HIRSCHMANN NG800 Automotive Gateway User Manual

June 15, 2024
HIRSCHMANN

HIRSCHMANN NG800 Automotive Gateway

NetModule Automotive Gateway NG800

Specifications:

  • Software Version: 4.8.0.102
  • Manual Version: 2.1570
  • Manufacturer: NetModule AG
  • Country of Origin: Switzerland

Product Information

The NetModule Automotive Gateway NG800 is a versatile device designed to provide connectivity and communication capabilities for automotive applications. It is equipped with a wide range of features and functionalities, making it suitable for various use cases.

Features

  • Supports multiple wireless communication technologies
  • Embedded GNSS module for accurate positioning
  • Robust routing capabilities for efficient data transfer
  • Advanced security features to protect data
  • Easy configuration and maintenance

License Information

A significant portion of the source code used in this product is available under free and open-source licenses, such as the GNU General Public License (GPL). For detailed license information regarding specific software packages, please contact the manufacturer.

Trademark Information:
All product and company names mentioned in this manual are used for identification purposes only and may be trademarks or registered trademarks of their respective owners.

Contact Information:
If you have any questions or need further assistance, you can reach out to NetModule AG through the following channels:

Product Usage Instructions

Device Commissioning:
Before using the NetModule Automotive Gateway NG800, it is important to properly commission the device. Follow the steps below:

  1. Ensure that the device is powered off.
  2. Connect the necessary cables and interfaces to the device, including power supply, network connections, and any additional peripherals.
  3. Power on the device and wait for it to initialize.

Installation Procedure:
Proper installation of the NetModule Automotive Gateway NG800 is crucial for optimal performance. Follow these guidelines:

  1. Select a suitable location for the device, ensuring proper ventilation and protection against environmental factors.
  2. Mount the device securely using the provided mounting brackets or other suitable means.
  3. Connect the required cables and interfaces, making sure they are securely attached.

Configuration and Maintenance

The NetModule Automotive Gateway NG800 offers various configuration options to adapt to specific requirements. To configure and maintain the device, follow these steps:

  1. Access the device’s configuration interface using a web browser or dedicated software.
  2. Enter the appropriate login credentials to access the configuration settings.
  3. Modify the necessary parameters and settings according to your needs.
  4. Save the changes and restart the device if required.

Additional Resources

For additional information, sample SDK scripts, or configuration samples, please refer to our wiki on https://wiki.netmodule.com.

FAQ

Q: What wireless communication technologies are supported by the NetModule Automotive Gateway NG800?
A: The NetModule Automotive Gateway NG800 supports various wireless communication technologies, including Wi-Fi, Bluetooth, cellular (GSM, LTE), and more. It offers versatile connectivity options for automotive applications.

Q: How can I ensure the security of my data when using the NetModule Automotive Gateway NG800?
A: The NetModule Automotive Gateway NG800 incorporates advanced security features to protect your data. It supports encryption protocols, secure communication channels, and authentication mechanisms to safeguard against unauthorized access and data breaches.

Q: Can I customize the configuration settings of the NetModule Automotive Gateway NG800?
A: Yes, the NetModule Automotive Gateway NG800 allows you to customize various configuration settings to meet your specific requirements. You can access the device’s configuration interface and modify parameters such as network settings, security options, and routing configurations.

NetModule Automotive Gateway NG800
User Manual for Software Version 4.8.0.102
Manual Version 2.1570
NetModule AG, Switzerland November 20, 2023

NetModule Automotive Gateway NG800
This manual covers all variants of the NG800 product type.
The specifications and information regarding the products in this manual are subject to change without notice. We would like to point out that NetModule makes no representation or warranties with respect to the contents herein and shall not be responsible for any loss or damage caused to the user by the direct or indirect use of this information This document may contain information about third party products or processes. Such third party information is generally out of influence of NetModule and therefore NetModule shall not be responsible for the correctness or legitimacy of this information. Users must take full responsibility for their application of any products.

Copyright ©2023 NetModule AG, Switzerland All rights reserved

This document contains proprietary information of NetModule. No parts of the work described herein may be reproduced. Reverse engineering of the hardware or software is prohibited and protected by patent law. This material or any portion of it may not be copied in any form or by any means, stored in a retrieval system, adopted or transmitted in any form or by any means (electronic, mechanical, photographic, graphic, optic or otherwise), or translated in any language or computer language without the prior written permission of NetModule.
A large amount of the source code to this product is available under licenses which are both free and open source. Most of it is covered by the GNU General Public License which can be obtained from www.gnu.org. The remainder of the open source software which is not under the GPL, is usually available under one of a variety of more permissive licenses. A detailed license information for a particular software package can be provided on request.
All other products or company names mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective owners. The following description of software, hardware or process of NetModule or other third party provider may be included with your product and will be subject to the software, hardware or other license agreements.

Contact
https://support.netmodule.com

NetModule AG Maulbeerstrasse 10 CH-3011 Bern Switzerland

Tel +41 31 985 25 10 Fax +41 31 985 25 11 info@netmodule.com https://www.netmodule.com

Welcome to NetModule

Thank you for purchasing a NetModule product. This document should give you an introduction to the device and its features. The following chapters describe any aspects of commissioning the device, installation procedure and provide helpful information towards configuration and maintenance. Please find further information such as sample SDK scripts or configuration samples in our wiki on https://wiki.netmodule.com.

NG800

9

User Manual for NRSW version 4.8.0.102

Conformity

This chapter provides general information for putting the gateway into operation.

Safety Instructions
Please carefully observe all safety instructions in the manual that are marked with the symbol .
Compliance information: The NetModule gateways must be used in compliance with any and all applicable national and international laws and with any special restrictions regulating the utilization of the communication module in prescribed applications and environments.
Information about the accessories / changes to the device: ­ Please only use original accessories to prevent injuries and health risks. ­ Changes made to the device or the use of non-authorized accessories will render the
warranty null and void and potentially invalidate the operating license.

NG800

10

User Manual for NRSW version 4.8.0.102

Information about the device interfaces: ­ All systems that are connected to the NetModule router interfaces must meet the
requirements for SELV (Safety Extra Low Voltage) systems.
­ Interconnections must not leave the building nor penetrate the body shell of a vehicle.
­ Connections for antennas may only exit the building or the vehicle hull if transient overvoltages (according to IEC 62368-1) are limited by external protection circuits down to 1 500 Vpeak. All other connections must remain within the building or the vehicle hull.
­ Installed antennas must always be at least 40 cm away from people.
­ Devices with a WLAN interface may be operated only with applicable Regulatory Domain configured. Special attention must be paid to country, number of antennas and the antenna gain (see also chapter 5.3.4). The maximum allowed gain is 3dBi in the relevant frequency range. WLAN antennas with a higher amplification may be used with the NetModule router “Enhanced-RF- Configuration” software license and the antenna gain and cable attenuation that have been correctly configured by certified specialized personnel. A misconfiguration will lead to loss of the approval.
­ The maximum gain of an antenna (incl. the attenuation of the connection cables) must not exceed the following values in the corresponding frequency range:
­ Mobile radio (600MHz .. 1GHz) < 3.2dBi
­ Mobile radio (1.7GHz .. 2GHz) < 6.0dBi
­ Mobile radio (2.5GHz .. 4.2GHz) < 6.0dBi
­ WiFi (2.4GHz .. 2.5GHz) < 3.2dBi
­ WiFi (5.1GHz .. 5.9GHz) < 4.5dBi
­ Note that GNSS signals can be obfuscated or blocked by malicious third-party devices.
­ Only CE-compliant power supplies with a current-limited SELV output voltage range may be used with the NetModule routers.

NG800

11

User Manual for NRSW version 4.8.0.102

General safety instructions: ­ Observe the usage limitations of radio units at filling stations, in chemical plants, in
systems with explosives or potentially explosive locations. ­ The devices may not be used in airplanes. ­ Exercise particular caution near personal medical aids, such as pacemakers and hear-
ing aids. ­ The NetModule gateways may also cause interference in the nearer distance of TV
sets, radio receivers and personal computers. ­ Never perform work on the antenna system during a thunderstorm. ­ Protect them against aggressive chemical atmospheres and humidity or temperatures
outside specifications. ­ We highly recommended creating a copy of a working system configuration. It can be
easily applied to a newer software release afterwards.
2.2. Declaration of Conformity
NetModule hereby declares that under our own responsibility that the gateways comply with the relevant standards following the provisions of the RED Directive 2014/53/EU. The signed version of the Declaration of Conformity can be obtained from https://www.netmodule.com/downloads
2.3. Waste Disposal
In accordance with the requirements of the Council Directive 2012/19/EU regarding Waste Electrical and Electronic Equipment (WEEE), you are urged to ensure that this product will be segregated from other waste at end-of-life and delivered to the WEEE collection system in your country for proper recycling.
2.4. National Restrictions
This product may be generally used in all EU countries (and other countries following the RED Directive 2014/53/EU) without any limitation. Please refer to our WLAN Regulatory Database for getting further national radio interface regulations and requirements for a particular country.

NG800

12

User Manual for NRSW version 4.8.0.102

Open Source Software
We inform you that NetModule products may contain in part open-source software. We are distributing such open-source software to you under the terms of GNU General Public License (GPL)1, GNU Lesser General Public License (LGPL)2 or other open-source licenses3. These licenses allow you to run, copy, distribute, study, change and improve any software covered by GPL, Lesser GPL, or other open-source licenses without any restrictions from us or our end user license agreement on what you may do with that software. Unless required by applicable law or agreed to in writing, software distributed under open-source licenses is distributed on an “AS IS” basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. To obtain the corresponding open source codes covered by these licenses, please contact our technical support at router@support.netmodule.com.

Acknowledgements
This product includes:
­ PHP, freely available from http://www.php.net ­ Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org) ­ Cryptographic software written by Eric Young (eay@cryptsoft.com) ­ Software written by Tim Hudson (tjh@cryptsoft.com) ­ Software written Jean-loup Gailly and Mark Adler ­ MD5 Message-Digest Algorithm by RSA Data Security, Inc. ­ An implementation of the AES encryption algorithm based on code released by Dr Brian Glad-
man ­ Multiple-precision arithmetic code originally written by David Ireland ­ Software from The FreeBSD Project (http://www.freebsd.org)

1Please find the GPL text under http://www.gnu.org/licenses/gpl-2.0.txt 2Please find the LGPL text under http://www.gnu.org/licenses/lgpl.txt 3Please find the license texts of OSI licenses (ISC License, MIT License, PHP License v3.0, zlib License) under

Licenses

NG800

13

User Manual for NRSW version 4.8.0.102

Specifications

Appearance

NG800

14

User Manual for NRSW version 4.8.0.102

3.2. Features
All models of the NG800 Family have following standard functionalities: ­ 1x LTE, UMTS, GSM ­ 1x WLAN IEEE 802.11abgn with Bluetooth Low Energy ­ 1x GNSS with automotive Dead Reckoning ­ 1x Fast Ethernet port (10/100 Mbit/s) ­ 2x Automotive Ethernet ports (100BASE-T1) ­ 1x eUICC SIM ­ 1 GHz CPU, 512 MB RAM, 8 GB Flash ­ 2x CAN-passive (2x CAN-active on request) ­ Battery backed real time clock for time keeping ­ Inertial Motion Unit, 6 Axis (SW support on request) ­ Full featured router software
The NG800 can optionally be equipped with Software Keys for additional functionality.
Due to its modular approach, the NG800 router and its hardware components can be arbitrarily assembled according to its indented usage or application. Please contact us in case of special project requirements.

3.3. Environmental Conditions

Parameter Nominal Input Voltage Absolute Input Voltage Operating Temperature Range Storage Temperature Range Humidity Altitude Over-Voltage Category Pollution Degree Ingress Protection Rating Vibration
Shock

Rating 12 VDC to 24 VDC 9 VDC to 36 VDC -40 C to +75 C -40 C to +85 C 5 to 95% (non-condensing) up to 4000 m Vehicle based equipment 2 IP69k ISO 16750-3 (road vehicles), IEC 60068-2-64 (24 h) ISO 16750-3 (road vehicles), IEC 60068-2-27 (60 shocks)

Table 3.1.: Environmental Conditions

NG800

15

User Manual for NRSW version 4.8.0.102

3.4. Interfaces
3.4.1. Overview

Nr. Label 1 A1 Cellular 2 A2 Cellular 3 A3 WLAN/BT
4 A4 WLAN 5 A5 GNSS 6 LED 1 7 LED 2 8 X48 9 Earthing cable

Function FAKRA male connector for cellular main antenna FAKRA male connector for cellular auxiliary antenna FAKRA male connector for WLAN/Bluetooth main antenna (2.4 GHz, 5 GHz) FAKRA male connector for WLAN auxiliary antenna (2.4 GHz) FAKRA male connector for GNSS Status LED Link LED 48-pin CMC Molex interface for all wired connections Earthing the base plate is optional (protective earth is not compulsory)
Table 3.2.: NG800 Interfaces

NG800

16

User Manual for NRSW version 4.8.0.102

3.4.2. Default LED Indicators The following table describes the NG800 status indicators.

Housing Label STAT

Software Label SYS

Color State

Function
Shows the overall system state. This could be derived from health indicators such as:
­ all services up and running ­ overall throughput is normal ­ CPU load is normal ­ the supervisor ­ … ­ User application (state set by
user in SDK or container)

LINK

WAN

g

On

System operation state: normal

g

Blinking System operation state: during startup

r

On

System operation state: emergency,

watchdog, failure

g

On

The hotlink connection is up.

g

Blinking The hotlink connection is established

or changing the interface.

Off

The hotlink is disabled.

Table 3.3.: NG800 Status Indicators

3.4.3. Reset
NG800 does not have a built-in reset button. An external reset can be triggered as described below (e.g. by installing an external reset button). The reset button has two functions:
1. Reboot the system: Apply reset signal for at least 3 seconds to trigger a system reboot. The reboot is indicated with the blinking STAT LED.
2. Factory reset: Apply reset signal for at least 10 seconds to trigger a factory reset. The start of the factory reset is confirmed by all LEDs lighting up for a second.
The RS232 receive input (RS232-RXD, Pin L1 of X48 connector) also serves also reset input. To assert a reset condition, the input is tied to a positive voltage >5.0 VDC. It is possible to connect to the battery (12 VDC, 24 VDC).
When the input is asserted for longer than 100 micro-seconds (a character time) the receiver detects a break condition which is treated as reset active indication. Further processing of the signal is performed by software.

NG800

17

User Manual for NRSW version 4.8.0.102

When the serial interface is not used, a push button can be connected from the positive battery port to the serial interface receive input (X48:L1) as shown in the following image.

Figure 3.1.: Reset Input (Serial Interface not used)
If the serial interface is used in the application, a break-before-make switch must be used. The switch is required to protect the terminal equipment from the battery voltage.
In the inactive position the serial interface is connected between the terminal and the device, allowing serial communication. In the active position, the terminal is disconnected, and the receiver input is connected to the battery.

Figure 3.2.: Reset Input (Serial Interface used)

NG800

18

User Manual for NRSW version 4.8.0.102

3.4.4. Mobile
The variants of the NG800 support multiple multimode modules for mobile communication. The LTE modules supports 2×2 MIMO.

Standard 4G (LTE/FDD) 3G (DC-HSPA+/UMTS) 2G (EDGE/GPRS/GSM)

Bands B1 (2100), B3 (1800), B5 (850), B7 (2600), B8 (900), B20 (800) B1 (2100), B2 (1900), B5 (850), B8 (900) B2 (1900), B3 (1800), B5 (850), B8 (900)
Table 3.4.: Mobile Interface

Further modems for regions NA, APAC on request

The mobile antenna ports have the following specification:

Feature

Specification

Max. allowed cable length

30 m

Min. number of antennas 4G-LTE

2

Max. allowed antenna gain including cable attenuation

Mobile radio (600MHz .. 1GHz) < 3.2dBi Mobile radio (1.7GHz .. 2GHz) < 6.0dBi Mobile radio (2.5GHz .. 4.2GHz) < 6.0dBi

Min. distance between collocated ra- 20 cm dio transmitter antennas

Min. distance between people and an- 40 cm tenna

Connector type

FAKRA, D-Code, Bordeaux

Table 3.5.: Mobile Antenna Port Specification

3.4.5. Bluetooth Low Energy The NG800 supports Bluetooth Low Energy.

NG800

19

User Manual for NRSW version 4.8.0.102

3.4.6. WLAN The variants of the NG800 support a IEEE 802.11a/b/g/n WLAN module.

Standard 802.11a 802.11b 802.11g 802.11n 802.11n

Frequencies 5 GHz 2.4 GHz 2.4 GHz 2.4 GHz 5 GHz

Bandwidth 20 MHz 20 MHz 20 MHz 20 MHz 40 MHz

Max. Data Rate 54 Mbit/s 11 Mbit/s 54 Mbit/s 144 Mbit/s 150 Mbit/s

Table 3.6.: IEEE 802.11 Standards

Note: 802.11n supports 2×2 MIMO in 2.4 GHz and 1×1 in 5 GHz.

The WLAN antenna ports have the following specification:

Feature

Specification

Max. allowed cable length

30 m

Max. allowed antenna gain including cable attenuation

3.2dBi (2,4GHz) resp. 4.5dBi (5GHz) 1

Min. distance between collocated ra- 20 cm dio transmitter antennas

Min. distance between people and an- 40 cm tenna

Connector type

FAKRA, I-Code, Beige

Table 3.7.: WLAN Antenna Port Specification

1Note: WLAN antennas with a higher gain may be used with the NetModule router “Enhanced-RF-Configuration” software license and the antenna gain and cable attenuation that have been correctly configured by certified specialized personnel.

NG800

20

User Manual for NRSW version 4.8.0.102

3.4.7. GNSS The GNSS module supports Dead Reckoning with onboard 3D accelerometer and 3D gyroscope.

Feature Systems Data stream Channels Tracking sensitivity Accuracy Dead Reckoning Modes Supported antennas

Specification GPS/GLONASS/BeiDou/Galileo JSON or NMEA 72 Up to -160 dBm Up to 2.5 m CEP UDR: Untethered Dead Reckoning Active and passive

Table 3.8.: GNSS Specifications

The GNSS antenna port has the following specification:

Feature

Specification

Max. allowed cable length

30 m

Antenna LNA gain

15-20 dB typ, 30 dB max.

Min. distance between collocated ra- 20 cm dio transmitter antennas

Active antenna supply

3.0 V, 100 mA max.

Connector type

FAKRA, C-Code, Blue

Table 3.9.: GNSS / GPS Antenna Port Specification

NG800

21

User Manual for NRSW version 4.8.0.102

3.4.8. Pin Assignment X48 X48 is a combination connector that carries all wired signals (except antennas).
Figure 3.3.: Pin Assignment X48

Figure 3.4.: X48 Outline

Group 100 Base-T1 Interface 1 100 Base-T1 Interface 2 100 Base-Tx Interface
CAN Interface 1

Pin Signal A1 BRDR1-TRXP B1 BRDR1-TRXN A2 BRDR2-TRXP B2 BRDR2-TRXN A3 ETH1-RxP B3 ETH1-RxN A4 ETH1-TxP B4 ETH1-TxN D1 CAN1-L

Description + terminal for transmit/receive signal – terminal for transmit/receive signal + terminal for transmit/receive signal – terminal for transmit/receive signal
Low Level CAN bus line

NG800

22

User Manual for NRSW version 4.8.0.102

Group CAN Interface 2 EIA-232 UART Console/Debug Power / Supply
Signal Ground
Extension Module

Pin Signal D2 CAN1-H D3 CAN2-L D4 CAN2-H C3 CAN2-T L1 RS232-RXD

Description High Level CAN bus line Low Level CAN bus line High Level CAN bus line 120 termination resistor Receive signal input

M1 RS232-TXD

Transmit signal output

M3 Power input KL30 Power entry

L3 Ignition Input KL15

Ignition sense input (refer to chapter 4.8)

L4 Power Ground

VM1

M4 Power Ground

VM2

C1 Ground C2 Ground C4 Ground L2 Ground M2 Ground

E1-

Reserved for Extension Module

K4

Table 3.10.: Pin Assignments of X48

Note: The following mating material for X48 cable connection may be used. Molex 0643201311, CMC48 female connector (for crimp contacts) Molex 0643201301, CMC48 female connector cover Molex 0643231029, crimp contact 18-20AWG for L and M rows Molex 0643221039, crimp contact 20AWG for A to K rows

NG800

23

User Manual for NRSW version 4.8.0.102

3.4.9. Power Supply NG800 routers have a non-isolated power supply input. It has the following specifications:

Feature Power supply nominal voltages Voltage range (absolute maximum) Power consumption
Max. cable length Cable shield Ignition Reverse polarity protection

Specification 12 VDC and 24 VDC 9 VDC to 36 VDC 7 W (average), 10 W (max.), Power Down <2 mA @24V 30 m not required Threshold: 6.0 V / Input impedance: 400 k Yes

Table 3.11.: Power Specifications

Requires external fuse (recommended type: Littlefuse ATOF Blade Fuse, 32 V, 3 A, 0287003.PXCN) Minimal cable cross section: 0.75 mm2 (AWG 20) You may also refer to chapter 4.8.
Pin Assignment

Pin Signal M3 Power Input KL30 L3 Ignition Input KL15 (needs to be connected, refer to chapter 4.8 L4 Power Ground VM1 M4 Power Ground VM2
Table 3.12.: Pin Assignments of Power Supply

NG800

24

User Manual for NRSW version 4.8.0.102

3.4.10. Fast Ethernet (100 Base-Tx Interface)

Specification The Fast Ethernet port is specified as follows:

Feature Isolation Speed Mode Crossover Max. cable length Cable type Cable shield Connector type

Specification 1500 VDC 10/100 Mbit/s Half- & Full-Duplex Automatic MDI/MDI-X 100 m CAT5e or better Mandatory Molex CMC48

Table 3.13.: Fast Ethernet Port Specification

Pin Assignment

Pin Signal A3 ETH1-RxP B3 ETH1-RxN A4 ETH1-TxP B4 ETH1-TxN
Table 3.14.: Pin Assignments of Fast Ethernet Connector

3.4.11. Automotive Ethernet (100 Base-T1 Interface)

Specification The Automotive Ethernet ports are specified as follows:

Feature Isolation Speed Mode Max. cable length

Specification None 100 Mbit/s Full-Duplex 15 m

NG800

25

User Manual for NRSW version 4.8.0.102

Feature Cable type
Cable shield Connector type

Specification twisted pair, i.e. 0.13 mm2
Unshielded
Molex CMC48

KROCAR 64996795, 2x

Table 3.15.: Automotive Ethernet Port Specification

Pin Assignment 100 Base-T1 Interface 1

A1 BRDR1-TRXP B1 BRDR1-TRXN

+ terminal for transmit/receive signal – terminal for transmit/receive signal

Table 3.16.: Pin Assignments of Automotive Ethernet Port 1

Pin Assignment 100 Base-T1 Interface 2

A2 BRDR2-TRXP B2 BRDR2-TRXN

+ terminal for transmit/receive signal – terminal for transmit/receive signal

Table 3.17.: Pin Assignments of Automotive Ethernet Port 2

NG800

26

User Manual for NRSW version 4.8.0.102

3.4.12. 2x CAN Interface The CAN interfaces have the following specifications:

Feature Features Signals Signal Level Bitrate Termination
Bus access
Max. cable length Cable type Cable shield Connector type

Specification 2x CAN V2.0B CANH, CANL High > 2.75 VDC, low < 2.0 VDC Up to 1 Mbit/s Both ports have 6 k (weak termination) CAN2 has configurable 120 termination With option Cm: Passive (read access only) With option Cn: Active (read/write access) 30 m Twisted pair Mandatory Molex CMC48

Table 3.18.: Specification of 2xCAN Interface

Pin Assignment

Pin Signal D1 CAN1-L D2 CAN1-H D3 CAN2-L D4 CAN2-H C3 CAN2-T

Description Low Level CAN bus line High Level CAN bus line Low Level CAN bus line High Level CAN bus line 120 termination resistor. Connect to pin D3 to enable termination on interface.

Table 3.19.: Pin Assignments of 2xCAN Interface

Note: Cables with length >30m must be shielded.

NG800

27

User Manual for NRSW version 4.8.0.102

3.4.13. Serial RS-232 The RS-232 port has the following specification (bold values show the default configuration):

Feature Protocol Baud rate
Data bits Parity Stop bits Software flow control Hardware flow control Galvanic isolation to enclosure Max. cable length Cable shield Connector type

Specification 3-wire RS-232: GND, TXD, RXD 300, 1 200, 2 400, 4 800, 9 600, 19 200, 38 400, 57 600, 115 200 7 bit, 8 bit none, odd, even 1, 2 none, XON/XOFF none none 3m not required Molex CMC48

Table 3.20.: RS-232 Port Specification

Pin Assignment

Pin Signal L1 RS232-RXD M1 RS232-TXD

Description Receive signal input. Transmit signal output.

Table 3.21.: Pin Assignments of RS-232 Interface

NG800

28

User Manual for NRSW version 4.8.0.102

4. Installation
The NG800 is designed for mounting on a wall. Please consider the safety instructions in chapter 2 and the environmental conditions in chapter 3.3.
The following precautions must be taken before installing a NG800 router: ­ Avoid direct solar radiation ­ Protect the device from aggressive fluids
Attention: NetModule routers are not intended for the end consumer market. The device must be installed and commissioned by a certified expert.
4.1. Installation of SIM
NG800 with IP69K protection housing cannot be opened and contains an eUICC chip (eSIM) which replaces the conventional SIM card. This embedded SIM allows the user to switch network/provider profiles per software configuration without physically exchanging a SIM card. In other words eUICC enables remote switching of SIM profiles. For evaluation purposes NG800 can be shipped with a housing which can be opened (IP55 protection). These devices contain a Micro- SIM card connector, where a SIM card can be inserted.
Warning ­ The IP55 housing may only be opened by qualified personnel. ­ Please request instructions for SIM change.
4.2. Installation of the Cellular Antenna
For a reliable function of the NetModule router via the mobile network, the NetModule routers require a good signal. Use suitable remote antennas with extended cables to achieve an optimal location with a sufficient signal and to maintain the distances to other antennas (at least 20cm to each other). The antenna manufacturer’s instructions must be observed.” Keep in mind that effects caused by Faraday cages such as large metal surfaces (elevators, machine housings, etc.), close meshed iron constructions and others may reduce signal reception significantly. The antenna or antenna cable has to be mounted to the MOB ports A1 and A2. 4G-LTE antennas require both the main and auxiliary ports to be connected.
Attention: When installing the antenna be sure to observe chapter 2

NG800

29

User Manual for NRSW version 4.8.0.102

4.3. Installation of the WLAN Antennas
WLAN antennas must be mounted to the connectors of WLAN ports A3 and A4. The number of attached antennas can be configured in the software. If only one antenna is used, it must be attached to port A3. However, for better diversity and thus better throughput and coverage, we highly recommend using two antennas. Only use antennas with cables shorter than 3 meters.
Attention: When installing the antenna be sure to observe chapter 2
4.4. Installation of the Bluetooth Antenna
The Bluetooth antenna must be mounted to the connector BT port A3. Only use antennas with cables shorter than 3 meters.
4.5. Installation of the GNSS Antenna
The GNSS antenna must be mounted to the connector GNSS. Whether the antenna is an active or passive GNSS antenna has to be configured in the software. We recommend active GNSS antennas for highly accurate GNSS tracking.
Attention: When installing the antenna be sure to observe chapter 2
4.6. Installation of the Local Area Network / Fast Ethernet
Please refer to 3.4.10. By default, the gateway is configured as a DHCP server and has the default IP address 192.168.1.1.
Attention: Only a shielded Ethernet cable may be used.
4.7. Installation of the Automotive Ethernet
Please refer to 3.4.11
Attention: Only a twisted pair cable may be used.

NG800

30

User Manual for NRSW version 4.8.0.102

4.8. Installation of the Power Supply & Delayed Power Off
The gateway can be powered with an external source supplying between 12 VDC or 24 VDC. It is to be used with a certified (CE or equivalent) power supply, which must have a limited and SELV circuit output. The power supply may also be a vehicle battery. It must be ensured by installation that the input current of the gateway cannot exceed 3 A. This can be accomplished by using a 3 A fuse. This fuse must be installed close to the power supply in order to protect the power supply cable (which otherwise could heat up significantly e.g. due to a short circuit and as a result damage its isolation). You may also refer to chapter 3.4.9.
Attention: Only CE-compliant power supplies with a current-limited SELV output voltage range may be used with the NetModule gateway. A battery may be used. Requires external fuse (recommended type: Littlefuse ATOF Blade Fuse, 32 V, 3 A,0287003.PXCN). Minimal wire cross section: 0.75 mm2 (AWG 20).
When no “delayed power off” is required, connect both ignition input pin L3 and power input pin M3 to the supply voltage. When using the “delayed power off” function, the ignition pin L3 must be connected to the ignition circuit of the vehicle instead. You can enable ignition sense and configure the “delayed power off” in the WebManager System menu. Using this feature, the router powers off for a defined time (SW configurable) after the vehicle is turned off, instead of an immediate shut down. You may also refer to chapters 3.4.8 and 3.4.9.
Attention: Ignition pin L3 needs to be connected. Connect it to power supply or ignition circuit of the vehicle.

NG800

31

User Manual for NRSW version 4.8.0.102

5. Configuration
The following chapters provide information on setting up the router and configuring its functions as provided with system software 4.8.0.102.
NetModule provides regularly updated router software with new functions, bug fixes and closed vulnerabilities. Please keep your router software up to date. ftp://share.netmodule.com/router/public/system-software/
5.1. First Steps
NetModule routers can be easily set up by using the HTTP-based configuration interface, called the Web Manager. It is supported by the latest web browsers. Please ensure to have JavaScript turned on. Any submitted configuration via the Web Manager will be applied immediately to the system when pressing the Apply button. When configuring subsystems which require multiple steps (for instance WLAN) you can use the Continue button to store any settings temporarily and apply them at a later time. Please note that those settings will be neglected at logout unless applied. You may also upload configuration files via SNMP, SSH, HTTP or USB in case you intend to deploy a larger numbers of routers. Advanced users may also use the Command Line Interface (CLI) and set configuration parameters directly. The IP address of Ethernet 1 is 192.168.1.1 and DHCP is activated on the interface by default. The following steps need to be taken to establish your first Web Manager session:
1. Connect the Ethernet port of your computer to the gateway. Please refer to chapter 3.4.10 2. If not yet activated, enable DHCP on your computer’s Ethernet interface so that an IP address
can be obtained automatically from the router. This usually takes a short amount of time until your PC has received the corresponding parameters (IP address, subnet mask, default gateway, name server). You may track the progress by having a look to your network control panel and check whether your PC has correctly retrieved an IP address of the range 192.168.1.100 to 192.168.1.199. 3. Launch your favorite web browser and point it to the IP address of the router (the URL is http://192.168.1.1). 4. Please follow the instructions of the Web Manager for configuring the router. Most of the menus are self-explanatory, further details are given in the following chapters.
5.1.1. Initial Access
In factory state you will be prompted for a new administrator password. Please choose a password which is both, easy to remember but also robust against dictionary attacks (such as one that contains numbers, letters and punctuation characters). The password shall have a minimum length of 6 characters. It shall contain a minimum of 2 numbers and 2 letters.

NG800

32

User Manual for NRSW version 4.8.0.102

Admin Password Setup
Please set a password for the admin account. It shall have a minimum length of 6 characters and contain at least 2 numbers and 2 letters.

Username: Enter new password: Confirm new password:
I agree to the terms and conditions

admin

Configure automatic mobile data connection

Apply

NetModule Router Simulator Hostname netbox Software Version 4.4.0.103 © 2004-2020, NetModule AG

NetModule Insights
Subscribe to our mailing and get the latest news about software releases and much more

Figure 5.1.: Initial Login
Please note that the admin password will be also applied for the root user which can be used to access the device via the serial console, Telnet, SSH or to enter the bootloader. You may also configure additional users which will only be granted to access the summary page or retrieve status information but not to set any configuration parameters. A set of services (USB Autorun, CLI- PHP) are by default activated in factory state and will be disabled as soon as the admin password has been set. They can be enabled again afterwards in the relevant sections. Other services (SSH, Telnet, Console) can be accessed in factory state by providing an empty or no password. The passphrase which is used to store and access generated and uploaded private keys is initialized to a random value. It can be changed as described in chapter 5.8.8.
5.1.2. Automatic Mobile Data Connection
If you put a SIM with disabled PIN into the first SIM slot and select ‘Configure automatic mobile data connection’ the router will try to select matching credentials from a database of known providers and

NG800

33

User Manual for NRSW version 4.8.0.102

esteblish a mobile data connection automatically. This feature is highly dependent on the SIM card features and the available networks. This Option is only availble if the router is equipped with a cellular module.
5.1.3. Recovery
Following actions might be taken in case the router has been misconfigured and cannot be reached anymore:
1. Factory Reset: You can initiate a reset back to factory settings via the Web Manager, by running the command factory-reset or refer to chapter 3.4.3
2. Serial Console Login: It is also possible to log into the system via the serial port. This requires a terminal emulator (such as PuTTY or HyperTerminal) and an RS232 connection (115200 8N1) attached to the serial port of your local computer. You will also see the kernel messages at bootup there.
3. Recovery Image: In severe cases we can provide a recovery image on demand which can be loaded into RAM via TFTP and executed. It offers a minimal system image for running a software update or doing other modifications. You will be provided with two files, recovery-image and recovery-dtb, which must be placed in the root directory of a TFTP server (connected via LAN1 and address 192.168.1.254). The recovery image can be launched from the bootloader using a serial connection. You will have to stop the boot process by pressing s and enter the bootloader. You can then issue run recovery to load the image and start the system which can be accessed via HTTP/SSH/Telnet and its IP address 192.168.1.1 afterwards.

NG800

34

User Manual for NRSW version 4.8.0.102

5.2. HOME
This page provides a status overview of enabled features and connections.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

Status Summary WAN WWAN WLAN GNSS Ethernet LAN Bridges DHCP OpenVPN IPsec PPTP MobileIP Firewall System

Summary Description LAN2 WWAN1 WLAN1 IPsec1 PPTP1 MobileIP

Administrative Status enabled enabled enabled, access-point enabled enabled, server enabled

Operational Status dialing down up down up down

LOGOUT

NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG
Figure 5.2.: Home
Summary This page offers a short summary about the administrative and operational status of the router’s interfaces.
WAN This page offers details about any enabled Wide Area Network (WAN) links (such as the IP addresses, network information, signal strength, etc.) The information about the amount of downloaded/uploaded data is stored in non- volatile memory, thus survive a reboot of the system. The counters can be reset by pressing the Reset button.
WWAN This page shows information about modems and their network status.
AC This page shows information about the Access Controller (AC) WLAN-AP. This includes the current states and status information of discovered and managed AP3400 devices.

NG800

35

User Manual for NRSW version 4.8.0.102

WLAN The WLAN page offers details about the enabled WLAN interfaces when operating in access-point mode. This includes the SSID, IP and MAC address and the currently used frequency and transmit power of the interface as well as the list of associated stations.
GNSS This page displays the position status values, such as latitude/longitude, the satellites in view and more details about the used satellites.
Ethernet This page shows information about the Ethernet interfaces and packet statistics information.
LAN This page shows information about the LAN interfaces plus the neighborhood information.
Bridges This page shows information about configured virtual bridge devices.
Bluetooth This page shows information about Bluetooth interfaces.
DHCP This page offers details about any activated DHCP service, including a list of issued DHCP leases.
OpenVPN This page provides information about the OpenVPN tunnel status.
IPSec This page provides information about the IPsec tunnel status.
PPTP This page provides information about the PPTP tunnel status.
GRE This page provides information about the GRE tunnel status.
L2TP This page provides information about the L2TP tunnel status.
MobileIP This page provides information about Mobile IP connections.
Firewall This page offers information about any firewall rules and their matching statistics. It can be used to debug the firewall.
QoS This page provides information about the used QoS queues.

NG800

36

User Manual for NRSW version 4.8.0.102

BGP This page provides information about the Border Gateway Protocol.
OSPF This page provides information about the Open Shortest Path First routing protocol.
DynDNS This page provides information about Dynamic DNS.
System Status The system status page displays various details of your NG800 router, including system details, information about mounted modules and software release information.
SDK This section will list all webpages generated by SDK scripts.

NG800

37

User Manual for NRSW version 4.8.0.102

INTERFACES

WAN
Link Management Depending on your hardware model, WAN links can be made up of either Wireless Wide Area Network (WWAN), Wireless LAN (WLAN), Ethernet or PPP over Ethernet (PPPoE) connections. Please note that each WAN link has to be configured and enabled in order to appear on this page.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

WAN Link Management
In case a WAN link goes down, the system will automatically switch over to the next link in order of priority. A link can be either established when the switch occurs or permanently to minimize link downtime. Outgoing traffic can also be distributed over multiple links on a per IP session basis.

Priority Interface 1st LAN2 2nd WWAN1

Operation Mode permanent permanent

Apply

Figure 5.3.: WAN Links

NG800

38

User Manual for NRSW version 4.8.0.102

In general, a link will be only dialed or declared as up if the following prerequisites are met:

Condition Modem is registered Registered with valid service type Valid SIM state Sufficient signal strength Client is associated Client is authenticated Valid DHCP address retrieved Link is up and holds address Ping check succeeded

WWAN X X X X
X X X

WLAN
X X X X X X

ETH
X X X

PPPoE
X X X

The menu can be used further to prioritize your WAN links. The highest priority link which has been established successfully will become the so- called hotlink which holds the default route for outgoing packets.
In case a link goes down, the system will automatically switch over to the next link in the priority list. You can configure each link to be either established when the switch occurs or permanently in order to minimize link downtime.

Parameter 1st priority 2nd priority
3rd priority
4th priority

WAN Link Priorities
The primary link which will be used whenever possible.
The first fallback link, it can be enabled permanently or being dialed as soon as Link 1 goes down.
The second fallback link, it can be enabled permanently or being dialed as soon as Link 2 goes down.
The third fallback link, it can be enabled permanently or being dialed as soon as Link 3 goes down.

Links are being triggered periodically and put to sleep in case it was not possible to establish them within a certain amount of time. Hence it might happen that permanent links will be dialed in background and replace links with lower priority again as soon as they got established. In case of interfering links sharing the same resources (for instance in dual-SIM operation) you may define a switch-back interval after which an active hotlink is forced to go down in order to let the higher-prio link getting dialed again.
We recommend to use the permanent operation mode for WAN links in general. However, in case of time-limited mobile tariffs for instance, the switchover mode might be applicable. By using the distributed mode, it is possible to distribute outgoing traffic over multiple WAN links based on their weight ratio.

NG800

39

User Manual for NRSW version 4.8.0.102

Attention: You can have concurrent WWAN links which share a common resource like one WWAN module using SIM cards of different providers. In that case it would not be possible to find out if the link with the higher priority is available without putting down the low priority link. Therefore, such a link will behave like a switchover, even if configured as permanent.

For mobile links, it is further possible to pass through the WAN address towards a local host (also called Drop-In or IP Pass-through). In particular, the first DHCP client will receive the public IP address. More or less, the system acts like a modem in such case which can be helpful in case of firewall issues. Once established, the Web Manager can be reached over port 8080 using the WAN address but still over the LAN1 interface using port 80.

Parameter disabled permanent on switchover
distributed

WAN Link Operation Modes Link is disabled Link is being established permanently Link is being established on switchover, it will be dialed if previous links failed Link is member of a load distribution group

Parameter Operation mode Weight Switch-back
Bridge Mode Bridging interface

WAN Link Settings The operation mode of the link The weight ratio of a distributed link Specifies the switch-back condition of a switchover link and the time after an active hotlink will be teared down If WLAN client, specifies the bridge mode which will be used. If WLAN client, the LAN interface to which the WAN link should be bridged.

The following bridge modes can be configured for a WLAN client:

Parameter disabled pseudo bridge

Bridge modes Disables the bridge mode
Enables a bridge like behavior by relaying DHCP and broadcast messages

NetModule routers provide a feature called IP pass-through (aka Drop-In mode). If enabled, the WAN address will be be passed-through to the first DHCP client of the specified LAN interface. As Ethernetbased communication requires additional addresses, we pick an appropriate subnet to talk to the LAN host. In case this overlaps with other addresses of your WAN network, you may optionally specify the

NG800

40

User Manual for NRSW version 4.8.0.102

network given by your provider to avoid any address conflicts.

Parameter IP Pass-through Interface WAN network WAN netmask

IP Pass-Through Settings Enables or disables IP pass-through Specifies the interface on which the address shall be passed-through Specifies the WAN network Specifies the WAN netmask

Supervision
Network outage detection on a per-link basis can be performed by sending pings on each link to some authoritative hosts. A link will be declared as down in case all trials have failed and only as up if at least one host can be reached.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Link Supervision

Network outage detection can be performed by sending pings on each WAN link to authoritative hosts. The link will be declared as down in case all trials failed. You may further specify an emergency action if a certain downtime is reached.

Link

Hosts

Emergency Action

ANY

8.8.8.8, 8.8.4.4

none

Figure 5.4.: Link Supervision

NG800

41

User Manual for NRSW version 4.8.0.102

Parameter Link Mode
Primary host Secondary host Ping timeout
Ping interval Retry interval Max. number of failed trials Emergency action

Supervision Settings
The WAN link to be monitored (can be ANY)
Specifies whether the link shall only be monitored if being up (e.g. for using a VPN tunnel) or if connectivity shall be also validated at connection establishment (default)
The primary host to be monitored
The secondary host to be monitored (optional)
The amount of time in milliseconds a response for a single ping can take, consider to increase this value in case of slow and tardy links (such as 2G connections)
The interval in seconds at which pings are transmitted on each interface
The interval in seconds at which pings are re-transmitted in case a first ping failed
The maximum number of failed ping trials until the link will be declared as down
The emergency action which should be taken after a maximum downtime has been reached. Using reboot would perform a reboot of the system, restart link services will restart all link-related applications including a reset of the modem.

WAN Settings
This page can be used to configure WAN specific settings like the Maximum Segment Size (MSS). The MSS corresponds to the largest amount of data (in bytes) that the router can handle in a single, unfragmented TCP segment. In order to avoid any negative side effects, the number of bytes in the data segment and the headers must not add up to more than the number of bytes in the Maximum Transmission Unit (MTU). The MTU can be configured per each interface and corresponds to the largest packet size that can be transmitted.

NG800

42

User Manual for NRSW version 4.8.0.102

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

TCP Maximum Segment Size

The maximum segment size defines the largest amount of data of TCP packets (usually MTU minus 40). You may decrease the value in case of fragmentation issues or link-based limits.

MSS adjustment: Maximum segment size:

enabled disabled
1380

Apply

Figure 5.5.: WAN Settings

Parameter MSS adjustment Maximum segment size

TCP MSS Settings Enable or disable MSS adjustment on WAN interfaces. Maximum number of bytes in a TCP data segment.

NG800

43

User Manual for NRSW version 4.8.0.102

5.3.2. Ethernet
NG800 gateways ship with an Fast Ethernet port which can be linked via 48-pin CMC Molex connector. The Fast Ethernet port forms the LAN1 interface which should be used for LAN purposes. Other interfaces can be used to connect other LAN segments or for configuring a WAN link.
Ethernet Port Assignment

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Port Assignment

Link Settings

Ethernet 1 Administrative status: Network interface:
Ethernet 2 Administrative status: Network interface:

enabled disabled LAN1
enabled disabled LAN2

Apply

LOGOUT

Figure 5.6.: Ethernet Ports
This menu can be used to individually assign each Ethernet port to a LAN interface, just in case you want to have different subnets per port or use one port as WAN interface. You may assign multiple ports to the same interface.

NG800

44

User Manual for NRSW version 4.8.0.102

Ethernet Link Settings

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Port Assignment

Link Settings

Link speed for Ethernet 1: Link speed for Ethernet 2:
Apply

auto-negotiated auto-negotiated

LOGOUT

Figure 5.7.: Ethernet Link Settings
Link negotiation can be set for each Ethernet port individually. Most devices support auto-negotiation which will configure the link speed automatically to comply with other devices in the network. In case of negotiation problems, you may assign the modes manually but it has to be ensured that all devices in the network utilize the same settings then.

NG800

45

User Manual for NRSW version 4.8.0.102

Authentication via IEEE 802.1X

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges USB Serial GNSS
NB3800 NetModule Router Hostname nb Software Version 4.7.0.100 © 2004-2022, NetModule AG

Port Assignment Link Settings Wired 802.1X

Ethernet 1 Wired 802.1X status:
Ethernet 2 Wired 802.1X status: EAP type: Anonymous identity: Identity: Password: Certificates: Ethernet 3 Wired 802.1X status: Reauthentication Period: Authenticator ID: Use MAB: Ethernet 4 Wired 802.1X status:
Ethernet 5 Wired 802.1X status:
Apply

disabled Client Authenticator

disabled Client Authenticator PEAP

Netmodule-Anon

testid

·········

show

missing Manage keys and certificates

disabled Client Authenticator 3600 Netmodule-Auth

disabled Client Authenticator
disabled Client Authenticator

LOGOUT

Figure 5.8.: Authentication via IEEE 802.1X
NetModule-routers support authentication via the IEEE 802.1X standard. This can be configured for each Ethernet port individually. The following options exist:

NG800

46

User Manual for NRSW version 4.8.0.102

Parameter Wired 802.1X status EAP type Anonymous identity Identity Password Certificates

Wired IEEE 802.1X Client Settings If set to Client, the router will authenticate on this port via IEEE 802.1X Which protocol to use to authenticate The anonymous identify for PEAP authentication The identify for EAP-TLS or PEAP authentication (required) The password for PEAP authentication (required) Certificates for authentication via EAP-TLS or PEAP. Can be configured in chapter 5.8.8

Parameter Wired 802.1X status
Reauthentication Period Authenticator ID Use MAB

Einstellungen IEEE 802.1X Authenticator
If set to Authenticator, the router will propagate IEEE 802.1X authentication requests on this port to a configured RADIUS server (see chapter 5.8.2)
Time in seconds after which a connected client has to reauthenticate
This unique name identifies the authenticator at the RADIUS server
Activate this option if you want to allow authentication of devices which are not capable of IEEE 802.1X via MAC Authentication Bypass. These are reported to the RADIUS server with their MAC address as user name and password

VLAN Management
NetModule routers support Virtual LAN according to IEEE 802.1Q which can be used to create virtual interfaces on top of an Ethernet interface. The VLAN protocol inserts an additional header to Ethernet frames carrying a VLAN Identifier (VLAN ID) which is used for distributing the packets to the associated virtual interface. Any untagged packets, as well as packets with an unassigned ID, will be distributed to the native interface.

NG800

47

User Manual for NRSW version 4.8.0.102

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

VLAN Management

VLAN ID
Interface

LAN1-1

1

Network Interface Priority

LAN1

default

LAN1-2

5

LAN1

background

Mode routed routed

LOGOUT

Figure 5.9.: VLAN Management

In order to form a distinctive subnet, the network interface of a remote LAN host must be configured with the same VLAN ID as defined on the router. Further, 802.1P introduces a priority field which influences packet scheduling in the TCP/IP stack.
The following priority levels (from lowest to highest) exist:

Parameter 0 1 2 3 4 5 6 7

VLAN Priority Levels Background Best Effort Excellent Effort Critical Applications Video (< 100 ms latency and jitter) Voice (< 10 ms latency and jitter) Internetwork Control Network Control

NG800

48

User Manual for NRSW version 4.8.0.102

IP Settings This page can be used to configure IP addressing for your LAN/WAN Ethernet interfaces.

Parameter Mode MTU

LAN IP Settings Defines whether this interface is being used as LAN or WAN interface.
The Maximum Transmission Unit for the interface, if provided it will specify the largest size of a packet transmitted on the interface.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
GNSS
NB2800 NetModule Router Hostname NB2800 Software Version 4.6.0.100 © 2004-2021, NetModule AG

IP Address Management

Network Interface

Mode IP Address Mode

LAN1

LAN STATIC

LAN1-1

LAN STATIC

LAN1-2

LAN STATIC

LAN2

WAN DHCP

IP Address 192.168.1.1 192.168.101.1 192.168.102.1 –

Netmask 255.255.255.0 255.255.255.0 255.255.255.0 –

Figure 5.10.: LAN IP Configuration

NG800

49

User Manual for NRSW version 4.8.0.102

LAN-Mode When running in LAN mode, the interface may be configured with the following settings:

Parameter IP address Netmask Alias IP address Alias Netmask MAC

LAN IP Settings The IP interface address The netmask for this interface Optional alias IP interface address Optional alias netmask for this interface Custom MAC adress for this interface (not supported for VLANs)

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
GNSS
NB2800 NetModule Router Hostname NB2800 Software Version 4.6.0.100 © 2004-2021, NetModule AG

IP Settings LAN1 Mode: Static Configuration IP address: Netmask: Alias IP address: Alias Netmask: MTU: MAC:
Apply

LAN WAN
192.168.1.1 255.255.255.0

LOGOUT

Figure 5.11.: LAN IP Configuration – LAN Interface

NG800

50

User Manual for NRSW version 4.8.0.102

WAN-Mode When running in WAN mode, the interface may be configured with two IP versions in the following way:

Parameter IPv4 IPv6 Dual-Stack

Description Only Internet Protocol Version 4 Only Internet Protocol Version 6 Run Internet Protocol Version 4 and Version 6 in parallel

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
GNSS
NB2800 NetModule Router Hostname NB2800 Software Version 4.6.0.100 © 2004-2021, NetModule AG

IP Settings LAN1 Mode:
IP version: IPv4 Configuration IPv4 WAN mode: IPv6 Configuration IPv6 WAN mode: MTU: MAC:
Apply

LAN WAN IPv4 IPv6 Dual-Stack
DHCP Static PPPoE
SLAAC Static

LOGOUT

Figure 5.12.: LAN IP Configuration – WAN Interface

NG800

51

User Manual for NRSW version 4.8.0.102

Depending on the selected IP version you can configure your interface with the following settings:

IPv4 Settings The router can configure its IPv4 address the following ways:

Parameter DHCP
Static
PPPoE

IPv4 WAN-Modes
When running as DHCP client, no further configuration is required because all IP-related settings (address, subnet, gateway, DNS server) will be retrieved from a DHCP server in the network.
Allows you to define static values. Caution has to be taken to assign a unique IP address as it would otherwise raise IP conflicts in the network.
PPPoE is commonly used when communicating with another WAN access device (like a DSL modem).

IPv4-PPPoE Settings The following settings can be applied:

Parameter User name Password Service name
Access concentrator name

PPPoE Configuration
PPPoE user name for authenticating at the access device
PPPoE password for authenticating at the access device
Specifies the service name set of the access concentrator and can be left blank unless you have multiple services on the same physical network and need to specify the one you want to connect to.
The name of the concentrator (the PPPoE client will connect to any access concentrator if left blank)

NG800

52

User Manual for NRSW version 4.8.0.102

IPv6 Settings The router can configure its IPv6 address the following ways:

Parameter SLAAC
Static

IPv6 WAN-Modes
All IP-related settings (address, prefix, routes, DNS server) will be retrieved by the neighbor-discovery-protocol through stateless- addressautoconfiguration.
Allows you to define static values. Caution has to be taken to assign a unique IP address as it would otherwise raise IP conflicts in the network. You can only configure global addresses. The link-local address is automatically generated via the MAC address.

DNS Server
When all enabled IP versions are set to Static, you may configure an interface-specific nameserver. To override the interface-specific nameservers see chapter 5.7.3.

NG800

53

User Manual for NRSW version 4.8.0.102

5.3.3. Mobile
Modems Configuration This page lists all available WWAN modems. They can be disabled on demand.
Query This page allows you to send Hayes AT commands to the modem. Besides the 3GPP-conforming AT command-set further modem-specific commands can be applicable which we can provide on demand. Some modems also support running Unstructured Supplementary Service Data (USSD) requests, e.g. for querying the available balance of a prepaid account. SIMs

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Mobile SIMs
This menu can be used to assign a default modem to each SIM which will also be used by SMS and GSM voice services. A SIM card can get switched in case of multiple WWAN interfaces sharing the same modem.

SIM Default SIM1 Mobile1

Current Mobile1

SIM State missing

SIM Lock unknown

Registered no

Update

Figure 5.13.: SIMs
The SIM page gives an overview about the available SIM cards, their assigned modems and the current state. Once a SIM card has been inserted, assigned to a modem and successfully unlocked, the card should remain in state ready and the network registration status should have turned to registered. If

NG800

54

User Manual for NRSW version 4.8.0.102

not, please double-check your PIN. Please keep in mind that registering to a network usually takes some time and depends on signal strength and possible radio interferences. You may hit the Update button at any time in order to restart PIN unlocking and trigger another network registration attempt. Under some circumstances (e.g. in case the modem flaps between base stations) it might be necessary to set a specific service type or assign a fixed operator. The list of operators around can be obtained by initiating a network scan (may take up to 60 seconds). Further details can be retrieved by querying the modem directly, a set of suitable commands can be provided on request.

NG800

55

User Manual for NRSW version 4.8.0.102

Configuration
A SIM card is generally assigned to a default modem but might be switched, for instance if you set up two WWAN interfaces with one modem but different SIM cards. Close attention has to be paid when other services (such as SMS or Voice) are operating on that modem, as a SIM switch will naturally affect their operation. The following settings can be applied:

Parameter PIN code PUK code Default modem Preferred service
Registration mode Network selection

WWAN SIM Configuration
The PIN code for unlocking the SIM card
The PUK code for unlocking the SIM card (optional)
The default modem assigned to this SIM card
The preferred service to be used with this SIM card. Remember that the link manager might change this in case of different settings. The default is to use automatic, in areas with interfering base stations you can force a specific type (e.g. 3G-only) in order to prevent any flapping between the stations around.
The desired registration mode
Defines which network shall be selected. This can be bound to a specific provider ID (PLMN) which can be retrieved by running a network scan.

NG800

56

User Manual for NRSW version 4.8.0.102

eSIM / eUICC
Attention: Note that eUICC profiles are NOT affected by a factory reset. To remove an eUICC profile from a device, manually remove it before performing the factory reset.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
Serial
GNSS
CAN
Bluetooth
NG800 NetModule Router Hostname Simulator Software Version 4.6.0.100 © 2004-2021, NetModule AG

SIM Card

eSIM Profiles

Profile configuration for embedded SIM1

ICCID

Operator

Name

EID: 89033032426180001000002063768022

Nickname

LOGOUT

Figure 5.14.: eSIM Profiles
Selected router models contain an eUICC (embedded universal integrated circuit card) which allows you to download eSIM profiles from the internet to the router instead of having to insert a physical SIM card into the router. The eSIM profiles to be installed must be compliant to the GSMA RSP Technical Specification SGP.22. These are the same eSIM profiles that are used with current mobile phones. Profiles according to the older GSMA SGP.02 specification are not supported. eSIM profiles can be managed on the “eSIM Profiles” tab of the “Mobile / SIMs” configuration page. The management page allows you to display all installed eSIM profiles as well as to install, enable, disable and delete eSIM profiles. It is also possible to store a nickname for each profile. The eUICC can store up to about 7 eSIM profiles depending on the size of the profiles. Only one of those profiles can be active at a time. In order to install new eSIM profiles, you need to first establish IP connectivity to the internet so that

NG800

57

User Manual for NRSW version 4.8.0.102

the router can download the profile from the mobile network operator’s server.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
Serial
GNSS
CAN
Bluetooth
NG800 NetModule Router Hostname Simulator Software Version 4.6.0.100 © 2004-2021, NetModule AG

Add eUICC profile to SIM1 Method:
Activation code: ? Confirmation code:
Apply

Activation/QR Code Root discovery service scan or upload QR code

LOGOUT

Figure 5.15.: Add eUICC Profile
The following two ways are supported to install eSIM profiles and can be selected on the eSIM profiles configuration page:
1. QR code provided by the network operator To download the eSIM profile using this method your mobile network operator provides you a QR code which contains the information about the eSIM profile to be installed. If the device you are using to access the configuration GUI of the router has a camera, you can scan the QR code using the camera. Otherwise you can also upload an image file of the QR code. Or it is also possible to enter the contents of the QR code manually into the corresponding input field.
2. GSMA Root Discovery Service When using this method, you need to provide the EID, which is a unique number that identifies the eUICC of the router, to your mobile network operator. The EID is displayed on the eSIM profiles configuration page. The operator will then prepare the eSIM profile for your router on his provisioning servers. Afterwards, you can use the GSMA Root Discovery Service method to retrieve the eSIM

NG800

58

User Manual for NRSW version 4.8.0.102

profile without having to specify any additional information for the download. Note: Most mobile network operators allow only one download of an eSIM profile. So, if you download the profile once and delete it afterwards, you will not be able to download the same profile a second time. In this case you would need to request a new eSIM profile from your operator.

NG800

59

User Manual for NRSW version 4.8.0.102

WWAN Interfaces
This page can be used to manage your WWAN interfaces. The resulting link will pop up automatically as WAN link once an interface has been added. Please refer to chapter 5.3.1 for how to manage them.
The Mobile LED will be blinking during the connection establishment process and goes on as soon as the connection is up. Refer to section 5.8.7 or consult the system log files for troubleshooting the problem in case the connection did not come up.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Mobile Interfaces Interface Modem SIM PDP WWAN1 Mobile1 SIM1 PDP1

Number Service APN / User *99***1# automatic internet.telekom / tm

LOGOUT

Figure 5.16.: WWAN Interfaces

The following mobile settings are required:

Parameter Modem SIM Service type

WWAN Mobile Parameters The modem to be used for this WWAN interface The SIM card to be used for this WWAN interface The required service type

Please note that these settings supersede the general SIM based settings as soon as the link is being dialed.

NG800

60

User Manual for NRSW version 4.8.0.102

Generally, the connection settings are derived automatically as soon as the modem has registered and the network provider has been found in our database. Otherwise, it will be required to configure the following settings manually:

Parameter Phone number
Access point name IP version
Authentication Username Password

WWAN Connection Parameters
The phone number to be dialed, for 3G+ connections this commonly refers to be *99***1#. For circuit-switched 2G connections you can enter the fixed phone number to be dialed in international format (e.g. +41xx).
The access point name (APN) being used
What IP version to use. Dual-stack lets you use IPv4 and IPv6 together. Please note, that your provider might not support all IP versions.
The authentication scheme being used, if required this can be PAP or/and CHAP
The user-name used for authentication
The password used for authentication

Furtheron, you may configure the following advanced settings:

Parameter Required signal strength Home network only Negotiate DNS Call to ISDN Header compression
Data compression Client address MTU

WAN Advanced Parameters
Sets a minimum required signal strength before the connection is dialed
Determines whether the connection should only be dialed when registered to a home network
Specifies whether the DNS negotiation should be performed and the retrieved name-servers should be applied to the system
Has to be enabled in case of 2G connections talking to an ISDN modem
Enables or disables 3GPP header compression which may improve TCP/IP performance over slow serial links. Has to be supported by your provider.
Enables or disables 3GPP data compression which shrinks the size of packets to improve throughput. Has to be supported by your provider.
Specifies a fixed client IP address if assigned by the provider
The Maximum Transmission Unit for this interface

NG800

61

User Manual for NRSW version 4.8.0.102

5.3.4. WLAN
WLAN Management In case your router is shipping with a WLAN (or Wi-Fi) module you can operate it either as client, access point, mesh point or certain dual modes. As a client it can create an additional WAN link which for instance can be used as backup link. As access point, it can form another LAN interface which can be either bridged to an Ethernet-based LAN interface or create a self-contained IP interface which can be used for routing and to provide services (such as DHCP/DNS/NTP) in the same way like an Ethernet LAN interface does. As mesh point, it can create a wireless mesh network to provide a backhaul connectivity with dynamic path selection. As dual mode, it is possible to run access point and client or mesh point and access point functionality on the same radio module.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

WLAN Management Administrative status:

Operational mode:

Regulatory domain: Operation type: Radio band: Bandwidth: Channel: Number of antennas: Antenna gain:

Apply

Continue

enabled disabled client access point mesh point dual modes European Union 802.11b 2.4 GHz 20 MHz
Auto
2 0 dB

Channel utilisation

LOGOUT

Figure 5.17.: WLAN Management
If the administrative status is set to disabled, the module will be powered off in order to reduce the overall power consumption. Regarding antennas, we generally recommend using two antennas for better coverage and throughput. A second antenna is definitely mandatory if you want to achieve higher throughput rates as in 802.11n. A WLAN client and a mesh point will automatically became a WAN link and can be managed as described in chapter 5.3.1.

NG800

62

User Manual for NRSW version 4.8.0.102

Configurable parameters for access-point, client mode, mesh point and any dual mode:

Parameter Regulatory Domain Number of antennas Antenna gain
Tx power Disable low data rates

WLAN Management Select the country the Router operates in Set the number of connected antennas Specify the antenna gain for the connected antennas. Please refer to the antennas datasheet for the correct gain value. Specifies the max. transmit power used in dBm. Avoid sticky clients by disabling low data rates.

Warning Please be aware that any inappropriate parameters can lead to an infringement of conformity regulations.

Running as access point or dual mode, you can further configure the following settings:

Parameter Operation type Radio band
Outdoor Bandwidth Channel Short Guard Interval

WLAN Management Specifies the desired IEEE 802.11 operation mode Selects the radio band to be used for connections, depending on your module it could be 2.4 or 5 GHz Shows the 5 GHz outdoor channels Specify the channel bandwidth operation mode Specifies the channel to be used Enables the Short Guard Interval (SGI)

Running as client, you can further configure the following settings:

Parameter Scan channels
2.4 GHz 5 GHz

WLAN Management Select if all supported channels should be scanned or just user defined channels Set the channels which should be scanned in 2.4 GHz Set the channels which should be scanned in 5 GHz

Available operation modes are:

NG800

63

User Manual for NRSW version 4.8.0.102

Standard 802.11a 802.11b 802.11g 802.11n 802.11n

Frequencies 5 GHz 2.4 GHz 2.4 GHz 2.4 GHz 5 GHz

Bandwidth 20 MHz 20 MHz 20 MHz 20 MHz 40 MHz

Table 5.25.: IEEE 802.11 Network Standards

Data Rate 54 Mbit/s 11 Mbit/s 54 Mbit/s 144 Mbit/s 150 Mbit/s

NG800

64

User Manual for NRSW version 4.8.0.102

Running as mesh point, you can further configure the following settings:

Parameter Radio band
Channel

WLAN Mesh-Point Management Selects the radio band to be used for connections, depending on your module it could be 2.4 or 5 GHz
Specifies the channel to be used

Note: 802.11n with 2×2 MIMO in 2.4 GHz and 1×1 in 5 GHz.

NG800

65

User Manual for NRSW version 4.8.0.102

Prior to setting up an access point, it is always a good idea to run a network scan for getting a list of neighboring WLAN networks and then choose the less interfering channel. Please note that two adequate channels are required for getting good throughputs with 802.11n and a bandwidth of 40 MHz.
WLAN Configuration Running in client mode, it is possible to connect to one ore more remote access-points. The system will switch to the next network in the list in case one goes down and return to the highest-prioritized network as soon as it comes back. You can perform a WLAN network scan and pick the settings from the discovered information directly. The authentication credentials have to be obtained by the operator of the remote access point.

Parameter SSID Security mode WPA mode
WPA cipher
Identity Passphrase
Required signal strength

WLAN Client Configuration The network name (called SSID)
The desired security mode
The desired encryption method. WPA3 should be preferred over WPA2 and WPA1
The WPA cipher to be used, the default is to run both (TKIP and CCMP)
The identity used for WPA-RADIUS and WPA-EAP-TLS
The passphrase used for authentication with WPA-Personal, otherwise the key passphrase for WPA-EAP-TLS
Required signal strength to esablish the connection

The client is performing background scans for the purpose of roaming within an ESS. The background scans are based on the current signal strenght.

Parameter Threshold
Long interval
Short interval

WLAN Client Background Scan Parameters
The signal strength threshold in dBm when the long or short time interval should occur
The time in seconds when a background scan should be performed if the threshold is above the given threshold value
The time in seconds when a background scan should be performed if the threshold is below the given threshold value

NG800

66

User Manual for NRSW version 4.8.0.102

Running in access-point mode you can create up to 2 SSIDs with each running their own network configuration. The networks can be individually bridged to a LAN interface or operate as dedicated interface in routing-mode.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

WLAN Access-Point Configuration

Interface

SSID

WLAN1

NB1600-Private

Security Mode WPA / Cipher

WPA-PSK

WPA + WPA2 / TKIP + CCMP

Figure 5.18.: WLAN Configuration

NG800

67

User Manual for NRSW version 4.8.0.102

This section can be used to configure security-related settings.

Parameter

WLAN Access-Point Configuration

SSID

The network name (called SSID)

Security mode

The desired security mode

WPA mode

WPA2 should be preferred over WPA1, running WPA/WPA2 mixedmode offers both.

WPA cipher

The WPA cipher to be used, the default is to run both (TKIP and CCMP)

Passphrase

The passphrase used for authentication with WPA-Personal.

Force PMF

Enables Protected Management Frames

Hide SSID

Hides the SSID

Isolate clients

Disables client-to-client communication

Band steering master

The WLAN interface which the client should be steered to

Opportunistic Wireless En- The WLAN interface for a seamless transition from an OPEN WLAN

cryption transition

to an OWE encrypted WLAN interface

Accounting

Sets accounting profile

The following security modes can be configured:

Parameter Off None WEP WPA-Personal
WPA-Enterprise
WPA-RADIUS
WPA-TLS
OWE

WLAN Security Modes
SSID is disabled
No authentication, provides an open network
WEP (is nowadays discouraged)
WPA-Personal (TKIP, CCMP), provides password-based authentication
WPA-Enterprise in AP mode, can be used to authenticate against a remote RADIUS server which can be configured in chapter 5.8.2
EAP-PEAP/MSCHAPv2 in client mode, can be used to authenticate against a remote RADIUS server which can be configured in chapter 5.8.2
EAP-TLS in client mode, performs authentication using certificates which can be configured in chapter 5.8.8
Opportunistic Wireless Encryption alias Enhanced OPEN provides encryption WLAN without any authentication

NG800

68

User Manual for NRSW version 4.8.0.102

Running in mesh point mode, it is possible to connect to one or more mesh points within the mesh network at the same time. The system will automatically join the wireless network, connect to the other mesh partners with the same ID and sercurtiy credentials. The authentication credentials have to be obtained by the operator of the mesh network.

Parameter

WLAN Mesh-Point Configuration

MESHID

The network name (called MESHID)

Security mode

The desired security mode

enable gate announcements To enable gate announcments for the mesh network

NG800

69

User Manual for NRSW version 4.8.0.102

The following security modes can be configured:

Parameter Off None SAE

WLAN Mesh-Point Security Modes MESHID is disabled No authentication, provides an open network SAE (Simultaneous Authentication of Equals) is a secure passwordbased authentication and key establishment protocol

NG800

70

User Manual for NRSW version 4.8.0.102

WLAN IP Settings
This section lets you configure the TCP/IP settings of your WLAN network. A client and mesh point interface can be run over DHCP or with a statically configured address and default gateway.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

WLAN1 IP Settings Network mode: IP address: Netmask:

Apply

Continue

bridged routed 192.168.200.1 255.255.255.0

LOGOUT

Figure 5.19.: WLAN IP Configuration

The access point networks can be bridged to any LAN interface for letting WLAN clients and Ethernet hosts operate in the same subnet. However, for multiple SSIDs we strongly recommend to set up separated interfaces in routing-mode in order to avoid unwanted access and traffic between the interfaces. The corresponding DHCP server for each network can be configured in afterwards as described in chapter 5.7.2.

Parameter Network mode
Bridge interface
IP address / netmask

WLAN IP Settings
Choose whether the interface shall be operated bridged or in routingmode
If bridged, the LAN interface to which the WLAN network should be bridged
In routing-mode, the IP address and netmask for this WLAN network

NG800

71

User Manual for NRSW version 4.8.0.102

The following feature can be configured if the WLAN interface is bridged

Parameter IAPP Pre-auth

WLAN Bridging features
Enables the Inter-Access Point Protocol feature
Enables the pre-authentication mechanism for roaming clients (if supported by the client). Pre-auth is only supported with WPA2Enterprise with CCMP

NG800

72

User Manual for NRSW version 4.8.0.102

5.3.5. Software Bridges
Software bridges can be used to bridge layer-2 devices like OpenVPN TAP, GRE or WLAN interfaces without the need for a physical LAN interface.
Bridge Settings This page can be used to enable/disable software bridges. It can be configured as follows:

Parameter Administrative status IP Address Netmask MTU

Bridge Settings
Enables or disables the bridge interface. If you need an interface to the local system you need to define an IP address for the local device.
IP address of the local interface (available only if “Enabled with local interface” was selected
Netmask of the local interface (available only if “Enabled with local interface” was selected
Optional MTU size for the local interface (available only if “Enabled with local interface” was selected

NG800

73

User Manual for NRSW version 4.8.0.102

5.3.6. Serial This page can be used to manage your serial ports. A serial port can be used by:

Parameter none login console
device server modem bridge modem emulator
SDK

Serial Port Usage
The serial port is not used
The serial port is used to open a console which can be accessed with a serial terminal client from the other side. It will provide helpful bootup and kernel messages and spawns a login shell, so that users can login to the system. If more than one serial interface is available, one serial interface can be configured as ‘login console’ at a time.
The serial port will be exposed over a TCP/IP port and can be used to implement a Serial/IP gateway.
Bridges the serial interface to the Modem TTY of an intergrated WWAN Modem.
Emulates a classical AT command driven modem on the serial interface. See http://wiki.netmodule.com/app-notes/hayes-modemat-simulator for detailed information.
The serial port will be reserved for SDK scripts.

NG800

74

User Manual for NRSW version 4.8.0.102

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges
USB
Serial
Digital I/O
GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Administration

Port Settings

SERIAL1 is used by:

Apply

Back

none login console device server modem emulator SDK

Figure 5.20.: Serial Port Administration

LOGOUT

NG800

75

User Manual for NRSW version 4.8.0.102

Running a device server, the following settings can be applied:

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

WAN Link Management Supervision Settings
Ethernet Port Setup VLAN Management IP Settings
Mobile Modems SIMs Interfaces
WLAN Administration Configuration IP Settings
Bridges USB Serial Digital I/O GNSS
NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Administration

Port Settings

SERIAL1 Port Settings

Physical protocol: Baud rate: Data bits: Parity: Stop bits: Software flow control: Hardware flow control: Server Configuration Protocol on IP port: Port:
Timeout: Allow remote control (RFC 2217): Show banner:
Allow clients from:

Apply

RS232 115200 8 data bits None 1 stop bit None None

Telnet

2000

endless

numbered

600

everywhere specify

Figure 5.21.: Serial Port Settings

LOGOUT

Parameter Physical protocol Baud rate Data bits Parity Stop bits
NG800

Serial Settings Selects the desired physical protocol on the serial port Specifies the baud rate run on the serial port Specifies the number of data bits contained in each frame Specifies the parity used for every frame that is transmitted or received Specifies the number of stop bits used to indicate the end of a frame

76

User Manual for NRSW version 4.8.0.102

Parameter Software flow control
Hardware flow control Protocol on TCP/IP Port Timeout

Serial Settings
Defines the software flow control for the serial port, XOFF will send a stop, XON a start character to the other end to control the rate of any incoming data
You may enable RTS/CTS hardware flow control, so that the RTS and CTS lines are used to control the flow of data
You may choose the IP protocols Telnet or TCP raw for the device server
The TCP port for the device server
The timeout until a client is declared as disconnected

Parameter Protocol on IP port Port Timeout
Allow remote control Show banner Stop bits Allow clients from

Server Settings Selects the desired IP protocol (TCP or Telnet) Specifies the TCP port on which the server will be available The time in seconds before the port will be disconnected if there is no activity on it. A zero value disables this function. Allow remote control (ala RFC 2217) of the serial port Show a banner when clients connect Specifies the number of stop bits used to indicate the end of a frame Specifies which clients are allowed to connect to the server

Please note that the device server does not provide authentication or encryption and clients will be able connect from everywhere. Please consider to restrict access to a limited network/host or block packets by using the firewall.
When running the serial port as AT modem emulator the following settings can be applied:

Parameter Physical protocol Baud rate Hardware flow control

Serial Port Settings Selects the desired physical protocol on the serial port Specifies the baud rate run on the serial port You may enable RTS/CTS hardware flow control, so that the RTS and CTS lines are used to control the flow of data

Parameter Port

Incoming connections via Telnet The TCP port for the device server

Parameter Number

Phonebook Entries Phone number that will get an alias

NG800

77

User Manual for NRSW version 4.8.0.102

Parameter IP address Port

Phonebook Entries IP address the number will become Port value for the IP address

NG800

78

User Manual for NRSW version 4.8.0.102

5.3.7. Bluetooth Low Energy
If a Bluetooth interface is available it can be used either with the SDK scripting engine or forwarded to the Virtualization.
Bluetooth Settings This page can be used to assign the Bluetooth module either to SDK or Virtualization or to turn Bluetooth functionality off. It can be configured as follows:

Parameter Administrative status

Bluetooth Settings Enables the module for SDK or Virtualization

If you enable the module for SDK usage you need a SDK script that handles the hardware interface. You can start advertising or scanning mode and setup parameters via SDK. Please have a look at the SDK API for detailed description.
If you enable the module for Virtualization there will be no interaction to the module from the host system. It is in your responsibility to use it correctly. Please refer to our examples and documentation in the public Wiki.

NG800

79

User Manual for NRSW version 4.8.0.102

5.3.8. GNSS

Configuration
The GNSS page lets you enable or disable the GNSS modules present in the system and can be used to configure the daemon that can be used to share access to receivers without contention or loss of data and to respond to queries with a format that is substantially easier to parse than the NMEA 0183 emitted directly by the GNSS device.
We are currently running the Berlios GPS daemon (version 3.15), supporting the new JSON format. Please navigate to http://www.catb.org/gpsd/ for getting more information about how to connect any clients to the daemon remotely. The position values can also be queried by the CLI and used in SDK scripts.

Parameter Administrative status Operation mode Antenna type Accuracy
Fix frame interval

GNSS Module Configuration
Enable or disable the GNSS module
The mode of operation, either standalone or assisted (for A-GPS)
The type of the connected GPS antenna, either passive or actively 3 volt powered
The GNSS receiver compares the calculated position accuracy based on the satellite information and compares it with this accuracy threshold in meters. If the calculated position accuracy is better than the accuracy threshold, the position is reported. Adjust this parameter to a higher threshold in case the GNSS receiver does not report a position fix, or when it takes a long time to calculate a fix. This could be caused when there is no clear sky view of the GNSS antenna which is the case in tunnels, beside tall buildings, trees, and so on.
The amount of time to wait between fix attempts

If the GNSS module does support AssistNow and the operation mode is assisted the following configuration can be done:

Parameter Primary URL Secondary URL

GNSS Assisted GPS Configuration The primary AssistNow URL The secondary AssistNow URL

Information about AssistNow: If you have a lot of devices in the field that use the AssistNow service, please consider creating your own AssistNow token at http://www. u-blox.com. If there are too many requests per time, the service may not work as expected. If you have further questions, please contact our support.

Parameter Server port

GNSS Server Configuration
The TCP port on which the daemon is listening for incoming connections

NG800

80

User Manual for NRSW version 4.8.0.102

Parameter Allow clients from
Clients start mode

GNSS Server Configuration
Specifies where clients can connect from, can be either everywhere or from a specific network
Specifies how data transferal is accomplished when a client connects. You can specify on request which typically requires an R to be sent. Data will be sent instantly in case of raw mode which will provide NMEA frames or super-raw which includes the original data of the GPS receiver. If the client supports the JSON format (i.e. newer libgps is used) the json mode can be specified.

Please consider to restrict access to the server port, either by a specifying a dedicated client network or by using a firewall rule.

Information about Dead Reckoning: If you have a device which supports Dead Reckoning, please consult the GNSS Dead Reckoning installation guide for further information or please contact our support.

NG800

81

User Manual for NRSW version 4.8.0.102

Position This pages provides further information about the satellites in view and values derived from them:

Parameter Latitude Longitude Altitude Satellites in view Speed
Satellites used
Dilution of precision

GNSS Information The geographic coordinate specifying the north-south position The geographic coordinate specifying the east-west position The height above sea level of the current location The number of satellites in view as stated in GPGSV frames The horizontal and vertical speed in meter per second as stated in GPRMC frames The number of satellites used for calculating the position as stated in GPGGA frames The dilution of precision as stated in GPGSA frames

Furtheron, each satellite also comes with the following details:

Parameter PRN Elevation Azimuth SNR

GNSS Satellite Information
The PRN code of the satelitte (also referred as satellite ID) as stated in GPGSA frames
The elevation (up-down angle between the dish pointing direction) in degrees as stated in GPGSV frames
The azimuth (rotation around the vertical axis) in degrees as stated in GPGSV frames
The SNR (Signal to Noise Ratio), often referred as signal strength

Please note that the values are shown as calculated by the daemon, their accuracy might be suggestive.
Supervision

Parameter Administrative status Mode Max. downtime
Emergency action

GNSS Supervision
Enable or disable GNSS supervision
Specifies whether to monitor the NMEA stream or GPS fixes
The period of time without valid NMEA stream or GPS fix after which an emergency action shall be taken
The corresponding emergency action. You can either let just restart the server, which will also re-initialize the GPS function on the module, or reset the module in severe cases. Please note that this may have effects on any running WWAN/SMS services.

NG800

82

User Manual for NRSW version 4.8.0.102

5.4. ROUTING
5.4.1. Static Routes
This menu shows all routing entries of the system. They are typically formed by an address/netmask couple (represented in IPv4 dotted decimal notation) which specify the destination of a packet. The packets can be directed to either a gateway or an interface or both. If interface is set to ANY, the system will choose the route interface automatically, depending on the best matching network configured for an interface.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Static Routes Extended Routes Multipath Routes Multicast
IGMP Proxy Static Routes BGP OSPF Mobile IP Administration QoS Administration Classification

Static Routes

This menu shows all routing entries of the system, they can consist of active and configured ones. The flags are as follows: (A)ctive, (P)ersistent, (H)ost Route, (N)etwork Route, (D)efault Route (Netmasks can be specified in CIDR notation)

Destination Netmask

Gateway

Interface Metric Flags

192.168.1.0 255.255.255.0 0.0.0.0

LAN1 0 AN

192.168.101.0 255.255.255.0 0.0.0.0

LAN1-1 0 AN

192.168.102.0 255.255.255.0 0.0.0.0

LAN1-2 0 AN

192.168.200.0 255.255.255.0 0.0.0.0

WLAN1 0 AN

Route lookup

NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG
Figure 5.22.: Static Routing
In general, host routes precede network routes and network routes precede default routes. Additionally, a metric can be used to determine the priority of a route, a packet will go in the direction with the lowest metric in case a destination matches multiple routes. Netmasks can be specified in CIDR notation (i.e. /24 expands to 255.255.255.0).

NG800

83

User Manual for NRSW version 4.8.0.102

Parameter Destination Netmask
Gateway Interface Metric Flags

Static Route Configuration
The destination address of a packet
The subnet mask which forms, in combination with the destination, the network to be addressed. A single host can be specified by a netmask of 255.255.255.255, a default route corresponds to 0.0.0.0.
The next hop which operates as gateway for this network (can be omitted on peer-to-peer links)
The network interface on which a packet will be transmitted in order to reach the gateway or network behind it
The routing metric of the interface (default 0), higher metrics have the effect of making a route less favorable
(A)ctive, (P)ersistent, (H)ost Route, (N)etwork Route, (D)efault Route

The flags obtain the following meanings:

Flag

Description

A

The route is considered active, it might be inactive if the interface for this route is not yet

up.

P

The route is persistent, which means it is a configured route, otherwise it corresponds to

an interface route.

H

The route is a host route, typically the netmask is set to 255.255.255.255.

N

The route is a network route, consisting of an address and netmask which forms the

subnet to be addressed.

D

The route is a default route, address and netmask are set to 0.0.0.0, thus matching any

packet.

Table 5.50.: Static Route Flags

NG800

84

User Manual for NRSW version 4.8.0.102

5.4.2. Extended Routing Extended routes can be used to perform policy-based routing, they generally precede static routes.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Static Routes Extended Routes
Multipath Routes Multicast
IGMP Proxy Static Routes BGP OSPF Mobile IP Administration QoS Administration Classification

Extended Routes

Extended routes can be used to perform policy-based routing. In general, they precede any other static routes.

Interface Source

Destination

TOS Route to

ANY

4.4.4.4/32

8.8.8.8/32

any WWAN1

NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Figure 5.23.: Extended Routing

In contrast to static routes, extended routes can be made up, not only of a destination address/netmask, but also a source address/netmask, incoming interface and the type of service (TOS) of packets.

Parameter Source address Source netmask Destination address Destination netmask Incoming interface Type of service Route to
discard if down

Extended Route Configuration The source address of a packet The source address of a packet The destination address of a packet The destination address of a packet The interface on which the packet enters the system The TOS value within the header of the packet Specifies the target interface or gateway to where the packet should get routed to Discard packets if the specified interface is down

NG800

85

User Manual for NRSW version 4.8.0.102

5.4.3. Multipath Routes
Multipath routes will perform weighted IP-session distribution for particular subnets across multiple interfaces.

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGOUT

Static Routes Extended Routes Multipath Routes Multicast
IGMP Proxy Static Routes BGP OSPF Mobile IP Administration QoS Administration Classification

Multipath Routes Multipath routes will perform weighted IP-session distribution for particular subnets across multiple interfaces.

Destination 8.8.4.4/32

Distribution
WWAN1 (50%) LAN2 (50%)

NetModule Router Simulator Hostname NB1600 Software Version 4.4.0.103 © 2004-2020, NetModule AG

Figure 5.24.: Multipath Routes

At least two interfaces have to be defined to establish multipath routing. Additional interfaces can be added by pressing the plus sign.

Parameter Target network/netmask Interface Weight NextHop

Add Multipath Routes Defines the target network for which multipath routing shall be applied Selects the interface for one path Weight of the interface in relation to the others Overrides the default gateway of this interface

NG800

86

User Manual for NRSW version 4.8.0.102

5.4.4. Multicast
Multicast distributes IP packets to subscribers in a one-to-many relationship. The subscribers use multicast messages to subscribe to a MCR group and receive the data in form of multicast packets. Therefore the messages are sent by the packet sink to the packet source. Multicast routing (MCR) is used to farward multicast data from one network to another.
Attention: As multicast is used to send data from one source to several destinations on the same network it is quite common for testing applications to set the TTL of multicast packets to 1 to prevent the packets from spilling into other networks. If you want to route multicast packets (that’s why it is called MCR) you’ll have to make sure to send your data with a TTL > 1.

Multicast routing can be configured and managed by a daemon. Only one MCR daemon can be used at a time.
NetModule routers ship with two different MCR daemons to select from depending on your dependencies:

Parameter IGMP proxy
static routes
disabled

Administrative Status
Forwarding of multicast messages that are dynamically detected on a given interface to another interface
List of MCR rules to forward messages of dedicated source and group from a given interface to another
Disable routing of multicast messages

IGMP proxy IGMP proxy which is able to maintain multicast groups on a particular interface and distribute incoming multicast packets towards the downstream interfaces on which hosts have joined the groups.

Parameter Incoming interface
Sender network Sender netmask Distribute to

Multicast Routing Settings The upstream interface on which multicast groups are joined and on which multicast packets come in
The multicast source network address
The multicast source network mask
Specifies the downstream interfaces to which multicast packets will be forwarded

Static Routes Routes multicast packets in different directions depending on their origin and group based on a given set of MCR rules:

NG800

87

User Manual for NRSW version 4.8.0.102

Parameter Group Source Incoming interface Outgoing interface

Static Multicast Route IP address of MCR group Source-IP of the packets Interface to the packet source Interface to forward the packets to

NG800

88

User Manual for NRSW version 4.8.0.102

5.4.5. BGP

The BGP tab allows to set up peerings of the NetModule router with other Border Gateway Protocol enabled routers.

Parameter

BGP General Settings

Administrative status

Specifies whether the BGP routing protocol is active

Router ID

Optionally the router ID can be defined in form of a dotted IPv4 representation like 1.2.3.4. If the ID is omitted, the BGP daemon will try to determine a valid value or fall back to 0.0.0.0

AS number

The number of the autonomous system to which the NetModule router belongs (1-4294967295)

Redistribute routes

connected Redistribute routes to networks which are directly connected to the NetModule router

Redistribute local routes

Redistribute routes from the NetModule router’s own routing table

Redistribute OSPF routes Redistribute routes learned via the OSPF routing protocol

Disable when redundancy Disables the BGP protocol when the router is set to slave mode by

backup

the VRRP redundancy protocol

Keepalive timer

The interval in seconds of sending keepalive message

Holddown timer

The time in seconds how long the router will wait for incomming BGP messages until the router will assume the neighbor is dead

The neighbors tab is used to configure all the BGP routers to peer with.

Parameter IP address As number Password
Multihop
Address Family
Weight

BGP Neighbors IP address of the peer router
Autonomous system number of the peer router (1-4294967295)
Password for authentication with the peer router. If left blank authentication is disabled.
Allow multiple hops between this router and the peer router instead of requiring the peer to be directly connected.
Select whether ipv4-unicast or l2vpn-evpn address family shall be enabled
This parameter specifies the default weight for the neighbor route

The Networks tab allows to add IP network prefixes that shall be distributed via BGP in addition to the networks that are redistributed from other sources as defined on the general tab.

Parameter Prefix

BGP Networks Prefix of the network to be distributed

NG800

89

User Manual for NRSW version 4.8.0.102

Parameter Prefix length

BGP Networks Length of the prefix to be distributed

NG800

90

User Manual for NRSW version 4.8.0.102

5.4.6. OSPF

The OSPF menu allows the NetModule router to be added to a network of OSPF routers.

Parameter

OSPF General Settings

Administrative status

Specifies whether the OSPF routing protocol is active

Router ID

The router-id is a unique identity to the NetModule router. If no routerid is specified, the system will automatically choose the highest IP address as the router-id.

Redistribute routes

connected Redistribute routes to networks which are directly connected to the NetModule router

Redistribute local routes

Redistribute routes from the NetModule router’s own routing table

Redistribute BGP routes

Redistribute routes learned via the BGP routing protocol

Redistribute default route Redistribute the routers default route

Disable when redundancy Disables the OSPF protocol when the router is set to slave mode by

backup

the VRRP redundancy protocol

The interfaces tab is used to define OSPF specific settings for the IP interfaces of the router. If no settings are defined for a specific interface, default settings will be used.

Parameter Interface Authentication
Key Key ID Cost
Passive

OSPF Interfaces The name of the interface for which settings shall be defined The authentication protocol to be used on the interface to authenticate OSPF packets The key to be used for authentication The ID of the key to be used for authentication (1-255) The cost for sending packets via this interface. If not specified or set to 0 OSPF defaults are used. Do not send out OSPF packets on this interface

The networks tab defines the IP networks to be handled in OSPF as well as to which routing area they belong.

Parameter Prefix Prefix length Area

OSPF Networks Prefix of the network Length of the prefix Routing area to which this interface belongs (0-65535, 0 means backbone)

NG800

91

User Manual for NRSW version 4.8.0.102

5.4.7. Mobile IP
Mobile IP (MIP) can be used to enable seamless switching between different kinds of WAN links (e.g. WWAN/WLAN). The mobile node hereby remains reachable via the same IP address (home address) at any time, independently of the WAN link being used. Effectively, any WAN link switch causes very small outages during switchover while keeping all IP connections alive.

Moreover, NetModule routers also support NAT-Traversal for mobile nodes running behind a firewall (performing NAT), which makes mobile nodes even there accessible from a central office via their home address, and thus, bypassing any complicated VPN setups.

The home agent accomplishes this by establishing a tunnel (similar to a VPN tunnel) between itself and the mobile node. WAN link switching works by telling the home agent that the WAN IP address (called the care-of address in MIP terms) of the mobile node has changed. The home agent will then encapsulate packets destined to a mobile node’s home address into a tunnel packet containing the current care-of address of the mobile node as its destination address.

To prevent problems with firewalls and private IP addressing, the MIP implementation always employs reverse tunneling, which means that all traffic sent by a mobile node is relayed via the tunnel to the home agent instead of directly being conveyed to the final destination. This fact also empowers MIP to be used as a lightweight VPN replacement (without payload secrecy).

The MIP implementation supports RFCs 3344, 5177, 3024 and 3519. For applications requiring vast numbers of mobile nodes, interoperability with the Cisco 2900 Series home agent implementation has been verified. However, since NetModule routers implement a mobile node as well as a home agent, a MIP network with up to 10 mobile nodes can be implemented without requiring expensive third party routers.

If MIP is run as a mobile node, the following settings can be configured:

Parameter

Mobile IP Configuration

Primary home agent ad- The address of the primary home agent dress

Secondary home agent ad- The address of the secondary home agent. The mobile node will try to

dress

register with this home agent, if the primary home agent is not reach-

able.

Home address

The permanent home address of the mobile node which can be used to reach the mobile router at any time.

SPI

The Security Parameter Index (SPI) identifying the security context for

the mobile IP tunnel between the mobile node and the home agent.

This is used to distinguish mobile nodes from each other. Therefore

each mobile node needs to be assigned a unique SPI. This is a 32-bit

hexadecimal value.

Authentication type

The used authentication algorithm. This can be prefix-suffix-md5 (default for MIP) or hmac-md5.

NG800

92

User Manual for NRSW version 4.8.0.102

Parameter Shared secret
Life time MTU UDP encapsulation Mobile network address
Mobile network mask

Mobile IP Configuration
The shared secret used for authentication of the mobile node at the home agent. This can be either a 128-bit hexadecimal value or a random length ASCII string.
The lifetime of security associations in seconds.
The maximum transmission unit in byte, default value 1468.
Specifies whether UDP encapsulation shall be used or not. To allow NAT traversal, UDP encapsulation must be enabled.
Optionally specifies a subnet which should be routed to the mobile node. This information is forwarded via Network Mobility (NEMO) extensions to the home agent. The home agent can then automatically add IP routes to the subnet via the mobile node. Note that this feature is not supported by all third party home agent implementations.
The network mask for the optional routed network.

NG800

93

User Manual for NRSW version 4.8.0.102

If MIP is run as a home agent, you will have to set up a home address and network mask for the home agent first. Then you will need to add the configuration for all mobile nodes which is made up of the following settings:

HOME INTERFACES ROUTING FIREWALL VPN SERVICES SYSTEM

LOGO

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals