org/licenses/gpl-2.0.txt 2Please find the LGPL text under http://www.gnu.org/licenses/lgpl.txt 3Please find the license texts of OSI licenses (ISC License, MIT License, PHP License v3.0, zlib License) under

Licenses

NB3701

15

User Manual for NRSW version 4.8.0.102

3. Specifications
3.1. Appearance

3.2. Features
All models of NB3701 have following basic functionality in common: ­ Galvanically isolated power supply ­ 5x Ethernet M12 ports (10/100 Mbit/s) ­ 2x digital inputs, 2x digital outputs ­ 1x USB 2.0 host port ­ 2x mini SIM card slots
The NB3701 can be equipped with the following options: ­ LTE, UMTS, GSM

NB3701

16

User Manual for NRSW version 4.8.0.102

­ GSM-R ­ WLAN IEEE 802.11 ­ GPS/GNSS ­ Power Supply 72 , 96, 110 VDC ­ Serial port (RS-232) ­ Software Keys
Due to its modular approach, the NB3701 router and its hardware components can be arbitrarily assembled according to its indented usage or application. Please contact us in case of special project requirements.

Environmental Conditions

Parameter Input Voltage (Variant Pa) Input Voltage (Variant Pb) Operating Temperature Range
Storage Temperature Range Humidity Altitude (Variant Pa) Altitude (Variant Pb) Over-Voltage Category Pollution Degree Ingress Protection Rating

Rating 24 VDC to 48 VDC (-30% / +30%) 72 VDC to 110 VDC (-30% / +30%) 24-48 VDC: EN50155 TX (-40 C to +70 C) with max. 2 radio modules 72-110 VDC: EN50155 TX (-40 C to +70 C) with max. 2 radio modules -40 C to +85 C 0 to 95% (non- condensing) up to 4000m up to 2000m I 2 IP40 (with SIM and USB covers mounted)

Table 3.1.: Environmental Conditions

Attention: When using the Pb variant with an input voltage higher than 60 VDC, the router MUST be connected to an earth protection.

NB3701

17

User Manual for NRSW version 4.8.0.102

3.4. Interfaces
3.4.1. Overview

Nr. Label 1 LED Indicators 2 Reset 3 SIM 1-2 4 USB 5 Ethernet 1-5 6
7 Power 8 Digital I/O 9 MOB 1 /WLAN 3 10 MOB 3 /WLAN 1 11 GNSS 12 MOB 2 /WLAN 4

Function LED Indicators for the different interfaces Reboot and factory reset button SIM 1-2, they can be assigned dynamically to any modem by configuration. USB 2.0 host port, can be used for software/configuration updates. FastEthernet switch ports, can be used as LAN or WAN interface.
M6 earth protection connector, connected to system GND. Galvanic isolated to power supply. If used, connect a yellow-green marked cable with at least 6mm2 copper area. Avoid corrosion and protect the screws against loosening. Earthing is mandatory for the variant Pb (50 VDC to 136 VDC power supply). Power supply (galvanically isolated) Galvanically isolated digital I/O M12 connector TNC female connector for Mobile/WLAN antenna NC female connector for Mobile/WLAN antenna TNC female connector for GPS antenna TNC female connector for Mobile/WLAN antenna

NB3701

18

User Manual for NRSW version 4.8.0.102

Nr. Label

Function

13 MOB 4 /WLAN 2 NC female connector for Mobile/WLAN antenna

Table 3.2.: NB3701 Interfaces

3.4.2. Default LED Indicators

Status LEDs The following table describes the NB3701 status indicators.

Label STAT
MOB1
MOB2
VPN WLAN
GPS
VOICE DO1 DO2 DI1

Color
[1] [1] [1]

State blinking
on on on blinking off on blinking off on off on blinking off on blinking off on off on off on off on off

Function The device is busy due to startup, software or configuration update. The device is ready. The captions of the top bank apply. The device is ready. The captions of the bottom bank apply. Mobile connection 1 is up. Mobile connection 1 is being established. Mobile connection 1 is down. Mobile connection 2 is up. Mobile connection 2 is being established. Mobile connection 2 is down. VPN connection is up. VPN connection is down. WLAN connection is up. WLAN connection is being established. WLAN connection is down. GPS is turned on and a valid NMEA stream is available. GPS is searching for satellites. GPS is turned off or no valid NMEA stream is available. A voice call is currently active. No voice call is active. Normally open output port 1 is closed. Normally open output port 1 is open. Normally closed output port 2 is closed. Normally closed output port 2 is open. Input port 1 is set. Input port 1 is not set.

NB3701

19

User Manual for NRSW version 4.8.0.102

Label

Color

State Function

DI2

on

Input port 2 is set.

off

Input port 2 is not set.

USR1

on

User defined.

off

User defined.

USR2

on

User defined.

off

User defined.

[1] The color of the LED represents the signal quality for wireless links.

red means low

yellow means moderate

green means good or excellent

Table 3.3.: NB3701 Status Indicators

Ethernet LEDs The following table describes the Ethernet status indicators.

Label
Ethernet 1-5

Color

State on

Function Link on (10 Mbit/s or 100 Mbit/s)

blinking Activity

off

no Link

Table 3.4.: Ethernet Status Indicators

3.4.3. Reset
The reset button has two functions: 1. Reboot the system: Press at least 3 seconds to trigger a system reboot. The reboot is indicated with the red blinking STAT LED. 2. Factory reset: Press at least 10 seconds to trigger a factory reset. The start of the factory reset is confirmed by all LEDs lighting up for a second.

NB3701

20

User Manual for NRSW version 4.8.0.102

3.4.4. Mobile
The various variants of the NB3701 support up to 2 WWAN modules for mobile communication. The LTE modules support 2×2 MIMO.

Standard

Bands

EDGE/GPRS/GSM

B5(850), B8(900), B3(1800), B2(1900)

DC-HSPA+/UMTS

B5(850), B8(900), B2(1900), B1(2100)

LTE, UMTS, GSM Modem for B1(2100), B3(1800), B5(850), B7(2600), B8(900), B20(800) EMEA (Cat. 4)

LTE Advanced, EMEA (Cat. 6)

UMTS

for B30 (2300 WCS), B41 (TDD 2500), B29 (US 700de Lower), B26 (US 850 Ext), B25 (1900), B5 (850), B20 (800DD), B13 (700c), B12 (700ac), B7 (2600), B4 (AWS), B3 (1800), B2 (1900), B1 (2100)

Table 3.5.: Mobile Interface Note: This enumeration is not meant to be exhaustive.

The mobile antenna ports have the following specification:

Feature

Specification

Max. allowed cable length

30 m

Min. number of antennas 4G-LTE

2

Max. allowed antenna gain including cable attenuation

Mobile radio (600MHz .. 1GHz) < 3.2dBi Mobile radio (1.7GHz .. 2GHz) < 6.0dBi Mobile radio (2.5GHz .. 4.2GHz) < 6.0dBi

Min. distance between collocated ra- 20 cm dio transmitter antennas (Example: MOB1 to MOB2)

Min. distance between people and an- 40 cm tenna

Connector type

TNC

Table 3.6.: Mobile Antenna Port Specification

NB3701

21

User Manual for NRSW version 4.8.0.102

3.4.5. WLAN The variants of the NB3701 support up to 2 802.11 a/b/g/n/ac WLAN modules.

Standard 802.11a 802.11b 802.11g 802.11n 802.11ac

Frequencies 5 GHz 2.4 GHz 2.4 GHz 2.4/5 GHz 5 GHz

Bandwidth 20 MHz 20 MHz 20 MHz 20/40 MHz 20/40/80 MHz

Data Rate 54 Mbit/s 11 Mbit/s 54 Mbit/s 300 Mbit/s 866.7 Mbit/s

Table 3.7.: IEEE 802.11 Standards

Note: 802.11n and 802.11ac support 2×2 MIMO

The WLAN antenna ports have the following specification:

Feature

Specification

Max. allowed cable length

30 m

Max. allowed antenna gain including cable attenuation

3.2dBi (2,4GHz) resp. 4.5dBi (5GHz) 1

Min. distance between collocated ra- 20 cm dio transmitter antennas (Example: WLAN1 to MOB1)

Min. distance between people and an- 40 cm tenna

Connector type

TNC

Table 3.8.: WLAN Antenna Port Specification

1Note: WLAN antennas with a higher amplification may be used with the NetModule router “Enhanced-RF-Configuration” software license and the antenna gain and cable attenuation that have been correctly configured by certified specialized personnel.

NB3701

22

User Manual for NRSW version 4.8.0.102

3.4.6. GNSS GNSS (Option G) The GNSS is used from a WWAN Module.

Feature Systems

Data stream Tracking sensitivity Supported antennas

Specification GPS/GLONASS, (GALILEO/BEIDOU depending on module) JSON or NMEA Up to -165 dBm Active and passive

Table 3.9.: GNSS Specifications option G

GNSS (Option Gd) The GNSS module supports Dead Reckoning with onboard 3D accelerometer and 3D gyroscope.

Feature Systems Data stream Channels Tracking sensitivity Accuracy Dead Reckoning Modes
Supported antennas

Specification GPS/GLONASS/BeiDu/Galileo ready NMEA or UBX 72 Up to -160 dBm Up to2.5m CEP UDR: Untethered Dead Reckoning ADR: Automotive Dead Reckoning Active and passive

Table 3.10.: GNSS Specifications option Gd

The GNSS antenna port have the following specification:

Feature

Specification

Max. allowed cable length

30 m

Antenna LNA gain

15-20 dB typ, 30 dB max.

