manualshive.com logo in svg

Digi Connect EZ Mini, User Manual

Share
Download
Page 162
Digi Connect EZ Mini User Manual Download Page 162

Virtual Private Networks (VPN)

IPsec

Digi Connect EZ Mini User Guide

162

1. Log into the Connect EZ command line as a user with full Admin access rights.

Depending on your device configuration, you may be presented with an

Access selection

menu

. Type

admin

to access the Admin CLI.

2. At the command line, type

config

to enter configuration mode:

> config
(config)>

3. Set the IPsec debug value:

config> vpn ipsec advanced debug

value

config>

where

value

is one of:

n

none

. (Default) No debug messages are written.

n

basic_auditing

: Logs basic auditing information, (for example, SA up/SA down).

n

generic_control

: Select this for basic debugging information.

n

detailed_control

: More detailed debugging control flow.

n

raw_data

: Includes raw data dumps in hexadecimal format.

n

sensitive_data

: Also includes sensitive material in dumps (for example, encryption

keys).

4. Save the configuration and apply the change:

(config)> save
Configuration saved.
>

5. Type

exit

to exit the Admin CLI.

Depending on your device configuration, you may be presented with an

Access selection

menu

. Type

quit

to disconnect from the device.

Configure a Simple Certificate Enrollment Protocol client

Simple Certificate Enrollment Protocol (SCEP) is a mechanism that allows for large-scale X.509
certificate deployment. You can configure Connect EZ device to function as a SCEP client that will
connect to a SCEP server that is used to sign Certificate Signing Requests (CSRs), provide Certificate
Revocation Lists (CRLs), and distribute valid certificates from a Certificate Authority (CA).

Required configuration

n

Enable the SCEP client.

n

The fully-qualified domain name of the SCEP server to be used for certificate requests.

n

The challenge password provided by the SCEP server that the SCEP client will use when
making SCEP requests.

n

The distinguished name to be used for the CSR.

n

The file name of the Certificate Revocation List (CRL) from the Certificate Authority (CA).

Summary of Contents for Connect EZ Mini

Page 1: ...Connect EZ Mini User Guide Firmware version 22 2...

Page 2: ...fault URL for the device s Remote Manager connection is now edp12 devicecloud com This URL is required to utilize the client side certificate support n New Socket ID string option to send the configur...

Page 3: ...rademarks or registered trademarks in the United States and other countries worldwide All other trademarks mentioned in this document are the property of their respective owners 2022 Digi Internationa...

Page 4: ...chnical support Digi offers multiple technical support plans and service packages Contact us at 1 952 912 3444 or visit us at www digi com support Feedback To provide feedback on this document email y...

Page 5: ...EZ 21 Step 7 Connect to Digi Remote Manager 22 Connect equipment to the Connect EZ serial port Serial Status page 23 Serial connector pinout Connect EZ Mini 23 Serial Status page 24 Hardware Top panel...

Page 6: ...line interface 48 Interfaces Wide Area Networks WANs 49 Wide Area Networks WANs 50 Configure WAN priority and default route metrics 50 Configure SureLink active recovery to detect WAN failures 52 Con...

Page 7: ...ation 124 Configure an IPsec tunnel 124 Configure IPsec failover 150 Configure SureLink active recovery for IPsec 153 Show IPsec status and statistics 160 Debug an IPsec configuration 161 Configure a...

Page 8: ...system time 331 Manually set the system date and time 334 Network Time Protocol 335 Configure the device as an NTP server 335 Show status and statistics of the NTP server 340 Configure a multicast rou...

Page 9: ...Access Control System Plus TACACS 437 TACACS user configuration 438 TACACS server failover and fallback to local authentication 439 Configure your Connect EZ device to use a TACACS server 439 Remote...

Page 10: ...hanges 520 Save configuration to a file 521 Restore the device configuration 522 Schedule system maintenance tasks 525 Disable device encryption 529 Re enable cryptography after it has been disabled 5...

Page 11: ...le filters for capturing data traffic 598 Capture packets from the command line 599 Stop capturing packets 600 Show captured traffic data 600 Save captured data traffic to a file 602 Download captured...

Page 12: ...dmin CLI prompt 621 Display help for the config command from the root Admin CLI prompt 621 Configuration mode 623 Enable configuration mode 623 Enter configuration commands in configuration mode 623 S...

Page 13: ...ow surelink ipsec 651 show surelink openvpn 651 show system 651 show usb 651 show version 652 show vrrp 652 show web filter 652 speedtest 652 ssh 653 system backup 653 system disable cryptography 653...

Page 14: ...Digi Connect EZ Mini User Guide 14 system time test 658 telnet 658 traceroute 658...

Page 15: ...tions Digi Connect EZ Mini The Digi Connect EZ Mini has 1 serial port and is specifically designed to make it simple to implement and support machine to machine automation applications to allow enterp...

Page 16: ...e Manager Optional n Change the password on the Connect EZ n Mount the Connect EZ n Connect equipment to the Connect EZ serial port Administrators only n Additional configuration to the device can be...

Page 17: ...nd two screws that meet these requirements n M4 in diameter n 5 mm in length n Countersunk n Phillips 2 n Black Steel Loose label A loose label sticker that includes information about the device is in...

Page 18: ...cover the IP address for the Connect EZ Make sure you have the device powered and connected the device to your network or computer with an Ethernet cable See Connect to and access the Digi Navigator N...

Page 19: ...your network or computer 2 Download and install the Digi Navigator 3 Launch the Digi Navigator 4 Select the device you want to configure using one of the following methods n Specify a device Expand th...

Page 20: ...the COM ports on your computer that are configured for RealPort from within the Digi Navigator a Launch the Digi Navigator if it is not currently open A list of Connect EZ devices that have RealPort e...

Page 21: ...Description Network activity Summarizes network statistics the total number of bytes sent and received over all configured bridges and Ethernet devices Digi Remote Manager Displays the device connect...

Page 22: ...ware updates and security notices From Remoter Manager you can also easily update firmware ensure consistent configuration across a large group of devices and manage and monitor cellular connectivity...

Page 23: ...rt is enabled by default The network devices connected to the serial port may be accessed using RealPort Digi Remote Manager the local web user interface TCP telnet or SSH connections TCP telnet and S...

Page 24: ...ge 1 Click the link to connect to the port in the terminal page 2 In the terminal screen enter b to display additional commands See Access the terminal screen from the web UI for more information abou...

Page 25: ...Mini User Guide 25 Item Description TX RX Bytes Displays the total number of bytes that have been transmitted and received Signals Indicates the types of communication that the device is ready to sen...

Page 26: ...is being supplied to the device n Flashing green The Find Me feature has been activated 3 Serial port LED Use the serial port to connect to devices and equipment to the Connect EZ See Connect equipme...

Page 27: ...able 5 Ethernet port Indicates connection to Ethernet WAN network The LED lights up when an Ethernet cable is attached n Left yellow There is activity on the port n Right green The port is in use Bott...

Page 28: ...e Use round head M4 size screws The type and length are dependent on the mounting surface type Screws are not provided If you choose not to mount the device you can permanently remove the mounting tab...

Page 29: ...nu click System Device Configuration The Configuration window appears 3 Click Authentication Users Admin 4 For Password enter the new password The password must be at least eight characters long and m...

Page 30: ...thread screw n 12 mm in length The length should clear the mounting tab thickness and leave at least 1 cm of screw shank to bite into the mounting material Attach to DIN rail with clip The DIN rail cl...

Page 31: ...re version remains the same 1 Make sure that the Connect EZ has been powered on for at least 30 seconds 2 Locate the Erase button on the back of the device 3 Using a pinhole tool press and briefly hol...

Page 32: ...n n Password The unique password printed on the device label c Type a to enter the Admin CLI d Type show network to show all devices currently connected to the network e Scroll down until you discover...

Page 33: ...Subnet mask and Default gateway You will need this information to complete the final step of the process 5 Configure with the following details n IP address for PC 192 168 210 2 n Subnet 255 255 255 0...

Page 34: ...ludes information about the device is included in the box You should retain this label sticker with your hardware records Item Description 1 QR code Scan the QR code to display a semicolon separated l...

Page 35: ...ord will be needed if the device is factory reset and you want to access the web UI on the device 6 MAC address The MAC address for the device 7 Serial number The unique serial number assigned to the...

Page 36: ...ethods 39 Using Digi Remote Manager 41 Access Digi Remote Manager 41 Using the web interface 41 Use the local REST API to configure the Connect EZ device 42 Access the terminal screen from the web UI...

Page 37: ...y a list of your devices 3 Locate and select your device as described in Use Digi Remote Manager to view and manage your device 4 Click Configure The following tables list important factory default se...

Page 38: ...he bottom label of the device and on the loose label included in the package If you erase the device configuration or reset the device to factory defaults the password for the admin user will revert t...

Page 39: ...ation saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configuration methods Th...

Page 40: ...face n Command line A robust command line allows you to perform all configuration and management tasks from within a command shell Both the Remote Manager and the local web interface also have the opt...

Page 41: ...nect EZ local WebUI 1 Use an Ethernet cable to connect the Connect EZ s ETH port to a laptop or PC 2 Open a browser and go to 192 168 2 1 3 Log into the device using a configured user name and passwor...

Page 42: ...ation information To return device configuration issue the GET method For example using curl curl k u admin https ip address cgi bin config cgi value path X GET where n ip address is the IP address of...

Page 43: ...dns DNS iperf IPerf location Location mdns Service Discovery mDNS modbus_gateway Modbus Gateway multicast Multicast ntp NTP ping Ping responder snmp SNMP ssh SSH telnet Telnet web_admin Web administr...

Page 44: ...value parameters curl k u admin https ip address cgi bin config cgi value path path value new_value X POST where n path is the path to the configuration parameter in dot notation for example ssh servi...

Page 45: ...lt network route static 1 Use the DELETE method to remove items from a list array To remove items from a list array use the DELETE method For example using curl curl k u admin https 192 168 210 1 cgi...

Page 46: ...Terminal The Terminal screen displays 3 When prompted enter your user name and password 4 Enter the number of the port that you want to access 5 Information about the port you are connected to displa...

Page 47: ...le To access the command line your device must be configured to allow access and you must log in as a user who has been configured for the appropriate access For further information about configuring...

Page 48: ...Admin CLI Connecting now Press Tab to autocomplete commands Press for a list of commands and details Type help for details on navigating the CLI Type exit to disconnect from the Admin CLI See Command...

Page 49: ...xisting WAN and you can create new WANs This section contains the following topics Wide Area Networks WANs 50 Configure WAN priority and default route metrics 50 Configure SureLink active recovery to...

Page 50: ...lt the Connect EZ device s WAN ETH1 is configured with the lowest metric 1 and is therefor the highest priority WAN By default the Wireless WAN Modem is configured with a metric of 3 which means it ha...

Page 51: ...WWAN Modem as its highest priority WAN and its Ethernet WAN ETH1 as its secondary WAN Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your dev...

Page 52: ...detect that the WAN has failed because the connection continues to work while the core problem exists somewhere else in the network Using Digi SureLink you can configure the Connect EZ device to regul...

Page 53: ...e failed n If the type of probe test is l Ping Configure the number of bytes in the ping packet l Interface status Configure the amount of time that the interface is down before it is considered to ha...

Page 54: ...est to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this interface Tests connectivity by sending a DNS query to the DNS ser...

Page 55: ...ured for Success condition determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets e For Attempts type the number of probe attempts...

Page 56: ...ig network interface my_wan 5 Add a test target config network interface my_wan add ipv4 surelink target end config network interface my_wan ipv4 surelink target 0 6 Set the test type config network i...

Page 57: ...k interface my_wan ipv4 surelink target 0 interface_down_time value config network interface my_wan ipv4 surelink target 0 where value is any number of weeks days hours minutes or seconds and takes th...

Page 58: ...connectivity tests config network interface my_wan ipv4 surelink interval value config network interface my_wan ipv4 surelink where value is any number of weeks days hours minutes or seconds and take...

Page 59: ...device to reboot when a failure is detected Using SureLink you can configure the Connect EZ device to reboot when it has determined that an interface has failed Required configuration items n Enable S...

Page 60: ...2 Select the Test type n Ping test Tests connectivity by sending an ICMP echo request to the hostname or IP address specified in Ping host You can also optionally change the number of bytes in the Pin...

Page 61: ...more than one test target is configured for Success condition determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets f For Attempts...

Page 62: ...ig network interface my_wan 5 Set the device to reboot when the interface is considered to have failed config network interface my_wan ipv4 surelink reboot true config network interface my_wan ipv4 su...

Page 63: ...is considered to be down based on the interfaces down time and the amount of time an initial connection to the interface takes before this test is considered to have failed l Optional Set the amount...

Page 64: ...interface my_wan ipv4 surelink reboot enable config network interface my_wan ipv4 surelink Note If both the restart and reboot parameters are enabled the reboot parameter takes precedence d Set the In...

Page 65: ...onal Repeat this procedure for IPv6 10 Save the configuration and apply the change config network interface my_wan ipv4 surelink save Configuration saved 11 Type exit to exit the Admin CLI Depending o...

Page 66: ...ay be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Change to the WAN s node in the configura...

Page 67: ...rface test The SureLink interface test determines if the interface has an IP address assigned to it that the physical link is up and that a route is present to send traffic out of the network interfac...

Page 68: ...with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Change to WAN s node in the configuration schema For exa...

Page 69: ...Pv4 configuration n The metric for IPv4 routes associated with the WAN n The relative weight for IPv4 routes associated with the WAN n The IPv4 management priority of the WAN The active interface with...

Page 70: ...abled by default To disable click Enable 6 For Interface type leave at the default setting of Ethernet 7 For Zone select External 8 For Device select an Ethernet device 9 Configure IPv4 settings a Cli...

Page 71: ...he prefix to the assigned length Leave blank to use a random identifier f Set the Metric g See Configure WAN priority and default route metrics for further information about metrics h For Weight type...

Page 72: ...lick c Type the MAC address 13 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your...

Page 73: ...a Optional IPv4 configuration items i Set the IP metric config network interface my_wan ipv4 metric num config network interface my_wan See Configure WAN priority and default route metrics for furthe...

Page 74: ...t route metrics for further information about metrics 7 Optional Configure IPv6 settings a Enable IPv6 support config network interface my_wan ipv6 enable true config network interface my_wan b Set th...

Page 75: ...iguration you may be presented with an Access selection menu Type quit to disconnect from the device Show WAN status and statistics WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2...

Page 76: ...mation about a specific WAN For example to display information about ETH1 enter show network interface eth1 show network interface eth1 wan1 Interface Status Device eth1 Zone external IPv4 Status up I...

Page 77: ...ck Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be pr...

Page 78: ...th1 Interface s DNS servers DNS IPv4 28 seconds Passing eth2 Interface is up IPv4 21 seconds Passing eth2 Interface s DNS servers DNS IPv4 20 seconds Passing modem Interface is up IPv4 115 seconds Pas...

Page 79: ...e Status test 194 43 79 74 Ping 29 seconds Passed test 194 43 79 75 Ping 5 seconds Passed test1 194 43 79 74 Ping 21 seconds Failed test2 194 43 79 75 Ping 21 seconds Waiting for result 3 Type exit to...

Page 80: ...est_client1 194 43 79 75 Ping 5 seconds Passed test_client2 194 43 79 74 Ping 21 seconds Failed test_client2 194 43 79 75 Ping 21 seconds Waiting for result 3 Type exit to exit the Admin CLI Depending...

Page 81: ...k status and statistics Digi Connect EZ Mini User Guide 81 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disc...

Page 82: ...on Provides access to the serial device from Python applications n RealPort Used in conjunction with the Digi RealPort driver RealPort can also be configured using the Digi Navigator For more informat...

Page 83: ...using Device Configuration Serial Changes made by using either Device Configuration or Serial Configuration will be reflected in both 3 Click the name of the port that you want to configure The serial...

Page 84: ...erial port The default is RS 232 8 Expand Serial Settings The entries in the following fields must match the information for the power controller Refer to your power controller manual for the correct...

Page 85: ...ect When enabled the DTR on pin 1 drives DCD If altpin is disabled the hardware signal on RJ45 pin 1 becomes DSR instead of DCD This alternative can be used if DCD is not required and DSR is needed in...

Page 86: ...is port config path paramlabel label config 8 Set the baud rate used by the device to which you want to connect config path parambaudrate rate config 9 Set the number of data bits used by the device t...

Page 87: ...3 Click the name of the port that you want to configure The serial port is enabled by default To disable toggle off Enable 4 For Mode select Remote Access This is the default 5 Enable Altpin to use t...

Page 88: ...f data bits used by the device to which you want to connect The default is 8 c Parity For Parity select the type of parity used by the device to which you want to connect The default is None d Stop bi...

Page 89: ...For Escape sequence type the characters used to start an escape sequence If no characters are defined the escape sequence is disabled The default is b c For History size type or select the number of...

Page 90: ...is not required and DSR is needed instead 6 n rs 232 l Enable rts_toggle if you want to enable RTS toggling during transmission on this serial port If enabled this setting overrides RTS CTS flow contr...

Page 91: ...bits config 10 Set the type of parity used by the device to which you want to connect config path paramparity parity config Allowed values are n even n odd n none The default is none 11 Set the stop b...

Page 92: ...monitor settings a Optional Enable monitoring of CTS Clear to Send changes on this port config path parammonitor cts true config b Optional Enable monitoring of DCD Data Carrier Detect changes on this...

Page 93: ...tect When enabled the DTR on pin 1 drives DCD If altpin is disabled the hardware signal on RJ45 pin 1 becomes DSR instead of DCD This alternative can be used if DCD is not required and DSR is needed i...

Page 94: ...rt is enabled by default To disable config serial port1 enable false config 4 Set the mode config serial port1 mode application config 5 Enable Altpin to use the Altpin feature Altpin is disabled by d...

Page 95: ...config l Enable full_duplex if you want to enable full duplex communication on this serial port config serial port1 full_duplex true config The default is rs 232 7 Optional Set a label that will be us...

Page 96: ...options appears 3 Click the desired RealPort for Windows version The file is downloaded and a Windows Explorer window launches showing the RealPort files 4 When the download is complete open the zip...

Page 97: ...ort setting You can verify the setting on the device using the web interface on the device a Open browser window b Enter the IP address in the URL address bar to access the web interface c Choose Netw...

Page 98: ...rier Detect When enabled the DTR on pin 1 drives DCD If altpin is disabled the hardware signal on RJ45 pin 1 becomes DSR instead of DCD This alternative can be used if DCD is not required and DSR is n...

Page 99: ...ig 3 The serial port is enabled by default To disable config serial port1 enable false config 4 Set the signal mode config serial port1 signal mode value config where value is one of n rs 232 l Enable...

Page 100: ...rrier Detect When enabled the DTR on pin 1 drives DCD If altpin is disabled the hardware signal on RJ45 pin 1 becomes DSR instead of DCD This alternative can be used if DCD is not required and DSR is...

Page 101: ...RealPort keepalive packets This is enabled by default 11 Enable TCP Port Keepalive to send TCP keepalive packets This is disabled by default 12 Click Apply to save the configuration and apply the cha...

Page 102: ...l For RTS Post delay enter the amount of time RTS is deasserted before completing data transmission The time is measured in milliseconds The default is 0ms n RS 422 l Enable Termination if you want t...

Page 103: ...rial Settings a For Local port enter the UDP port The default is 4001 or serial port 1 4002 for serial port 2 etc b Optional For Socket String ID enter a string that should be added at the beginning o...

Page 104: ...l port is enabled by default To disable config serial port1 enable false config 4 Set the mode config serial port1 mode udp config 5 Enable Altpin to use the Altpin feature Altpin is disabled by defau...

Page 105: ...le termination if you want to enable electrical termination on this serial port config serial port1 termination true config l Enable full_duplex if you want to enable full duplex communication on this...

Page 106: ...size of the packet config serial port1 framing max_count int config The default is 1024 15 Set the length of time the device should wait before sending the packet config serial port1 framing idle_tim...

Page 107: ...fig serial port1 udp destination 0 iii Set the host name or IP address of the remote site to which data should be sent config serial port1 udp destination 0 hostname hostanme or IP address config seri...

Page 108: ...DSR instead of DCD This alternative can be used if DCD is not required and DSR is needed instead 6 Optional For Label enter a label that will be used when referring to this port 7 For Signalling sele...

Page 109: ...which you want to connect The default is 1 e Flow control For Flow control select the type of flow control used by the device to which you want to connect The default is None 1 Set the baud rate used...

Page 110: ...feature Altpin is disabled by default config serial port1 altpin true config This feature should be enabled when you are using a modem and an 8 pin cable and you need CD Carrier Detect When enabled th...

Page 111: ...when referring to this port config path paramlabel label config 8 Expand Serial Settings The entries in the following fields must match the information for the power controller Refer to your power co...

Page 112: ...uration and apply the change config save Configuration saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to d...

Page 113: ...ndow displays 5 Click Start to start serial port logging 6 Click Stop to stop serial port logging if it has been started 7 Click Refresh to refresh the log display 8 Click Download to download the ser...

Page 114: ...rom the Digi Navigator You must enable RealPort on the device and then configure your computer for RealPort In this step all serial ports on the device are set to RealPort mode and the RealPort servic...

Page 115: ...isplays e Determine your final step n Close Click Close to close the message Configuration is complete n Open Device Manager Click Open Device Maanger if you want to do further configuration to the CO...

Page 116: ...e situations a default IP address is assigned to the device You can specify the filters used to assign an IP address See Discover the IP address when not on a network 4 Expand a device to display the...

Page 117: ...the web UI for the device and configure the device to use RealPort n Access web UI Click Open to access the web UI for the device n Configure RealPort Click Configure device for Realport and Configure...

Page 118: ...tions 4 In the Services Filters section click the enable button to enable the services that you want to use to find an IP address 5 Click Filters at the bottom of the expanded toolbar to minimize the...

Page 119: ...es displays at the bottom of the Digi Navigator application screen Using the available buttons you can refresh the list and easily access the COM port configuration on your computer Refresh Click Refr...

Page 120: ...es a Enter the user name and password for the Connect EZ in the Username and Password fields b Click Login Filter devices for display in the Digi Navigator You can use the Digi Navigator filters to de...

Page 121: ...to minimize the toolbar and hide the filters Access Digi Remote Manager from the Digi Navigator You can access Digi Remote Manager from the Digi Navigator Within the Remote Manager you can configure...

Page 122: ...nect two private networks together so that devices can connect from one network to the other using secure channels This chapter contains the following topics IPsec 123 OpenVPN 173 Generic Routing Enca...

Page 123: ...modes IPsec can run in two different modes Tunnel and Transport Tunnel The entire IP packet is encrypted and or authenticated and then encapsulated as the payload in a new IP packet Transport Only th...

Page 124: ...key authentication mode provides additional security by using client authentication credentials in addition to the standard pre shared key The Connect EZ device can be configured to authenticate with...

Page 125: ...on See Configure SureLink active recovery for IPsec for information about IPsec active recovery Additional configuration items The following additional configuration settings are not typically configu...

Page 126: ...is renegotiated WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is disp...

Page 127: ...more than one active route matches a destination the route with the lowest metric is used The metric can also be used in tandem with SureLink to configure IPsec failover behavior See Configure IPsec...

Page 128: ...tificate Enrollment Protocol client for instructions i For SCEP Client select the SCEP client n X 509 certificate Uses private key and X 509 certificates to authenticate with the remote peer i For Pri...

Page 129: ...ID_IPV6_ADDR IKE identity For IPv6 ID value type an IPv6 formatted ID This can be a fully qualified domain name or an IPv6 address n RFC822 Email The ID will be interpreted as an RFC822 email address...

Page 130: ...ed domain name or an IPv4 address n IPv6 The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ ADDR IKE identity For IPv6 ID value type an IPv6 formatted ID This can be a fully qualifi...

Page 131: ...t one of the following n Any Matches any protocol n TCP Matches TCP protocol only n UDP Matches UDP protocol only n ICMP Matches ICMP requests only n Other protocol Matches an unlisted protocol If Oth...

Page 132: ...orted by the peer n Never Do not send oversized IKE messages in fragments n Accept Do not send oversized IKE messages in fragments but announce support for fragmentation to the peer The default is Alw...

Page 133: ...clicking next to Add Phase 2 Proposal 22 Optional Click to expand Dead peer detection Dead peer detection is enabled by default Dead peer detection uses periodic IKE transmissions to the remote endpo...

Page 134: ...alse config vpn ipsec tunnel ipsec_example 4 Optional Set the tunnel to use UDP encapsulation even when it does not detect that NAT is being used config vpn ipsec tunnel ipsec_example force_udp_encap...

Page 135: ...more than one active route matches a destination the route with the lowest metric is used The metric can also be used in tandem with SureLink to configure IPsec failover behavior See Configure IPsec...

Page 136: ...es asymmetric pre shared keys to authenticate with the remote peer a Set the local pre shared key This must be the same as the remote key on the remote host config vpn ipsec tunnel ipsec_example auth...

Page 137: ...ipsec tunnel ipsec_example d Set the method for verifying the peer s X 509 certificate config vpn ipsec tunnel ipsec_example auth peer_verify value config vpn ipsec tunnel ipsec_example where value is...

Page 138: ...g the local network interface config vpn ipsec tunnel ipsec_example local type value config vpn ipsec tunnel ipsec_example where value is either n defaultroute Uses the same network interface as the d...

Page 139: ...be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity Set the key ID config vpn ipsec tunnel ipsec_example local id type keyid_id id config vpn ipsec tunnel ipsec_example n mac_address The...

Page 140: ...el ipsec_example n any Any ID will be accepted n ipv4 The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity Set an IPv4 formatted ID This can be a fully qualified doma...

Page 141: ...default the device will initiate the key exchange This must be disabled if remote hostname is set to any To disable config vpn ipsec tunnel ipsec_example ike initiate false config vpn ipsec tunnel ip...

Page 142: ...value config vpn ipsec tunnel ipsec_example where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set phase2_lifetime to ten minutes en...

Page 143: ...determine available Diffie Hellman group types config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 dh_group curve25519 curve448 ecp192 ecp224 config vpn ipsec tunnel ipsec_example ike phase1_p...

Page 144: ...28 aes192 aes256 or null The default is 3des iv Set the type of hash to use during phase 2 to verify communication integrity config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 hash value conf...

Page 145: ...ccurs a Change to the root of the configuration schema config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 config b To disable dead peer detection config vpn ipsec tunnel ipsec_example dpd ena...

Page 146: ...ess The address of a local network interface Set the address i Use the to determine available interfaces ii Set the interface For example config vpn ipsec tunnel ipsec_example policy 0 local address e...

Page 147: ...onfig vpn ipsec tunnel ipsec_example policy 0 local protocol_other int config vpn ipsec tunnel ipsec_example policy 0 Allowed values are an integer between 1 and 255 f Set the IP address and optional...

Page 148: ...b Use the to determine available options config vpn ipsec advanced Advanced Advanced configuration that applies to all IPsec tunnels Parameters Current Value debug none Debug level ike_fragment_size 1...

Page 149: ...ser Guide 149 20 Save the configuration and apply the change config save Configuration saved 21 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Acce...

Page 150: ...ration both tunnels are active simultaneously and there is minimal downtime due to failover l Identify the preferred tunnel during configuration of the backup tunnel In this scenario the backup tunnel...

Page 151: ...0 1 endpoint WebUI 1 Configure the primary IPsec tunnel See Configure an IPsec tunnel for instructions n During configuration of the IPsec tunnel set the metric to a low value for example 10 n Configu...

Page 152: ...ric to a value that is higher than the metric of the primary tunnel for example 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel metric 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel IPsec f...

Page 153: ...p tunnel See Configure IPsec failover for further information Required configuration items n A valid IPsec configuration See Configure an IPsec tunnel for configuration instructions n Enable IPsec act...

Page 154: ...enable to configure the device to restart the interface when its connection is considered to have failed This is useful for interfaces that may regain connectivity after restarting 8 For Reboot devic...

Page 155: ...Down For example if Expected status is set to Down but the alternate interface is determined to be up then this test will fail n Ping test Tests connectivity by sending an ICMP echo request to the hos...

Page 156: ...sec tunnel see Configure an IPsec tunnel n To edit an existing IPsec tunnel change to the IPsec tunnel s node in the configuration schema For example for an IPsec tunnel named ipsec_example change to...

Page 157: ...probe attempts before the WAN is considered to have failed config vpn ipsec tunnel ipsec_example surelink attempts num config vpn ipsec tunnel ipsec_example The default is 3 10 Set the amount of time...

Page 158: ...0 n dns_configured Tests connectivity by sending a DNS query to the DNS servers configured for this interface n http Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL l...

Page 159: ...sec tunnel ipsec_example surelink target 0 The default is 60 seconds l other Allows you to test another interface s status to create a failover or coupled relationship between interfaces config vpn ip...

Page 160: ...menu Type quit to disconnect from the device Show IPsec status and statistics WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the menu select Status IPsec The IPsec page appear...

Page 161: ...ation about viewing the system log WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configura...

Page 162: ...uration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to di...

Page 163: ...me for the SCEP client and click The new SCEP client configuration is displayed 5 Click Enable to enable the SCEP client 6 For Renewable Time type the number of days that the certificate enrollment ca...

Page 164: ...default of cgi bin pkiclient exe unless directed by the CA to use another path 12 For Password type the challenge password as configured on the SCEP server 13 Click to expand Distinguished Name 14 Typ...

Page 165: ...me 7 Set the HTTP URL path required for accessing the certificate authority You should leave this option at the default of cgi bin pkiclient exe unless directed by the CA to use another path config ne...

Page 166: ...determine when to start attempting to auto renew an existing certificate The default is 7 config network scep_client scep_client_name renewable_time integer config network scep_client scep_client_name...

Page 167: ...ord enter a password The password entered here must correspond to the challenge password configured for the SCEP client on the Connect EZ device d The remaining fields can be left at their defaults or...

Page 168: ...of days that the certificate enrollment can be renewed prior to the request expiring This value must match the setting of the Allow renewal x days before the certified is expired option on the Fortine...

Page 169: ...Click to expand Distinguished Name 12 Type the value for each appropriate Distinguished Name attribute The values entered here must correspond to the DN attributes in the Enrollment Request on the For...

Page 170: ...inet_SCEP_client server url https fortinet example com config network scep_client Fortinet_SCEP_client 6 Set the challenge password as configured on the SCEP server This corresponds to the Default enr...

Page 171: ...he Allow renewal x days before the certified is expired option on the Fortinet server config network scep_client Fortinet_SCEP_client renewable_time integer config network scep_client Fortinet_SCEP_cl...

Page 172: ...into the Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2...

Page 173: ...net from the OpenVPN server and other OpenVPN clients OpenVPN clients use Network Address Translation NAT to route traffic from devices connected on its LAN interfaces to the OpenVPN server The manner...

Page 174: ...d uses standard interface configuration for example a standard DHCP server configuration l TAP Device only An alternate form of OpenVPN bridging mode in which the device rather than OpenVPN controls t...

Page 175: ...will provide to clients n The TCP UDP port to use By default the Connect EZ device uses port 1194 n Access control list configuration to restrict access to the OpenVPN server through the firewall n Ad...

Page 176: ...s is not enabled a Select the Authentication type n Certificate only Uses only certificates for client authentication Each client requires a public and private key n Username password only Uses a user...

Page 177: ...interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate...

Page 178: ...ces to the OpenVPN server n TAP OpenVPN managed Also know as bridging mode A more advanced implementation of OpenVPN The Connect EZ device creates an OpenVPN interface and uses standard interface conf...

Page 179: ...rst address in the range limit config vpn openvpn server name server_first_ip value config vpn openvpn server name where value is a number between 1 and 255 The number entered here will represent the...

Page 180: ...er See Configure an OpenVPN Authentication Group and User for instructions n cert_passwd Uses both certificates and a username and password for client authentication Each client requires a public and...

Page 181: ...can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the service type Repeat this step to list ad...

Page 182: ...rue config vpn openvpn server name c Set the additional OpenVPN parameters config vpn openvpn server name extra parameters config vpn openvpn server name 10 Save the configuration and apply the change...

Page 183: ...an OpenVPN authentication group a Click Authentication Groups b For Add Group type a name for the group for example OpenVPN_Group and click The new authentication group configuration is displayed c C...

Page 184: ...a password for the user This password is used for local authentication of the user You can also configure the user to use RADIUS or TACACS authentication by configuring authentication methods See Use...

Page 185: ...ss rights for users of this group config auth group OpenVPN_Group acl openvpn enable true 5 Add an OpenVPN tunnel to which users of this group will have access a Determine available tunnels config aut...

Page 186: ...or the OpenVPN client n The login credentials for the OpenVPN client if configured on the OpenVPN server See Configure SureLink active recovery for OpenVPN for information about OpenVPN active recover...

Page 187: ...PN file paste the content of the client ovpn file 11 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rig...

Page 188: ...n openvpn client name password value config vpn openvpn client name 7 Paste the content of the client ovpn file into the value of the config_file parameter config vpn openvpn client name config_file v...

Page 189: ...ials for the OpenVPN client if configured on the OpenVPN server n Additional OpenVPN parameters See Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery WebUI 1...

Page 190: ...1 For VPN server IP type the IP address of the OpenVPN server 12 Optional Set the VPN port used by the OpenVPN server The default is 1194 13 Paste the contents of the CA certificate usually in a ca cr...

Page 191: ...type config vpn openvpn client name enable false config vpn openvpn client name 4 The default behavior is to use an OVPN file for client configuration To disable this behavior and configure the client...

Page 192: ...nvpn client name 10 Optional Set the port used by the OpenVPN server config vpn openvpn client name port port config vpn openvpn client name The default is 1194 11 Paste the contents of the CA certifi...

Page 193: ...PN client connections to determine if the connection has failed and take remedial action Required configuration items n A valid OpenVPN client configuration See Configure an OpenVPN client by using an...

Page 194: ...electing the OpenVPN client click Active recovery 6 Enable active recovery 7 For Restart interface enable to configure the device to restart the interface when its connection is considered to have fai...

Page 195: ...r a particular IP version l For Expected status select whether the expected status of the alternate interface is Up or Down For example if Expected status is set to Down but the alternate interface is...

Page 196: ...e a new OpenVPN client see Configure an OpenVPN client by using an ovpn file or Configure an OpenVPN client without using an ovpn file n To edit an existing OpenVPN client change to the OpenVPN client...

Page 197: ...lient1 Where value is either one or all 9 Set the number of probe attempts before the WAN is considered to have failed config vpn openvpn client openvpn_client1 surelink attempts num config vpn openvp...

Page 198: ...ied DNS server l Specify the DNS server Allowed value is the IP address of the DNS server config vpn openvpn client openvpn_client1 surelink target 0 dns_server ip_address config vpn openvpn client op...

Page 199: ...nt1 surelink target 0 interface_timeout value config vpn openvpn client openvpn_client1 surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w...

Page 200: ...he alternate interface is determined to be up then this test will fail 12 Save the configuration and apply the change config vpn openvpn client openvpn_client1 connection_monitor target 0 save Configu...

Page 201: ...n server name OpenVPN_server1 Server OpenVPN_server1 Enable true Type tun Zone internal IP Address 192 168 30 1 24 Port 1194 Use File true Metric 0 Protocol udp First IP 80 Last IP 99 4 Type exit to e...

Page 202: ...Status Username Use File Zone OpenVPN_Client1 true connected true internal OpenVPN_Client2 true pending true internal 3 To display details about a specific client show openvpn client name OpenVPN_cli...

Page 203: ...le the GRE tunnel The GRE tunnels are enabled by default l The local endpoint interface l The IP address of the remote device peer Additional configuration items n A GRE key n Enable the device to res...

Page 204: ...network interface gre_interface config network interface gre_interface 4 Set the interface zone to internal config network interface gre_interface zone internal config network interface gre_interface...

Page 205: ...the GRE endpoint on the remote peer 8 Optional For Key enter a key that will be inserted in GRE packets created by this tunnel It must match the key set by the remote endpoint Allowed value is an int...

Page 206: ...nfig vpn iptunnel gre_example 6 Optional Set a key that will be inserted in GRE packets created by this tunnel The key must match the key set by the remote endpoint config vpn iptunnel gre_example key...

Page 207: ...To view information about currently configured GRE tunnels WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the menu click Status IP tunnels The IP Tunnelspage appears 3 To view...

Page 208: ...b Device set to Ethernet Loopback c IPv4 Address set to the IP address of the local GRE tunnel 172 30 0 1 32 3 Create a GRE tunnel named gre_tunnel1 a Local endpoint set to the IPsec endpoint interfa...

Page 209: ...nnel2 c IPv4 Address set to a virtual IP address on the GRE tunnel 172 31 1 1 30 Configuration procedures Configure the Connect EZ 1 device Task one Create an IPsec tunnel WebUI 1 Log into the Connect...

Page 210: ...onnect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the com...

Page 211: ...olicy 0 8 Set the local network address to the IP address and subnet of the local GRE tunnel 172 30 0 1 32 config vpn ipsec tunnel ipsec_gre1 policy 0 local custom 172 30 0 1 32 config vpn ipsec tunne...

Page 212: ...endpoint interface WebUI 1 Click Network Interface 2 For Add Interface type ipsec_endpoint1 and click 3 For Zone select Internal 4 For Device select Ethernet loopback 5 Click to expand IPv4 6 For Add...

Page 213: ...network device loopback config network interface ipsec_endpoint1 device network device loopback config network interface ipsec_endpoint1 5 Set the IPv4 address to the IP address of the local GRE tunn...

Page 214: ...tunnel1 config add vpn iptunnel gre_tunnel1 config vpn iptunnel gre_tunnel1 3 Set the local endpoint to the IPsec endpoint interface created in Task two network interface ipsec_endpoint1 config vpn ip...

Page 215: ...ce WebUI 1 Click Network Interfaces 2 For Add Interface type gre_interface1 and click 3 For Zone select Internal 4 For Device select the GRE tunnel created in Task three IP tunnel gre_tunnel1 5 Click...

Page 216: ..._ tunnel1 config network interface gre_interface1 5 Set 172 31 0 1 30 as the virtual IP address on the GRE tunnel config network interface gre_interface1 ipv4 address 172 31 0 1 30 config network inte...

Page 217: ...ick to expand Remote endpoint 8 For Hostname type public IP address of the Connect EZ 1 device 9 Click to expand Policies 10 For Add Policy click to add a new policy 11 Click to expand Local network 1...

Page 218: ...e config vpn ipsec tunnel ipsec_gre2 remote hostname 192 168 100 1 config vpn ipsec tunnel ipsec_gre2 6 Add a policy config vpn ipsec tunnel ipsec_gre2 add policy end config vpn ipsec tunnel ipsec_gre...

Page 219: ...rface type ipsec_endpoint2 and click 3 For Zone select Internal 4 For Device select Ethernet loopback 5 Click to expand IPv4 6 For Address type the IP address of the local GRE tunnel 172 30 0 2 32 7 C...

Page 220: ...terface ipsec_endpoint2 5 Set the IPv4 address to the IP address of the local GRE tunnel 172 30 0 2 32 config network interface ipsec_endpoint2 ipv4 address 172 30 0 2 32 config network interface ipse...

Page 221: ...ork interface ipsec_endpoint2 config vpn iptunnel gre_tunnel2 local network interface ipsec_ endpoint2 config vpn iptunnel gre_tunnel2 4 Set the remote endpoint to the IP address of the GRE tunnel on...

Page 222: ...ange Command line 1 At the command line type config to enter configuration mode config config 2 Add an interface named gre_interface2 config add network interface gre_interface2 config network interfa...

Page 223: ...L2TP Network Servers LNS Each endpoint terminates the PPP session Required configuration items n For L2TP access concentrators l The hostname or IP address of the L2TP network server l The firewall z...

Page 224: ...IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the IPv4 address or network that can access the device s service type Allowed values are l A single IP a...

Page 225: ...the Metric for the tunnel if other than the default of 1 i Select a firewall Zone for the tunnel This is used by packet filtering rules and access control lists to restrict network traffic on the tun...

Page 226: ...tion Profile PAP to authenticate n If Automatic CHAP or PAP is selected enter the Username and Password required to authenticate n The default is None i Optional Type the Metric for the tunnel if othe...

Page 227: ...ecified IPv6 addresses and networks config add vpn l2tp acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db...

Page 228: ...g add vpn l2tp lac name config add vpn l2tp lac name where name is the name of the LAC For example to add an LAC named lac_tunnel config add vpn l2tp lac lac_tunnel config vpn l2tp lac lac_tunnel LACs...

Page 229: ...the firewall zone for the tunnel This is used by packet filtering rules and access control lists to restrict network traffic on the tunnel i Use the to determine available zones config vpn l2tp lac l...

Page 230: ...o add an LNS named lns_server config add vpn l2tp lns lns_server config vpn l2tp lns lns_server LACs are enabled by default To disable config vpn l2tp lns lns_server enable false config vpn l2tp lns l...

Page 231: ...pn l2tp lns lns_server password password config vpn l2tp lns lns_server The default is none f Optional Set the metric for the tunnel config vpn l2tp lns lns_server metric int config vpn l2tp lns lns_s...

Page 232: ...change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the dev...

Page 233: ...iguration window is displayed 3 Click VPN PPP over L2TP 4 Create a new PPP over L2TP access concatenator or select an existing one n To create a new L2TP access concatenator see Configure a PPP over L...

Page 234: ...e n Test another interface s status Allows you to test another interface s status to create a failover or coupled relationship between interfaces If Test another interface s status is selected l For T...

Page 235: ...configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Acces...

Page 236: ...tp lac lac_tunnel The default is 15 minutes 8 Determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets config vpn l2tp lac lac_tunnel...

Page 237: ...k target 0 n dns Tests connectivity by sending a DNS query to the specified DNS server l Specify the DNS server Allowed value is the IP address of the DNS server config vpn l2tp lac lac_tunnel surelin...

Page 238: ...arget 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interval to ten minutes enter either 10m or 600s config vpn l2tp lac l...

Page 239: ...etween the two endpoints and then an L2TP tunnel with its LNS and LAC configured the same as the IPsec tunnel s endpoints See Configure an IPsec tunnel for information about configuring an IPsec tunne...

Page 240: ...access the Admin CLI 2 To display details about all configured L2TP access connectors type the following at the prompt show l2tp lac Name Enabled Status Device lac_test1 true up test_device0 lac_test2...

Page 241: ...connect from the device L2TPv3 Ethernet Your Connect EZ device supports Layer 2 Tunneling Protocol Version 3 L2TPv3 static unmanaged Ethernet tunnels Configure an L2TPv3 tunnel Your Connect EZ device...

Page 242: ...the source UDP port to be used for the tunnel b For UDP destination port type the number of the destination UDP port to be used for the tunnel c Optional Click to enable UDP checksum to calculate and...

Page 243: ...xample to add a tunnel named L2TPv3_example config add vpn l2tpv3 L2TPv3_example config vpn l2tpeth L2TPv3_example The tunnel is enabled by default To disable config vpn l2tpeth L2TPv3_example enable...

Page 244: ...heck the UDP checksum config vpn l2tpeth L2TPv3_example udp_checksum true config vpn l2tpeth L2TPv3_example 9 Add a session carried by the parent tunnel config vpn l2tpeth L2TPv3_example add session s...

Page 245: ...pn l2tpeth L2TPv3_example session_example where value is one of n none No sequence numbering n send Add a sequence number to each outgoing packet n recv Reorder packets if they are received out of ord...

Page 246: ...led Device Status test session test true le_test_test up 3 To display details about a specific tunnel show l2tpeth name vpn l2tpeth test session test test session test Tunnel Session Status Enabled tr...

Page 247: ...e SSH with key authentication 267 Configure telnet access 269 Configure DNS 273 Simple Network Management Protocol SNMP 280 Location information 286 Modbus gateway 314 System time 331 Network Time Pro...

Page 248: ...rewall configuration for information on zones n See Set the idle timeout for Connect EZ users for information about setting the inactivity timeout for the web administration and SSH services To allow...

Page 249: ...administration service config add service web_admin acl zone end external config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Dependi...

Page 250: ...Services Allow remote access for web administration and SSH Digi Connect EZ Mini User Guide 250 4 For Add Zone click 5 Select External 6 Click Apply to save the configuration and apply the change...

Page 251: ...EZ device by using the WebUI a browser based interface By default the web administration service is enabled and uses the standard HTTPS port 443 The default access control for the service uses the Int...

Page 252: ...Web administration 4 Click Enable 5 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on...

Page 253: ...vice s web administration service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can ac...

Page 254: ...cate paste the certificate and private key If SSL certificate is blank the device will use an automatically generated self signed certificate n The SSL certificate and private key must be in PEM forma...

Page 255: ...ss selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure access control n To limit access to specified IPv4 addresse...

Page 256: ...prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge ext...

Page 257: ...GJ7gHt rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi dRyRi4vr7EkjGDr0Vb NVT0L5w UzcMeT 71DYvKYm6GpcWx LoKqFTjbMFBIze5pbBfru SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK...

Page 258: ...JcRihh3AoGAey0BGi4xLqSJESqZZ58p e71JHg4M46rLlrxi 4FXaop64LCxM8kPpROfasJJu5nlPpYHye959BBQnYcAheZZ 0siGswIauBd8BrZMIWf8JBUIC5EGkMiIyNpLJqPbGEImMUXk4Zane cL7e06U8ft BUtOtMefbBDDxpP E iIiuM END PRIVATE KE...

Page 259: ...enabled by default and normally these settings should not be changed To disable legacy port redirection config service web_admin legacy enable false config 9 Save the configuration and apply the chang...

Page 260: ...ditional configuration items n Port to use for communications with the SSH service n Multicast DNS mDNS support n A private key to use for communications with the SSH service n Create custom SSH confi...

Page 261: ...onfiguration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit...

Page 262: ...EZ device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access...

Page 263: ...admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure access control n To limit access to specified IPv4 addresses and networks config...

Page 264: ...the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet...

Page 265: ...y use the config_file parameter config service ssh custom override true config n If override is set to true entries in Configuration file will be used in place of the standard SSH configuration n If o...

Page 266: ...ure SSH access Digi Connect EZ Mini User Guide 266 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect f...

Page 267: ...the user s ssh directory The private and public keys are named id_rsa and id_rsa pub If you need to generate an SSH key pair you can use the ssh keygen application For example the following entry gene...

Page 268: ...as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config...

Page 269: ...the idle timeout for Connect EZ users for information about setting the inactivity timeout for the telnet service Enable the telnet service The telnet service is disabled by default To enable the ser...

Page 270: ...ation click Device Configuration The Configuration window is displayed 3 Click Services telnet 4 Optional For Port enter the port number for the service Normally this should not be changed 5 Click Acc...

Page 271: ...a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones d Click again to allow access throu...

Page 272: ...list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the Connect EZ device config add service telnet acl interface end value config Where valu...

Page 273: ...ice configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure DNS The Connect EZ device includes a caching DNS server which forwards queries to...

Page 274: ...l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the DNS service d Click again to list additiona...

Page 275: ...ck Rebind protection 8 Optional Allow localhost rebinding is enabled by default if Rebind protection is enabled This is useful for Real time Black List RBL servers 9 Optional To add additional DNS ser...

Page 276: ...ple 2001 db8 48 l any No limit to IPv6 addresses that can access the DNS service Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified i...

Page 277: ...vailable DNS servers Disabling this option may improve performance on networks with transient DNS results when one or more DNS servers may have positive results To disable config service dns query_all...

Page 278: ...9 Optional Add host names and their IP addresses that the device s DNS server will resolve a Add a host config add service dns host end config service dns host 0 b Set the IP address of the host conf...

Page 279: ...selection menu Type admin to access the Admin CLI 2 Use the show dns command at the system prompt show dns Interface Label Server Domain eth1 192 168 3 1 eth1 fd00 2704 1 eth1 fe80 227 4ff fe2b ae12...

Page 280: ...ve SNMP packets you must configure the SNMP access control list to allow the device to receive the packets See Configure Simple Network Management Protocol SNMP Configure Simple Network Management Pro...

Page 281: ...nterface on the Connect EZ device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional inter...

Page 282: ...an be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the SNMP service Repeat this step to list...

Page 283: ...be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external internal ipsec loopback setup config Repeat this step to list additional fi...

Page 284: ...le read only access to to SNMP version 2c config service snmp enable 2c true config 13 Save the configuration and apply the change config save Configuration saved 14 Type exit to exit the Admin CLI De...

Page 285: ...ol SNMP Digi Connect EZ Mini User Guide 285 3 On the main menu click Status Under Services click SNMP Note If you have recently enabled SNMP and the SNMP option is not visible refresh your browser The...

Page 286: ...ither from the Connect EZ device or from external sources to a remote host Additionally the device can be configured to use a geofence to allow you to determine actions that will be taken based on the...

Page 287: ...e any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Location update interval to ten minutes enter 10m or 600s 6 For information about configurin...

Page 288: ...at the Connect EZ device will wait before polling location sources for updated location data config service location interval value config where value is any number of hours minutes or seconds and tak...

Page 289: ...type the altitude of the device Allowed values are an integer followed by m or km for example 100m or 1km 9 The location source is enabled by default Click Enable the location source to disable the l...

Page 290: ...g on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the device to accept location messages from external sources You can...

Page 291: ...ess or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the location server UDP port d Click again to list additional IP a...

Page 292: ...end config service location source 0 4 Optional Set a label for this location source config service location source 0 label label config service location source 0 5 Set the type of location source to...

Page 293: ...ig add service location source 1 acl interface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface inf...

Page 294: ...DP n The destination port on the remote host to which the messages will be forwarded n Message protocol type of the messages being forwarded either NMEA or TAIP Additional configuration items n Additi...

Page 295: ...wn arrow next to the appropriate message type b Click Delete n To add a message type a For Add NMEA filter or Add TAIP filter click b Select the filter type Allowed values are l GGA Reports time posit...

Page 296: ...er and vehicle ID in the prepend message you can enter the following in the Prepend field __ s __ v __ 14 Type a four digit alphanumeric Vehicle ID that will be included with to location messages If n...

Page 297: ...service location forward 0 n Optional If the protocol type is set to nmea configure a Talker ID The talker ID is a two character prefix in the NMEA message that identifies the source type The talker I...

Page 298: ...ward 0 12 Optional Specify types of messages that will be forwarded Allowed values vary depending on the message protocol type By default all message types are forwarded n If the message protocol type...

Page 299: ...horizontal and vertical speed and heading l pv Position velocity reports the latitude longitude and heading To remove a message type a Use the show command to determine the index number of the messag...

Page 300: ...Guide 300 13 Save the configuration and apply the change config save Configuration saved 14 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access...

Page 301: ...etc Complex polygons can be defined n Actions that will be taken when the device s location triggers a geofence event You can define actions for two types of events l Actions taken when the device ent...

Page 302: ...take the format number w d h m s For example to set Update interval to ten minutes enter 10m or 600s 6 For Boundary type select the type of boundary that the geofence will have n If Circular is selec...

Page 303: ...le to configure a square polygon around the Digi headquarters configure a polygon with four points This defines a square shaped polygon equivalent to the following 7 Define actions to be taken when th...

Page 304: ...used to invoke the script interpreter If not then the default shell will be used iii Enable Log script output to log the output of the script to the system log iv Enable Log script errors to log error...

Page 305: ...used to invoke the script interpreter If not then the default shell will be used iii Enable Log script output to log the output of the script to the system log iv Enable Log script errors to log error...

Page 306: ...e update_interval value config service location geofence test_geofence where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set update_...

Page 307: ...service location geofence test_geofence coordinates 0 ii Set the latitude and longitude of the vertex config service location geofence test_geofence coordinates 0 latitude int config service location...

Page 308: ...geofence coordinates add end config service location geofence test_geofence coordinates 1 latitude 44 927220 config service location geofence test_geofence coordinates 1 longitude 93 39589 config serv...

Page 309: ...place prior to performing the actions config service location geofence test_geofence on_entry num_ intervals int config For example if the update interval is 1m one minute and the num_intervals is se...

Page 310: ...onfig service location geofence test_geofence on_entry action 0 syslog_stdout true config service location geofence test_geofence on_entry action 0 iii To log the errors from the script to the system...

Page 311: ...e location geofence test_geofence on_exit bootup true config b Set the number of update_intervals that must take place prior to performing the actions config service location geofence test_geofence on...

Page 312: ...g service location geofence test_geofence on_exit action 0 iii To log the errors from the script to the system log config service location geofence test_geofence on_exit action 0 syslog_stderr true co...

Page 313: ...can view status and statistics about location information from either the WebUI or the command line WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the main menu click Status 3...

Page 314: ...ocation geofence Geofence Status State Transitions Last Transition test_geofence Up Inside 0 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Acces...

Page 315: ...he connection type is serial o The serial port to be used l Modbus address or addresses to determine if messages should be forwarded to a destination device Additional configuration items n Server con...

Page 316: ...he Configuration window is displayed 3 Click Services Modbus Gateway 4 Click Enable to enable the gateway 5 Click Debug to allow verbose logging in the system log Configure gateway servers 1 Click to...

Page 317: ...Inactivity timeout to ten minutes enter 10m or 600s 8 Optional If Connection type is set to Serial click Half duplex to enable half duplex two wire mode 9 Optional If Connection type is set to Socket...

Page 318: ...nts 1 Click to expand Clients 2 For Add Modbus client type a name for the client and click The new Modbus gateway client configuration is displayed 3 The new Modbus gateway client is enabled by defaul...

Page 319: ...list n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the IPv4 address or network that can access the device s web administ...

Page 320: ...ter for incoming messages that contain the Modbus address of 10 type 10 To filter for all messages with addresses in the range of 20 to 30 type 20 30 To add additional address filters for this client...

Page 321: ...access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable the Modbus gateway config service modbus_gateway enable true config 4 Configure servers a Add...

Page 322: ...rtu or raw The default is rtu iv Set the maximum allowable time between bytes in a packet config service modbus_gateway server test_modbus_server socket idle_gap value config service modbus_gateway s...

Page 323: ...st_modbus_server serial packet_mode value config service modbus_gateway server test_modbus_server where value is either rtu or ascii The default is rtu iii Set the maximum allowable time between bytes...

Page 324: ...nection type config service modbus_gateway client test_modbus_client connection_ type type config service modbus_gateway client test_modbus_client where type is either socket or serial The default is...

Page 325: ...t where value is any number of minutes or seconds up to a maximum of 15 minutes and takes the format number m s For example to set inactivity_timeout to ten minutes enter either 10m or 600s config ser...

Page 326: ...et idle_gap to one second enter 1000ms or 1s iv Optional Enable half duplex two wire mode config service modbus_gateway client test_modbus_client serial half_duplex true config service modbus_gateway...

Page 327: ...st_modbus_client filter 1 50 100 config service modbus_gateway client test_modbus_client g If request messages handled by this client should always be forwarded to a specific device use fixed_server_a...

Page 328: ...isconnect from the device Show Modbus gateway status and statistics You can view status and statistics about location information from either the WebUI or the command line WebUI 1 Log into the Connect...

Page 329: ...layed this indicates that there are no connected clients 3 Use the show modbus gateway verbose command at the system prompt to display more information show modbus gateway verbose Client Uptime modbus...

Page 330: ...t_21 Address Translation Errors 0 Connection Errors 0 Packet Errors 0 RX Responses 4 RX Timeouts 0 TX Broadcasts 0 TX Requests 4 modbus_serial_client Address Translation Errors 0 Connection Errors 0 P...

Page 331: ...evice can also be configured to serve as an NTP server providing NTP services to downstream devices See Network Time Protocol for more information about NTP server support You can also set the local d...

Page 332: ...ronized with the list of servers included with NTP server configuration and changes made to one will be reflected in the other See Configure the device as an NTP server for more information about NTP...

Page 333: ...er end time server com config n To add the NTP server in another location in the list use an index value to indicate the appropriate position For example config add service ntp server 1 time server co...

Page 334: ...min CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Manually synchronize with the NTP server The following procedu...

Page 335: ...ize with the device When the device is configured as an NTP server it also functions as an NTP client The NTP client will be consistently synchronized with one or more upstream NTP servers which means...

Page 336: ...d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address...

Page 337: ...ize its time d Click to add additional NTP servers If multiple servers are included servers are tried in the order listed until one succeeds Note This list is synchronized with the list of servers inc...

Page 338: ...add service ntp server 1 time server com config Note This list is synchronized with the list of servers included with NTP client configuration and changes made to one will be reflected in the other S...

Page 339: ...list additional interfaces n To limit access based on firewall zones config add service ntp acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list o...

Page 340: ...nfig save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show s...

Page 341: ...smit data to a single multicast address which is then distributed to a group of devices that are configured to be members of that group To configure a multicast route WebUI 1 Log into the Connect EZ W...

Page 342: ...d test config add service multicast test config service multicast test 4 The multicast route is enabled by default If it has been disabled enable the route config service multicast test enable true co...

Page 343: ...rface eth1 config service multicast test c Repeat for each additional destination interface 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin...

Page 344: ...S service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the mDNS service d...

Page 345: ...At the command line type config to enter configuration mode config config 3 Enable the mDNS service config service mdns enable true config 4 Configure access control n To limit access to specified IP...

Page 346: ...g add service mdns acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config...

Page 347: ...dictable results As a result Digi recommends using an iPerf client at version 3 or newer to connect to the Connect EZ device s iPerf3 server Required configuration items n Enable the iPerf server on t...

Page 348: ...single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the iperf service d Click again to list additional...

Page 349: ...he command line type config to enter configuration mode config config 3 Enable the iPerf server config service iperf enable true config 4 Optional Set the port number for the iPerf server listening po...

Page 350: ...fined on your device Display a list of available interfaces Use network interface to display interface information Repeat this step to list additional interfaces n To limit access based on firewall zo...

Page 351: ...Mbits sec 29 1 39 MBytes 4 2 00 3 00 sec 29 8 MBytes 250 Mbits sec 0 1 46 MBytes 4 3 00 4 00 sec 31 2 MBytes 262 Mbits sec 0 1 52 MBytes 4 4 00 5 00 sec 32 1 MBytes 269 Mbits sec 0 1 56 MBytes 4 5 00...

Page 352: ...limit to IPv4 addresses that can access the ping responder d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses...

Page 353: ...201 config service iperf port port_number config 5 Optional Set the access control list to restrict access to the iPerf server n To limit access to specified IPv4 addresses and networks config add ser...

Page 354: ...e end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A lis...

Page 355: ...Mbits sec 8 2 68 MBytes 4 1 00 2 00 sec 28 4 MBytes 238 Mbits sec 29 1 39 MBytes 4 2 00 3 00 sec 29 8 MBytes 250 Mbits sec 0 1 46 MBytes 4 3 00 4 00 sec 31 2 MBytes 262 Mbits sec 0 1 52 MBytes 4 4 00...

Page 356: ...ervals or at a specified time This chapter contains the following topics Configure scripts to run automatically 357 Configure scripts to run manually 363 Start a manual script 368 Stop a script that i...

Page 357: ...l At a specified time l At a specified interval l During system maintenance Additional configuration items n A label used to identify the script n The action to take if the script finishes The actions...

Page 358: ...al local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file...

Page 359: ...lick The script configuration window is displayed Custom scripts are enabled by default To disable click Enable to toggle off 5 Optional For Label provide a label for the script 6 For Run mode select...

Page 360: ...to bin sh 8 Script logging options a Click to enable Log script output to log the script s output to the system log b Click to enable Log script errors to log script errors to the system log If neith...

Page 361: ...of the following n boot The script will run once each time the device boots l If boot is selected set the action that will be taken when the script completes config system schedule script 0 exit_actio...

Page 362: ...any related command line information If the script begins with then the script will be invoked in the location specified by the path for the script command Otherwise the default shell will be used eq...

Page 363: ...12 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure scripts to run manually...

Page 364: ...ce configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line use the scp command to upload the Python application script to the Connect...

Page 365: ...ect from the device Note You can also create scripts by using the vi command when logged in with shell access Task two Configure the application to run automatically Note This feature does not provide...

Page 366: ...pt and its subprocesses using the format number b bytes KB k MB MB M GB G TB T 10 Sandbox is enabled by default which restricts access to the file system and available commands that can be used by the...

Page 367: ...oked in the location specified by the path for the script command Otherwise the default shell will be used equivalent to bin sh 7 Script logging options n To log the script s output to the system log...

Page 368: ...epending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Start a manual script You can start a script that is enabled and config...

Page 369: ...your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Stop a script that is currently running You can stop a script that is currently ru...

Page 370: ...cript stop script1 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an A...

Page 371: ...disconnect from the device Run a Python application at the shell prompt Python applications can be run from a file at the shell prompt The Python application will run until it completes displaying ou...

Page 372: ...te host that will be copied to the Connect EZ device n local path is the location on the Connect EZ device where the copied file will be placed For example To upload a script from a remote host with a...

Page 373: ...into the Connect EZ command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the sh...

Page 374: ...llowing topics Use digidevice cli to execute CLI commands 375 Use digidevice datapoint to upload custom datapoints to Digi Remote Manager 376 Use digidevice config for device configuration 379 Use Pyt...

Page 375: ...Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the cli submodule from digidevice import cli 4 Execute a CLI command u...

Page 376: ...linux Type help copyright credits or license for more information 3 Import the cli submodule from digidevice import cli 4 Use the help command with cli execute help cli execute Help on function execut...

Page 377: ...Type help copyright credits or license for more information 3 Import the datapoint submodule and other necessary modules from digidevice import datapoint import time 4 Upload the datapoints to Remote...

Page 378: ...nformation on web services and datapoints Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help fo...

Page 379: ...ce configuration Read the device configuration 1 Log into the Connect EZ command line as a user with shell access Depending on your device configuration you may be presented with an Access selection m...

Page 380: ...address Which returns 192 168 2 1 24 Modify the device configuration Use the set and commit methods to modify the device configuration 1 Log into the Connect EZ command line as a user with shell acce...

Page 381: ...device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyri...

Page 382: ...se for more information 3 Import the device_request module from digidevice import device_request 4 Create a function to handle the request from Remote Manager def handler target request print received...

Page 383: ...vice_request register function in the Python script In this example the two are the same 4 Click Send Once that the request has been sent to the device the handler on the device is executed n On the d...

Page 384: ...uests while True time sleep 10 2 Upload the showsystem py application to the etc config scripts directory on two or more Digi devices In this example we will upload it to two devices and use the same...

Page 385: ...wsystem py ix Click Apply to save the configuration and apply the change Command line i Log into the Connect EZ command line as a user with full Admin access rights Depending on your device configurat...

Page 386: ...he application config system schedule script 0 commands python etc config scripts showsystem py config system schedule script 0 viii Save the configuration and apply the change config save Configurati...

Page 387: ...F A83CF6A3 device id 00000000 00000000 0000FFFF 485740BC targets requests device_request target_name myTarget my payload string device_request requests data_service sci_request 7 For the device_reques...

Page 388: ...evice id 00000000 00000000 0000FFFF 485740BC requests device_request target_name showSystem status 0 Model Digi Connect EZ Serial Number Connect EZ 000023 Hostname Connect EZ MAC 00 40 D0 26 79 1C Har...

Page 389: ...linux Type help copyright credits or license for more information 3 Import the device_request submodule from digidevice import device_request 4 Use the help command with device_request help device_req...

Page 390: ...python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information...

Page 391: ...be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3...

Page 392: ...thon session You can also exit the session using exit or quit Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi...

Page 393: ...n you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python...

Page 394: ...to access the device location data The location submodule enables access to the location data for the Connect EZ device The module takes a snapshot of location data stored in the runt database The lo...

Page 395: ...e object to return the longitude loc longitude 93 397084499999999 n Use the altitude object to return the altitude in meters loc altitude 292 39999399999999 7 Use Ctrl D to exit the Python session You...

Page 396: ...ent location and stores it in the runtime database You can update this snapsot 1 Log into the Connect EZ command line as a user with shell access Depending on your device configuration you may be pres...

Page 397: ...urce_idx 0 num_satellites 12 source_idx 0 quality Standard GNSS 2D 3D source_idx 0 utc_date_time Mar 03 2022 10 16 23 source_idx 0 vertical_velocity 0 0 source_idx 1 label gnss source_idx 1 quality No...

Page 398: ...state of a device When the module sets the device to out of service this can be used as trigger to begin maintenance activity See Schedule system maintenance tasks for more details 1 Log into the Conn...

Page 399: ...nance module 1 Log into the Connect EZ command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the devic...

Page 400: ...ity to schedule SMS scripting Enable the ability to schedule SMS scripting WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration...

Page 401: ...Example digidevice sms code The following example code receives an SMS message and sends a response usr bin python3 6 import os import threading import sys from digidevice sms import Callback send CON...

Page 402: ...o the Connect EZ command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 Determine th...

Page 403: ...cs from runt Reporting DHCP clients Firmware update feature simple implementation read TODO in cmd_fwupdate import sys import time import paho mqtt client as mqtt import json from acl import runt conf...

Page 404: ...ef send_cmd_reply client cmd_path cid cmd status if not status or not cid return if cmd_path startswith PREFIX_CMD path cmd_path len PREFIX_CMD else print Invalid command path cannot send reply format...

Page 405: ...TED send_cmd_reply client msg topic cid cmd status def publish_dhcp_leases leases try with open etc config dhcp leases r as f for line in f elems line split if len elems 5 continue leases append mac e...

Page 406: ...tem serial PREFIX router serial PREFIX_EVENT event PREFIX PREFIX_CMD cmd PREFIX PREFIX_RSP rsp PREFIX client mqtt Client client on_connect on_connect client on_message on_message try client connect 19...

Page 407: ...ication groups 415 Local users 424 Terminal Access Controller Access Control System Plus TACACS 437 Remote Authentication Dial In User Service RADIUS 444 LDAP 449 Configure serial authentication 457 D...

Page 408: ...permissions for a group You can modify the released groups and create additional groups as needed for your site A user can be assigned to more than one group n admin Provides the logged in user with...

Page 409: ...hentication Dial In User Service RADIUS for information about configuring RADIUS authentication n TACACS Users authenticated by using a remote TACACS server for authentication See Terminal Access Cont...

Page 410: ...onfiguration The Configuration window is displayed 3 Click Authentication Methods 4 For Add Method click 5 Select the appropriate authentication type for the new method from the Method drop down Note...

Page 411: ...g on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI b At the command line type config to enter configuration mode config config c Use t...

Page 412: ...cess selection menu Type quit to disconnect from the device Delete an authentication method WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu click System Und...

Page 413: ...tication method as displayed by the example show command above config del auth method 2 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI...

Page 414: ...n the Method drop down select Local users 7 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depen...

Page 415: ...Admin CLI n Shell access Users with Shell access have the ability to access the shell when logging into the Connect EZ via ssh telnet or the serial console Shell access is not available if the Allow...

Page 416: ...erial to expand its configuration node 5 Click the box next to the following options as appropriate to enable or disable access rights for each n Admin access For groups assigned Admin access you can...

Page 417: ...cess the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable or disable access rights for the group For example n Admin access l To set the access level for...

Page 418: ...config auth group admin acl serial enable true config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configur...

Page 419: ...ssigned Admin access you can also determine whether the Access level should be Full access or Read only access where value is either l Full access full provides users of this group with the ability to...

Page 420: ...ext to Bluetooth scanner access 10 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on y...

Page 421: ...fig 5 Optional Configure captive portal access a Return to the config prompt by typing three periods config auth group test config b Enable captive portal access rights for users of this group config...

Page 422: ...ion menu Type quit to disconnect from the device Delete an authentication group By default the Connect EZ device has two preconfigured authentication groups admin and serial These groups cannot be del...

Page 423: ...s selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth group groupname 4 Save the c...

Page 424: ...ord for the device and is the most critical security feature for the device If you reset the device to factory defaults you must log in using the default user and password and you should immediately c...

Page 425: ...least one uppercase letter one lowercase letter one number and one special character For the admin user the password field can be left blank n If the password field for the admin user is left blank th...

Page 426: ...User authentication Local users Digi Connect EZ Mini User Guide 426 6 Click Apply to save the configuration and apply the change...

Page 427: ...nfiguration you may be presented with an Access selection menu Type quit to disconnect from the device Configure a local user Required configuration items n A username n A password The password must b...

Page 428: ...security key l Whether to allow passcode reuse time based verification only l The passcode refresh interval time based verification only l The valid code window size l The login limit l The login limi...

Page 429: ...me that the user is locked out after the number of unsuccessful login attempts defined in Lockout tries Allowed values are any number of minutes or seconds and take the format number m s For example t...

Page 430: ...val to ten minutes enter 10m or 600s g In Valid code window size type the allowed number of concurrently valid codes In cases where TOTP is being used increasing the Valid code window size may be nece...

Page 431: ...ows the user to log in using a name that contains special characters For security purposes if two users have the same alias the alias will be disabled config auth user new_user username username_alias...

Page 432: ...min config auth user new_user Note Every user must be configured with at least one group b Optional Add additional groups by repeating the add group command config auth user new_user add group end ser...

Page 433: ...rd HOTP uses a counter to validate a one time password The default value is totp config auth user new_user 2fa type totp config auth user new_user 2fa d Add a secret key config auth user new_user 2fa...

Page 434: ...at the user is allowed to attempt to log in config auth user new_user 2fa login_limit_period value config auth user new_user 2fa where value is any number of weeks days hours minutes or seconds and ta...

Page 435: ...evice Delete a local user To delete a user from your Connect EZ WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Devic...

Page 436: ...cess selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth user username 4 Save the...

Page 437: ...tials and connection parameters to a TACACS server over TCP The TACACS server then authenticates the TACACS client requests and sends back a response message to the device When you are using TACACS au...

Page 438: ...e sudo gedit etc tacacs tac_plus conf 2 Add users to the file using the following format This example will create two users one with admin and serial access and one with only serial access user user1...

Page 439: ...ilable or if the user is not defined on the TACACS server then you should list the TACACS authentication method prior to the Local users authentication method See User authentication methods for more...

Page 440: ...the key parameter of the TACACS server s tac_plus conf file for example key testing123 e Optional Click again to add additional TACACS servers 5 Optional Enable Authoritative to prevent other authent...

Page 441: ...in the order they are listed until the first successful authentication result is returned See Rearrange the position of authentication methods for information about rearranging the position of the met...

Page 442: ...d TACACS server will be used for command authorization config auth tacacs command_authorization true config 7 Optional Enable command accounting which instructs the device to communicate with the TACA...

Page 443: ...User Guide 443 config add auth method end tacacs config 10 Save the configuration and apply the change config save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device conf...

Page 444: ...ADIUS server over UDP The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device When you are using RADIUS authentication you can have both local u...

Page 445: ...ernatively if the user is also configured as a local user on the Connect EZ device and the RADIUS server authenticates the user but does not return any groups the local configuration determines the li...

Page 446: ...es how to configure a Connect EZ device to use a RADIUS server for authentication and authorization Required configuration items n Define the RADIUS server IP address or domain name n Define the RADIU...

Page 447: ...The default value is 3 f Optional Click again to add additional RADIUS servers 5 Optional Enable Authoritative to prevent other authentication methods from being used if RADIUS authentication fails O...

Page 448: ...Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Optional Prevent other authentication methods from being used if RADIUS authentication...

Page 449: ...bout adding methods to the beginning or middle of the list config add auth method end radius config 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit th...

Page 450: ...igi Connect EZ Mini User Guide 450 This section contains the following topics LDAP user configuration 451 LDAP server failover and fallback to local configuration 452 Configure your Connect EZ device...

Page 451: ...using the following format dn uid john dc example dc com objectClass inetOrgPerson cn John Smith sn Smith uid john userPassword password ou admin serial n The value of uid and userPassword must corre...

Page 452: ...P server then you should list the LDAP authentication method prior to the Local users authentication method See User authentication methods for more information about authentication methods If the LDA...

Page 453: ...only be used if the LDAP server is unavailable 6 For TLS connection select the type of TLS connection used by the server n Disable TLS Uses a non secure TCP connection on the LDAP standard port 389 n...

Page 454: ...ser has access to See LDAP user configuration for further information about the group attribute 13 For Timeout type or select the amount of time in seconds to wait for the LDAP server to respond Allow...

Page 455: ...ls configure whether to verify the server certificate config auth ldap verify_server_cert value config where value is either n true Verifies the server certificate with a known Certificate Authority n...

Page 456: ...e the amount of time in seconds to wait for the LDAP server to respond config auth ldap timeout value config where value is any integer from 3 to 60 The default value is 3 12 Add an LDAP server a Add...

Page 457: ...ate and private key in PEM format If empty the certificate for the web administration service is used See Configure the web administration service for more information 5 For Peer authentication select...

Page 458: ...remote peer config auth serial verify value config where value is either n ca Uses certificate authorities CAs to verify n peer Uses the remote peer s public certificate to verify 5 By default peers...

Page 459: ...prevent access to the Admin CLI Note If shell access is disabled re enabling it will erase the device s configuration and perform a factory reset WebUI 1 Log into the Connect EZ WebUI as a user with...

Page 460: ...pending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Set the idle timeout for Connect EZ users To configure the amount of tim...

Page 461: ...he command line type config to enter configuration mode config config 3 At the config prompt type config auth idle_timeout value where value is any number of weeks days hours minutes or seconds and ta...

Page 462: ...System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users 4 In Add User enter a name for the user and click The user configuration windo...

Page 463: ...t EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command...

Page 464: ...may be presented with an Access selection menu Type quit to disconnect from the device Example 2 RADIUS TACACS and local authentication for one user Goal To create a user with administrator rights who...

Page 465: ...FTP Group Names parameter c Save and close the users file 2 Configure a user on the TACACS server a On the ubuntu machine hosting the TACACS server open the etc tacacs tac_plus conf file sudo gedit e...

Page 466: ...method d For the new method select TACACS e Click to add another new method f For the new method select Local users 6 Create the local user a Click Authentication Users b In Add User type admin1 and...

Page 467: ...a RADIUS user to the users file admin1 Cleartext Password password1 Unix FTP Group Names admin In this example n The user s username is admin1 n The user s password is password1 n The authentication g...

Page 468: ...ication methods a Determine the current authentication method configuration config show auth method 0 local config This output indicates that on this example system only local authentication is config...

Page 469: ...r admin1 b Assign a password to the user config auth user adminuser password password1 config auth user adminuser c Assign the user to the admin group config auth user adminuser add group end admin co...

Page 470: ...er contains the following topics Firewall configuration 471 Port forwarding rules 475 Packet filtering 482 Configure custom firewall rules 489 Configure Quality of Service options 491 Digi Connect EZ...

Page 471: ...sed for interfaces involved in the initial setup of the device By default the firewall will only allow this zone to access administration services l IPsec The default zone for IPsec tunnels l Dynamic...

Page 472: ...interfaces to use a zone Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selectio...

Page 473: ...lected during interface configuration This example procedure uses an existing network interface named ETH2 and changes the firewall zone from the default zone Internal to External WebUI 1 Log into the...

Page 474: ...nect from the device Delete a custom firewall zone You cannot delete preconfigured firewall zones To delete a custom firewall zone WebUI 1 Log into the Connect EZ WebUI as a user with full Admin acces...

Page 475: ...users on a public network from accessing servers on the private network To allow a computer on the Internet to connect to a specific server on a private network set up one or more port forwarding rul...

Page 476: ...by default To disable click to toggle off Enable 5 Optional Type a Label that will be used to identify the rule 6 For Interface select the network interface for the rule Network connections will only...

Page 477: ...ting a Click Zones b For Add zone click c For Zone select the appropriate zone d Repeat for each additional zone 13 Click Apply to save the configuration and apply the change Command line 1 Log into t...

Page 478: ...tcpudp or upd The default is tcp 8 Set the IP address of the server to which traffic should be forwarded n For IPv4 addresses config firewall dnat 0 to_address ip address config firewall dnat 0 n For...

Page 479: ...eat for each appropriate zone To view a list of available zones config firewall dnat 0 acl zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and acces...

Page 480: ...y to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented...

Page 481: ...ess6 c097 4533 bd63 bb12 9a6f 5569 4b53 c29a to_port 10003 config 4 To delete the rule use the index number with the del command For example config del firewall dnat 1 5 Save the configuration and app...

Page 482: ...red configuration items n The action that the packet filtering rule will perform either Accept Reject or Drop n The source firewall zone Packets originating from interfaces on this zone will be monito...

Page 483: ...hing network connections and does not send a reply 6 Select the IP version 7 Select the Protocol 8 For Source zone select the firewall zone that will be monitored by this rule for incoming connections...

Page 484: ...p dst_zone internal enable true ip_version any label myfilter protocol any src_zone external config b Select the appropriate rule by using its index number config firewall filter 1 config firewall fil...

Page 485: ...ne my_zone config firewall filter 1 6 Set the destination firewall zone Packets destined for network interfaces that are members of this zone will either be accepted rejected or dropped by this rule S...

Page 486: ...menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Packet filtering 4 Click the appropriate packet filtering rule 5 Click Enable t...

Page 487: ...config 4 To enable a packet filtering rule use the index number with the enable true command For example config firewall filter 1 enable true 5 To disable a packet filtering rule use the index number...

Page 488: ...change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin...

Page 489: ...t of a script of shell commands that can be used to install firewall rules ipsets and other system configuration These commands are run whenever system configuration changes occur that might cause cha...

Page 490: ...Firewall Configure custom firewall rules Digi Connect EZ Mini User Guide 490 7 Click Apply to save the configuration and apply the change...

Page 491: ...your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure Quality of Service options Quality of Service QoS options allow you to ma...

Page 492: ...ate for your network 8 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your device c...

Page 493: ...tion saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Create a new binding WebU...

Page 494: ...able click Enable c Optional Type a Label for the binding policy d For Weight type a value for the amount of available bandwidth allocated to the policy relative to other policies for this binding The...

Page 495: ...y as a destination traffic matching criteria viii Click to expand Source address and select the Type n Any Source traffic from any address will be matched n Interface Only traffic from the selected In...

Page 496: ...6 address Only traffic destined for the IP address typed in IPv6 address will be matched Use the format IPv6_address prefix_length or use any to match any IPv6 address Repeat to add a new rule Up to 3...

Page 497: ...l my_binding config firewall qos 2 5 Set the interface to queue egress packets on The binding will only match traffic that is being sent out on this interface a Use the to determine available interfac...

Page 498: ...bandwidth config firewall qos 2 policy 0 weight int config firewall qos 2 policy 0 where int is any integer between 1 and 65535 The default is 10 e Set the maximum delay before the transmission of pa...

Page 499: ...qos 2 policy 0 rule 0 protocol value config firewall qos 2 policy 0 rule 0 where value is one of tcp udp or any vi Set the source port to define a source traffic matching criteria config firewall qos...

Page 500: ...0 where value uses the format IPv6_address prefix_length or any to match any IPv6 address n mac Only traffic from the MAC address typed in MAC address will be matched Set the MAC address to be matched...

Page 501: ...ll be matched Set the address that will be matched config network qos 2 policy 0 rule 0 src address6 value config network qos 2 policy 0 rule 0 where value uses the format IPv6_address prefix_length o...

Page 502: ...m firmware 506 Reboot your Connect EZ device 511 Erase device configuration and reset to factory defaults 514 Locate the device by using the Find Me feature 518 Configuration files 520 Schedule system...

Page 503: ...on use the show system command n Show basic system information 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Ac...

Page 504: ...9 85 Alt Firmware Build Date Thurs 03 March 2022 10 16 23 Bootloader Version 19 7 23 0 15f936e0ed Schema Version 715 Timezone UTC Current Time Thurs 03 March 2022 10 16 23 0000 CPU 1 4 Uptime 6 days...

Page 505: ...s and at the command prompt 5 For Contact type the name of a contact for the device 6 For Location type the location of the device 7 For Banner type a banner message that will be displayed when users...

Page 506: ...The Connect EZ operating system firmware images consist of a single file with the following naming convention platform version bin For example Connect EZ 22 2 9 85 bin Manage firmware updates using Di...

Page 507: ...he Digi firmware server WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the main menu click System Under Administration click Firmware Update 3 Click Download from server 4 For...

Page 508: ...ash authentication successful netflash vendor and product names are verified netflash programming FLASH device dev flash image1 41408K 100 Firmware update completed reboot device b Reboot the device r...

Page 509: ...nnect EZ operating system firmware from the Digi Support FTP site to your local machine 2 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you ma...

Page 510: ...fig Connect EZ 22 2 9 85 bin length 37511229 netflash authentication successful netflash programming FLASH device dev flash image 36633K 100 Firmware update completed reboot device 6 Reboot the device...

Page 511: ...on of the firmware As a result of this behavior you can use the following procedure to guarantee that the same firmware is stored in both memory banks WebUI 1 Log into the Connect EZ WebUI as a user w...

Page 512: ...ne 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At...

Page 513: ...ng on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Set...

Page 514: ...scripts n Clears event and system log files Additionally if the RESET button is used to erase the configuration pressing the RESET button a second time immediately after the device has rebooted n Eras...

Page 515: ...d for the admin user for further information Command line 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access...

Page 516: ...ort to your PC b Log into the Connect EZ User name Use the default user name admin Password Use the unique password printed on the bottom label of the device or the printed label included in the packa...

Page 517: ...to the original factory defaults Note To clear the custom default configuration press the RESET button wait for the device to reboot then press the RESET button again Required configuration items n Cu...

Page 518: ...le system Command line 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access...

Page 519: ...ature click System and click Find Me again A notification message appears noting that the LED is no longer flashing on the device Click the x in the message to close it Command line 1 Log into the Con...

Page 520: ...s which also applies the changes If you do not save configuration changes the system discards the changes WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu cl...

Page 521: ...keys and other information 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the main menu click System Under Configuration click Configuration Maintenance The Configuration Maintenance...

Page 522: ...me or ip user username remote remote path local local path to remote where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n rem...

Page 523: ...nted with an Access selection menu Type admin to access the Admin CLI 2 If the configuration backup is on a remote host use scp to copy the file from the host to your device scp host hostname or ip us...

Page 524: ...ename of the configuration backup file on the Connect EZ s filesystem local path in the previous step n passphrase optional is the passphrase to restore the configuration backup if a passphrase was us...

Page 525: ...s that trigger the maintenance window to begin n Whether all configured triggers or only one of the triggers must be met n The tasks to be performed Options are l Firmware updates l Digi Remote Manage...

Page 526: ...ow will begin at the beginning of the specified hour c For Duration window select the amount of time that the maintenance tasks will be run If Immediately is selected all scheduled tasks will begin at...

Page 527: ...o access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure a system maintenance trigger a Add a trigger config add system schedule maintenance trigg...

Page 528: ...tasks will run at a random time during the time allotted for the duration window l If the duration length is set to one or more hours the minutes field in the start time is ignored and the duration w...

Page 529: ...ance frequency value config where value is either daily weekly or monthly daily is the default 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Adm...

Page 530: ...ser with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Disable encryption with the following command syste...

Page 531: ...e relevant network connection on the Windows PC b Click the Internet Protocol Version 4 TCP IPv4 parameter c Click Properties The Internet Protocol Version 4 TCP IPv4 Properties dialog appears d Confi...

Page 532: ...EZ device at the IP address of 192 168 210 1 4 Log into the device n Username admin n Password The default unique password for your device is printed on the device label 5 At the shell prompt type rm...

Page 533: ...mmand line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line ty...

Page 534: ...the speed of your Ethernet port Digi Connect EZ Mini User Guide 534 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type qui...

Page 535: ...Monitoring This chapter contains the following topics intelliFlow 536 Configure NetFlow Probe 543 Digi Connect EZ Mini User Guide 535...

Page 536: ...at any point you can click inside the chart to drill down to view more granular information and menu options allow you to change various aspects of the information being displayed Note When intelliFl...

Page 537: ...nu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable IntelliFlow config monitoring intelliflow enable true 4 Set the firewall zone...

Page 538: ...t the zone to be used by IntelliFlow config monitoring intelliflow zone my_zone 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Dependin...

Page 539: ...Log into the Connect EZ WebUI as a user with Admin access 2 If you have not already done so enable intelliFlow See Enable intelliFlow 3 From the menu click Status intelliFlow The System Utilisation c...

Page 540: ...n 2 Select the time period to be displayed n Save or print the chart 1 Click the menu icon 2 To save the chart to your local filesystem select Export to PNG 3 To print the chart select Print chart Use...

Page 541: ...display the Top Data Usage by Server chart click Top Data Usage by Server n To display the Top Data Usage by Service chart click Top Data Usage by Service 5 Change the type of chart that is used to di...

Page 542: ...art Use intelliFlow to display data usage by host over time To generate a chart displaying a host s data usage over time WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 If you have...

Page 543: ...rs Required configuration items n Enable NetFlow n The IP address of a NetFlow collector Additional configuration items n The NetFlow version n Enable flow sampling and select the flow sampling techni...

Page 544: ...is used Each flow is accounted n Deterministic Selects every nth flow where n is the value of Flow sampler population n Random Randomly selects one out of every n flows where n is the value of Flow s...

Page 545: ...ration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable NetFlow config monitor...

Page 546: ...ve before sent to a collector config monitoring netflow inactive_timeout value config where value is any is any number between 1 and 15 The default is 15 7 Set the number of seconds that a flow can be...

Page 547: ...s a collector config monitoring netflow collector 0 Repeat to add additional collectors 10 Save the configuration and apply the change config monitoring netflow collector 0 save Configuration saved 11...

Page 548: ...evice health data and set the sample interval 555 Enable event log upload to Digi Remote Manager 558 Log into Digi Remote Manager 559 Use Digi Remote Manager to view and manage your device 561 Add a d...

Page 549: ...fault URL was my devicecloud com n If your Digi device is configured to use a non default URL to connect to Remote Manager updating the firmware will not change your configuration However if you erase...

Page 550: ...Guide 550 n SMS support n HTTP proxy server support To configure Digi Remote Manager WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu click System Under Conf...

Page 551: ...ptional For Management port type the destination port for the remote cloud services connection The default is 3199 7 Optional For Retry interval type the amount of time that the Connect EZ device shou...

Page 552: ...hours minutes or seconds and take the format number h m s For example to set Reboot Timeout to ten minutes enter 10m or 600s The minimum value is 30 minutes and the maximum is 48 hours If not set this...

Page 553: ...oud com config cloud drm drm_url url config 6 Optional Set the amount of time that the Connect EZ device should wait before reattempting to connect to the remote cloud services after being disconnecte...

Page 554: ...at number h m s For example to set restart_timeout to ten minutes enter either 10m or 600s config cloud drm restart_timeout 600s config The minimum value is 30 minutes and the maximum is 48 hours If n...

Page 555: ...oxy host hostname config c Optional Set the port number on the proxy server that the device should connect to The default is 2138 config cloud drm proxy port integer config 13 Save the configuration a...

Page 556: ...igure what data are uploaded to the Digi Remote Manager All options are enabled by default 5 Only report changed values to Digi Remote Manager is enabled by default When enabled n The device only repo...

Page 557: ...sample data 5 By default the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded This is useful to reduce the bandwidth used to rep...

Page 558: ...8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Enable event log upload to Digi Remo...

Page 559: ...e config config 3 Device health data upload is enabled by default To enable or disable n To enable config monitoring events enable true config n To disable config monitoring events enable false config...

Page 560: ...nnect EZ Mini User Guide 560 1 If you have not already done so click here to sign up for a Digi Remote Manager account 2 Check your email for Digi Remote Manager login instructions 3 Go to remotemanag...

Page 561: ...evice To view and manage your device 1 If you have not already done so connect to your Digi Remote Manager account 2 Click Device Management to display a list of your devices 3 Use the Search bar to l...

Page 562: ...r account and it appears in the Device Management view View Digi Remote Manager connection status To view the current Digi Remote Manager configuration WebUI 1 Log into the Connect EZ WebUI as a user...

Page 563: ...nect EZ routers Typically if you want to provision multiple Connect EZ routers 1 Using the Connect EZ local WebUI configure one Connect EZ router to use as the model configuration for all subsequent C...

Page 564: ...Z local file system 565 Display directory contents 565 Create a directory 566 Display file contents 567 Copy a file or directory 567 Move or rename a file or directory 568 Delete a file or directory 5...

Page 565: ...ut are deleted if a factory reset of the system is performed See Erase device configuration and reset to factory defaults for more information Display directory contents To display directory contents...

Page 566: ...cifying the name of the directory For example 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection me...

Page 567: ...4J0XT Rgr6ewr1yerHtXQdbafsatGswKg0YUm schema version 461 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to discon...

Page 568: ...cripts to final py 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the...

Page 569: ...test py in etc config scripts 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin t...

Page 570: ...by using the WebUI or from the command line by using the scp Secure Copy command or by using a utility such as SSH File Transfer Protocol SFTP or an SFTP application like FileZilla Upload and downloa...

Page 571: ...follows scp host hostname or ip user username remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on...

Page 572: ...g support report 0040D0133536 22 03 03 10 16 23 bin Support report saved 2 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var...

Page 573: ...tem Upload and download files Digi Connect EZ Mini User Guide 573 sftp ahmed 192 168 2 1 Password Connected to 192 168 2 1 sftp get test py Fetching test py to test py test py 100 254 0 3KB s 00 00 sf...

Page 574: ...575 View system and event logs 577 Configure syslog servers 581 Configure options for the event and system logs 583 Analyze network traffic 588 Use the ping command to troubleshoot network connection...

Page 575: ...ownload average 44 7588 Mbps Rx latency 30 05 ms 3 To output the result in json format use the output parameter speedtest host output json tx_avg 51 8510 tx_avg_units Mbps tx_latency 31 07 tx_latency_...

Page 576: ...Type admin to access the Admin CLI 2 Use the system support report command to generate the report system support report var log Saving support report to var log support report 0040D0133536 22 03 03 10...

Page 577: ...ion about configuring the information displayed in event and system logs View System Logs WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the main menu click System Logs The sys...

Page 578: ...l Use the show log number num command to limit the number of lines that are displayed For example to limit the log to the most recent ten lines show log number 10 Timestamp Message Nov 26 21 54 34 Con...

Page 579: ...u Type quit to disconnect from the device View Event Logs WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the main menu click System Logs 3 Click System Logs to collapse the sys...

Page 580: ...mit the event list to the most recent ten lines show event number 10 Timestamp Type Category Message Nov 26 21 42 37 status stat intf eth1 type ethernet rx 11332435 tx 5038762 Nov 26 21 42 35 status s...

Page 581: ...full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Log 4 Add and configure a remote syslog server...

Page 582: ...e Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the...

Page 583: ...em log remote 0 protocol value config system log remote 0 where value is either tcp or udp The default is udp 6 Save the configuration and apply the change config save Configuration saved 7 Type exit...

Page 584: ...l To disable event categories or to enable them if they have been disabled a Click to expand Event Categories b Click an event category to expand c Depending on the event category you can enable or di...

Page 585: ...and takes the format number w d h m s For example to set the heartbeat interval to ten minutes enter either 10m or 600s config system log heartbeat_interval 600s config To disable the heartbeat inter...

Page 586: ...disable informational events status events and error events Some categories also allow you to set the status interval which is the time interval between periodic status events For example to configure...

Page 587: ...seconds and takes the format number w d h m s For example to set the status interval to ten minutes enter either 10m or 600s config system log event dhcpserver status_interval 600s config 6 Optional S...

Page 588: ...perform a more detailed analysis you can download the captured data traffic from the device and view it using a third party application Note Data traffic is captured to RAM and the captured data is l...

Page 589: ...a specified event or at a particular time l The events or time that will trigger the analyzer to run using this capture configuration l The amount of time that the analyzer session will run l The freq...

Page 590: ...etwork By default is option is disabled which means that the filter will capture packets from this IP address network vi Click to add additional IP address network filters c To create a filter that ei...

Page 591: ...apture packets that use this port vi Click to add additional MAC address filters f To create a filter that either captures or ignores packets from one or more VLANs i Click to expand Filter VLANs ii C...

Page 592: ...un during the system maintenance time window b Enable the capture filter schedule c For Duration type the amount of time that the scheduled analyzer session will run Allowed values are any number of w...

Page 593: ...address ip_ address netmask config network analyzer name filter address 0 iii Set whether the filter should apply to packets when the IP address network is the source the destination or both config ne...

Page 594: ...lter protocol 0 protocol value config network analyzer name filter protocol 0 iv If other is set for the protocol set the number of the protocol config network analyzer name filter protocol 0 protocol...

Page 595: ...tional Set the filter should ignore packets from this port config network analyzer name filter port 0 ignore true config network analyzer name filter port 0 By default is option is set to false which...

Page 596: ...Set the VLAN that should be be captured or ignored config network analyzer name filter vlan 0 vlan value config network analyzer name filter vlan 0 where value is number o the VLAN iii Optional Set th...

Page 597: ...t_time Runs the script at a specified time of the day If set_time is set set the time that the script should run using the format HH MM config network analyzer name run_time HH MM config network analy...

Page 598: ...bpf html for detailed information about BPF syntax Example IPv4 capture filters n Capture traffic to and from IP host 192 168 1 1 ip host 192 168 1 1 n Capture traffic from IP host 192 168 1 1 ip src...

Page 599: ...apturing Additional analyzer commands allow you to n Stop capturing packets n Save captured data traffic to a file n Clear captured data Required configuration items n A configured packet capture See...

Page 600: ...Access selection menu Type admin to access the Admin CLI 2 Type the following at the Admin CLI prompt analyzer stop name capture_filter where capture_filter is the name of a packet capture configurati...

Page 601: ...red Length 60 bytes Received on interface eth1 00 40 ff 80 01 20 b4 b6 86 21 b5 73 08 00 45 00 s E 00 28 3d 36 40 00 80 06 14 bc 0a 0a 4a 82 0a 0a 6 J 4a 48 cd ae 00 16 a4 4b ff 5f ee 1f d8 23 50 10 J...

Page 602: ...save captured traffic data to a file use the analyzer save command Command line 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be pre...

Page 603: ...e you can download the file from the WebUI or from the command line by using the scp secure copy file command WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the menu click Syst...

Page 604: ...ria remote home maria local etc config analyzer eth0 pcpng to remote maria 192 168 210 2 s password eth0 pcpng 100 11KB 851 3KB s 00 00 Clear captured data To clear captured data traffic in RAM use th...

Page 605: ...configuration you may be presented with an Access selection menu Type quit to disconnect from the device Stop ping commands To stop pings when the number of pings to send the count parameter has been...

Page 606: ...routing hops were required to reach the host 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection me...

Page 607: ...issued Declarations of Conformity for the Connect EZ concerning emissions EMC and safety For more information see www digi com resources certifications Important note Digi customers assume full respon...

Page 608: ...gibly and indelibly UK Conformity Assessed UKCA labeling requirements See guidance using the ukca marking for further details You must make sure that n If you reduce or enlarge the size of your markin...

Page 609: ...ntee that inventory held by distributors or other third parties is RoHS compliant Safety notices n Read all instructions before installing and powering the router You should keep these instructions in...

Page 610: ...at electrical electronic products are recycled using the best available recovery techniques to minimize the impact on the environment This product contains high quality materials and components which...

Page 611: ...interface 613 Display help for commands and parameters 614 Auto complete commands and parameters 616 Available commands 617 Use the scp command 618 Display status and statistics using the show command...

Page 612: ...bUI Configure the web administration service n SSH Configure SSH access n Telnet Configure telnet access Log in to the command line interface Command line 1 Connect to the Connect EZ device by using a...

Page 613: ...he command line interface Command line 1 At the command prompt type exit exit 2 Depending on the device configuration you may be presented with another menu for example Access selection menu a Admin C...

Page 614: ...d is found Ctrl A Move cursor to start of line Ctrl E Move cursor to end of line Ctrl W Delete word under cursor until start of line or Ctrl R If the current input is invalid then characters will be d...

Page 615: ...help show Commands analyzer Show analyzer arp Show ARP tables cloud Show drm statistics config Show config deltas dhcp lease Show DHCP leases dns Show DNS servers event Show event list ipsec Show IPse...

Page 616: ...possible Typing the space bar has similar behavior If multiple commands are available that will match the entered text auto complete is not performed and the available commands are displayed instead A...

Page 617: ...s and parameters for information about the help command ls Lists the contents of a directory mkdir Creates a directory more Displays the contents of a file mv Moves a file or directory ping Pings a re...

Page 618: ...is being copied to a remote host from the Connect EZ device o The path and filename of the file on the Connect EZ device that will be copied to the remote host o The location on the remote host where...

Page 619: ...g support report to var log support report 0040D0133536 22 03 03 10 16 23 bin Support report saved 2 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote...

Page 620: ...23 0 15f936e0ed Current Time Thurs 03 March 2022 10 16 23 0000 CPU 1 4 Uptime 6 days 6 hours 21 minutes 57 seconds 541317s Temperature 40C show network The show network command displays status and st...

Page 621: ...h enable false The Connect EZ device s ssh service is now disabled Note When the config command is executed at the root prompt certain configuration actions that are available in configuration mode ca...

Page 622: ...NTP remote_control Remote control snmp SNMP ssh SSH telnet Telnet web_admin Web administration config service 3 Next display help for the config service ssh command config service ssh SSH An SSH serv...

Page 623: ...e Enter configuration commands in configuration mode There are two ways to enter configuration commands while in configuration mode n Enter the full command string from the config prompt For example t...

Page 624: ...and config cancel After using cancel to discard unsaved changes to the configuration you will automatically exit configuration mode Configuration actions In configuration mode configuration actions ar...

Page 625: ...or example 1 Enter at the config prompt config This will display the following help information config Additional Configuration application Custom scripts auth Authentication cloud Central management...

Page 626: ...ext to display help for the service ssh command use one of the following methods n At the config prompt enter service ssh config service ssh n At the config prompt a Enter service to move to the servi...

Page 627: ...ervice config service b Enter ssh to move to the ssh node config service ssh config service ssh c Enter enable to display help for the enable parameter config service ssh enable config service ssh Eit...

Page 628: ...configuration by entering two periods config service ssh acl zone config service ssh acl You can also move back multiples nodes in the configuration by typing multiple sets of two periods config serv...

Page 629: ...the end keyword is used to add an element to the end of a list Additionally the end keyword is used to add an element to a list that does not have any elements For example to add an authentication gro...

Page 630: ...r elements in a list For example to reorder the authentication methods 1 Use the show command to display current authentication method configuration config show auth method 0 local 1 tacacs 2 radius c...

Page 631: ...user admin password pwd config 3 Save the configuration and apply the change config save Configuration saved 4 Type exit to exit the Admin CLI Depending on your device configuration you may be present...

Page 632: ...he auth node config auth config auth 2 Enter the revert command with the path set to method config auth revert method config auth 3 Save the configuration and apply the change config auth save Configu...

Page 633: ...of the config prompt config add auth user user1 config auth user user1 n Method two Create a user by moving through the configuration a At the config prompt enter auth to move to the auth node config...

Page 634: ...ls serial enable true ports 0 port1 shell enable false config auth user user1 6 Add the user to the admin group config auth user user1 add group end admin config auth user user1 7 Save the configurati...

Page 635: ...v 641 ping 641 reboot 643 rm 644 scp 645 show analyzer 645 show arp 645 show cloud 645 show config 646 show dhcp lease 646 show dns 646 show event 646 show hotspot 646 show ipsec 647 show l2tp lac 647...

Page 636: ...t stop 656 system serial clear 656 system serial save 656 system serial show 656 system serial start 657 system serial stop 657 system support report 657 system time set 657 system time sync 657 syste...

Page 637: ...s name Name of the capture filter to use clear dhcp lease ip address Clear the DHCP lease for the specified IP address Syntax clear dhcp lease ip address ADDRESS Parameters address An IPv4 or IPv6 add...

Page 638: ...Digi Connect EZ Mini User Guide 638 destination The destination path to copy the source file or directory to force Do not ask to overwrite the destination file if it exists help Show CLI editing and n...

Page 639: ...line reference Digi Connect EZ Mini User Guide 639 ls List a directory Syntax ls path show hidden Parameters path List files and directories under this path show hidden Show hidden files and directori...

Page 640: ...I command on modem puk unlock Unlock the SIM with a PUK code from the SIM provider Syntax modem puk unlock puk new pin name STRING imei STRING Parameters puk The SIM s PUK code new pin The PIN code to...

Page 641: ...metrics upload Immediately upload current device health metrics Functions as if a scheduled upload was triggered Syntax monitoring metrics upload Parameters None more View a file Syntax more path Para...

Page 642: ...host is reachable over a default route If not specified the system s primary default route will be used source The ping command will send a packet with the source address set to the IP address of this...

Page 643: ...Command line interface Command line reference Digi Connect EZ Mini User Guide 643 reboot Reboot the system Parameters None...

Page 644: ...ine interface Command line reference Digi Connect EZ Mini User Guide 644 rm Remove a file or directory Syntax rm path force Parameters path The path to remove force Force the file to be removed withou...

Page 645: ...remote host or from the remote host to the local device port The SSH port to use to connect to the remote host Minimum 1 Maximum 65535 Default 22 show analyzer Show packets from a specified analyzer...

Page 646: ...ividual output lines maybe context sensitive and unable to be entered in isolation show dhcp lease Show DHCP leases Syntax show dhcp lease all verbose Parameters all Show all leases active and inactiv...

Page 647: ...and config data for a specific IPsec tunnel all Display all tunnels including disabled tunnels verbose Display status of one or all tunnels in plain text show l2tp lac Show L2TP access concentrator st...

Page 648: ...om log Minimum 1 Default 20 filter Filters for type of log message displayed critical warning info debug Note filters from the number of messages retrieved not the whole log this can be very time cons...

Page 649: ...face Display more details and config data for a specific network interface all Display all interfaces including disabled interfaces verbose Display more information less concise more detail show ntp S...

Page 650: ...show route ipv4 ipv6 verbose Parameters ipv4 Display IPv4 routes ipv6 Display IPv6 routes verbose Display more information less concise more detail show serial Show serial status statistics Syntax sho...

Page 651: ...ING all Parameters tunnel The name of a specific IPsec tunnel all Show all IPsec tunnels show surelink openvpn Show SureLink status statistics for OpenVPN clients Syntax show surelink openvpn client S...

Page 652: ...ics including disabled instances show web filter Show web filter status statistics Syntax show web filter Parameters None speedtest Perform a speed test to a remote host using nuttcp or iPerf The syst...

Page 653: ...ig archive path STRING passphrase STRING remove custom defaults Parameters type The type of backup file to create Archives are full backups including generated SSH keys and dynamic DHCP lease informat...

Page 654: ...ase Parameters None system find me Find Me function to flash LEDs on this device to help users locate the unit Syntax system find me state Parameters state Find Me control to flash cellular related LE...

Page 655: ...system firmware update file Parameters file Firmware filename and path system power ignition off_delay Update the current ignition off delay without changing the configuration Syntax system power igni...

Page 656: ...ain Syntax system script stop script Parameters script Script to stop system serial clear Clears the serial log Syntax system serial clear port Parameters port Serial port system serial save Saves the...

Page 657: ...port Serial port system support report Save a support report to a file and include with support requests Syntax system support report path STRING Parameters path The file path to save the support repo...

Page 658: ...network host Syntax traceroute host ipv6 gateway STRING interface STRING first_ttl INTEGER max_ttl INTEGER port INTEGER nqueries INTEGER src_addr STRING tos INTEGER waittime INTEGER pausemsecs INTEGER...

Page 659: ...he Type of Service ToS and Precedence value Useful values are 16 low delay and 8 high throughput Note that in order to use some TOS precedence values you have to be super user For IPv6 set the Traffic...

Reviews:

No comments

Brands by name

Popular brands

Load more brands