manualshive.com logo in svg

Digi AnywhereUSB Plus, User Manual, Page: 564 / 815

Share
Download
Digi AnywhereUSB Plus User Manual Download Page 564

Virtual Private Networks (VPN)

IPsec

AnywhereUSB® Plus User Guide

564

ii. For

Remote key

, type the remote pre-shared key. This must be the same as

the local key on the remote host.

n

RSA signature

: Uses a private RSA key to authenticate with the remote peer.

i. For

Private key

, paste the device's private RSA key in PEM format.

ii. Type the

Private key passphrase

that is used to decrypt the private key.

Leave blank if the private key is not encrypted.

iii. For

Peer public key

, paste the peer's public RSA key in PEM format.

n

SCEP certificates

: Uses Simple Certificate Enrollment Protocol (SCEP) to download

a private key, certificates, and an optional Certificate Revocation List (CRL) to the
AnywhereUSB Plus device from a SCEP server.

You must create the SCEP client prior to configuring the IPsec tunnel. See

Configure

a Simple Certificate Enrollment Protocol client

for instructions.

i. For

SCEP Client

, select the SCEP client.

n

X.509 certificate

: Uses private key and X.509 certificates to authenticate with the

remote peer.

i. For

Private key

, paste the device's private RSA key in PEM format.

ii. Type the

Private key passphrase

that is used to decrypt the private key.

Leave blank if the private key is not encrypted.

iii. For

Certificate

, paste the local X.509 certificate in PEM format.

iv. For Peer verification, select either:

l

Peer certificate

: For

Peer certificate

, paste the peer's X.509 certificate in

PEM format.

l

Certificate Authority

: For

Certificate Authority chain

, paste the

Certificate Authority (CA) certificates. These must include all peer
certificates in the chain up to the root CA certificate, in PEM format.

14. (Optional) For

Management Priority

, set the management priority for this IPsec tunnel. A

tunnel that is up and has the highest priority will be used for central management and direct
device access.

15. (Optional) To configure the device to connect to its remote peer as an XAUTH client:

a. Click to expand

XAUTH client

.

b. Click

Enable

.

c. Type the

Username

and

Password

that the device will use to authenticate as an

XAUTH client with the peer.

16. (Optional) Click

Enable MODECFG client

to receive configuration information, such as the

private IP address, from the remote peer.

Summary of Contents for AnywhereUSB Plus

Page 1: ...AnywhereUSB Plus User Guide Firmware version 21 8 ...

Page 2: ...SID and passphrase to initially configure the device l Added support for 40Mhz channel bandwidth on 2 4GHz n VPN enhancements l Added support for L2TPv3 tunneling l New option to enable disable or force IPsec IKE fragmentation n Improved options for creating a custom default configuration l system backup CLI commands for generating a custom default config file based on the active config settings o...

Page 3: ...scripts n Added datapoint upload_multiple function to digidevice python module for uploading multiple datapoints to DigiRM at once n Added clear dhcp lease command to remove all dynamic DHCP leases or certain DHCP leases based on MAC address or IP address n Added speedtest command for performing on demand iPerf or nuttcp speedtests n Local users are now required to be assigned to an authentication...

Page 4: ...le the power to a port on a Hub from the web UI n Commands power cycle and powercycle port n Additional power and cabling requirements AnywhereUSB Plus 8 and 24 n QR code definition Updated topics n Specify search response and keepalive intervals for a Hub n AnywhereUSB Manager USB Device Status pane with Port on Hub information n Updated Open the web user interface n Updated Configure and manage ...

Page 5: ...mand to the Admin CLI to display active DNS servers and their associated interface n Added a show ntp command to the Admin CLI to display the status of the NTP service n Expanded Port forwarding option to support a range of ports including one to one and many to one port mappings n Added options to control packet filtering for the network analyzer n VPN enhancements l IPsec enhancements o Added su...

Page 6: ...set of actions when the device enters or leaves that area l Python support for location information through the digidevice location python module n Cellular modem carrier scanning and locking l New modem scan CLI command for listing available carriers for the current modem and SIM l Manual carrier selection option to allow you to lock the SIM to a specific carrier n Enhanced serial support l Certi...

Page 7: ...lists l IPSec tunnels now wait for Surelink tests if configured to pass prior to initiating outbound tunnels n Policy based routing enhancements l Added a DSCP option to match the routing rule by the type of DSCP field in the packet l Added a Defaultroute option for matching policy based routes to the device s active default route n Python pip support for installing external modules and libraries ...

Page 8: ...or in the product s and or the program s described in this manual at any time Warranty To view product warranty information go to the following website www digi com howtobuy terms Customer support Gather support information Before contacting Digi technical support for help gather the following information Product name and model Product serial number s Firmware version Operating system browser if a...

Page 9: ...reUSB Manager 34 Step 4 Connect the power supply 37 Step 5 Connect to the device using an Ethernet LAN connection 37 Step 6 Verify initial connection 38 Step 7 Update the firmware on the AnywhereUSB 40 Step 8 Create and connect to groups 40 Step 9 Configure the Hub 41 OPTIONAL Use the CORE module to connect to the cellular network AnywhereUSB 8 and 24 port devices ONLY Connect the hardware and con...

Page 10: ...inimize the AnywhereUSB Manager when launched 59 Autofind Hubs in the AnywhereUSB Manager 59 Specify search response and keepalive intervals for a Hub 59 Cycle the power to a USB device connected to the Hub from the AnywhereUSB Manager 60 Manage Hub credentials 61 Enable and disable the auto register Hub certificate 61 Update a Hub certificate 61 Remove a Hub certificate 62 Add a Hub certificate 6...

Page 11: ... to remove items from a list array 88 Using the command line 90 Access the command line interface 90 Log in to the command line interface 90 Exit the command line interface 91 Configure the AnywhereUSB in the web user interface AnywhereUSB Configuration page 93 AnywhereUSB Status page 94 Rename a Hub and the groups in a Hub 95 Rename the Hub 96 Rename a group 96 Configure and manage client IDs 96 ...

Page 12: ... Allow remote access for web administration and SSH 217 Configure the web administration service 220 Configure SSH access 229 Use SSH with key authentication 236 Generating SSH key pairs 236 Configure DNS 237 Show DNS server 243 Simple Network Management Protocol SNMP 245 SNMP Security 245 Configure Simple Network Management Protocol SNMP 245 Download MIBs 249 Location information 251 Configure th...

Page 13: ...n User Service RADIUS 345 RADIUS user configuration 346 RADIUS server failover and fallback to local configuration 346 Configure your AnywhereUSB Plus device to use a RADIUS server 347 LDAP 350 LDAP user configuration 352 LDAP server failover and fallback to local configuration 353 Configure your AnywhereUSB Plus device to use an LDAP server 353 Configure serial authentication 358 Disable shell ac...

Page 14: ...iguration to a file 426 Restore the device configuration 427 Schedule system maintenance tasks 430 Disable device encryption 434 Re enable cryptography after it has been disabled 435 Configure the speed of your Ethernet ports 437 Monitoring intelliFlow 440 Enable intelliFlow 440 Use intelliFlow to display average CPU and RAM usage 443 Use intelliFlow to display top data usage information 444 Use i...

Page 15: ...system The AnywhereUSB Plus local file system 501 Display directory contents 501 Create a directory 502 Display file contents 503 Copy a file or directory 503 Move or rename a file or directory 504 Delete a file or directory 505 Upload and download files 506 Upload and download files by using the WebUI 506 Upload and download files by using the Secure Copy command 507 Upload and download files usi...

Page 16: ...neric Routing Encapsulation GRE 638 Configuring a GRE tunnel 638 Show GRE tunnels 642 Example GRE tunnel over an IPSec tunnel 643 NEMO 658 Configure a NEMO tunnel 658 Show NEMO status 664 L2TPv3 665 Configure an L2TPv3 tunnel 665 Show L2TPV3 tunnel status 669 Command line interface Access the command line interface 672 Log in to the command line interface 672 Exit the command line interface 673 Ex...

Page 17: ... clear 696 cp 698 help 699 ls 700 mkdir 701 modem 702 monitoring 709 more 710 mv 711 ping 712 reboot 714 rm 715 scp 716 show 717 speedtest 724 ssh 724 system 726 traceroute 731 config service anywhereusb enable 734 config service anywhereusb port 735 config service anywhereusb groups 736 config service anywhereusb clients 738 USEALLHUBADDRS 739 Configure the AnywhereUSB Manager from the command li...

Page 18: ...ervices turned off and locked out of the Hub 781 Microsoft Windows restrictions 781 Hubs and virtual machines 781 Allow remote access to USB devices 781 Hub connection is taking too long 782 Red X icon next to a Hub in the AnywhereUSB Manager 782 Cannot uninstall the Manager from the Windows Apps screen 782 Hardware AnywhereUSB 2 Plus Front panel 785 AnywhereUSB 2 Plus Back panel 787 Attach a DIN ...

Page 19: ...805 Italian Italiano 806 Latvian Latvietis 807 Lithuanian Lietuvis 808 Polish Polskie 809 Portuguese Português 810 Slovak Slovák 811 Slovenian Esloveno 812 Spanish Español 813 Digi AnywhereUSB Plus regulatory and safety statements European Community CE Mark Declaration of Conformity DoC 814 CE and UKCA OEM labeling requirements 814 CE labeling requirements 814 UK Conformity Assessed UKCA labeling ...

Page 20: ...user roles that work with the AnywhereUSB Plus Hub are described in the table below Role Description Windows Administrator The Windows administrators have the Windows permissions to install the AnywhereUSB Manager software on the computer The Administrator can start stop and configure the AnywhereUSB Manager if it is run as a service Hub administrator The Hub administrators have access to the Hub ...

Page 21: ...he client ID This certificate is used to validate your user account with the Hub For more information see Client ID Group A group is a set of USB ports on an AnywhereUSB Plus Hub with exclusive access to a single user account Each USB port can be assigned to only one group by the Hub administrator When you log into the computer and connect to a Hub you are allowed to connect to any groups assigned...

Page 22: ...one by an administrator Once the setup is complete any user can connect to a group as described below in Create and configure groups Step 1 Verify product components Step 2 Determine how to run AnywhereUSB Manager Service or stand alone Step 3 Install the AnywhereUSB Manager Step 4 Connect the power supply Step 5 Connect to the device using an Ethernet LAN connection Step 6 Verify initial connecti...

Page 23: ...AnywhereUSB device in the box Additional equipment may be required or may be optional n AnywhereUSB 2 Plus components n AnywhereUSB 8 Plus components n AnywhereUSB 24 Plus components NEXT STEP If you are performing the initial device set up proceed to the next step after verifying the components Step 2 Determine how to run AnywhereUSB Manager Service or stand alone ...

Page 24: ...e records See QR code definition for information about the information contained in the QR code Required additional equipment Equipment Description Ethernet cable STP Cat 7 Ethernet cable See Step 5 Connect to the device using an Ethernet LAN connection Power supply kit Recommended item 1 8 amps per port Digi PN 76000965 See Step 4 Connect the power supply Alternate power supply kits These may be ...

Page 25: ...dditional equipment DIN rail mounting kit Digi PN 7000682 See Attach a DIN rail clip AnywhereUSB Plus 2 port ONLY Note Some kits may not have the required screws included If this occurs you will need to separately purchase two screws of the following type 4 40 x 250 Flat head Phillips head zinc plated screws ...

Page 26: ...ese items to mount the device onto a server rack Loose label sticker A loose label sticker that includes the unique device password is included in the box This default password will be needed if the device is factory reset and you want to access the web UI on the device Retain this label sticker with your hardware records See QR code definition for information about the information contained in th...

Page 27: ...ements see Additional power and cabling requirements AnywhereUSB Plus 8 and 24 Optional additional equipment for connecting to a cellular network This equipment is required only if you want to connect to a cellular network See OPTIONAL Use the CORE module to connect to the cellular network AnywhereUSB 8 and 24 port devices ONLY Equipment Description Digi CORE module SIM card An activated SIM card ...

Page 28: ... panel Loose label sticker A loose label sticker that includes the unique device password is included in the box This default password will be needed if the device is factory reset and you want to access the web UI on the device Retain this label sticker with your hardware records See QR code definition for information about the information contained in the QR code Required additional equipment Eq...

Page 29: ...twork FTLX8574D3BCL SFP Console cable RS232 DB9 Console cable Use the console cable to establish a serial connection from the serial port on your device to your local laptop or PC See Console port Regional power cable For information about regional power cable requirements see Additional power and cabling requirements AnywhereUSB Plus 8 and 24 Optional additional equipment for connecting to a cell...

Page 30: ...Get started with your AnywhereUSB Step 1 Verify product components AnywhereUSB Plus User Guide 30 Equipment Description Antennas 2 ...

Page 31: ... an Administrator can run the AnywhereUSB Manager to configure the service Any user an Administrator or a non Administrator can run and configure the AnywhereUSB Manager USB device availability The devices in the groups connected to the computer are always available to the computer The service automatically runs in the background Note To ensure that all USB devices are connected to your computer a...

Page 32: ... connect is enabled for the group If auto connect is not enabled for the group you can manually connect to a group Groups and devices are disconnected when the Manager stops running which typically occurs when the user running the Manager logs off the computer Warnings n Only an Administrator has the rights to install the AnywhereUSB Manager If you log onto the computer as a non Administrative use...

Page 33: ...reUSB Step 2 Determine how to run AnywhereUSB Manager Service or stand alone AnywhereUSB Plus User Guide 33 NEXT STEP If you are performing the initial device set up proceed to the next step Step 3 Install the AnywhereUSB Manager ...

Page 34: ...de whether you want to run the AnywhereUSB Manager as a stand alone or as a service For detailed information see Step 2 Determine how to run AnywhereUSB Manager Service or stand alone 1 Download the AnywhereUSB Manager installer from the AnywhereUSB Drivers section of the support page a Navigate to the AnywhereUSB Plus support page Note This link takes you to the AnywhereUSB 2 Plus drivers page bu...

Page 35: ...ce or stand alone 9 Click Install A status bar shows the progress of the installation process When complete the Completed screen appears 10 The options in the Completed screen are selected by default Click the checkbox if you do not want to use the feature n Launch AnywhereUSB Manager Launches the AnywhereUSB Manager when the installation completes n Run AnywhereUSB Manager at Logon Automatically ...

Page 36: ...lone If you installed the Manager in stand alone mode the client ID confirmation dialog looks like this n Service If you installed the Manager in service mode the client ID confirmation dialog looks like this 12 Enter a unique client ID This client ID is associated with the login credentials for the user currently logged on to the computer See Client ID for more information about how the client ID...

Page 37: ...ub plug both power cords into an outlet if you are using two power cords Digi recommends plugging each power cord into separate main power circuits 3 Verify that the blue power LED is illuminated NEXT STEP If you are performing the initial device set up proceed to the next step Step 5 Connect to the device using an Ethernet LAN connection Step 5 Connect to the device using an Ethernet LAN connecti...

Page 38: ...fication process below 1 Verify that your Hub powered on The power LED is solid blue 2 Plug your USB flash drive into port 1 on the Hub 3 Verify that the USB port 1 LED is solid yellow green or blue depending on whether the USB flash drive is 1 1 2 0 or 3 1 4 If not already open launch the AnywhereUSB Manager 5 Expand AnywhereUSB Hubs to display a list of AnywhereUSB Hubs 6 Verify that the serial ...

Page 39: ... Click Login The web UI appears d You are required to change the password the first time you log in See Change the default password for the admin user e Select System Configuration AnywhereUSB Configuration The AnywhereUSB Configuration page appears f Expand the Client Settings section g Click Add Client A new row labeled New Client is added to the client list and the Settings for Client section i...

Page 40: ...rmware Update 4 Click Upload file 5 Click Choose File A dialog appears a Navigate to the location to which you downloaded the firmware file b Select the file c Click Open 6 Click Update Firmware For more detailed information about this process see Update system firmware NEXT STEP If you are performing the initial device set up you have now completed all of the required steps You can return to Get ...

Page 41: ...he next step after initial connection Step 9 Configure the Hub Step 9 Configure the Hub The Hub administrator can use the web UI to configure networks parameters services and other Hub features You can update the firmware back up the configuration view system information and logs and reboot the Hub To get started see Configure the AnywhereUSB in the web user interface NEXT STEP If you are performi...

Page 42: ... with your device If it is not you must purchase one separately Connect the hardware and connect to the cellular network 1 Insert your activated SIM card or cards into the CORE module The notched end of SIM card should be inserted first with the gold metal contacts facing down You will hear a click once the SIM is completely inserted Note If one SIM card is being used insert the SIM card into the ...

Page 43: ...ance If a single antenna solution is required it must be attached to the antenna port labeled MAIN 4 Connect the appropriate power supply for your model to the device n AnywhereUSB 8 Plus Hub Connect the power supply to the Hub and tighten the screws to secure n AnywhereUSB 24 Plus Hub Connect both IEC 60320 power supplies into the Hub Note Digi recommends that you purchase an additional power sup...

Page 44: ...row that displays beneath the list of groups n If a group has ports assigned to it the group will display in the AnywhereUSB Manager even if a USB device is not connected to a port n If you don t want a group with all unused USB ports to appear in the the AnywhereUSB Manager you can reassign the unused ports in a group to a different group See Hide a group in the AnywhereUSB Manager To create a gr...

Page 45: ...ent list 1 Open the web UI 2 Select System Configuration AnywhereUSB Configuration The AnywhereUSB Configuration page appears 3 Expand the Client Settings section 4 In the client list select the client ID to which you want to assign groups Information about the selected client ID displays in the Settings for Client section 5 Click the check box next to a group to which the computer is allowed acce...

Page 46: ...figure auto connect for more information Note When you open the AnywhereUSB Manager the Manager attempts to connect to the groups to which you are allowed access If someone else already owns the group you will not be connected to that group Connect to a group or a USB device in the AnywhereUSB Manager You can connect to all of the USB devices and ports in a group or to one device in a group n Conn...

Page 47: ...USB device You can connect to a USB device in a group to which you have access You cannot connect to a device in a group that is already is use by another user When you have connected to a device a note appears next to the device name and in the Device Status pane to show that the device is being used by you The port on the Hub to which the USB device is connected is also listed 1 Open the Anywher...

Page 48: ...Connect to a group or USB device in the AnywhereUSB Manager Connect to a USB device AnywhereUSB Plus User Guide 48 ...

Page 49: ...Hub 51 Disconnect from a group or USB device 52 Manage the list of known Hubs 54 Hide an individual Hub 56 Hide all unauthorized Hubs 58 Use all Hub addresses 58 Minimize the AnywhereUSB Manager when launched 59 Autofind Hubs in the AnywhereUSB Manager 59 Specify search response and keepalive intervals for a Hub 59 Cycle the power to a USB device connected to the Hub from the AnywhereUSB Manager 6...

Page 50: ... to your computer 2 Double click the Anywhere USB Manager shortcut on your desktop Rename AnywhereUSB Hubs groups and USB devices Each AnywhereUSB Hub and group has a default name that displays in the AnywhereUSB Manager You can also assign a local name to each Hub group or USB device that displays in the AnywhereUSB Manager which can help you to uniquely identify your local Hubs groups and USB de...

Page 51: ...Local Name menu option A dialog appears 6 Enter a local name for the group 7 Click OK Assign a local name to a USB device You can assign a local name to a USB device that displays in the in the Device Status pane and also in the tree view The local name is local to the computer on which the AnywhereUSB Manager is running 1 Open the AnywhereUSB Manager 2 Expand AnywhereUSB Hubs to display the Hubs ...

Page 52: ...ore detailed information about this process see Change the default password for the admin user Disconnect from a group or USB device You can disconnect from any group or USB device in the group to which you no longer need access n Disconnect from a group n Disconnect from a USB device Disconnect from a group You can disconnect from a group that has ports you no longer need access to You are discon...

Page 53: ...e A note appears in the Device Status pane to show that the device is not being used Configure auto connect You can enable the auto connect feature for a group or multiple groups This feature ensures that whenever you open the AnywhereUSB Manager you are automatically connected to all of the groups to which you are allowed access that have auto connect enabled Ways that you can open the AnywhereUS...

Page 54: ...for a group After you have enabled auto connect for a group you can disable this option You will no longer automatically connect to this group when you open the AnywhereUSB Manager 1 Open the AnywhereUSB Manager 2 Expand AnywhereUSB Hubs to display the Hubs 3 Expand a Hub to display the groups in the Hub 4 Right click on the AnywhereUSB group to which you no longer want to automatically connect at...

Page 55: ...k Add The Add Known Hub dialog appears 4 In the Hub Address field enter the Hub IP address or a network name such as a DNS name for the Hub 5 If you want to update the TCP port number click Advanced The Hub TCP port most systems should leave at default field displays a In the Hub TCP port most systems should leave at default field a TCP port number is entered by default You can change this entry b...

Page 56: ...ubs list that was on the same network as your computer the Hub will still be automatically found and connected to your computer when you open the AnywhereUSB Manager If you do not want the computer to be able to connect this Hub you must de select the Autofind Hubs option Note however that if this option is de selected Hubs on the same network as your computer will not be automatically found Only ...

Page 57: ...e Hidden Hubs The Hidden Hubs dialog appears 3 Click Add The Add Hidden Hub dialog appears 4 In the Hub Address field enter the Hub IP address 5 If you want to update the TCP port number click Advanced The Hub TCP port most systems should leave at default field displays a In the Hub TCP port most systems should leave at default field a TCP port number is entered by default You can change this entr...

Page 58: ...ave Hubs that have failed to connect no longer display in the AnywhereUSB Manager Display unauthorized Hubs You can display the unauthorized Hubs that were hidden using the Hide unauthorized Hubs option 1 Open AnywhereUSB Manager 2 Choose File Preferences The Preferences dialog appears 3 De select the Hide unauthorized Hubs option 4 Click Save Hubs that have failed to connect now display in the An...

Page 59: ...ct Start Manager minimized to open the AnywhereUSB Manager when it launches 5 Click Save Autofind Hubs in the AnywhereUSB Manager You can choose to automatically find Hubs connected to the network when AnywhereUSB Manager launches and repeatedly while the AnywhereUSB Manager is running based on the interval specified in the Preferences dialog 1 Open AnywhereUSB Manager 2 Choose File Preferences Th...

Page 60: ... value is 15 seconds l The keepalive timeout value would need to be longer if the network has more latency such as a cellular or satellite link or an internet link with unreliable packet delivery l If the value is too short devices will be disconnected which may have an adverse affect on some devices such as USB memory l If the value is too long Hubs that are removed from the network will not be n...

Page 61: ... register a Hub s certificate with the AnywhereUSB Manager Enable and disable the auto register Hub certificate You can choose to automatically find Hubs connected to the network when AnywhereUSB Manager launches 1 Open AnywhereUSB Manager 2 Choose File Preferences The Preferences dialog appears 3 Click the Setup tab 4 Determine whether you want to automatically register a Hub with the AnywhereUSB...

Page 62: ...ager 2 Choose Configure Manage Hub Credentials The Manage Hub Credentials dialog appears 3 Select the Hub that you want to remove 4 Click Remove 5 Click Close Add a Hub certificate You can manually add a Hub which registers the Hub s certificate with the AnywhereUSB Manager 1 Open AnywhereUSB Manager 2 Choose Configure Manage Hub Credentials The Manage Hub Credentials dialog appears 3 In the Seria...

Page 63: ...me you create a file If you want to save a file before it is overwritten rename the file or move it to a different location 1 Open AnywhereUSB Manager 2 Choose File Preferences The Preferences dialog appears 3 Choose Help Create Support File The support file is created When complete a dialog displays showing you the location of the file 4 Make a note of the file location 5 Click OK to close the di...

Page 64: ...the System Messages dialog View AnywhereUSB version and license information You can view version and license information about the AnywhereUSB Hub The version numbers for the currently installed version of the AnywhereUSB Manager the driver and the installer are listed at the top of the screen 1 Open the AnywhereUSB Manager 2 Select Help About The License dialog appears 3 View the version numbers ...

Page 65: ...ption 5 Click OK The pop up dialog closes and the Preferences dialog is available 6 In the Client ID field enter a new unique client ID 7 Click Save Access the online help from the AnywhereUSB Manager 1 Open the AnywhereUSB Manager 2 Click Help Online Manual to launch the online help file AnywhereUSB Manager window The AnywhereUSB Manager displays AnywhereUSB Hubs groups and USB devices Click the ...

Page 66: ...ure connection between the Hub and the PC Hub Yellow dot The PC and Hub are attempting to connect Hub Red X Connection between the Hub and the PC failed USB device Question mark Signifies unknown device class The toolbar icons manage the AnywhereUSB Manager dialog Icon Description Minimizes the AnywhereUSB Manager into the task bar and the notification area of the task bar Maximizes the AnywhereUS...

Page 67: ... maintain the Hub n Open Web UI n Assign Local Name n Add to Known Hubs n Hide Hub AnywhereUSB Manager group menu options Right click on a group name in the AnywhereUSB Manager to configure and maintain the group n Connect to Group n Disconnect from Group n Enable Auto Connect n Disable Auto Connect n Assign Local Name AnywhereUSB Manager USB device menu options Right click on a USB device name in...

Page 68: ... Manager was installed in service mode or stand alone mode Label Description Dialog title The dialog title reflects the AnywhereUSB Manager mode that was selected during installation The dialog title depends on whether the Manager was installed in service mode or stand alone mode Service Mode When installed in service mode the AnywhereUSB Manager dialog title is AnywhereUSB Manager SERVICE MODE St...

Page 69: ...eUSB Manager Service Version The version number of the currently running service Note This displays only when the Manager is installed in service mode Connection Summary A summary of the connection status for each of the Hubs listed in the AnywhereUSB Manager For information about the connection status messages see AnywhereUSB Manager connection status messages AnywhereUSB Manager Hub Status pane ...

Page 70: ...an change the local name using the Assign Local Name menu option for the Hub Model The model name for the AnywhereUSB Hub Version The version number of the firmware running on the Hub Address The network address of the Hub Serial The serial number of the Hub which is found on the Hub label AnywhereUSB Manager Group Status pane When you select a group in the AnywhereUSB Manager information about th...

Page 71: ...r is running You can change the local name using the Assign Local Name menu option for the group Status A status message indicates whether a user is currently connected this group Options are n You are using this group n No one is using this group n In use by client ID at machine name AnywhereUSB Manager USB Device Status pane When you select a USB device in a group in the AnywhereUSB Manager info...

Page 72: ...y client ID at machine name A question mark icon displays if the device class is unknown AnywhereUSB Manager connection status messages The connection status messages describe the current status of the Hub connection n Active secure The number of Hubs that are currently connected to the AnywhereUSB Manager n Attempting to connect The AnywhereUSB Manager is trying to connect to the Hub but a connec...

Page 73: ...entials for the user currently logged on to the computer During initial log in process the AnywhereUSB Manager creates a secure identity certificate that is associated with the client ID This certificate is used to validate your user account with the Hub The certificate associated with the user account client ID must match the certificate for this client ID on the Hub to allow a connection Note Fo...

Page 74: ... before you manually add the Hub to the Manage Hub Credentials list or if you remove the certificate and a new one is automatically assigned over the network Step 1 Remove the Hub certificate Remove the Hub from the Manage Hub Credentials list See Remove a Hub certificate Step 2 Add the Hub certificate to the Manager After the Hub has been removed from the Manage Hub Credentials list the AnywhereU...

Page 75: ...ager Resolution For more information see Manage Hub credentials and Invalid Hub Certificate Hub has a different IP address The device is no longer connected or has been moved to another network segment The AnywhereUSB Manager does not discover Hubs that are not on the same network segment as the client Resolution Add the Hub to the list of known Hubs This ensures that the AnywhereUSB Manager can c...

Page 76: ... Hub firmware See Update system firmware Unregistered Client ID The message Invalid Client ID displays when the client ID is not registered with the Hub and a connection between the Hub and the PC cannot be established The client ID is a unique identifier assigned to a user account the first time a user logs in to a computer and opens the AnywhereUSB Manager The client ID is associated with the lo...

Page 77: ...essages and responses and how often the AnywhereUSB Manager searches for a Hub and the Hub response time Click File Preferences to display the Preferences dialog Setup tab n Client ID n Start Manager minimized n Autofind Hubs n Use All Hub Addresses n Hide unauthorized Hubs n Auto register Hub Cert n Restore default settings Advanced tab Specify search response and keepalive intervals for a Hub ...

Page 78: ...You can log out of the AnywhereUSB Manager close the dialog 1 Open the AnywhereUSB Manager 2 Click File Exit to disconnect all USB devices connected to your computer close all connections and close the AnywhereUSB Manager 3 If you are connected to any USB devices a confirmation dialog appears 4 Click Yes to exit the AnywhereUSB Manager ...

Page 79: ... user 81 Configuration methods 82 Open the web user interface 83 Using Digi Remote Manager 85 Access Digi Remote Manager 85 Use the local REST API to configure the AnywhereUSB Plus device 85 Using the command line 90 Access the command line interface 90 Log in to the command line interface 90 Exit the command line interface 91 AnywhereUSB Plus User Guide 79 ...

Page 80: ...d manage your device 4 Click Configure The following tables list important factory default settings for the AnywhereUSB Plus Default interface configuration Interface type Preconfigured interfaces Devices Default configuration Wide Area Networks WANs Available only on the AnywhereUSB Plus 8 and 24 models n Modem n WWAN1 cellular modem n Firewall zone External n WAN priority Metric 3 n SIM failover...

Page 81: ...que factory assigned password for the default admin user account is printed on the bottom label of the device and on the loose label included in the package If you erase the device configuration or reset the device to factory defaults the password for the admin user will revert to the original factory assigned default password É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin...

Page 82: ...5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configuration methods There are three methods for configuring your AnywhereUSB Plus device n Web interface The local web interface on the Hub which includes a separate page for all AnywhereUSB Plus configuration l See Open the web user ...

Page 83: ...h the web UI a warning dialog may appear if your internet connection is not private In this situation continue to access the device and a log in dialog appears If your internet connection is private only the log in dialog appears The user name is admin and the default password is located on the label on the bottom of the Hub Note that the password is case sensitive and must be typed in exactly as ...

Page 84: ...Open the web user interface AnywhereUSB Plus User Guide 84 1 Open a browser window 2 Enter the IP address for the Hub A login screen displays 3 Enter the user name and password 4 Click Login The web UI Dashboard displays by default ...

Page 85: ...USB Plus device includes a REST API that can be used to return information about the device s configuration and to make modifications to the configuration You can view the REST API specification from your web browser by opening the URL https ip address cgi bin config cgi For example https 192 168 210 1 cgi bin config cgi Use the GET method to return device configuration information To return devic...

Page 86: ...determine further allowed path location values by using the question mark with the path name config service Services Additional Configuration dns DNS iperf IPerf location Location mdns Service Discovery mDNS modbus_gateway Modbus Gateway multicast Multicast ntp NTP ping Ping responder snmp SNMP ssh SSH telnet Telnet web_admin Web administration config service For example to use curl to return the ...

Page 87: ...le key mdns port protocol Use the POST method to modify device configuration parameters and list arrays Use the POST method to modify device configuration parameters To modify configuration parameters use the POST method with the path and value parameters curl k u admin https ip address cgi bin config cgi value path path value new_value X POST where n path is the path to the configuration paramete...

Page 88: ... 1 2 4 0 24 destination network curl k u admin https 192 168 210 1 cgi bin config cgi value pathnetwork route static append true collapsed dst 1 2 4 0 24 collapsed interface network interface wan X POST X POST Enter host password for user admin ok true result network route static 1 Use the DELETE method to remove items from a list array To remove items from a list array use the DELETE method For e...

Page 89: ...e the AnywhereUSB Plus device AnywhereUSB Plus User Guide 89 2 Use the DELETE method to remove the external zone list item 4 curl k u admin https 192 168 210 1 cgi bin config cgi value path service ssh acl zone 4 X DELETE Enter host password for user admin ok true ...

Page 90: ...command line your device must be configured to allow access and you must log in as a user who has been configured for the appropriate access For further information about configuring access to these services see n WebUI Configure the web administration service n SSH Configure SSH access Log in to the command line interface Command line 1 Connect to the AnywhereUSB Plus device by using a serial con...

Page 91: ...ands Press for a list of commands and details Type help for details on navigating the CLI Type exit to disconnect from the Admin CLI See Command line interface for detailed instructions on using the command line interface Exit the command line interface Command line 1 At the command prompt type exit exit 2 Depending on the device configuration you may be presented with another menu for example Acc...

Page 92: ...pen the web user interface AnywhereUSB Configuration page 93 AnywhereUSB Status page 94 Rename a Hub and the groups in a Hub 95 Configure and manage client IDs 96 Cycle the power to a port on a Hub from the web UI 98 View Hub system information 99 Configure device identity settings 100 View current connections to the Hub 101 Manually configure the PC and assign an IP address to a Hub 101 AnywhereU...

Page 93: ...ed when working with Digi Technical Support to debug an issue Group Settings Click Group Settings to expand this section In this section you can name groups and assign USB ports to the groups For instructions see Create groups and assign ports to the group Item Description Group Description A free form description of a group You can type over the default description One row displays for each group...

Page 94: ...cates have been exchanged between the computer and the Hub After this occurs the Certificate value is updated to Available See Configure a client ID Description A free form description of the client Group Access The groups that this client is allowed to access The USB ports in the group can be accessed by this user account See Configure a client ID Add Client Click Add Client to manually add a new...

Page 95: ...rt on a Hub from the web UI Client Connections Click to expand this section and display information about the groups connected to the AnywhereUSB Item Description configuration icon Click the configuration icon in the upper right corner of the page to access the AnywhereUSB Configuration page See Configure the AnywhereUSB in the web user interface for more information Group A group to which the cl...

Page 96: ... Device Configuration 3 Expand System 4 In the Name field enter a descriptive name for the Hub The name cannot have spaces or underscores 5 Click Apply Rename a group You can rename the AnywhereUSB Hub in the AnywhereUSB page in the web UI By default a group is named Group appended by a consecutive number such as Group 1 Group 2 and so on The group name displays in the Group Name field in the Grou...

Page 97: ...igure Information about the selected client ID displays in the Settings for Client section 5 Click Edit 6 In the Description field enter a descriptive name for the client ID 7 Click the check box next to a group to which the computer is allowed access As you select groups the selected group numbers appear in the Group Access field in the Settings for Client section You can also manually enter grou...

Page 98: ...t the client ID in the Settings for Client New Client section a In the Client ID field enter the client ID for the computer b In the Description field enter a descriptive name for the client ID c Click the check box next to a group to which the computer is allowed access As you select groups the selected group numbers appear in the Group Access field in the Settings for Clients section Note The Ce...

Page 99: ...he power to a USB device connected to the Hub from the AnywhereUSB Manager 1 Open the web UI 2 Click Status AnywhereUSB The AnywhereUSB Status page displays 3 Click Cycle for the port that you want power off and then on 4 When the power cycle is complete a success message displays View Hub system information You can view current status information about the Hub in the Dashboard This page appears b...

Page 100: ...on For more information see Cycle the power to a port on a Hub from the web UI Client Connections Click to expand this section and display information about the groups connected to the AnywhereUSB Item Description configuration icon Click the configuration icon in the upper right corner of the page to access the AnywhereUSB Configuration page See Configure the AnywhereUSB in the web user interface...

Page 101: ...pand the Client Connection section to display information about the computers connected to the Hub Manually configure the PC and assign an IP address to a Hub You can manually assign an IP address to the Hub Prerequisites n An Ethernet cable must be connected to the Hub and a network n A power supply must be connected to the Hub and the Hub powered on n Determine the IP address that you want to as...

Page 102: ...rowser window 8 Enter the default gateway IP address 192 168 210 1 9 Log into the Hub using the default user name and password The default user name is admin and the default password is printed on the bottom label of the device and on the loose label included in the package If the defaults to not work they may have been changed Confirm this information with your system administrator 10 Update the ...

Page 103: ...es These interfaces can be bridged in a Local Area Network LAN or assigned to a Wide Area Network WAN This chapter contains the following topics Define a static IP address 104 Wide Area Networks WANs 105 Local Area Networks LANs 176 Bridging 207 AnywhereUSB Plus User Guide 103 ...

Page 104: ...le IPv4 support if it is not enabled This is enabled by default c For Type select Static IP address d For Address type the IP address and subnet of the LAN interface Use the format IPv4_ address netmask for example 192 168 2 1 24 For more information about the netmask see IP address and netmask e For Default gateway type the default gateway associated with this network interface 6 Optional Add DNS...

Page 105: ...reless Wide Area Networks WWANs 106 Configure WAN WWAN priority and default route metrics 106 WAN WWAN failover 109 Configure SureLink active recovery to detect WAN WWAN failures 110 Configure the device to reboot when a failure is detected 118 Disable SureLink 127 Example Use a ping test for WAN failover from Ethernet to cellular 130 Using Ethernet devices in a WAN 133 Using cellular modems in a ...

Page 106: ...y adds a default IP route for the WAN The priority of the WAN is based on the metric of the default route as configured in the WAN s IPv4 and IPv6 metric settings Assigning priority to WANs By default the AnywhereUSB Plus device s WAN ETH1 is configured with the lowest metric 1 and is therefor the highest priority WAN By default the Wireless WAN Modem is configured with a metric of 3 which means i...

Page 107: ...hts 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Set the metrics for Modem a Click Network Interfaces Modem IPv4 b For Metric type 1 c Click IPv6 d For Metric type 1 4 Set the metrics for ETH1 a Click Network Interfaces ETH1 IPv4 b For Metric type 2 c Click IPv6 d For Metric type 2 ...

Page 108: ... Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Set the metrics for Modem a Set the IPv4 metric for Modem to 1 For example config network interface modem ipv4 me...

Page 109: ...e failure detection There are two ways to detect WAN or WWAN failure active detection and passive detection n Active detection uses Digi SureLinkTM technology to send probe tests to a target host or to test the status of the interface The WAN WWAN is considered to be down if there are no responses for a configured amount of time See Configure SureLink active recovery to detect WAN WWAN failures fo...

Page 110: ...d IPv6 configurations By default SureLink is enabled for IPv4 for the preconfigured WAN ETH1 and WWAN Modem It is disabled for IPv6 When SureLink is configured for Wireless WANs SureLink tests are only run if the cellular modem is connected and has an IP address Use the SIM failover options to configure the AnywhereUSB Plus device to automatically recover the modem in the event that it cannot obta...

Page 111: ...s To configure the AnywhereUSB Plus device to regularly probe connections through the WAN É WebUI SureLink can be configured for both IPv4 and IPv6 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Create a new WAN or WWAN or selec...

Page 112: ... test Tests connectivity by sending an ICMP echo request to the hostname or IP address specified in Ping host You can also optionally change the number of bytes in the Ping payload size n DNS test Tests connectivity by sending a DNS query to the specified DNS server n HTTP test Tests connectivity by sending an HTTP or HTTPS GET request to the URL specified in Web servers The URL should take the fo...

Page 113: ...s 15 minutes f If more than one test target is configured for Success condition determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets g For Pass threshold type or select the number of times that the test must pass after failure before the interface is determined to be working and is reinstated h For Failed attempts type the numb...

Page 114: ...ink tests are only run if the cellular modem is connected and has an IP address Use the SIM failover options to configure the AnywhereUSB Plus device to automatically recover the modem in the event that it cannot obtain an IP address See Configure a Wireless Wide Area Network WWAN for details about SIM failover config network interface my_wan ipv4 surelink enable true config network interface my_w...

Page 115: ...format http s hostname path n interface_up The interface is considered to be down based on the interfaces down time and the amount of time an initial connection to the interface takes before this test is considered to have failed l Optional Set the amount of time that the interface can be down before this test is considered to have failed config network interface my_wan ipv4 surelink target 0 inte...

Page 116: ...erface to be tested i Use the to determine available interfaces config network interface my_wan ipv4 surelink target 0 other_interface Interface The network interface Format network interface defaultip network interface defaultlinklocal network interface eth1 network interface eth2 network interface loopback Current value config network interface my_wan ipv4 surelink target 0 other_interface ii Se...

Page 117: ...nectivity after restarting such as a cellular modem c To configure the device to reboot when the interface is considered to have failed config network interface my_wan ipv4 surelink reboot enable config network interface my_wan ipv4 surelink Note If both the restart and reboot parameters are enabled the reboot parameter takes precedence d Set the Interval between connectivity tests config network ...

Page 118: ... and apply the change config network interface my_wan ipv4 surelink save Configuration saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the device to reboot when a failure is detected Using SureLink you can configure the AnywhereUSB Plus device to reboot when it has d...

Page 119: ...rver or to the DNS servers configured for the WAN l HTTP or HTTPS test Requires the URL of the host to be tested l Interface status Determines if the interface has an IP address assigned to it that the physical link is up and that a route is present to send traffic out of the network interface Additional configuration items n See Configure SureLink active recovery to detect WAN WWAN failures for o...

Page 120: ...nterface click IPv4 or IPv6 SureLink 6 Enable SureLink SureLink can be enabled for both IPv4 and IPv6 configurations By default SureLink is enabled for IPv4 for the preconfigured WAN ETH1 and WWAN Modem It is disabled for IPv6 When SureLink is configured for Wireless WANs SureLink tests are only run if the cellular modem is connected and has an IP address Use the SIM failover options to configure ...

Page 121: ... take the format of http s hostname path n Test DNS servers configured for this interface Tests connectivity by sending a DNS query to the DNS servers configured for this interface n Test the interface status The interface is considered to be down based on l Down time The amount of time that the interface can be down before this test is considered to have failed Allowed values are any number of we...

Page 122: ...00s The default is 15 seconds 13 Optional Repeat this procedure for IPv6 14 Click Apply to save the configuration and apply the change Command line Active recovery can be configured for both IPv4 and IPv6 These instructions are for IPv4 to configure IPv6 active recovery replace ipv4 in the command line with ipv6 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights D...

Page 123: ...ink reboot true config network interface my_wan ipv4 surelink Note If both the restart and reboot parameters are enabled the reboot parameter takes precedence 6 Optional Set the number of times that the Surelink test must fail before the device is rebooted config network interface my_wan ipv4 surelink reboot_attempts int config network interface my_wan ipv4 surelink where int is any number greater...

Page 124: ...format http s hostname path n interface_up The interface is considered to be down based on the interfaces down time and the amount of time an initial connection to the interface takes before this test is considered to have failed l Optional Set the amount of time that the interface can be down before this test is considered to have failed config network interface my_wan ipv4 surelink target 0 inte...

Page 125: ...erface to be tested i Use the to determine available interfaces config network interface my_wan ipv4 surelink target 0 other_interface Interface The network interface Format network interface defaultip network interface defaultlinklocal network interface eth1 network interface eth2 network interface loopback Current value config network interface my_wan ipv4 surelink target 0 other_interface ii Se...

Page 126: ... example to set interval to ten minutes enter either 10m or 600s config network interface my_wan ipv4 surelink interval 600s config network interface my_wan ipv4 surelink The default is 15 minutes c If more than one test target is configured determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets config network interface my_wan ip...

Page 127: ...sable SureLink If your device uses a private APN with no Internet access or your device has a restricted wired WAN connection that doesn t allow DNS resolution follow this procedure to disable the default SureLink connectivity tests You can also disable DNS lookup or other internet activity while retaining the SureLink interface test É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with ful...

Page 128: ...ig network interface modem ipv4 surelink enable false config network interface modem 5 Save the configuration and apply the change config network interface my_wwan ipv4 surelink save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Disable DNS lookup Alternatively ...

Page 129: ...ayed 3 Click Network Interfaces 4 Select the appropriate WAN or WWAN on which SureLink should be disabled 5 After selecting the WAN or WWAN click IPv4 SureLink 6 Click to expand Test targets 7 Click to expand the second test target This test target has its Test type set to Test DNS servers configured for this interface 8 Click the menu icon next to the target and select Delete 9 Click Apply to sav...

Page 130: ...config network interface my_wan 6 Save the configuration and apply the change config network interface my_wan ipv4 surelink save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Example Use a ping test for WAN failover from Ethernet to cellular In this example conf...

Page 131: ...ve recovery on ETH1 a Click Network Interface ETH1 IPv4 SureLink b For Interval type 10s c Click to expand Test targets d Delete the existing test targets Click the menu icon next to each target and select Delete e For Add Test Target click g f For Test type select Ping test g For Ping host type 43 66 93 111 h For Ping payload size type 256 4 Repeat the above step for Modem to enable SureLink on t...

Page 132: ...arget 0 config network interface eth1 del ipv4 surelink target 1 config network interface eth1 c Add a test target config add network interface eth1 ipv4 surelink target end config network interface eth1 ipv4 surelink target 0 d Set the probe type to ping config network interface eth1 ipv4 surelink target 0 test ping config network interface eth1 ipv4 surelink target 0 e Set the packet size to 256...

Page 133: ...uded in a preconfigured Wireless WAN also named Modem The cellular modem can have only one active SIM slot at any one time For example Modem can have either SIM1 or SIM2 up at one time Typically you configure SIM1 of the cellular modem as the primary cellular interface and SIM2 as the backup cellular interface In this way if the AnywhereUSB Plus device cannot connect to the network using SIM1 it a...

Page 134: ...r select Any to use any SIM slot The default is Any 6 If Active SIM slot is set to Any for Preferred SIM slot select the SIM slot that should be considered the preferred slot for this modem or select None In the event of a failover to a non preferred SIM or if manual SIM switching is used to switch to a non preferred SIM the modem will attempt to reconnect to the SIM in the preferred SIM slot None...

Page 135: ...used by the modem config network modem modem sim_slot value config where value is one of the following n any Uses either SIM slot n 1 Uses the first SIM slot n 2 Uses the second SIM slot The default is any 5 If sim_slot is set to any set the SIM slot that should be considered the preferred slot for this modem config network modem modem sim_slot_preference value config where value is one of the fol...

Page 136: ...h value config Available options for value vary depending on the modem type To determine available options config network modem modem access_tech Access technology The cellular network technology that the modem may use Format 2G 3G 4G 4GM 4GT all Default value all Current value all config The default is all which uses the best available technology 9 Set whether the modem should use the main antenn...

Page 137: ...SB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces Modem APN list APN 4 For APN type the Access Point Name APN to be used when connecting to the cellular carrier 5 Optional IP version For IP version select one of the following n Automatic Requests both IPv4 ...

Page 138: ...ll Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config network interface modem modem apn 0 apn value config where value is the APN for the SIM card 4 Optional To add additional APNs a Use the add ...

Page 139: ...n 0 username name config network interface modem modem apn 0 password pwd config The default is none 7 Optional To configure the device to bypass its preconfigured APN list and only use the configured APNs config network interface modem modem apn_lock true config 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device...

Page 140: ... then use routing roles to forward traffic to the appropriate WWAN interface Note Dual APN connections with the Telit LE910 NAv2 module when using a Verizon SIM are not supported Using an AT T SIM with the Telit LE910 NAv2 module is supported The Telit LE910 NAv2 module is used in the 1002 CM04 CORE modem É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On th...

Page 141: ...e AnywhereUSB Plus will attempt to determine the APN i Click to expand APN list APN ii For APN type the public APN for your cellular carrier g For Add Interface type WWAN_Private and click g h For Interface type select Modem i For Zone select External j For Device select Modem This should be the same modem selected for the WWAN_Public WWAN k Enable APN list only l Click to expand APN list APN ...

Page 142: ...PN and LAN2 through the private APN a Click Network Routes Policy based routing b Click the g to add a new route policy c For Label enter Route through public APN d For Interface select Interface WWAN_Public e Configure the source address i Click to expand Source address ii For Type select Interface iii For Interface select LAN1 f Configure the destination address i Click to expand Destination add...

Page 143: ... address ii For Type select Interface iii For Interface select LAN2 k Configure the destination address i Click to expand Destination address ii For Type select Interface iii For Interface select Interface WWAN_Private 6 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your devi...

Page 144: ...WANPublic modem device modem config network interface WWANPublic d Optional Set the public APN If the public APN is not configured the AnywhereUSB Plus will attempt to determine the APN config network interface WWANPublic modem apn public_apn config network interface WWANPublic e Use to periods to move back one level in the configuration config network interface WWANPublic config network interface...

Page 145: ...fy this route policy config network route policy 0 label Route through public apn config network route policy 0 c Set the interface config network route policy 0 interface network interface WWANPublic config network route policy 0 d Configure the source address i Set the source type to interface config network route policy 0 src type interface config network route policy 0 ii Set the interface to ...

Page 146: ...rce address i Set the source type to interface config network route policy 1 src type interface config network route policy 1 ii Set the interface to LAN2 config network route policy 1 src interface LAN2 config network route policy 1 k Configure the destination address i Set the type to interface config network route policy 1 dst type interface config network route policy 1 ii Set the interface to...

Page 147: ...l or Manual Automatic carrier selection mode n The Network PLMN ID É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces Modem 4 For Carrier selection mode select one of the following n Automatic The device automatically selects ...

Page 148: ...Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config network interface modem modem operator_mode value config where value is one of n automatic The device automatically selects the carrier based on your SIM and cellular network status n manual The device will only connect to the carrier identified in the N...

Page 149: ...evice configuration you may be presented with an Access selection menu Type quit to disconnect from the device Scan for available cellular carriers You can scan for available carriers and determine their network PLMN ID by using the modem scan command at the Admin CLI É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 From the main menu click Status Modems 3 croll to the C...

Page 150: ...onnection to perform this procedure you may lose your connection and the device will no longer be accessible Command line 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type modem scan Issuing network scan this may take som...

Page 151: ...the Admin CLI 2 Use the show modem command n To view a status summary for the modem show modem Modem SIM Status APN Signal Strength modem 1 ready connected 1234 Good 84 dBm n To view detailed status and statistics use the show modem name name command show modem name modem modem Telit LM940 IMEI 781154796325698 Manufacturer Telit Model LM940 FW Version 24 01 541_ATT Revision 24 01 541 Status State ...

Page 152: ... tries to set an invalid PIN for the SIM card too many times In addition some cellular carriers require a SIM PIN to be added before the SIM card can be used If the SIM card is locked the AnywhereUSB device cannot make a cellular connection Command line To unlock a SIM card 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be pr...

Page 153: ...n Fair 106 dBm to 115 dBm n Poor 116 dBm to 120 dBm n No service 120 dBm Signal strength for 3G and 2G connections For 3G and 2G cellular connections the current RSSI value determines signal strength n Excellent 70 dBm n Good 70 dBm to 85 dBm n Fair 86 dBm to 100 dBm n Poor 100 dBm to 109 dBm n No service 110 dBm Tips for improving cellular signal strength If the signal strength LEDs or the signal...

Page 154: ...s to the modem y n y 4 Type n if you do not want exclusive access This allows you to send AT commands to the device while still allowing the device to connect disconnect and or reconnect to the cellular network The following is an example interactive AT command modem at interactive Do you want exclusive access to the modem y n y n Starting terminal access to modem AT commands Note that the modem i...

Page 155: ... route l When to use DNS servers for this interface l Whether to include the AnywhereUSB Plus device s hostname in DHCP requests l SureLink active recovery configuration See Configure SureLink active recovery to detect WAN WWAN failures for further information n IPv6 configuration l The metric for IPv6 routes associated with the WAN l The relative weight for IPv6 routes associated with the WAN l T...

Page 156: ...s are enabled by default To disable click Enable 5 For Interface type leave at the default setting of Ethernet 6 For Zone select External 7 For Device select an Ethernet device or a bridge See Bridging for more information about bridging 8 Optional Click to expand 802 1x to configure 802 1x port based network access control a Click to expand Authentication b Click Enable server to enable a 802 1x ...

Page 157: ...about DHCP server support for the Client FQDN option n See Configure system information for information about setting the AnywhereUSB Plus device s system name d See Configure SureLink active recovery to detect WAN WWAN failures for information about configuring Active recovery 10 Optional Configure IPv6 settings a Click to expand IPv6 b Enable IPv6 support c For Type select DHCPv6 address d For P...

Page 158: ... device s system name 11 Optional Click to expand MAC address denylist Incoming packets will be dropped from any devices whose MAC addresses is included in the MAC address denylist a Click to expand MAC address denylist b For Add MAC address click g c Type the MAC address 12 Optional Click to expand MAC address allowlist If there allowlist entries are specified incoming packets will only be accept...

Page 159: ...information about bridging a Enter device to view available devices and the proper syntax config network interface my_wan device Current value config network interface my_wan device b Set the device for the LAN config network interface my_wan device device config network interface my_wan 6 Configure IPv4 settings n IPv4 support is enabled by default To disable config network interface my_wan ipv4 ...

Page 160: ...le interfaces have the same DNS server the interface with the lowest metric will be used for DNS requests n primary Only use the DNS servers provided for this interface when the interface is the primary route n never Never use DNS servers for this interface vi Enable DHCP Hostname to instruct the AnywhereUSB Plus device to include the device s system name with DHCP requests as the Client FQDN opti...

Page 161: ... interface my_wan d Modify any of the remaining default settings as appropriate For example to change the metric config network interface my_wan ipv6 metric 1 config network interface my_wan If the minimum length is not available then a longer prefix will be used See Configure WAN WWAN priority and default route metrics for further information about metrics Optional Configure the MAC address deny ...

Page 162: ...ork WWAN Configuring a Wireless Wide Area Network WWAN involves configuring the following items Required configuration items n The interface type Modem n The firewall zone External n The cellular modem that is used by the WWAN Additional configuration items n SIM selection for this WWAN n The SIM PIN n The SIM phone number for SMS connections n Enable or disable roaming n SIM failover configuratio...

Page 163: ...ce access l The IPv6 Maximum Transmission Unit MTU of the WAN l When to use DNS always never or only when this interface is the primary default route l SureLink active recovery configuration See Configure SureLink active recovery to detect WAN WWAN failures for further information É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under...

Page 164: ...he International Mobile Subscriber Identity IMSI that must be in active for this WWAN to be used n If ICCID is selected for Match ICCID type the unique SIM card ICCID that must be in active for this WWAN to be used 11 Type the PIN for the SIM Leave blank if no PIN is required 12 Type the Phone number for the SIM for SMS connections Normally this should be left blank It is only necessary to complet...

Page 165: ...is unavailable n Reboot device The device will reboot if automatic SIM switching is unavailable 16 For APN list and APN list only the AnywhereUSB Plus device uses a preconfigured list of Access Point Names APNs when attempting to connect to a cellular carrier for the first time After the device has successfully connected it will remember the correct APN As a result it is generally not necessary to...

Page 166: ...t is used to load balance traffic to the interfaces e Set the Management priority This determines which interface will have priority for central management activity The interface with the highest number will be used f Set the MTU g For Use DNS n Always DNS will always be used for this WWAN when multiple interfaces have the same DNS server the interface with the lowest metric will be used for DNS r...

Page 167: ...Enter modem device to view available modems and the proper syntax config network interface my_wwan modem device Device The modem used by this network interface Format modem Current value config network interface my_wwan device b Set the device config network interface my_wwan modem device modem config network interface my_wwan 6 Set theSIM matching criteria to determine when this WWAN should be us...

Page 168: ...face my_wwan n imsi Set the International Mobile Subscriber Identity IMSI that must be in active for this WWAN to be used config network interface my_wwan modem imsi IMSI config network interface my_wwan n plmn_id Set the PLMN id that must be in active for this WWAN to be used config network interface my_wwan modem plmn_id PLMN_ID config network interface my_wwan n sim_slot Set which SIM slot must...

Page 169: ...rrier is manually configured If the configured network is not available automatic carrier selection is used If manual or manual_automatic is set a Set the Network PLMN ID config network interface my_wwan modem operator PLMN_ID config network interface my_wwan b Set the cellular network technology config network interface my_wwan modem operator_technology value config network interface my_wwan wher...

Page 170: ...n reboot The device will reboot if automatic SIM switching is unavailable 12 The AnywhereUSB Plus device uses a preconfigured list of Access Point Names APNs when attempting to connect to a cellular carrier for the first time After the device has successfully connected it will remember the correct APN As a result it is generally not necessary to configure APNs See Configure cellular modem APNs for...

Page 171: ...interface my_wwan ipv4 mgmt num config network interface my_wwan e Set the MTU config network interface my_wwan ipv4 mtu num config network interface my_wwan f Configure when the WWAN s DNS servers will be used config network interface my_wwan ipv4 dns value config network interface my_wwan Where value is one of n always DNS will always be used for this WWAN when multiple interfaces have the same ...

Page 172: ...when the WWAN s DNS servers will be used config network interface my_wwan ipv4 dns value config network interface my_wwan Where value is one of n always DNS will always be used for this WWAN when multiple interfaces have the same DNS server the interface with the lowest metric will be used for DNS requests n never Never use DNS servers for this WWAN n primary Only use the DNS servers provided for ...

Page 173: ...network verbose Interface Proto Status Type Zone Device Metric Weight defaultip IPv4 up static setup eth2 10 10 defaultlinklocal IPv4 up static setup eth2 0 10 eth1 IPv4 up dhcp external eth1 1 10 eth1 IPv6 up dhcp external eth1 1 10 eth2 IPv4 up static internal eth2 5 10 eth2 IPv6 up static internal eth2 5 10 loopback IPv4 up static loopback loopback 0 10 modem IPv4 up modem external wwan1 3 10 m...

Page 174: ...device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a WAN or WWAN Follow this procedure to delete any WANs and WWANs that have been added to the system You cannot delete the preconfigured WAN ETH1 or the preconfigured WWAN Modem É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu clic...

Page 175: ...work interface my_wwan 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Default outbound WAN WWAN ports The following table lists the default outbound network communications for AnywhereUSB Plus WAN WWAN int...

Page 176: ...owing Local Area Networks LANs You can modify configuration settings for ETH2 and you can create new LANs This section contains the following topics About Local Area Networks LANs 177 Configure a LAN 177 Show LAN status and statistics 183 Delete a LAN 185 DHCP servers 187 Create a Virtual LAN VLAN route 203 Default services listening on LAN ports 206 ...

Page 177: ...change the default IP address and subnet of LAN1 Additional configuration items n Additional IPv4 configuration l The metric for IPv4 routes associated with the LAN l The relative weight for IPv4 routes associated with the LAN l The IPv4 management priority of the LAN The active interface with the highest management priority will have its address reported as the preferred contact address for centr...

Page 178: ...the LAN The Interface configuration window is displayed New LANs are enabled by default To disable click Enable 5 For Interface type leave at the default setting of Ethernet 6 For Zone select the appropriate firewall zone See Firewall configuration for further information 7 For Device select an Ethernet device or a bridge See Bridging for more information about bridging 8 Optional Click to expand ...

Page 179: ... c For Type select IPv6 prefix delegration d For Prefix length type the minimum length of the prefix to assign to this LAN If the minimum length is not available then a longer prefix will be used e For Prefix ID type the identifier used to extend the prefix to the assigned length Leave blank to use a random identifier f Set the Metric g For Weight type the relative weight for default routes associ...

Page 180: ... config 3 Create a new LAN or edit an existing one n To create a new LAN named my_lan config add network interface my_lan config network interface my_lan n To edit an existing LAN named my_lan change to the my_lan node in the configuration schema config network interface my_lan config network interface my_lan 4 Set the appropriate firewall zone config network interface my_lan zone zone config netw...

Page 181: ...netmask for example 192 168 2 1 24 config network interface my_lan ipv4 address ip_address netmask config network interface my_lan b Optional IPv4 configuration items i Set the IP metric config network interface my_lan ipv4 metric num config network interface my_lan ii Set the relative weight for default routes associated with this interface For multiple active interfaces with the same metric the ...

Page 182: ...iew the default IPv6 settings by using the question mark config network interface my_lan ipv6 IPv6 Parameters Current Value enable true Enable metric 0 Metric mgmt 0 Management priority mtu 1500 MTU prefix_id 1 Prefix ID prefix_length 48 Prefix length type prefix_delegation Type weight 10 Weight Additional Configuration connection_monitor Active recovery dhcpv6_server DHCPv6 server config network ...

Page 183: ...n separated MAC address for example 32 A6 84 2E 81 58 b Repeat for each additional MAC address Optional Configure the MAC address allowlist If there allowlist entries are specified incoming packets will only be accepted from the listed MAC addresses a Add a MAC address to the allowlist config network interface my_lan add mac_allowlist end mac_address config network interface my_lan where mac_addre...

Page 184: ...1 101 30 modem IPv6 down 3 Additional information can be displayed by using the show network verbose command show network verbose Interface Proto Status Type Zone Device Metric Weight defaultip IPv4 up static setup eth2 10 10 defaultlinklocal IPv4 up static setup eth2 0 10 eth1 IPv4 up dhcp external eth1 1 10 eth1 IPv6 up dhcp external eth1 1 10 eth2 IPv4 up static internal eth2 5 10 eth2 IPv6 up ...

Page 185: ...CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a LAN Follow this procedure to delete any LANs that have been added to the system You cannot delete the preconfigured LAN LAN1 É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration...

Page 186: ...Interfaces Local Area Networks LANs AnywhereUSB Plus User Guide 186 5 Click Apply to save the configuration and apply the change ...

Page 187: ...cal network which assigns IP addresses to clients on the device s local network Addresses are assigned from a specified pool of IP addresses For a local network the device uses the DHCP server that has the IP address pool in the same IP subnet as the local network When a host receives an IP configuration the configuration is valid for a particular amount of time known as the lease time After this ...

Page 188: ...e a LAN 5 Click to expand IPv4 DHCP server 6 Enable the DHCP server 7 Optional For Lease time type the amount of time that a DHCP lease is valid Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Lease time to ten minutes enter 10m or 600s The default is 12 hours 8 Optional For Lease range start and Lease range end type the ...

Page 189: ...ath and file name of the bootfile on the TFTP server g For TFTP server name type the IP address or host name of the TFTP server 10 See Configure DHCP options for information about Custom DHCP options 11 See Map static IP addresses to hosts for information about Static leases 12 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a...

Page 190: ... DHCP server will assign to a client config network interface my_lan ipv4 dhcp_server lease_end num config Allowed values are between 1 and 254 and the default is 250 7 Optional DHCP server settings a Click to expand Advanced settings b Determine how the DHCP server should broadcast the gateway server config network interface my_lan ipv4 dhcp_server advanced gateway value config where value is one...

Page 191: ...nced secondary_dns value config network interface my_lan ipv4 dhcp_server advanced primary_ ntp value config network interface my_lan ipv4 dhcp_server advanced secondary_ntp value config network interface my_lan ipv4 dhcp_server advanced primary_ wins value config network interface my_lan ipv4 dhcp_server advanced secondary_wins value config where value is one of n none No server is broadcast n au...

Page 192: ... device Map static IP addresses to hosts You can configure the DHCP server to assign static IP addresses to specific hosts Required configuration items n IP address that will be mapped to the device n MAC address of the device Additional configuration items n A label for this instance of the static lease To map static IP addresses É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full A...

Page 193: ... config config 3 Add a static lease to the DHCP server configuration for an existing LAN For example to add static lease to a LAN named my_lan config add network interface my_lan ipv4 dhcp_server advanced static_ lease end config network interface my_lan ipv4 dhcp_server advanced static_lease 0 See Configure a LAN for information about creating a LAN 4 Set the MAC address of the device associated ...

Page 194: ...e Show current static IP mapping To view your current static IP mapping É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 On the main menu click Status 3 Under Networking click DHCP Leases Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection me...

Page 195: ...min access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Click to expand an existing LAN 5 Click to expand IPv4 DHCP server Advanced settings Static leases 6 Click the menu icon next to the name of the static lease to be deleted and select Delete 7 Click Apply to save the configuration and apply t...

Page 196: ...g del network interface lan1 ipv4 dhcp_server advanced static_ lease 0 config 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure DHCP options You can configure DHCP servers running on your AnywhereUS...

Page 197: ...rfaces Local Area Networks LANs AnywhereUSB Plus User Guide 197 Additional configuration items n The data type of the value n Force the option to be sent to the DHCP clients n A label for the custom option ...

Page 198: ...ption will always be sent to the client even if the client does not ask for it 11 Optional For Data type select the data type that the option uses If the incorrect data type is selected the device will send the value as a string 12 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending o...

Page 199: ...stom_option 0 7 Optional Set a label for this custom option config network interface my_lan ipv4 dhcp_server advanced custom_option 0 name label config network interface my_lan ipv4 dhcp_server advanced custom_option 0 8 Optional To force the DHCP option to always be sent to the client even if the client does not ask for it config network interface my_lan ipv4 dhcp_server advanced custom_option 0 ...

Page 200: ...ltiple DHCP relay servers can be provided for each LAN If multiple relay servers are provided DHCP requests are forwarded to all servers without waiting for a response Clients will typically use the IP address from the first DHCP response received Configuring DHCP relay involves the following items Required configuration items n Disable the DHCP server if it is enabled n IP address of the primary ...

Page 201: ...nfig add network interface my_lan ipv4 dhcp_relay end config network interface lan1 my_lan dhcp_relay 0 See Configure a LAN for information about creating a LAN 4 Set the IP address of the DHCP relay server config network interface my_lan ipv4 dhcp_relay 0 address 10 10 10 10 config network interface my_lan ipv4 dhcp_relay 0 5 Optional Add additional DHCP relay servers a Move back one step in the ...

Page 202: ...itor which devices have been given IP configuration by the AnywhereUSB device and to diagnose DHCP issues É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 On the main menu click Status 3 Under Networking click DHCP Leases Command line 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with ...

Page 203: ... your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Create a Virtual LAN VLAN route Virtual LANs VLANs allow splitting a single physical LAN into separate Virtual LANs This is useful for security reasons and also helps to reduce broadcast traffic on the LAN Required configuration items n Device to be assigned to the VLAN n The VLAN ...

Page 204: ...with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Virtual LAN 4 Type a name for the VLAN and click g 5 Select the Device 6 Type or select a unique numeric ID for the VLAN ID 7 Click Apply to save the configuration and apply the change ...

Page 205: ...ces config network vlan vlan1 device Device The Ethernet device to use for this virtual LAN Format network device eth1 network device eth2 network device loopback network vlan vlan1 network bridge lan Current value config network vlan vlan1 b Add the device config network vlan vlan1 device network device config network vlan vlan1 5 Set the VLAN ID config network vlan vlan1 id value where value is ...

Page 206: ...g on LAN ports The following table lists the default services listening on the specified ports on the AnywhereUSB Plus LAN interfaces Description TCP UDP Port numbers DNS server UDP 53 DHCP server UDP 67 and 68 SSH server TCP 22 Web UI TCP 443 also listens on port 80 then redirects to port 443 ...

Page 207: ...ple devices such as Ethernet devices and wireless access points By default the AnywhereUSB Plus has the following preconfigured bridges You can modify configuration settings for the existing bridge and you can create new bridges This section contains the following topics Edit the preconfigured ETH2 bridge 208 Configure a bridge 211 ...

Page 208: ...ration click Device Configuration The Configuration window is displayed 3 Click Network Bridges LAN1 4 The LAN1 bridge is enabled by default To disable uncheck Enable 5 Modify the list of devices that are a part of the bridge By default the LAN1 bridge includes the following devices n Ethernet ETH2 n Wi Fi access point Digi AP Note The MAC address of the bridge is taken from the first available de...

Page 209: ...ration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 The LAN1 bridge is enabled by default n To disable config network bridge eth2 enable false config n To enable if it has been disabled config network bridge eth2 enable true config 4 Modify the list of devices that are a part of t...

Page 210: ...lan device Default value network bridge lan Current value network bridge lan config network bridge my_bridge ii Add the appropriate device 5 Optional Enable Spanning Tree Protocol STP STP is used when multiple LANs are configured on the same device to prevent bridge loops and other routing conflicts a Enable STP config network bridge eth2 stp enable true b Set the number of seconds that the device...

Page 211: ...r the bridge and click g 5 Bridges are enabled by default To disable uncheck Enable 6 Add devices to the bridge a Click to expand Devices b For Add device click g c Select the Device d Repeat to add additional devices Note The MAC address of the bridge is taken from the first available device in the list 7 Optional Enable Spanning Tree Protocol STP STP is used when using multiple LANs on the same ...

Page 212: ...Interfaces Bridging AnywhereUSB Plus User Guide 212 ...

Page 213: ... it has been disabled config network bridge my_bridge enable true config network bridge my_bridge 5 Add devices to the bridge a Determine available devices config network bridge my_bridge interface lan device Default value network bridge lan Current value network bridge lan config network bridge my_bridge b Add the appropriate device Note The MAC address of the bridge is taken from the first avail...

Page 214: ...orward_delay num config The default is 2 seconds 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 215: ...B Plus to your local laptop or PC You can then use a terminal emulator program to establish the serial connection The terminal emulator s serial connection must be configured to match the configuration of the AnywhereUSB Plus device s serial port The default serial port configuration is n Baud rate 115000 n Data bits 8 n Parity None n Stop bits 1 n Flow control None AnywhereUSB Plus User Guide 215...

Page 216: ...ccess 229 Use SSH with key authentication 236 Configure DNS 237 Simple Network Management Protocol SNMP 245 Location information 251 System time 279 Network Time Protocol 283 Configure a multicast route 289 Ethernet network bonding 293 Enable service discovery mDNS 295 Use the iPerf service 299 Configure the ping responder service 304 AnywhereUSB Plus User Guide 216 ...

Page 217: ...all configuration for information on zones n See Set the idle timeout for AnywhereUSB Plus users for information about setting the inactivity timeout for the web administration and SSH services To allow web administration or SSH for the External firewall zone Add the External firewall zone to the web administration service É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin acc...

Page 218: ...ministration service config add service web_admin acl zone end external config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Add the External firewall zone to the SSH service É WebUI 1 Log into the Anywhe...

Page 219: ...Services Allow remote access for web administration and SSH AnywhereUSB Plus User Guide 219 4 For Add Zone click g 5 Select External 6 Click Apply to save the configuration and apply the change ...

Page 220: ...s device by using the WebUI a browser based interface By default the web administration service is enabled and uses the standard HTTPS port 443 The default access control for the service uses the Internal firewall zone which means that only devices connected to the AnywhereUSB Plus s LAN can access the WebUI If this configuration is sufficient for your needs no further configuration is required Se...

Page 221: ... Web administration 4 Click Enable 5 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Ena...

Page 222: ... s web administration service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the web administration service d Click g again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click g ...

Page 223: ...icate paste the certificate and private key If SSL certificate is blank the device will use an automatically generated self signed certificate n The SSL certificate and private key must be in PEM format n The private key can use one of the following algorithms l RSA l DSA l ECDSA l ECDH Note Password protected certificate keys are not supported Example a Generate the SSL certificate and private ke...

Page 224: ...s selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure access control n To limit access to specified IPv4 addresses and networks config add service web_admin acl address end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any ...

Page 225: ...t Link local IP eth1 ETH1 eth2 ETH2 loopback Loopback modem Modem config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service web_admin acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list ...

Page 226: ... the contents of certificate pem and key pem in quotes For example config service web_admin cert BEGIN CERTIFICATE MIID8TCCAtmgAwIBAgIULOwezcmbnQmIC9pT9txwCfUbkWQwDQYJKoZIhvcNAQEL BQAwgYcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBUFs b2hhMRMwEQYDVQQKDApNY0JhbmUgSW5jMRAwDgYDVQQLDAdTdXBwb3J0MQ8wDQYD VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwO...

Page 227: ...ZEYECgYEA uDzlbPMRcWuUig0 CymOKlhEpx9qxid2Ike0G57ykFaEsKxVMKHkv yvAEHwazIEzlc2kcQrbLWnDQYx oKmXf87Y1T5AXs ml1PlepXgveKpKrWwORsdDBd OS34lyNJ0KCqqIzwAaf8lcSW tyShAZzvuH9GW9WlCc8g3ifp9WUCgYEA4WSSfqFkQLA09sI76VLvUqMbb31bNgOk ZuPg7uxuDk3yNY58LGQCoV8tUZuHtBJdrBDCtcJa5sasJZQrWUlZ8y 5zgCZmqQn MzTD062xaqTenL0jKgKQrWig4DpUUhfc4BFJmHyeitosDPG98oCxuh6HfuMOeM1v Xag6Z391VcsCgYBgBnpfFU1JoC L7m lIPPZykWbPT qBeYBB...

Page 228: ...ption protocols are allowed with HTTPS connections To enable legacy encryption protocols config service web_admin legacy_encryption true config 8 Optional Disable legacy port redirection Legacy port redirection is used to redirect client HTTP requests to the HTTPS service Legacy port redirection is enabled by default and normally these settings should not be changed To disable legacy port redirect...

Page 229: ...nal configuration items n Port to use for communications with the SSH service n Multicast DNS mDNS support n A private key to use for communications with the SSH service n Create custom SSH configuration settings See Set the idle timeout for AnywhereUSB Plus users for information about setting the inactivity timeout for the SSH service Enable or disable the SSH service The SSH service is enabled b...

Page 230: ...iguration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the service É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Confi...

Page 231: ...lus device a Click Interfaces b For Add Interface click g c For Interface select the appropriate interface from the dropdown d Click g again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click g c For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones d Cl...

Page 232: ...pe admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure access control n To limit access to specified IPv4 addresses and networks config add service ssh acl address end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresse...

Page 233: ...n defaultip Default IP defaultlinklocal Default Link local IP eth1 ETH1 eth2 ETH2 loopback Loopback modem Modem config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service ssh acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config p...

Page 234: ... ssh mdns enable true config n To disable the mDNS protocl config service ssh mdns enable false config 6 Optional Set the port number for this service The default setting of 22 normally should not be changed config service ssh port 24 config 7 To create custom SSH configuration settings a Enable custom configurations config service ssh custom enable true config b To override the standard SSH confi...

Page 235: ...onfig file For example to enable the diffie helman group sha 14 key exchange algorithm config service ssh custom config_file KexAlgorithms diffie hellman group14 sha1 config 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect ...

Page 236: ...ser s ssh directory The private and public keys are named id_rsa and id_rsa pub If you need to generate an SSH key pair you can use the ssh keygen application For example the following entry generates an RSA key pair in the user s ssh directory ssh keygen t rsa f ssh id_rsa The private key file is named id_rsa and the public key file is named id_rsa pub The pub extension is automatically appended ...

Page 237: ...Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add an SSH key for the user by using the ssh_key command and pasting or typing a public encryption key config add auth user maria ssh_key key_name key config where n key_name is a name for the key n key is a public SSH key which you can enter by pasting or typing a...

Page 238: ...igure the DNS server É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services DNS 4 Click Access control list to configure access control n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address clic...

Page 239: ...S results when one or more DNS servers may have positive results To disable click Cache negative responses 6 Optional Query all servers is enabled by default This option is useful when only some DNS servers will be able to resolve hostnames To disable click Query all servers 7 Optional Rebind protection if enabled prevents upstream DNS servers from returning private IP addresses To enable click Re...

Page 240: ...n in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the DNS service Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config add service dns acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 ...

Page 241: ... firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external internal ipsec loopback setup config Repeat this step to list...

Page 242: ...alhost rebinding By default localhost rebinding is enabled by default if rebind protection is enabled This is useful for Real time Black List RBL servers To disable config service dns rebind_localhost_ok false config 8 Optional Add additional DNS servers a Add a DNS server config add service dns server end config service dns server 0 b Set the IP address of the DNS server config service dns server...

Page 243: ...vice configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show DNS server You can display status for DNS servers This command is available only at the Admin CLI Command line Show DNS information 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selec...

Page 244: ... Configure DNS AnywhereUSB Plus User Guide 244 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 245: ...ive SNMP packets you must configure the SNMP access control list to allow the device to receive the packets See Configure Simple Network Management Protocol SNMP Configure Simple Network Management Protocol SNMP Required configuration items n Enable SNMP n Firewall configuration using access control to allow remote connections to the SNMP agent n The user name and password used to connect to the S...

Page 246: ...face on the AnywhereUSB Plus device a Click Interfaces b For Add Interface click g c For Interface select the appropriate interface from the dropdown d Click g again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click g c For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information ...

Page 247: ...n be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the SNMP service Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config add service snmp acl address6 end value config Where value can be l A single IP address or host nam...

Page 248: ...s step to list additional interfaces n To limit access based on firewall zones config add service snmp acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and ac...

Page 249: ... service snmp mdns enable true config 9 Optional Set the authentication type Allowed values are MD5 or SHA The default is MD5 config service snmp auth_type SHA config 10 Optional Set the privacy passphrase If not set the password entered above is used config service snmp privacy pwd config 11 Optional Set the privacy protocol either DES or AES The default is DES config service snmp privacy_protoco...

Page 250: ... the AnywhereUSB Plus WebUI as a user with Admin access 2 Enable SNMP See Configure Simple Network Management Protocol SNMP for information about enabling and configuring SNMP support on the AnywhereUSB Plus device 3 On the main menu click Status Under Services click SNMP Note If you have recently enabled SNMP and the SNMP option is not visible refresh your browser The SNMP page is displayed 4 Cli...

Page 251: ... either from the AnywhereUSB Plus device or from external sources to a remote host Additionally the device can be configured to use a geofence to allow you to determine actions that will be taken based on the physical location of the device This section contains the following topics Configure the location service 252 Configure the device to use a user defined static location 253 Configure the devi...

Page 252: ... are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Location update interval to ten minutes enter 10m or 600s 6 For information about configuring Location sources see the following a To set a static location for the device see Configure the device to use a user defined static location b To accept location information from an external locat...

Page 253: ...e AnywhereUSB Plus device will wait before polling location sources for updated location data config service location interval value config where value is any number of hours minutes or seconds and takes the format number h m s For example to set interval to ten minutes enter either 10m or 600s config service location interval 600s config The default is 10 seconds 5 Save the configuration and appl...

Page 254: ... type the altitude of the device Allowed values are an integer followed by m or km for example 100m or 1km 9 The location source is enabled by default Click Enable the location source to disable the location source or to enable it if it has been disabled 10 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin...

Page 255: ...ice configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the device to accept location messages from external sources You can configure the AnywhereUSB Plus device to accept NMEA and TAIP messages from external sources For example location enabled devices connected to the AnywhereUSB Plus device can forward their location information to...

Page 256: ... Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the location server UDP port d Click g again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click g c For Address enter the IPv6 ad...

Page 257: ...min to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a location source config add service location source end config service location source 0 4 Optional Set a label for this location source config service location source 0 label label config service location source 0 5 Set the type of location source to server config service location source...

Page 258: ...UDP port Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the AnywhereUSB Plus device config add service location source 1 acl interface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network inte...

Page 259: ...e Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Forward location information to a remote host You can configure location clients on the AnywhereUSB Plus device that forward location messages in either NMEA or TAIP format to a remote host Required configuration items n Enable the location service n The hos...

Page 260: ...For Label type a description of the location destination server 6 For Destination server enter the hostname or IP address of the remote host to which location messages will be sent 7 For Destination server port enter the UDP or TCP port on the remote host to which location messages will be sent 8 For Communication protocol select either UDP or TCP 9 For Forward interval multiplier select the numbe...

Page 261: ...ion velocity reports the latitude longitude and heading 12 For Outgoing message type select either NMEA or TAIP for the type of message that the device will forward to a remote host 13 Optional For Prepend text enter text to prepend to the forwarded message Two variables can be included in the prepended text n s Includes the AnywhereUSB device s serial number in the prepended text n v Includes the...

Page 262: ...ng location data to this server See Configure the location service for more information about setting the Location update interval config service location forward 0 interval_multiplier int config service location forward 0 8 Set the protocol type for the messages Allowed values are taip or nmea the default is taip config service location forward 0 type nmea config service location forward 0 9 Opti...

Page 263: ...ssage type a Use the show command to determine the index number of the message type to be deleted config service location forward 0 show filter_nmea 0 gga 1 gll 2 gsa 3 gsv 4 rmc 5 vtg config service location forward 0 b Use the index number to delete the message type For example to delete the gsa index number 2 message type config service location forward 0 del filter_nmea 2 config service locati...

Page 264: ...sage type For example to delete the id index number 2 message type config service location forward 0 del filter_taip 2 config service location forward 0 To add a message type a Change to the filter_taip node config service location forward 0 filter_taip config service location forward 0 filter_taip b Use the add command to add the message type For example to add the id message type config service ...

Page 265: ... etc Complex polygons can be defined n Actions that will be taken when the device s location triggers a geofence event You can define actions for two types of events l Actions taken when the device enters the boundary of the geofence or is inside the boundary when the device boots l Actions taken when the device exits the boundary of the geofence or is outside the boundary when the device boots Fo...

Page 266: ...nd take the format number w d h m s For example to set Update interval to ten minutes enter 10m or 600s 6 For Boundary type select the type of boundary that the geofence will have n If Circular is selected a Click to expand Center b Type the Latitude and Longitude of the center point of the circle Allowed values are l For Latitude any integer between 90 and 90 with up to six decimal places l For L...

Page 267: ...le to configure a square polygon around the Digi headquarters configure a polygon with four points This defines a square shaped polygon equivalent to the following 7 Define actions to be taken when the device s location triggers a geofence event n To define actions that will be taken when the device enters the geofence or is inside the geofence when it boots a Click to expand On entry b Optional E...

Page 268: ...used to invoke the script interpreter If not then the default shell will be used iii Enable Log script output to log the output of the script to the system log iv Enable Log script errors to log errors from the script to the system log v Optional For Maximum memory type the maximum amount of system memory that will be available for the script and it spawned processes Allowed values are any integer...

Page 269: ...d to invoke the script interpreter If not then the default shell will be used iii Enable Log script output to log the output of the script to the system log iv Enable Log script errors to log errors from the script to the system log v Optional For Maximum memory type the maximum amount of system memory that will be available for the script and it spawned processes Allowed values are any integer fo...

Page 270: ... update_interval value config service location geofence test_geofence where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set update_interval to ten minutes enter either 10m or 600s config service location geofence test_geofence update_interval 600s config service location geofence test_geofence The default is 1m one minute 5 Set th...

Page 271: ...ervice location geofence test_geofence coordinates 0 ii Set the latitude and longitude of the vertex config service location geofence test_geofence coordinates 0 latitude int config service location geofence test_geofence coordinates 0 longitude int config service location geofence test_geofence coordinates 0 where int is l For latitude any integer between 90 and 90 with up to six decimal places l...

Page 272: ...eofence coordinates add end config service location geofence test_geofence coordinates 1 latitude 44 927220 config service location geofence test_geofence coordinates 1 longitude 93 39589 config service location geofence test_geofence coordinates 1 config service location geofence test_geofence coordinates add end config service location geofence test_geofence coordinates 2 latitude 44 925161 conf...

Page 273: ...place prior to performing the actions config service location geofence test_geofence on_entry num_ intervals int config For example if the update interval is 1m one minute and the num_intervals is set to 3 the actions will not be performed until the device has been inside the geofence for three minutes c Add an action i Type to return to the root of the configuration config service location geofen...

Page 274: ...nfig service location geofence test_geofence on_entry action 0 syslog_stdout true config service location geofence test_geofence on_entry action 0 iii To log the errors from the script to the system log config service location geofence test_geofence on_entry action 0 syslog_stderr true config service location geofence test_geofence on_entry action 0 iv Optional Set the maximum amount of system mem...

Page 275: ... location geofence test_geofence on_exit bootup true config b Set the number of update_intervals that must take place prior to performing the actions config service location geofence test_geofence on_exit num_ intervals int config For example if the update interval is 1m one minute and the num_intervals is set to 3 the actions will not be performed until the device has been outside the geofence fo...

Page 276: ... service location geofence test_geofence on_exit action 0 iii To log the errors from the script to the system log config service location geofence test_geofence on_exit action 0 syslog_stderr true config service location geofence test_geofence on_exit action 0 iv Optional Set the maximum amount of system memory that will be available for the script and it spawned processes config service location ...

Page 277: ... status and statistics about location information from either the WebUI or the command line É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 On the main menu click Status 3 Under Services click Location The device s current location is displayed along with the status of any configured geofences Command line Show location information 1 Log into the AnywhereUSB Plus comman...

Page 278: ... geofence information 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the show location geofence command at the system prompt show location geofence Geofence Status State Transitions Last Transition test_geofence Up Inside 0 3 Type exit to exit...

Page 279: ... can also be configured to serve as an NTP server providing NTP services to downstream devices See Network Time Protocol for more information about NTP server support You can also set the local date and time manually if there is no access to NTP servers See Manually set the system date and time for information Configure the system time This procedure is optional The AnywhereUSB Plus device s defau...

Page 280: ... succeeds Note This list is synchronized with the list of servers included with NTP server configuration and changes made to one will be reflected in the other See Configure the device as an NTP server for more information about NTP server configuration 6 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin a...

Page 281: ...end config add service ntp server end time server com config n To add the NTP server in another location in the list use an index value to indicate the appropriate position For example config add service ntp server 1 time server com config Note This list is synchronized with the list of servers included with NTP server configuration and changes made to one will be reflected in the other See Config...

Page 282: ...in CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Manually synchronize with the NTP server The following procedure perform a NTP query to the configured servers and set the local time to the first server that responds 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your devi...

Page 283: ...e with the device When the device is configured as an NTP server it also functions as an NTP client The NTP client will be consistently synchronized with one or more upstream NTP servers which means that NTP packets are transferred every few seconds A minimum of one upstream NTP server is required Additional NTP servers can be configured If multiple servers are configured a number of time samples ...

Page 284: ... Click g again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click g c For Address enter the IPv6 address or network that can access the device s NTP service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 ad...

Page 285: ...s list is synchronized with the list of servers included with NTP client configuration and changes made to one will be reflected in the other See Configure the system time for more information about NTP client configuration 7 Optional Configure the system time zone The default is UTC a Click System Time b Select the Timezone for the location of your AnywhereUSB Plus device 8 Click Apply to save th...

Page 286: ...re the system time for more information about NTP client configuration 5 Optional Configure the access control list to limit downstream access to the AnywhereUSB Plus device s NTP service n To limit access to specified IPv4 addresses and networks config add service ntp acl address end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for ex...

Page 287: ...al IP eth1 ETH1 eth2 ETH2 loopback Loopback modem Modem config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service ntp acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of net...

Page 288: ... The timezone for the location of this device This is used to adjust the time for log messages It also affects actions that occur at a specific time of day Format Africa Abidjan Africa Accra Africa Addis_Ababa config 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Acc...

Page 289: ...895 0 382 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure a multicast route Multicast routing allows a device to transmit data to a single multicast address which is then distributed to a group of devices that are configured to be members of that group To configure a multic...

Page 290: ...command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add the multicast route For example to add a route named test config add service multicast test config service multicast test 4 The multicast ro...

Page 291: ... multicast test src_interface network interface eth1 config service multicast test 8 Set a destination interface that the AnywhereUSB Plus device will send mutlicast packets to a Use the to determine available interfaces config service multicast test src_interface Destination interface Which interface to send the multicast packets Format network interface defaultip network interface defaultlinkloc...

Page 292: ...re a multicast route AnywhereUSB Plus User Guide 292 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 293: ...lt tolerance n The Ethernet devices in the bonded pool É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Ethernet bonding 4 For Add Bond device click g The bond device is enabled by default To disable click to toggle off Enable 5 For Mo...

Page 294: ...admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a network bond config add network bond name config network bond name The new network bond is enabled by default To disable config network bond name enable false config network bond name 4 Set the mode config network bond name mode value config network bond name where value is either n ac...

Page 295: ...t to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Enable service discovery mDNS Multicast DNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server You can enable the AnywhereUSB Plus device to use mDNS É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user...

Page 296: ... CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the mDNS service d Click g again to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the AnywhereUSB Plus device a Click Interfaces b For Add Interface click g c For Interface select the appropriate interface from the dropdown d Click g again to allo...

Page 297: ...tional IP addresses or networks n To limit access to specified IPv6 addresses and networks config add service mdns acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the mDNS service Repeat this step to list additional IP addresses or networks n To limi...

Page 298: ...vailable firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external internal ipsec loopback setup config Repeat this step to list additional firewall zones 5 Save the configuration and apply the change con...

Page 299: ...vice s iPerf3 server may result in unpredictable results As a result Digi recommends using an iPerf client at version 3 or newer to connect to the AnywhereUSB Plus device s iPerf3 server Required configuration items n Enable the iPerf server on the AnywhereUSB Plus device n An iPerf3 client installed on a remote host iPerf3 software can be downloaded at https iperf fr iperf download php Additional...

Page 300: ...gle IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the iperf service d Click g again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click g c For Address enter the IPv6 address or network that can access the d...

Page 301: ...At the command line type config to enter configuration mode config config 3 Enable the iPerf server config service iperf enable true config 4 Optional Set the port number for the iPerf server listening port The default is 5201 config service iperf port port_number config 5 Optional Set the access control list to restrict access to the iPerf server n To limit access to specified IPv4 addresses and ...

Page 302: ...ay a list of available interfaces Use network interface to display interface information config network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP eth1 ETH1 eth2 ETH2 loopback Loopback modem Modem config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service iperf acl zone end value ...

Page 303: ...ting to host 192 168 2 1 port 5201 4 local 192 168 3 100 port 54934 connected to 192 168 1 1 port 5201 ID Interval Transfer Bandwidth Retr Cwnd 4 0 00 1 00 sec 26 7 MBytes 224 Mbits sec 8 2 68 MBytes 4 1 00 2 00 sec 28 4 MBytes 238 Mbits sec 29 1 39 MBytes 4 2 00 3 00 sec 29 8 MBytes 250 Mbits sec 0 1 46 MBytes 4 3 00 4 00 sec 31 2 MBytes 262 Mbits sec 0 1 52 MBytes 4 4 00 5 00 sec 32 1 MBytes 269...

Page 304: ... and or zones n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click g c For Address enter the IPv4 address or network that can access the device s ping responder Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the ping respon...

Page 305: ...s Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable the iPerf server config service iperf enable true config 4 Optional Set the port number for the iPerf server listening port The default is 5201 config service iperf port port_number config...

Page 306: ...ice iperf acl interface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP eth1 ETH1 eth2 ETH2 loopback Loopback modem Modem config Repeat this step to list additional ...

Page 307: ...device For example iperf3 c 192 168 2 1 Connecting to host 192 168 2 1 port 5201 4 local 192 168 3 100 port 54934 connected to 192 168 1 1 port 5201 ID Interval Transfer Bandwidth Retr Cwnd 4 0 00 1 00 sec 26 7 MBytes 224 Mbits sec 8 2 68 MBytes 4 1 00 2 00 sec 28 4 MBytes 238 Mbits sec 29 1 39 MBytes 4 2 00 3 00 sec 29 8 MBytes 250 Mbits sec 0 1 46 MBytes 4 3 00 4 00 sec 31 2 MBytes 262 Mbits sec...

Page 308: ...Services Configure the ping responder service AnywhereUSB Plus User Guide 308 iperf Done ...

Page 309: ...entication groups 317 Local users 326 Terminal Access Controller Access Control System Plus TACACS 339 Remote Authentication Dial In User Service RADIUS 345 LDAP 350 Configure serial authentication 358 Disable shell access 360 Set the idle timeout for AnywhereUSB Plus users 361 Example user configuration 363 AnywhereUSB Plus User Guide 309 ...

Page 310: ...ss permissions for a group You can modify the released groups and create additional groups as needed for your site A user can be assigned to more than one group n admin Provides the logged in user with administrative and shell access n serial Provides the logged in user with access to serial ports Users Defines local users for the AnywhereUSB Plus n admin Belongs to both the admin and serial group...

Page 311: ...entication Dial In User Service RADIUS for information about configuring RADIUS authentication n TACACS Users authenticated by using a remote TACACS server for authentication See Terminal Access Controller Access Control System Plus TACACS for information about configuring TACACS authentication n LDAP Users authenticated by using a remote LDAP server for authentication See LDAP for information abo...

Page 312: ... Configuration The Configuration window is displayed 3 Click Authentication Methods 4 For Add Method click g 5 Select the appropriate authentication type for the new method from the Method drop down Note Authentication methods are attempted in the order they are listed until the first successful authentication result is returned See Rearrange the position of authentication methods for information ...

Page 313: ...ending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI b At the command line type config to enter configuration mode config config c Use the show auth method command to display the current authentication methods configuration config show auth method 0 local config n To add the new authentication method to the beginning of the list ...

Page 314: ...ection menu Type quit to disconnect from the device Delete an authentication method É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Methods 4 Click the menu icon next to the method and select Delete 5 Click Apply to save the co...

Page 315: ...cation method as displayed by the example show command above config del auth method 2 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Rearrange the position of authentication methods É WebUI Authentication ...

Page 316: ... the Method drop down select Local users 7 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config...

Page 317: ...when logging into the AnywhereUSB Plus via ssh or the serial console Shell access is not available if the Allow shell parameter has been disabled See Disable shell access for more information about the Allow shell parameter n Serial access Users with Serial access have the ability to log into the AnywhereUSB Plus device by using the serial console Preconfigured authentication groups The AnywhereUS...

Page 318: ...erial to expand its configuration node 5 Click the box next to the following options as appropriate to enable or disable access rights for each n Admin access For groups assigned Admin access you can also determine whether the Access level should be Full access or Read only access l Full access provides users of this group with the ability to manage the AnywhereUSB Plus device by using the WebUI o...

Page 319: ...ess the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable or disable access rights for the group For example n Admin access l To set the access level for Admin access of the admin group config auth group admin acl admin level value config where value is either o full provides users of this group with the ability to manage the AnywhereUSB Plus device by ...

Page 320: ...onfig auth group admin acl serial enable true config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Add an authentication group Required configuration items n The access rights to be assigned to users that...

Page 321: ...ssigned Admin access you can also determine whether the Access level should be Full access or Read only access where value is either l Full access full provides users of this group with the ability to manage the AnywhereUSB Plus device by using the WebUI or the Admin CLI l Read only access read only provides users of this group with read only access to the WebUI and Admin CLI The default is Full a...

Page 322: ...o Bluetooth scanner access 10 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Use the ad...

Page 323: ...ig 5 Optional Configure captive portal access a Return to the config prompt by typing three periods config auth group test config b Enable captive portal access rights for users of this group config auth group test acl portal enable true config c Add a captive portal to which users of this group will have access i Determine available portals config show firewall portal portal1 auth none enable tru...

Page 324: ... Type quit to disconnect from the device Delete an authentication group By default the AnywhereUSB Plus device has two preconfigured authentication groups admin and serial These groups cannot be deleted To delete an authentication group that you have created É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click De...

Page 325: ...ess selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth group groupname 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type qui...

Page 326: ...rd for the device and is the most critical security feature for the device If you reset the device to factory defaults you must log in using the default user and password and you should immediately change the password to a custom password Before deploying or mounting the AnywhereUSB Plus device record the default password so you have the information available when you need it even if you cannot ph...

Page 327: ...at least one uppercase letter one lowercase letter one number and one special character For the admin user the password field can be left blank n If the password field for the admin user is left blank the admin user s password will be the default password printed on the device s label n If the admin user s password has been changed from the default and the configuration saved if you then clear the...

Page 328: ...User authentication Local users AnywhereUSB Plus User Guide 328 6 Click Apply to save the configuration and apply the change ...

Page 329: ...tion you may be presented with an Access selection menu Type quit to disconnect from the device Configure a local user Required configuration items n A username n A password The password must be at least eight characters long and must contain at least one uppercase letter one lowercase letter one number and one special character For security reasons passwords are stored in hash form There is no wa...

Page 330: ...local user É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users 4 In Add User type a name for the user and click g The user configuration window is displayed The user is enabled by default To disable click to toggle off Enable...

Page 331: ...onfiguring groups a Click to expand Groups b For Add Group click g c For Group select an appropriate group Note Every user must be configured with at least one group You can add multiple groups to a user by clicking Add again and selecting the next group 8 Optional Add SSH keys for the user to use passwordless SSH login a Click SSH keys b In Add SSH key paste or type a public encryption key that t...

Page 332: ... is being used increasing the Valid code window size may be necessary when the clocks used by the server and client are not synchronized h For Login limit type the number of times that the user is allowed to attempt to log in during the Login limit period Set Login limit to 0 to allow an unlimited number of login attempts during the Login limit period i For Login limit period type the amount of ti...

Page 333: ...nfig auth user new_user 5 Configure login failure lockout settings The login failure lockout feature is enabled by default To disable config auth user new_user lockout enable false config auth user new_user a Set the number of unsuccessful login attempts before the user is locked out of the device where value is any integer The minimum value is 1 and the default value is 5 b Set the amount of time...

Page 334: ...user del group n config auth user new_user Where n is index number of the authentication method to be deleted For example to delete the serial group as displayed by the example show command above config auth user new_user del group 1 config auth user new_user 7 Optional Add SSH keys for the user to use passwordless SSH login a Change to the user s ssh_key node config auth user new_user ssh_key con...

Page 335: ..._reuse true config auth user new_user 2fa f For time based verification only configure the code refresh interval This is the amount of time that a code will remain valid config auth user new_user 2fa refresh_interval value config auth user new_user 2fa where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set refresh_interval to ten m...

Page 336: ...Scratch codes are emergency codes that may be used once at any time To add a scratch code i Change to the user s scratch code node config auth user new_user 2fa scratch_code config auth user new_user 2fa scratch_code ii Add a scratch code config auth user new_user 2fa scratch_code add end code config auth user new_user 2fa scratch_code Where code is an digit number with a minimum of 10000000 iii T...

Page 337: ...with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users 4 Click the menu icon next to the name of the user to be deleted and select Delete 5 Click Apply to save the configuration and apply the change ...

Page 338: ...Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth user username 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type qu...

Page 339: ...ials and connection parameters to a TACACS server over TCP The TACACS server then authenticates the TACACS client requests and sends back a response message to the device When you are using TACACS authentication you can have both local users and TACACS users able to log in to the device To use TACACS authentication you must set up a TACACS server that is accessible by the AnywhereUSB Plus device p...

Page 340: ...gedit etc tacacs tac_plus conf 2 Add users to the file using the following format This example will create two users one with admin and serial access and one with only serial access user user1 name User1 for AnywhereUSB Plus pap cleartext password1 service system groupname admin serial user user2 name User2 for AnywhereUSB Plus pap cleartext password2 service system groupname serial The groupname ...

Page 341: ...r and only authenticated locally if the TACACS server is unavailable or if the user is not defined on the TACACS server then you should list the TACACS authentication method prior to the Local users authentication method See User authentication methods for more information about authentication methods If the TACACS servers are unavailable and the AnywhereUSB Plus device falls back to local authent...

Page 342: ...sting123 e Optional Click g again to add additional TACACS servers 5 Optional Enable Authoritative to prevent other authentication methods from being used if TACACS authentication fails Other authentication methods will only be used if the TACACS server is unavailable 6 Optional For Group attribute type the name of the attribute used in the TACACS server s configuration to identify the AnywhereUSB...

Page 343: ...ending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Optional Prevent other authentication methods from being used if TACACS authentication fails Other authentication methods will only be used if the TACACS server is unavailable config auth tacacs autho...

Page 344: ...me hostname ip address config auth tacacs server 0 c Optional Change the default port setting to the appropriate port config auth tacacs server 0 port port config auth tacacs server 0 d Optional Repeat the above steps to add additional TACACS servers 7 Add TACACS to the authentication methods Authentication methods are attempted in the order they are listed until the first successful authenticatio...

Page 345: ...DIUS server over UDP The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device When you are using RADIUS authentication you can have both local users and RADIUS users able to log in to the device To use RADIUS authentication you must set up a RADIUS server that is accessible by the AnywhereUSB Plus device prior to configuration The process of s...

Page 346: ...ntication groups configured on your AnywhereUSB Plus Alternatively if the user is also configured as a local user on the AnywhereUSB Plus device and the RADIUS server authenticates the user but does not return any groups the local configuration determines the list of groups See Authentication groups for more information about authentication groups The Unix FTP Group Names attribute can contain one...

Page 347: ...ce to use a RADIUS server This section describes how to configure a AnywhereUSB Plus device to use a RADIUS server for authentication and authorization Required configuration items n Define the RADIUS server IP address or domain name n Define the RADIUS server shared secret n Add RADIUS as an authentication method for your AnywhereUSB Plus device Additional configuration items n Whether other user...

Page 348: ...ault value is 3 f Optional Click g again to add additional RADIUS servers 5 Optional Enable Authoritative to prevent other authentication methods from being used if RADIUS authentication fails Other authentication methods will only be used if the RADIUS server is unavailable 6 Optional Click RADIUS debug to enable additional debug messages from the RADIUS client 7 Optional For NAS ID type the uniq...

Page 349: ...e admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Optional Prevent other authentication methods from being used if RADIUS authentication fails Other authentication methods will only be used if the RADIUS server is unavailable config auth radius authoritative true config 4 Optional Enable debug messages from the RADIUS client config auth r...

Page 350: ...ethods to the beginning or middle of the list config add auth method end radius config 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device LDAP Your AnywhereUSB Plus device supports LDAP Lightweight Directory A...

Page 351: ...nywhereUSB Plus User Guide 351 This section contains the following topics LDAP user configuration 352 LDAP server failover and fallback to local configuration 353 Configure your AnywhereUSB Plus device to use an LDAP server 353 ...

Page 352: ... the file using the following format dn uid john dc example dc com objectClass inetOrgPerson cn John Smith sn Smith uid john userPassword password ou admin serial n The value of uid and userPassword must correspond to the username and password used to log into the AnywhereUSB Plus device n The ou attribute is optional If used the value must correspond to authentication groups configured on your An...

Page 353: ...n the LDAP server then you should list the LDAP authentication method prior to the Local users authentication method See User authentication methods for more information about authentication methods If the LDAP servers are unavailable and the AnywhereUSB Plus device falls back to local authentication only users defined locally on the device are able to log in LDAP users cannot log in until the LDA...

Page 354: ...to prevent other authentication methods from being used if LDAP authentication fails Other authentication methods will only be used if the LDAP server is unavailable 6 For TLS connection select the type of TLS connection used by the server n Disable TLS Uses a non secure TCP connection on the LDAP standard port 389 n Enable TLS Uses an SSL TLS encrypted connection on port 636 n Start TLS Makes a n...

Page 355: ...l For Group attribute type the name of the user attribute that contains the list of AnywhereUSB Plus authentication groups that the authenticated user has access to See LDAP user configuration for further information about the group attribute 13 For Timeout type or select the amount of time in seconds to wait for the LDAP server to respond Allowed value is between 3 and 60 seconds 14 Add LDAP to t...

Page 356: ...de the connection to a secure TLS connection This is the preferred method for LDAP The default is off 5 If tls is set to on or start_tls configure whether to verify the server certificate config auth ldap verify_server_cert value config where value is either n true Verifies the server certificate with a known Certificate Authority n false Does not verify the certificate Use this option if the serv...

Page 357: ...tion for further information about the group attribute config auth ldap group_attribute value config For example config auth ldap group_attribute ou config 11 Configure the amount of time in seconds to wait for the LDAP server to respond config auth ldap timeout value config where value is any integer from 3 to 60 The default value is 3 12 Add an LDAP server a Add the server config add auth ldap s...

Page 358: ...n Serial 4 Optional For TLS identity certificate paste a TLS certificate and private key in PEM format If empty the certificate for the web administration service is used See Configure the web administration service for more information 5 For Peer authentication select the method used to verify the certificate of a remote peer 6 Include standard CAs is enabled by default This allows peers with cer...

Page 359: ... a remote peer config auth serial verify value config where value is either n ca Uses certificate authorities CAs to verify n peer Uses the remote peer s public certificate to verify 5 By default peers with certificates that have been signed by standard Certificate Authorities CAs are allowed to authenticate To disable config auth serial ca_standard false config 6 Add the public certificate for a ...

Page 360: ...ent access to the Admin CLI Note If shell access is disabled re enabling it will erase the device s configuration and perform a factory reset É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication 4 Click to disable Allow shell Note I...

Page 361: ...nding on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Set the idle timeout for AnywhereUSB Plus users To configure the amount of time that the user s active session can be inactive before it is automatically disconnected set the Idle timeout parameter By default the Idle timeout is set to 10 minutes É WebUI 1 Log into the Anyw...

Page 362: ... At the command line type config to enter configuration mode config config 3 At the config prompt type config auth idle_timeout value where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set idle_timeout to ten minutes enter either 10m or 600s config auth idle_timeout 600s config 4 Save the configuration and apply the change config s...

Page 363: ...k System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users 4 In Add User enter a name for the user and click g The user configuration window is displayed 5 Enter a Password for the user 6 Assign the user to the admin group a Click Groups b For Add Group click g c For Group select the admin group d Verify that the admin group has full ...

Page 364: ...SB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Verify that the admin group has full administrator rights config show auth group admin acl admin enable true level full config If admin ...

Page 365: ...presented with an Access selection menu Type quit to disconnect from the device Example 2 RADIUS TACACS and local authentication for one user Goal To create a user with administrator rights who is authenticated by using all three authentication methods In this example when the user attempts to log in to the AnywhereUSB Plus device user authentication will occur in the following order 1 The user is...

Page 366: ...P Group Names parameter c Save and close the users file 2 Configure a user on the TACACS server a On the ubuntu machine hosting the TACACS server open the etc tacacs tac_plus conf file sudo gedit etc tacacs tac_plus conf b Add a TACACS user to the tac_plus conf file user admin1 name Admin1 for TX64 pap cleartext password1 service system groupname admin In this example n The user s username is admi...

Page 367: ...thod d For the new method select TACACS e Click g to add another new method f For the new method select Local users 6 Create the local user a Click Authentication Users b In Add User type admin1 and click g c For password type password1 d Assign the user to the admin group i Click Groups ii For Add Group click g iii For Group select the admin group a Verify that the admin group has full administra...

Page 368: ...DIUS user to the users file admin1 Cleartext Password password1 Unix FTP Group Names admin In this example n The user s username is admin1 n The user s password is password1 n The authentication group on the AnywhereUSB Plus device admin is identified in the Unix FTP Group Names parameter c Save and close the users file 2 Configure a user on the TACACS server a On the ubuntu machine hosting the TA...

Page 369: ...thentication methods a Determine the current authentication method configuration config show auth method 0 local config This output indicates that on this example system only local authentication is configured b Add RADIUS authentication to the beginning of the list config add auth method 0 radius config c Add TACACS authentication second place in the list config add auth method 1 tacacs config d ...

Page 370: ... admin1 b Assign a password to the user config auth user adminuser password password1 config auth user adminuser c Assign the user to the admin group config auth user adminuser add group end admin config auth user adminuser 8 Save the configuration and apply the change config auth user adminuser save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you m...

Page 371: ...apter contains the following topics Firewall configuration 372 Port forwarding rules 375 Packet filtering 382 Configure custom firewall rules 389 Configure Quality of Service options 391 AnywhereUSB Plus User Guide 371 ...

Page 372: ...erfaces involved in the initial setup of the device By default the firewall will only allow this zone to access administration services l IPsec The default zone for IPsec tunnels l Dynamic routes Used for routes learned using routing services n Port forwarding A list of rules that allow network connections to the AnywhereUSB Plus to be forwarded to other servers by translating the destination addr...

Page 373: ...erfaces to use a zone Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add the new zone For example to add a zone named my_zone config add firewall ...

Page 374: ...t filtering and access control There are several preconfigured firewall zones and you can create custom zones as well The firewall zone that a network interfaces uses is selected during interface configuration Delete a custom firewall zone You cannot delete preconfigured firewall zones To delete a custom firewall zone É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access r...

Page 375: ...ts users on a public network from accessing servers on the private network To allow a computer on the Internet to connect to a specific server on a private network set up one or more port forwarding rules Port forwarding rules provide mapping instructions that direct incoming traffic to the proper device on a LAN Configure port forwarding Required configuration items n The network interface for th...

Page 376: ...bled by default To disable click to toggle off Enable 5 Optional Type a Label that will be used to identify the rule 6 For Interface select the network interface for the rule Network connections will only be forwarded if their destination address matches the IP address of the selected network interface 7 For IP version select either IPv4 or IPv6 Network connections will only be forwarded if they m...

Page 377: ... a Click Zones b For Add zone click g c For Zone select the appropriate zone d Repeat for each additional zone 13 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At...

Page 378: ...config firewall dnat 0 6 Set the public facing port number that network connections must use for their traffic to be forwarded config firewall dnat 0 port port config firewall dnat 0 7 Set the type of internet protocol config firewall dnat 0 protocol value config firewall dnat 0 Network connections will only be forwarded if they match the selected protocol Allowed values are custom tcp tcpudp or u...

Page 379: ... dnat 0 acl config firewall dnat 0 acl n To white list an IP address l For IPv4 addresses config firewall dnat 0 acl add address end ip address config firewall dnat 0 acl l For IPv6 addresses config firewall dnat 0 acl add address6 end ip address config firewall dnat 0 acl Repeat for each appropriate IP address n To specify the firewall zone for white listing config firewall dnat 0 acl add zone en...

Page 380: ...ser with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Port forwarding 4 Click the menu icon next to the appropriate port forwarding rule and select Delete 5 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with fu...

Page 381: ...o address6 no zone enable false interface ip_version ipv6 label IPv6 port forwarding rule port 10002 protocol tcp to_address6 c097 4533 bd63 bb12 9a6f 5569 4b53 c29a to_port 10003 config 4 To delete the rule use the index number with the del command For example config del firewall dnat 1 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI...

Page 382: ...d configuration items n The action that the packet filtering rule will perform either Accept Reject or Drop n The source firewall zone Packets originating from interfaces on this zone will be monitored by this rule n The destination firewall zone Packets destined for interfaces on this zone will be accepted rejected or dropped by this rule Additional configuration requirements n A label for the ru...

Page 383: ...g network connections and does not send a reply 6 Select the IP version 7 Select the Protocol 8 For Source zone select the firewall zone that will be monitored by this rule for incoming connections from network interfaces that are a member of this zone See Firewall configuration for more information about firewall zones 9 For Destination zone select the firewall zone Packets destined for network i...

Page 384: ... dst_zone internal enable true ip_version any label myfilter protocol any src_zone external config b Select the appropriate rule by using its index number config firewall filter 1 config firewall filter 1 To create a new packet filtering rule config add firewall filter end config firewall filter 1 Packet filtering rules are enabled by default To disable the rule config firewall filter 1 enable fal...

Page 385: ...e my_zone config firewall filter 1 6 Set the destination firewall zone Packets destined for network interfaces that are members of this zone will either be accepted rejected or dropped by this rule See Firewall configuration for more information about firewall zones config firewall filter 1 dst_zone my_zone config firewall filter 1 7 Set the IP version config firewall filter 1 ip_version value con...

Page 386: ... menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Packet filtering 4 Click the appropriate packet filtering rule 5 Click Enable to toggle the rule between enabled and disabled 6 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access r...

Page 387: ...nfig 4 To enable a packet filtering rule use the index number with the enable true command For example config firewall filter 1 enable true 5 To disable a packet filtering rule use the index number with the enable false command For example config firewall filter 1 enable false 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending ...

Page 388: ...hange Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Determine the index number of the packet filtering rule you want to delete config show firewa...

Page 389: ...a script of shell commands that can be used to install firewall rules ipsets and other system configuration These commands are run whenever system configuration changes occur that might cause changes to the firewall To configure custom firewall rules É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Con...

Page 390: ...Firewall Configure custom firewall rules AnywhereUSB Plus User Guide 390 7 Click Apply to save the configuration and apply the change ...

Page 391: ... device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure Quality of Service options Quality of Service QoS options allow you to manage the traffic performance of various services such as Voice over IP VoIP cloud computing traffic shaping traffic prioritizing and bandwidth allocation When configuring QOS you can only control the queu...

Page 392: ...ate for your network 8 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable one of the...

Page 393: ...os 0 interface network interface eth1 config 5 Examine the remaining default settings and modify as appropriate for your network 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Create a new binding É WebUI ...

Page 394: ... For Interface bandwidth Mbit set the maximum egress bandwidth of the interface in megabits allocated to this binding Typically this should be 95 of the available bandwidth Allowed value is any integer between 1 and 1000 9 Create a policy for the binding At least one policy is required for each binding Each policy can contain up to 30 rules a Click to expand Policy b For Add Policy click g The QoS...

Page 395: ... rules will be dropped g If Default is disabled you must configure at least one rule i Click to expand Rule ii For Add Rule click g The QoS binding policy rule configuration window is displayed New QoS binding policy rules are enabled by default To disable click Enable iii Optional Type a Label for the binding policy rule iv For Type Of Service type the value of the Type of Service ToS packet head...

Page 396: ...n Any Traffic destined for anywhere will be matched n Interface Only traffic destined for the selected Interface will be matched n IPv4 address Only traffic destined for the IP address typed in IPv4 address will be matched Use the format IPv4_address netmask or use any to match any IPv4 address n IPv6 address Only traffic destined for the IP address typed in IPv6 address will be matched Use the fo...

Page 397: ...l for the new binding config firewall qos 2 label my_binding config firewall qos 2 5 Set the interface to queue egress packets on The binding will only match traffic that is being sent out on this interface a Use the to determine available interfaces config firewall qos 2 interface Interface The network interface Format network interface defaultip network interface defaultlinklocal network interfa...

Page 398: ...er the weight with respect to the other policy weights the larger portion of the maximum bandwidth is available for this policy For example if a binding contains three policies and each policy contains a weight of 10 each policy will be allocated one third of the total interface bandwidth config firewall qos 2 policy 0 weight int config firewall qos 2 policy 0 where int is any integer between 1 an...

Page 399: ... this field is ignored config firewall qos 2 policy 0 rule 0 tos value config firewall qos 2 policy 0 rule 0 where value is a hexadecimal number See https www tucny com Home dscp tos for a list of common TOS values v Set the IP protocol matching criteria for this rule config firewall qos 2 policy 0 rule 0 protocol value config firewall qos 2 policy 0 rule 0 where value is one of tcp udp or any vi ...

Page 400: ...interface loopback Current value config network qos 2 policy 0 rule 0 src interface ii Set the interface For example config network qos 2 policy 0 rule 0 src interface network interface eth1 config network qos 2 policy 0 rule 0 n address Only traffic from the IP address typed in IPv4 address will be matched Set the address that will be matched config network qos 2 policy 0 rule 0 src address value...

Page 401: ... s network address Format network interface defaultip network interface defaultlinklocal network interface eth1 network interface eth2 network interface loopback Current value config network qos 2 policy 0 rule 0 dst interface ii Set the interface For example config network qos 2 policy 0 rule 0 dst interface network interface eth1 config network qos 2 policy 0 rule 0 n address Only traffic destin...

Page 402: ... or any to match any IPv6 address Repeat to add a new rule Up to 30 rules can be configured 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 403: ...ate cellular module firmware 412 Reboot your AnywhereUSB Plus device 416 Erase device configuration and reset to factory defaults 418 Locate the device by using the Find Me feature 423 Configuration files 425 Schedule system maintenance tasks 430 Disable device encryption 434 Configure the speed of your Ethernet ports 437 AnywhereUSB Plus User Guide 403 ...

Page 404: ... system command n Show basic system information 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Enter show system at the prompt show system Model Digi AnywhereUSB Plus Serial Number AnywhereUSB Plus 000065 SKU AnywhereUSB Plus Hostname AnywhereUSB ...

Page 405: ...rsion 21 8 24 120 Alt Firmware Build Date Mon 13 September 2021 8 04 23 Bootloader Version 19 7 23 0 15f936e0ed Schema Version 715 Timezone UTC Current Time Mon 13 September 2021 8 04 23 0000 CPU 1 4 Uptime 6 days 6 hours 21 minutes 57 seconds 541317s Load Average 0 01 0 03 0 02 RAM Usage 119 554MB 1878 984MB 6 Temperature 40C Disk Load Average 0 09 0 10 0 08 RAM Usage 127 843MB 1880 421MB 6 Disk ...

Page 406: ...he name of a contact for the device 6 For Location type the location of the device 7 For Banner type a banner message that will be displayed when users log into terminal services on the device 8 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may b...

Page 407: ...lowing naming convention platform version bin For example AnywhereUSB Plus 21 8 24 120 bin Manage firmware updates using Digi Remote Manager If you have a network of many devices you can use Digi Remote Manager Profiles to manage firmware updates Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version For more ...

Page 408: ...lection menu Type admin to access the Admin CLI 2 Use the system firmware ota check command to determine if new modem firmware is available on the Digi firmware repository system firmware ota check Current firmware version is 21 5 56 129 Checking for latest AnywhereUSB Plus firmware Newest firmware version available to download is 21 8 24 120 Device firmware update from 21 5 56 129 to 21 8 24 120 ...

Page 409: ...use the version parameter to identify the appropriate firmware version as determined by using system firmware ota list command For example a Update the firmware system firmware ota update version 21 8 24 120 Downloading firmware version 21 8 24 120 Downloaded firmware tmp cli_firmware bin remaining Applying firmware version 21 8 24 120 41388K netflash got tmp cli_firmware bin length 42381373 netfl...

Page 410: ... Admin CLI 3 Load the firmware image onto the device scp host hostname or ip user username remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied to the AnywhereUSB Plus device n local path is t...

Page 411: ...t is used to boot the device n A copy of the firmware that was in use prior to your most recent firmware update When the device reboots it will attempt to use the current firmware version If the current firmware version fails to load after three consecutive attempts it is marked as invalid and the device will use the previous firmware version stored in the alternate memory bank If the device consi...

Page 412: ...ware Update cellular module firmware You can update modem firmware by downloading firmware from the Digi firmware repository or by uploading firmware from your local storage onto the device You can also schedule modem firmware updates See Schedule system maintenance tasks for details É WebUI 1 Optional Download the appropriate modem firmware from the Digi repository to your local machine 2 Log int...

Page 413: ...ere is new firmware available for your modem and performing an OTA modem firmware update 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the modem firmware ota check command to determine if new modem firmware is available on the Digi firmware r...

Page 414: ...on from the Digi firmware repository use the version parameter to identify the appropriate firmware version as determined by using modem firmware ota list command For example modem firmware ota update version 24 01 5x4_ATT Retrieving download location for modem firmware 24 01 5x4_ATT Downloading modem firmware 24 01 5x4_ATT to opt LE910C4_ NF Custom_Firmware Modem firmware 24 01 5x4_ATT downloaded...

Page 415: ...min CLI 2 Use the modem firmware check command to determine if new modem firmware is available on local device modem firmware check Checking for latest ATT firmware in flash Newest firmware version available in flash is 05 05 58 00_ATT_005 026_ 000 Modem firmware up to date 05 05 58 00_ATT_005 026_000 modem firmware check 3 Use the modem firmware list command to list available firmware on the Anyw...

Page 416: ...You may want to save your configuration settings to a file before rebooting See Save configuration to a file Reboot your device immediately É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 From the main menu click System 3 Click Reboot 4 Click Reboot to confirm that you want to reboot the device Command line 1 Log into the AnywhereUSB Plus command line as a user with Adm...

Page 417: ...boot window 5 For Reboot window enter the maximum random delay that will be added to Reboot Time Allowed values are any number of hours minutes or seconds and take the format number h m s For example to set parameter name to ten minutes enter 10m or 600s The default is 10m and the maximum allowed time is 24h 6 Click Apply to save the configuration and apply the change Command line 1 Log into the A...

Page 418: ...e change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Erase device configuration and reset to factory defaults You can erase the device configuration in the WebUI at the command line or by using the RESET button on the device Erasing the device conf...

Page 419: ... or by using an Ethernet cable to connect the AnywhereUSB Plus ETH2 port to your PC b Log into the AnywhereUSB Plus User name Use the default user name admin Password Use the unique password printed on the bottom label of the device or the printed label included in the package c Optional Reset the default password for the admin account See Change the default password for the admin user for further...

Page 420: ...aults After you restore the factory defaults on a Hub none of the existing AnywhereUSB Managers will be able to connect to the Hub When the Hub is restored the Hub creates a new Hub certificate which will not be accepted by the existing AnywhereUSB Managers 1 Locate the RESET button on your device n AnywhereUSB Plus 2 port The RESET button is on the front panel n AnywhereUSB Plus 8 port The RESET ...

Page 421: ...custom factory default settings This way when you erase the device s configuration the device will reset to your custom configuration rather than to the original factory defaults Note To clear the custom default configuration press the RESET button wait for the device to reboot then press the RESET button again Required configuration items n Custom factory default file É WebUI 1 Log into the Anywh...

Page 422: ...d download process 5 After the configuration backup file has been downloaded rename the file to custom default config bin 6 Upload the file to the device a From the main menu select System Filesystem b Under Default device configuration click c Select the file from your local file system Command line 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device ...

Page 423: ...he user LED blinks green then orange To use this feature É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 On the menu click System Under Administration click Find Me A notification message appears noting that the LED is flashing on the device Click the x in the message to close it 3 On the menu click System again Ablue circle next to Find Me is blinking indicating that t...

Page 424: ...ivate the Find Me feature at the prompt type the following at the command prompt system find me on 3 To deactivate the Find Me feature type the following at the command prompt system find me off 4 To determine the status of the Find Me feature type the following at the command prompt system find me status off ...

Page 425: ...which also applies the changes If you do not save configuration changes the system discards the changes É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Make any necessary configuration changes 4 Click Apply to save the configuration and apply the c...

Page 426: ...s and other information 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 On the main menu click System Under Configuration click Configuration Maintenance The Configuration Maintenance windows is displayed 3 In the Configuration backup section a Optional To encrypt the configuration using a passphrase for Passphrase save restore enter the passphrase b Click SAVE The file will be...

Page 427: ... or ip user username remote remote path local local path to remote where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the location on the remote host where the file will be copied n local path is the path and filename on the AnywhereUSB Plus device scp host 192 168 4 1 user admin remote home admin bin local...

Page 428: ...ented with an Access selection menu Type admin to access the Admin CLI 2 If the configuration backup is on a remote host use scp to copy the file from the host to your device scp host hostname or ip user username remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is...

Page 429: ... of the configuration backup file on the AnywhereUSB Plus s filesystem local path in the previous step n passphrase optional is the passphrase to restore the configuration backup if a passphrase was used when the backup was created For example system restore opt backup archive 0040FF800120 21 8 24 120 19 23 42 bin ...

Page 430: ... must be met n The tasks to be performed Options are l Firmware updates l Digi Remote Manager configuration check n Whether the device will check for updates to the device firmware n Whether the device will check for updates to the modem firmware n The frequency daily weekly or monthly that checks for firmware updates will run É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin...

Page 431: ...g of the specified hour c For Duration window select the amount of time that the maintenance tasks will be run If Immediately is selected all scheduled tasks will begin at the exact time specified in Start time d For Frequency select whether the maintenance window will be started every day or once per week n If Check if Python Out of Service is set the maintenance window will only start if the Pyt...

Page 432: ...a trigger config add system schedule maintenance trigger end config b Set the type of trigger config add system schedule maintenance trigger type value config where value is one of n interface_up If interface_up is set i Set the interface config add system schedule maintenance trigger interface value config ii i Use the to determine available interfaces config system schedule maintenance trigger 0...

Page 433: ...ration length is set to 24 hours the start time is effectively obsolete and the maintenance tasks will be scheduled to run at any time Setting the duration length to 24 hours can potentially overstress the device and should be used with caution l If the duration length is set to any value other than to 0 or 24 hours the maintenance tasks will run at a random time during the time allotted for the d...

Page 434: ...ther daily weekly or monthly daily is the default 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Disable device encryption You can disable the cryptography on your AnywhereUSB Plus device This can be used ...

Page 435: ...cess selection menu Type admin to access the Admin CLI 2 Disable encryption with the following command system disable cryptography 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Re enable cryptography after it has been disabled To re enable cryptography 1 Configure your PC network t...

Page 436: ...ubnet 255 255 255 0 n Gateway 192 168 210 1 2 Connect the PC s Ethernet port to the ETH1 Ethernet port on your AnywhereUSB Plus device 3 Open a telnet session and connect to the AnywhereUSB Plus device at the IP address of 192 168 210 1 4 Log into the device n Username admin n Password The default unique password for your device is printed on the device label 5 At the shell prompt type rm etc conf...

Page 437: ...detect the speed The default is Auto 6 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 A...

Page 438: ...lus User Guide 438 The default is auto 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 439: ...Monitoring This chapter contains the following topics intelliFlow 440 Configure NetFlow Probe 447 AnywhereUSB Plus User Guide 439 ...

Page 440: ...e over time intelliFlow charts are dymanic at any point you can click inside the chart to drill down to view more granular information and menu options allow you to change various aspects of the information being displayed Note When intelliFlow is enabled it adds an estimated 50MB of data usage for the device by reporting the metrics to Digi Remote Manager Enable intelliFlow Required configuration...

Page 441: ...menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable IntelliFlow config monitoring intelliflow enable true 4 Set the firewall zone Internal clients that are being monitored by IntelliFlow should be present on the specified zone a Determine available zones config monitoring intelliflow zone Zone The firewall zone which is assig...

Page 442: ... the zone to be used by IntelliFlow config monitoring intelliflow zone my_zone 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 443: ...g into the AnywhereUSB Plus WebUI as a user with Admin access 2 If you have not already done so enable intelliFlow See Enable intelliFlow 3 From the menu click Status intelliFlow The System Utilisation chart is displayed n Display more granular information 1 Click and drag over an area in the chart to zoom into that area and provide more granular information 2 Release to display the selected porti...

Page 444: ...elect the time period to be displayed n Save or print the chart 1 Click the menu icon É 2 To save the chart to your local filesystem select Export to PNG 3 To print the chart select Print chart Use intelliFlow to display top data usage information With intelliFlow you can display top data usage information based on the following n Top data usage by host n Top data usage by server n Top data usage ...

Page 445: ...splay the Top Data Usage by Server chart click Top Data Usage by Server n To display the Top Data Usage by Service chart click Top Data Usage by Service 5 Change the type of chart that is used to display the data a Click the menu icon É b Select the type of chart 6 Change the number of top users displayed You can display the top five top ten or top twenty data users ...

Page 446: ... Use intelliFlow to display data usage by host over time To generate a chart displaying a host s data usage over time É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 If you have not already done so enable intelliFlow See Enable intelliFlow 3 From the menu click Status intelliFlow 4 Click Host Data Usage Over Time n Display more granular information a Click and drag over...

Page 447: ...ctors Required configuration items n Enable NetFlow n The IP address of a NetFlow collector Additional configuration items n The NetFlow version n Enable flow sampling and select the flow sampling technique n The number of flows from which the flow sampler can sample n The number of seconds that a flow is inactive before it is exported to the NetFlow collectors n The number of seconds that a flow ...

Page 448: ...hod is used Each flow is accounted n Deterministic Selects every nth flow where n is the value of Flow sampler population n Random Randomly selects one out of every n flows where n is the value of Flow sampler population n Hash Randomly selects one out of every n flows using the hash of the flow key where n is the value of Flow sampler population 7 For Flow sampler population if you selected a flo...

Page 449: ...iguration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable NetFlow config monitoring netflow enable true config 4 Set the protocol version config monitoring netflow protocol version config where version is one of n v5 NetFlow v5 supports IPv4 only n v9 NetFlow v9 supports IPv4 ...

Page 450: ...e before sent to a collector config monitoring netflow inactive_timeout value config where value is any is any number between 1 and 15 The default is 15 7 Set the number of seconds that a flow can be active before sent to a collector config monitoring netflow active_timeout value config where value is any is any number between 1 and 1800 The default is 1800 8 Set the maximum number of flows to pro...

Page 451: ... a collector config monitoring netflow collector 0 Repeat to add additional collectors 10 Save the configuration and apply the change config monitoring netflow collector 0 save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 452: ... and set the sample interval 459 Enable event log upload to Digi Remote Manager 462 Log into Digi Remote Manager 463 Use Digi Remote Manager to view and manage your device 464 Add a device to Digi Remote Manager 465 View Digi Remote Manager connection status 465 Configure multiple devices using profiles 466 Learn more 466 AnywhereUSB Plus User Guide 452 ...

Page 453: ... Remote Manager go to www digi com products cloud digi remote manager To learn more about Remote Manager features and functions see the Digi Remote Manager User Guide Configure Digi Remote Manager By default your AnywhereUSB Plus device is configured to use central management using Digi Remote Manager Additional configuration options These additional configuration settings are not typically config...

Page 454: ...y interval to ten minutes enter 10m or 600s 8 Optional For Keep alive interval type the amount of time that the AnywhereUSB Plus device should wait between sending keep alive messages to remote cloud services when using a non cellular interface The default is 60 seconds Allowed values are any number of hours minutes or seconds and take the format number h m s For example to set Keep alive interval...

Page 455: ...led The default is disabled 13 Optional Enable Locally authenticate CLI to require a login and password to authenticate the user from the remote cloud services CLI If disabled no login prompt will be presented and the user will be logged in as admin The default is disabled 14 Optional Configure the AnywhereUSB Plus device to communicate with remote cloud services by using SMS a Click to expand Sho...

Page 456: ...mum value is ten seconds The default is 30 seconds config cloud drm retry_interval value where value is any number of hours minutes or seconds and takes the format number h m s For example to set the retry interval to ten minutes enter either 10m or 600s config cloud drm retry_interval 600s config 7 Optional Set the amount of time that the AnywhereUSB Plus device should wait between sending keep a...

Page 457: ...the amount of time to wait before restarting the connection to the remote cloud services once the connection is down where value is any number of hours minutes or seconds and takes the format number h m s For example to set restart_timeout to ten minutes enter either 10m or 600s config cloud drm restart_timeout 600s config The minimum value is 30 minutes and the maximum is 48 hours If not set this...

Page 458: ...ce identifier config cloud drm sms sercice_id id config 1 Optional Configure the AnywhereUSB Plus device to communicate with remote cloud services by using an HTTP proxy server a Enable the use of an HTTP proxy server config cloud drm proxy enable true config b Set the hostname of the proxy server config cloud drm proxy host hostname config c Optional Set the port number on the proxy server that t...

Page 459: ...enable it if it has been disabled or to change the health sample interval É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Monitoring Device Health 4 Optional Click to expand Data point tuning Data point tuning options allow to you configure w...

Page 460: ...loads is set to 60 minutes by default To change config monitoring devicehealth interval value config where value is one of 1 5 15 30 or 60 and represents the number of minutes between uploads of health sample data 5 By default the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded This is useful to reduce the bandwidth used to r...

Page 461: ... packets enable true config To disable a tuning parameter set its value to false For example to turn off all reporting for the serial port config monitoring devicehealth tuning all serial rx bytes enabled false config monitoring devicehealth tuning all serial tx bytes enabled false config 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CL...

Page 462: ... click Device Configuration The Configuration window is displayed 3 Click Monitoring Device event logs 4 Click Enable event log uploads 5 For Device event log upload interval select the interval between health sample uploads 6 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on you...

Page 463: ...loads of health sample data 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Log into Digi Remote Manager To start Digi Remote Manager 1 If you have not already done so click here to sign up for a Digi Remot...

Page 464: ...vice To view and manage your device 1 If you have not already done so connect to your Digi Remote Manager account 2 Click Device Management to display a list of your devices 3 Use the Search bar to locate the device you want to manage 4 Select the device and click Properties to view general information for the device 5 Click the More menu to perform a task ...

Page 465: ...ount and it appears in the Device Management view View Digi Remote Manager connection status To view the current Digi Remote Manager configuration É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 The dashboard includes a Digi Remote Manager status pane Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your devi...

Page 466: ...lly if you want to provision multiple AnywhereUSB Plus routers 1 Using the AnywhereUSB Plus local WebUI configure one AnywhereUSB Plus router to use as the model configuration for all subsequent AnywhereUSB Pluss you need to manage 2 Register the configured AnywhereUSB Plus device in your Digi Remote Manager account 3 In Digi Remote Manager create a profile based on the configured AnywhereUSB Plus...

Page 467: ...ort 468 View system and event logs 470 Configure syslog servers 474 Configure options for the event and system logs 476 Analyze network traffic 481 Use the ping command to troubleshoot network connections 498 Use the traceroute command to diagnose IP routing problems 498 AnywhereUSB Plus User Guide 467 ...

Page 468: ...download average 44 7588 Mbps Rx latency 30 05 ms 3 To output the result in json format use the output parameter speedtest host output json tx_avg 51 8510 tx_avg_units Mbps tx_latency 31 07 tx_latency_units ms rx_avg 39 5770 rx_avg_units Mbps rx_latency 34 19 rx_latency_units ms 4 To change the size of the speedtest packet use the size parameter speedtest host size int 5 By default the speedtest u...

Page 469: ...n menu Type admin to access the Admin CLI 2 Use the system support report command to generate the report system support report var log Saving support report to var log support report 0040D0133536 21 09 13 8 04 23 bin Support report saved 3 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var log support report 00 40 D0 13 35 3...

Page 470: ...bout configuring the information displayed in event and system logs View System Logs É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 On the main menu click System Logs The system log displays 3 Limit the display in the system log by using the Find search tool 4 Use filters to configure the types of information displayed in the system logs ...

Page 471: ...e the show log number num command to limit the number of lines that are displayed For example to limit the log to the most recent ten lines show log number 10 Timestamp Message Nov 26 21 54 34 AnywhereUSB Plus netifd Interface interface_wan is setting up now Nov 26 21 54 35 AnywhereUSB Plus firewalld 621 reloading status 4 Optional Use the show log filter value command to limit the number of lines...

Page 472: ... quit to disconnect from the device View Event Logs É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 On the main menu click System Logs 3 Click System Logs to collapse the system logs viewer or scroll down to Events 4 Click Ú Events to expand the event viewer 5 Limit the display in the event log by using the Find search tool 6 Click to download the event log Command line...

Page 473: ...the event list to the most recent ten lines show event number 10 Timestamp Type Category Message Nov 26 21 42 37 status stat intf eth1 type ethernet rx 11332435 tx 5038762 Nov 26 21 42 35 status system local_time Thu 08 Aug 2019 21 42 35 0000 uptime 3 hours 0 minutes 48 seconds 4 Optional Use the show event table value command to limit the number of lines that are displayed Allowed values are erro...

Page 474: ...th full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Log 4 Add and configure a remote syslog server a Click to expand Server list b For Add Server click g The log server configuration window is displayed Log servers are enabled by default To disable click to toggle off Enable c Type the host name ...

Page 475: ...ywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Optional To configure remote syslog servers a Add a remote server config add system log remote end config system log remote 0 b E...

Page 476: ... log remote 0 protocol value config system log remote 0 where value is either tcp or udp The default is udp 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure options for the event and system logs Th...

Page 477: ... To disable event categories or to enable them if they have been disabled a Click to expand Event Categories b Click an event category to expand c Depending on the event category you can enable or disable informational events status events and error events Some categories also allow you to set the Status interval which is the time interval between periodic status events 6 Optional See Configure sy...

Page 478: ...and takes the format number w d h m s For example to set the heartbeat interval to ten minutes enter either 10m or 600s config system log heartbeat_interval 600s config To disable the heartbeat interval set the value to 0s 4 Enable preserve system logs functionality to save the current session s system log after a reboot By default the AnywhereUSB Plus device erases system logs each time the devic...

Page 479: ...e or disable informational events status events and error events Some categories also allow you to set the status interval which is the time interval between periodic status events For example to configure DHCP server logging i Use the question mark to determine what events are available for DHCP server logging configuration config system log event dhcpserver DHCP server Settings for DHCP server e...

Page 480: ...econds and takes the format number w d h m s For example to set the status interval to ten minutes enter either 10m or 600s config system log event dhcpserver status_interval 600s config 6 Optional See Configure syslog servers for information about configuring remote syslog servers to which log messages will be sent 7 Save the configuration and apply the change config save Configuration saved 8 Ty...

Page 481: ...To perform a more detailed analysis you can download the captured data traffic from the device and view it using a third party application Note Data traffic is captured to RAM and the captured data is lost when the device reboots unless you save the data to a file See Save captured data traffic to a file This section contains the following topics Configure packet capture for the network analyzer 4...

Page 482: ...ified event or at a particular time l The events or time that will trigger the analyzer to run using this capture configuration l The amount of time that the analyzer session will run l The frequency with which captured events will be saved To configure a packet capture configuration É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Un...

Page 483: ...rk By default is option is disabled which means that the filter will capture packets from this IP address network vi Click g to add additional IP address network filters c To create a filter that either captures or ignores packets that use a particular IP protocol i Click to expand Filter IP protocols ii Click g to add an IP protocol iii For IP protocol to capture or ignore select the protocol If ...

Page 484: ...ure packets that use this port vi Click g to add additional MAC address filters f To create a filter that either captures or ignores packets from one or more VLANs i Click to expand Filter VLANs ii Click g to add a VLAN iii For The VLAN to capture or ignore type the number of the VLAN iv Click Ignore this VLAN if the filter should ignore packets that use this port By default is option is disabled ...

Page 485: ...uring the system maintenance time window b Enable the capture filter schedule c For Duration type the amount of time that the scheduled analyzer session will run Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Duration to ten minutes enter 10m or 600s d For Save interval type the frequency with which captured events will ...

Page 486: ...etwork analyzer name filter address 0 ii Set the IPv4 or IPv6 address and optional netmask config network analyzer name filter address 0 address ip_ address netmask config network analyzer name filter address 0 iii Set whether the filter should apply to packets when the IP address network is the source the destination or both config network analyzer name filter address 0 match value config network...

Page 487: ...t the protocol config network analyzer name filter protocol 0 protocol value config network analyzer name filter protocol 0 iv If other is set for the protocol set the number of the protocol config network analyzer name filter protocol 0 protocol_other value config network analyzer name filter protocol 0 where value is an integer between 1 and 255 and represents the the number of the protocol v Op...

Page 488: ...ional Set the filter should ignore packets from this port config network analyzer name filter port 0 ignore true config network analyzer name filter port 0 By default is option is set to false which means that the filter will capture packets from this port v Repeat these steps to add additional port filters d To create a filter that either captures or ignores packets from one or more specified MAC...

Page 489: ...et the VLAN that should be be captured or ignored config network analyzer name filter vlan 0 vlan value config network analyzer name filter vlan 0 where value is number o the VLAN iii Optional Set the filter should ignore packets from this VLAN config network analyzer name filter vlan 0 ignore true config network analyzer name filter vlan 0 By default is option is set to false which means that the...

Page 490: ..._time Runs the script at a specified time of the day If set_time is set set the time that the script should run using the format HH MM config network analyzer name run_time HH MM config network analyzer name n maintenance_time The script will run during the system maintenance time window c Set the amount of time that the scheduled analyzer session will run config network analyzer name duration val...

Page 491: ...pf html for detailed information about BPF syntax Example IPv4 capture filters n Capture traffic to and from IP host 192 168 1 1 ip host 192 168 1 1 n Capture traffic from IP host 192 168 1 1 ip src host 192 168 1 1 n Capture traffic to IP host 192 168 1 1 ip dst host 192 168 1 1 n Capture traffic for a particular IP protocol ip proto protocol where protocol is a number in the range of 1 to 255 or...

Page 492: ...ring Additional analyzer commands allow you to n Stop capturing packets n Save captured data traffic to a file n Clear captured data Required configuration items n A configured packet capture See Configure packet capture for the network analyzer for packet capture configuration information To start packet capture from the command line Command line 1 Log into the AnywhereUSB Plus command line as a ...

Page 493: ...n Access selection menu Type admin to access the Admin CLI 2 Type the following at the Admin CLI prompt analyzer stop name capture_filter where capture_filter is the name of a packet capture configuration See Configure packet capture for the network analyzer for more information To determine available packet capture configurations use the analyzer stop name name Name of the capture filter to use F...

Page 494: ...tured Length 60 bytes Received on interface eth1 00 40 ff 80 01 20 b4 b6 86 21 b5 73 08 00 45 00 s E 00 28 3d 36 40 00 80 06 14 bc 0a 0a 4a 82 0a 0a 6 J 4a 48 cd ae 00 16 a4 4b ff 5f ee 1f d8 23 50 10 JH K _ P 08 02 c7 40 00 00 00 00 00 00 00 00 Ethernet Header Destination MAC Addr 00 40 D0 13 35 36 Source MAC Addr fb 03 53 05 11 2f Ethernet Type IP 0x0800 IP Header IP Version 4 Header Length 20 b...

Page 495: ... captured traffic data to a file use the analyzer save command Command line 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Type the following at the Admin CLI prompt analyzer save filename filename name capture_filter where n filename is the name ...

Page 496: ... download the file from the WebUI or from the command line by using the scp secure copy file command É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 On the menu click System Under Administration click File System The File System page appears 3 Highlight the analyzer directory and click d to open the directory 4 Select the saved analyzer report you want to download and c...

Page 497: ...ote home maria local etc config analyzer eth0 pcpng to remote maria 192 168 210 2 s password eth0 pcpng 100 11KB 851 3KB s 00 00 Clear captured data To clear captured data traffic in RAM use the analyzer clear command Command line 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type a...

Page 498: ...ce configuration you may be presented with an Access selection menu Type quit to disconnect from the device Stop ping commands To stop pings when the number of pings to send the count parameter has been set to a high value enter Ctrl C Use the traceroute command to diagnose IP routing problems Use the traceroute command to diagnose IP routing problems This command traces the route to a remote IP h...

Page 499: ...ng hops were required to reach the host 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt use the traceroute command to view IP routing information traceroute 8 8 8 8 traceroute to 8 8 8 8 8 8 8 8 30 hops max 52 byte packets 1...

Page 500: ...SB Plus local file system 501 Display directory contents 501 Create a directory 502 Display file contents 503 Copy a file or directory 503 Move or rename a file or directory 504 Delete a file or directory 505 Upload and download files 506 AnywhereUSB Plus User Guide 500 ...

Page 501: ...across reboots but are deleted if a factory reset of the system is performed See Erase device configuration and reset to factory defaults for more information Display directory contents To display directory contents by using the WebUI or the Admin CLI É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 On the menu click System Under Administration click File System The File...

Page 502: ...ing the name of the directory For example 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type mkdir path dir_name For example to create a directory named temp in etc config mkdir etc config temp 3 Verify that the directory ...

Page 503: ...J0XT Rgr6ewr1yerHtXQdbafsatGswKg0YUm schema version 461 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Copy a file or directory This procedure is not available through the WebUI To copy a file or directory by using the Admin CLI use the cp command specifying the existing path and fi...

Page 504: ...to final py 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type mv etc config scripts test py etc config scripts final py 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an...

Page 505: ...est py in etc config scripts 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type rm etc config scripts test py rm remove etc config scripts test py yes 3 Type exit to exit the Admin CLI Depending on your device configuratio...

Page 506: ...using the WebUI or from the command line by using the scp Secure Copy command or by using a utility such as SSH File Transfer Protocol SFTP or an SFTP application like FileZilla Upload and download files by using the WebUI Upload files 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 On the menu click System Under Administration click File System The File System page appears 3 H...

Page 507: ...host to the AnywhereUSB Plus device use the scp command as follows scp host hostname or ip user username remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied to the AnywhereUSB Plus device n l...

Page 508: ...report 00 40 D0 13 35 36 21 09 13 8 04 23 bin to remote admin 192 168 4 1 s password adminpwd support report 0040D0133536 21 09 13 8 04 23 bin Upload and download files using SFTP Transfer a file from a remote host to the AnywhereUSB Plus device This example uploads firmware from a remote host to the AnywhereUSB Plus device with an IP address of 192 168 2 1 using the username ahmed sftp ahmed 192 ...

Page 509: ...File system Upload and download files AnywhereUSB Plus User Guide 509 sftp exit ...

Page 510: ...Routing This chapter contains the following topics IP routing 511 Show the routing table 528 Dynamic DNS 529 Virtual Router Redundancy Protocol VRRP 534 AnywhereUSB Plus User Guide 510 ...

Page 511: ...ute for the destination it forwards the IP packet to the configured IP gateway or interface 3 If it cannot find a route for the destination it uses a default route 4 If there are two or more routes to a destination the device uses the route with the longest mask 5 If there are two or more routes to a destination with the same mask the device uses the route with the lowest metric This section conta...

Page 512: ...stination n The metric for the route When multiple routes are available to reach the same destination the route with the lowest metric is used n The Maximum Transmission Units MTU of network packets using this route To configure a static route É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configurat...

Page 513: ...ric is used 10 Optional For MTU type the Maximum Transmission Units MTU of network packets using this route 11 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At th...

Page 514: ...value config network route static 0 interface b Set the interface For example config network route static 0 interface network interface eth1 config network route static 0 7 Optional Set the IPv4 address of the gateway used to reach the destination Set to blank if the destination can be accessed without a gateway config network route static 0 gateway IPv4_address config network route static 0 8 Opt...

Page 515: ...splayed 3 Click Network Routes Static routes 4 Click the menu icon for a static route and select Delete 5 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the com...

Page 516: ... based routing to forward the packet based on other criteria such as the source of the packet For example you can configure the AnywhereUSB Plus device so that high priority traffic is routed through the cellular connection while all other traffic is routed through an Ethernet WAN connection Policy based routing for the AnywhereUSB Plus device uses the following criteria to determine how to route ...

Page 517: ...o tcp or udp n The network interface used to reach the destination Additional configuration items n A label for the routing policy n Whether packets that match this policy should be dropped when the gateway interface is disconnected rather than forwarded through other interfaces To configure a routing policy É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On...

Page 518: ...nterface Matches the source IP address to the selected interface s network address n IPv4 address Matches the source IP address to the specified IP address or network Use the format IPv4_address netmask or use any to match any IPv4 address n IPv6 address Matches the source IP address to the specified IP address or network Use the format IPv6_address prefix_length or use any to match any IPv6 addre...

Page 519: ...nd config network route policy 0 New route policies are enabled by default To disable config network route policy 0 enable false config network route policy 0 4 Optional Set the label that will be used to identify this route policy config network route policy 0 label New route policy config network route policy 0 5 Set the interface on the AnywhereUSB Plus device that will be used with this route ...

Page 520: ...pv4 or ipv6 8 Set the protocol config network route policy 0 protocol value config network route policy 0 where value is one of n any All protocols are matched n tcp Source and destination ports are matched a Set the source port config network route policy 0 src_port value config network route policy 0 where value is the port number or the keyword any to match any port as the source port b Set the...

Page 521: ...ute policy 0 src type value config network route policy 0 where value is one of n zone Matches the source IP address to the selected firewall zone Set the zone a Use the to determine available zones config network route policy 0 src zone Zone Match the IP address to the specified firewall zone Format any dynamic_routes edge external internal ipsec loopback setup Default value any Current value any...

Page 522: ...work Set the address that will be matched config network route policy 0 src address value config network route policy 0 where value uses the format IPv4_address netmask or any to match any IPv4 address n address6 Matches the source IPv6 address to the specified IP address or network Set the address that will be matched config network route policy 0 src address6 value config network route policy 0 ...

Page 523: ...e policy 0 dst zone external config network route policy 0 See Firewall configuration for more information about firewall zones n interface Matches the destination IP address to the selected interface s network address Set the interface a Use the to determine available interfaces config network route policy 0 dst interface Interface The network interface Format network interface defaultip network ...

Page 524: ...he address that will be matched config network route policy 0 dst address6 value config network route policy 0 where value uses the format IPv6_address prefix_length or any to match any IPv6 address n mac Matches the destination MAC address to the specified MAC address Set the MAC address to be matched config network route policy 0 dst mac MAC_address config network route policy 0 11 Save the conf...

Page 525: ...The IPv6 Routing Information Protocol RIP service supports RIPng RFC2080 OSPFv2 The IPv4 Open Shortest Path First OSPF service supports OSPFv2 RFC2328 OSPFv3 The IPv6 Open Shortest Path First OSPF service supports OSPFv3 RFC2740 BGP The Border Gateway Protocol BGP service supports BGP 4 RFC1771 IS IS The IPv4 and IPv6 Intermediate System to Intermediate System IS IS service Configure routing servi...

Page 526: ...k with routing services and should be left as the default 5 Configure the routing services that will be used a Click to expand a routing service b Enable the routing service c Complete the configuration of the routing service 6 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on yo...

Page 527: ...Enable zone dynamic_routes Zone Additional Configuration bgp BGP isis IS IS ospfv2 OSPFv2 ospfv3 OSPFv3 rip RIP ripng RIPng config b Enable a routing service that will be used For example to enable the RIP service config network route service rip enable true config c Complete the configuration of the routing service For example use the to view the available parameters for the RIP service config ne...

Page 528: ...Status Routes The Network Routing window is displayed 4 Click IPv4 Load Balance to view IPv4 load balancing 5 Click IPv6 Load Balance to view IPv6 load balancing Command line 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt t...

Page 529: ...ell as the ability to provide a custom provider that is not included on the list of providers Configure dynamic DNS This section describes how to cofigure dynamic DNS on a AnywhereUSB Plus device Required configuration items n Add a new Dynamic DNS service n The interface that has its IP address registered with the Dynamic DNS provider n The name of a Dynamic DNS provider n The domain name that is...

Page 530: ...lect the interface that has its IP address registered with the Dynamic DNS provider 6 For Service select the Dynamic DNS provider or select custom to enter a custom URL for the Dynamic DNS provider 7 If custom is selected for Service type the Custom URL that should be used to update the IP address with the Dynamic DNS provider 8 Type the Domain name that is linked to the interface s IP address 9 T...

Page 531: ...Optional For Retry count type the number of times to retry a failed IP address update 14 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type co...

Page 532: ...S service Format custom 3322 org changeip com ddns com br dnsdynamic org Default value custom Current value custom config network ddns new_ddns_instance service b Set the service config network ddns new_ddns_instance service service_name config network ddns new_ddns_instance 6 If custom is configured for service set the custom URL that should be used to update the IP address with the Dynamic DNS p...

Page 533: ...10m 11 Optional Set the amount of time to wait to force an update of the interface s IP address config network ddns new_ddns_instance force_interval value config network ddns new_ddns_instance where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set force_interval to ten minutes enter either 10m or 600s config network ddns new_ddns_i...

Page 534: ...igured as VRRP devices and assigned a priority The router with the highest priority will be used as the master router If the master router fails then the IP address of the virtual router is mapped to the backup device with the next highest priority Each VRRP router is configured with a unique LAN IP address and the same shared VRRP address VRRP VRRP is an extension to the VRRP standard that uses n...

Page 535: ...nnectivity É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network VRRP 4 For Add VRRP instance type a name for the VRRP instance and click g The new VRRP instance configuration is displayed 5 Click Enable 6 For Interface select the interface...

Page 536: ...dress c For Virtual IP type the IPv4 or IPv6 address for a virtual IP of this VRRP instance d Optional Repeat to add additional virtual IPs 11 See Configure VRRP for information about configuring VRRP 12 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration ...

Page 537: ...n the group The router with the highest priority will be used as the master router If the master router fails then the IP address of the virtual router is mapped to the backup device with the next highest priority If this device s actual IP address is being used as the virtual IP address of the VRRP pool then the priority of this device should be set to 255 Allowed values are from 1 and 255 and it...

Page 538: ...nformation l Enable VRRP l WAN interfaces to be monitored by using VRRP Note SureLink is enabled by default on all WAN interfaces and should not be disabled on the WAN interfaces that are being monitored by VRRP If multiple WAN interfaces are being monitored on the same device the VRRP priority will be adjusted only if all WAN interfaces fail SureLink tests l The amount that the VRRP priority will...

Page 539: ...onal Click g again to add additional interfaces 8 Optional For backup devices click to enable Monitor VRRP master This parameter allows a backup VRRP device to monitor the master device and increase its priority when the master device is failing SureLink tests This can allow a device functioning as a backup device to promote itself to master 9 For Priority modifier type or select the amount that t...

Page 540: ...e LAN1 c For backup devices for Default Gateway type the IP address of the VRRP interface on the master device d Configure the VRRP interface s DHCP server to use a custom gateway that corresponds to one of the VRRP virtual IP addresses i Click to expand DHCP Server Advanced settings ii For Gateway select Custom iii For Custom gateway enter the IP address of one of the virtual IPs used by this VRR...

Page 541: ...e test target For example to configure SureLink to verify internet connectivity on the LAN by pinging my devicecloud com i For Test Type select Ping test ii For Ping host type my devicecloud com 11 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you ma...

Page 542: ...er between 1 and 254 The default is 10 Along with the priority settings for devices in this VRRP pool the amount entered here should be large enough to automatically demote a master device when SureLink connectivity fails For example if the VRRP master device has a priority of 100 and the backup device has a priority of 80 then weight should be set to an amount greater than 20 so that if SureLink ...

Page 543: ...2 ipv4 gateway 192 168 3 1 config c For backup devices enable and configure SureLink on the VRRP interface i Determine the VRRP interface Generally this should be a LAN interface VRRP will then monitor the LAN using SureLink to determine if the interface has network connectivity and promote a backup to master if SureLink fails config show network vrrp VRRP_test interface network interface eth2 con...

Page 544: ...rface eth2 ipv4 surelink target 0 n dns Tests connectivity by sending a DNS query to the specified DNS server l Specify the DNS server Allowed value is the IP address of the DNS server config network interface eth2 ipv4 surelinktarget 0 dns_server ip_address config network interface eth2 ipv4 surelinktarget 0 n dns_configured Tests connectivity by sending a DNS query to the DNS servers configured ...

Page 545: ...is considered to have failed config network interface eth2 ipv4 surelink target 0 interface_timeout value config network interface eth2 ipv4 surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interface_timeout to ten minutes enter either 10m or 600s config network interface eth2 ipv4 surelink target 0 interfac...

Page 546: ...P on device one 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network VRRP 4 For Add VRRP instance type a name for the VRRP instance and click g The new VRRP instance configuration is displayed ...

Page 547: ... Virtual IP addresses 10 Click g to add a virtual IP address 11 For Virtual IP type 192 168 3 3 Task 2 Configure VRRP on device one 1 Click to expand VRRP 2 Click Enable 3 Click to expand Monitor interfaces 4 Click g to add an interface for monitoring 5 Select Interface Modem 6 For Priority modifier type 30 Task 3 Configure the IP address for the VRRP interface ETH2 on device one 1 Click Network I...

Page 548: ...mand line Task 1 Configure VRRP on device one 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Create the VRRP instance config add network vrrp VRRP_test config ...

Page 549: ...creased or increased due to SureLink connectivity failure or success to 30 config network vrrp VRRP_test network vrrp VRRP_test vrrp_plus weight 30 config network vrrp VRRP_test Task 3 Configure the IP address for the VRRP interface ETH2 on device one 1 Type to return to the root of the config prompt config network vrrp VRRP_test config 2 Set the IP address for ETH2 config network interface eth2 i...

Page 550: ...Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure device two backup device É WebUI Task 1 Configure VRRP on device two 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device...

Page 551: ...sk 2 Configure VRRP on device two 1 Click to expand VRRP 2 Click Enable 3 Click to expand Monitor interfaces 4 Click g to add an interface for monitoring 5 Select Interface Modem 6 Click to enable Monitor VRRP master 7 For Priority modifier type 30 Task 3 Configure the IP address for the VRRP interface ETH2 on device two 1 Click Network Interfaces ETH2 IPv4 2 For Address type 192 168 3 2 24 3 For ...

Page 552: ...targets Test target 5 For Test Type select Ping test 6 For Ping host type my devicecloud com Task 5 Configure the DHCP server for ETH2 on device two 1 Click to expand Network Interfaces ETH2 IPv4 DHCP Server 2 For Lease range start type 200 3 For Lease range end type 250 4 Click Advanced settings 5 For Gateway select Custom 6 For Custom gateway enter 192 168 3 3 7 Click Apply to save the configura...

Page 553: ...etwork interface eth2 config network vrrp VRRP_test 6 Add the virtual IP address associated with this VRRP instance config network vrrp VRRP_test add virtual_address end 192 168 3 3 config network vrrp VRRP_test Task 2 Configure VRRP on device two 1 Enable VRRP config network vrrp VRRP_test vrrp_plus enable true config network vrrp VRRP_test 2 Add the interface to monitor config network vrrp VRRP_...

Page 554: ... enable true config 2 Create a SureLink test target config add network interface eth2 ipv4 surelink target end config network interface eth2 ipv4 surelink target 0 3 Set the type of test to ping config network interface eth2 ipv4 surelink target 0 test ping config network interface eth2 ipv4 surelink target 0 4 Set my devicecloud com as the hostname to ping config network interface eth2 ipv4 surel...

Page 555: ...d apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show VRRP status and statistics This section describes how to display VRRP status and statistics for a AnywhereUSB device VRRP status is available from the Web UI only É WebUI 1 Log int...

Page 556: ...atus Proto State Virtual IP VRRP_test Up IPv4 Backup 10 10 10 1 VRRP_test Up IPv4 Backup 100 100 100 1 3 To display additional information about a specific VRRP instance at the Admin CLI prompt type show vrrp name name show vrrp name VRRP_test VRRP_test VRRP Status Enabled True Status Up Interface lan IPv4 Virtual IP address es 10 10 10 1 100 100 100 1 Current State Master Current Priority 100 Las...

Page 557: ...rely connect two private networks together so that devices can connect from one network to the other using secure channels This chapter contains the following topics IPsec 558 OpenVPN 607 Generic Routing Encapsulation GRE 638 NEMO 658 L2TPv3 665 AnywhereUSB Plus User Guide 557 ...

Page 558: ... has limitations when using an authentication header because the IP addresses in the IP header cannot be translated for example with Network Address Translation NAT as it would invalidate the authentication hash value Internet Key Exchange IKE settings IKE is a key management protocol that allows IPsec to negotiate the security associations SAs that are used to create the secure IPsec tunnel Both ...

Page 559: ...nywhereUSB Plus device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key Certificate based Authentication X 509 certificate based authentication makes use of private keys on both the server and client which are secured and never shared Both the server and client have a certificate which is generated with their respective private key and signed by a ...

Page 560: ... are not typically configured to get an IPsec tunnel working but can be configured as needed n Determine whether the device should use UDP encapsulation even when it does not detect that NAT is being used n If using IPsec failover identify the primary tunnel during configuration of the backup tunnel n The Network Address Translation NAT keep alive time n The protocol either Encapsulating Security ...

Page 561: ...fore the IPsec tunnel is renegotiated Note if the remote networks for an IPsec tunnel overlap with the networks for a WAN internet connection wired cellular or otherwise you must configure a static route to direct the traffic either through the IPsec tunnel or through the WAN outside of the IPsec tunnel See Configure a static route for information about configuring a static route ...

Page 562: ...pe a name for the tunnel and click g The new IPsec tunnel configuration is displayed 6 The IPsec tunnel is enabled by default To disable click Enable 7 Optional Preferred tunnel provides an optional mechanism for IPsec failover behavior See Configure IPsec failover for more information 8 Optional Enable Force UDP encapsulation to force the tunnel to use UDP encapsulation even when it does not dete...

Page 563: ...ure IPsec failover for more information 11 Select the Mode either n Tunnel mode The entire IP packet is encrypted and or authenticated and then encapsulated as the payload in a new IP packet n Transport mode Only the payload of the IP packet is encrypted and or authenticated The IP header is unencrypted 12 Select the Protocol either n ESP Encapsulating Security Payload Provides encryption as well ...

Page 564: ...icate with the remote peer i For Private key paste the device s private RSA key in PEM format ii Type the Private key passphrase that is used to decrypt the private key Leave blank if the private key is not encrypted iii For Certificate paste the local X 509 certificate in PEM format iv For Peer verification select either l Peer certificate For Peer certificate paste the peer s X 509 certificate i...

Page 565: ... ID This can be a fully qualified domain name or an IPv6 address n RFC822 Email The ID will be interpreted as an RFC822 email address For RFC822 ID value type the ID in internet email address format n FQDN The ID will be interpreted as FQDN Fully Qualified Domain Name and sent as an ID_FQDN IKE identity For FQDN ID value type the ID as an FQDN n KeyID The ID will be interpreted as a Key ID and sen...

Page 566: ...ed domain name or an IPv4 address n IPv6 The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ ADDR IKE identity For IPv6 ID value type an IPv6 formatted ID This can be a fully qualified domain name or an IPv6 address n RFC822 Email The ID will be interpreted as an RFC822 email address For RFC822 ID value type the ID in internet email address format n FQDN The ID will be interprete...

Page 567: ... Remote network enter the IP address and optional netmask of the remote network The keyword any can also be used 20 Click to expand IKE a For IKE version select either IKEv1 or IKEv2 This setting must match the peer s IKE version b Initiate connection instructs the device to initiate the key exchange rather than waiting for an incoming request This must be disabled if Remote endpoint Hostname is s...

Page 568: ...s hours minutes or seconds and take the format number w d h m s For example to set Lifetime margin to ten minutes enter 10m or 600s i Click to expand Phase 1 Proposals i Click g to create a new phase 1 proposal ii For Cipher select the type of encryption iii For Hash select the type of hash to use to verify communication integrity iv For Diffie Hellman group select the type of Diffie Hellman group...

Page 569: ...next to Add NAT destination b For Destination network type the IPv4 address and optional netmask of a destination network that requires source NAT You can also use any meaning that any destination network connected to the tunnel will use source NAT 23 See Configure SureLink active recovery for IPsec for information about IPsec Active recovery 24 Optional Click Advanced to set various IPsec related...

Page 570: ... false config vpn ipsec tunnel ipsec_example 4 Optional Set the tunnel to use UDP encapsulation even when it does not detect that NAT is being used config vpn ipsec tunnel ipsec_example force_udp_encap true config vpn ipsec tunnel ipsec_example 5 Set the firewall zone for the IPsec tunnel Generally this should be left at the default of ipsec config vpn ipsec tunnel ipsec_example zone zone config v...

Page 571: ...more than one active route matches a destination the route with the lowest metric is used The metric can also be used in tandem with SureLink to configure IPsec failover behavior See Configure IPsec failover for more information config vpn ipsec tunnel ipsec_example metric value config vpn ipsec tunnel ipsec_example where value is any integer between 0 and 65535 7 Set the mode config vpn ipsec tun...

Page 572: ...el ipsec_example n asymmetric secrets Uses asymmetric pre shared keys to authenticate with the remote peer a Set the local pre shared key This must be the same as the remote key on the remote host config vpn ipsec tunnel ipsec_example auth local_secret key config vpn ipsec tunnel ipsec_example b Set the remote pre shared key This must be the same as the local key on the remote host config vpn ipse...

Page 573: ...local X 509 certificate in PEM format config vpn ipsec tunnel ipsec_example auth cert certificate config vpn ipsec tunnel ipsec_example d Set the method for verifying the peer s X 509 certificate config vpn ipsec tunnel ipsec_example auth peer_verify value config vpn ipsec tunnel ipsec_example where value is either l cert Uses the peer s X 509 certificate in PEM format for verification o For the p...

Page 574: ...able true config vpn ipsec tunnel ipsec_example 13 Configure the local endpoint a Set the method for determining the local network interface config vpn ipsec tunnel ipsec_example local type value config vpn ipsec tunnel ipsec_example where value is either n defaultroute Uses the same network interface as the default route n interface Select the Interface to be used as the local endpoint b Set the ...

Page 575: ... fqdn The ID will be interpreted as FQDN Fully Qualified Domain Name and sent as an ID_FQDN IKE identity n keyid The ID will be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity Set the key ID config vpn ipsec tunnel ipsec_example local id type keyid_id id config vpn ipsec tunnel ipsec_example n mac_address The device s MAC address will be used for the Key ID and sent as an ID_KEY_ID I...

Page 576: ... the value of the tunnels endpoints n raw Enter an ID and have it passed unmodified to the underlying IPsec stack Set the unmodified ID that will be passed config vpn ipsec tunnel ipsec_example remote id type raw_id id config vpn ipsec tunnel ipsec_example n any Any ID will be accepted n ipv4 The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity Set an IPv4 formatt...

Page 577: ...ings a Set the IKE version config vpn ipsec tunnel ipsec_example ike version value config vpn ipsec tunnel ipsec_example where value is either ikev1 or ikev2 This setting must match the peer s IKE version b Determine whether the device should initiate the key exchange rather than waiting for an incoming request By default the device will initiate the key exchange This must be disabled if remote ho...

Page 578: ...sec tunnel ipsec_example ike phase1_lifetime 600s config vpn ipsec tunnel ipsec_example The default is three hours g Set the amount of time that the IKE security association expires after a successful negotiation and must be rekeyed config vpn ipsec tunnel ipsec_example ike phase2_lifetime value config vpn ipsec tunnel ipsec_example where value is any number of weeks days hours minutes or seconds ...

Page 579: ...tunnel ipsec_example ike phase1_proposal 0 where value is one of md5 sha1 sha256 sha384 or sha512 The default is sha1 iv Set the type of Diffie Hellman group to use for key exchange during phase 1 config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 dh_ group value config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 where value is one of ecp384 modp768 modp1024 modp1536 modp2048 mod...

Page 580: ..._example ike phase2_proposal 0 hash value config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 where value is one of md5 sha1 sha256 sha384 or sha512 The default is sha1 v Set the type of Diffie Hellman group to use for key exchange during phase 2 config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 dh_ group value config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 where val...

Page 581: ...it for a response from a dead peer packet before assuming the tunnel has failed The default is 90 config vpn ipsec tunnel ipsec_example dpd timeout value config 17 Optional Create a list of destination networks that require source NAT a Add a destination network config add vpn ipsec tunnel ipsec_example nat end config vpn ipsec tunnel ipsec_example nat 0 b Set the IPv4 address and optional netmask...

Page 582: ...ust be set when Type is set to Address Format defaultip defaultlinklocal eth1 eth2 loopback Current value config vpn ipsec tunnel ipsec_example policy 0 local address ii Set the interface For example config vpn ipsec tunnel ipsec_example policy 0 local address eth1 config vpn ipsec tunnel ipsec_example policy 0 n network The subnet of a local network interface Set the network i Use the to determin...

Page 583: ...te network The keyword any can also be used config vpn ipsec tunnel ipsec_example policy 0 remote network value config vpn ipsec tunnel ipsec_example policy 0 19 Optional You can also configure various IPsec related time out keep alive and related values a Change to the root of the configuration schema config vpn ipsec tunnel ipsec_example policy 0 config b config vpn ipsec advanced Advanced Advan...

Page 584: ...er Guide 584 20 Save the configuration and apply the change config save Configuration saved 21 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 585: ...guration both tunnels are active simultaneously and there is minimal downtime due to failover l Identify the preferred tunnel during configuration of the backup tunnel In this scenario the backup tunnel is not active until the preferred tunnel fails IPsec failover using SureLink With this configuration when two IPsec tunnels are configured with the same local and remote endpoints but different met...

Page 586: ...1 endpoint É WebUI 1 Configure the primary IPsec tunnel See Configure an IPsec tunnel for instructions n During configuration of the IPsec tunnel set the metric to a low value for example 10 n Configure SureLink for the primary IPsec tunnel and enable Restart interface See Configure SureLink active recovery for IPsec for instructions 2 Create a backup IPsec tunnel Configure this tunnel to use the ...

Page 587: ...c to a value that is higher than the metric of the primary tunnel for example 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel metric 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel IPsec failover using Preferred tunnel É WebUI 1 Configure the primary IPsec tunnel See Configure an IPsec tunnel for instructions 2 Create a backup IPsec tunnel See Configure an IPsec tunnel for instructions 3...

Page 588: ...up tunnel See Configure IPsec failover for further information Required configuration items n A valid IPsec configuration See Configure an IPsec tunnel for configuration instructions n Enable IPsec active recovery n The behavior of the AnywhereUSB Plus device upon IPsec failure either l Restart the IPsec interface l Reboot the device Additional configuration items n The interval between connectivi...

Page 589: ...configure the device to restart the interface when its connection is considered to have failed This is useful for interfaces that may regain connectivity after restarting such as a cellular modem 8 For Reboot device enable to instruct the device to reboot when the WAN connection is considered to have failed 9 Change the Interval between connectivity tests Allowed values are any number of weeks day...

Page 590: ...in the Ping payload size n DNS test or DNS test IPv6 Tests connectivity by sending a DNS query to the specified DNS server n HTTP test HTTP test IPv6 Tests connectivity by sending an HTTP or HTTPS GET request to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this interface or Test DNS servers configured for this interface I...

Page 591: ... or edit an existing one n To create a new IPsec tunnel see Configure an IPsec tunnel n To edit an existing IPsec tunnel change to the IPsec tunnel s node in the configuration schema For example for an IPsec tunnel named ipsec_example change to the ipsec_ example node in the configuration schema config vpn ipsec tunnel ipsec_example config vpn ipsec tunnel ipsec_example 4 Enable active recovery co...

Page 592: ..._example Where value is either one or all 9 Set the number of probe attempts before the WAN is considered to have failed config vpn ipsec tunnel ipsec_example connection_monitor attempts num config vpn ipsec tunnel ipsec_example The default is 3 10 Set the amount of time that the device should wait for a response to a probe attempt before considering it to have failed config vpn ipsec tunnel ipsec...

Page 593: ...ng a DNS query to the specified DNS server l Specify the DNS server Allowed value is the IP address of the DNS server config vpn ipsec tunnel ipsec_example connection_monitor target 0 dns_server ip_address config vpn ipsec tunnel ipsec_example connection_monitor target 0 n dns_configured IPv4 or dns_configured6 IPv6 Tests connectivity by sending a DNS query to the DNS servers configured for this i...

Page 594: ...t is considered to have failed config vpn ipsec tunnel ipsec_example connection_monitor target 0 interface_timeout value config vpn ipsec tunnel ipsec_example connection_monitor target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interface_timeout to ten minutes enter either 10m or 600s config vpn ipsec tunnel ipsec_exa...

Page 595: ...ue up 192 168 2 1 vpn1 false pending 192 168 3 1 3 To display details about a specific tunnel show ipsec tunnel ipsec1 Tunnel ipsec1 Enable true Status pending Hostname 192 168 2 1 Zone ipsec Mode tunnel Type esp 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Debug an IPsec configur...

Page 596: ...tion menu Type quit to disconnect from the device This sets the IPsec debug level to 1 Use the interactive shell to set the IPsec debug level By using the interactive shell to set the debug level you can enable the AnywhereUSB Plus device to write additional debug messages to the system log The command accepts the following values to set the debug level n 1 Default No debug information is written ...

Page 597: ... configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure a Simple Certificate Enrollment Protocol client Simple Certificate Enrollment Protocol SCEP is a mechanism that allows for large scale X 509 certificate deployment You can configure AnywhereUSB Plus device to function as a SCEP client that will connect to a SCEP server that is used t...

Page 598: ... the number of days that the certificate enrollment can be renewed prior to the request expiring This value is configured on the SCEP server and is used by the AnywhereUSB Plus device to determine when to start attempting to auto renew an existing certificate The default is 7 7 Optional For CRL file name type the filename of the Certificate Revocation List CRL from the CA The CRL is stored on the ...

Page 599: ...ype admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a new SCEP client config add network scep_client scep_client_name config network scep_client scep_client_name 4 Enable the SCEP client config network scep_client scep_client_name enable true config network scep_client scep_client_name 5 Set the url parameter to the fully qualified do...

Page 600: ..._client_name d Set the Locality config network scep_client scep_client_name distinguished_name l value config network scep_client scep_client_name e Set the Organization config network scep_client scep_client_name distinguished_name o value config network scep_client scep_client_name f Set the Organizational Unit config network scep_client scep_client_name distinguished_name ou value config networ...

Page 601: ...disconnect from the device Example SCEP client configuration with Fortinet SCEP server In this example configuration we will configure the AnywhereUSB Plus device as a SCEP client that will connect to a Fortinet SCEP server Fortinet configuration On the Fortinet server 1 Enable ports for SCEP services a From the menu select Network Interfaces b Select the appopriate port and click Edit c For Acces...

Page 602: ...d Name DN attributes entered here must correspond to the Distinguished Name attributes configured for the SCEP client on the AnywhereUSB Plus device f For Renewal Allow renewal x days before the certified is expired type the number of days that the certificate enrollment can be renewed prior to the request expiring The Renewable Time setting on the AnywhereUSB Plus device must match the setting of...

Page 603: ... CA The filename of the CRL corresponds to the Certificate ID of the CA created on the Fortinet server for example fortinet_example_ca crl 8 Click to expand SCEP server 9 For FQDN type the fully qualified domain name or IP address of the Fortinet server 10 For Password type the challenge password This corresponds to the Default enrollment password on the Fortinet server 11 Click to expand Distingu...

Page 604: ...Virtual Private Networks VPN IPsec AnywhereUSB Plus User Guide 604 ...

Page 605: ...rtinet_SCEP_client server url https fortinet example com config network scep_client Fortinet_SCEP_client 6 Set the challenge password as configured on the SCEP server This corresponds to the Default enrollment password on the Fortinet server config network scep_client Fortinet_SCEP_client server password challenge_password config network scep_client Fortinet_SCEP_client 7 Set Distinguished Name at...

Page 606: ...he certificate enrollment can be renewed prior to the request expiring This value must match the setting of the Allow renewal x days before the certified is expired option on the Fortinet server config network scep_client Fortinet_SCEP_client renewable_time integer config network scep_client Fortinet_SCEP_client 9 Optional Set the filename of the Certificate Revocation List CRL from the CA The CRL...

Page 607: ...he OpenVPN server and other OpenVPN clients OpenVPN clients use Network Address Translation NAT to route traffic from devices connected on its LAN interfaces to the OpenVPN server The manner in which the IP subnets are defined depends on the OpenVPN topology in use The AnywhereUSB Plus device supports two types of OpenVPN topology OpenVPN Topology Subnet definition method net30 Each OpenVPN client...

Page 608: ... The AnywhereUSB Plus device creates an OpenVPN interface and uses standard interface configuration for example a standard DHCP server configuration l TAP Device only An alternate form of OpenVPN bridging mode in which the device rather than OpenVPN controls the interface configuration If this method is is the OpenVPN server must be included as a device in either an interface or a bridge n The fir...

Page 609: ...ic for the OpenVPN server n The range of IP addresses that the OpenVPN server will provide to clients n The TCP UDP port to use By default the AnywhereUSB Plus device uses port 1194 n Access control list configuration to restrict access to the OpenVPN server through the firewall n Additional OpenVPN parameters É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 ...

Page 610: ...enVPN server will use when providing IP addresses to clients The default is from 80 to 99 7 Optional Set the VPN port that the OpenVPN server will use The default is 1194 8 For Server managed certificates determine the method of certificate management If enabled the server will manage certificates If not enabled certificates must be created externally and added to the server 9 If Server managed ce...

Page 611: ... address or network that can access the device s service type Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the service type d Click g again to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the AnywhereUSB Plus de...

Page 612: ...ver name device_type value config vpn openvpn server name where value is one of n TUN OpenVPN managed Also known as routing mode Each OpenVPN client is assigned a different IP subnet from the OpenVPN server and other OpenVPN clients OpenVPN clients use Network Address Translation NAT to route traffic from devices connected on its LAN interfaces to the OpenVPN server n TAP OpenVPN managed Also know...

Page 613: ...s edge external internal ipsec loopback setup Current value config vpn openvpn server name c Optional Set the route metric for the OpenVPN server If multiple active routes match a destination the route with the lowest metric will be used config vpn openvpn server name metric value config vpn openvpn server name where value is an interger between 0 and 65535 The default is 0 d Optional Set the rang...

Page 614: ... server config vpn openvpn server name autogenerate false config vpn openvpn server name The default setting is false c If autogenerate is set to false i Set the authentication type config vpn openvpn server name authentication value config vpn openvpn server name where value is one of n cert Uses only certificates for client authentication Each client requires a public and private key n passwd Us...

Page 615: ...rver name add acl address end value config vpn openvpn server name Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the service type Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config vpn openvpn server...

Page 616: ...s based on firewall zones config vpn openvpn server name add acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config vpn openvpn server name firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists...

Page 617: ...aved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure an OpenVPN Authentication Group and User If username and password authentication is used for the OpenVPN server you must create an OpenVPN authentication group and user See Configure an OpenVPN server for information abo...

Page 618: ...the group for example OpenVPN_Group and click g The new authentication group configuration is displayed c Click OpenVPN access to enable OpenVPN access rights for users of this group d Click to expand the OpenVPN node e Click g to add a tunnel f For Tunnel select an OpenVPN tunnel to which users of this group will have access g Repeat to add additional OpenVPN tunnels ...

Page 619: ...a password for the user This password is used for local authentication of the user You can also configure the user to use RADIUS or TACACS authentication by configuring authentication methods See User authentication methods for information d Click to expand the Groups node e Click g to add a group to the user f Select a Group with OpenVPN access enabled 5 Click Apply to save the configuration and ...

Page 620: ...cess rights for users of this group config auth group OpenVPN_Group acl openvpn enable true 5 Add an OpenVPN tunnel to which users of this group will have access a Determine available tunnels config auth group OpenVPN_Group vpn openvpn server Servers A list of openvpn servers Additional Configuration OpenVPN_server1 OpenVPN server config auth group OpenVPN_Group b Add a tunnel config auth group Op...

Page 621: ... OpenVPN client n The login credentials for the OpenVPN client if configured on the OpenVPN server See Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Clic...

Page 622: ...ile paste the content of the client ovpn file 11 Click Apply to save the configuration and apply the change Command line 1 Log into the AnywhereUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config ...

Page 623: ... openvpn client name password value config vpn openvpn client name 7 Paste the content of the client ovpn file into the value of the config_file parameter config vpn openvpn client name config_file value config vpn openvpn client name 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be pre...

Page 624: ...or the OpenVPN client if configured on the OpenVPN server n Additional OpenVPN parameters See Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click VPN Ope...

Page 625: ...PN server IP type the IP address of the OpenVPN server 12 Optional Set the VPN port used by the OpenVPN server The default is 1194 13 Paste the contents of the CA certificate usually in a ca crt file the Public key for example client crt and the Private key for example client key into their respective fields The contents will be hidden when the configuration is saved 14 Optional Click to expand Ad...

Page 626: ... vpn openvpn client name enable false config vpn openvpn client name 4 The default behavior is to use an OVPN file for client configuration To disable this behavior and configure the client manually config vpn openvpn client name use_file false config vpn openvpn client name 5 Set the mode used by the OpenVPN server config vpn openvpn client name device_type value config vpn openvpn client name wh...

Page 627: ...ent name 10 Optional Set the port used by the OpenVPN server config vpn openvpn client name port port config vpn openvpn client name The default is 1194 11 Paste the contents of the CA certificate usually in a ca crt file into the value of the cacert parameter config vpn openvpn client name cacert value config vpn openvpn client name 12 Paste the contents of the public key for example client crt i...

Page 628: ...ient connections to determine if the connection has failed and take remedial action Required configuration items n A valid OpenVPN client configuration See Configure an OpenVPN client by using an ovpn file or Configure an OpenVPN client without using an ovpn file for configuration instructions n Enable OpenVPN active recovery n The behavior of the AnywhereUSB Plus device upon OpenVPN failure eithe...

Page 629: ...e OpenVPN client click Active recovery 6 Enable active recovery 7 For Restart interface enable to configure the device to restart the interface when its connection is considered to have failed This is useful for interfaces that may regain connectivity after restarting such as a cellular modem 8 For Reboot device enable to instruct the device to reboot when the WAN connection is considered to have ...

Page 630: ...Ping host You can also optionally change the number of bytes in the Ping payload size n DNS test or DNS test IPv6 Tests connectivity by sending a DNS query to the specified DNS server n HTTP test HTTP test IPv6 Tests connectivity by sending an HTTP or HTTPS GET request to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this ...

Page 631: ...tion mode config config 3 Create a new OpenVPN client or edit an existing one n To create a new OpenVPN client see Configure an OpenVPN client by using an ovpn file or Configure an OpenVPN client without using an ovpn file n To edit an existing OpenVPN client change to the OpenVPN client s node in the configuration schema For example for an OpenVPN client named openvpn_client1 change to the openvp...

Page 632: ...ased on the failure of one of the test targets or all of the test targets config vpn openvpn client openvpn_client1 connection_monitor success_ condition value config vpn openvpn client openvpn_client1 Where value is either one or all 9 Set the number of probe attempts before the WAN is considered to have failed config vpn openvpn client openvpn_client1 connection_monitor attempts num config vpn o...

Page 633: ...nitor target 0 l Optional Set the size in bytes of the ping packet by using ping_size or ping_ size6 config vpn openvpn client openvpn_client1 connection_monitor target 0 ping_size num config vpn openvpn client openvpn_client1 connection_monitor target 0 n dns IPv4 or dns6 IPv6 Tests connectivity by sending a DNS query to the specified DNS server l Specify the DNS server Allowed value is the IP ad...

Page 634: ...her 10m or 600s config vpn openvpn client openvpn_client1 connection_monitor target 0 interface_down_time 600s config vpn openvpn client openvpn_client1 connection_monitor target 0 The default is 60 seconds l Optional Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed config vpn openvpn client openvpn_client1 connection_monitor t...

Page 635: ... the configuration icon in the upper right of the OpenVPN server s status pane Command line 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 To display details about all configured OpenVPN servers type the following at the prompt show openvpn server...

Page 636: ...the configuration icon in the upper right of the OpenVPN client s status pane Command line 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 To display details about all configured OpenVPN clients type the following at the prompt show openvpn client ...

Page 637: ...reUSB Plus User Guide 637 Use File true Metric 0 Protocol udp Port 1194 Type tun 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 638: ... GRE tunnel The GRE tunnels are enabled by default l The local endpoint interface l The IP address of the remote device peer Additional configuration items n A GRE key n Enable the device to respond to keepalive packets Task One Create a GRE loopback endpoint interface É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configurati...

Page 639: ...d network interface gre_interface config network interface gre_interface 4 Set the interface zone to internal config network interface gre_interface zone internal config network interface gre_interface 5 Set the interface device to loopback config network interface gre_interface device network device loopback config network interface gre_interface 6 Set the IP address and subnet mask of the local ...

Page 640: ...f the GRE endpoint on the remote peer 8 Optional For Key enter a key that will be inserted in GRE packets created by this tunnel It must match the key set by the remote endpoint Allowed value is an interger between 0 and 4294967295 or an IP address 9 Optional Enable keepalive reply to enable the device to reply to Cisco GRE keepalive packets 10 Click Apply to save the configuration and apply the c...

Page 641: ...fig vpn iptunnel gre_example 6 Optional Set a key that will be inserted in GRE packets created by this tunnel The key must match the key set by the remote endpoint config vpn iptunnel gre_example key value config vpn iptunnel gre_example where value is an interger between 0 and 4294967295 or an IP address 7 Optional Enable the device to reply to Cisco GRE keepalive packets config vpn iptunnel gre_...

Page 642: ...ew information about currently configured GRE tunnels É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 On the menu click Status IP tunnels The IP Tunnelspage appears 3 To view configuration details about a GRE tunnel click the configuration icon in the upper right of the tunnel s status pane ...

Page 643: ...b Device set to Ethernet Loopback c IPv4 Address set to the IP address of the local GRE tunnel 172 30 0 1 32 3 Create a GRE tunnel named gre_tunnel1 a Local endpoint set to the IPsec endpoint interface Interface ipsec_endpoint1 b Remote endpoint set to the IP address of the GRE tunnel on AnywhereUSB Plus 2 172 30 0 2 4 Create an interface named gre_interface1 and add it to the GRE tunnel a Zone se...

Page 644: ...Pv4 Address set to a virtual IP address on the GRE tunnel 172 31 1 1 30 Configuration procedures Configure the AnywhereUSB Plus 1 device Task one Create an IPsec tunnel É WebUI 1 Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click VPN IPsec Tunnels 4 For A...

Page 645: ...eUSB Plus command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add an IPsec tunnel named ipsec_gre1 config add vpn ipsec tunnel ipsec_gre1 config vpn ipsec tunnel ipsec_gre1 4 Set the pre shared ke...

Page 646: ...licy 0 8 Set the local network address to the IP address and subnet of the local GRE tunnel 172 30 0 1 32 config vpn ipsec tunnel ipsec_gre1 policy 0 local custom 172 30 0 1 32 config vpn ipsec tunnel ipsec_gre1 policy 0 9 Set the remote network address to the IP address and subnet of the remote GRE tunnel 172 30 0 2 32 config vpn ipsec tunnel ipsec_gre1 policy 0 remote network 172 30 0 2 32 confi...

Page 647: ...dpoint interface É WebUI 1 Click Network Interface 2 For Add Interface type ipsec_endpoint1 and click g 3 For Zone select Internal 4 For Device select Ethernet loopback 5 Click to expand IPv4 6 For Address type the IP address of the local GRE tunnel 172 30 0 1 32 7 Click Apply to save the configuration and apply the change ...

Page 648: ... ipsec_endpoint1 device network device loopback config network interface ipsec_endpoint1 5 Set the IPv4 address to the IP address of the local GRE tunnel 172 30 0 1 32 config network interface ipsec_endpoint1 ipv4 address 172 30 0 1 32 config network interface ipsec_endpoint1 6 Save the configuration and apply the change config vpn ipsec tunnel ipsec_endpoint1 policy 0 save Configuration saved Tas...

Page 649: ...ig vpn iptunnel gre_tunnel1 3 Set the local endpoint to the IPsec endpoint interface created in Task two network interface ipsec_endpoint1 config vpn iptunnel gre_tunnel1 local network interface ipsec_ endpoint1 config vpn iptunnel gre_tunnel1 4 Set the remote endpoint to the IP address of the GRE tunnel on AnywhereUSB Plus 2 172 30 0 2 config vpn iptunnel gre_tunnel1 remote 172 30 0 2 config vpn ...

Page 650: ...É WebUI 1 Click Network Interfaces 2 For Add Interface type gre_interface1 and click g 3 For Zone select Internal 4 For Device select the GRE tunnel created in Task three IP tunnel gre_tunnel1 5 Click to expand IPv4 6 For Address type 172 31 0 1 30 for a virtual IP address on the GRE tunnel 7 Click Apply to save the configuration and apply the change ...

Page 651: ...1 config network interface gre_interface1 5 Set 172 31 0 1 30 as the virtual IP address on the GRE tunnel config network interface gre_interface1 ipv4 address 172 31 0 1 30 config network interface gre_interface1 6 Save the configuration and apply the change config network interface gre_interface1 save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you...

Page 652: ...ck to expand Remote endpoint 8 For Hostname type public IP address of the AnywhereUSB Plus 1 device 9 Click to expand Policies 10 For Add Policy click g to add a new policy 11 Click to expand Local network 12 For Type select Custom network 13 For Address type the IP address and subnet of the local GRE tunnel 172 30 0 2 32 14 For Remote network type the IP address and subnet of the remote GRE tunne...

Page 653: ... 1 device config vpn ipsec tunnel ipsec_gre2 remote hostname 192 168 100 1 config vpn ipsec tunnel ipsec_gre2 6 Add a policy config vpn ipsec tunnel ipsec_gre2 add policy end config vpn ipsec tunnel ipsec_gre2 policy 0 7 Set the local network policy type to custom config vpn ipsec tunnel ipsec_gre2 policy 0 local type custom config vpn ipsec tunnel ipsec_gre2 policy 0 8 Set the local network addre...

Page 654: ...face type ipsec_endpoint2 and click g 3 For Zone select Internal 4 For Device select Ethernet loopback 5 Click to expand IPv4 6 For Address type the IP address of the local GRE tunnel 172 30 0 2 32 7 Click Apply to save the configuration and apply the change Command line 1 At the command line type config to enter configuration mode config config ...

Page 655: ...e ipsec_endpoint2 5 Set the IPv4 address to the IP address of the local GRE tunnel 172 30 0 2 32 config network interface ipsec_endpoint2 ipv4 address 172 30 0 2 32 config network interface ipsec_endpoint2 6 Save the configuration and apply the change config vpn ipsec tunnel ipsec_endpoint2 save Configuration saved Task three Create a GRE tunnel É WebUI 1 Click VPN IP Tunnels 2 For Add IP Tunnel t...

Page 656: ...wo network interface ipsec_endpoint2 config vpn iptunnel gre_tunnel2 local network interface ipsec_ endpoint2 config vpn iptunnel gre_tunnel2 4 Set the remote endpoint to the IP address of the GRE tunnel on AnywhereUSB Plus 1 172 30 0 1 config vpn iptunnel gre_tunnel2 remote 172 30 0 1 config vpn iptunnel gre_tunnel2 5 Save the configuration and apply the change config vpn iptunnel gre_tunnel2 sav...

Page 657: ...apply the change Command line 1 At the command line type config to enter configuration mode config config 2 Add an interface named gre_interface2 config add network interface gre_interface2 config network interface gre_interface2 3 Set the zone to internal config network interface gre_interface2 zone internal config network interface gre_interface2 4 Set the device to the GRE tunnel created in Tas...

Page 658: ...unnel between the home agent on the mobile private network and the AnywhereUSB Plus device isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management Dynamic Mobile Network Routing DMNR is the implementation of NEMO for Verizon Wireless Private Networks DMNR support requires the use of Verizon SIM cards that have DMNR enabled C...

Page 659: ...fault To disable click to toggle off Enable 4 For Home IP address type the IPv4 address of the NEMO virtual network interface 5 For Zone select the firewall zone for the NEMO tunnel 6 For Home agent server IP address type the IPv4 address of the NEMO home agent This is provided by your cellular carrier 7 For Key type the key used to authenticate to the home agent This is provided by your cellular ...

Page 660: ...ed specify the local network interface The default is Default route 13 Click to expand Local networks a For Add Interface click g to add a local network to use as a virtual NEMO network interface b For Interface select the local interface to use as a virtual NEMO network interface Generally this will be the a Local Area Network LAN c Optional Repeat for additional interfaces 14 Click Apply to save...

Page 661: ...r config vpn nemo nemo_example lifetime integer config vpn nemo nemo_example Allowed values are any integer between 1 and 65535 8 MTU discovery is enabled by default which allows the device to determine the maximum transmission unit MTU size To disable config vpn nemo nemo_example mtu_discovery false config vpn nemo nemo_example If disabled set the MTU size The default MTU size for LANs on the Any...

Page 662: ...psec loopback setup Current value config vpn nemo nemo_example zone 11 Configure the Care of Address the local WAN interface of the internet facing network a Set the method to determine the Care of Address config vpn nemo nemo_example coaddress type value config vpn nemo nemo_example where value is one of n defaultroute Uses the same network interface as the default route n interface If interface ...

Page 663: ..._example where value is one of n defaultroute Uses the same network interface as the default route n interface If interface is used set the interface i Use the to determine available interfaces config vpn nemo nemo_example tun_local interface Interface The network interface to use to communicate with the peer Set this field to blank if using the default route Format defaultip defaultlinklocal eth1...

Page 664: ...the AnywhereUSB Plus WebUI as a user with Admin access 2 On the menu select Status NEMO The NEMO page appears 3 To view configuration details about an NEMO tunnel click the configuration icon in the upper right of the tunnel s status pane Command line 1 Log into the AnywhereUSB Plus command line as a user with Admin access Depending on your device configuration you may be presented with an Access ...

Page 665: ...L2TPv3 Your AnywhereUSB Plus device supports Layer 2 Tunnelling Protocol Version 3 L2TPv3 static unmanaged Ethernet tunnels Configure an L2TPv3 tunnel Your AnywhereUSB Plus device supports Layer 2 Tunnelling Protocol Version 3 L2TPv3 static unmanaged Ethernet tunnels Required configuration items n A name for the L2TPv3 tunnel n Enable the tunnel n The remote endpoint IP address n The local endpoin...

Page 666: ... port type the number of the destination UDP port to be used for the tunnel c Optional Click to enable UDP checksum to calculate and check the UDP checksum 10 Click to expand Sessions a For Add Sesssion type a name for a session carried by the parent tunnel and click g b For Session ID type the session identifier for this session This must match the value for Peer session ID on the remote peer All...

Page 667: ... named L2TPv3_example config add vpn l2tpv3 L2TPv3_example config vpn l2tpeth L2TPv3_example The tunnel is enabled by default To disable config vpn l2tpeth L2TPv3_example enable false config vpn l2tpeth L2TPv3_example 4 Set the IPv4 address of the remote endpoint config vpn l2tpeth L2TPv3_example remote IP_address config vpn l2tpeth L2TPv3_example 5 Set the interface of the local endpoint i Use th...

Page 668: ..._example where value is either udp or ip The default is upd If udp is set a Set the source UDP port to be used for the tunnel config vpn l2tpeth L2TPv3_example udp_source_port port config vpn l2tpeth L2TPv3_example b Set the destination UDP port to be used for the tunnel config vpn l2tpeth L2TPv3_example udp_destination_port port config vpn l2tpeth L2TPv3_example c Optional To calculate and check ...

Page 669: ...s configured on the remote peer config vpn l2tpeth L2TPv3_example session_example l2spec_type value config vpn l2tpeth L2TPv3_example session_example where value is either none or default The default is default 15 Set the sequence number control to prevent or detect out of order packets config vpn l2tpeth L2TPv3_example session_example seq value config vpn l2tpeth L2TPv3_example session_example wh...

Page 670: ...ess the Admin CLI 2 To display details about all configured L2TPv3 Ethernet tunnels type the following at the prompt show l2tpeth Tunnel Session Enabled Device Status test session test true le_test_test up 3 To display details about a specific tunnel show l2tpeth name vpn l2tpeth test session test test session test Tunnel Session Status Enabled true Status up Local IP 4 3 2 1 Remote IP 10 10 10 1 ...

Page 671: ...eb interface 673 Display help for commands and parameters 674 Auto complete commands and parameters 676 Available commands 677 Use the scp command 678 Display status and statistics using the show command 679 Device configuration using the command line interface 680 Execute configuration commands at the root Admin CLI prompt 681 Configuration mode 682 Command line reference 695 AnywhereUSB Plus Use...

Page 672: ...ation service n SSH Configure SSH access Log in to the command line interface Command line 1 Connect to the AnywhereUSB Plus device by using a serial connection SSH or the Terminal in the WebUI or the Console in the Digi Remote Manager See Access the command line interface for more information n For serial connections the default configuration is l 115200 baud rate l 8 data bits l no parity l 1 st...

Page 673: ...d prompt type exit exit 2 Depending on the device configuration you may be presented with another menu for example Access selection menu a Admin CLI 1 Serial port1 9600 8 1 none none q Quit Select access or quit admin Type q or quit to exit Execute a command from the web interface 1 Log into the AnywhereUSB Plus WebUI as a user with Admin access 2 At the main menu click Terminal The device console...

Page 674: ...d command is found Ctrl A Move cursor to start of line Ctrl E Move cursor to end of line Ctrl W Delete word under cursor until start of line or Ctrl R If the current input is invalid then characters will be deleted until a prefix for a valid command is found Ctrl left Jump cursor left until start of line or Ctrl right Jump cursor right until start of line or The question mark command When executed...

Page 675: ...ommand type either show or show help show Commands arp Show ARP tables cloud Show drm statistics config Show config deltas dhcp lease Show DHCP leases dns Show DNS servers event Show event list ipsec Show IPsec statistics location Show loction information log Show syslog manufacture Show manufacturer information modem Show modem statistics network Show network interface statistics ntp Show NTP inf...

Page 676: ...ossible Typing the space bar has similar behavior If multiple commands are available that will match the entered text auto complete is not performed and the available commands are displayed instead Auto complete applies to these command elements only n Command names For example typing net Tab auto completes the command as network n Parameter names For example l ping hostname int Tab auto completes...

Page 677: ...nformation about the help command ls Lists the contents of a directory mkdir Creates a directory modem Executes modem commands more Displays the contents of a file mv Moves a file or directory ping Pings a remote host using Internet Control Message Protocol ICMP Echo Request messages reboot Reboots the AnywhereUSB Plus device rm Removes a file scp Uses the secure copy protocol SCP to transfer file...

Page 678: ... Plus device where the file will be copied l If the file is being copied to a remote host from the AnywhereUSB Plus device o The path and filename of the file on the AnywhereUSB Plus device that will be copied to the remote host o The location on the remote host where the file will be copied Copy a file from a remote host to the AnywhereUSB Plus device To copy a file from a remote host to the Anyw...

Page 679: ...local var log support report 00 40 D0 13 35 36 21 09 13 8 04 23 bin to remote admin 192 168 4 1 s password adminpwd support report 0040D0133536 21 09 13 8 04 23 bin Display status and statistics using the show command The AnywhereUSB Plus show command display status and statistics for various features For example show config The show config command displays all the configuration settings for the d...

Page 680: ... command displays status and statistics for network interfaces show network Interface Proto Status Address defaultip IPv4 up 192 168 210 1 24 defaultlinklocal IPv4 up 169 254 100 100 16 lan IPv4 up 192 168 2 1 lan IPv6 up 0 0 0 0 0 ffff c0a8 301 loopback IPv4 up 127 0 0 1 8 wan IPv4 up 192 168 3 1 24 wan IPv6 up fd00 2704 240 ffff fe80 120 64 Device configuration using the command line interface T...

Page 681: ...t be performed This includes validating configuration changes canceling and reverting configuration changes and performing actions on elements in lists See Configuration mode for information about using configuration mode Display help for the config command from the root Admin CLI prompt Display additional configuration commands as well as available parameters and values by entering the question m...

Page 682: ...Parameters Current Value enable true Enable key private Private key port 22 Port Additional Configuration acl Access control list mdns config service ssh 4 Lastly display the allowed values and other information for the enable parameter config service ssh enable Enable Enable the service Format true false yes no 1 0 Default value true Current value true config service ssh enable Configuration mode...

Page 683: ...n Execute commands by moving through the configuration schema For example to disable the ssh service by moving through the configuration and then executing the enable false command 1 At the config prompt enter service to move to the service node config service config service 2 Enter ssh to move to the ssh node config service ssh config service ssh 3 Enter enable false to disable the ssh service co...

Page 684: ...nges and to manage items and elements in lists The commands can be listed by entering a question mark at the config prompt The following actions are available Configuration actions Description cancel Discards unsaved configuration changes and exits configuration mode save Saves configuration changes and exits configuration mode validate Validates configuration changes revert Reverts the configurat...

Page 685: ...entication cloud Central management firewall Firewall monitoring Monitoring network Network serial Serial service Services system System vpn VPN config 2 You can then display help for the additional configuration commands For example to display help for the config service command use one of the following methods n At the config prompt enter service config service n At the config prompt a Enter ser...

Page 686: ...rompt enter service ssh config service ssh n At the config prompt a Enter service to move to the service node config service config service b Enter ssh to move to the ssh node config service ssh config service ssh c Enter to display help for the ssh node config service ssh Either of these methods will display the following information config service ssh SSH An SSH server for managing the device Pa...

Page 687: ...lay help for the enable parameter config service ssh enable config service ssh Either of these methods will display the following information config service ssh enable Enable Enable the service Format true false yes no 1 0 Default value true Current value true config service ssh enable Move within the configuration schema You can perform configuration tasks at the CLI by moving within the configur...

Page 688: ... service n Move to the root of the config prompt from anywhere within the configuration by entering three periods config service ssh acl zone config Manage elements in lists While in configuration mode you can use the add del and move action commands to manage elements in a list When working with lists these actions require an index number to identify the list item that will be acted on Add elemen...

Page 689: ... command to verify that the user is not currently a member of any groups config show auth user new user group config 2 Use the end keyword to add the admin group to the user s configuration config add auth user new user group end admin config 3 Use the show command again to verify that the admin group has been added to the user s configuration config show auth user new user group 0 admin config De...

Page 690: ...ion first to authenticate a user use the move index_number_1 index_number_2 command config move auth method 1 0 config 3 Use the show command again to verify the change config show auth method 0 tacacs 1 local 2 radius config The revert command The revert command is used to revert changes to the AnywhereUSB Plus device s configuration and restore default configuration settings The behavior of the ...

Page 691: ...u Type quit to disconnect from the device Revert a subset of configuration changes to the default settings There are two methods to revert a subset of configuration changes to the default settings n Enter the revert command with the path parameter For example to revert all changes to the authentication methods configuration 1 Enter the revert command with the path set to auth method config revert ...

Page 692: ...ion saved 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Enter strings in configuration commands For string parameters if the string value contains a space the value must be enclosed in quotation marks For example to assign a descriptive name for the device using the system command ...

Page 693: ...onfiguration a At the config prompt enter auth to move to the auth node config auth config auth b Enter user to move to the user node config auth user config auth user c Create a new user with the username user1 config auth user add user1 config auth user user1 4 Configure a password for the user config auth user user1 password pwd1 config auth user user1 5 List available authentication groups con...

Page 694: ...ue ports 0 port1 shell enable false config auth user user1 6 Add the user to the admin group config auth user user1 add group end admin config auth user user1 7 Save the configuration and apply the change config auth user user1 save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect...

Page 695: ...8 help 699 ls 700 mkdir 701 modem 702 monitoring 709 more 710 mv 711 ping 712 reboot 714 rm 715 scp 716 show 717 speedtest 724 ssh 724 system 726 traceroute 731 config service anywhereusb enable 734 config service anywhereusb port 735 config service anywhereusb groups 736 config service anywhereusb clients 738 USEALLHUBADDRS 739 ...

Page 696: ...Parameters filename The filename to save captured traffic to The file will be saved to the device s etc config analyzer directory Syntax STRING name Name of the capture filter to use Syntax STRING analyzer start name STRING Start a capture session of packets on this devices interfaces Parameters name Name of the capture filter to use Syntax STRING analyzer stop name STRING Stops the traffic captur...

Page 697: ...ip address ADDRESS Clear the DHCP lease for an IP address Parameters ADDRESS An IPv4 or IPv6 address Required clear dhcp lease mac ADDRESS Clear the DHCP lease for a MAC address Parameters ADDRESS 12 digit colon delimited MAC address 00 11 22 AA BB CC Required clear dhcp lease all Clear all dynamic DHCP leases Parameters None ...

Page 698: ...RCE DESTINATION Copy a file or directory Parameters source The source file or directory to copy Syntax STRING destination The destination path to copy the source file or directory to Syntax STRING force Do not ask to overwrite the destination file if it exists Syntax BOOLEAN Default False Optional True ...

Page 699: ...Command line interface Command line reference AnywhereUSB Plus User Guide 699 help Show CLI editing and navigation commands Parameters None ...

Page 700: ...r Guide 700 ls Directory listing command ls show hidden PATH List a directory Parameters path List files and directories under this path Syntax STRING show hidden Show hidden files and directories Hidden filenames begin with Syntax BOOLEAN Default False Optional True ...

Page 701: ...d line interface Command line reference AnywhereUSB Plus User Guide 701 mkdir mkdir PATH Create a directory Parent directories are created as needed Parameters path The directory path to create Syntax STRING ...

Page 702: ...x STRING Optional True modem at interactive imei STRING name STRING Start an AT command session on the modem s AT serial port Parameters imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True modem firmware Commands for interacting with cellular modem firmware See Update ...

Page 703: ...The IMEI of the modem to execute this CLI command on Optional True Type string name The configured name of the modem to execute this CLI command on Optional True Ref network modem Type string firmware ota Commands for performing FOTA firmware over the air interactions with cellular modem ota check imei STRING name STRING Query the Digi firmware server for the latest remote modem firmware version P...

Page 704: ...dem will be updated to the latest modem firmware image unless a specific firmware version is specified Parameters imei The IMEI of the modem to execute this CLI command on Optional True Type string name The configured name of the modem to execute this CLI command on Optional True Ref network modem Type string version Firmware version name Optional True Type string firmware update imei STRING name ...

Page 705: ...IN code Warning Attempting to use an incorrect PIN code may PUK lock the SIM Parameters old pin The SIM s PIN code Syntax STRING new pin The PIN code to change to Syntax STRING imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True pin disable imei STRING name STRING PIN ...

Page 706: ...se an incorrect PIN code may PUK lock the SIM Parameters pin The SIM s PIN code Syntax STRING imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True pin status imei STRING name STRING Print the PIN lock status and the number of PIN enable disable unlock attempts remaining...

Page 707: ...ute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True modem puk PUK commands modem puk status imei STRING name STRING Print the PUK status and the number of PUK unlock attempts remaining Parameters imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured n...

Page 708: ...as stopped responding to the network or is behaving inconsistently Parameters imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True modem scan imeiSTRING nameSTRING imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured ...

Page 709: ...ute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True monitoring Commands to clear the device s status or systems monitoring metrics Device metrics commands uplaod Immediately upload current device health metrics Functions as if a scheduled upload was triggered Parameters None ...

Page 710: ...Command line interface Command line reference AnywhereUSB Plus User Guide 710 more path The file to view Syntax STRING ...

Page 711: ...irectory mv force SOURCE DESTINATION Parameters source The source file or directory to move Syntax STRING destination The destination path to move the source file or directory to Syntax STRING force Do not ask to overwrite the destination file if it exists Syntax BOOLEAN Default False Optional True ...

Page 712: ...g functionality Syntax BOOLEAN Default False Optional True count The number of ICMP ping requests to send before terminating Syntax INT Minimum 1 Default 100 interface The network interface to send ping packets from when the host is reachable over a default route If not specified the system s primary default route will be used Syntax STRING Optional True ipv6 If a hostname is defined as the value ...

Page 713: ...ference AnywhereUSB Plus User Guide 713 source The ping command will send a packet with the source address set to the IP address of this interface rather than the address of the interface the packet is sent from Syntax STRING Optional True ...

Page 714: ...Command line interface Command line reference AnywhereUSB Plus User Guide 714 reboot Reboot the system Parameters None ...

Page 715: ...line reference AnywhereUSB Plus User Guide 715 rm Remove a file or directory rm force PATH Parameters path The path to remove Syntax STRING force Force the file to be removed without asking Syntax BOOLEAN Default False Optional True ...

Page 716: ...t Syntax STRING local The file to copy to or from on the local device Syntax STRING port The SSH port to use to connect to the remote host Syntax INT Maximum 65535 Minimum 1 Default 22 remote The file to copy to or from on the remote host Syntax STRING to Copy the file from the local device to the remote host or from the remote host to the local device Syntax remote local user The username to use ...

Page 717: ... IPv4 IPV6 will be displayed Parameters ipv4 Display IPv4 routes If no IP version is specififed IPv4 and IPV6 will be displayed Syntax BOOLEAN Default False Optional True ipv6 Display IPv6 routes If no IP version is specififed IPv4 and IPV6 will be displayed Syntax BOOLEAN Default False Optional True verbose Display more information less concise more detail Syntax BOOLEAN Default False Optional Tr...

Page 718: ...e more detail Syntax BOOLEAN Default False Optional True show dns Show DNS servers and associated domains show event number INTEGER table STRING Show event list high level Parameters number Number of lines to retrieve from log Syntax INT Minimum 1 Default 20 table Type of event log to be displayed status error info Syntax status error info Optional True show hotspot ip STRING name STRING Show hots...

Page 719: ...c tunnel Syntax STRING Optional True verbose Display status of one or all tunnels in plain text Syntax BOOLEAN Default False Optional True show location geofence Show location information Parameters geofence Shows the status of any configured geofences show log filter STRING number INTEGER Show system log low level Parameters filter Filters for type of log message displayed critical warning info d...

Page 720: ...ation less concise more detail Syntax BOOLEAN Default False Optional True show modem verbose imei STRING name STRING Show modem status and statistics Parameters imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True verbose Display more information less concise more detai...

Page 721: ...ace Display more details and config data for a specific network interface Syntax STRING Optional True verbose Display more information less concise more detail Syntax BOOLEAN Default False Optional True show ntp Show NTP status and statistics show openvpn Show OpenVPN status and statistics openvpn client all name STRING Show OpenVPN client status statistics Parameters all Display all clients inclu...

Page 722: ...ional True name Display more details and config data for a specific OpenVPN server Syntax STRING Optional True show route ipv4 ipv6 verbose Show IP routing information Parameters ipv4 Display IPv4 routes Syntax BOOLEAN Default False Optional True ipv6 Display IPv6 routes Syntax BOOLEAN Default False Optional True verbose Display more information less concise more detail Syntax BOOLEAN Default Fals...

Page 723: ...em status and statistics Parameters verbose Display more information disk usage etc Syntax BOOLEAN Default False Optional True show usb Show USB information Parameters None show version verbose Show firmware version Parameters verbose Display more information build date Syntax BOOLEAN Default False Optional True show vrrp all verbose name STRING Show VRRP status and statistics Parameters all Displ...

Page 724: ... or iPerf The system s primary default route will be used The speed test will take approximately 30 seconds to complete Syntax speedtest HOST mode iperf nuttcp output json text size INTEGER Parameters HOST The name or address of the remote host Required mode Speed test mode Default nuttcp output Output format Default text size The speed test packet size in kilobytes Default 1000 ssh Use SSH protoc...

Page 725: ...e hostname or IP address of the remote host Syntax hostname IPv4_address IPv6_address Type string port The SSH port to use to connect to the remote host Default 22 Maximum 65535 Minimum 1 Syntax Integer Type integer user The username to use when connecting to the remote host Type string ...

Page 726: ...file type The type of backup file to create Default archive system disable cryptography Erase the device s configuration and reboot into a limited mode with no cryptography available The device s shell will be accessible over Telnet port 23 at IP address 192 168 210 1 To return the device to normal operation perform the configuration erase procedure with the device s ERASE button twice consecutive...

Page 727: ...m firmware ota Commands for performing FOTA firmware over the air interactions system firmware ota check Query the Digi firmware server for the latest device firmware version Syntax system firmware ota check Parameters None system firmware ota list Query the Digi firmware server for a list of device firmware versions Syntax system firmware ota list Parameters None system firmware ota update Perfor...

Page 728: ...e backup file Required passphrase Decrypt the archive with a passphrase system script start Run an enabled manual script Syntax system script start SCRIPT Parameters SCRIPT Script to start Required system script stop Stop an active running script Scripts scheduled to run again will still run again disable a script to prevent it from running again Syntax system script stop SCRIPT Parameters SCRIPT ...

Page 729: ...irectory Required system serial show Displays the serial log on the screen Syntax system serial show PORT Parameters PORT Serial port Required system serial start Start logging data on a serial port Syntax system serial start PORT size Parameters PORT Serial port Required size Maximum log size Default 65536 system serial stop Stop logging data on a serial port Syntax system serial stop PORT Parame...

Page 730: ...onfig setting Syntax system time set DATETIME Parameters DATETIME The date in year month day hour minute second format e g 2021 09 26 12 24 48 Required system time sync Perform a NTP query to the configured server s and set the local time to the first server that responds Syntax system time sync Parameters None system time test Test the configured NTP server s for connectivity This test will not a...

Page 731: ...e normal routing tables and send directly to a host on an attached network Syntax BOOLEAN Default False Optional True debug Enable socket level debugging Syntax BOOLEAN Default False Optional True dontfragment Do not fragment probe packets Syntax BOOLEAN Default False Optional True first_ttl Specifies with what TTL to start Syntax INT Minimum 1 Default 1 gateway Tells traceroute to add an IP sourc...

Page 732: ...True max_ttl Specifies the maximum number of hops max time to live value traceroute will probe Syntax INT Minimum 1 Default 30 nomap Do not try to map IP addresses to host names when displaying them Syntax BOOLEAN Default False Optional True nqueries Sets the number of probe packets per hop A value of 1 indicated Syntax INT Minimum 1 Default 3 packetlen Total size of the probing packet Default 60 ...

Page 733: ... of the interfaces By default the address of the outgoing interface is used Syntax STRING Optional True tos For IPv4 set the Type of Service ToS and Precedence value Useful values are 16 low delay and 8 high throughput Note that in order to use some TOS precedence values you have to be super user For IPv6 set the Traffic Control value A value of 1 specifies that no value will be used Syntax INT Mi...

Page 734: ...mmand line reference AnywhereUSB Plus User Guide 734 config service anywhereusb enable config service anywhereusb enable true false Allow remote access to USB devices connected to this server The default TCP Port value is 18574 ...

Page 735: ...ser Guide 735 config service anywhereusb port config service anywhereusb port 1 65535 Specify the port number that is used to access the Hub The default value is 18574 If you change the port number you must also change the corresponding port number on your computer ...

Page 736: ... config service anywhereusb groups option Options group 01 24 description string Enter a name for the group Replace string with the group name You must have double quotes around the name group 01 24 ports 0 23 1 24 Specify group number to change and a single port or a range of ports to assign to this group Note Ports can only be assigned to one group at a time If a port is assigned to a new group ...

Page 737: ...el service anywhereusb groups group01 ports 1 config del service anywhereusb groups group01 ports 2 Add a port to the first available index number Add port 1 to the first available index number config add service anywhereusb groups group01 ports end 1 Reassign ports based on the port s index number In this example one port is defined in the group port 2 occupying index position 0 config show servi...

Page 738: ...ps 0 23 group01 24 Specify the groups this client ID can access Examples You must be in configuration mode to use these commands Show a list of clients This command shows the client description the groups assigned to the client and the client ID for each client config config show service anywhereusb clients 0 description Client description groups 0 group01 1 group02 id Client_ID Add a new client A...

Page 739: ...eUSB Manager but in many network environments the Manager cannot connect to them As part of normal operation the Manager tries to sequentially connect to all of the Hub IP addresses so if it starts trying these extra default IP addresses it may take extra time minutes for the Manager to connect or reconnect By default this option is deselected and the Manager does not attempt to connect to these a...

Page 740: ...nager help to display a list of the available commands Get a device or group address or a Hub name For some CLI commands you will need to provide a device address a group address or a Hub name You can use the list command to get that information See the list command for examples Create a new client ID from the CLI You can create a new client ID from the CLI by adding a new client assigning a clien...

Page 741: ...ervice anywhereusb clients add end config service anywhereusb clients 0 id client1 config service anywhereusb clients 0 descripton lab computer config service anywhereusb clients 0 groups config service anywhereusb clients 0 groups add end group01 config service anywhereusb clients 0 groups add end group02 config service anywhereusb clients 0 groups save Configuration saved ...

Page 742: ...lable devices AW02 000001 AW02 000001 local 18574 Group 2 AW02 000001 2 Group 1 AW02 000001 1 In use by you U3 Cruzer Micro AW02 000001 1101 means Autoconnect enabled means Autoconnect inherited Auto Find enabled Autoconnect All disabled AnywhereUSB Manager not running as a service Run the autoconnect clear all command awusbmanager autoconnect clear all Run the list command again to verify that th...

Page 743: ...r a group is the name of the Hub appended by the number of the group In this example the auto connect feature will be disabled for Group 1 so the group name is highlighted below AnywhereUSB Manager below are the available devices AW02 000001 AW02 000001 local 18574 Group 2 AW02 000001 2 Group 1 AW02 000001 1 In use by you U3 Cruzer Micro AW02 000001 1101 In use by you means Autoconnect enabled mea...

Page 744: ... User Guide 744 AW02 000001 AW02 000001 local 18574 Group 2 AW02 000001 2 Group 1 AW02 000001 1 In use by you U3 Cruzer Micro AW02 000001 1101 In use by you means Autoconnect enabled means Autoconnect inherited Auto Find enabled Autoconnect All disabled AnywhereUSB Manager not running as a service ...

Page 745: ...re Examples Run the list command to verify the current state of the auto connect feature for a group and to determine the address for a group In this example Group 2 has the auto connect feature enabled so an asterisk displays next to the group name The auto connect feature is not enabled for Group 1 so an asterisk does not display The address for a group is the name of the Hub appended by the num...

Page 746: ...below are the available devices AW02 000001 AW02 000001 local 18574 Group 2 AW02 000001 2 In use by you Group 1 AW02 000001 1 In use by you U3 Cruzer Micro AW02 000001 1101 In use by you means Autoconnect enabled means Autoconnect inherited Auto Find enabled Autoconnect All disabled AnywhereUSB Manager not running as a service ...

Page 747: ...ot required n off Disables the autofind feature When disabled Hubs are not automatically found when AnywhereUSB Manager launches In this case you must manually add the Hubs to which you want to connect to the known Hubs list This option is not required Examples Run the list command to verify the status of the autofind feature In this example the autofind feature is enabled AnywhereUSB Manager belo...

Page 748: ...e You can run the autofind command again to enable the feature You can specify the on option but it is not required awusbmanager autofind Run the list command again to verify AnywhereUSB Manager below are the available devices AW02 000001 AW02 000001 local 18574 Group 2 AW02 000001 2 In use by you Group 1 AW02 000001 1 In use by you U3 Cruzer Micro AW02 000001 1101 means Autoconnect enabled means ...

Page 749: ...list command to make sure you are connected to the group that the device you want to connect to is in In this example the device is in Group 1 so you should be connected to Group 1 You will need the address for device to which you want to connect AnywhereUSB Manager below are the available devices AW02 000001 AW02 000001 local 18574 Group 2 AW02 000001 2 In use by you Group 1 AW02 000001 1 In use ...

Page 750: ...Configure the AnywhereUSB Manager from the command line connect device AnywhereUSB Plus User Guide 750 Auto Find enabled Autoconnect All disabled AnywhereUSB Manager not running as a service ...

Page 751: ... to Group 1 AnywhereUSB Manager below are the available devices AW02 000001 AW02 000001 local 18574 Group 2 AW02 000001 2 In use by you Group 1 AW02 000001 1 U3 Cruzer Micro AW02 000001 1101 means Autoconnect enabled means Autoconnect inherited Auto Find enabled Autoconnect All disabled AnywhereUSB Manager not running as a service Run the connect group command awusbmanager connect group AW02 00000...

Page 752: ...anager below are the available devices AW02 000001 AW02 000001 local 18574 Group 2 AW02 000001 2 In use by you Group 1 AW02 000001 1 In use by you U3 Cruzer Micro USB stick 1 AW02 000001 1101 In use by you means Autoconnect enabled means Autoconnect inherited Auto Find enabled Autoconnect All disabled AnywhereUSB Manager not running as a service Run the device info command awusbmanager device info...

Page 753: ...u Group 1 AW02 000001 1 In use by you U3 Cruzer Micro AW02 000001 1101 means Autoconnect enabled means Autoconnect inherited Auto Find enabled Autoconnect All disabled AnywhereUSB Manager not running as a service Run the device name command awusbmanager device name AW02 000001 1101 USB Stick Run the list command again to verify the name change AnywhereUSB Manager below are the available devices AW...

Page 754: ...ddress of the device from which you want to disconnect Examples Run the list command to view the address for device from which you want to disconnect AnywhereUSB Manager below are the available devices AW02 000001 AW02 000001 local 18574 Group 2 AW02 000001 2 In use by you Group 1 AW02 000001 1 In use by you U3 Cruzer Micro AW02 000001 1101 In use by you means Autoconnect enabled means Autoconnect...

Page 755: ...want to connect Make sure that auto connect is disabled for the group When it is disabled an asterisk does not display next to the group name If you need to disable auto connect for the group see autoconnect clear group AnywhereUSB Manager below are the available devices AW02 000001 AW02 000001 local 18574 Group 2 AW02 000001 2 In use by you Group 1 AW02 000001 1 In use by you U3 Cruzer Micro AW02...

Page 756: ...Configure the AnywhereUSB Manager from the command line disconnect group AnywhereUSB Plus User Guide 756 Autoconnect All disabled AnywhereUSB Manager not running as a service ...

Page 757: ...gure the AnywhereUSB Manager from the command line exit AnywhereUSB Plus User Guide 757 exit Purpose Shuts down the service If the AnywhereUS Manager is open it is shut down as well Syntax awusbmanager exit ...

Page 758: ...determine the group s address AnywhereUSB Manager below are the available devices AW02 000001 HUB 000001 AW02 000001 local 18574 Group 2 Admin group AW02 000001 2 In use by you Group 1 AW02 000001 1 In use by you U3 Cruzer Micro AW02 000001 1101 means Autoconnect enabled means Autoconnect inherited Auto Find enabled Autoconnect All disabled AnywhereUSB Manager not running as a service Run the grou...

Page 759: ...u Group 1 AW02 000001 1 In use by you U3 Cruzer Micro AW02 000001 1101 means Autoconnect enabled means Autoconnect inherited Auto Find enabled Autoconnect All disabled AnywhereUSB Manager not running as a service Run the group name command awusbmanager group name AW02 000001 2 New Group Run the list command again to verify the name change AnywhereUSB Manager below are the available devices AW02 00...

Page 760: ...e address is the address of the Hub that you want to hide The port is the TCP port number for the Hub you want to hide This is required if the TCP port number is not the default 18574 Examples Run the hidden hub add command to add a Hub to the hidden Hub list n Use the default port of 18574 awusbmanager hidden hub add 10 10 10 34 n Change the TCP port number awusbmanager hidden hub add 10 10 10 56...

Page 761: ...d X next to the Hub name or a Hub which users shouldn t access n You can also choose to hide Hubs that don t currently display in the AnywhereUSB Manager but the client ID may have access in the future such as a Hub on another network Note For information on hiding Hubs in the AnywhereUSB Manager see Hide an individual Hub and Hide all unauthorized Hubs Syntax awusbmanager hidden hub list Examples...

Page 762: ...t number is not the default 18574 Examples Run the hidden hub list command to verify the address and port number of the Hub that you want to remove 10 10 10 21 18574 10 10 10 34 18574 10 10 10 56 5600 Run the hidden hub remove command n If the TCP port number is the default entering the port number in the command is optional awusbmanager hidden hub remove 10 10 10 34 n If the TCP port number is no...

Page 763: ...the Hubs in the hidden Hubs list Syntax awusbmanager hidden hub remove all Examples Run the hidden hub list command to view the list of hidden Hubs 10 10 10 12 18574 10 10 10 14 18574 10 10 10 15 5600 Run the hidden hub remove all command awusbmanager hidden hub remove all Run the hidden hub list command again to verify that the Hubs have been removed ...

Page 764: ...Configure the AnywhereUSB Manager from the command line help AnywhereUSB Plus User Guide 764 help Purpose Displays a list of the CLI commands for the AnywhereUSB Manager Syntax awusbmanager help ...

Page 765: ...ou Group 1 AW02 000001 1 In use by you U3 Cruzer Micro AW02 000001 1101 means Autoconnect enabled means Autoconnect inherited Auto Find enabled Autoconnect All disabled AnywhereUSB Manager not running as a service Run the hub info command awusbmanager hub info AW02 000001 Information about the Hub displays NAME AW02 000001 LOCALNAME HUB 000001 MODEL AnywhereUSB 2 Plus VERSION 3 0 0 54 awusb dby 3 ...

Page 766: ...000001 AW02 000001 local 18574 Group 2 AW02 000001 2 In use by you Group 1 AW02 000001 1 In use by you U3 Cruzer Micro AW02 000001 1101 means Autoconnect enabled means Autoconnect inherited Auto Find enabled Autoconnect All disabled AnywhereUSB Manager not running as a service Run the hub name command awusbmanager hub name AW02 000001 Hub 1 Run the list command again to verify the local name Anywh...

Page 767: ...nown hub add address port The address is the address of the Hub or a Hub hostname that can be resolved by your network nameservers This is required The port is the TCP port number which is 18574 by default You can change the TCP port number if needed Examples Add a known Hub Run the known hub add command to add a Hub to the known Hub list n Use and address and the default port of 18574 awusbmanage...

Page 768: ...rpose Displays a list of Hubs that have been added to the known Hubs list Note For more information about known Hubs see Manage the list of known Hubs Syntax awusbmanager known hub list Examples Run the known hub list command awusbmanager known hub list A list of known Hubs is returned 10 10 10 50 18574 10 10 10 12 18574 ...

Page 769: ... the Hub you want to remove This is required if the TCP port number is not the default 18574 Examples Run the known hub list command to verify the address and port number of the Hub that you want to remove 10 10 01 12 18574 10 10 01 14 18574 10 10 01 15 5600 Run the known hub remove command n If the TCP port number is the default entering the port number in the command is optional awusbmanager kno...

Page 770: ...l the Hubs in the known Hubs list Syntax awusbmanager known hub remove all Examples Run the known hub list command to view the list of known Hubs 10 10 01 12 18574 10 10 01 14 18574 10 10 01 15 5600 Run the known hub remove all command awusbmanager known hub remove all Run the known hub list command again to verify that the Hubs have been removed ...

Page 771: ... Syntax awusbmanager list Examples This example shows one Hub AW02 000001 If assigned the local name for the Hub displays surrounded by quotes Hub 1 On the Hub Group 1 has the auto connect feature enabled as specified by the asterisk next to the group name The address for each group is in parentheses after the group name In this example the address for Group 1 is AW02 000001 1 The address for a de...

Page 772: ...all feature enabled or disabled n Specifies whether the AnywhereUSB Manager is running as a service Syntax awusbmanager list full Examples Run the list full command awusbmanager list full The example below shows the Hub on the network and the groups and devices on that Hub Information about the Hub group and device is also returned AnywhereUSB Manager below are the available devices AW08 D00001 10...

Page 773: ...00001 1 In use by you ADDRESS AW08 D00001 1 GROUP 1 NAME Group 1 PORTS 1 2 3 4 AUTOCONNECT enabled IN USE BY YOU USB DISK 3 0 AW08 D00001 1803 In use by you ADDRESS AW08 D00010 1803 VENDOR VENDOR ID 0x13fe PRODUCT USB DISK 3 0 PRODUCT ID 0x6300 SERIAL 070A00376967E000 AUTOCONNECT inherited IN USE BY YOU means Autoconnect enabled means Autoconnect inherited Autofind disabled Autoconnect All disable...

Page 774: ...is connected to the Hub the power cycle feature may have no effect on the USB device The USB device you choose to power cycle must be assigned to a group that you are allowed to access When you use this feature the power supplied by the port to the USB device is turned off and then turned on Note You can also perform a power cycle of a USB device from the AnywhereUSB Manager See Cycle the power to...

Page 775: ...Configure the AnywhereUSB Manager from the command line power cycle AnywhereUSB Plus User Guide 775 ...

Page 776: ...SB device from the Hub and then reconnecting it Note If an externally powered USB device one that is not powered by the Hub is connected to the Hub the power cycle feature may have no effect on the USB device Note You can also perform a power cycle a port from the web UI See Cycle the power to a port on a Hub from the web UI Syntax Where port N is the port number that you want to power cycle syste...

Page 777: ...ent ID and the certificate identify the user s login credentials on the computer n Service If you installed the Manager as a service the client ID and the certificate identify the computer When the client ID and certificate have been created the computer is able to connect to the Hubs that recognize that client ID Any other computer with the same client ID will be rejected Note In some cases multi...

Page 778: ...on during installation the AnywhereUSB Manager does not automatically open after the installation process completes In this case the client ID dialog does not display n New user logs in After the AnywhereUSB Hub software is installed any user can log into that computer and open the AnywhereUSB Manager The first time a new user opens the AnywhereUSB Manager the client ID dialog appears The user mus...

Page 779: ...ile feature AnywhereUSB Manager client ID is not unique 780 No remote Hubs found 780 Hide a group in the AnywhereUSB Manager 780 Services turned off and locked out of the Hub 781 Microsoft Windows restrictions 781 Hubs and virtual machines 781 Allow remote access to USB devices 781 Hub connection is taking too long 782 Red X icon next to a Hub in the AnywhereUSB Manager 782 Cannot uninstall the Ma...

Page 780: ... host computer is unable to discover any AnywhereUSB devices on the network no Hubs are displayed in the AnywhereUSB Manager Firewall software blocks the port used for Hub discovery When firewall software blocks the port used for Hub discovery try the following n For firewall software either disable it or add an exception for the port UDP port 5353 n Check for a link light on the Ethernet port If ...

Page 781: ...device using an Ethernet LAN connection 4 Step 6 Verify initial connection 5 Configure the Hub settings 6 Reconnect the Hubs to the existing AnywhereUSB Managers Microsoft Windows restrictions Microsoft Remote Desktop Some devices such as a web camera and some input devices such as a USB keyboard or a mouse are blocked and may not display when Microsoft Remote Desktop is connected to a laptop or a...

Page 782: ...s default settings n Collect a support file from the AnywhereUSB Manager and a support_report from the Hub for analysis by Tech Support Red X icon next to a Hub in the AnywhereUSB Manager In some situations a red X display next to a Hub in the AnywhereUSB Manager when the Hub has failed to connect to your PC or the network The list below describes situations during which this may occur and include...

Page 783: ...rom the list 3 Click Change You may have to right click on Digi AnywhererUSB Manager to see the option The AnywhereUSB Manager installation wizard appears 4 Click Next The Program Maintenance window appears 5 Select the Remove option 6 Click Next The Remove the Program screen appears 7 Make sure that Remove User Configuration is not selected This preserves your current configuration 8 Click Remove...

Page 784: ...Plus datasheet AnywhereUSB 2 Plus Front panel 785 AnywhereUSB 2 Plus Back panel 787 AnywhereUSB 8 Plus Front panel 788 AnywhereUSB 8 Plus Back panel 790 AnywhereUSB 24 Plus Front Panel 791 AnywhereUSB 24 Plus Back panel 794 Additional power and cabling requirements AnywhereUSB Plus 8 and 24 795 AnywhereUSB Plus User Guide 784 ...

Page 785: ...minates as follows based on the speed of the USB device n Yellow 1 1 Full speed n Green 2 0 High speed n Blue 3 1 Super speed 3 Reset button Use this button to reset the AnywhereUSB Hub configuration to factory defaults See Erase device configuration and reset to factory defaults 4 Power LED The power LED shows the status of the power when the power cord is connected to the device n Solid blue The...

Page 786: ...USB 2 Plus Front panel AnywhereUSB Plus User Guide 786 Item Name Description 5 Power connector Connect the power supply 5 Volt DC center positive The Hub draws 5 Amp maximum when both USB ports are drawing 1 8 Amps each ...

Page 787: ...f this occurs you will need to separately purchase two screws of the following type 4 40 x 250 Flat head Phillips head zinc plated screws n You will need an appropriate Phillips head screwdriver Attach the DIN rail clip to the device 1 Remove required items from DIN rail mounting kit n DIN rail clip n Two 4 40 x 250 Flat head zinc plated screws 2 Place the DIN rail clip on the rear panel of the de...

Page 788: ... 7 STP Ethernet cable See Step 5 Connect to the device using an Ethernet LAN connection Note Digi recommends that you use either the Ethernet cable or the SFP module If both the Ethernet cable and the SFP module are connected the SFP module will have priority 3 SFP Connect an SFP transceiver module for fiber connection such as Finisar Network FTLX8574D3BCL SFP 4 DB9 console Used to access a consol...

Page 789: ...strength and the WWAN Service LED shows additional information See WWAN LED description table below for more information WWAN Service and WWAN Signal LED descriptions WWAN Signal LED WWAN Service LED Description Slow flash red Slow flash red Updating modem firmware Slow flash green Slow flash green Recovering modem firmware Off Slow flash green Waiting for modem to appear Off Off Modem not present...

Page 790: ...4 Wi Fi3 Reserved for future use 5 Wi Fi4 Reserved for future use 6 WWAN2 Attach a cellular module antenna 7 CORE module Insert a CORE module component 8 WWAN1 Attach a cellular module antenna 9 Reset button Use this button to reset the AnywhereUSB Hub configuration to factory defaults See Erase device configuration and reset to factory defaults 10 Power connector Connect the power supply See Conn...

Page 791: ...e ETH1 is the primary network interface See Step 5 Connect to the device using an Ethernet LAN connection ETH2 is the secondary network interface This is optional and used for redundancy Note Digi recommends that you use either the Ethernet cable or the SFP module If both the Ethernet cable and the SFP module are connected the SFP module will have priority 4 SFP 1 2 Connect an SFP transceiver modu...

Page 792: ...The Hub is not powered or the supply has failed 5 Wi Fi Service LED Reserved for future use 5 WWAN1 Signal LED WWAN2 Service LED The WWAN1 Signal and WWAN2 Service LEDs how the status of the WWAN connection while actions are being taken by the modem firmware After all actions are completed the WWAN Signal LED shows modem strength and the WWAN Service LED shows additional information See WWAN LED d...

Page 793: ...Solid green Modem is connected Off Solid red No SIM card present Off Fast flash green Connecting Solid green Off Modem signal strength 5 bars Fast flash green Off Modem signal strength 3 4 bars Slow flash green Off Modem signal strength 1 2 bars Slow flash red Off Modem signal strength 0 bars Off Off Modem signal strength ...

Page 794: ...lular module antenna 7 CORE module Insert a CORE module component 8 WWAN1 Attach a cellular module antenna 9 Fan 1 Primary fan 10 Fan 2 Secondary fan 11 Power connector Connect the power supply See Connect the power supply 12 Power connector Connect the second optional power supply This is used for redundancy Reset button The reset button is on the side of the Hub Press this button to reset the An...

Page 795: ... supplies is not covered by the Digi warranty Software and reference Uninstall the AnywhereUSB Manager using Windows You can uninstall the AnywhereUSB Manager if needed Note You can also uninstall the AnywhereUSB Manager from the Windows Control Panel In addition you can uninstall the Manager using Linux from the AnywhereUSB 2 Plus and the AnywhereUSB 8 Plus 1 Locate the AnywhereUSB Manager instal...

Page 796: ...ve the Program screen appears 6 Determine whether you want to remove the AnywhereUSB configuration settings that you have selected n Do not select Remove User Configuration The configuration settings you have made are retained and re applied the next time you install the AnywhereUSB Manger This is the default n Select Remove User Configuration The configuration settings you have made are not ...

Page 797: ...ogress bar appears 9 When the uninstall is complete the InstallShield Wizard Completed screen appears 10 Click Finish to complete the uninstall and close the dialog Install and uninstall the AnywhereUSB Manager using Linux Note This only applies to Anywhere USB 2 Plus and AnywhereUSB 8 Plus You cannot use Linux to install or uninstall the AnywhereUSB Manager on AnywhereUSB 24 Plus The AnywhereUSB ...

Page 798: ...ld be selected by default 3 In the Drivers Patches section click the Anywhere USB Plus OS Specific Drivers link 4 From the drop down list box select Linux 5 Click the release notes link The release notes page displays 6 Click the release notes link to display the release notes 7 Scroll to the Install Remove section of the release notes for installation and remove instructions QR code definition A ...

Page 799: ...ски Croatian Hrvatski French Français Greek Ελληνικά Hungarian Magyar Italian Italiano Latvian Latvietis Lithuanian Lietuvis Polish Polskie Portuguese Português Slovak Slovák Slovenian Esloveno Spanish Español AnywhereUSB Plus User Guide 799 ...

Page 800: ...safety reasons the equipment should be opened only by qualified personnel Risk of explosion if battery is replaced by incorrect battery type or if the battery is installed incorrectly Dispose of used batteries according to the instructions Use certified and rated Laser Class I Optical Transceiver product Risk of electric shock This equipment is suitable for installation in Information Technology R...

Page 801: ... безопасност оборудването трябва да се отваря само от квалифициран персонал Риск от експлозия ако батерията бъде заменена от неправилен тип батерия или ако батерията е инсталирана неправилно Изхвърлете използваните батерии в съответствие с инструкциите Използвайте сертифицирани и оценени продукти Laser Class I Optical Transceiver Риск от токов удар Това оборудване е подходящо за инсталиране в поме...

Page 802: ...urnosnih razloga opremu bi trebalo otvarati samo kvalificirano osoblje Opasnost od eksplozije ako je baterija zamijenjena pogrešnim tipom baterije ili ako je baterija pogrešno instalirana Bacite istrošene baterije prema uputama Koristite certificirani i ocijenjeni proizvod Laser Class I Optical Transceiver Opasnost od strujnog udara Ova je oprema pogodna za ugradnju u prostorije informacijske tehn...

Page 803: ...uvrir l équipement Pour des raisons de sécurité l équipement ne doit être ouvert que par du personnel qualifié Risque d explosion si la batterie est remplacée par un type de batterie incorrect ou si la batterie est mal installée Jetez les piles usagées conformément aux instructions Utilisez un produit certifié et évalué Laser Class I Optical Transceiver Risque de choc electrique Cet équipement peu...

Page 804: ...όγους ασφαλείας ο εξοπλισμός πρέπει να ανοίγει μόνο από εξειδικευμένο προσωπικό Κίνδυνος έκρηξης εάν η μπαταρία αντικατασταθεί από λανθασμένο τύπο μπαταρίας ή εάν η μπαταρία δεν έχει εγκατασταθεί σωστά Απορρίψτε τις χρησιμοποιημένες μπαταρίες σύμφωνα με τις οδηγίες Χ ρησιμοποιήστε πιστοποιημένο και βαθμολογημένο προϊόν Laser Class I Optical Transceiver Κίνδυνος ηλεκτροπληξίας Αυτός ο εξοπλισμός εί...

Page 805: ...ha az elemet nem megfelelő típusú elemre cserélik vagy ha az akkumulátort helytelenül helyezik be A használt elemeket az utasításoknak megfelelően dobja ki Használjon tanúsított és minősített terméket Laser Class I Optical Transceiver Áramütés veszélye Ez a berendezés alkalmas az informatikai helyiségekbe történő telepítésre a Nemzeti Villamos Kódex és az NFPA 75 645 szakasza szerint Az EZ04 IAG4 ...

Page 806: ...i sicurezza l apparecchiatura deve essere aperta solo da personale qualificato Rischio di esplosione se la batteria viene sostituita con un tipo di batteria errato o se la batteria è installata in modo errato Smaltire le batterie usate secondo le istruzioni Usa prodotto certificato e valutato Laser Class I Optical Transceiver Rischio di scosse elettriche Questa apparecchiatura è adatta per l insta...

Page 807: ...vērumu dēļ aprīkojumu drīkst atvērt tikai kvalificēts personāls Eksplozijas risks ja akumulatoru aizstāj ar nepareizu akumulatora tipu vai nepareizi ievietots akumulators Iznīciniet izlietotās baterijas saskaņā ar instrukcijām Izmantojiet sertificētu un novērtētu produktu Laser Class I Optical Transceiver Elektriskās strāvas trieciena risks Šis aprīkojums ir piemērots uzstādīšanai informācijas teh...

Page 808: ...mo sumetimais įrangą turėtų atidaryti tik kvalifikuotas personalas Sprogimo pavojus jei baterija pakeičiama netinkamu akumuliatoriaus tipu arba neteisingai įdėta Panaudotas baterijas išmeskite pagal instrukcijas Naudokite sertifikuotą ir įvertintą produktą Laser Class I Optical Transceiver Elektros smūgio pavojus Ši įranga yra tinkama montuoti informacinių technologijų patalpose pagal Nacionalinio...

Page 809: ...zeństwa urządzenie powinno być otwierane wyłącznie przez wykwalifikowany personel Ryzyko wybuchu w przypadku wymiany baterii na baterię niewłaściwego typu lub nieprawidłowego zainstalowania baterii Zużyte baterie należy utylizować zgodnie z instrukcjami Używaj certyfikowanego i ocenianego produktu Laser Class I Optical Transceiver Ryzyko porażenia prądem Jest to urządzenie przystosowane do instala...

Page 810: ...zões de segurança o equipamento deve ser aberto apenas por pessoal qualificado Há risco de explosão se a bateria for substituída por um tipo incorreto de bateria ou se a bateria for instalada incorretamente Descarte as baterias usadas de acordo com as instruções Use produto certificado e classificado Laser Class I Optical Transceiver Risco de choque elétrico Este equipamento é adequado para instal...

Page 811: ... dôvodov by malo zariadenie otvárať iba kvalifikovaný personál Ak je batéria vymenená za nesprávny typ alebo je batéria vložená nesprávne hrozí nebezpečenstvo výbuchu Použité batérie zlikvidujte podľa pokynov Používajte certifikovaný a hodnotený produkt Laser Class I Optical Transceiver Nebezpečenstvo úrazu elektrickým prúdom Toto zariadenie je vhodné na inštaláciu v miestnostiach informačných tec...

Page 812: ...reme Iz varnostnih razlogov naj opremo odpira samo usposobljeno osebje Nevarnost eksplozije če baterijo zamenjate z nepravilno vrsto baterije ali če je baterija nepravilno nameščena Odslužene baterije zavrzite v skladu z navodili Uporabite certificiran in ocenjen izdelek Laser Class I Optical Transceiver Nevarnost električnega udara Ta oprema je primerna za vgradnjo v prostore za informacijsko teh...

Page 813: ...de seguridad el equipo debe ser abierto únicamente por personal calificado Riesgo de explosión si la batería se reemplaza por un tipo de batería incorrecto o si la batería se instala incorrectamente Deseche las baterías usadas de acuerdo con las instrucciones Utilice un producto certificado y calificado Laser Class I Optical Transceiver Riesgo de shock eléctrico Este equipo es adecuado para su ins...

Page 814: ...their distribution market Refer to the radio regulatory agency in the desired countries of operation for more information CE and UKCA OEM labeling requirements The CE and UKCA markings must be clearly visible and legible when you affix it to the product If this is not possible you must attach these marks to the packaging if any or accompanying documents CE labeling requirements The CE marking must...

Page 815: ...olor does not have to be solid as long as it remains visible legible and maintains the required proportions Innovation Science and Economic Development Canada IC certifications This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications Le present appareil numer...

Reviews:

No comments