Min. distance between collocated ra- 20 cm dio transmitter antennas (Example: GNSS to MOB1)

Connector type

TNC

Table 3.11.: GNSS / GPS Antenna Port Specification

NB3701

23

User Manual for NRSW version 4.8.0.102

3.4.7. USB 2.0 Host Port The USB 2.0 host port has the following specification:

Feature Speed Current Max. cable length Cable shield Connector type

Specification Low, Full & Hi-Speed max. 500 mA 3m mandatory Type A

Table 3.12.: USB 2.0 Host Port Specification

3.4.8. M12 Ethernet Connectors

Specification The five Ethernet ports have following specification:

Feature Isolation to enclosure Speed Mode Crossover Max. cable length Cable type Cable shield Connector type

Specification 1500 VDC 10/100 Mbit/s Half- & Full-Duplex Automatic MDI/MDI-X 100 m CAT5e or better mandatory M12 d-coded

Table 3.13.: Ethernet Port Specification

Pin Assignment on M12, 4 poles, D-coded female

Pin Signal 1 Tx+ 2 Rx+ 3 Tx- 4 Rx-

Pinning

Table 3.14.: Pin Assignments of Ethernet Connectors

NB3701

24

User Manual for NRSW version 4.8.0.102

3.4.9. Power Supply

Standard variant Pa (24 VDC to 48 VDC) The power input has the following specifications:

Feature Power supply nominal voltages
Voltage range Max. power consumption Typ. Inrush-Current-Integral
Max. cable length Cable shield Galvanic isolation
Power interruption
Supply change over Connector type

Specification
24 VDC, 36 VDC and 48 VDC (according to EN 50155)
24 VDC to 48 VDC (-30% / +30%)
15 W 0.23 A2s at 24 Vin 0.57 A2s at 36 Vin 1.05 A2s at 48 Vin
30m
not required
yes, 1500 VDC (according to EN 50155 & EN 62368-1)
Class S2: Sustains power interruptions up to 10 ms, there are no batteries included
Class C1: 0.6 Un during 100 ms (w/o interruption)
M12, 4 poles, A-coded male

Table 3.15.: Power Input Specifications Variant Pa

NB3701

25

User Manual for NRSW version 4.8.0.102

Variant Pb (72 VDC to 110 VDC) The power input has the following specifications:

Feature Power supply nominal voltages
Voltage range Max. power consumption Typ. Inrush-Current-Integral
Max. cable length Cable shield Galvanic isolation
Power interruption
Supply change over Connector type

Specification
72 VDC, 96 VDC and 110 VDC (according to EN 50155)
72 VDC to 110 VDC (-30% / +30%)
15 W 0.07 A2s at 72 Vin 0.13 A2s at 96 Vin 0.18 A2s at 110 Vin
30m
not required
yes, 1500 VDC (according to EN 50155 & EN 62368-1)
Class S2: Sustains power interruptions up to 10 ms, there are no batteries included
Class C1: 0.6 Un during 100 ms (w/o interruption)
M12, 4 poles, A-coded male

Table 3.16.: Power Input Specifications Variant Pb Pin Assignment M12, 4 poles, A-coded male

Pin Signal 1 V+ (24-48 VDC or 72-110 VDC) 2 Not connected 3 V- 4 Not connected

Pinning

Table 3.17.: Pin Assignments of Power Connector

NB3701

26

User Manual for NRSW version 4.8.0.102

3.4.10. Digital Inputs and Outputs The isolated input and oputput ports have the following specification in common:

Feature Isolation to enclosure/GND Isolation to adjacent I/O Max. cable length Cable shield

Specification 1’000 VAC functional 10 m not required

Table 3.18.: Common Digital I/O Specification

Isolated Outputs The isolated digital output ports have the following specification:

Feature Number of output ports Limiting continuous current Maximum switching voltage Maximum switching capacity

Specification 1xNO, 1xNC 1A 60 VDC, 42 VAC ( Vrms) 60 W

Table 3.19.: Isolated Digital Outputs Specification

Isolated Inputs The isolated digital input ports have the following specification:

Feature Number of inputs Maximum input voltage Minimum voltage for level 1 (set) Maximum voltage for level 0 (not set)

Specification 2 40 VDC
7.2 VDC
5.0 VDC

Table 3.20.: Isolated Digital Inputs Specification

Note: A negative input voltage is not recognized.

NB3701

27

User Manual for NRSW version 4.8.0.102

Pin Assignment M12 8-pole A-coded female

Pin Signal 1 DI1+ 2 DI1- 3 DI2+ 4 DI2- 5 DO1: Dry contact relay normally open 6 DO1: Dry contact relay normally open 7 DO2: Dry contact relay normally closed 8 DO2: Dry contact relay normally closed

Pinning

Table 3.21.: Pin Assignments of Digital Inputs and Outputs

Option Serial Interface (Option S) Instead of the digital intput and output, the internal non isolated serial interface could be placed. This 3-wire RS-232 port has the following specification (bold characters show the default configuration):

Feature Protocol Baud rate
Data bits Parity Stop bits Software flow control Hardware flow control Galvanic isolation to enclosure Max. cable length Cable shield

Specification 3-wire RS-232: GND, TXD, RXD 300, 1 200, 2 400, 4 800, 9 600, 19 200, 38 400, 57 600, 115 200, 230 400, 460 800 7 bit, 8 bit none, odd, even 1, 2 none, XON/XOFF none none 10 m mandatory

Table 3.22.: Non-isolated RS-232 Port Specification

NB3701

28

User Manual for NRSW version 4.8.0.102

Pin Assignment M12 8-pole A-coded female

Pin Signal 1 GND 2 TxD 3 RxD 4- 5- 6- 7- 8-

Pinning

Table 3.23.: Pin Assignments of RS-232 instead of Digital Input/Output

NB3701

29

User Manual for NRSW version 4.8.0.102

4. Installation
The NB3701 is designed for mounting it on a worktop or wall. Please consider the safety instructions in chapter 2 and the environmental conditions in chapter 3.3.
The following precautions must be taken before installing a NB3701 router: ­ Avoid direct solar radiation ­ Protect the device from humidity, steam and aggressive fluids ­ Guarantee sufficient circulation of air around the device ­ The device is for indoor use only
Attention: NetModule routers are not intended for the end consumer market. The device must be installed and commissioned by a certified expert.

4.1. Installation of the Mini-SIM Cards
Up to two Mini-SIM cards can be inserted in a NB3701 router. SIM cards can be inserted by sliding it into one of the designated slots on the front panel. You have to push the SIM card using a small paper clip (or similar) until it snaps into place. To remove the SIM, you will need to push it again in the same manner. The SIM card will then rebounce and can be pulled out. SIMs can be assigned flexibly to any modem in the system. It is also possible to switch a SIM to a different modem during operation, for instance if you want to use another provider upon a certain condition. However, a SIM switch usually takes about 10-20 seconds which can be bypassed (e.g. at bootup) if SIMs are installed reasonably. Using only a single SIM with one modem, it should be preferably placed into the SIM 1 holder. For systems which should operate two modems with two SIMs in parallel, we recommend to assign MOB 1 to SIM 1 and MOB 2 to SIM 2. Further information about SIM configuration can be found in chapter 5.3.3.
Attention: After a SIM Switch the SIM Cover of the NB3701 router has to be mounted again and screwed to get IP40 protection class.

4.2. Installation of the Cellular Antenna
For a reliable function of the NetModule router via the mobile network, the NetModule routers require a good signal. Use suitable remote antennas with extended cables to achieve an optimal location with a sufficient signal and to maintain the distances to other antennas (at least 20cm to each other). The antenna manufacturer’s instructions must be observed. Keep in mind that effects caused by Faraday cages such as large metal surfaces (elevators, machine housings, etc.), close meshed iron constructions and others may reduce signal reception significantly. The mounted antennas or antenna cables should be fixed with a wrench. The following table shows how to connect the cellular antennas. 4G-LTE antennas require both the main and auxiliary ports to be connected.

NB3701

30

User Manual for NRSW version 4.8.0.102

Antenna Port MOB 1 MOB 2 (MIMO with MOB 1) MOB 3 MOB 4 (MIMO with MOB 3)

Type Main Auxiliary Main Auxiliary

Table 4.1.: Cellular antenna port types

Attention: When installing the antenna be sure to observe chapter 2

NB3701

31

User Manual for NRSW version 4.8.0.102

4.3. Installation of the WLAN Antennas
The following table shows how to connect the WLAN antennas. The number of attached antennas can be configured in the software. If only one antenna is used, it must be attached to the main port. However, for better diversity and thus better throughput and coverage, we highly recommend using two antennas.

Antenna Port WLAN 1 WLAN 2 (MIMO with WLAN 1) WLAN 3 WLAN 4 (MIMO with WLAN 3)

Type Main Auxiliary Main Auxiliary

Table 4.2.: WLAN antenna port types

Attention: When installing the antenna be sure to observe chapter 2

NB3701

32

User Manual for NRSW version 4.8.0.102

4.4. Installation of the GPS Antenna
The GNSS antenna must be mounted to the connector GPS. Whether the antenna is an active or passive GPS antenna has to be configured in the software. We recommend active GPS antennas for highly accurate GPS tracking.
Attention: When installing the antenna be sure to observe chapter 2
4.5. Installation of the Local Area Network
Up to five 10/100 Mbps Ethernet devices can be directly connected to the router, further devices can be attached via an addtional Ethernet switch. Please ensure that the connector has been plugged in properly and remains in a fixed state, you might otherwise experience sporadical link loss during operation. The Link/Act LED will lit up as soon as the device has synced. If not, it might be necessary to configure a different link setting as described in chapter 5.3.2. By default, the router is configured as a DHCP server and has the IP address 192.168.1.1.
Attention: Only a shielded Ethernet cable may be used.
4.6. Installation of the Power Supply
The router can be powered with an external source supplying between 24 VDC and 48 VDC or 50 VDC and 136 VDC respectively. It is to be used with a certified (CE or equivalent) power supply, which must have a limited and SELV circuit output. The router is now ready for getting engaged.
Attention: Only CE-compliant power supplies with a current-limited SELV output voltage range (for NetModule routers with “Pb” option with a correspondingly higher output voltage range and in accordance with appropriate comparable safety precautions) may be used with the NetModule routers

NB3701

33

User Manual for NRSW version 4.8.0.102

5. Configuration
The following chapters provide information on setting up the router and configuring its functions as provided with system software 4.8.0.102.
NetModule provides regularly updated router software with new functions, bug fixes and closed vulnerabilities. Please keep your router software up to date. ftp://share.netmodule.com/router/public/system-software/
5.1. First Steps
NetModule routers can be easily set up by using the HTTP-based configuration interface, called the Web Manager. It is supported by the latest web browsers. Please ensure to have JavaScript turned on. Any submitted configuration via the Web Manager will be applied immediately to the system when pressing the Apply button. When configuring subsystems which require multiple steps (for instance WLAN) you can use the Continue button to store any settings temporarily and apply them at a later time. Please note that those settings will be neglected at logout unless applied. You may also upload configuration files via SNMP, SSH, HTTP or USB in case you intend to deploy a larger numbers of routers. Advanced users may also use the Command Line Interface (CLI) and set configuration parameters directly. The IP address of Ethernet 1 is 192.168.1.1 and DHCP is activated on the interface by default. The following steps need to be taken to establish your first Web Manager session:
1. Connect the Ethernet port of your computer to the Ethernet 1 (FastEthernet) port of the router using a shielded CAT5 cable with RJ45 (or M12) connector.
2. If not yet activated, enable DHCP on your computer’s Ethernet interface so that an IP address can be obtained automatically from the router. This usually takes a short amount of time until your PC has received the corresponding parameters (IP address, subnet mask, default gateway, name server). You may track the progress by having a look to your network control panel and check whether your PC has correctly retrieved an IP address of the range 192.168.1.100 to 192.168.1.199.
3. Launch your favorite web browser and point it to the IP address of the router (the URL is http://192.168.1.1).
4. Please follow the instructions of the Web Manager for configuring the router. Most of the menus are self-explanatory, further details are given in the following chapters.
5.1.1. Initial Access
In factory state you will be prompted for a new administrator password. Please choose a password which is both, easy to remember but also robust against dictionary attacks (such as one that contains numbers, letters and punctuation characters). The password shall have a minimum length of 6 characters. It shall contain a minimum of 2 numbers and 2 letters.

NB3701

34

User Manual for NRSW version 4.8.0.102

Admin Password Setup
Please set a password for the admin account. It shall have a minimum length of 6 characters and contain at least 2 numbers and 2 letters.

Username: Enter new password: Confirm new password:
I agree to the terms and conditions

admin

Configure automatic mobile data connection

Apply

NetModule Router Simulator Hostname netbox Software Version 4.4.0.103 © 2004-2020, NetModule AG

NetModule Insights
Subscribe to our mailing and get the latest news about software releases and much more

Figure 5.1.: Initial Login
Please note that the admin password will be also applied for the root user which can be used to access the device via the serial console, Telnet, SSH or to enter the bootloader. You may also configure additional users which will only be granted to access the summary page or retrieve status information but not to set any configuration parameters. A set of services (USB Autorun, CLI- PHP) are by default activated in factory state and will be disabled as soon as the admin password has been set. They can be enabled again afterwards in the relevant sections. Other services (SSH, Telnet, Console) can be accessed in factory state by providing an empty or no password. The passphrase which is used to store and access generated and uploaded private keys is initialized to a random value. It can be changed as described in chapter 5.8.8.
5.1.2. Automatic Mobile Data Connection
If you put a SIM with disabled PIN into the first SIM slot and select ‘Configure automatic mobile data connection’ the router will try to select matching credentials from a database of known providers and

NB3701

35

User Manual for NRSW version 4.8.0.102

esteblish a mobile data connection automatically. This feature is highly dependent on the SIM card features and the available networks. This Option is only availble if the router is equipped with a cellular module.
5.1.3. Recovery
Following actions might be taken in case the router has been misconfigured and cannot be reached anymore:
1. Factory Reset: You can initiate a reset back to factory settings via the Web Manager, by running the command factory-reset or by pressing the reset button. The latter would require a slim needle or paper clip which must be inserted into the holeto the left of the SIM 1 slot. The button must be hold pressed for up to 5 seconds until all LEDs flash up.
2. Serial Console Login: It is also possible to log into the system via the serial port. This requires a terminal emulator (such as PuTTY or HyperTerminal) and an RS232 connection (115200 8N1) attached to the serial port of your local computer. You will also see the kernel messages at bootup there.
3. Recovery Image: In severe cases we can provide a recovery image on demand which can be loaded into RAM via TFTP and executed. It offers a minimal system image for running a software update or doing other modifications. You will be provided with two files, recovery-image and recovery-dtb, which must be placed in the root directory of a TFTP server (connected via LAN1 and address 192.168.1.254). The recovery image can be launched from the bootloader using a serial connection. You will have to stop the boot process by pressing s and enter the bootloader. You can then issue run recovery to load the image and start the system which can be accessed via HTTP/SSH/Telnet and its IP address 192.168.1.1 afterwards. This procedure can be also initiated by holding the factory reset button longer than 15 seconds.

NB3701

36

User Manual for NRSW version 4.8.0.102

5.2. HOME
This page provides a status overview of enabled features and connections.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Status Summary WAN WWAN WLAN GNSS Ethernet LAN Bridges DHCP OpenVPN IPsec PPTP MobileIP Firewall System

Summary Description LAN2 WWAN1 WLAN1 IPsec1 PPTP1 MobileIP

Administrative Status enabled enabled enabled, access-point enabled enabled, server enabled

Operational Status dialing down up down up down

LOGOUT

NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG
Figure 5.2.: Home
Summary This page offers a short summary about the administrative and operational status of the router’s interfaces.
WAN This page offers details about any enabled Wide Area Network (WAN) links (such as the IP addresses, network information, signal strength, etc.) The information about the amount of downloaded/uploaded data is stored in non- volatile memory, thus survive a reboot of the system. The counters can be reset by pressing the Reset button.
WWAN This page shows information about modems and their network status.
AC This page shows information about the Access Controller (AC) WLAN-AP. This includes the current states and status information of discovered and managed AP3400 devices.

NB3701

37

User Manual for NRSW version 4.8.0.102

WLAN The WLAN page offers details about the enabled WLAN interfaces when operating in access-point mode. This includes the SSID, IP and MAC address and the currently used frequency and transmit power of the interface as well as the list of associated stations.
GNSS This page displays the position status values, such as latitude/longitude, the satellites in view and more details about the used satellites.
Ethernet This page shows information about the Ethernet interfaces and packet statistics information.
LAN This page shows information about the LAN interfaces plus the neighborhood information.
Bridges This page shows information about configured virtual bridge devices.
Bluetooth This page shows information about Bluetooth interfaces.
DHCP This page offers details about any activated DHCP service, including a list of issued DHCP leases.
OpenVPN This page provides information about the OpenVPN tunnel status.
IPSec This page provides information about the IPsec tunnel status.
PPTP This page provides information about the PPTP tunnel status.
GRE This page provides information about the GRE tunnel status.
L2TP This page provides information about the L2TP tunnel status.
MobileIP This page provides information about Mobile IP connections.
Firewall This page offers information about any firewall rules and their matching statistics. It can be used to debug the firewall.
QoS This page provides information about the used QoS queues.

NB3701

38

User Manual for NRSW version 4.8.0.102

BGP This page provides information about the Border Gateway Protocol.
OSPF This page provides information about the Open Shortest Path First routing protocol.
DynDNS This page provides information about Dynamic DNS.
System Status The system status page displays various details of your NB3701 router, including system details, information about mounted modules and software release information.
SDK This section will list all webpages generated by SDK scripts.

NB3701

39

User Manual for NRSW version 4.8.0.102

5.3. INTERFACES
5.3.1. WAN
Link Management Depending on your hardware model, WAN links can be made up of either Wireless Wide Area Network (WWAN), Wireless LAN (WLAN), Ethernet or PPP over Ethernet (PPPoE) connections. Please note that each WAN link has to be configured and enabled in order to appear on this page.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

WAN Link Management
In case a WAN link goes down, the system will automatically switch over to the next link in order of priority. A link can be either established when the switch occurs or permanently to minimize link downtime. Outgoing traffic can also be distributed over multiple links on a per IP session basis.

Priority Interface 1st LAN2 2nd WWAN1

Operation Mode permanent permanent

Apply

Figure 5.3.: WAN Links

NB3701

40

User Manual for NRSW version 4.8.0.102

In general, a link will be only dialed or declared as up if the following prerequisites are met:

Condition Modem is registered Registered with valid service type Valid SIM state Sufficient signal strength Client is associated Client is authenticated Valid DHCP address retrieved Link is up and holds address Ping check succeeded

WWAN X X X X
X X X

WLAN
X X X X X X

ETH
X X X

PPPoE
X X X

The menu can be used further to prioritize your WAN links. The highest priority link which has been established successfully will become the so- called hotlink which holds the default route for outgoing packets.
In case a link goes down, the system will automatically switch over to the next link in the priority list. You can configure each link to be either established when the switch occurs or permanently in order to minimize link downtime.

Parameter 1st priority 2nd priority
3rd priority
4th priority

WAN Link Priorities
The primary link which will be used whenever possible.
The first fallback link, it can be enabled permanently or being dialed as soon as Link 1 goes down.
The second fallback link, it can be enabled permanently or being dialed as soon as Link 2 goes down.
The third fallback link, it can be enabled permanently or being dialed as soon as Link 3 goes down.

Links are being triggered periodically and put to sleep in case it was not possible to establish them within a certain amount of time. Hence it might happen that permanent links will be dialed in background and replace links with lower priority again as soon as they got established. In case of interfering links sharing the same resources (for instance in dual-SIM operation) you may define a switch-back interval after which an active hotlink is forced to go down in order to let the higher-prio link getting dialed again.
We recommend to use the permanent operation mode for WAN links in general. However, in case of time-limited mobile tariffs for instance, the switchover mode might be applicable. By using the distributed mode, it is possible to distribute outgoing traffic over multiple WAN links based on their weight ratio.

NB3701

41

User Manual for NRSW version 4.8.0.102

Attention: You can have concurrent WWAN links which share a common resource like one WWAN module using SIM cards of different providers. In that case it would not be possible to find out if the link with the higher priority is available without putting down the low priority link. Therefore, such a link will behave like a switchover, even if configured as permanent.

For mobile links, it is further possible to pass through the WAN address towards a local host (also called Drop-In or IP Pass-through). In particular, the first DHCP client will receive the public IP address. More or less, the system acts like a modem in such case which can be helpful in case of firewall issues. Once established, the Web Manager can be reached over port 8080 using the WAN address but still over the LAN1 interface using port 80.

Parameter disabled permanent on switchover
distributed

WAN Link Operation Modes Link is disabled Link is being established permanently Link is being established on switchover, it will be dialed if previous links failed Link is member of a load distribution group

Parameter Operation mode Weight Switch-back
Bridge Mode Bridging interface

WAN Link Settings The operation mode of the link The weight ratio of a distributed link Specifies the switch-back condition of a switchover link and the time after an active hotlink will be teared down If WLAN client, specifies the bridge mode which will be used. If WLAN client, the LAN interface to which the WAN link should be bridged.

The following bridge modes can be configured for a WLAN client:

Parameter disabled 4addr frame1 pseudo bridge

Bridge modes Disables the bridge mode Enables the 4 address frame format Enables a bridge like behavior by relaying DHCP and broadcast messages

NetModule routers provide a feature called IP pass-through (aka Drop-In mode). If enabled, the WAN
1This options requires an access point with four address frame format support.

NB3701

42

User Manual for NRSW version 4.8.0.102

address will be be passed-through to the first DHCP client of the specified LAN interface. As Ethernetbased communication requires additional addresses, we pick an appropriate subnet to talk to the LAN host. In case this overlaps with other addresses of your WAN network, you may optionally specify the network given by your provider to avoid any address conflicts.

Parameter IP Pass-through Interface WAN network WAN netmask

IP Pass-Through Settings Enables or disables IP pass-through Specifies the interface on which the address shall be passed-through Specifies the WAN network Specifies the WAN netmask

Supervision
Network outage detection on a per-link basis can be performed by sending pings on each link to some authoritative hosts. A link will be declared as down in case all trials have failed and only as up if at least one host can be reached.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Link Supervision

Network outage detection can be performed by sending pings on each WAN link to authoritative hosts. The link will be declared as down in case all trials failed. You may further specify an emergency action if a certain downtime is reached.

Link

Hosts

Emergency Action

ANY

8.8.8.8, 8.8.4.4

none

Figure 5.4.: Link Supervision

NB3701

43

User Manual for NRSW version 4.8.0.102

Parameter Link Mode
Primary host Secondary host Ping timeout
Ping interval Retry interval Max. number of failed trials Emergency action

Supervision Settings
The WAN link to be monitored (can be ANY)
Specifies whether the link shall only be monitored if being up (e.g. for using a VPN tunnel) or if connectivity shall be also validated at connection establishment (default)
The primary host to be monitored
The secondary host to be monitored (optional)
The amount of time in milliseconds a response for a single ping can take, consider to increase this value in case of slow and tardy links (such as 2G connections)
The interval in seconds at which pings are transmitted on each interface
The interval in seconds at which pings are re-transmitted in case a first ping failed
The maximum number of failed ping trials until the link will be declared as down
The emergency action which should be taken after a maximum downtime has been reached. Using reboot would perform a reboot of the system, restart link services will restart all link-related applications including a reset of the modem.

WAN Settings
This page can be used to configure WAN specific settings like the Maximum Segment Size (MSS). The MSS corresponds to the largest amount of data (in bytes) that the router can handle in a single, unfragmented TCP segment. In order to avoid any negative side effects, the number of bytes in the data segment and the headers must not add up to more than the number of bytes in the Maximum Transmission Unit (MTU). The MTU can be configured per each interface and corresponds to the largest packet size that can be transmitted.

NB3701

44

User Manual for NRSW version 4.8.0.102

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

TCP Maximum Segment Size

The maximum segment size defines the largest amount of data of TCP packets (usually MTU minus 40). You may decrease the value in case of fragmentation issues or link-based limits.

MSS adjustment: Maximum segment size:

enabled disabled
1380

Apply

Figure 5.5.: WAN Settings

Parameter MSS adjustment Maximum segment size

TCP MSS Settings Enable or disable MSS adjustment on WAN interfaces. Maximum number of bytes in a TCP data segment.

NB3701

45

User Manual for NRSW version 4.8.0.102

5.3.2. Ethernet Ethernet Port Assignment

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Port Assignment

Link Settings

Ethernet 1 Administrative status: Network interface:
Ethernet 2 Administrative status: Network interface:

enabled disabled LAN1
enabled disabled LAN2

Apply

LOGOUT

Figure 5.6.: Ethernet Ports
This menu can be used to individually assign each Ethernet port to a LAN interface, just in case you want to have different subnets per port or use one port as WAN interface. You may assign multiple ports to the same interface.

NB3701

46

User Manual for NRSW version 4.8.0.102

Ethernet Link Settings

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Port Assignment

Link Settings

Link speed for Ethernet 1: Link speed for Ethernet 2:
Apply

auto-negotiated auto-negotiated

LOGOUT

Figure 5.7.: Ethernet Link Settings
Link negotiation can be set for each Ethernet port individually. Most devices support auto-negotiation which will configure the link speed automatically to comply with other devices in the network. In case of negotiation problems, you may assign the modes manually but it has to be ensured that all devices in the network utilize the same settings then.

NB3701

47

User Manual for NRSW version 4.8.0.102

Authentication via IEEE 802.1X

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges USB Serial GNSS
NB3800 NetModule Router Hostname nb Software Version 4.7.0.100 © 2004-2022, NetModule AG

Port Assignment Link Settings Wired 802.1X

Ethernet 1 Wired 802.1X status:
Ethernet 2 Wired 802.1X status: EAP type: Anonymous identity: Identity: Password: Certificates: Ethernet 3 Wired 802.1X status: Reauthentication Period: Authenticator ID: Use MAB: Ethernet 4 Wired 802.1X status:
Ethernet 5 Wired 802.1X status:
Apply

disabled Client Authenticator

disabled Client Authenticator PEAP

Netmodule-Anon

testid

·········

show

missing Manage keys and certificates

disabled Client Authenticator 3600 Netmodule-Auth

disabled Client Authenticator
disabled Client Authenticator

LOGOUT

Figure 5.8.: Authentication via IEEE 802.1X
NetModule-routers support authentication via the IEEE 802.1X standard. This can be configured for each Ethernet port individually. The following options exist:

NB3701

48

User Manual for NRSW version 4.8.0.102

Parameter Wired 802.1X status EAP type Anonymous identity Identity Password Certificates

Wired IEEE 802.1X Client Settings If set to Client, the router will authenticate on this port via IEEE 802.1X Which protocol to use to authenticate The anonymous identify for PEAP authentication The identify for EAP-TLS or PEAP authentication (required) The password for PEAP authentication (required) Certificates for authentication via EAP-TLS or PEAP. Can be configured in chapter 5.8.8

Parameter Wired 802.1X status
Reauthentication Period Authenticator ID Use MAB

Einstellungen IEEE 802.1X Authenticator
If set to Authenticator, the router will propagate IEEE 802.1X authentication requests on this port to a configured RADIUS server (see chapter 5.8.2)
Time in seconds after which a connected client has to reauthenticate
This unique name identifies the authenticator at the RADIUS server
Activate this option if you want to allow authentication of devices which are not capable of IEEE 802.1X via MAC Authentication Bypass. These are reported to the RADIUS server with their MAC address as user name and password

VLAN Management
NetModule routers support Virtual LAN according to IEEE 802.1Q which can be used to create virtual interfaces on top of an Ethernet interface. The VLAN protocol inserts an additional header to Ethernet frames carrying a VLAN Identifier (VLAN ID) which is used for distributing the packets to the associated virtual interface. Any untagged packets, as well as packets with an unassigned ID, will be distributed to the native interface.

NB3701

49

User Manual for NRSW version 4.8.0.102

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

VLAN Management

VLAN ID
Interface

LAN1-1

1

Network Interface Priority

LAN1

default

LAN1-2

5

LAN1

background

Mode routed routed

LOGOUT

Figure 5.9.: VLAN Management

In order to form a distinctive subnet, the network interface of a remote LAN host must be configured with the same VLAN ID as defined on the router. Further, 802.1P introduces a priority field which influences packet scheduling in the TCP/IP stack.
The following priority levels (from lowest to highest) exist:

Parameter 0 1 2 3 4 5 6 7

VLAN Priority Levels Background Best Effort Excellent Effort Critical Applications Video (< 100 ms latency and jitter) Voice (< 10 ms latency and jitter) Internetwork Control Network Control

NB3701

50

User Manual for NRSW version 4.8.0.102

IP Settings This page can be used to configure IP addressing for your LAN/WAN Ethernet interfaces.

Parameter Mode MTU

LAN IP Settings Defines whether this interface is being used as LAN or WAN interface.
The Maximum Transmission Unit for the interface, if provided it will specify the largest size of a packet transmitted on the interface.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
GNSS
NB2800 NetModule Router Hostname NB2800 Software Version 4.6.0.100 © 2004-2021, NetModule AG

IP Address Management

Network Interface

Mode IP Address Mode

LAN1

LAN STATIC

LAN1-1

LAN STATIC

LAN1-2

LAN STATIC

LAN2

WAN DHCP

IP Address 192.168.1.1 192.168.101.1 192.168.102.1 –

Netmask 255.255.255.0 255.255.255.0 255.255.255.0 –

Figure 5.10.: LAN IP Configuration

NB3701

51

User Manual for NRSW version 4.8.0.102

LAN-Mode When running in LAN mode, the interface may be configured with the following settings:

Parameter IP address Netmask Alias IP address Alias Netmask MAC

LAN IP Settings The IP interface address The netmask for this interface Optional alias IP interface address Optional alias netmask for this interface Custom MAC adress for this interface (not supported for VLANs)

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
GNSS
NB2800 NetModule Router Hostname NB2800 Software Version 4.6.0.100 © 2004-2021, NetModule AG

IP Settings LAN1 Mode: Static Configuration IP address: Netmask: Alias IP address: Alias Netmask: MTU: MAC:
Apply

LAN WAN
192.168.1.1 255.255.255.0

LOGOUT

Figure 5.11.: LAN IP Configuration – LAN Interface

NB3701

52

User Manual for NRSW version 4.8.0.102

WAN-Mode When running in WAN mode, the interface may be configured with two IP versions in the following way:

Parameter IPv4 IPv6 Dual-Stack

Description Only Internet Protocol Version 4 Only Internet Protocol Version 6 Run Internet Protocol Version 4 and Version 6 in parallel

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
GNSS
NB2800 NetModule Router Hostname NB2800 Software Version 4.6.0.100 © 2004-2021, NetModule AG

IP Settings LAN1 Mode:
IP version: IPv4 Configuration IPv4 WAN mode: IPv6 Configuration IPv6 WAN mode: MTU: MAC:
Apply

LAN WAN IPv4 IPv6 Dual-Stack
DHCP Static PPPoE
SLAAC Static

LOGOUT

Figure 5.12.: LAN IP Configuration – WAN Interface

NB3701

53

User Manual for NRSW version 4.8.0.102

Depending on the selected IP version you can configure your interface with the following settings:

IPv4 Settings The router can configure its IPv4 address the following ways:

Parameter DHCP
Static
PPPoE

IPv4 WAN-Modes
When running as DHCP client, no further configuration is required because all IP-related settings (address, subnet, gateway, DNS server) will be retrieved from a DHCP server in the network.
Allows you to define static values. Caution has to be taken to assign a unique IP address as it would otherwise raise IP conflicts in the network.
PPPoE is commonly used when communicating with another WAN access device (like a DSL modem).

IPv4-PPPoE Settings The following settings can be applied:

Parameter User name Password Service name
Access concentrator name

PPPoE Configuration
PPPoE user name for authenticating at the access device
PPPoE password for authenticating at the access device
Specifies the service name set of the access concentrator and can be left blank unless you have multiple services on the same physical network and need to specify the one you want to connect to.
The name of the concentrator (the PPPoE client will connect to any access concentrator if left blank)

NB3701

54

User Manual for NRSW version 4.8.0.102

IPv6 Settings The router can configure its IPv6 address the following ways:

Parameter SLAAC
Static

IPv6 WAN-Modes
All IP-related settings (address, prefix, routes, DNS server) will be retrieved by the neighbor-discovery-protocol through stateless- addressautoconfiguration.
Allows you to define static values. Caution has to be taken to assign a unique IP address as it would otherwise raise IP conflicts in the network. You can only configure global addresses. The link-local address is automatically generated via the MAC address.

DNS Server
When all enabled IP versions are set to Static, you may configure an interface-specific nameserver. To override the interface-specific nameservers see chapter 5.7.3.

NB3701

55

User Manual for NRSW version 4.8.0.102

5.3.3. Mobile
Modems Configuration This page lists all available WWAN modems. They can be disabled on demand.
Query This page allows you to send Hayes AT commands to the modem. Besides the 3GPP-conforming AT command-set further modem-specific commands can be applicable which we can provide on demand. Some modems also support running Unstructured Supplementary Service Data (USSD) requests, e.g. for querying the available balance of a prepaid account. SIMs

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Mobile SIMs
This menu can be used to assign a default modem to each SIM which will also be used by SMS and GSM voice services. A SIM card can get switched in case of multiple WWAN interfaces sharing the same modem.

SIM Default SIM1 Mobile1

Current Mobile1

SIM State missing

SIM Lock unknown

Registered no

Update

Figure 5.13.: SIMs
The SIM page gives an overview about the available SIM cards, their assigned modems and the current state. Once a SIM card has been inserted, assigned to a modem and successfully unlocked, the card should remain in state ready and the network registration status should have turned to registered. If

NB3701

56

User Manual for NRSW version 4.8.0.102

not, please double-check your PIN. Please keep in mind that registering to a network usually takes some time and depends on signal strength and possible radio interferences. You may hit the Update button at any time in order to restart PIN unlocking and trigger another network registration attempt. Under some circumstances (e.g. in case the modem flaps between base stations) it might be necessary to set a specific service type or assign a fixed operator. The list of operators around can be obtained by initiating a network scan (may take up to 60 seconds). Further details can be retrieved by querying the modem directly, a set of suitable commands can be provided on request.

NB3701

57

User Manual for NRSW version 4.8.0.102

Configuration
A SIM card is generally assigned to a default modem but might be switched, for instance if you set up two WWAN interfaces with one modem but different SIM cards. Close attention has to be paid when other services (such as SMS or Voice) are operating on that modem, as a SIM switch will naturally affect their operation. The following settings can be applied:

Parameter PIN code PUK code Default modem Preferred service
Registration mode Network selection

WWAN SIM Configuration
The PIN code for unlocking the SIM card
The PUK code for unlocking the SIM card (optional)
The default modem assigned to this SIM card
The preferred service to be used with this SIM card. Remember that the link manager might change this in case of different settings. The default is to use automatic, in areas with interfering base stations you can force a specific type (e.g. 3G-only) in order to prevent any flapping between the stations around.
The desired registration mode
Defines which network shall be selected. This can be bound to a specific provider ID (PLMN) which can be retrieved by running a network scan.

NB3701

58

User Manual for NRSW version 4.8.0.102

eSIM / eUICC
Attention: Note that eUICC profiles are NOT affected by a factory reset. To remove an eUICC profile from a device, manually remove it before performing the factory reset.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
Serial
GNSS
CAN
Bluetooth
NG800 NetModule Router Hostname Simulator Software Version 4.6.0.100 © 2004-2021, NetModule AG

SIM Card

eSIM Profiles

Profile configuration for embedded SIM1

ICCID

Operator

Name

EID: 89033032426180001000002063768022

Nickname

LOGOUT

Figure 5.14.: eSIM Profiles
Selected router models contain an eUICC (embedded universal integrated circuit card) which allows you to download eSIM profiles from the internet to the router instead of having to insert a physical SIM card into the router. The eSIM profiles to be installed must be compliant to the GSMA RSP Technical Specification SGP.22. These are the same eSIM profiles that are used with current mobile phones. Profiles according to the older GSMA SGP.02 specification are not supported. eSIM profiles can be managed on the “eSIM Profiles” tab of the “Mobile / SIMs” configuration page. The management page allows you to display all installed eSIM profiles as well as to install, enable, disable and delete eSIM profiles. It is also possible to store a nickname for each profile. The eUICC can store up to about 7 eSIM profiles depending on the size of the profiles. Only one of those profiles can be active at a time. In order to install new eSIM profiles, you need to first establish IP connectivity to the internet so that

NB3701

59

User Manual for NRSW version 4.8.0.102

the router can download the profile from the mobile network operator’s server.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
Serial
GNSS
CAN
Bluetooth
NG800 NetModule Router Hostname Simulator Software Version 4.6.0.100 © 2004-2021, NetModule AG

Add eUICC profile to SIM1 Method:
Activation code: ? Confirmation code:
Apply

Activation/QR Code Root discovery service scan or upload QR code

LOGOUT

Figure 5.15.: Add eUICC Profile
The following two ways are supported to install eSIM profiles and can be selected on the eSIM profiles configuration page:
1. QR code provided by the network operator To download the eSIM profile using this method your mobile network operator provides you a QR code which contains the information about the eSIM profile to be installed. If the device you are using to access the configuration GUI of the router has a camera, you can scan the QR code using the camera. Otherwise you can also upload an image file of the QR code. Or it is also possible to enter the contents of the QR code manually into the corresponding input field.
2. GSMA Root Discovery Service When using this method, you need to provide the EID, which is a unique number that identifies the eUICC of the router, to your mobile network operator. The EID is displayed on the eSIM profiles configuration page. The operator will then prepare the eSIM profile for your router on his provisioning servers. Afterwards, you can use the GSMA Root Discovery Service method to retrieve the eSIM

NB3701

60

User Manual for NRSW version 4.8.0.102

profile without having to specify any additional information for the download. Note: Most mobile network operators allow only one download of an eSIM profile. So, if you download the profile once and delete it afterwards, you will not be able to download the same profile a second time. In this case you would need to request a new eSIM profile from your operator.

NB3701

61

User Manual for NRSW version 4.8.0.102

WWAN Interfaces
This page can be used to manage your WWAN interfaces. The resulting link will pop up automatically as WAN link once an interface has been added. Please refer to chapter 5.3.1 for how to manage them.
The Mobile LED will be blinking during the connection establishment process and goes on as soon as the connection is up. Refer to section 5.8.7 or consult the system log files for troubleshooting the problem in case the connection did not come up.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Mobile Interfaces Interface Modem SIM PDP WWAN1 Mobile1 SIM1 PDP1

Number Service APN / User *99***1# automatic internet.telekom / tm

LOGOUT

Figure 5.16.: WWAN Interfaces

The following mobile settings are required:

Parameter Modem SIM Service type

WWAN Mobile Parameters The modem to be used for this WWAN interface The SIM card to be used for this WWAN interface The required service type

Please note that these settings supersede the general SIM based settings as soon as the link is being dialed.

NB3701

62

User Manual for NRSW version 4.8.0.102

Generally, the connection settings are derived automatically as soon as the modem has registered and the network provider has been found in our database. Otherwise, it will be required to configure the following settings manually:

Parameter Phone number
Access point name IP version
Authentication Username Password

WWAN Connection Parameters
The phone number to be dialed, for 3G+ connections this commonly refers to be *99***1#. For circuit-switched 2G connections you can enter the fixed phone number to be dialed in international format (e.g. +41xx).
The access point name (APN) being used
What IP version to use. Dual-stack lets you use IPv4 and IPv6 together. Please note, that your provider might not support all IP versions.
The authentication scheme being used, if required this can be PAP or/and CHAP
The user-name used for authentication
The password used for authentication

Furtheron, you may configure the following advanced settings:

Parameter Required signal strength Home network only Negotiate DNS Call to ISDN Header compression
Data compression Client address MTU

WAN Advanced Parameters
Sets a minimum required signal strength before the connection is dialed
Determines whether the connection should only be dialed when registered to a home network
Specifies whether the DNS negotiation should be performed and the retrieved name-servers should be applied to the system
Has to be enabled in case of 2G connections talking to an ISDN modem
Enables or disables 3GPP header compression which may improve TCP/IP performance over slow serial links. Has to be supported by your provider.
Enables or disables 3GPP data compression which shrinks the size of packets to improve throughput. Has to be supported by your provider.
Specifies a fixed client IP address if assigned by the provider
The Maximum Transmission Unit for this interface

NB3701

63

User Manual for NRSW version 4.8.0.102

5.3.4. WLAN
WLAN Management In case your router is shipping with a WLAN (or Wi-Fi) module you can operate it either as client, access point, mesh point or certain dual modes. As a client it can create an additional WAN link which for instance can be used as backup link. As access point, it can form another LAN interface which can be either bridged to an Ethernet-based LAN interface or create a self-contained IP interface which can be used for routing and to provide services (such as DHCP/DNS/NTP) in the same way like an Ethernet LAN interface does. As mesh point, it can create a wireless mesh network to provide a backhaul connectivity with dynamic path selection. As dual mode, it is possible to run access point and client or mesh point and access point functionality on the same radio module.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

WLAN Management Administrative status:

Operational mode:

Regulatory domain: Operation type: Radio band: Bandwidth: Channel: Number of antennas: Antenna gain:

Apply

Continue

enabled disabled client access point mesh point dual modes European Union 802.11b 2.4 GHz 20 MHz
Auto
2 0 dB

Channel utilisation

LOGOUT

Figure 5.17.: WLAN Management
If the administrative status is set to disabled, the module will be powered off in order to reduce the overall power consumption. Regarding antennas, we generally recommend using two antennas for better coverage and throughput. A second antenna is definitely mandatory if you want to achieve higher throughput rates as in 802.11n. A WLAN client and a mesh point will automatically became a WAN link and can be managed as described in chapter 5.3.1.

NB3701

64

User Manual for NRSW version 4.8.0.102

Configurable parameters for access-point, client mode, mesh point and any dual mode:

Parameter Regulatory Domain Number of antennas Antenna gain
Tx power Disable low data rates

WLAN Management Select the country the Router operates in Set the number of connected antennas Specify the antenna gain for the connected antennas. Please refer to the antennas datasheet for the correct gain value. Specifies the max. transmit power used in dBm. Avoid sticky clients by disabling low data rates.

Warning Please be aware that any inappropriate parameters can lead to an infringement of conformity regulations.

Running as access point or dual mode, you can further configure the following settings:

Parameter Operation type Radio band
Outdoor Bandwidth Channel enable client tracking Short Guard Interval

WLAN Management Specifies the desired IEEE 802.11 operation mode Selects the radio band to be used for connections, depending on your module it could be 2.4 or 5 GHz Shows the 5 GHz outdoor channels Specify the channel bandwidth operation mode Specifies the channel to be used Enables the tracking of non associated clients Enables the Short Guard Interval (SGI)

Running as client, you can further configure the following settings:

Parameter Scan channels
2.4 GHz 5 GHz

WLAN Management Select if all supported channels should be scanned or just user defined channels Set the channels which should be scanned in 2.4 GHz Set the channels which should be scanned in 5 GHz

Available operation modes are:

NB3701

65

User Manual for NRSW version 4.8.0.102

Standard 802.11a 802.11b 802.11g 802.11n 802.11ac

Frequencies 5 GHz 2.4 GHz 2.4 GHz 2.4/5 GHz 5 GHz

Bandwidth 20 MHz 20 MHz 20 MHz 20/40 MHz 20/40/80 MHz

Table 5.25.: IEEE 802.11 Network Standards

Data Rate 54 Mbit/s 11 Mbit/s 54 Mbit/s 300 Mbit/s 866.7 Mbit/s

NB3701

66

User Manual for NRSW version 4.8.0.102

Running as mesh point, you can further configure the following settings:

Parameter Radio band
Channel

WLAN Mesh-Point Management Selects the radio band to be used for connections, depending on your module it could be 2.4 or 5 GHz
Specifies the channel to be used

Note: NetModule Routers with 802.11n and 802.11ac support 2×2 MIMO

NB3701

67

User Manual for NRSW version 4.8.0.102

Prior to setting up an access point, it is always a good idea to run a network scan for getting a list of neighboring WLAN networks and then choose the less interfering channel. Please note that two adequate channels are required for getting good throughputs with 802.11n and a bandwidth of 40 MHz.
WLAN Configuration Running in client mode, it is possible to connect to one ore more remote access-points. The system will switch to the next network in the list in case one goes down and return to the highest-prioritized network as soon as it comes back. You can perform a WLAN network scan and pick the settings from the discovered information directly. The authentication credentials have to be obtained by the operator of the remote access point.

Parameter SSID Security mode WPA mode
WPA cipher
Identity Passphrase
Force PMF Enable fast transition
Required signal strength

WLAN Client Configuration The network name (called SSID)
The desired security mode
The desired encryption method. WPA3 should be preferred over WPA2 and WPA1
The WPA cipher to be used, the default is to run both (TKIP and CCMP)
The identity used for WPA-RADIUS and WPA-EAP-TLS
The passphrase used for authentication with WPA-Personal, otherwise the key passphrase for WPA-EAP-TLS
Enables Protected Management Frames
If client, enable fast roaming capabilites via FT. FT is only performed if the AP supports this feature, too
Required signal strength to esablish the connection

The client is performing background scans for the purpose of roaming within an ESS. The background scans are based on the current signal strenght.

Parameter Threshold
Long interval
Short interval

WLAN Client Background Scan Parameters
The signal strength threshold in dBm when the long or short time interval should occur
The time in seconds when a background scan should be performed if the threshold is above the given threshold value
The time in seconds when a background scan should be performed if the threshold is below the given threshold value

NB3701

68

User Manual for NRSW version 4.8.0.102

Running in access-point mode you can create up to 8 SSIDs with each running their own network configuration. The networks can be individually bridged to a LAN interface or operate as dedicated interface in routing-mode.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

WLAN Access-Point Configuration

Interface

SSID

WLAN1

NB1600-Private

Security Mode WPA / Cipher

WPA-PSK

WPA + WPA2 / TKIP + CCMP

Figure 5.18.: WLAN Configuration

NB3701

69

User Manual for NRSW version 4.8.0.102

This section can be used to configure security-related settings.

Parameter

WLAN Access-Point Configuration

SSID

The network name (called SSID)

Security mode

The desired security mode

WPA mode

The desired encryption method. WPA3 + WPA2 mixed mode should be preferred

WPA cipher

The WPA cipher to be used, the default is to run both (TKIP and CCMP)

Passphrase

The passphrase used for authentication with WPA-Personal.

Force PMF

Enables Protected Management Frames

Hide SSID

Hides the SSID

Isolate clients

Disables client-to-client communication

Band steering master

The WLAN interface which the client should be steered to

Opportunistic Wireless En- The WLAN interface for a seamless transition from an OPEN WLAN

cryption transition

to an OWE encrypted WLAN interface

Accounting

Sets accounting profile

The following security modes can be configured:

Parameter Off None WEP WPA-Personal
WPA-Enterprise
WPA-RADIUS
WPA-TLS
OWE

WLAN Security Modes
SSID is disabled
No authentication, provides an open network
WEP (is nowadays discouraged)
WPA-Personal (TKIP, CCMP), provides password-based authentication
WPA-Enterprise in AP mode, can be used to authenticate against a remote RADIUS server which can be configured in chapter 5.8.2
EAP-PEAP/MSCHAPv2 in client mode, can be used to authenticate against a remote RADIUS server which can be configured in chapter 5.8.2
EAP-TLS in client mode, performs authentication using certificates which can be configured in chapter 5.8.8
Opportunistic Wireless Encryption alias Enhanced OPEN provides encryption WLAN without any authentication

NB3701

70

User Manual for NRSW version 4.8.0.102

Running in mesh point mode, it is possible to connect to one or more mesh points within the mesh network at the same time. The system will automatically join the wireless network, connect to the other mesh partners with the same ID and sercurtiy credentials. The authentication credentials have to be obtained by the operator of the mesh network.

Parameter

WLAN Mesh-Point Configuration

MESHID

The network name (called MESHID)

Security mode

The desired security mode

enable gate announcements To enable gate announcments for the mesh network

NB3701

71

User Manual for NRSW version 4.8.0.102

The following security modes can be configured:

Parameter Off None SAE

WLAN Mesh-Point Security Modes MESHID is disabled No authentication, provides an open network SAE (Simultaneous Authentication of Equals) is a secure passwordbased authentication and key establishment protocol

NB3701

72

User Manual for NRSW version 4.8.0.102

WLAN IP Settings

This section lets you configure the TCP/IP settings of your WLAN network. A client and mesh point interface can be run over DHCP or with a statically configured address and default gateway.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

WLAN1 IP Settings Network mode: IP address: Netmask:

Apply

Continue

bridged routed 192.168.200.1 255.255.255.0

LOGOUT

Figure 5.19.: WLAN IP Configuration

The access point networks can be bridged to any LAN interface for letting WLAN clients and Ethernet hosts operate in the same subnet. However, for multiple SSIDs we strongly recommend to set up separated interfaces in routing-mode in order to avoid unwanted access and traffic between the interfaces. The corresponding DHCP server for each network can be configured in afterwards as described in chapter 5.7.2.

Parameter Network mode
Bridge interface
IP address / netmask

WLAN IP Settings
Choose whether the interface shall be operated bridged or in routingmode
If bridged, the LAN interface to which the WLAN network should be bridged
In routing-mode, the IP address and netmask for this WLAN network

NB3701

73

User Manual for NRSW version 4.8.0.102

The following feature can be configured if the WLAN interface is bridged

Parameter 4addr frame IAPP Pre-auth
Fast transition

WLAN Bridging features
Enables the 4-address frame format (required for bridge links)
Enables the Inter-Access Point Protocol feature
Enables the pre-authentication mechanism for roaming clients (if supported by the client). Pre-auth is only supported with WPA2Enterprise with CCMP
Enables fast transistion (FT) capabilities for roaming client (if supported by the client)

The following fast transistion parameters can be configured

Parameter Mobility domain Preshared key Fast transition clients only

WLAN Bridging features The mobility domain of the FT network The PSK for the FT network If enabled, the AP will only accept clients that support FT

NB3701

74

User Manual for NRSW version 4.8.0.102

5.3.5. Software Bridges
Software bridges can be used to bridge layer-2 devices like OpenVPN TAP, GRE or WLAN interfaces without the need for a physical LAN interface.
Bridge Settings This page can be used to enable/disable software bridges. It can be configured as follows:

Parameter Administrative status IP Address Netmask MTU

Bridge Settings
Enables or disables the bridge interface. If you need an interface to the local system you need to define an IP address for the local device.
IP address of the local interface (available only if “Enabled with local interface” was selected
Netmask of the local interface (available only if “Enabled with local interface” was selected
Optional MTU size for the local interface (available only if “Enabled with local interface” was selected

NB3701

75

User Manual for NRSW version 4.8.0.102

5.3.6. USB
NetModule routers ship with a standard USB host port which can be used to connect a storage, network or serial USB device. Please contact our support in order to get a list of supported devices.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Administration USB Administration

Devices

Autorun

This menu can be used to activate USB-based serial and network devices.

Administrative status:

enabled disabled

Enable hotplug:

Apply

LOGOUT

USB Administration
Parameter Administrative status Enable hotplug

Figure 5.20.: USB Administration
USB Administration Specifies whether devices shall be recognized Specifies whether device shall be recognized if plugged in during runtime or only at bootup

NB3701

76

User Manual for NRSW version 4.8.0.102

USB Devices
This page shows the currently connected devices and it can be used to enable a specific device based on its Vendor and Product ID. Only enabled devices will be recognized by the system and raise additional ports and interfaces.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Administration

Devices

Autorun

Connected USB Devices Vendor ID Product ID Bus ID Manufacturer

Device

Enabled USB Devices Vendor ID Product ID Bus ID Module

Type

Refresh

LOGOUT
Type Attached

Figure 5.21.: USB Device Management

Parameter Vendor ID Product ID Module

USB Devices The USB Vendor ID of the device The USB Product ID of the device The USB module and type of driver to be applied for this device

Any ID must be specified in hexadecimal notation, wildcards are supported (e.g. AB[0-1][2-3] or AB*) A USB network device will be referenced as LAN10.

NB3701

77

User Manual for NRSW version 4.8.0.102

5.3.7. Serial This page can be used to manage your serial ports. A serial port can be used by:

Parameter none login console
device server modem bridge modem emulator
SDK

Serial Port Usage
The serial port is not used
The serial port is used to open a console which can be accessed with a serial terminal client from the other side. It will provide helpful bootup and kernel messages and spawns a login shell, so that users can login to the system. If more than one serial interface is available, one serial interface can be configured as ‘login console’ at a time.
The serial port will be exposed over a TCP/IP port and can be used to implement a Serial/IP gateway.
Bridges the serial interface to the Modem TTY of an intergrated WWAN Modem.
Emulates a classical AT command driven modem on the serial interface. See http://wiki.netmodule.com/app-notes/hayes-modemat-simulator for detailed information.
The serial port will be reserved for SDK scripts.

NB3701

78

User Manual for NRSW version 4.8.0.102

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Administration

Port Settings

SERIAL1 is used by:

Apply

Back

none login console device server modem emulator SDK

Figure 5.22.: Serial Port Administration

LOGOUT

NB3701

79

User Manual for NRSW version 4.8.0.102

Running a device server, the following settings can be applied:

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges USB Serial Digital I/O GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Administration

Port Settings

SERIAL1 Port Settings

Physical protocol: Baud rate: Data bits: Parity: Stop bits: Software flow control: Hardware flow control: Server Configuration Protocol on IP port: Port:
Timeout: Allow remote control (RFC 2217): Show banner:
Allow clients from:

Apply

RS232 115200 8 data bits None 1 stop bit None None

Telnet

2000

endless

numbered

600

everywhere specify

Figure 5.23.: Serial Port Settings

LOGOUT

Parameter Physical protocol Baud rate Data bits Parity Stop bits
NB3701

Serial Settings Selects the desired physical protocol on the serial port Specifies the baud rate run on the serial port Specifies the number of data bits contained in each frame Specifies the parity used for every frame that is transmitted or received Specifies the number of stop bits used to indicate the end of a frame

80

User Manual for NRSW version 4.8.0.102

Parameter Software flow control
Hardware flow control Protocol on TCP/IP Port Timeout

Serial Settings
Defines the software flow control for the serial port, XOFF will send a stop, XON a start character to the other end to control the rate of any incoming data
You may enable RTS/CTS hardware flow control, so that the RTS and CTS lines are used to control the flow of data
You may choose the IP protocols Telnet or TCP raw for the device server
The TCP port for the device server
The timeout until a client is declared as disconnected

Parameter Protocol on IP port Port Timeout
Allow remote control Show banner Stop bits Allow clients from

Server Settings Selects the desired IP protocol (TCP or Telnet) Specifies the TCP port on which the server will be available The time in seconds before the port will be disconnected if there is no activity on it. A zero value disables this function. Allow remote control (ala RFC 2217) of the serial port Show a banner when clients connect Specifies the number of stop bits used to indicate the end of a frame Specifies which clients are allowed to connect to the server

Please note that the device server does not provide authentication or encryption and clients will be able connect from everywhere. Please consider to restrict access to a limited network/host or block packets by using the firewall.
When running the serial port as AT modem emulator the following settings can be applied:

Parameter Physical protocol Baud rate Hardware flow control

Serial Port Settings Selects the desired physical protocol on the serial port Specifies the baud rate run on the serial port You may enable RTS/CTS hardware flow control, so that the RTS and CTS lines are used to control the flow of data

Parameter Port

Incoming connections via Telnet The TCP port for the device server

Parameter Number

Phonebook Entries Phone number that will get an alias

NB3701

81

User Manual for NRSW version 4.8.0.102

Parameter IP address Port

Phonebook Entries IP address the number will become Port value for the IP address

NB3701

82

User Manual for NRSW version 4.8.0.102

5.3.8. Digital I/O
The Digital I/O page displays the current status of the I/O ports and can be used to turn output ports on or off.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Digital I/O Status DI1: DI2: DO1: DO2:
Digital I/O Configuration
DO1 after reboot: DO2 after reboot:
Apply

off on

off

turn on

on

turn off

default default

LOGOUT

Figure 5.24.: Digital I/O Ports

You can apply the following settings:

Parameter DO1 after reboot DO2 after reboot

Digital I/O Settings Initial status of DO1 after system has booted Initial status of DO2 after system has booted

Besides on and off you may keep the default status as the hardware has initialized it after power-up. The digital inputs and outputs can also be monitored and controlled by SDK scripts.

NB3701

83

User Manual for NRSW version 4.8.0.102

5.3.9. GNSS

Configuration
The GNSS page lets you enable or disable the GNSS modules present in the system and can be used to configure the daemon that can be used to share access to receivers without contention or loss of data and to respond to queries with a format that is substantially easier to parse than the NMEA 0183 emitted directly by the GNSS device.
We are currently running the Berlios GPS daemon (version 3.15), supporting the new JSON format. Please navigate to http://www.catb.org/gpsd/ for getting more information about how to connect any clients to the daemon remotely. The position values can also be queried by the CLI and used in SDK scripts.

Parameter Administrative status Operation mode Antenna type Accuracy
Fix frame interval

GNSS Module Configuration
Enable or disable the GNSS module
The mode of operation, either standalone or assisted (for A-GPS)
The type of the connected GPS antenna, either passive or actively 3 volt powered
The GNSS receiver compares the calculated position accuracy based on the satellite information and compares it with this accuracy threshold in meters. If the calculated position accuracy is better than the accuracy threshold, the position is reported. Adjust this parameter to a higher threshold in case the GNSS receiver does not report a position fix, or when it takes a long time to calculate a fix. This could be caused when there is no clear sky view of the GNSS antenna which is the case in tunnels, beside tall buildings, trees, and so on.
The amount of time to wait between fix attempts

If the GNSS module does support AssistNow and the operation mode is assisted the following configuration can be done:

Parameter Primary URL Secondary URL

GNSS Assisted GPS Configuration The primary AssistNow URL The secondary AssistNow URL

Information about AssistNow: If you have a lot of devices in the field that use the AssistNow service, please consider creating your own AssistNow token at http://www. u-blox.com. If there are too many requests per time, the service may not work as expected. If you have further questions, please contact our support.

Parameter Server port

GNSS Server Configuration
The TCP port on which the daemon is listening for incoming connections

NB3701

84

User Manual for NRSW version 4.8.0.102

Parameter Allow clients from
Clients start mode

GNSS Server Configuration
Specifies where clients can connect from, can be either everywhere or from a specific network
Specifies how data transferal is accomplished when a client connects. You can specify on request which typically requires an R to be sent. Data will be sent instantly in case of raw mode which will provide NMEA frames or super-raw which includes the original data of the GPS receiver. If the client supports the JSON format (i.e. newer libgps is used) the json mode can be specified.

Please consider to restrict access to the server port, either by a specifying a dedicated client network or by using a firewall rule.

Information about Dead Reckoning: If you have a device which supports Dead Reckoning, please consult the GNSS Dead Reckoning installation guide for further information or please contact our support.

NB3701

85

User Manual for NRSW version 4.8.0.102

Position This pages provides further information about the satellites in view and values derived from them:

Parameter Latitude Longitude Altitude Satellites in view Speed
Satellites used
Dilution of precision

GNSS Information The geographic coordinate specifying the north-south position The geographic coordinate specifying the east-west position The height above sea level of the current location The number of satellites in view as stated in GPGSV frames The horizontal and vertical speed in meter per second as stated in GPRMC frames The number of satellites used for calculating the position as stated in GPGGA frames The dilution of precision as stated in GPGSA frames

Furtheron, each satellite also comes with the following details:

Parameter PRN Elevation Azimuth SNR

GNSS Satellite Information
The PRN code of the satelitte (also referred as satellite ID) as stated in GPGSA frames
The elevation (up-down angle between the dish pointing direction) in degrees as stated in GPGSV frames
The azimuth (rotation around the vertical axis) in degrees as stated in GPGSV frames
The SNR (Signal to Noise Ratio), often referred as signal strength

Please note that the values are shown as calculated by the daemon, their accuracy might be suggestive.
Supervision

Parameter Administrative status Mode Max. downtime
Emergency action

GNSS Supervision
Enable or disable GNSS supervision
Specifies whether to monitor the NMEA stream or GPS fixes
The period of time without valid NMEA stream or GPS fix after which an emergency action shall be taken
The corresponding emergency action. You can either let just restart the server, which will also re-initialize the GPS function on the module, or reset the module in severe cases. Please note that this may have effects on any running WWAN/SMS services.

NB3701

86

User Manual for NRSW version 4.8.0.102

5.4. ROUTING
5.4.1. Static Routes
This menu shows all routing entries of the system. They are typically formed by an address/netmask couple (represented in IPv4 dotted decimal notation) which specify the destination of a packet. The packets can be directed to either a gateway or an interface or both. If interface is set to ANY, the system will choose the route interface automatically, depending on the best matching network configured for an interface.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Static Routes Extended Routes Multipath Routes Multicast
IGMP Proxy Static Routes BGP OSPF Mobile IP Administration QoS Administration Classification

Static Routes

This menu shows all routing entries of the system, they can consist of active and configured ones. The flags are as follows: (A)ctive, (P)ersistent, (H)ost Route, (N)etwork Route, (D)efault Route (Netmasks can be specified in CIDR notation)

Destination Netmask

Gateway

Interface Metric Flags

192.168.1.0 255.255.255.0 0.0.0.0

LAN1 0 AN

192.168.101.0 255.255.255.0 0.0.0.0

LAN1-1 0 AN

192.168.102.0 255.255.255.0 0.0.0.0

LAN1-2 0 AN

192.168.200.0 255.255.255.0 0.0.0.0

WLAN1 0 AN

Route lookup

NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG
Figure 5.25.: Static Routing
In general, host routes precede network routes and network routes precede default routes. Additionally, a metric can be used to determine the priority of a route, a packet will go in the direction with the lowest metric in case a destination matches multiple routes. Netmasks can be specified in CIDR notation (i.e. /24 expands to 255.255.255.0).

NB3701

87

User Manual for NRSW version 4.8.0.102

Parameter Destination Netmask
Gateway Interface Metric Flags

Static Route Configuration
The destination address of a packet
The subnet mask which forms, in combination with the destination, the network to be addressed. A single host can be specified by a netmask of 255.255.255.255, a default route corresponds to 0.0.0.0.
The next hop which operates as gateway for this network (can be omitted on peer-to-peer links)
The network interface on which a packet will be transmitted in order to reach the gateway or network behind it
The routing metric of the interface (default 0), higher metrics have the effect of making a route less favorable
(A)ctive, (P)ersistent, (H)ost Route, (N)etwork Route, (D)efault Route

The flags obtain the following meanings:

Flag

Description

A

The route is considered active, it might be inactive if the interface for this route is not yet

up.

P

The route is persistent, which means it is a configured route, otherwise it corresponds to

an interface route.

H

The route is a host route, typically the netmask is set to 255.255.255.255.

N

The route is a network route, consisting of an address and netmask which forms the

subnet to be addressed.

D

The route is a default route, address and netmask are set to 0.0.0.0, thus matching any

packet.

Table 5.53.: Static Route Flags

NB3701

88

User Manual for NRSW version 4.8.0.102

5.4.2. Extended Routing Extended routes can be used to perform policy-based routing, they generally precede static routes.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Static Routes Extended Routes
Multipath Routes Multicast
IGMP Proxy Static Routes BGP OSPF Mobile IP Administration QoS Administration Classification

Extended Routes

Extended routes can be used to perform policy-based routing. In general, they precede any other static routes.

Interface Source

Destination

TOS Route to

ANY

4.4.4.4/32

8.8.8.8/32

any WWAN1

NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Figure 5.26.: Extended Routing

In contrast to static routes, extended routes can be made up, not only of a destination address/netmask, but also a source address/netmask, incoming interface and the type of service (TOS) of packets.

Parameter Source address Source netmask Destination address Destination netmask Incoming interface Type of service Route to
discard if down

Extended Route Configuration The source address of a packet The source address of a packet The destination address of a packet The destination address of a packet The interface on which the packet enters the system The TOS value within the header of the packet Specifies the target interface or gateway to where the packet should get routed to Discard packets if the specified interface is down

NB3701

89

User Manual for NRSW version 4.8.0.102

5.4.3. Multipath Routes
Multipath routes will perform weighted IP-session distribution for particular subnets across multiple interfaces.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Static Routes Extended Routes Multipath Routes Multicast
IGMP Proxy Static Routes BGP OSPF Mobile IP Administration QoS Administration Classification

Multipath Routes Multipath routes will perform weighted IP-session distribution for particular subnets across multiple interfaces.

Destination 8.8.4.4/32

Distribution
WWAN1 (50%) LAN2 (50%)

NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Figure 5.27.: Multipath Routes

At least two interfaces have to be defined to establish multipath routing. Additional interfaces can be added by pressing the plus sign.

Parameter Target network/netmask Interface Weight NextHop

Add Multipath Routes Defines the target network for which multipath routing shall be applied Selects the interface for one path Weight of the interface in relation to the others Overrides the default gateway of this interface

NB3701

90

User Manual for NRSW version 4.8.0.102

5.4.4. Multicast
Multicast distributes IP packets to subscribers in a one-to-many relationship. The subscribers use multicast messages to subscribe to a MCR group and receive the data in form of multicast packets. Therefore the messages are sent by the packet sink to the packet source. Multicast routing (MCR) is used to farward multicast data from one network to another.
Attention: As multicast is used to send data from one source to several destinations on the same network it is quite common for testing applications to set the TTL of multicast packets to 1 to prevent the packets from spilling into other networks. If you want to route multicast packets (that’s why it is called MCR) you’ll have to make sure to send your data with a TTL > 1.

Multicast routing can be configured and managed by a daemon. Only one MCR daemon can be used at a time.
NetModule routers ship with two different MCR daemons to select from depending on your dependencies:

Parameter IGMP proxy
static routes
disabled

Administrative Status
Forwarding of multicast messages that are dynamically detected on a given interface to another interface
List of MCR rules to forward messages of dedicated source and group from a given interface to another
Disable routing of multicast messages

IGMP proxy IGMP proxy which is able to maintain multicast groups on a particular interface and distribute incoming multicast packets towards the downstream interfaces on which hosts have joined the groups.

Parameter Incoming interface
Sender network Sender netmask Distribute to

Multicast Routing Settings The upstream interface on which multicast groups are joined and on which multicast packets come in
The multicast source network address
The multicast source network mask
Specifies the downstream interfaces to which multicast packets will be forwarded

Static Routes Routes multicast packets in different directions depending on their origin and group based on a given set of MCR rules:

NB3701

91

User Manual for NRSW version 4.8.0.102

Parameter Group Source Incoming interface Outgoing interface

Static Multicast Route IP address of MCR group Source-IP of the packets Interface to the packet source Interface to forward the packets to

NB3701

92

User Manual for NRSW version 4.8.0.102

5.4.5. BGP

The BGP tab allows to set up peerings of the NetModule router with other Border Gateway Protocol enabled routers.

Parameter

BGP General Settings

Administrative status

Specifies whether the BGP routing protocol is active

Router ID

Optionally the router ID can be defined in form of a dotted IPv4 representation like 1.2.3.4. If the ID is omitted, the BGP daemon will try to determine a valid value or fall back to 0.0.0.0

AS number

The number of the autonomous system to which the NetModule router belongs (1-4294967295)

Redistribute routes

connected Redistribute routes to networks which are directly connected to the NetModule router

Redistribute local routes

Redistribute routes from the NetModule router’s own routing table

Redistribute OSPF routes Redistribute routes learned via the OSPF routing protocol

Disable when redundancy Disables the BGP protocol when the router is set to slave mode by

backup

the VRRP redundancy protocol

Keepalive timer

The interval in seconds of sending keepalive message

Holddown timer

The time in seconds how long the router will wait for incomming BGP messages until the router will assume the neighbor is dead

The neighbors tab is used to configure all the BGP routers to peer with.

Parameter IP address As number Password
Multihop
Address Family
Weight

BGP Neighbors IP address of the peer router
Autonomous system number of the peer router (1-4294967295)
Password for authentication with the peer router. If left blank authentication is disabled.
Allow multiple hops between this router and the peer router instead of requiring the peer to be directly connected.
Select whether ipv4-unicast or l2vpn-evpn address family shall be enabled
This parameter specifies the default weight for the neighbor route

The Networks tab allows to add IP network prefixes that shall be distributed via BGP in addition to the networks that are redistributed from other sources as defined on the general tab.

Parameter Prefix

BGP Networks Prefix of the network to be distributed

NB3701

93

User Manual for NRSW version 4.8.0.102

Parameter Prefix length

BGP Networks Length of the prefix to be distributed

NB3701

94

User Manual for NRSW version 4.8.0.102

5.4.6. OSPF

The OSPF menu allows the NetModule

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals