Digi Connect IT 16 User Manual Download Page 250

Page: 250 / 756

Virtual Private Networks (VPN)

IPsec

Digi Connect IT® 16/48 User Guide

250

(config vpn ipsec tunnel ipsec_example)> remote id ipv4_id

(config vpn ipsec tunnel ipsec_example)>

ipv6

: The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR

IKE identity.

Set an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6
address.

(config vpn ipsec tunnel ipsec_example)> remote id ipv6_id

(config vpn ipsec tunnel ipsec_example)>

rfc822

: The ID will be interpreted as an RFC822 (email address).

Set the ID in internet email address format:

(config vpn ipsec tunnel ipsec_example)> remote id rfc822_id

(config vpn ipsec tunnel ipsec_example)>

fqdn

: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as

an ID_FQDN IKE identity.

Set the ID as an FQDN:

(config vpn ipsec tunnel ipsec_example)> remote id rfc822_id

(config vpn ipsec tunnel ipsec_example)>

keyid

: The ID will be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity.

Set the key ID:

(config vpn ipsec tunnel ipsec_example)> remote id keyid_id

(config vpn ipsec tunnel ipsec_example)>

15. Configure IKE settings:

a. Set the IKE version:

(config vpn ipsec tunnel ipsec_example)> ike version

value

(config vpn ipsec tunnel ipsec_example)>

where

value

is either

ikev1

ikev2

. This setting must match the peer's IKE version.

b. Determine whether the device should initiate the key exchange, rather than waiting for an

incoming request. By default, the device will initiate the key exchange. This must be
disabled if

remote hostname

is set to

any

. To disable:

(config vpn ipsec tunnel ipsec_example)> ike initiate false
(config vpn ipsec tunnel ipsec_example)>

c. Set the IKE phase 1 mode:

(config vpn ipsec tunnel ipsec_example)> ike mode

value

(config vpn ipsec tunnel ipsec_example)>

where

value

is either

aggressive

main

Summary of Contents for Connect IT 16

Page 1: ...Digi Connect IT 16 48 User Guide Firmware version 21 2 ...

Page 2: ...ion E June 2020 Added note that for devices manufactured prior to the release of firmware version 19 11 x the default user name may be root F July 2020 Updated information about the factory default network settings Digi Connect IT 16 48 User Guide 2 ...

Page 3: ...s of whether the values have changed since they were last reported l Added Monitoring Device Health Data point tuning configuration options to fine tune what datapoints are uploaded as health metrics to Digi Remote Manager l Added the ability to select Digi aView as the cloud service n Added the ability to duplicate firmware to copy the active firmware to the secondary firmware partition n Moved t...

Page 4: ...e sending receiving SMS messages l Added the digidevice sms python module for sending receiving SMS messages in a custom python script n MQTT client support via Paho Python module n Added a random unprivileged port for performing ntp time syncs if standard port 123 fails n Scripting enhancements l Added a Status Scripts page in the web UI and show scripts command to the Admin CLI to view custom sc...

Page 5: ...nnels now wait for Surelink tests if configured to pass prior to initiating outbound tunnels n Modbus gateway enhancements l Status Modbus gateway page in the Web UI displays information about modbus clients and servers connected to the gateway l show modbus command displays information about the the Modbus gateway service n Serial port enhancements l Serial port logging options added for starting...

Page 6: ...der allows you to control the interfaces and firewall zones on which the DAL device will respond to ICMP requests n Enhanced policy based routing l Added a DSCP option to match the routing rule by the type of DSCP field in the packet l Added a Defaultroute option for matching policy based routes to the device s active default route n Added a link to User Guide under the User menu in the Web UI Dig...

Page 7: ...ormation through the digidevice location python module n Cellular modem carrier scanning and locking l New modem scan CLI command for listing available carriers for the current modem and SIM l Manual carrier selection option to allow you to lock the SIM to a specific carrier n Enhanced serial support l Certificate management control for TCP and autoconnect serial port setups l Autoconnect n Local ...

Page 8: ... the product s and or the program s described in this manual at any time Warranty To view product warranty information go to the following website www digi com howtobuy terms Customer support Gather support information Before contacting Digi technical support for help gather the following information Product name and model Product serial number s Firmware version Operating system browser if applic...

Page 9: ...connect to a cellular network 25 Manually configure PC to connect to the Connect IT 25 Connect equipment to the Connect IT serial ports Serial connector pinout 27 Configuration and management Review Connect IT 16 48 default settings 29 Local WebUI 29 Digi Remote Manager 29 Default interface configuration 29 Other default configuration settings 30 Change the default password for the admin user 31 C...

Page 10: ...ate an access control group for power management and assign to users 45 Manage the power to the power controller outlets from the Connect IT 46 Control the outlet power from a terminal all users 46 View power controller status and manage power Administrators 46 Control the outlet power from the Serial Status page 47 Interfaces Wide Area Networks WANs 50 Wide Area Networks WANs and Wireless Wide Ar...

Page 11: ...P 210 Configure VRRP 214 Example VRRP VRRP configuration 221 Configure device one master device 222 Configure device two backup device 226 Show VRRP status and statistics 231 Virtual Private Networks VPN IPsec 234 IPsec data protection 234 IPsec modes 234 Internet Key Exchange IKE settings 234 Authentication 235 Configure an IPsec tunnel 235 Configure IPsec failover 257 Configure SureLink active r...

Page 12: ...se a user defined static location 371 Configure the device to accept location messages from external sources 373 Forward location information to a remote host 377 Configure geofencing 383 Show location information 395 Modbus gateway 396 Configure the Modbus gateway 397 Show Modbus gateway status and statistics 410 System time 413 Configure the system time 413 Network Time Protocol 415 Configure th...

Page 13: ...thentication methods 490 Add a new authentication method 492 Delete an authentication method 494 Rearrange the position of authentication methods 495 Authentication groups 497 Change the access rights for a predefined group 498 Add an authentication group 500 Delete an authentication group 504 Local users 506 Change a local user s password 507 Configure a local user 508 Delete a local user 515 Ter...

Page 14: ... 592 Update cellular module firmware 593 Update modem firmware over the air OTA 594 Update modem firmware by using a local firmware file 596 Reboot your Connect IT 16 48 device 597 Reboot your device immediately 598 Schedule reboots of your device 598 Erase device configuration and reset to factory defaults 599 Configure the Connect IT 16 48 device to use custom factory default settings 602 Config...

Page 15: ...56 Upload and download files by using the WebUI 656 Upload and download files by using the Secure Copy command 657 Upload and download files using SFTP 658 Diagnostics Generate a support report 661 View system and event logs 662 View System Logs 662 View Event Logs 664 Configure syslog servers 666 Configure options for the event and system logs 668 Analyze network traffic 673 Configure packet capt...

Page 16: ... individual commands 700 Use the Tab key or the space bar to display abbreviated help 701 Auto complete commands and parameters 701 Available commands 702 Use the scp command 703 Display status and statistics using the show command 704 show config 704 show system 705 show network 705 Device configuration using the command line interface 706 Execute configuration commands at the root Admin CLI prom...

Page 17: ...17 analyzer 721 cp 722 help 723 ls 724 mkdir 725 modem 726 modem puk status imei STRING name STRING 731 modem scan imeiSTRING nameSTRING 732 more 734 mv 735 ping 736 reboot 738 rm 739 scp 740 show 741 ssh 748 system 750 traceroute 754 ...

Page 18: ...l connections are encrypted for security Connect IT 16 and 48 key features The Digi Connect IT 16 48 port products provide these key features n Dual Gigabit Ethernet and Dual SFP option for robust flexible network connectivity n Devices with either 16 or 48 serial connections to manage IT assets via the console port n Option to install Certified Digi Cellular CORE Module to support different cellu...

Page 19: ...SFP modules 5 Connect the hardware to a network 6 Access the device from the web UI 7 Update the firmware on the Connect IT 8 Change the password 9 Administrators only Additional configuration to the Connect IT can be done in Remote Manager or in the Connect IT s local web user interface 10 Mount the Connect IT to a rack 11 Connect equipment to the Connect IT serial ports Verify product components...

Page 20: ...to the Connect IT 16 48 console port Ethernet cable 8 wire straight through shielded Cat5 Ethernet cable You can also choose to connect to the network with an Ethernet connection rather than connecting to a cellular network See Connect hardware and connect to site network using an Ethernet LAN Loose label sticker A loose label sticker that includes the unique device password is included in the box...

Page 21: ...the Connect IT are blue n ITPS PSIK Connect IT 16 48 power supply kit port side intake Use this when the serial ports will be in the cold aisle The thumb screws used to connect the items to the Connect IT are red Power cord IEC 60320 power cord Optional additional equipment Equipment Description CORE module Note This is required only if you want to connect to a cellular network A SIM card is also ...

Page 22: ... provider n CORE module This may be included with your device If it is not you must purchase one separately To connect the hardware and connect to the cellular network 1 Insert your activated SIM card into the CORE module The notched end of SIM card should be inserted first with the gold metal contacts facing down You will hear a click once the SIM is completely inserted Note If one SIM card is be...

Page 23: ...fan unit You can choose between the following two kits n ITPS PSEK Connect IT 16 48 power supply kit port side exhaust Use this when the serial ports will be in the hot aisle The thumb screws used to connect the items to the Connect IT are blue n ITPS PSIK Connect IT 16 48 power supply kit port side intake Use this when the serial ports will be in the cold aisle The thumb screws used to connect th...

Page 24: ...P 2 slot on the Connect IT Connect the hardware These sections explain how to connect the hardware and then connect to either a cellular network using the CORE module or to a site network using an Ethernet cable n Connect hardware and connect to site network using an Ethernet LAN n Connect hardware and connect to a cellular network Connect hardware and connect to site network using an Ethernet LAN...

Page 25: ...rdware and connect to the cellular network 1 Insert a CORE module with an activated SIM card See Cellular ONLY Insert the CORE module 2 Plug the power supply cord into at least one of the power supplies on the back of the device The second power cord can also be plugged in but it is not required It is available for power redundancy 3 Plug the power supply unit into an AC power outlet to power up t...

Page 26: ...nect to the Connect IT Digi Connect IT 16 48 User Guide 26 3 Click Properties The Internet Protocol Version 4 TCP IPv4 Properties dialog appears 4 Configure with the following details n IP address for PC 192 168 210 2 n Subnet 255 255 255 0 n Gateway 192 168 210 1 ...

Page 27: ...necting to the Connect IT to determine the connector type cable type and pinout positions for your specific device The serial ports are enabled by default The network devices connected to the serial ports may be accessed using Remote Manager the local web user interface TCP telnet or SSH connections TCP telnet and SSH connections to serial ports are disabled by default and must be enabled by a dev...

Page 28: ...uration methods 32 Using Digi Remote Manager 34 Access Digi Remote Manager 34 Using the web interface 34 Using the command line 36 Access the terminal screen from the web UI 36 Log into the Connect IT from the Console port 37 Access the command line interface 37 Log in to the command line interface 37 Exit the command line interface 38 Digi Connect IT 16 48 User Guide 28 ...

Page 29: ...play a list of your devices 3 Locate and select your device as described in Use Digi Remote Manager to view and manage your device 4 Click Configure The following tables list important factory default settings for the Connect IT 16 48 Default interface configuration Interface type Preconfigured interfaces Devices Default configuration Wide Area Networks WAN n ETH1 n Ethernet ETH1 n Firewall zone I...

Page 30: ...n IP address 127 0 0 1 8 n Default IP n Ethernet ETH2 n Firewall zone Setup n IP address 192 168 210 1 24 n Default Link local IP n Ethernet ETH2 n Firewall zone Setup n IP address 169 254 100 100 16 Other default configuration settings Feature Configuration Central management n Digi Remote Manager enabled as the central management service Security policies n Packet filtering allows all outbound t...

Page 31: ... default password Note If your device was manufactured prior to the release of firmware version 19 11 x the default user name may be root WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users admin 4 Enter a new password for the ...

Page 32: ...y device to any application anywhere With the Remote Manager you can configure your Connect IT 16 48 device and use the configuration as a basis for a profile which can be applied to other similar devices See Using Digi Remote Manager for more information about using the Remote Manager to manage and configure your Connect IT 16 48 device l The local web interface See Using the web interface for mo...

Page 33: ...Configuration and management Configuration methods Digi Connect IT 16 48 User Guide 33 Shows how to perform a task by using the command line interface ...

Page 34: ... 2 Open a browser and go to 192 168 2 1 The device is also accessible at the default IP address of 192 168 210 1 However because this IP address does not use a DHCP server to connect to this address you must configure your local PC with an appropriate static IP address for example 192 168 210 2 3 Log into the device using a configured user name and password The default user name is admin and the d...

Page 35: ...on status for Digi Remote Manager the amount of time the connection has been up and the Digi Remote Manager device ID See Using Digi Remote Manager Device Displays the Connect IT 16 48 device s status statistics and identifying information Network Interfaces Displays the status of the network interfaces configured on the device Modems Provides information about the signal strength and technology o...

Page 36: ...nal The Terminal screen displays 3 When prompted enter your user name and password 4 Enter the number of the port that you want to access 5 Information about the port you are connected to displays as well as commands Connecting to port5 Settings 9600 8 1 none none Type b to disconnect from port Type b to list commands 6 Enter b to display additional commands Note The bP bO and bN commands are used...

Page 37: ...ne interface using an SSH connection a telnet connection or a serial connection You can use an open source terminal software such as PuTTY or TeraTerm to access the device through one of these mechanisms You can also access the command line interface in the WebUI by using the Terminal or the Digi Remote Manager by using the Console To access the command line your device must be configured to allow...

Page 38: ... device label 3 Depending on the device configuration you may be presented with another menu for example Access selection menu a Admin CLI 1 Serial port1 9600 8 1 none none q Quit Select access or quit admin Type a or admin to access the Connect IT 16 48 command line You will now be connected to the Admin CLI Connecting now exit to disconnect from Admin CLI See Command line interface for detailed ...

Page 39: ...r controller using the network You can then complete the connection between the Connect IT power controller and the device you want to communicate with n Connect the power controller to the Connect IT using a serial port or to a network port n Connect a 3rd party device to a configured serial port on the Connect IT n Plug the 3rd party device into the outlet on the power controller that correspond...

Page 40: ...rt 5 Configure the power controller and the outlets for use with a serial port on the Connect IT 6 Connect a 3rd party device to the Connect IT serial port and the power controller Configure a serial port for Power Management You can configure a serial port on the Connect IT to communicate with the power controller In this example you will configure serial port 3 as a power management port This is...

Page 41: ...itor Interval field specify the number of seconds to wait between power controller status checks 5 Click Add Controller 6 In the Controller Name field enter a descriptive name 7 From the Controller Type list box select the appropriate controller type 8 From the Connection type list box select Serial Port 9 In the Serial port field select the port number from the list box See Configure a serial por...

Page 42: ...the 3rd party device that you want to manage from the Connect IT In this example you configured outlet 1 for use with serial port 5 on the Connect IT 1 Make sure the power controller is connected to the correct serial port on the Connect IT See Connect a power controller to the Connect IT serial port 2 Connect one end of a serial cable to the serial port on the Connect IT that is configured to com...

Page 43: ... the outlets on the power controller to work with a specific serial port on the Connect IT into which a 3rd party device will be connected 1 Log in to the web UI 2 Click System Power Controller Configuration 3 Select Enable 4 In the Monitor Interval field specify the number of seconds to wait between power controller status checks 5 Click Add Controller 6 In the Controller name field enter a descr...

Page 44: ...t the Connect IT to your network with an Ethernet cable 1 Connect an Ethernet cable to the ETH1 or ETH2 port on the Connect IT 2 Connect the other end of the Ethernet cable to your network 3 Plug the power controller into a power source Connect a 3rd party device to a serial port on the Connect IT and then to the power controller You can complete the connection between the power controller the Con...

Page 45: ...t and assign to users You can create an access control group that enables a set of users to control a power outlet from inside a terminal session For each access control group you can configure a serial port and the associated outlets and then assign the group to users that are allowed access to the outlets on that port Note For information about accessing and using a terminal session see Control ...

Page 46: ...ted to displays as well as commands Connecting to port3 PowerManPort3 Settings 9600 8 1 none none Type b to disconnect from port Type b to list commands 6 Enter b to display additional commands The commands you can use to control the power to the outlets are highlighted in the table below Command Description b Disconnect from the port bB Send a BREAK sequence bc Clear the history buffer br Send a ...

Page 47: ...You can change the power state for an outlet a From the Change State list box select an option from the list box n On Turn on the power to that outlet n Off Turn off the power to that outlet n Cycle Turn the power off then on If the power state for the outlet is currently off then the power is just turned on b Click Apply 5 You can view the power manager log A log of all remote power management ev...

Page 48: ...nage the power to the power controller outlets from the Connect IT Digi Connect IT 16 48 User Guide 48 n OFF OFF displays in red when there is no power to the outlet configured for the serial port Click OFF to turn power to the outlet on ...

Page 49: ...tions interfaces These interfaces can be bridged in a Local Area Network LAN or assigned to a Wide Area Network WAN This chapter contains the following topics Wide Area Networks WANs 50 Local Area Networks LANs 116 Bridging 152 Digi Connect IT 16 48 User Guide 49 ...

Page 50: ...rea Networks WANs and Wireless Wide Area Networks WWANs 51 Configure WAN WWAN priority and default route metrics 51 WAN WWAN failover 54 Configure SureLink active recovery to detect WAN WWAN failures 55 Configure the device to reboot when a failure is detected 62 Disable SureLink 68 Example Use a ping test for WAN failover from Ethernet to cellular 72 Using Ethernet devices in a WAN 74 Using cellu...

Page 51: ...ally adds a default IP route for the WAN The priority of the WAN is based on the metric of the default route as configured in the WAN s IPv4 and IPv6 metric settings Assigning priority to WANs By default the Connect IT 16 48 device s WAN ETH1 is configured with the lowest metric 1 and is therefor the highest priority WAN By default the Wireless WAN WWAN is configured with a metric of 3 which means...

Page 52: ...ights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Set the metrics for WWAN a Click Network Interfaces WWAN IPv4 b For Metric type 1 c Click IPv6 d For Metric type 1 4 Set the metrics for ETH1 a Click Network Interfaces ETH1 IPv4 b For Metric type 2 c Click IPv6 d For Metric type 2 ...

Page 53: ...ne 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Set the metrics for WWAN a Set the IPv4 metric for WWAN to 1 For example config network interface wwan ipv4 m...

Page 54: ...ve failure detection There are two ways to detect WAN or WWAN failure active detection and passive detection n Active detection uses Digi SureLinkTM technology to send probe tests to a target host or to test the status of the interface The WAN WWAN is considered to be down if there are no responses for a configured amount of time See Configure SureLink active recovery to detect WAN WWAN failures f...

Page 55: ... and IPv6 configurations By default SureLink is enabled for IPv4 for the preconfigured WAN ETH1 and WWAN WWAN It is disabled for IPv6 When SureLink is configured for Wireless WANs SureLink tests are only run if the cellular modem is connected and has an IP address Use the SIM failover options to configure the Connect IT 16 48 device to automatically recover the modem in the event that it cannot ob...

Page 56: ...ebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Create a new WAN or WWAN or select an existing one n To create a new WAN or WWAN see Configure a Wide Area Network WAN or Configure a Wireless Wide Area Network WWAN n To edit an existing WAN or WWAN click to expan...

Page 57: ...r w d h m s For example to set Down time to ten minutes enter 10m or 600s The default is 60 seconds l Initial connection time The amount of time to wait for an initial connection to the interface before this test is considered to have failed Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Initial connection time to ten mi...

Page 58: ...th ipv6 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Create a new WAN or WWAN or edit an existing one n To create a new WAN or WWAN see Configure a Wide Area...

Page 59: ... size in bytes of the ping packet config network interface my_wan ipv4 surelink target 0 ping_ size num config network interface my_wan ipv4 surelink target 0 n dns Tests connectivity by sending a DNS query to the specified DNS server l Specify the DNS server Allowed value is the IP address of the DNS server config network interface my_wan ipv4 surelink target 0 dns_ server ip_address config netwo...

Page 60: ...face my_wan ipv4 surelink target 0 interface_timeout value config network interface my_wan ipv4 surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interface_timeout to ten minutes enter either 10m or 600s config network interface my_wan ipv4 surelink target 0 interface_timeout 600s config network interface my_...

Page 61: ...igured determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets config network interface my_wan ipv4 surelink success_condition value config network interface my_wan ipv4 surelink Where value is either one or all f Set the number of probe attempts before the WAN is considered to have failed config network interface my_wan ipv4 sure...

Page 62: ...eless WANs SureLink tests are only run if the cellular modem is connected and has an IP address Use the SIM failover options to configure the Connect IT 16 48 device to automatically recover the modem in the event that it cannot obtain an IP address See Configure a Wireless Wide Area Network WWAN for details about SIM failover n Enable device reboot upon interface failure n The type of probe test ...

Page 63: ...the appropriate interface 5 After creating or selecting the interface click IPv4 or IPv6 SureLink 6 Enable SureLink SureLink can be enabled for both IPv4 and IPv6 configurations By default SureLink is enabled for IPv4 for the preconfigured WAN ETH1 and WWAN WWAN It is disabled for IPv6 When SureLink is configured for Wireless WANs SureLink tests are only run if the cellular modem is connected and ...

Page 64: ...al connection to the interface before this test is considered to have failed Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Initial connection time to ten minutes enter 10m or 600s The default is 60 seconds 11 Optional active recovery configuration parameters a Change the Interval between connectivity tests Allowed value...

Page 65: ...nterface named my_wan change to the my_wan node in the configuration schema config network interface my_wan config network interface my_wan 4 Enable SureLink SureLink can be enabled for both IPv4 and IPv6 configurations By default SureLink is enabled for IPv4 for the preconfigured WAN eth1 and WWAN wwanwwan2 It is disabled for IPv6 When SureLink is configured for Wireless WANs SureLink tests are o...

Page 66: ...nk target 0 n dns Tests connectivity by sending a DNS query to the specified DNS server l Specify the DNS server Allowed value is the IP address of the DNS server config network interface my_wan ipv4 surelink target 0 dns_ server ip_address config network interface my_wan ipv4 surelink target 0 n dns_configured Tests connectivity by sending a DNS query to the DNS servers configured for this interf...

Page 67: ...ny number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interface_timeout to ten minutes enter either 10m or 600s config network interface my_wan ipv4 surelink target 0 interface_timeout 600s config network interface my_wan ipv4 surelink target 0 The default is 60 seconds Optional Repeat to add additional test targets 8 Optional active recovery con...

Page 68: ...face my_wan ipv4 surelink where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set timeout to ten minutes enter either 10m or 600s config network interface my_wan ipv4 surelink timeout 600s config network interface my_wan ipv4 surelink The default is 15 seconds 9 Optional Repeat this procedure for IPv6 10 Save the configuration and a...

Page 69: ...reLink 7 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Change to the WAN or WWAN s nod...

Page 70: ... DNS resolution while retaining the SureLink interface test The SureLink interface test determines if the interface has an IP address assigned to it that the physical link is up and that a route is present to send traffic out of the network interface WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Confi...

Page 71: ... with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Change to WAN or WWAN s node in the configuration schema For example to disable SureLink for an interface named my_wan config network interface my_wan config network interface my_wan 4 Determine the index number of the target config network interface my_wa...

Page 72: ...kup WAN In this example configuration SureLink is used over for the ETH1 interface to send a probe packet of size 256 bytes to the IP host 43 66 93 111 every 10 seconds If there are three consecutive failed responses the Connect IT 16 48 device brings the ETH1 interface down and starts using the WWAN interface It continues to regularly test the connection to ETH1 and when tests on ETH1 succeed the...

Page 73: ...Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure SureLink on ETH1 a Set the interval to ten seconds config network interface eth1 ipv4 sur...

Page 74: ...two Ethernet devices named ETH1 and ETH2 You can use these Ethernet interfaces as a WAN when connecting to the Internet through a device such as a cable modem By default the ETH1 Ethernet device is configured as a WAN named ETH1 with both DHCP and NAT enabled and using the External firewall zone This means you should be able to connect to the Internet by connecting the ETH1 Ethernet port to anothe...

Page 75: ...ows the modem to automatically match the carrier for the active SIM Carrier switching is enabled by default n Configure the access technology n Determine which cellular antennas to use Additional configuration items n If Active SIM slot is set to Any determine the preferred SIM slot In the event of a failover to a non preferred SIM or if manual SIM switching is used to switch to a non preferred SI...

Page 76: ...d SIM the modem will attempt to reconnect to the SIM in the preferred SIM slot None is the default 7 For Maximum number of interfaces type the number of interfaces that can be configured to use this modem This is used when using dual APN SIMs The default is 1 8 Enable Carrier switching to allow the modem to automatically match the carrier for the active SIM Carrier switching is enabled by default ...

Page 77: ... a modem attached to the identified physical port l If port is used set modem s port a Determine available ports and correct syntax by using the config network modem wwan port Match port The physical port that the modem device is attached to Format device usb modem module Default value device usb modem module Current value device usb modem module config network modem wwan port b Set the port confi...

Page 78: ...k modem wwan max_intfs int config 8 Carrier switching allows the modem to automatically match the carrier for the active SIM Carrier switching is enabled by default To disable config network modem wwan carrier_switch false config 9 Set the type of cellular technology that this modem should use to access the cellular network config network modem wwan access_tech value config Available options for v...

Page 79: ...ar carrier for the first time After the device has successfully connected it will remember the correct APN As a result it is generally not necessary to configure APNs However you can configure the system to use a specified APN To configure the APN WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configur...

Page 80: ...authenticate The default is None 6 To add additional APNs for Add APN click and repeat the preceding instructions 7 Optional To configure the device to bypass its preconfigured APN list and only use the configured APNs enable APN list only 8 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights D...

Page 81: ... address The default is auto 6 Optional Set the authentication method config network interface wwan modem apn 0 auth method config where method is one of the following n none No authentication is required n auto The device will attempt to connect using CHAP first and then PAP n chap Uses the Challenge Handshake Authentication Profile CHAP to authenticate n pap Uses the Password Authentication Prof...

Page 82: ... trusted internal network traffic n Secure connection to internal customer network without using a VPN n Separate billing structures for public and private traffic n Site to site networking without the overhead of tunneling for each device In the following example configuration all traffic on LAN1 is routed through the public APN to the internet and all traffic on LAN2 is routed through the privat...

Page 83: ...xample we will create two interfaces named WWAN_Public and WWAN_Private a Click Network Interfaces b For Add Interface type WWAN_Public and click c For Interface type select Modem d For Zone select External e For Device select WWAN cellular modem f Optional Configure the public APN If the public APN is not configured the Connect IT 16 48 will attempt to determine the APN i Click to expand APN list...

Page 84: ...to expand APN list APN m For APN type the private APN provided to you by your cellular carrier 5 Create the routing policies For example to route all traffic from LAN1 through the public APN and LAN2 through the private APN a Click Network Routes Policy based routing b Click the to add a new route policy c For Label enter Route through public APN d For Interface select Interface WWAN_Public e Conf...

Page 85: ...route policy h For Label enter Route through private APN i For Interface select Interface WWAN_Private j Configure the source address i Click to expand Source address ii For Type select Interface iii For Interface select LAN2 k Configure the destination address i Click to expand Destination address ii For Type select Interface iii For Interface select Interface WWAN_Private 6 Click Apply to save t...

Page 86: ...terface type to modem config network interface WWANPublic type modem config network interface WWANPublic c Set the modem device config network interface WWANPublic modem device wwan config network interface WWANPublic d Optional Set the public APN If the public APN is not configured the Connect IT 16 48 will attempt to determine the APN config network interface WWANPublic modem apn public_apn conf...

Page 87: ...cy 0 b Set the label that will be used to identify this route policy config network route policy 0 label Route through public apn config network route policy 0 c Set the interface config network route policy 0 interface network interface WWANPublic config network route policy 0 d Configure the source address i Set the source type to interface config network route policy 0 src type interface config...

Page 88: ...ource address i Set the source type to interface config network route policy 1 src type interface config network route policy 1 ii Set the interface to LAN2 config network route policy 1 src interface LAN2 config network route policy 1 k Configure the destination address i Set the type to interface config network route policy 1 dst type interface config network route policy 1 ii Set the interface ...

Page 89: ...tems n Select Manual or Manual Automatic carrier selection mode n The Network PLMN ID WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 For Carrier selection mode select one of the following n Automatic The device automatically selects the carrier base...

Page 90: ...u Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config network interface wwan modem operator_mode value config where value is one of n automatic The device automatically selects the carrier based on your SIM and cellular network status n manual The device will only connect to the carrier identified in the ...

Page 91: ...riers You can scan for available carriers and determine their network PLMN ID by using the modem scan command at the Admin CLI 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type modem scan Issuing network scan this may tak...

Page 92: ...o view a status summary for the modem show modem Modem SIM Status APN Signal Strength wwan 1 ready connected 1234 Good 84 dBm n To view detailed status and statistics use the show modem name name command show modem name wwan wwan Telit LM940 IMEI 781154796325698 Manufacturer Telit Model LM940 FW Version 24 01 541_ATT Revision 24 01 541 Status State connected APN 1234 Signal Strength Good 85 dBm Ba...

Page 93: ...in modem_name For example to unlock a SIM card in the modem named wwan with PUK code 12345678 and set the new SIM PIN to 1234 modem puk unlock 12345678 1234 wwan 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Note If the SIM remains in a locked state after using the unlock command c...

Page 94: ...ing on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type modem at interactive and press Enter Type n if you do not want exclusive access This allows you to send AT commands to the device while still allowing the device to connect disconnect and or reconnect to the cellular network 3 At the Admin CLI prompt...

Page 95: ...odel MC7455 Revision SWI9X30C_02 24 03 00 r6978 CARMD EV FRMWR2 2017 03 02 13 36 45 MEID 35907206045169 IMEI 359072060451693 IMEI SV 9 FSN LQ650551070110 GCAP CGSM OK 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 96: ...f the WAN l When to use DNS servers for this interface l Whether to include the Connect IT 16 48 device s hostname in DHCP requests l SureLink active recovery configuration See Configure SureLink active recovery to detect WAN WWAN failures for further information n IPv6 configuration l The metric for IPv6 routes associated with the WAN l The relative weight for IPv6 routes associated with the WAN ...

Page 97: ...ew WANs are enabled by default To disable click Enable 5 For Interface type leave at the default setting of Ethernet 6 For Zone select External 7 For Device select an Ethernet device or a bridge See Bridging for more information about bridging 8 Configure IPv4 settings a Click to expand IPv4 IPv4 support is enabled by default b For Type select DHCP address c Optional IPv4 configuration items i Set...

Page 98: ...ice s system name d See Configure SureLink active recovery to detect WAN WWAN failures for information about configuring Active recovery 9 Optional Configure IPv6 settings a Click to expand IPv6 b Enable IPv6 support c For Type select DHCPv6 address d For Prefix length type the minimum length of the prefix to assign to this LAN If the minimum length is not available then a longer prefix will be us...

Page 99: ...vices whose MAC addresses is included in the MAC address blacklist a Click to expand MAC address blacklist b For Add MAC address click c Type the MAC address 11 Optional Click to expand MAC address whitelist If there whitelist entries are specified incoming packets will only be accepted from the listed MAC addresses a Click to expand MAC address whitelist b For Add MAC address click c Type the MAC...

Page 100: ...e my_wan device b Set the device for the LAN config network interface my_wan device device config network interface my_wan 6 Configure IPv4 settings n IPv4 support is enabled by default To disable config network interface my_wan ipv4 enable false config network interface my_wan n Configure the WAN to be a DHCP client config network interface my_wan ipv4 type dhcp config network interface my_wan a ...

Page 101: ... DNS requests n primary Only use the DNS servers provided for this interface when the interface is the primary route n never Never use DNS servers for this interface vi Enable DHCP Hostname to instruct the Connect IT 16 48 device to include the device s system name with DHCP requests as the Client FQDN option The DHCP server can then be configured to register the device s hostname and IP address w...

Page 102: ...e DNS weight 10 Weight Additional Configuration connection_monitor Active recovery config network interface my_wan d Modify any of the remaining default settings as appropriate For example to change the metric config network interface my_wan ipv6 metric 1 config network interface my_wan If the minimum length is not available then a longer prefix will be used See Configure WAN WWAN priority and def...

Page 103: ...anagement priority of the WAN The active interface with the highest management priority will have its address reported as the preferred contact address for central management and direct device access l The IPv4 Maximum Transmission Unit MTU of the WAN l SureLink active recovery configuration See Configure SureLink active recovery to detect WAN WWAN failures for further information n IPv6 configura...

Page 104: ...and the WWAN New WWANs are enabled by default To disable click Enable 5 For Interface type select Modem 6 For Zone select External 7 For Device select a cellular modem 8 Optional WWAN configuration items a For Match SIM by select a SIM matching criteria to determine when this WWAN should be used n If SIM slot is selected for Match SIM slot select which SIM slot must be in active for this WWAN to b...

Page 105: ... SIM fails to connect If enabled i For Connection attempts before SIM failover type the number of times that the device should attempt to connect to the active SIM before failing over to the next available SIM ii For SIM failover alternative configure how SIM failover will function if automatic SIM switching is unavailable n None The device will perform no alternative action if automatic SIM switc...

Page 106: ...k IPv6 to expand b IPv6 support is Enabled by default Click to disable c Set the Metric See Configure WAN WWAN priority and default route metrics for further information about metrics d For Weight type the relative weight for default routes associated with this interface For multiple active interfaces with the same metric Weight is used to load balance traffic to the interfaces e Set the Managemen...

Page 107: ... modem a Enter modem device to view available modems and the proper syntax config network interface my_wwan modem device Device The modem used by this network interface Format wwan Current value config network interface my_wwan device b Set the device config network interface my_wwan modem device config network interface my_wwan 6 Optional WWAN configuration items a Set theSIM matching criteria to...

Page 108: ...or this WWAN to be used config network interface my_wwan modem iccid ICCID config network interface my_wwan n imsi Set the International Mobile Subscriber Identity IMSI that must be in active for this WWAN to be used config network interface my_wwan modem imsi IMSI config network interface my_wwan n plmn_id Set the PLMN id that must be in active for this WWAN to be used config network interface my...

Page 109: ...d for this WWAN when multiple interfaces have the same DNS server the interface with the lowest metric will be used for DNS requests n never Never use DNS servers for this WWAN n primary Only use the DNS servers provided for this WWAN when the WWAN is the primary route The default setting is primary f SIM failover is enabled by default which means that the modem will automatically fail over from t...

Page 110: ...ress and netmask of the custom gateway config network interface my_wwan modem custom_gw gateway ip_ address netmask config network interface my_wwan modem custom_gw To override only the gateway netmask but not the gateway IP address use all zeros for the IP address For example 0 0 0 0 32 will use the network provided gateway but with a 32 netmask 9 Optional IPv4 configuration items a IPv4 support ...

Page 111: ... priority and default route metrics for further information about metrics d Set the relative weight for default routes associated with this interface For multiple active interfaces with the same metric the weight is used to load balance traffic to the interfaces config network interface my_wwan ipv6 weight num config network interface my_wwan e Set the management priority This determines which int...

Page 112: ...Access selection menu Type admin to access the Admin CLI 2 Enter the show network command at the Admin CLI prompt show network Interface Proto Status Address defaultip IPv4 up 192 168 210 1 24 defaultlinklocal IPv4 up 169 254 100 100 16 eth1 IPv4 up 10 10 10 10 24 eth1 IPv6 up fe00 2404 240 f4ff fe80 120 64 eth2 IPv4 up 192 168 2 1 24 eth2 IPv6 up fd00 2704 1 48 loopback IPv4 up 127 0 0 1 8 wwan I...

Page 113: ... 3 IPv6 Status up IPv6 Type dhcpv6 IPv6 Address es fe00 2404 240 f4ff fe80 120 64 IPv6 Gateway ff80 234 f3ff ff0e 4320 IPv6 MTU 1500 IPv6 Metric 1 IPv6 Weight 10 IPv6 DNS Server s fd00 244 1 fe80 234 f3f4 fe0e 4320 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 114: ... Interfaces 4 Click the menu icon next to the name of the WAN or WWAN to be deleted and select Delete 5 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the comma...

Page 115: ...rea Networks WANs Digi Connect IT 16 48 User Guide 115 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 116: ... the following Local Area Networks LANs You can modify configuration settings for ETH2 and you can create new LANs This section contains the following topics About Local Area Networks LANs 117 Configure a LAN 117 Example Configure two LANs 123 Show LAN status and statistics 131 Delete a LAN 132 DHCP servers 134 Create a Virtual LAN VLAN route 148 ...

Page 117: ...et device is being used by a WAN with the same IP subnet you should change the default IP address and subnet of LAN1 Additional configuration items n Additional IPv4 configuration l The metric for IPv4 routes associated with the LAN l The relative weight for IPv4 routes associated with the LAN l The IPv4 management priority of the LAN The active interface with the highest management priority will ...

Page 118: ...he Interface configuration window is displayed New LANs are enabled by default To disable click Enable 5 For Interface type leave at the default setting of Ethernet 6 For Zone select the appropriate firewall zone See Firewall configuration for further information 7 For Device select an Ethernet device or a bridge See Bridging for more information about bridging 8 Configure IPv4 settings a Click to...

Page 119: ... a longer prefix will be used e For Prefix ID type the identifier used to extend the prefix to the assigned length Leave blank to use a random identifier f Set the Metric g For Weight type the relative weight for default routes associated with this interface For multiple active interfaces with the same metric Weight is used to load balance traffic to the interfaces h Set the Management priority Th...

Page 120: ... network interface my_lan n To edit an existing LAN named my_lan change to the my_lan node in the configuration schema config network interface my_lan config network interface my_lan 4 Set the appropriate firewall zone config network interface my_lan zone zone config network interface my_lan See Firewall configuration for further information 5 Select an Ethernet device or a bridge See Bridging for...

Page 121: ...fig network interface my_lan b Optional IPv4 configuration items i Set the IP metric config network interface my_lan ipv4 metric num config network interface my_lan ii Set the relative weight for default routes associated with this interface For multiple active interfaces with the same metric the weight is used to load balance traffic to the interfaces config network interface my_lan ipv4 weight n...

Page 122: ...rs Current Value enable true Enable metric 0 Metric mgmt 0 Management priority mtu 1500 MTU prefix_id 1 Prefix ID prefix_length 48 Prefix length type prefix_delegation Type weight 10 Weight Additional Configuration connection_monitor Active recovery dhcpv6_server DHCPv6 server config network interface my_lan View default settings for the IPv6 DHCP server config network interface my_lan ipv6 dhcpv6...

Page 123: ...odem and one LAN ETH2 For Connect IT 16 48W Wi Fi enabled devices the default configuration of the ETH2 uses a bridge that consists of two devices the ETH2 Ethernet device and the Digi AP Wi Fi access point In this example we will 1 Create a new Wi Fi access point Connect IT 16 48W models only 2 Create a new bridge that consists of the new access point and the ETH1 device In this configuration the...

Page 124: ...48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Create a new access point config add network wifi ap Example_AP config network wifi ap Example_AP New access points are enabled by default 4 ...

Page 125: ...ess ap Example_AP save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Task two Create a new bridge Connect IT 16 48W WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Co...

Page 126: ... and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Create a new bridge config add network bridge Example_bridge config network b...

Page 127: ...ge Example_bridge stp enable true b Set the number of seconds that the device will spend in each of the listening and learning states before the bridge begins forwarding data config network bridge Example_bridge stp forward_delay num config The default is 2 seconds 8 Save the configuration and apply the change config network bridge Example_bridge save Configuration saved 9 Type exit to exit the Ad...

Page 128: ...you are configuring a non Wi Fi Connect IT 16 48 select Ethernet ETH1 e Click to expand IPv4 f For Address type 192 168 3 1 24 g Click to expand DHCP server h Click Enable 4 Create LAN2 a Click Network Interfaces b For Add Interface type LAN2 and click c For Zone select Internal d For Device select Ethernet ETH2 e Click to expand IPv4 f For Address type 192 168 4 1 24 g Click to expand DHCP server...

Page 129: ...network device used by this network interface Format network device eth1 network device eth2 network bridge LAN network bridge Example_bridge network wireless ap digi_ap network wireless ap Example_AP Current value config network interface LAN1 device ii Set the device for the LAN1 interface n If you are configuring a Wi Fi enabled Connect IT 16 48W set the device to network bridge Example_bridge ...

Page 130: ... The network device used by this network interface Format network device eth1 network device eth2 network bridge LAN network bridge Example_bridge network wireless ap digi_ap network wireless ap Example_AP Current value config network interface LAN2 device ii Set the device for the LAN2 interface config network interface LAN2 device network device eth1 config network interface LAN2 c Configure the...

Page 131: ...he 192 168 3 subnet 2 Verify that LAN2 is operating correctly a Connect a device to LAN2 through the ETH2 Ethernet port b Verify that the device has been provided an IP address from the LAN2 DHCP server in the 192 168 4 subnet Show LAN status and statistics WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 From the menu click Status 3 Under Networking click Interfaces Comma...

Page 132: ...e Status Device eth2 Zone internal IPv4 Status up IPv4 Type static IPv4 Address es 192 168 2 1 24 IPv4 Gateway IPv4 MTU 1500 IPv4 Metric 5 IPv4 Weight 10 IPv4 DNS Server s IPv6 Status up IPv6 Type prefix IPv6 Address es fd00 2704 1 48 IPv6 Gateway IPv6 MTU 1500 IPv6 Metric 5 IPv6 Weight 10 IPv6 DNS Server s 4 Type exit to exit the Admin CLI Depending on your device configuration you may be present...

Page 133: ... user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Click the menu icon next to the name of the LAN to be deleted and select Delete 5 Click Apply to save the configuration and apply the change ...

Page 134: ... local network which assigns IP addresses to clients on the device s local network Addresses are assigned from a specified pool of IP addresses For a local network the device uses the DHCP server that has the IP address pool in the same IP subnet as the local network When a host receives an IP configuration the configuration is valid for a particular amount of time known as the lease time After th...

Page 135: ...ure a LAN 5 Click to expand IPv4 DHCP server 6 Enable the DHCP server 7 Optional For Lease time type the amount of time that a DHCP lease is valid Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Lease time to ten minutes enter 10m or 600s The default is 12 hours 8 Optional For Lease range start and Lease range end type th...

Page 136: ... path and file name of the bootfile on the TFTP server g For TFTP server name type the IP address or host name of the TFTP server 10 See Configure DHCP options for information about Custom DHCP options 11 See Map static IP addresses to hosts for information about Static leases 12 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as...

Page 137: ...he DHCP server will assign to a client config network interface my_lan ipv4 dhcp_server lease_end num config Allowed values are between 1 and 254 and the default is 250 7 Optional DHCP server settings a Click to expand Advanced settings b Determine how the DHCP server should broadcast the gateway server config network interface my_lan ipv4 dhcp_server advanced gateway value config where value is o...

Page 138: ...vanced secondary_ dns value config network interface my_lan ipv4 dhcp_server advanced primary_ntp value config network interface my_lan ipv4 dhcp_server advanced secondary_ ntp value config network interface my_lan ipv4 dhcp_server advanced primary_ wins value config network interface my_lan ipv4 dhcp_server advanced secondary_ wins value config where value is one of n none No server is broadcast ...

Page 139: ...m the device Map static IP addresses to hosts You can configure the DHCP server to assign static IP addresses to specific hosts Required configuration items n IP address that will be mapped to the device n MAC address of the device Additional configuration items n A label for this instance of the static lease To map static IP addresses WebUI 1 Log into the Connect IT 16 48 WebUI as a user with ful...

Page 140: ...de config config 3 Add a static lease to the DHCP server configuration for an existing LAN For example to add static lease to a LAN named my_lan config add network interface my_lan ipv4 dhcp_server advanced static_ lease end config network interface my_lan ipv4 dhcp_server advanced static_lease 0 See Configure a LAN for information about creating a LAN 4 Set the MAC address of the device associate...

Page 141: ...ow current static IP mapping To view your current static IP mapping WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 On the main menu click Status 3 Under Networking click DHCP Leases Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Typ...

Page 142: ...he Configuration window is displayed 3 Click Network Interfaces 4 Click to expand an existing LAN 5 Click to expand IPv4 DHCP server Advanced settings Static leases 6 Click the menu icon next to the name of the static lease to be deleted and select Delete 7 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin...

Page 143: ...6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure DHCP options You can configure DHCP servers running on your Connect IT device to send certain specified DHCP options to DHCP clients You can also set the user class which enables you to specify which specific DHCP clients will...

Page 144: ...ption will always be sent to the client even if the client does not ask for it 11 Optional For Data type select the data type that the option uses If the incorrect data type is selected the device will send the value as a string 12 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending o...

Page 145: ... custom_option 0 7 Optional Set a label for this custom option config network interface my_lan ipv4 dhcp_server advanced custom_option 0 name label config network interface my_lan ipv4 dhcp_server advanced custom_option 0 8 Optional To force the DHCP option to always be sent to the client even if the client does not ask for it config network interface my_lan ipv4 dhcp_server advanced custom_option...

Page 146: ... Multiple DHCP relay servers can be provided for each LAN If multiple relay servers are provided DHCP requests are forwarded to all servers without waiting for a response Clients will typically use the IP address from the first DHCP response received Configuring DHCP relay involves the following items Required configuration items n Disable the DHCP server if it is enabled n IP address of the prima...

Page 147: ...onfig add network interface my_lan ipv4 dhcp_relay end config network interface lan1 my_lan dhcp_relay 0 See Configure a LAN for information about creating a LAN 4 Set the IP address of the DHCP relay server config network interface my_lan ipv4 dhcp_relay 0 address 10 10 10 10 config network interface my_lan ipv4 dhcp_relay 0 5 Optional Add additional DHCP relay servers a Move back one step in the...

Page 148: ...sues WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 On the main menu click Status 3 Under Networking click DHCP Leases Command line 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Enter the show dhcp lease command at the ...

Page 149: ...l Area Networks LANs Digi Connect IT 16 48 User Guide 149 Required configuration items n Device to be assigned to the VLAN n The VLAN ID The TCP header uses the VLAN ID to identify the destination VLAN for the packet ...

Page 150: ...er with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Virtual LAN 4 Type a name for the VLAN and click 5 Select the Device 6 Type or select a unique numeric ID for the VLAN ID 7 Click Apply to save the configuration and apply the change ...

Page 151: ...evices config network vlan vlan1 device Device The Ethernet device to use for this virtual LAN Format network device eth1 network device eth2 network device loopback network vlan vlan1 network bridge lan Current value config network vlan vlan1 b Add the device config network vlan vlan1 device network device config network vlan vlan1 5 Set the VLAN ID config network vlan vlan1 id value where value ...

Page 152: ...tiple devices such as Ethernet devices and wireless access points By default the Connect IT 16 48 has the following preconfigured bridges You can modify configuration settings for the existing bridge and you can create new bridges This section contains the following topics Edit the preconfigured ETH2 bridge 153 Configure a bridge 156 ...

Page 153: ...ation click Device Configuration The Configuration window is displayed 3 Click Network Bridges LAN1 4 The LAN1 bridge is enabled by default To disable uncheck Enable 5 Modify the list of devices that are a part of the bridge By default the LAN1 bridge includes the following devices n Ethernet ETH2 n Wi Fi access point Digi AP Wi Fi1 Note The MAC address of the bridge is taken from the first availa...

Page 154: ...ation you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 The LAN1 bridge is enabled by default n To disable config network bridge eth2 enable false config n To enable if it has been disabled config network bridge eth2 enable true config 4 Modify the list of devices that are a part of th...

Page 155: ...y_bridge interface lan device Default value network bridge lan Current value network bridge lan config network bridge my_bridge ii Add the appropriate device For example to add the Digi AP Wi Fi1 Wi Fi access point config network bridge my_bridge add device end network wireless ap digi_ap config 5 Optional Enable Spanning Tree Protocol STP STP is used when multiple LANs are configured on the same ...

Page 156: ...k Device Configuration The Configuration window is displayed 3 Click Network Bridges 4 For Add Bridge type a name for the bridge and click 5 Bridges are enabled by default To disable uncheck Enable 6 Add devices to the bridge a Click to expand Devices b For Add device click c Select the Device d Repeat to add additional devices Note The MAC address of the bridge is taken from the first available d...

Page 157: ...Interfaces Bridging Digi Connect IT 16 48 User Guide 157 8 Click Apply to save the configuration and apply the change ...

Page 158: ... if it has been disabled config network bridge my_bridge enable true config network bridge my_bridge 5 Add devices to the bridge a Determine available devices config network bridge my_bridge interface lan device Default value network bridge lan Current value network bridge lan config network bridge my_bridge b Add the appropriate device For example to add the Digi AP Wi Fi1 Wi Fi access point conf...

Page 159: ...e the bridge begins forwarding data config network bridge my_bridge stp forward_delay num config The default is 2 seconds 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 160: ...ice s serial port The default serial port configuration for the Connect IT 16 48 is n Enabled enabled n Serial mode Remote access n Label None n Baud rate 9600 n Data bits 8 n Parity None n Stop bits 1 n Flow control None n Escape sequence b n History size 4000 n Exclusive access enabled n Idle timeout 15m Configure the serial port By default the Connect IT 16 48 numbered serial ports are configur...

Page 161: ... Serial Configuration page is displayed n Use the Search ports field to limit the list of ports displayed on the page n Select the number of Ports per page that you want to display Click the appropriate number or click ALL to display all ports You can also click Next or Back to display the next or previous set of ports Note The number ports you can display is determined by the number of ports avai...

Page 162: ...emote Power Management The default is Remote Access 5 Select Reversed Mode to automatically configure the serial port s RJ45 connector to use the reversed mode pinout In this pinout the TXD and RXD pins are swapped and the DCD pin is connected to ground All other hardware signal pins such as RTS CTS DTR DSR are inactive See Serial connector pinout in reversed mode 6 Optional For Label enter a labe...

Page 163: ...porting for the TCP service n Telnet Allow the serial port to be directly accessed using a Telnet connection a Click Enable Telnet b In the IP Port field enter the IP port number on which the device will listen for Telnet connections The range is 1 65535 c Click Enable mDNS to enable mDNS reporting for the Telnet service 9 Click to expand Session Settings Within this section you can configure the ...

Page 164: ...Serial port Configure the serial port Digi Connect IT 16 48 User Guide 164 11 Click Apply to save the configuration and apply the change ...

Page 165: ... n application Provides access to the serial device from Python applications See Add a USB console port for information about creating serial ports in Application mode n powerman Allows you to configure the port for use with a power controller See Configure Remote Power Management The default is login 5 Optional Set a label that will be used when referring to this port config serial port1 label la...

Page 166: ... Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Add a USB console port Your Connect IT 16 48 can be configured to support USB to serial adapters for console access to the device remote serial out of band OOB access to other devices or for use in python applications The following USB t...

Page 167: ...nterface descriptor type the appropriate descriptor number Leave this option at the default of 0 for USB devices with only one serial port 8 Optional USB devices with multiple ports may identify ports by using a port number For USB port number type or select the appropriate port number Leave this option at the default of 0 for USB devices with only one serial port 9 For Serial mode select one of t...

Page 168: ...limit access to the serial port to a single active session d For Idle timeout type the amount of time to wait before disconnecting due to user inactivity Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Idle timeout to ten minutes enter 10m or 600s The default is 15m e Optional Click to expand Monitor i Enable CTS to monit...

Page 169: ... click iii For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones iv Click again to allow access through additional firewall zones iv Optional Click to enable mDNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server g Click to expand Telnet connection i Click Enable to allow telnet acce...

Page 170: ...om the dropdown iv Click again to allow access through additional interfaces n To limit access based on firewall zones i Click Zones ii For Add Zone click iii For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones iv Click again to allow access through additional firewall zones v Optional Click to enable mDNS mDNS is a protoc...

Page 171: ...from the dropdown iv Click again to allow access through additional interfaces n To limit access based on firewall zones i Click Zones ii For Add Zone click iii For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones iv Click again to allow access through additional firewall zones iv Optional Click to enable mDNS mDNS is a pro...

Page 172: ...referring to this port config serial USB_port label label config serial USB_port 6 If mode is set to login or remote a Set the baud rate used by the device to which you want to connect config serial USB_port baudrate rate config serial USB_port b Set the number of data bits used by the device to which you want to connect config serial USB_port databits bits config serial USB_port c Set the type of...

Page 173: ...n a user connects to the serial port config serial USB_port history bytes config serial USB_port The default is 4000 bytes d Set the amount of time to wait before disconnecting due to user inactivity config serial USB_port idle_timeout value config serial USB_port where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set idle_timeout ...

Page 174: ...ion n To limit access to specified IPv4 addresses and networks config serial USB_port add service tcp acl address end value config serial USB_port Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the tcp port Repeat this step to list additional IP addresses or networks n To lim...

Page 175: ...local IP eth1 ETH1 eth2 ETH2 loopback Loopback sfp1 SFP1 sfp2 SFP2 wwan WWAN config serial USB_port Repeat this step to list additional interfaces n To limit access based on firewall zones config serial USB_port add service tcp acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prom...

Page 176: ...rial USB_port iii Optional Configure the access control list to limit access to the telnet connection n To limit access to specified IPv4 addresses and networks config serial USB_port add service telnet acl address end value config serial USB_port Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 address...

Page 177: ...work interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP eth1 ETH1 eth2 ETH2 loopback Loopback sfp1 SFP1 sfp2 SFP2 wwan WWAN config serial USB_port Repeat this step to list additional interfaces n To limit access based on firewall zones config serial USB_port add service telnet acl zone end value Where value is a firewall zone defined on your d...

Page 178: ...t ii Set the ssh port config serial USB_port service ssh port port config serial USB_port iii Optional Configure the access control list to limit access to the ssh connection n To limit access to specified IPv4 addresses and networks config serial USB_port add service ssh acl address end value config serial USB_port Where value can be l A single IP address or host name l A network designation in C...

Page 179: ...s Use network interface to display interface information config serial USB_port network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP eth1 ETH1 eth2 ETH2 loopback Loopback sfp1 SFP1 sfp2 SFP2 wwan WWAN config serial USB_port Repeat this step to list additional interfaces n To limit access based on firewall zones config serial USB_port add...

Page 180: ... the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show serial status and statistics To show the status and statistics for the serial port WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 On the main menu click Status 3 Under Connections click Serial The Serial Status page display...

Page 181: ...icon in the upper right corner of the page to access the Serial Configuration page See Configure the serial port for more information Search ports Use the Search ports field to limit the list of ports displayed on the page Ports per page Select the number of Ports per page that you want to display Click the appropriate number or click ALL to display all ports You can also click Next or Back to dis...

Page 182: ...description for the port You can change this from the Serial Configuration page Click the configuration icon in the upper right corner of the page to access that page The port number and name displays as a link when the port is configured for remote access You can click the port number or name to connect to the port in the terminal page See the description for Port above for more information Power...

Page 183: ...ts field As you type the ports displayed in the page are limited to only the ports with information that matches the search entry Serial connector pinout in reversed mode You can configure the serial port s RJ45 connector to use the reversed mode pinout In this pinout the TXD and RXD pins are swapped and the DCD pin is connected to ground All other hardware signal pins such as RTS CTS DTR DSR are ...

Page 184: ...k isn t available See Log into the Connect IT from the Console port Note When using this method only CLI commands are available You can configure the console port as needed See Configure the console port Configure the console port By default the Connect IT 16 48 console port is configured as follows n Enable enabled n Baud rate 115200 n Data bits 8 n Parity None n Stop bits 1 n Flow control None T...

Page 185: ...nfiguration changes can be made as needed n For Baud rate select the baud rate used by the device to which you want to connect n For Data bits select the number of data bits used by the device to which you want to connect n For Parity select the type of parity used by the device to which you want to connect n For Stop bits select the number of stop bits used by the device to which you want to conn...

Page 186: ...Routing This chapter contains the following topics IP routing 187 Show the routing table 204 Dynamic DNS 205 Virtual Router Redundancy Protocol VRRP 210 Digi Connect IT 16 48 User Guide 186 ...

Page 187: ... route for the destination it forwards the IP packet to the configured IP gateway or interface 3 If it cannot find a route for the destination it uses a default route 4 If there are two or more routes to a destination the device uses the route with the longest mask 5 If there are two or more routes to a destination with the same mask the device uses the route with the lowest metric This section co...

Page 188: ...ute When multiple routes are available to reach the same destination the route with the lowest metric is used n The Maximum Transmission Units MTU of network packets using this route To configure a static route WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is dis...

Page 189: ...ackets using this route 11 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a new sta...

Page 190: ... network route static 0 interface b Set the interface For example config network route static 0 interface network interface eth1 config network route static 0 7 Optional Set the IPv4 address of the gateway used to reach the destination Set to blank if the destination can be accessed without a gateway config network route static 0 gateway IPv4_address config network route static 0 8 Optional Set th...

Page 191: ...isplayed 3 Click Network Routes Static routes 4 Click the menu icon for a static route and select Delete 5 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the co...

Page 192: ...icy based routing to forward the packet based on other criteria such as the source of the packet For example you can configure the Connect IT 16 48 device so that high priority traffic is routed through the cellular connection while all other traffic is routed through an Ethernet WAN connection Policy based routing for the Connect IT 16 48 device uses the following criteria to determine how to rou...

Page 193: ...set to tcp or udp n The network interface used to reach the destination Additional configuration items n A label for the routing policy n Whether packets that match this policy should be dropped when the gateway interface is disconnected rather than forwarded through other interfaces To configure a routing policy WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2...

Page 194: ...n Interface Matches the source IP address to the selected interface s network address n IPv4 address Matches the source IP address to the specified IP address or network Use the format IPv4_address netmask or use any to match any IPv4 address n IPv6 address Matches the source IP address to the specified IP address or network Use the format IPv6_address prefix_length or use any to match any IPv6 ad...

Page 195: ...y end config network route policy 0 New route policies are enabled by default To disable config network route policy 0 enable false config network route policy 0 4 Optional Set the label that will be used to identify this route policy config network route policy 0 label New route policy config network route policy 0 5 Set the interface on the Connect IT 16 48 device that will be used with this rou...

Page 196: ... network route policy 0 7 Select the IP version config network route policy 0 ip_version value config network route policy 0 where value is one of any ipv4 or ipv6 8 Set the protocol config network route policy 0 protocol value config network route policy 0 where value is one of n any All protocols are matched n tcp Source and destination ports are matched a Set the source port config network rout...

Page 197: ...MP protocol is matched Identify the ICMP type config network route policy 0 icmp_type value config network route policy 0 where value is the ICMP type and optional code or set to any to match for any ICMP type 9 Set the source address type config network route policy 0 src type value config network route policy 0 where value is one of n zone Matches the source IP address to the selected firewall z...

Page 198: ...ace wwan Current value config network route policy 0 src interface b Set the interface For example config network route policy 0 src interface network interface eth1 config network route policy 0 n address Matches the source IPv4 address to the specified IP address or network Set the address that will be matched config network route policy 0 src address value config network route policy 0 where va...

Page 199: ...dynamic_routes edge external internal ipsec loopback setup Default value any Current value any config network route policy 0 dst zone b Set the zone For example config network route policy 0 dst zone external config network route policy 0 See Firewall configuration for more information about firewall zones n interface Matches the destination IP address to the selected interface s network address S...

Page 200: ... to match any IPv4 address n address6 Matches the destination IPv6 address to the specified IP address or network Set the address that will be matched config network route policy 0 dst address6 value config network route policy 0 where value uses the format IPv6_address prefix_length or any to match any IPv6 address n mac Matches the destination MAC address to the specified MAC address Set the MAC...

Page 201: ... Information Protocol RIP service supports RIPng RFC2080 OSPFv2 The IPv4 Open Shortest Path First OSPF service supports OSPFv2 RFC2328 OSPFv3 The IPv6 Open Shortest Path First OSPF service supports OSPFv3 RFC2740 BGP The Border Gateway Protocol BGP service supports BGP 4 RFC1771 Babel The IPv4 and IPv6 Babel service IS IS The IPv4 and IPv6 Intermediate System to Intermediate System IS IS service C...

Page 202: ...ork with routing services and should be left as the default 5 Configure the routing services that will be used a Click to expand a routing service b Enable the routing service c Complete the configuration of the routing service 6 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on ...

Page 203: ...e true Enable zone dynamic_routes Zone Additional Configuration babel Babel bgp BGP isis IS IS ospfv2 OSPFv2 ospfv3 OSPFv3 rip RIP ripng RIPng config b Enable a routing service that will be used For example to enable the RIP service config network route service rip enable true config c Complete the configuration of the routing service For example use the to view the available parameters for the RI...

Page 204: ...yed 3 Click Status Routes The Network Routing window is displayed 4 Click IPv4 Load Balance to view IPv4 load balancing 5 Click IPv6 Load Balance to view IPv6 load balancing Command line 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin ...

Page 205: ...s well as the ability to provide a custom provider that is not included on the list of providers Configure dynamic DNS This section describes how to cofigure dynamic DNS on a Connect IT 16 48 device Required configuration items n Add a new Dynamic DNS service n The interface that has its IP address registered with the Dynamic DNS provider n The name of a Dynamic DNS provider n The domain name that...

Page 206: ...lect the interface that has its IP address registered with the Dynamic DNS provider 6 For Service select the Dynamic DNS provider or select custom to enter a custom URL for the Dynamic DNS provider 7 If custom is selected for Service type the Custom URL that should be used to update the IP address with the Dynamic DNS provider 8 Type the Domain name that is linked to the interface s IP address 9 T...

Page 207: ...3 Optional For Retry count type the number of times to retry a failed IP address update 14 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type ...

Page 208: ...dynamic DNS service Format custom 3322 org changeip com ddns com br dnsdynamic org Default value custom Current value custom config network ddns new_ddns_instance service b Set the service config network ddns new_ddns_instance service service_name config network ddns new_ddns_instance 6 If custom is configured for service set the custom URL that should be used to update the IP address with the Dyn...

Page 209: ...s 10m 11 Optional Set the amount of time to wait to force an update of the interface s IP address config network ddns new_ddns_instance force_interval value config network ddns new_ddns_instance where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set force_interval to ten minutes enter either 10m or 600s config network ddns new_ddns...

Page 210: ...onfigured as VRRP devices and assigned a priority The router with the highest priority will be used as the master router If the master router fails then the IP address of the virtual router is mapped to the backup device with the next highest priority Each VRRP router is configured with a unique LAN IP address and the same shared VRRP address VRRP VRRP is an extension to the VRRP standard that use...

Page 211: ...k connectivity WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network VRRP 4 For Add VRRP instance type a name for the VRRP instance and click The new VRRP instance configuration is displayed 5 Click Enable 6 For Interface select the interface...

Page 212: ...Pv4 or IPv6 address for a virtual IP of this VRRP instance d Optional Repeat to add additional virtual IPs 11 See Configure VRRP for information about configuring VRRP 12 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Acce...

Page 213: ... in the group The router with the highest priority will be used as the master router If the master router fails then the IP address of the virtual router is mapped to the backup device with the next highest priority If this device s actual IP address is being used as the virtual IP address of the VRRP pool then the priority of this device should be set to 255 Allowed values are from 1 and 255 and ...

Page 214: ...or information l Enable VRRP l WAN interfaces to be monitored by using VRRP Note SureLink is enabled by default on all WAN interfaces and should not be disabled on the WAN interfaces that are being monitored by VRRP If multiple WAN interfaces are being monitored on the same device the VRRP priority will be adjusted only if all WAN interfaces fail SureLink tests l The amount that the VRRP priority ...

Page 215: ...tional Click again to add additional interfaces 8 Optional For backup devices click to enable Monitor VRRP master This parameter allows a backup VRRP device to monitor the master device and increase its priority when the master device is failing SureLink tests This can allow a device functioning as a backup device to promote itself to master 9 For Priority modifier type or select the amount that t...

Page 216: ...ple LAN1 c For backup devices for Default Gateway type the IP address of the VRRP interface on the master device d Configure the VRRP interface s DHCP server to use a custom gateway that corresponds to one of the VRRP virtual IP addresses i Click to expand DHCP Server Advanced settings ii For Gateway select Custom iii For Custom gateway enter the IP address of one of the virtual IPs used by this V...

Page 217: ...the test target For example to configure SureLink to verify internet connectivity on the LAN by pinging my devicecloud com i For Test Type select Ping test ii For Ping host type my devicecloud com 11 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you ...

Page 218: ...value config where value is an integer between 1 and 254 The default is 10 Along with the priority settings for devices in this VRRP pool the amount entered here should be large enough to automatically demote a master device when SureLink connectivity fails For example if the VRRP master device has a priority of 100 and the backup device has a priority of 80 then weight should be set to an amount ...

Page 219: ...eth2 ipv4 gateway 192 168 3 1 config c For backup devices enable and configure SureLink on the VRRP interface i Determine the VRRP interface Generally this should be a LAN interface VRRP will then monitor the LAN using SureLink to determine if the interface has network connectivity and promote a backup to master if SureLink fails config show network vrrp VRRP_test interface network interface eth2 ...

Page 220: ...terface eth2 ipv4 surelink target 0 n dns Tests connectivity by sending a DNS query to the specified DNS server l Specify the DNS server Allowed value is the IP address of the DNS server config network interface eth2 ipv4 surelinktarget 0 dns_ server ip_address config network interface eth2 ipv4 surelinktarget 0 n dns_configured Tests connectivity by sending a DNS query to the DNS servers configur...

Page 221: ...t is considered to have failed config network interface eth2 ipv4 surelink target 0 interface_timeout value config network interface eth2 ipv4 surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interface_timeout to ten minutes enter either 10m or 600s config network interface eth2 ipv4 surelink target 0 interf...

Page 222: ...RRP on device one 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network VRRP 4 For Add VRRP instance type a name for the VRRP instance and click The new VRRP instance configuration is displayed ...

Page 223: ...xpand Virtual IP addresses 10 Click to add a virtual IP address 11 For Virtual IP type 192 168 3 3 Task 2 Configure VRRP on device one 1 Click to expand VRRP 2 Click Enable 3 Click to expand Monitor interfaces 4 Click to add an interface for monitoring 5 Select Interface WWAN 6 For Priority modifier type 30 Task 3 Configure the IP address for the VRRP interface ETH2 on device one 1 Click Network I...

Page 224: ...ommand line Task 1 Configure VRRP on device one 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Create the VRRP instance config add network vrrp VRRP_test confi...

Page 225: ...decreased or increased due to SureLink connectivity failure or success to 30 config network vrrp VRRP_test network vrrp VRRP_test vrrp_plus weight 30 config network vrrp VRRP_test Task 3 Configure the IP address for the VRRP interface ETH2 on device one 1 Type to return to the root of the config prompt config network vrrp VRRP_test config 2 Set the IP address for ETH2 config network interface eth2...

Page 226: ...save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure device two backup device WebUI Task 1 Configure VRRP on device two 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Dev...

Page 227: ... Task 2 Configure VRRP on device two 1 Click to expand VRRP 2 Click Enable 3 Click to expand Monitor interfaces 4 Click to add an interface for monitoring 5 Select Interface WWAN 6 Click to enable Monitor VRRP master 7 For Priority modifier type 30 Task 3 Configure the IP address for the VRRP interface ETH2 on device two 1 Click Network Interfaces ETH2 IPv4 2 For Address type 192 168 3 2 24 3 For ...

Page 228: ...st targets Test target 5 For Test Type select Ping test 6 For Ping host type my devicecloud com Task 5 Configure the DHCP server for ETH2 on device two 1 Click to expand Network Interfaces ETH2 IPv4 DHCP Server 2 For Lease range start type 200 3 For Lease range end type 250 4 Click Advanced settings 5 For Gateway select Custom 6 For Custom gateway enter 192 168 3 3 7 Click Apply to save the config...

Page 229: ...e network interface eth2 config network vrrp VRRP_test 6 Add the virtual IP address associated with this VRRP instance config network vrrp VRRP_test add virtual_address end 192 168 3 3 config network vrrp VRRP_test Task 2 Configure VRRP on device two 1 Enable VRRP config network vrrp VRRP_test vrrp_plus enable true config network vrrp VRRP_test 2 Add the interface to monitor config network vrrp VR...

Page 230: ...nk enable true config 2 Create a SureLink test target config add network interface eth2 ipv4 surelink target end config network interface eth2 ipv4 surelink target 0 3 Set the type of test to ping config network interface eth2 ipv4 surelink target 0 test ping config network interface eth2 ipv4 surelink target 0 4 Set my devicecloud com as the hostname to ping config network interface eth2 ipv4 sur...

Page 231: ...n and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show VRRP status and statistics This section describes how to display VRRP status and statistics for a Connect IT device VRRP status is available from the Web UI only WebUI 1 Log in...

Page 232: ...Status Proto State Virtual IP VRRP_test Up IPv4 Backup 10 10 10 1 VRRP_test Up IPv4 Backup 100 100 100 1 3 To display additional information about a specific VRRP instance at the Admin CLI prompt type show vrrp name name show vrrp name VRRP_test VRRP_test VRRP Status Enabled True Status Up Interface lan IPv4 Virtual IP address es 10 10 10 1 100 100 100 1 Current State Master Current Priority 100 L...

Page 233: ...ecurely connect two private networks together so that devices can connect from one network to the other using secure channels This chapter contains the following topics IPsec 234 OpenVPN 270 Generic Routing Encapsulation GRE 300 NEMO 320 Digi Connect IT 16 48 User Guide 233 ...

Page 234: ...de has limitations when using an authentication header because the IP addresses in the IP header cannot be translated for example with Network Address Translation NAT as it would invalidate the authentication hash value Internet Key Exchange IKE settings IKE is a key management protocol that allows IPsec to negotiate the security associations SAs that are used to create the secure IPsec tunnel Bot...

Page 235: ...SA key to authenticate with a remote peer that is using a corresponding public key Certificate based Authentication X 509 certificate based authentication makes use of private keys on both the server and client which are secured and never shared Both the server and client have a certificate which is generated with their respective private key and signed by a Certificate Authority CA The Connect IT...

Page 236: ...sec failover identify the primary tunnel during configuration of the backup tunnel n The Network Address Translation NAT keep alive time n The protocol either Encapsulating Security Payload ESP or Authentication Header AH n The management priority for the IPsec tunnel interface The active interface with the highest management priority will have its address reported as the preferred contact address...

Page 237: ...ed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set NAT keep alive time to ten minutes enter 10m or 600s The default is 40 seconds 5 Click to expand Tunnels 6 For Add IPsec tunnel type a name for the tunnel and click The new IPsec tunnel configuration is displayed 7 The IPsec tunnel is enabled by default To disable click Enable 8 ...

Page 238: ...utes associated with this IPsec tunnel When more than one active route matches a destination the route with the lowest metric is used The metric can also be used in tandem with SureLink to configure IPsec failover behavior See Configure IPsec failover for more information 12 Select the Mode either n Tunnel The entire IP packet is encrypted and or authenticated and then encapsulated as the payload ...

Page 239: ...at is used to decrypt the private key Leave blank if the private key is not encrypted iii For Certificate paste the local X 509 certificate in PEM format iv For Peer verification select either l Peer certificate For Peer certificate paste the peer s X 509 certificate in PEM format l Certificate Authority For Certificate Authority chain paste the Certificate Authority CA certificates These must inc...

Page 240: ...ame and sent as an ID_FQDN IKE identity For FQDN ID value type the ID as an FQDN n KeyID The ID will be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity For KEYID ID value type the key ID 19 Click to expand Remote endpoint a For Hostname select either a hostname or IP address If your device is not configured to initiate the IPsec connection see IKE Initiate connection you can also use...

Page 241: ...fine the network traffic that will be encapsulated by this tunnel a Click to create a new policy The new policy configuration is displayed b Click to expand Local network c For Type select one of the following n Address The address of a local network interface For Address select the appropriate interface n Network The subnet of a local network interface For Address select the appropriate interface...

Page 242: ...mple to set Phase 1 lifetime to ten minutes enter 10m or 600s f For Phase 2 lifetime enter the amount of time that the IKE security association expires after a successful negotiation and must be rekeyed Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Phase 2 lifetime to ten minutes enter 10m or 600s g For Lifetime margin ...

Page 243: ...l to be automatically restarted when failure occurs a To enable or disable dead peer detection click Enable b For Delay type the number of seconds between transmissions of dead peer packets Dead peer packets are only sent when the tunnel is idle c For Timeout type the number of seconds to wait for a response from a dead peer packet before assuming the tunnel has failed 23 Optional Click to expand ...

Page 244: ...ble false config vpn ipsec tunnel ipsec_example 4 Optional Set the tunnel to use UDP encapsulation even when it does not detect that NAT is being used config vpn ipsec tunnel ipsec_example force_udp_encap true config vpn ipsec tunnel ipsec_example 5 Set the firewall zone for the IPsec tunnel Generally this should be left at the default of ipsec config vpn ipsec tunnel ipsec_example zone zone confi...

Page 245: ... is used The metric can also be used in tandem with SureLink to configure IPsec failover behavior See Configure IPsec failover for more information config vpn ipsec tunnel ipsec_example metric value config vpn ipsec tunnel ipsec_example where value is any integer between 0 and 65535 7 Set the mode config vpn ipsec tunnel ipsec_example mode mode config vpn ipsec tunnel ipsec_example where mode is e...

Page 246: ... key on the remote host config vpn ipsec tunnel ipsec_example auth local_secret key config vpn ipsec tunnel ipsec_example b Set the remote pre shared key This must be the same as the local key on the remote host config vpn ipsec tunnel ipsec_example auth remote_secret key config vpn ipsec tunnel ipsec_example n rsasig Uses a private RSA key to authenticate with the remote peer a For the private_ke...

Page 247: ..._example auth peer_verify value config vpn ipsec tunnel ipsec_example where value is either l cert Uses the peer s X 509 certificate in PEM format for verification o For the peer_cert parameter paste the peer s X 509 certificate in PEM format config vpn ipsec tunnel ipsec_example auth peer_cert certificate config vpn ipsec tunnel ipsec_example l ca Uses the Certificate Authority chain for verifica...

Page 248: ...fault route n interface Select the Interface to be used as the local endpoint b Set the ID type config vpn ipsec tunnel ipsec_example local id type value config vpn ipsec tunnel ipsec_example where value is one of n auto The ID will be automatically determined from the value of the tunnels endpoints n raw Enter an ID and have it passed unmodified to the underlying IPsec stack Set the unmodified ID...

Page 249: ...Configure the remote endpoint a Set the hostname or IP address of the remote endpoint config vpn ipsec tunnel ipsec_example remote hostname value config vpn ipsec tunnel ipsec_example If your device is not configured to initiate the IPsec connection see ike initiate you can also use the keyword any which means that the hostname is dynamic or unknown b Set the ID type config vpn ipsec tunnel ipsec_...

Page 250: ...ipsec tunnel ipsec_example remote id rfc822_id id config vpn ipsec tunnel ipsec_example n keyid The ID will be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity Set the key ID config vpn ipsec tunnel ipsec_example remote id keyid_id id config vpn ipsec tunnel ipsec_example 15 Configure IKE settings a Set the IKE version config vpn ipsec tunnel ipsec_example ike version value config vpn...

Page 251: ...ree hours f Set the amount of time that the IKE security association expires after a successful negotiation and must be rekeyed config vpn ipsec tunnel ipsec_example ike phase2_lifetime value config vpn ipsec tunnel ipsec_example where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set phase2_lifetime to ten minutes enter either 10m ...

Page 252: ...the type of Diffie Hellman group to use for key exchange during phase 1 config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 dh_ group value config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 where value is one of ecp384 modp768 modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 or modp8192 The default is modp1024 v Optional Add additional phase 1 proposals i Move back one level...

Page 253: ... 2 config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 dh_ group value config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 where value is one of ecp384 modp768 modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 or modp8192 The default is modp1024 vi Optional Add additional phase 2 proposals i Move back one level in the schema config vpn ipsec tunnel ipsec_example ike phase2_prop...

Page 254: ...tination networks that require source NAT a Add a destination network config add vpn ipsec tunnel ipsec_example nat end config vpn ipsec tunnel ipsec_example nat 0 b Set the IPv4 address and optional netmask of a destination network that requires source NAT You can also use any meaning that any destination network connected to the tunnel will use source NAT config vpn ipsec tunnel ipsec_example na...

Page 255: ...s Format defaultip defaultlinklocal eth1 eth2 loopback sfp1 sfp2 wwan Current value config vpn ipsec tunnel ipsec_example policy 0 local address ii Set the interface For example config vpn ipsec tunnel ipsec_example policy 0 local address eth1 config vpn ipsec tunnel ipsec_example policy 0 n network The subnet of a local network interface Set the network i Use the to determine available interfaces...

Page 256: ...twork The keyword any can also be used config vpn ipsec tunnel ipsec_example policy 0 remote network value config vpn ipsec tunnel ipsec_example policy 0 19 Optional Change the NAT keep alive time a Change to the root of the configuration schema config vpn ipsec tunnel ipsec_example policy 0 config b config vpn ipsec advanced keep_alive value config where value is any number of weeks days hours mi...

Page 257: ...nfiguration both tunnels are active simultaneously and there is minimal downtime due to failover l Identify the preferred tunnel during configuration of the backup tunnel In this scenario the backup tunnel is not active until the preferred tunnel fails IPsec failover using SureLink With this configuration when two IPsec tunnels are configured with the same local and remote endpoints but different ...

Page 258: ...10 1 endpoint WebUI 1 Configure the primary IPsec tunnel See Configure an IPsec tunnel for instructions n During configuration of the IPsec tunnel set the metric to a low value for example 10 n Configure SureLink for the primary IPsec tunnel and enable Restart interface See Configure SureLink active recovery for IPsec for instructions 2 Create a backup IPsec tunnel Configure this tunnel to use the...

Page 259: ...c to a value that is higher than the metric of the primary tunnel for example 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel metric 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel IPsec failover using Preferred tunnel WebUI 1 Configure the primary IPsec tunnel See Configure an IPsec tunnel for instructions 2 Create a backup IPsec tunnel See Configure an IPsec tunnel for instructions 3 D...

Page 260: ...iguration items n A valid IPsec configuration See Configure an IPsec tunnel for configuration instructions n Enable IPsec active recovery n The behavior of the Connect IT 16 48 device upon IPsec failure either l Restart the IPsec interface l Reboot the device Additional configuration items n The interval between connectivity tests n Whether the interface should be considered to have failed if one ...

Page 261: ...o reboot when the WAN connection is considered to have failed 9 Change the Interval between connectivity tests Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Interval to ten minutes enter 10m or 600s The default is 15 minutes 10 For Success condition determine whether the interface should fail over based on the failure o...

Page 262: ...e or Test DNS servers configured for this interface IPv6 Tests connectivity by sending a DNS query to the DNS servers configured for this interface n Test the interface status or Test the interface status IPv6 The interface is considered to be down based on l Down time The amount of time that the interface can be down before this test is considered to have failed Allowed values are any number of w...

Page 263: ...g vpn ipsec tunnel ipsec_example config vpn ipsec tunnel ipsec_example 4 Enable active recovery config vpn ipsec tunnel ipsec_example connection_monitor enable true config vpn ipsec tunnel ipsec_example 5 To configure the device to restart the interface when its connection is considered to have failed config vpn ipsec tunnel ipsec_example connection_monitor restart true config vpn ipsec tunnel ips...

Page 264: ...the device should wait for a response to a probe attempt before considering it to have failed config vpn ipsec tunnel ipsec_example connection_monitor timeout value config vpn ipsec tunnel ipsec_example where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set timeout to ten minutes enter either 10m or 600s config vpn ipsec tunnel ips...

Page 265: ... Tests connectivity by sending a DNS query to the DNS servers configured for this interface n http IPv4 or http6 IPv6 Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL l Specify the url Allowed value uses the format http s hostname path config vpn ipsec tunnel ipsec_example connection_monitor target 0 http_url url config vpn ipsec tunnel ipsec_example connection_monit...

Page 266: ...le to set interface_timeout to ten minutes enter either 10m or 600s config vpn ipsec tunnel ipsec_example connection_monitor target 0 interface_timeout 600s config vpn ipsec tunnel ipsec_example connection_monitor target 0 The default is 60 seconds 12 Save the configuration and apply the change config vpn ipsec tunnel ipsec_example connection_monitor target 0 save Configuration saved 13 Type exit ...

Page 267: ... be presented with an Access selection menu Type quit to disconnect from the device Debug an IPsec configuration If you experience issues with an IPsec tunnel not being successfully negotiated with the remote end of the tunnel you can enable IPsec debug messages to be written to the system log See View system and event logs for more information about viewing the system log There are two methods to...

Page 268: ...rmation is written This is the equivalent of turning off debug messages for IPsec n 0 Basic auditing logs for example SA up SA down n 1 Generic control flow with errors Select this for basic debugging information n 2 More detailed debugging control flow n 3 Includes RAW data dumps in hexadecimal format n 4 Also includes sensitive material in dumps for example encryption keys To access the shell me...

Page 269: ... this for basic debugging information n 2 More detailed debugging control flow n 3 Includes RAW data dumps in hexadecimal format n 4 Also includes sensitive material in dumps for example encryption keys 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 270: ...ting mode also known as TUN n Bridging mode also known as TAP Routing TUN mode In routing mode each OpenVPN client is assigned a different IP subnet from the OpenVPN server and other OpenVPN clients OpenVPN clients use Network Address Translation NAT to route traffic from devices connected on its LAN interfaces to the OpenVPN server The manner in which the IP subnets are defined depends on the Ope...

Page 271: ...ranslation NAT to route traffic from devices connected on its LAN interfaces to the OpenVPN server l TAP OpenVPN managed Also know as bridging mode A more advanced implementation of OpenVPN The Connect IT 16 48 device creates an OpenVPN interface and uses standard interface configuration for example a standard DHCP server configuration l TAP Device only An alternate form of OpenVPN bridging mode i...

Page 272: ...for information about OpenVPN active recovery Additional configuration items n The route metric for the OpenVPN server n The range of IP addresses that the OpenVPN server will provide to clients n The TCP UDP port to use By default the Connect IT 16 48 device uses port 1194 n Access control list configuration to restrict access to the OpenVPN server through the firewall n Additional OpenVPN parame...

Page 273: ... OpenVPN server will use when providing IP addresses to clients The default is from 80 to 99 7 Optional Set the VPN port that the OpenVPN server will use The default is 1194 8 For Server managed certificates determine the method of certificate management If enabled the server will manage certificates If not enabled certificates must be created externally and added to the server 9 If Server managed...

Page 274: ... IPv6 address or network that can access the device s service type Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the service type d Click again to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the Connect IT 16 48...

Page 275: ...erver name device_type value config vpn openvpn server name where value is one of n TUN OpenVPN managed Also known as routing mode Each OpenVPN client is assigned a different IP subnet from the OpenVPN server and other OpenVPN clients OpenVPN clients use Network Address Translation NAT to route traffic from devices connected on its LAN interfaces to the OpenVPN server n TAP OpenVPN managed Also kn...

Page 276: ...tes edge external internal ipsec loopback setup Current value config vpn openvpn server name c Optional Set the route metric for the OpenVPN server If multiple active routes match a destination the route with the lowest metric will be used config vpn openvpn server name metric value config vpn openvpn server name where value is an interger between 0 and 65535 The default is 0 d Optional Set the ra...

Page 277: ...he server config vpn openvpn server name autogenerate false config vpn openvpn server name The default setting is false c If autogenerate is set to false i Set the authentication type config vpn openvpn server name authentication value config vpn openvpn server name where value is one of n cert Uses only certificates for client authentication Each client requires a public and private key n passwd ...

Page 278: ... server name add acl address end value config vpn openvpn server name Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the service type Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config vpn openvpn ser...

Page 279: ...limit access based on firewall zones config vpn openvpn server name add acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config vpn openvpn server name firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access co...

Page 280: ...on saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure an OpenVPN Authentication Group and User If username and password authentication is used for the OpenVPN server you must create an OpenVPN authentication group and user See Configure an OpenVPN server for information...

Page 281: ... for the group for example OpenVPN_Group and click The new authentication group configuration is displayed c Click OpenVPN access to enable OpenVPN access rights for users of this group d Click to expand the OpenVPN node e Click to add a tunnel f For Tunnel select an OpenVPN tunnel to which users of this group will have access g Repeat to add additional OpenVPN tunnels ...

Page 282: ...e a password for the user This password is used for local authentication of the user You can also configure the user to use RADIUS or TACACS authentication by configuring authentication methods See User authentication methods for information d Click to expand the Groups node e Click to add a group to the user f Select a Group with OpenVPN access enabled 5 Click Apply to save the configuration and ...

Page 283: ... access rights for users of this group config auth group OpenVPN_Group acl openvpn enable true 5 Add an OpenVPN tunnel to which users of this group will have access a Determine available tunnels config auth group OpenVPN_Group vpn openvpn server Servers A list of openvpn servers Additional Configuration OpenVPN_server1 OpenVPN server config auth group OpenVPN_Group b Add a tunnel config auth group...

Page 284: ...r the OpenVPN client n The login credentials for the OpenVPN client if configured on the OpenVPN server See Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 C...

Page 285: ...N file paste the content of the client ovpn file 11 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode conf...

Page 286: ...pn openvpn client name password value config vpn openvpn client name 7 Paste the content of the client ovpn file into the value of the config_file parameter config vpn openvpn client name config_file value config vpn openvpn client name 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be p...

Page 287: ...als for the OpenVPN client if configured on the OpenVPN server n Additional OpenVPN parameters See Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click VPN ...

Page 288: ... 11 For VPN server IP type the IP address of the OpenVPN server 12 Optional Set the VPN port used by the OpenVPN server The default is 1194 13 Paste the contents of the CA certificate usually in a ca crt file the Public key for example client crt and the Private key for example client key into their respective fields The contents will be hidden when the configuration is saved 14 Optional Click to ...

Page 289: ...ient type config vpn openvpn client name enable false config vpn openvpn client name 4 The default behavior is to use an OVPN file for client configuration To disable this behavior and configure the client manually config vpn openvpn client name use_file false config vpn openvpn client name 5 Set the mode used by the OpenVPN server config vpn openvpn client name device_type value config vpn openvp...

Page 290: ...envpn client name 10 Optional Set the port used by the OpenVPN server config vpn openvpn client name port port config vpn openvpn client name The default is 1194 11 Paste the contents of the CA certificate usually in a ca crt file into the value of the cacert parameter config vpn openvpn client name cacert value config vpn openvpn client name 12 Paste the contents of the public key for example cli...

Page 291: ... client connections to determine if the connection has failed and take remedial action Required configuration items n A valid OpenVPN client configuration See Configure an OpenVPN client by using an ovpn file or Configure an OpenVPN client without using an ovpn file for configuration instructions n Enable OpenVPN active recovery n The behavior of the Connect IT 16 48 device upon OpenVPN failure ei...

Page 292: ... the OpenVPN client click Active recovery 6 Enable active recovery 7 For Restart interface enable to configure the device to restart the interface when its connection is considered to have failed This is useful for interfaces that may regain connectivity after restarting such as a cellular modem 8 For Reboot device enable to instruct the device to reboot when the WAN connection is considered to ha...

Page 293: ...n Ping host You can also optionally change the number of bytes in the Ping payload size n DNS test or DNS test IPv6 Tests connectivity by sending a DNS query to the specified DNS server n HTTP test HTTP test IPv6 Tests connectivity by sending an HTTP or HTTPS GET request to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for thi...

Page 294: ...uration mode config config 3 Create a new OpenVPN client or edit an existing one n To create a new OpenVPN client see Configure an OpenVPN client by using an ovpn file or Configure an OpenVPN client without using an ovpn file n To edit an existing OpenVPN client change to the OpenVPN client s node in the configuration schema For example for an OpenVPN client named openvpn_client1 change to the ope...

Page 295: ...r based on the failure of one of the test targets or all of the test targets config vpn openvpn client openvpn_client1 connection_monitor success_ condition value config vpn openvpn client openvpn_client1 Where value is either one or all 9 Set the number of probe attempts before the WAN is considered to have failed config vpn openvpn client openvpn_client1 connection_monitor attempts num config vp...

Page 296: ...e size in bytes of the ping packet by using ping_size or ping_ size6 config vpn openvpn client openvpn_client1 connection_monitor target 0 ping_size num config vpn openvpn client openvpn_client1 connection_monitor target 0 n dns IPv4 or dns6 IPv6 Tests connectivity by sending a DNS query to the specified DNS server l Specify the DNS server Allowed value is the IP address of the DNS server config v...

Page 297: ...ig vpn openvpn client openvpn_client1 connection_monitor target 0 The default is 60 seconds l Optional Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed config vpn openvpn client openvpn_client1 connection_monitor target 0 interface_timeout value config vpn openvpn client openvpn_client1 connection_monitor target 0 where value i...

Page 298: ...cess Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 To display details about all configured OpenVPN servers type the following at the prompt show openvpn server all Server Enable Type Zone Address Port OpenVPN_server1 true tun internal 192 168 30 1 24 1194 OpenVPN_server2 false tun internal 192 168 40 1 24 1194 3 To di...

Page 299: ...Command line 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 To display details about all configured OpenVPN clients type the following at the prompt show openvpn client all Client Enable Status Username Use File Zone OpenVPN_Client1 true connected...

Page 300: ... the GRE tunnel The GRE tunnels are enabled by default l The local endpoint interface l The IP address of the remote device peer Additional configuration items n A GRE key n Enable the device to respond to keepalive packets Task One Create a GRE loopback endpoint interface WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configura...

Page 301: ...add network interface gre_interface config network interface gre_interface 4 Set the interface zone to internal config network interface gre_interface zone internal config network interface gre_interface 5 Set the interface device to loopback config network interface gre_interface device network device loopback config network interface gre_interface 6 Set the IP address and subnet mask of the loca...

Page 302: ...of the GRE endpoint on the remote peer 8 Optional For Key enter a key that will be inserted in GRE packets created by this tunnel It must match the key set by the remote endpoint Allowed value is an interger between 0 and 4294967295 or an IP address 9 Optional Enable keepalive reply to enable the device to reply to Cisco GRE keepalive packets 10 Click Apply to save the configuration and apply the ...

Page 303: ...onfig vpn iptunnel gre_example 6 Optional Set a key that will be inserted in GRE packets created by this tunnel The key must match the key set by the remote endpoint config vpn iptunnel gre_example key value config vpn iptunnel gre_example where value is an interger between 0 and 4294967295 or an IP address 7 Optional Enable the device to reply to Cisco GRE keepalive packets config vpn iptunnel gr...

Page 304: ... view information about currently configured GRE tunnels WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 On the menu click Status IP tunnels The IP Tunnelspage appears 3 To view configuration details about a GRE tunnel click the configuration icon in the upper right of the tunnel s status pane ...

Page 305: ...al b Device set to Ethernet Loopback c IPv4 Address set to the IP address of the local GRE tunnel 172 30 0 1 32 3 Create a GRE tunnel named gre_tunnel1 a Local endpoint set to the IPsec endpoint interface Interface ipsec_endpoint1 b Remote endpoint set to the IP address of the GRE tunnel on Connect IT 16 48 2 172 30 0 2 4 Create an interface named gre_interface1 and add it to the GRE tunnel a Zone...

Page 306: ...2 c IPv4 Address set to a virtual IP address on the GRE tunnel 172 31 1 1 30 Configuration procedures Configure the Connect IT 16 48 1 device Task one Create an IPsec tunnel WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click VPN IPsec Tunnels 4 Fo...

Page 307: ...ct IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add an IPsec tunnel named ipsec_gre1 config add vpn ipsec tunnel ipsec_gre1 config vpn ipsec tunnel ipsec_gre1 4 Set the pre shared ...

Page 308: ... policy 0 8 Set the local network address to the IP address and subnet of the local GRE tunnel 172 30 0 1 32 config vpn ipsec tunnel ipsec_gre1 policy 0 local custom 172 30 0 1 32 config vpn ipsec tunnel ipsec_gre1 policy 0 9 Set the remote network address to the IP address and subnet of the remote GRE tunnel 172 30 0 2 32 config vpn ipsec tunnel ipsec_gre1 policy 0 remote network 172 30 0 2 32 co...

Page 309: ...c endpoint interface WebUI 1 Click Network Interface 2 For Add Interface type ipsec_endpoint1 and click 3 For Zone select Internal 4 For Device select Ethernet loopback 5 Click to expand IPv4 6 For Address type the IP address of the local GRE tunnel 172 30 0 1 32 7 Click Apply to save the configuration and apply the change ...

Page 310: ...rface ipsec_endpoint1 device network device loopback config network interface ipsec_endpoint1 5 Set the IPv4 address to the IP address of the local GRE tunnel 172 30 0 1 32 config network interface ipsec_endpoint1 ipv4 address 172 30 0 1 32 config network interface ipsec_endpoint1 6 Save the configuration and apply the change config vpn ipsec tunnel ipsec_endpoint1 policy 0 save Configuration save...

Page 311: ...onfig vpn iptunnel gre_tunnel1 3 Set the local endpoint to the IPsec endpoint interface created in Task two network interface ipsec_endpoint1 config vpn iptunnel gre_tunnel1 local network interface ipsec_endpoint1 config vpn iptunnel gre_tunnel1 4 Set the remote endpoint to the IP address of the GRE tunnel on Connect IT 16 48 2 172 30 0 2 config vpn iptunnel gre_tunnel1 remote 172 30 0 2 config vp...

Page 312: ...vice WebUI 1 Click Network Interfaces 2 For Add Interface type gre_interface1 and click 3 For Zone select Internal 4 For Device select the GRE tunnel created in Task three IP tunnel gre_tunnel1 5 Click to expand IPv4 6 For Address type 172 31 0 1 30 for a virtual IP address on the GRE tunnel 7 Click Apply to save the configuration and apply the change ...

Page 313: ...nel1 config network interface gre_interface1 5 Set 172 31 0 1 30 as the virtual IP address on the GRE tunnel config network interface gre_interface1 ipv4 address 172 31 0 1 30 config network interface gre_interface1 6 Save the configuration and apply the change config network interface gre_interface1 save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration ...

Page 314: ...Click to expand Remote endpoint 8 For Hostname type public IP address of the Connect IT 16 48 1 device 9 Click to expand Policies 10 For Add Policy click to add a new policy 11 Click to expand Local network 12 For Type select Custom network 13 For Address type the IP address and subnet of the local GRE tunnel 172 30 0 2 32 14 For Remote network type the IP address and subnet of the remote GRE tunn...

Page 315: ... 1 device config vpn ipsec tunnel ipsec_gre2 remote hostname 192 168 100 1 config vpn ipsec tunnel ipsec_gre2 6 Add a policy config vpn ipsec tunnel ipsec_gre2 add policy end config vpn ipsec tunnel ipsec_gre2 policy 0 7 Set the local network policy type to custom config vpn ipsec tunnel ipsec_gre2 policy 0 local type custom config vpn ipsec tunnel ipsec_gre2 policy 0 8 Set the local network addre...

Page 316: ...ace type ipsec_endpoint2 and click 3 For Zone select Internal 4 For Device select Ethernet loopback 5 Click to expand IPv4 6 For Address type the IP address of the local GRE tunnel 172 30 0 2 32 7 Click Apply to save the configuration and apply the change Command line 1 At the command line type config to enter configuration mode config config ...

Page 317: ...erface ipsec_endpoint2 5 Set the IPv4 address to the IP address of the local GRE tunnel 172 30 0 2 32 config network interface ipsec_endpoint2 ipv4 address 172 30 0 2 32 config network interface ipsec_endpoint2 6 Save the configuration and apply the change config vpn ipsec tunnel ipsec_endpoint2 save Configuration saved Task three Create a GRE tunnel WebUI 1 Click VPN IP Tunnels 2 For Add IP Tunne...

Page 318: ...rk interface ipsec_endpoint2 config vpn iptunnel gre_tunnel2 local network interface ipsec_endpoint2 config vpn iptunnel gre_tunnel2 4 Set the remote endpoint to the IP address of the GRE tunnel on Connect IT 16 48 1 172 30 0 1 config vpn iptunnel gre_tunnel2 remote 172 30 0 1 config vpn iptunnel gre_tunnel2 5 Save the configuration and apply the change config vpn iptunnel gre_tunnel2 save Configu...

Page 319: ...change Command line 1 At the command line type config to enter configuration mode config config 2 Add an interface named gre_interface2 config add network interface gre_interface2 config network interface gre_interface2 3 Set the zone to internal config network interface gre_interface2 zone internal config network interface gre_interface2 4 Set the device to the GRE tunnel created in Task three vp...

Page 320: ...a tunnel between the home agent on the mobile private network and the Connect IT 16 48 device isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management Dynamic Mobile Network Routing DMNR is the implementation of NEMO for Verizon Wireless Private Networks DMNR support requires the use of Verizon SIM cards that have DMNR enable...

Page 321: ...efault To disable click to toggle off Enable 4 For Home IP address type the IPv4 address of the NEMO virtual network interface 5 For Zone select the firewall zone for the NEMO tunnel 6 For Home agent server IP address type the IPv4 address of the NEMO home agent This is provided by your cellular carrier 7 For Key type the key used to authenticate to the home agent This is provided by your cellular...

Page 322: ...lected specify the local network interface The default is Default route 13 Click to expand Local networks a For Add Interface click to add a local network to use as a virtual NEMO network interface b For Interface select the local interface to use as a virtual NEMO network interface Generally this will be the a Local Area Network LAN c Optional Repeat for additional interfaces 14 Click Apply to sa...

Page 323: ...rier config vpn nemo nemo_example lifetime integer config vpn nemo nemo_example Allowed values are any integer between 1 and 65535 8 MTU discovery is enabled by default which allows the device to determine the maximum transmission unit MTU size To disable config vpn nemo nemo_example mtu_discovery false config vpn nemo nemo_example If disabled set the MTU size The default MTU size for LANs on the ...

Page 324: ...ernal ipsec loopback setup Current value config vpn nemo nemo_example zone 11 Configure the Care of Address the local WAN interface of the internet facing network a Set the method to determine the Care of Address config vpn nemo nemo_example coaddress type value config vpn nemo nemo_example where value is one of n defaultroute Uses the same network interface as the default route n interface If int...

Page 325: ...local endpoint a Set the method to determine the GRE tunnel local endpoint config vpn nemo nemo_example tun_local type value config vpn nemo nemo_example where value is one of n defaultroute Uses the same network interface as the default route n interface If interface is used set the interface i Use the to determine available interfaces config vpn nemo nemo_example tun_local interface Interface Th...

Page 326: ... to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show NEMO status WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 On the menu select Status NEMO The NEMO page appears 3 To view configuration details about an NEMO tunnel click the configuration icon in the upper right of...

Page 327: ...e Agent 4 3 2 1 Care of Address 10 10 10 1 Interface wwan GRE Tunnel 10 10 10 1 4 3 2 1 Metric 255 MTU 1476 Lifetime Actual 600 Local Network Subnet Status lan1 192 168 2 1 24 Advertized LAN2 192 168 3 1 24 Advertized 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 328: ... access 349 Configure DNS 353 Simple Network Management Protocol SNMP 361 Location information 367 Modbus gateway 396 System time 413 Configure the system time 413 Network Time Protocol 415 Configure the device as an NTP server 416 Configure a multicast route 422 Ethernet network bonding 425 Enable service discovery mDNS 427 Use the iPerf service 431 Configure the ping responder service 436 Digi C...

Page 329: ...Firewall configuration for information on zones n See Set the idle timeout for Connect IT 16 48 users for information about setting the inactivity timeout for the web administration and SSH services To allow web administration or SSH for the External firewall zone Add the External firewall zone to the web administration service WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin ...

Page 330: ...b administration service config add service web_admin acl zone end external config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Add the External firewall zone to the SSH service WebUI 1 Log into the Conn...

Page 331: ...Services Allow remote access for web administration and SSH Digi Connect IT 16 48 User Guide 331 4 For Add Zone click 5 Select External 6 Click Apply to save the configuration and apply the change ...

Page 332: ...6 48 device by using the WebUI a browser based interface By default the web administration service is enabled and uses the standard HTTPS port 443 The default access control for the service uses the Internal firewall zone which means that only devices connected to the Connect IT 16 48 s LAN can access the WebUI If this configuration is sufficient for your needs no further configuration is required...

Page 333: ...s Web administration 4 Click Enable 5 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 En...

Page 334: ...evice s web administration service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the web administration service d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click...

Page 335: ...te paste the certificate and private key If SSL certificate is blank the device will use an automatically generated self signed certificate n The SSL certificate and private key must be in PEM format n The private key can use one of the following algorithms l RSA l DSA l ECDSA l ECDH Note Password protected certificate keys are not supported Example a Generate the SSL certificate and private key f...

Page 336: ... selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure access control n To limit access to specified IPv4 addresses and networks config add service web_admin acl address end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any N...

Page 337: ...nk local IP eth1 ETH1 eth2 ETH2 loopback Loopback sfp1 SFP1 sfp2 SFP2 wwan WWAN config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service web_admin acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone...

Page 338: ...service web_admin cert command Enclose the contents of certificate pem and key pem in quotes For example config service web_admin cert BEGIN CERTIFICATE MIID8TCCAtmgAwIBAgIULOwezcmbnQmIC9pT9txwCfUbkWQwDQYJKoZIhvcNAQEL BQAwgYcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBUFs b2hhMRMwEQYDVQQKDApNY0JhbmUgSW5jMRAwDgYDVQQLDAdTdXBwb3J0MQ8wDQYD VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGln...

Page 339: ...FevIqVkqp2wOmeLtI4o77y6uCbhfA6I GWTZEYECgYEA uDzlbPMRcWuUig0 CymOKlhEpx9qxid2Ike0G57ykFaEsKxVMKHkv yvAEHwazIEzlc2kcQrbLWnDQYx oKmXf87Y1T5AXs ml1PlepXgveKpKrWwORsdDBd OS34lyNJ0KCqqIzwAaf8lcSW tyShAZzvuH9GW9WlCc8g3ifp9WUCgYEA4WSSfqFkQLA09sI76VLvUqMbb31bNgOk ZuPg7uxuDk3yNY58LGQCoV8tUZuHtBJdrBDCtcJa5sasJZQrWUlZ8y 5zgCZmqQn MzTD062xaqTenL0jKgKQrWig4DpUUhfc4BFJmHyeitosDPG98oCxuh6HfuMOeM1v Xag6Z391VcsCgY...

Page 340: ...ryption protocols are allowed with HTTPS connections To enable legacy encryption protocols config service web_admin legacy_encryption true config 8 Optional Disable legacy port redirection Legacy port redirection is used to redirect client HTTP requests to the HTTPS service Legacy port redirection is enabled by default and normally these settings should not be changed To disable legacy port redire...

Page 341: ...r the SSH service Additional configuration items n Port to use for communications with the SSH service n Multicast DNS mDNS support n A private key to use for communications with the SSH service See Set the idle timeout for Connect IT 16 48 users for information about setting the inactivity timeout for the SSH service Enable or disable the SSH service The SSH service is enabled by default To disab...

Page 342: ... configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the service WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Co...

Page 343: ...n to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the Connect IT 16 48 device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Z...

Page 344: ...ccess the SSH service Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config add service ssh acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the SSH service Repeat this step to l...

Page 345: ... firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external internal ipsec loopback setup config Repeat this step to list additional firewall zones 4 Optional Set the private key in PEM format If not set the device will use an automatically generated key config servi...

Page 346: ...able false config 6 Optional Set the port number for this service The default setting of 22 normally should not be changed config service ssh port 24 config 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 347: ...e user s ssh directory The private and public keys are named id_rsa and id_rsa pub If you need to generate an SSH key pair you can use the ssh keygen application For example the following entry generates an RSA key pair in the user s ssh directory ssh keygen t rsa f ssh id_rsa The private key file is named id_rsa and the public key file is named id_rsa pub The pub extension is automatically append...

Page 348: ...line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add an SSH key for the user by using the ssh_key command and pasting or typing a public encryption key config add auth user maria ssh_key key_name key c...

Page 349: ...le timeout for Connect IT 16 48 users for information about setting the inactivity timeout for the telnet service Enable the telnet service The telnet service is disabled by default To enable the service WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed ...

Page 350: ...figuration click Device Configuration The Configuration window is displayed 3 Click Services telnet 4 Optional For Port enter the port number for the service Normally this should not be changed 5 Click Access control list to configure access control n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the IPv4 address or netw...

Page 351: ...s a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones d Click again to allow access through additional firewall zones 6 Multicast DNS mDNS is disabled by default mDNS is a protocol that resolves host names in small networks that do not have a DNS server To enable mDNS click Enable mDNS ...

Page 352: ...Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the Connect IT 16 48 device config add service telnet acl interface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network interface Interfaces Add...

Page 353: ...nable config service telnet mdns enable true config 5 Optional Set the port number for this service The default setting of 23 normally should not be changed config service telnet port 25 config 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type...

Page 354: ...items n Whether the device should cache negative responses n Whether the device should always perform DNS queries to all available DNS servers n Whether to prevent upstream DNS servers from returning private IP addresses n Additional DNS servers in addition to the ones associated with the device s network interfaces n Specific host names and their IP addresses ...

Page 355: ...t to IPv4 addresses that can access the DNS service d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s DNS service Allowed values are l A single IP address or host name l A network designation in CIDR notation ...

Page 356: ...calhost rebinding is enabled by default if Rebind protection is enabled This is useful for Real time Black List RBL servers 9 Optional To add additional DNS servers a Click DNS servers b For Add Server click c Optional Enter a label for the DNS server d For DNS server enter the IP address of the DNS server e Domain restricts the device s use of this DNS server based on the domain If no domain are ...

Page 357: ...can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the DNS service Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the Connect IT 16 48 device config add service dns acl interface end value config Where value is ...

Page 358: ...ewall zones 4 Optional Cache negative responses By default the device s DNS server caches negative responses Disabling this option may improve performance on networks with transient DNS results when one or more DNS servers may have positive results To disable config service dns cache_negative_responses false config 5 Optional Query all servers By default the device s DNS server queries all availab...

Page 359: ... 0 c To restrict the device s use of this DNS server based on the domain use the domain command If no domain are listed then all queries may be sent to this server config service dns server 0 domain domain config service dns server 0 d Optional Set a label for this DNS server config service dns server 0 label label config service dns server 0 9 Optional Add host names and their IP addresses that t...

Page 360: ...nfigure DNS Digi Connect IT 16 48 User Guide 360 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 361: ...you must configure the SNMP access control list to allow the device to receive the packets See Configure Simple Network Management Protocol SNMP Configure Simple Network Management Protocol SNMP Required configuration items n Enable SNMP n Firewall configuration using access control to allow remote connections to the SNMP agent n The user name and password used to connect to the SNMP agent Additio...

Page 362: ...ss to hosts connected through a specified interface on the Connect IT 16 48 device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown Se...

Page 363: ... can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the SNMP service Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config add service snmp acl address6 end value config Where value can be l A single IP address or host ...

Page 364: ...g Repeat this step to list additional interfaces n To limit access based on firewall zones config add service snmp acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering ...

Page 365: ...led by default To enable config service snmp mdns enable true config 9 Optional Set the authentication type Allowed values are MD5 or SHA The default is MD5 config service snmp auth_type SHA config 10 Optional Set the privacy passphrase If not set the password entered above is used config service snmp privacy pwd config 11 Optional Set the privacy protocol either DES or AES The default is DES conf...

Page 366: ...this device WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 Enable SNMP See Configure Simple Network Management Protocol SNMP for information about enabling and configuring SNMP support on the Connect IT 16 48 device 3 On the main menu click Status Under Services click SNMP The SNMP page is displayed 4 Click Download ...

Page 367: ...re your Connect IT 16 48 device to forward location messages either from the Connect IT 16 48 device or from external sources to a remote host Additionally the device can be configured to use a geofence to allow you to determine actions that will be taken based on the physical location of the device This section contains the following topics Configure the location service 368 Use a dead reckoning ...

Page 368: ...inutes or seconds and take the format number w d h m s For example to set Location update interval to ten minutes enter 10m or 600s 6 For information about configuring Location sources see the following a To configure a USB GNSS see Use a dead reckoning external USB GNSS receiver b To set a static location for the device see Configure the device to use a user defined static location c To accept lo...

Page 369: ...dule config service location gnss false config 4 Set the amount of time that the Connect IT 16 48 device will wait before polling location sources for updated location data config service location interval value config where value is any number of hours minutes or seconds and takes the format number h m s For example to set interval to ten minutes enter either 10m or 600s config service location i...

Page 370: ... it has been disabled WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Location Location sources usb 4 Click Enable the location source to disable the USB GNSS receiver or to enable it if it has been disabled 5 Alternatively you can als...

Page 371: ...ule config service location source 0 enable true config n To disable the module config service location source 0 enable false config 4 Alternatively you can use the index number to delete the USB location source config del service location 0 config 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration ...

Page 372: ...e type the altitude of the device Allowed values are an integer followed by m or km for example 100m or 1km 9 The location source is enabled by default Click Enable the location source to disable the location source or to enable it if it has been disabled 10 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admi...

Page 373: ...device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the device to accept location messages from external sources You can configure the Connect IT 16 48 device to accept NMEA and TAIP messages from external sources For example location enabled devices connected to the Connect IT 16 48 device can forward their location information...

Page 374: ... port Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the location server UDP port d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 a...

Page 375: ...dmin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a location source config add service location source end config service location source 0 4 Optional Set a label for this location source config service location source 0 label label config service location source 0 5 Set the type of location source to server config service location sourc...

Page 376: ...rt Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the Connect IT 16 48 device config add service location source 1 acl interface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network interface ...

Page 377: ... the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Forward location information to a remote host You can configure location clients on the Connect IT 16 48 device that forward location messages in either NMEA or TAIP format to a remote host Required configuration items n Enable the location service n The ...

Page 378: ... For Label type a description of the location destination server 6 For Destination server enter the hostname or IP address of the remote host to which location messages will be sent 7 For Destination server port enter the UDP or TCP port on the remote host to which location messages will be sent 8 For Communication protocol select either UDP or TCP 9 For Forward interval multiplier select the numb...

Page 379: ...ition velocity reports the latitude longitude and heading 12 For Outgoing message type select either NMEA or TAIP for the type of message that the device will forward to a remote host 13 Optional For Prepend text enter text to prepend to the forwarded message Two variables can be included in the prepended text n s Includes the Connect IT device s serial number in the prepended text n v Includes th...

Page 380: ...rding location data to this server See Configure the location service for more information about setting the Location update interval config service location forward 0 interval_multiplier int config service location forward 0 8 Set the protocol type for the messages Allowed values are taip or nmea the default is taip config service location forward 0 type nmea config service location forward 0 9 O...

Page 381: ... message type a Use the show command to determine the index number of the message type to be deleted config service location forward 0 show filter_nmea 0 gga 1 gll 2 gsa 3 gsv 4 rmc 5 vtg config service location forward 0 b Use the index number to delete the message type For example to delete the gsa index number 2 message type config service location forward 0 del filter_nmea 2 config service loc...

Page 382: ...essage type For example to delete the id index number 2 message type config service location forward 0 del filter_taip 2 config service location forward 0 To add a message type a Change to the filter_taip node config service location forward 0 filter_taip config service location forward 0 filter_taip b Use the add command to add the message type For example to add the id message type config servic...

Page 383: ...are etc Complex polygons can be defined n Actions that will be taken when the device s location triggers a geofence event You can define actions for two types of events l Actions taken when the device enters the boundary of the geofence or is inside the boundary when the device boots l Actions taken when the device exits the boundary of the geofence or is outside the boundary when the device boots...

Page 384: ...ten minutes enter 10m or 600s 6 For Boundary type select the type of boundary that the geofence will have n If Circular is selected a Click to expand Center b Type the Latitude and Longitude of the center point of the circle Allowed values are l For Latitude any integer between 90 and 90 with up to six decimal places l For Longitude any integer between 180 and 180 with up to six decimal places c F...

Page 385: ...e event n To define actions that will be taken when the device enters the geofence or is inside the geofence when it boots a Click to expand On entry b Optional Enable Bootup action to configure the device to perform the On entry actions if the device is inside the geofence when it boots c For Number of intervals type or select the number of Update Intervals that must take place prior to performin...

Page 386: ... script and it spawned processes Allowed values are any integer followed by one of the following b bytes KB k MB M GB G TB T For example the allocate one megabyte of memory to the script and its spawned processes type 1MB or 1M vi Sandbox is enabled by default This prevents the script from adversely affecting the system If you disable Sandbox the script may render the system unusable vii Repeat fo...

Page 387: ...pt to the system log v Optional For Maximum memory type the maximum amount of system memory that will be available for the script and it spawned processes Allowed values are any integer followed by one of the following b bytes KB k MB M GB G TB T For example the allocate one megabyte of memory to the script and its spawned processes type 1MB or 1M vi Sandbox is enabled by default This prevents the...

Page 388: ...urs minutes or seconds and takes the format number w d h m s For example to set update_interval to ten minutes enter either 10m or 600s config service location geofence test_geofence update_interval 600s config service location geofence test_geofence The default is 1m one minute 5 Set the boundary type for the geofence config service location geofence test_geofence boundary value config service lo...

Page 389: ... int config service location geofence test_geofence coordinates 0 longitude int config service location geofence test_geofence coordinates 0 where int is l For latitude any integer between 90 and 90 with up to six decimal places l For longitude any integer between 180 and 180 with up to six decimal places iii Configure additional vortices config service location geofence test_geofence coordinates ...

Page 390: ...fig service location geofence test_geofence coordinates 1 config service location geofence test_geofence coordinates add end config service location geofence test_geofence coordinates 2 latitude 44 925161 config service location geofence test_geofence coordinates 2 longitude 93 39589 config service location geofence test_geofence coordinates 2 config service location geofence test_geofence coordin...

Page 391: ...eturn to the root of the configuration config service location geofence test_geofence coordinates 3 config ii Add the action config add service location geofence test_geofence on_entry action end config service location geofence test_geofence on_entry action 0 d Set the type of action config service location geofence test_geofence on_entry action 0 type value config service location geofence test_...

Page 392: ...ion 0 max_memory value config service location geofence test_geofence on_entry action 0 where value is any integer followed by one of the following b bytes KB k MB M GB G TB T For example the allocate one megabyte of memory to the script and its spawned processes config service location geofence test_geofence on_entry action 0 max_memory 1MB config service location geofence test_geofence on_entry ...

Page 393: ...n config add service location geofence test_geofence on_exit action end config service location geofence test_geofence on_exit action 0 d Set the type of action config service location geofence test_geofence on_exit action 0 type value config service location geofence test_geofence on_exit action 0 where value is either l factory_erase Erases the device configuration when the action is triggered l...

Page 394: ...n 0 where value is any integer followed by one of the following b bytes KB k MB M GB G TB T For example the allocate one megabyte of memory to the script and its spawned processes config service location geofence test_geofence on_exit action 0 max_memory 1MB config service location geofence test_geofence on_exit action 0 v A sandbox is enabled by default to prevent the script from adversely affect...

Page 395: ...cess selection menu Type admin to access the Admin CLI 2 Use the show location command at the system prompt show location Location Status State enabled Source 192 168 2 3 Latitude 44 55 14 809 N 44 92078 Longitude 93 24 47 262 w 93 413128 Altitude 279 meters Velocity 0 meters per second Direction None Quality Standard GNSS 2D 3D UTC Date and Time Fri 26 Feb 2021 8 04 23 03 No of Satellites 7 3 Typ...

Page 396: ...vice Modbus gateway The Connect IT 16 48 supports the ability to function as a Modbus gateway to provide serial to Ethernet connectivity to Programmable Logic Controllers PLCs Remote Terminal Units RTUs and other industrial devices MODBUS provides client server communication between devices connected on different types of buses and networks and the Connect IT 16 48 gateway allows for communication...

Page 397: ...the connection type is serial o The serial port to be used l Modbus address or addresses to determine if messages should be forwarded to a destination device Additional configuration items n Server configuration l The packet mode l The maximum time between bytes in a packet l If the connection type is set to socket o The port to use o The inactivity timeout o Access control list l If the connectio...

Page 398: ...on The Configuration window is displayed 3 Click Services Modbus Gateway 4 Click Enable to enable the gateway 5 Click Debug to allow verbose logging in the system log Configure gateway servers 1 Click to expand Gateway Servers 2 For Add Modbus server type a name for the server and click The new Modbus gateway server configuration is displayed 3 The new Modbus gateway server is enabled by default T...

Page 399: ...et Inactivity timeout to ten minutes enter 10m or 600s 8 Optional If Connection type is set to Serial click Half duplex to enable half duplex two wire mode 9 Optional If Connection type is set to Socket click to expand Access control list n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the IPv4 address or network that ca...

Page 400: ...s 1 Click to expand Clients 2 For Add Modbus client type a name for the client and click The new Modbus gateway client configuration is displayed 3 The new Modbus gateway client is enabled by default Toggle off Enable the client to disable 4 For Connection type select Socket or Serial Available options in the gateway server configuration vary depending on this setting n If Socket is selected for C...

Page 401: ...ist n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the IPv4 address or network that can access the device s web administration service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the web adminis...

Page 402: ...ilter for incoming messages that contain the Modbus address of 10 type 10 To filter for all messages with addresses in the range of 20 to 30 type 20 30 To add additional address filters for this client click 14 For Fixed Modbus server address if request messages handled by this client should always be forwarded to a specific device type the device s Modbus address Leave at the default setting of 0...

Page 403: ...the command line type config to enter configuration mode config config 3 Enable the Modbus gateway config service modbus_gateway enable true config 4 Configure servers a Add a server config add service modbus_gateway server name config service modbus_gateway server name where name is a name for the server for example config add service modbus_gateway server test_modbus_server config service modbus...

Page 404: ...u iv Set the maximum allowable time between bytes in a packet config service modbus_gateway server test_modbus_server socket idle_gap value config service modbus_gateway server test_modbus_server where value is any number between 10 milliseconds and one second and take the format number ms s For example to set idle_gap to 20 milliseconds enter 20ms v Set the amount of time to wait before disconnec...

Page 405: ...ay server test_modbus_server where value is either rtu or ascii The default is rtu iii Set the maximum allowable time between bytes in a packet config service modbus_gateway server test_modbus_server serial idle_gap value config service modbus_gateway server test_modbus_server where value is any number between 10 milliseconds and one second and take the format number ms s For example to set idle_g...

Page 406: ...connection_type is set to socket i Set the IP protocol config service modbus_gateway client test_modbus_client socket protocol value config service modbus_gateway client test_modbus_client where value is either tcp or udp ii Set the port config service modbus_gateway client test_modbus_client socket port config service modbus_gateway client test_modbus_client where port is an integer between 1 and...

Page 407: ...t test_modbus_client inactivity_timeout 600s config service modbus_gateway client test_modbus_client vi Set the hostname or IP address of the remote host on which the Modbus server is running config service modbus_gateway client test_modbus_client remote_host ip_address hostname config service modbus_gateway client test_modbus_client n If connection_type is set to serial i Set the serial port i Us...

Page 408: ...eway client test_modbus_client broadcast true config service modbus_gateway client test_modbus_client e Set the maximum time to wait for a response to a message config service modbus_gateway client test_modbus_client response_ timeout value config service modbus_gateway client test_modbus_client Allowed values are between 1 millisecond and 700 milliseconds and take the format numberms For example ...

Page 409: ...efault setting of 0 to allow messages that match the Modbus address filter to be forwarded to devices based on the Modbuss address in the message h To adjust the Modbus server address downward by the specified value prior to delivering the message use adjust_server_address config service modbus_gateway client test_modbus_client adjust_ server_address value config service modbus_gateway client test...

Page 410: ...s Modbus Gateway The Modbus Gateway page appears Statistics related to the Modbus gateway server are displayed If the message Server connections not available is displayed this indicates that there are no connected clients n To view information about Modbus gateway clients click Clients n To view statistics that are common to both the clients and server click Common Statistics n To view configurat...

Page 411: ...y verbose Client Uptime modbus_socket_41 0 modbus_socket_21 0 modbus_serial_client 506 Common Statistics Configuration Updates 1 Client Configuration Failure 0 Server Configuration Failure 0 Configuration Load Failure 0 Incoming Connections 4 Internal Error 0 Resource Shortages 0 Servers modbus_socket Client Lookup Errors 0 Incoming Connections 4 Packet Errors 0 RX Broadcasts 0 RX Requests 12 TX E...

Page 412: ...t Errors 0 RX Responses 4 RX Timeouts 0 TX Broadcasts 0 TX Requests 4 modbus_serial_client Address Translation Errors 0 Connection Errors 0 Packet Errors 0 RX Responses 4 RX Timeouts 0 TX Broadcasts 0 TX Requests 4 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 413: ...can also be configured to use Network Time Protocol NTP In this configuration the device serves as an NTP server providing NTP services to downstream devices See Network Time Protocol for more information about NTP server support Configure the system time This procedure is optional The Connect IT 16 48 device s default system time configuration uses the Digi NTP server time devicecloud com and has...

Page 414: ... made to one will be reflected in the other See Configure the device as an NTP server for more information about NTP server configuration 6 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to...

Page 415: ...1 time server com config Note This list is synchronized with the list of servers included with NTP server configuration and changes made to one will be reflected in the other See Configure the device as an NTP server for more information about NTP server configuration 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your d...

Page 416: ...tream access to the Connect IT 16 48 device s NTP service n The time zone setting if the default setting of UTC is not appropriate To configure the Connect IT 16 48 device s NTP service WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services N...

Page 417: ...own See Firewall configuration for information about firewall zones d Click again to allow access through additional firewall zones Note By default the access control list for the NTP service is empty which means that all downstream hosts connected to the Connect IT 16 48 device can use the NTP service 6 Optional Add upstream NTP servers that the device will use to synchronize its time The default...

Page 418: ...ate location in the list of NTP servers The default setting is time devicecloud com n To delete the default NTP server time devicecloud com config del service ntp server 0 n To add the NTP server to the beginning of the list use the index value of 0 to indicate that it should be added as the first server config add service ntp server 0 time server com config n To add the NTP server to the end of t...

Page 419: ...s and networks config add service ntp acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the NTP server agent Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the Connect ...

Page 420: ...any dynamic_routes edge external internal ipsec loopback setup config Repeat this step to list additional firewall zones Note By default the access control list for the NTP service is empty which means that all downstream hosts connected to the Connect IT 16 48 device can use the NTP service 6 Optional Set the timezone for the location of your Connect IT 16 48 device The default is UTC config syst...

Page 421: ...uide 421 Africa Addis_Ababa config 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 422: ...eck Enable 6 Type the Source address for the route This must be a multicast IP address between 224 0 0 1 and 239 255 255 255 7 Type the Source port Ensure the port is not used by another protocol 8 Select a Source interface where multicast packets will arrive 9 Select a Destination interface that the Connect IT 16 48 device will use to send mutlicast packets 10 Click Apply to save the configuratio...

Page 423: ...aces config service multicast test src_interface Source interface Where the multicast packets will arrive IP routes do not have an effect in the incoming stream Format network interface defaultip network interface defaultlinklocal network interface eth1 network interface eth2 network interface loopback network interface sfp1 network interface sfp2 network interface wwan Current value config servic...

Page 424: ...face sfp2 network interface wwan Current value config service multicast test interface b Set the interface For example config service multicast test interface network interface eth1 config service multicast test 9 Save the configuration and apply the change config save Configuration saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access ...

Page 425: ...thernet devices in the bonded pool WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Ethernet bonding 4 For Add Bond device click The bond device is enabled by default To disable click to toggle off Enable 5 For Mode selected either n Act...

Page 426: ... admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a network bond config add network bond name config network bond name The new network bond is enabled by default To disable config network bond name enable false config network bond name 4 Set the mode config network bond name mode value config network bond name where value is either n a...

Page 427: ... Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Enable service discovery mDNS Multicast DNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server You can enable the Connect IT 16 48 device to use mDNS WebUI 1 Log into the Connect IT 16 48 WebUI as...

Page 428: ...n in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the mDNS service d Click again to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the Connect IT 16 48 device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow ...

Page 429: ...ditional IP addresses or networks n To limit access to specified IPv6 addresses and networks config add service mdns acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the mDNS service Repeat this step to list additional IP addresses or networks n To li...

Page 430: ... a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external internal ipsec loopback setup config Repeat this step to list additional firewall zones 5 Save the configuration and apply th...

Page 431: ... device s iPerf3 server may result in unpredictable results As a result Digi recommends using an iPerf client at version 3 or newer to connect to the Connect IT 16 48 device s iPerf3 server Required configuration items n Enable the iPerf server on the Connect IT 16 48 device n An iPerf3 client installed on a remote host iPerf3 software can be downloaded at https iperf fr iperf download php Additio...

Page 432: ... A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the iperf service d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the...

Page 433: ... At the command line type config to enter configuration mode config config 3 Enable the iPerf server config service iperf enable true config 4 Optional Set the port number for the iPerf server listening port The default is 5201 config service iperf port port_number config 5 Optional Set the access control list to restrict access to the iPerf server n To limit access to specified IPv4 addresses and...

Page 434: ...st of available interfaces Use network interface to display interface information config network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP eth1 ETH1 eth2 ETH2 loopback Loopback sfp1 SFP1 sfp2 SFP2 wwan WWAN config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service iperf acl zone...

Page 435: ...necting to host 192 168 2 1 port 5201 4 local 192 168 3 100 port 54934 connected to 192 168 1 1 port 5201 ID Interval Transfer Bandwidth Retr Cwnd 4 0 00 1 00 sec 26 7 MBytes 224 Mbits sec 8 2 68 MBytes 4 1 00 2 00 sec 28 4 MBytes 238 Mbits sec 29 1 39 MBytes 4 2 00 3 00 sec 29 8 MBytes 250 Mbits sec 0 1 46 MBytes 4 3 00 4 00 sec 31 2 MBytes 262 Mbits sec 0 1 52 MBytes 4 4 00 5 00 sec 32 1 MBytes ...

Page 436: ...rfaces and or zones n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the IPv4 address or network that can access the device s ping responder Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the ping re...

Page 437: ...s Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable the iPerf server config service iperf enable true config 4 Optional Set the port number for the iPerf server listening port The default is 5201 config service iperf port port_number config...

Page 438: ... service iperf acl interface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP eth1 ETH1 eth2 ETH2 loopback Loopback sfp1 SFP1 sfp2 SFP2 wwan WWAN config Repeat this s...

Page 439: ...nect IT 16 48 device For example iperf3 c 192 168 2 1 Connecting to host 192 168 2 1 port 5201 4 local 192 168 3 100 port 54934 connected to 192 168 1 1 port 5201 ID Interval Transfer Bandwidth Retr Cwnd 4 0 00 1 00 sec 26 7 MBytes 224 Mbits sec 8 2 68 MBytes 4 1 00 2 00 sec 28 4 MBytes 238 Mbits sec 29 1 39 MBytes 4 2 00 3 00 sec 29 8 MBytes 250 Mbits sec 0 1 46 MBytes 4 3 00 4 00 sec 31 2 MBytes...

Page 440: ...Services Configure the ping responder service Digi Connect IT 16 48 User Guide 440 iperf Done ...

Page 441: ... time This chapter contains the following topics Configure applications to run automatically 442 Run a Python application at the shell prompt 448 Start an interactive Python session 450 Digidevice module 451 Use the Human Interface Device HID module 476 Use Python to access serial ports 478 Use the Paho MQTT python library 479 Use the local REST API to configure the Connect IT 16 48 device 482 Sto...

Page 442: ... application should run l When the device boots l At a specified time l At a specified interval l During system maintenance Additional configuration items n A label used to identify the application n The action to take if the Python application finishes The actions that can be taken are l None l Restart the script l Reboot the device n The arguments for the Python application n Whether to write th...

Page 443: ...re n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied to the Connect IT 16 48 device n local path is the location on the Connect IT 16 48 device where the copied file will be placed For example To upload a Python application from a remote ho...

Page 444: ...click The schedule script configuration window is displayed Scheduled scripts are enabled by default To disable click Enable to toggle off 5 Optional For Label provide a label for the script 6 For Run mode select the mode that will be used to run the script Available options are n On boot The script will run once each time the device boots l If On boot is selected select the action that will be ta...

Page 445: ...nt to bin sh 8 Script logging options a Click to enable Log script output to log the script s output to the system log b Click to enable Log script errors to log script errors to the system log If neither option is selected only the script s exit code is written to the system log 9 For Maximum memory enter the maximum amount of memory available to be used by the script and its subprocesses using t...

Page 446: ...one of the following n boot The script will run once each time the device boots l If boot is selected set the action that will be taken when the script completes config system schedule script 0 exit_action action config system schedule script 0 where action is one of the following o none Action taken when the script exits o restart Runs the script repeatedly o reboot The device will reboot when th...

Page 447: ... and any related command line information If the script begins with then the script will be invoked in the location specified by the path for the script command Otherwise the default shell will be used equivalent to bin sh 7 Script logging options n To log the script s output to the system log config system schedule script 0 syslog_stdout true config system schedule script 0 n To log script errors...

Page 448: ... Type quit to disconnect from the device Run a Python application at the shell prompt Python applications can be run from a file at the shell prompt The Python application will run until it completes displaying output and prompting for additional user input if needed To interrupt the application enter CTRL C Note Python applications cannot be run from the Admin CLI You must access the device shell...

Page 449: ...ame remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied to the Connect IT 16 48 device n local path is the location on the Connect IT 16 48 device where the copied file will be placed For exa...

Page 450: ...e session is not available from the Admin CLI You must access the device shell in order to run Python applications from the command line See Authentication groups for information about configuring authentication groups that include shell access 1 Log into the Connect IT 16 48 command line as a user with shell access Depending on your device configuration you may be presented with an Access selecti...

Page 451: ... section contains the following topics Use digidevice cli to execute CLI commands 452 Use digidevice datapoint to upload custom datapoints to Digi Remote Manager 453 Use digidevice config for device configuration 455 Use Python to respond to Digi Remote Manager SCI requests 458 Use digidevice runtime to access the runtime database 466 Use Python to upload the device name to Digi Remote Manager 468...

Page 452: ...e Python session python Python 3 6 12 default Jan 11 2021 10 25 21 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the cli submodule from digidevice import cli 4 Execute a CLI command using the cli execute command function For example to print the system status and statistics to stdout using the show system command response cli execute show system print resp...

Page 453: ... 3 0 on linux Type help copyright credits or license for more information 3 Import the cli submodule from digidevice import cli 4 Use the help command with cli execute help cli execute Help on function execute in module digidevice cli execute command timeout 5 Execute a CLI command with the timeout specified returning the results 5 Use Ctrl D to exit the Python session You can also exit the sessio...

Page 454: ...les from digidevice import datapoint import time 4 Upload the datapoints to Remote Manager datapoint upload Velocity 69 units mph datapoint upload Temperature 24 geo_location 54 409469 1 718836 129 datapoint upload Emergency_Door closed timestamp time time 5 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Once the datapoints have been uploaded to Remote Manag...

Page 455: ...e Python session You can also exit the session using exit or quit Use digidevice config for device configuration Use the config Python module to access and modify the device configuration Read the device configuration 1 Log into the Connect IT 16 48 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to acces...

Page 456: ...he IPv4 address of the LAN interface cfg config load print interfaces get lan ipv4 address Which returns 192 168 2 1 24 Modify the device configuration Use the set and commit methods to modify the device configuration 1 Log into the Connect IT 16 48 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to acces...

Page 457: ...digidevice config 1 Log into the Connect IT 16 48 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 12 default Jan 11 2021 10 25 21 GCC 8 3 0 on linux Type help...

Page 458: ...ess the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 12 default Jan 11 2021 10 25 21 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the device_request module from digidevice import device_request 4 Create a function to handle the request from Remote Manager def handler ...

Page 459: ... requests data_service sci_request Note The value of the target_name parameter in the device_request element must correspond to the target parameter of the device_request register function in the Python script In this example the two are the same 4 Click Send Once that the request has been sent to the device the handler on the device is executed n On the device you will receive the following outpu...

Page 460: ...atus_callback status_cb Do not let the process finish so that it handles device requests while True time sleep 10 2 Upload the showsystem py application to the etc config scripts directory on two or more Digi devices In this example we will upload it to two devices and use the same request in Remote Manager to query both devices See Configure applications to run automatically for information about...

Page 461: ...ystem py ix Click Apply to save the configuration and apply the change Command line i Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI ii At the command line type config to enter configuration mode config config iii Add an application entry ...

Page 462: ... application config system schedule script 0 commands python etc config scripts showsystem py config system schedule script 0 viii Save the configuration and apply the change config save Configuration saved b Run the showsystem py application You can run the application by either rebooting the device or by running it from the shell prompt n To reboot the device i From the WebUI i From the main men...

Page 463: ...A3 device id 00000000 00000000 0000FFFF 485740BC targets requests device_request target_name myTarget my payload string device_request requests data_service sci_request 7 For the device_request element replace the value of target_name with showSystem This matches the target parameter of the device_request register function in the showsystem py application device_request target_name showSystem 8 Cl...

Page 464: ...00000000 0000FFFF 485740BC requests device_request target_name showSystem status 0 Model Digi Connect IT 16 48 Serial Number Connect IT 16 48 000023 Hostname Connect IT 16 48 MAC 00 40 D0 26 79 1C Hardware Version 50001959 01 A Firmware Version 21 2 39 67 Bootloader Version 1 Firmware Build Date Fri 26 Feb 2021 8 04 23 Schema Version 461 Timezone UTC Current Time Fri 26 Feb 2021 8 04 23 CPU 1 1 Up...

Page 465: ...ore information 3 Import the device_request submodule from digidevice import device_request 4 Use the help command with device_request help device_request Help on module digidevice device_request in digidevice NAME digidevice device_request APIs for registering device request handlers You can also use the help command with available device_request functions n Use the help command with device_reque...

Page 466: ...er an interactive Python session python Python 3 6 12 default Jan 11 2021 10 25 21 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the runt submodule from digidevice import runt 4 Use the start method to open the runtime database runt start 5 Use the keys method to display available keys in the runtime database and use the get method to print information fro...

Page 467: ... may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 12 default Jan 11 2021 10 25 21 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the runt submodule from digidevice import runt 4 Use start method to open...

Page 468: ...thon session You can also exit the session using exit or quit Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager When you use the name submodule to upload a custom device name to Remote Manager the following issues apply n If the name is being used by to another device in your Remote Manager acco...

Page 469: ...u may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 12 default Jan 11 2021 10 25 21 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the name submodule from digidevice import name 4 Upload the name to Remo...

Page 470: ...access the device location data The location submodule enables access to the location data for the Connect IT 16 48 device The module takes a snapshot of location data stored in the runt database The location data snapshot can be subsequently updated by using the update method Determine if the device s location 1 Log into the Connect IT 16 48 command line as a user with shell access Depending on y...

Page 471: ...object to return the longitude loc longitude 93 397084499999999 n Use the altitude object to return the altitude in meters loc altitude 292 39999399999999 7 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Update the location data The location submodule takes a snapshot of the current location and stores it in the runtime database You can update this snapsot 1...

Page 472: ...t location and stores it in the runtime database You can update this snapsot 1 Log into the Connect IT 16 48 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 1...

Page 473: ...rce_idx 0 num_satellites 12 source_idx 0 quality Standard GNSS 2D 3D source_idx 0 utc_date_time Feb 26 2021 8 04 23 source_idx 0 vertical_velocity 0 0 source_idx 1 label gnss source_idx 1 quality No Fix Invalid state Enabled signal utc_date_time Feb 26 2021 8 04 23 vertical_velocity 0 0 6 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Help for the digidevice...

Page 474: ...g exit or quit Use Python to send and receive SMS messages You can create Python scripts that send and receive SMS message in tandem with the Digi Remote Manager or Digi aView by using the digidevice sms module To use a script to send or receive SMS messages you must also enable the ability to schedule SMS scripting Enable the ability to schedule SMS scripting WebUI 1 Log into the Connect IT 16 48...

Page 475: ...e information about scheduling scripts Example digidevice sms code The following example code receives an SMS message and sends a response usr bin python DIGI SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE SOFTWARE AND ACCOMPANYING DOCUMENTATION IF ANY PROVIDED HEREUNDER IS PROVIDED AS IS AND WIT...

Page 476: ...now print Execution halted until a message is received or 60 seconds have passed acquire the semaphore and wait until a callback occurs COND acquire try COND wait 60 0 except Exception as err print exception occured while waiting print err COND release my_callback unregister_callback Use the Human Interface Device HID module The Python hid module provides a programmatic access to a USB Human Inter...

Page 477: ...product_id to return specific information about the keyboard or to read input from the keyboard hid Device 1008 36 product This returns information about the keyboard Basic USB Keyboard 6 To read input from the keyboard hid Device 1008 36 read 64 Which returns b x00 x00 x00 x00 x00 x00 x00 7 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Help for the hid mod...

Page 478: ... use the Python serial module to access serial ports on your Connect IT 16 48 device that are configured to be in Application mode For example you can configure USB ports to function serial ports and interact programmatically with those ports See Configure the serial port for information about configuring a serial port in Application mode and see Add a USB console port for information about config...

Page 479: ... python library Your Connect IT 16 48 device includes support for the Paho MQTT python library MQTT is a lightweight messaging protocol used to communicate with various applications including cloud based applications such as Amazon Web Services and Microsoft Azure The following is example code that reads some data from updates the device firmware then publishes information about DHCP clients and s...

Page 480: ...oad FW file from URI format fw_uri return HTTPStatus NOT_FOUND try ret cli execute system firmware update file fname 60 except print Failed to run firmware update command return HTTPStatus INTERNAL_SERVER_ERROR if not Firmware update completed in ret print Failed to update firmware return HTTPStatus INTERNAL_SERVER_ERROR finally os remove fname print Firmware update finished return HTTPStatus OK C...

Page 481: ...rameters Supported commands fw update params uri firmware_file_URL reboot params try m json loads msg payload cid m cid cmd m cmd try payload m params except payload None except print Invalid command format format msg payload if not cid Return if client ID not passed return None send_cmd_reply client msg topic cid cmd HTTPStatus BAD_REQUEST try status CMD_HANDLERS cmd payload except print Invalid ...

Page 482: ...ig ram ram_used client publish PREFIX_EVENT system json dumps msg runt start serial runt get system serial PREFIX router serial PREFIX_EVENT event PREFIX PREFIX_CMD cmd PREFIX PREFIX_RSP rsp PREFIX client mqtt Client client on_connect on_connect client on_message on_message try client connect 192 168 1 100 1883 60 client loop_start except print Failed to connect to MQTT server sys exit 1 while Tru...

Page 483: ...termine allowed values for path from the Admin CLI 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type question mark config auth Authentic...

Page 484: ...on curl k u admin https 192 168 210 1 cgi bin config cgi value service ssh X GET Enter host password for user admin ok true result type object path service ssh collapsed acl zone 0 internal acl zone 1 edge acl zone 2 ipsec acl zone 3 setup enable true key mdns enable true mdns name mdns type _ssh _tcp port 22 protocol 0 tcp You can also use the GET method to return the configuration parameters ass...

Page 485: ... array use the POST method with the path and append parameters For example to add the external firewall zone to the ssh service curl k u admin https 192 168 210 1 cgi bin config cgi value path service ssh acl zone append true value external X POST Enter host password for user admin ok true result service ssh acl zone 4 Use the DELETE method to remove items from a list array To remove items from a ...

Page 486: ...em script stop name command Command line 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Determine the name of scripts that are currently running system script stop 0 script1 1 script2 3 Stop the appropriate script system script stop script1 4 Save...

Page 487: ...s Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the show scripts command at the system prompt show scripts Index Label Script Enabled Status Run time 0 mgmt_intf_fixup bin sh x send_mgmt_intf_update pri runt get network mgmt log default if pri pri then default_net runt dump network route default grep m 1 o interfa...

Page 488: ...script information Digi Connect IT 16 48 User Guide 488 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 489: ...methods 490 Authentication groups 497 Local users 506 Terminal Access Controller Access Control System Plus TACACS 518 Remote Authentication Dial In User Service RADIUS 524 LDAP 529 Disable shell access 537 Set the idle timeout for Connect IT 16 48 users 538 Example user configuration 540 Digi Connect IT 16 48 User Guide 489 ...

Page 490: ...S or RADIUS n local users Groups Associates access permissions for a group You can modify the released groups and create additional groups as needed for your site A user can be assigned to more than one group n admin Provides the logged in user with administrative and shell access n serial Provides the logged in user with access to serial ports Users Defines local users for the Connect IT 16 48 n ...

Page 491: ...thentication Dial In User Service RADIUS for information about configuring RADIUS authentication n TACACS Users authenticated by using a remote TACACS server for authentication See Terminal Access Controller Access Control System Plus TACACS for information about configuring TACACS authentication n LDAP Users authenticated by using a remote LDAP server for authentication See LDAP for information a...

Page 492: ...ce Configuration The Configuration window is displayed 3 Click Authentication Methods 4 For Add Method click 5 Select the appropriate authentication type for the new method from the Method drop down Note Authentication methods are attempted in the order they are listed until the first successful authentication result is returned See Rearrange the position of authentication methods for information ...

Page 493: ...Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI b At the command line type config to enter configuration mode config config c Use the show auth method command to display the current authentication methods configuration config show auth method 0 local config n To add the new authentication method to the beginning of the li...

Page 494: ...selection menu Type quit to disconnect from the device Delete an authentication method WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Methods 4 Click the menu icon next to the method and select Delete 5 Click Apply to save the c...

Page 495: ...ntication method as displayed by the example show command above config del auth method 2 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Rearrange the position of authentication methods WebUI Authentication...

Page 496: ...In the Method drop down select Local users 7 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config conf...

Page 497: ...hen logging into the Connect IT 16 48 via ssh telnet or the serial console Shell access is not available if the Allow shell parameter has been disabled See Disable shell access for more information about the Allow shell parameter n Serial access Users with Serial access have the ability to log into the Connect IT 16 48 device by using the serial console Preconfigured authentication groups The Conn...

Page 498: ... serial to expand its configuration node 5 Click the box next to the following options as appropriate to enable or disable access rights for each n Admin access For groups assigned Admin access you can also determine whether the Access level should be Full access or Read only access l Full access provides users of this group with the ability to manage the Connect IT 16 48 device by using the WebUI...

Page 499: ...ccess the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable or disable access rights for the group For example n Admin access l To set the access level for Admin access of the admin group config auth group admin acl admin level value config where value is either o full provides users of this group with the ability to manage the Connect IT 16 48 device b...

Page 500: ...min acl serial enable true config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Add an authentication group Required configuration items n The access rights to be assigned to users that are assigned to th...

Page 501: ...you can also determine whether the Access level should be Full access or Read only access where value is either l Full access full provides users of this group with the ability to manage the Connect IT 16 48 device by using the WebUI or the Admin CLI l Read only access read only provides users of this group with read only access to the WebUI and Admin CLI The default is Full access full n Shell ac...

Page 502: ...onitoring by checking the box next to Nagios access 10 Optional Enable users that belong to this group to access the Bluetooth scanning service by checking the box next to Bluetooth scanner access 11 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you ...

Page 503: ...e Allow shell parameter n Serial access config auth group test acl serial enable true config 5 Optional Configure the serial ports to which users of the group have access config auth group test acl serial add ports end port1 config auth group test 6 Optional Configure captive portal access a Return to the config prompt by typing three periods config auth group test config b Enable captive portal a...

Page 504: ... saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete an authentication group By default the Connect IT 16 48 device has two preconfigured authentication groups admin and serial These groups cannot be deleted To delete an authentication group that you have created WebUI 1 Lo...

Page 505: ...uration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth group groupname 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presente...

Page 506: ...word for the device and is the most critical security feature for the device If you reset the device to factory defaults you must log in using the default user and password and you should immediately change the password to a custom password Before deploying or mounting the Connect IT 16 48 device record the default password so you have the information available when you need it even if you cannot ...

Page 507: ... 3 Click Authentication Users 4 Click the username to expand the user s configuration node 5 For Password enter the new password The password must be at least ten characters long and must contain at least one uppercase letter one lowercase letter one number and one special character You can also change the password for the active user by clicking the user name in the menu bar The active user must ...

Page 508: ...ration you may be presented with an Access selection menu Type quit to disconnect from the device Configure a local user Required configuration items n A username n A password The password must be at least ten characters long and must contain at least one uppercase letter one lowercase letter one number and one special character For security reasons passwords are stored in hash form There is no wa...

Page 509: ...figure a local user WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users 4 In Add User type a name for the user and click The user configuration window is displayed The user is enabled by default To disable click to toggle off E...

Page 510: ...configuring groups a Click to expand Groups b For Add Group click c For Group select an appropriate group Note Every user must be configured with at least one group You can add multiple groups to a user by clicking Add again and selecting the next group 8 Optional Add SSH keys for the user to use passwordless SSH login a Click SSH keys b In Add SSH key paste or type a public encryption key that th...

Page 511: ... ten minutes enter 10m or 600s g In Valid code window size type the allowed number of concurrently valid codes In cases where TOTP is being used increasing the Valid code window size may be necessary when the clocks used by the server and client are not synchronized h For Login limit type the number of times that the user is allowed to attempt to log in during the Login limit period Set Login limi...

Page 512: ...percase letter one lowercase letter one number and one special character config auth user new_user password pwd config auth user new_user 5 Configure login failure lockout settings The login failure lockout feature is enabled by default To disable config auth user new_user lockout enable false config auth user new_user a Set the number of unsuccessful login attempts before the user is locked out o...

Page 513: ...index number of the group to be deleted config auth user new_user show group 0 admin 1 serial config auth user new_user b Type the following config auth user new_user del group n config auth user new_user Where n is index number of the authentication method to be deleted For example to delete the serial group as displayed by the example show command above config auth user new_user del group 1 conf...

Page 514: ...le device to generate passcodes e For time based verification only enable disallow_reuse to prevent a code from being used more than once during the time that it is valid config auth user new_user 2fa disallow_reuse true config auth user new_user 2fa f For time based verification only configure the code refresh interval This is the amount of time that a code will remain valid config auth user new_...

Page 515: ...in_limit_period to ten minutes enter either 10m or 600s config auth user name 2fa login_limit_period 600s config auth user name 2fa The default is 30s j Scratch codes are emergency codes that may be used once at any time To add a scratch code i Change to the user s scratch code node config auth user new_user 2fa scratch_code config auth user new_user 2fa scratch_code ii Add a scratch code config a...

Page 516: ...r with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users 4 Click the menu icon next to the name of the user to be deleted and select Delete 5 Click Apply to save the configuration and apply the change ...

Page 517: ...n Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth user username 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type ...

Page 518: ...ntials and connection parameters to a TACACS server over TCP The TACACS server then authenticates the TACACS client requests and sends back a response message to the device When you are using TACACS authentication you can have both local users and TACACS users able to log in to the device To use TACACS authentication you must set up a TACACS server that is accessible by the Connect IT 16 48 device...

Page 519: ...do gedit etc tacacs tac_plus conf 2 Add users to the file using the following format This example will create two users one with admin and serial access and one with only serial access user user1 name User1 for Connect IT 16 48 pap cleartext password1 service system groupname admin serial user user2 name User2 for Connect IT 16 48 pap cleartext password2 service system groupname serial The groupna...

Page 520: ...erver and only authenticated locally if the TACACS server is unavailable or if the user is not defined on the TACACS server then you should list the TACACS authentication method prior to the Local users authentication method See User authentication methods for more information about authentication methods If the TACACS servers are unavailable and the Connect IT 16 48 device falls back to local aut...

Page 521: ...testing123 e Optional Click again to add additional TACACS servers 5 Optional Enable Authoritative to prevent other authentication methods from being used if TACACS authentication fails Other authentication methods will only be used if the TACACS server is unavailable 6 Optional For Group attribute type the name of the attribute used in the TACACS server s configuration to identify the Connect IT ...

Page 522: ...epending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Optional Prevent other authentication methods from being used if TACACS authentication fails Other authentication methods will only be used if the TACACS server is unavailable config auth tacacs aut...

Page 523: ...tname hostname ip address config auth tacacs server 0 c Optional Change the default port setting to the appropriate port config auth tacacs server 0 port port config auth tacacs server 0 d Optional Repeat the above steps to add additional TACACS servers 7 Add TACACS to the authentication methods Authentication methods are attempted in the order they are listed until the first successful authentica...

Page 524: ...RADIUS server over UDP The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device When you are using RADIUS authentication you can have both local users and RADIUS users able to log in to the device To use RADIUS authentication you must set up a RADIUS server that is accessible by the Connect IT 16 48 device prior to configuration The process of...

Page 525: ...16 48 Alternatively if the user is also configured as a local user on the Connect IT 16 48 device and the RADIUS server authenticates the user but does not return any groups the local configuration determines the list of groups See Authentication groups for more information about authentication groups The Unix FTP Group Names attribute can contain one group or multiple groups in a comma separated ...

Page 526: ...es how to configure a Connect IT 16 48 device to use a RADIUS server for authentication and authorization Required configuration items n Define the RADIUS server IP address or domain name n Define the RADIUS server shared secret n Add RADIUS as an authentication method for your Connect IT 16 48 device Additional configuration items n Whether other user authentication methods should be used in addi...

Page 527: ...default value is 3 f Optional Click again to add additional RADIUS servers 5 Optional Enable Authoritative to prevent other authentication methods from being used if RADIUS authentication fails Other authentication methods will only be used if the RADIUS server is unavailable 6 Optional Click RADIUS debug to enable additional debug messages from the RADIUS client 7 Optional For NAS ID type the uni...

Page 528: ...ype admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Optional Prevent other authentication methods from being used if RADIUS authentication fails Other authentication methods will only be used if the RADIUS server is unavailable config auth radius authoritative true config 4 Optional Enable debug messages from the RADIUS client config auth...

Page 529: ...g methods to the beginning or middle of the list config add auth method end radius config 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device LDAP Your Connect IT 16 48 device supports LDAP Lightweight Director...

Page 530: ...i Connect IT 16 48 User Guide 530 This section contains the following topics LDAP user configuration 531 LDAP server failover and fallback to local configuration 532 Configure your Connect IT 16 48 device to use an LDAP server 532 ...

Page 531: ...using the following format dn uid john dc example dc com objectClass inetOrgPerson cn John Smith sn Smith uid john userPassword password ou admin serial n The value of uid and userPassword must correspond to the username and password used to log into the Connect IT 16 48 device n The ou attribute is optional If used the value must correspond to authentication groups configured on your Connect IT 1...

Page 532: ...ver then you should list the LDAP authentication method prior to the Local users authentication method See User authentication methods for more information about authentication methods If the LDAP servers are unavailable and the Connect IT 16 48 device falls back to local authentication only users defined locally on the device are able to log in LDAP users cannot log in until the LDAP servers are ...

Page 533: ...sed if the LDAP server is unavailable 6 For TLS connection select the type of TLS connection used by the server n Disable TLS Uses a non secure TCP connection on the LDAP standard port 389 n Enable TLS Uses an SSL TLS encrypted connection on port 636 n Start TLS Makes a non secure TCP connection to the LDAP server on port 389 then sends a request to upgrade the connection to a secure TLS connectio...

Page 534: ...owed value is between 3 and 60 seconds 13 Add LDAP to the authentication methods a Click Authentication Methods b For Add method click c Select LDAP for the new method from the Method drop down Authentication methods are attempted in the order they are listed until the first successful authentication result is returned See Rearrange the position of authentication methods for information about rear...

Page 535: ...here value is either n true Verifies the server certificate with a known Certificate Authority n false Does not verify the certificate Use this option if the server is using a self signed certificate The default is true 6 Set the distinguished name DN that is used to bind to the LDAP server and search for users Leave this option unset if the server allows anonymous connections config auth ldap bin...

Page 536: ...address or hostname config auth ldap server 0 hostname hostname ip address config auth ldap server 0 c Optional Change the default port setting to the appropriate port config auth ldap server 0 port port config auth ldap server 0 d Optional Repeat the above steps to add additional LDAP servers 12 Add LDAP to the authentication methods Authentication methods are attempted in the order they are list...

Page 537: ...I as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication 4 Click to disable Allow shell Note If shell access is disabled re enabling it will erase the device s configuration and perform a factory reset 5 Click Apply to save the configuration and apply the change Command line 1 Lo...

Page 538: ...sconnect from the device Set the idle timeout for Connect IT 16 48 users To configure the amount of time that the user s active session can be inactive before it is automatically disconnected set the Idle timeout parameter By default the Idle timeout is set to 10 minutes WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configurati...

Page 539: ... 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config auth idle_timeout value where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set idle_timeout to ten minutes enter either 10m or 600s config auth idle_timeout 600s config 4 Save the configuration and apply the change config...

Page 540: ...lick System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users 4 In Add User enter a name for the user and click The user configuration window is displayed 5 Enter a Password for the user 6 Assign the user to the admin group a Click Groups b For Add Group click c For Group select the admin group d Verify that the admin group has full a...

Page 541: ... IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Verify that the admin group has full administrator rights config show auth group admin acl admin enable true level full config If admi...

Page 542: ...e presented with an Access selection menu Type quit to disconnect from the device Example 2 RADIUS TACACS and local authentication for one user Goal To create a user with administrator rights who is authenticated by using all three authentication methods In this example when the user attempts to log in to the Connect IT 16 48 device user authentication will occur in the following order 1 The user ...

Page 543: ...TP Group Names parameter c Save and close the users file 2 Configure a user on the TACACS server a On the ubuntu machine hosting the TACACS server open the etc tacacs tac_plus conf file sudo gedit etc tacacs tac_plus conf b Add a TACACS user to the tac_plus conf file user admin1 name Admin1 for TX64 pap cleartext password1 service system groupname admin In this example n The user s username is adm...

Page 544: ...ew method d For the new method select TACACS e Click to add another new method f For the new method select Local users 6 Create the local user a Click Authentication Users b In Add User type admin1 and click c For password type password1 d Assign the user to the admin group i Click Groups ii For Add Group click iii For Group select the admin group a Verify that the admin group has full administrat...

Page 545: ...RADIUS user to the users file admin1 Cleartext Password password1 Unix FTP Group Names admin In this example n The user s username is admin1 n The user s password is password1 n The authentication group on the Connect IT 16 48 device admin is identified in the Unix FTP Group Names parameter c Save and close the users file 2 Configure a user on the TACACS server a On the ubuntu machine hosting the ...

Page 546: ... authentication methods a Determine the current authentication method configuration config show auth method 0 local config This output indicates that on this example system only local authentication is configured b Add RADIUS authentication to the beginning of the list config add auth method 0 radius config c Add TACACS authentication second place in the list config add auth method 1 tacacs config...

Page 547: ...e Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Example 3 Multiple users with specific serial port access Goal To create two RADIUS users that do not have configuration access to the Connect IT 16 48 but have access rights to specific serial ports In this example we will create two users n serialuser1 wit...

Page 548: ...ps serialgroup1 and serialgroup2 a In Add Group type serialgroup1 and click b Repeat for the second group For Add Group type serialgroup2 and click c For serialgroup1 i Click Serial access to enable serial access ii Click Serial ports iii For Add Port click iv For Port select Port 1 d For serialgroup2 i Click Serial access to enable serial access ii Click Serial ports iii For Add Port click iv For...

Page 549: ... users file Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure the device to use RADIUS authentication config add auth method end radius Not...

Page 550: ...g auth group add serialgroup2 config auth group serialgroup2 9 Enable serial access for serialgroup2 config auth group serialgroup2 acl serial enable true config auth group serialgroup2 10 Limit the user s access to serial ports 2 4 and 8 config auth group serialgroup2 add acl serial ports end port2 config auth group serialgroup2 add acl serial ports end port4 config auth group serialgroup2 add ac...

Page 551: ...8 User Guide 551 sudo gedit etc freeradius 3 0 users b Add the users to the users file serialuser1 Cleartext Password password1 Unix FTP Group Names serialgroup1 serialuser2 Cleartext Password password2 Unix FTP Group Names serialgroup2 c Save and close the users file ...

Page 552: ...er contains the following topics Firewall configuration 553 Port forwarding rules 557 Packet filtering 564 Configure custom firewall rules 571 Configure Quality of Service options 573 Digi Connect IT 16 48 User Guide 552 ...

Page 553: ...interfaces involved in the initial setup of the device By default the firewall will only allow this zone to access administration services l IPsec The default zone for IPsec tunnels l Dynamic routes Used for routes learned using routing services n Port forwarding A list of rules that allow network connections to the Connect IT 16 48 to be forwarded to other servers by translating the destination a...

Page 554: ...nterfaces to use a zone Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add the new zone For example to add a zone named my_zone config add firewal...

Page 555: ...stom zones as well The firewall zone that a network interfaces uses is selected during interface configuration This example procedure uses an existing network interface named ETH2 and changes the firewall zone from the default zone Internal to External WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Con...

Page 556: ...tion you may be presented with an Access selection menu Type quit to disconnect from the device Delete a custom firewall zone You cannot delete preconfigured firewall zones To delete a custom firewall zone WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displaye...

Page 557: ...events users on a public network from accessing servers on the private network To allow a computer on the Internet to connect to a specific server on a private network set up one or more port forwarding rules Port forwarding rules provide mapping instructions that direct incoming traffic to the proper device on a LAN Configure port forwarding Required configuration items n The network interface fo...

Page 558: ...off Enable 5 Optional Type a Label that will be used to identify the rule 6 For Interface select the network interface for the rule Network connections will only be forwarded if their destination address matches the IP address of the selected network interface 7 For IP version select either IPv4 or IPv6 Network connections will only be forwarded if they match the selected IP version 8 For Protocol...

Page 559: ...ply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config add firewall dn...

Page 560: ...pv6 The default is ipv4 config firewall dnat 0 ip_version ipv6 config firewall dnat 0 6 Set the public facing port number that network connections must use for their traffic to be forwarded config firewall dnat 0 port port config firewall dnat 0 7 Set the type of internet protocol config firewall dnat 0 protocol value config firewall dnat 0 Network connections will only be forwarded if they match ...

Page 561: ...address l For IPv4 addresses config firewall dnat 0 acl add address end ip address config firewall dnat 0 acl l For IPv6 addresses config firewall dnat 0 acl add address6 end ip address config firewall dnat 0 acl Repeat for each appropriate IP address n To specify the firewall zone for white listing config firewall dnat 0 acl add zone end zone Repeat for each appropriate zone To view a list of ava...

Page 562: ... user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Port forwarding 4 Click the menu icon next to the appropriate port forwarding rule and select Delete 5 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with ...

Page 563: ...l no address6 no zone enable false interface lan1 ip_version ipv6 label IPv6 port forwarding rule port 10002 protocol tcp to_address6 c097 4533 bd63 bb12 9a6f 5569 4b53 c29a to_port 10003 config 4 To delete the rule use the index number with the del command For example config del firewall dnat 1 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the A...

Page 564: ...uired configuration items n The action that the packet filtering rule will perform either Accept Reject or Drop n The source firewall zone Packets originating from interfaces on this zone will be monitored by this rule n The destination firewall zone Packets destined for interfaces on this zone will be accepted rejected or dropped by this rule Additional configuration requirements n A label for th...

Page 565: ...ing network connections and does not send a reply 6 Select the IP version 7 Select the Protocol 8 For Source zone select the firewall zone that will be monitored by this rule for incoming connections from network interfaces that are a member of this zone See Firewall configuration for more information about firewall zones 9 For Destination zone select the firewall zone Packets destined for network...

Page 566: ...op dst_zone internal enable true ip_version any label myfilter protocol any src_zone external config b Select the appropriate rule by using its index number config firewall filter 1 config firewall filter 1 To create a new packet filtering rule config add firewall filter end config firewall filter 1 Packet filtering rules are enabled by default To disable the rule config firewall filter 1 enable f...

Page 567: ...one my_zone config firewall filter 1 6 Set the destination firewall zone Packets destined for network interfaces that are members of this zone will either be accepted rejected or dropped by this rule See Firewall configuration for more information about firewall zones config firewall filter 1 dst_zone my_zone config firewall filter 1 7 Set the IP version config firewall filter 1 ip_version value c...

Page 568: ...e menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Packet filtering 4 Click the appropriate packet filtering rule 5 Click Enable to toggle the rule between enabled and disabled 6 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access ...

Page 569: ... config 4 To enable a packet filtering rule use the index number with the enable true command For example config firewall filter 1 enable true 5 To disable a packet filtering rule use the index number with the enable false command For example config firewall filter 1 enable false 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Dependi...

Page 570: ...e change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Determine the index number of the packet filtering rule you want to delete config show fir...

Page 571: ... of a script of shell commands that can be used to install firewall rules ipsets and other system configuration These commands are run whenever system configuration changes occur that might cause changes to the firewall To configure custom firewall rules WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device C...

Page 572: ...Firewall Configure custom firewall rules Digi Connect IT 16 48 User Guide 572 7 Click Apply to save the configuration and apply the change ...

Page 573: ...our device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure Quality of Service options Quality of Service QoS options allow you to manage the traffic performance of various services such as Voice over IP VoIP cloud computing traffic shaping traffic prioritizing and bandwidth allocation When configuring QOS you can only control the q...

Page 574: ...riate for your network 8 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable one of t...

Page 575: ...nterface For example config firewall qos 0 interface network interface eth1 config 5 Examine the remaining default settings and modify as appropriate for your network 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from th...

Page 576: ...al For Interface bandwidth Mbit set the maximum egress bandwidth of the interface in megabits allocated to this binding Typically this should be 95 of the available bandwidth Allowed value is any integer between 1 and 1000 9 Create a policy for the binding At least one policy is required for each binding Each policy can contain up to 30 rules a Click to expand Policy b For Add Policy click The QoS...

Page 577: ...icy rules will be dropped g If Default is disabled you must configure at least one rule i Click to expand Rule ii For Add Rule click The QoS binding policy rule configuration window is displayed New QoS binding policy rules are enabled by default To disable click Enable iii Optional Type a Label for the binding policy rule iv For Type Of Service type the value of the Type of Service ToS packet hea...

Page 578: ...pe n Any Traffic destined for anywhere will be matched n Interface Only traffic destined for the selected Interface will be matched n IPv4 address Only traffic destined for the IP address typed in IPv4 address will be matched Use the format IPv4_address netmask or use any to match any IPv4 address n IPv6 address Only traffic destined for the IP address typed in IPv6 address will be matched Use the...

Page 579: ...or the new binding config firewall qos 2 label my_binding config firewall qos 2 5 Set the interface to queue egress packets on The binding will only match traffic that is being sent out on this interface a Use the to determine available interfaces config firewall qos 2 interface Interface The network interface Format network interface defaultip network interface defaultlinklocal network interface ...

Page 580: ...nding_policy config firewall qos 2 policy 0 d Set a value for the amount of available bandwidth allocated to the policy relative to other policies for this binding The larger the weight with respect to the other policy weights the larger portion of the maximum bandwidth is available for this policy For example if a binding contains three policies and each policy contains a weight of 10 each policy...

Page 581: ...ule config firewall qos 2 policy 0 rule 0 iv Set the value of the Type of Service ToS packet header that defines packet priority If unspecified this field is ignored config firewall qos 2 policy 0 rule 0 tos value config firewall qos 2 policy 0 rule 0 where value is a hexadecimal number See https www tucny com Home dscp tos for a list of common TOS values v Set the IP protocol matching criteria fo...

Page 582: ...aultlinklocal network interface eth1 network interface eth2 network interface loopback network interface sfp1 network interface sfp2 network interface wwan Current value config network qos 2 policy 0 rule 0 src interface ii Set the interface For example config network qos 2 policy 0 rule 0 src interface network interface eth1 config network qos 2 policy 0 rule 0 n address Only traffic from the IP ...

Page 583: ...tched Set the interface i Use the to determine available interfaces config network qos 2 policy 0 rule 0 dst interface Interface Match the IP address with the specified interface s network address Format network interface defaultip network interface defaultlinklocal network interface eth1 network interface eth2 network interface loopback network interface sfp1 network interface sfp2 network interf...

Page 584: ... 0 src address6 value config network qos 2 policy 0 rule 0 where value uses the format IPv6_address prefix_length or any to match any IPv6 address Repeat to add a new rule Up to 30 rules can be configured 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selectio...

Page 585: ...system firmware 589 Update cellular module firmware 593 Reboot your Connect IT 16 48 device 597 Erase device configuration and reset to factory defaults 599 Configuration files 605 Schedule system maintenance tasks 610 Disable device encryption 617 Configure the speed of your Ethernet ports 619 Digi Connect IT 16 48 User Guide 585 ...

Page 586: ...ion use the show system command n Show basic system information 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Enter show system at the prompt show system Model Digi Connect IT 16 48 Serial Number Connect IT 16 48 000065 SKU Connect IT 16 48 Hostn...

Page 587: ...ion 19 7 23 0 15f936e0ed Schema Version 715 Timezone UTC Current Time Fri 26 Feb 2021 8 04 23 0000 CPU 1 4 Uptime 6 days 6 hours 21 minutes 57 seconds 541317s Temperature 40C Disk Load Average 0 09 0 10 0 08 RAM Usage 127 843MB 1880 421MB 6 Disk etc config Usage 18 421MB 4546 371MB 0 Disk opt Usage 4523 46MB 549 304MB 822 Disk overlay Usage MB MB Disk tmp Usage 0 007MB 256 0MB 0 Disk var Usage 1 7...

Page 588: ...f the device 7 For Banner type a banner message that will be displayed when users log into terminal services on the device 8 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Adm...

Page 589: ...with the following naming convention platform version bin For example Connect IT 16 48 21 2 39 67 bin Manage firmware updates using Digi Remote Manager If you have a network of many devices you can use Digi Remote Manager Profiles to manage firmware updates Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same versio...

Page 590: ...te version of the device firmware 5 Click Update Firmware Update firmware from a local file 1 Download the Connect IT 16 48 operating system firmware from the Digi Support FTP site to your local machine 2 Log into the Connect IT 16 48 WebUI as a user with Admin access 3 On the main menu click System Under Administration click Firmware Update 4 Click Choose file 5 Browse to the location of the firm...

Page 591: ...o the Connect IT 16 48 device n local path is the location on the Connect IT 16 48 device where the copied file will be placed For example scp host 192 168 4 1 user admin remote home admin bin Connect IT 16 48 21 2 39 67 bin local etc config to local admin 192 168 4 1 s password adminpwd Connect IT 16 48 21 2 39 67 bin 100 36MB 11 1MB s 00 03 4 Verify that the firmware file has been successfully u...

Page 592: ...t is used to boot the device n A copy of the firmware that was in use prior to your most recent firmware update When the device reboots it will attempt to use the current firmware version If the current firmware version fails to load after three consecutive attempts it is marked as invalid and the device will use the previous firmware version stored in the alternate memory bank If the device consi...

Page 593: ...firmware Update cellular module firmware You can update modem firmware by downloading firmware from the Digi firmware repository or by uploading firmware from your local storage onto the device You can also schedule modem firmware updates See Schedule system maintenance tasks for details WebUI 1 Optional Download the appropriate modem firmware from the Digi repository to your local machine 2 Log i...

Page 594: ...there is new firmware available for your modem and performing an OTA modem firmware update 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the modem firmware ota check command to determine if new modem firmware is available on the Digi firmware...

Page 595: ...Digi firmware repository use the version parameter to identify the appropriate firmware version as determined using the modem firmware ota check or modem firmware ota list command For example modem firmware ota update version 24 01 5x4_ATT Retrieving download location for modem firmware 24 01 5x4_ATT Downloading modem firmware 24 01 5x4_ATT to opt LE910C4_NF Custom_ Firmware Modem firmware 24 01 5...

Page 596: ... Admin CLI 2 Use the modem firmware check command to determine if new modem firmware is available on local device modem firmware check Checking for latest ATT firmware in flash Newest firmware version available in flash is 05 05 58 00_ATT_005 026_000 Modem firmware up to date 05 05 58 00_ATT_005 026_000 modem firmware check 3 Use the modem firmware list command to list available firmware on the Co...

Page 597: ...nfiguration you may be presented with an Access selection menu Type quit to disconnect from the device Reboot your Connect IT 16 48 device You can reboot the Connect IT 16 48 device immediately or schedule a reboot for a specific time every day Note You may want to save your configuration settings to a file before rebooting See Save configuration to a file ...

Page 598: ...CLI 2 At the prompt type reboot Schedule reboots of your device WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Select System Scheduled tasks 4 For Reboot time enter the time of the day that the device should reboot using the format HH MM The device ...

Page 599: ...to synchronize its time with an NTP server the device will reboot after it has been up for 24 hours See System time for information about configuring NTP servers 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the dev...

Page 600: ... After resetting the device a Connect to the Connect IT 16 48 by using the serial port or by using an Ethernet cable to connect the Connect IT 16 48 ETH2 port to your PC b Log into the Connect IT 16 48 User name Use the default user name admin Password Use the unique password printed on the bottom label of the device or the printed label included in the package Note If your device was manufactured...

Page 601: ...ee Change the default password for the admin user for instructions c Reset the default password for the admin account See Change the default password for the admin user for further information Reset the device by using the Reset button 1 Locate the Reset button on your device 2 Press and hold the Reset button perform a device reset The Reset button has two modes n Configuration reset l Press and r...

Page 602: ...hts Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt enter revert config revert config 4 Set the password for the admin user prior to saving the changes config auth user admin password pwd config 5 Save the configuration and ...

Page 603: ... System Under Configuration click Configuration Maintenance The Configuration Maintenance windows is displayed 4 In the Configuration backup section click SAVE Do not set a Passphrase for the configuration backup The file will be downloaded using your browser s standard download process 5 After the configuration backup file has been downloaded rename the file to custom default config bin 6 Upload ...

Page 604: ...n your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Enter the following system backup opt custom default config bin type archive Backup saved as opt custom default config bin 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the devi...

Page 605: ...es which also applies the changes If you do not save configuration changes the system discards the changes WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Make any necessary configuration changes 4 Click Apply to save the configuration and apply the ...

Page 606: ...eys and other information 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 On the main menu click System Under Configuration click Configuration Maintenance The Configuration Maintenance windows is displayed 3 In the Configuration backup section a Optional To encrypt the configuration using a passphrase for Passphrase save restore enter the passphrase b Click SAVE The file will ...

Page 607: ... ip user username remote remote path local local path to remote where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the location on the remote host where the file will be copied n local path is the path and filename on the Connect IT 16 48 device For example scp host 192 168 4 1 user admin remote home admin ...

Page 608: ...ed with an Access selection menu Type admin to access the Admin CLI 2 If the configuration backup is on a remote host use scp to copy the file from the host to your device scp host hostname or ip user username remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is th...

Page 609: ...ame of the configuration backup file on the Connect IT 16 48 s filesystem local path in the previous step n passphrase optional is the passphrase to restore the configuration backup if a passphrase was used when the backup was created For example system restore opt backup archive 0040FF800120 21 2 39 67 19 23 42 bin ...

Page 610: ...ration items n Custom scripts that should be run as part of the configuration check WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Scheduled tasks System maintenance 4 For Start time type the time of day that the maintenance window shou...

Page 611: ...e window If updated firmware is found it will then be installed Modem firmware update looks for updated firmware both on the local device and over the network using either a WAN or cellular connection 8 Optional Click to enable Configuration check to allow for the configuration to be updated including by custom scripts during the maintenance window 9 Optional Configure automated checking for devic...

Page 612: ...the format number w d h m s For example to set Interval to ten minutes enter 10m or 600s l Click to enable Run single to run only a single instance of the script at a time If Run single is not selected a new instance of the script will be started at every interval regardless of whether the script is still running from a previous interval n Set time Runs the script at a specified time of the day l ...

Page 613: ...and line 1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Schedule system maintenance a Configure the time of day that the maintenance window should start using ...

Page 614: ...onfigure the device to look for any updated modem firmware during the maintenance window If updated firmware is found it will then be installed The device will look for updated firmware both on the local device and over the network using either a WAN or cellular connection system schedule maintenance modem_fw_update value config where value is either true or false yes or no and 1 or 0 are also all...

Page 615: ... script 0 where action is one of the following o none Action taken when the script exits o restart Runs the script repeatedly o reboot The device will reboot when the script completes n interval The script will start running at the specified interval within 30 seconds after the configuration change is saved If interval is selected l Set the interval config system schedule script 0 on_interval valu...

Page 616: ...quivalent to bin sh e Script logging options n To log the script s output to the system log config system schedule script 0 syslog_stdout true config system schedule script 0 n To log script errors to the system log config system schedule script 0 syslog_stderr true config system schedule script 0 If syslog_stdout and syslog_stderr are not enabled only the script s exit code is written to the syst...

Page 617: ...ice This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped When device encryption is disabled the following occurs n The device is reset to the default configuration and rebooted n After the reboot l Access to the device via the WebUI and SSH are disabled l All internet connectivity is disabled including WAN and...

Page 618: ...ect from the device Re enable cryptography after it has been disabled To re enable cryptography 1 Configure your PC network to connect to the 192 168 210 subnet For example on a Windows PC a Select the Properties of the relevant network connection on the Windows PC b Click the Internet Protocol Version 4 TCP IPv4 parameter c Click Properties The Internet Protocol Version 4 TCP IPv4 Properties dial...

Page 619: ... the Connect IT 16 48 device at the IP address of 192 168 210 1 4 Log into the device n Username admin n Password The default unique password for your device is printed on the device label 5 At the shell prompt type rm etc config nocrypt flatfsd i This will re enable encryption and leave the device at its factory default setting Configure the speed of your Ethernet ports You can configure the spee...

Page 620: ...1 Log into the Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config network device eth_port value where n eth_port is the name of the Ethernet port...

Page 621: ...the speed of your Ethernet ports Digi Connect IT 16 48 User Guide 621 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 622: ...Monitoring This chapter contains the following topics intelliFlow 623 Configure NetFlow Probe 630 Digi Connect IT 16 48 User Guide 622 ...

Page 623: ...usage over time intelliFlow charts are dymanic at any point you can click inside the chart to drill down to view more granular information and menu options allow you to change various aspects of the information being displayed Note When intelliFlow is enabled it adds an estimated 50MB of data usage for the device by reporting the metrics to Digi Remote Manager Enable intelliFlow Required configura...

Page 624: ...on menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable IntelliFlow config monitoring intelliflow enable true 4 Set the firewall zone Internal clients that are being monitored by IntelliFlow should be present on the specified zone a Determine available zones config monitoring intelliflow zone Zone The firewall zone which is as...

Page 625: ...Set the zone to be used by IntelliFlow config monitoring intelliflow zone my_zone 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 626: ...og into the Connect IT 16 48 WebUI as a user with Admin access 2 If you have not already done so enable intelliFlow See Enable intelliFlow 3 From the menu click Status intelliFlow The System Utilisation chart is displayed n Display more granular information 1 Click and drag over an area in the chart to zoom into that area and provide more granular information 2 Release to display the selected port...

Page 627: ...2 Select the time period to be displayed n Save or print the chart 1 Click the menu icon 2 To save the chart to your local filesystem select Export to PNG 3 To print the chart select Print chart Use intelliFlow to display top data usage information With intelliFlow you can display top data usage information based on the following n Top data usage by host n Top data usage by server n Top data usage...

Page 628: ... display the Top Data Usage by Server chart click Top Data Usage by Server n To display the Top Data Usage by Service chart click Top Data Usage by Service 5 Change the type of chart that is used to display the data a Click the menu icon b Select the type of chart 6 Change the number of top users displayed You can display the top five top ten or top twenty data users ...

Page 629: ...t Use intelliFlow to display data usage by host over time To generate a chart displaying a host s data usage over time WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 If you have not already done so enable intelliFlow See Enable intelliFlow 3 From the menu click Status intelliFlow 4 Click Host Data Usage Over Time n Display more granular information a Click and drag over ...

Page 630: ...ectors Required configuration items n Enable NetFlow n The IP address of a NetFlow collector Additional configuration items n The NetFlow version n Enable flow sampling and select the flow sampling technique n The number of flows from which the flow sampler can sample n The number of seconds that a flow is inactive before it is exported to the NetFlow collectors n The number of seconds that a flow...

Page 631: ...thod is used Each flow is accounted n Deterministic Selects every nth flow where n is the value of Flow sampler population n Random Randomly selects one out of every n flows where n is the value of Flow sampler population n Hash Randomly selects one out of every n flows using the hash of the flow key where n is the value of Flow sampler population 7 For Flow sampler population if you selected a fl...

Page 632: ...nfiguration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable NetFlow config monitoring netflow enable true config 4 Set the protocol version config monitoring netflow protocol version config where version is one of n v5 NetFlow v5 supports IPv4 only n v9 NetFlow v9 supports IPv...

Page 633: ...ive before sent to a collector config monitoring netflow inactive_timeout value config where value is any is any number between 1 and 15 The default is 15 7 Set the number of seconds that a flow can be active before sent to a collector config monitoring netflow active_timeout value config where value is any is any number between 1 and 1800 The default is 1800 8 Set the maximum number of flows to p...

Page 634: ...is a collector config monitoring netflow collector 0 Repeat to add additional collectors 10 Save the configuration and apply the change config monitoring netflow collector 0 save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 635: ...ta and set the sample interval 642 Log into Digi Remote Manager 644 Use Digi Remote Manager to view and manage your device 646 Add a device to Digi Remote Manager 647 View Digi Remote Manager connection status 647 Use the Digi Remote Manager mobile app 648 Configure multiple devices using profiles 649 Learn more 649 Digi Connect IT 16 48 User Guide 635 ...

Page 636: ...Digi Remote Manager go to www digi com products cloud digi remote manager To learn more about Remote Manager features and functions see the Digi Remote Manager User Guide Configure Digi Remote Manager By default your Connect IT 16 48 device is configured to use central management using Digi Remote Manager Additional configuration options These additional configuration settings are not typically co...

Page 637: ...try interval to ten minutes enter 10m or 600s 8 Optional For Keep alive interval type the amount of time that the Connect IT 16 48 device should wait between sending keep alive messages to remote cloud services when using a non cellular interface The default is 60 seconds Allowed values are any number of hours minutes or seconds and take the format number h m s For example to set Keep alive interv...

Page 638: ...sabled The default is disabled 13 Optional Enable Locally authenticate CLI to require a login and password to authenticate the user from the remote cloud services CLI If disabled no login prompt will be presented and the user will be logged in as admin The default is disabled 14 Optional Configure the Connect IT 16 48 device to communicate with remote cloud services by using SMS a Click to expand ...

Page 639: ...nimum value is ten seconds The default is 30 seconds config cloud drm retry_interval value where value is any number of hours minutes or seconds and takes the format number h m s For example to set the retry interval to ten minutes enter either 10m or 600s config cloud drm retry_interval 600s config 7 Optional Set the amount of time that the Connect IT 16 48 device should wait between sending keep...

Page 640: ...et the amount of time to wait before restarting the connection to the remote cloud services once the connection is down where value is any number of hours minutes or seconds and takes the format number h m s For example to set restart_timeout to ten minutes enter either 10m or 600s config cloud drm restart_timeout 600s config The minimum value is 30 minutes and the maximum is 48 hours If not set t...

Page 641: ...vice identifier config cloud drm sms sercice_id id config 1 Optional Configure the Connect IT 16 48 device to communicate with remote cloud services by using an HTTP proxy server a Enable the use of an HTTP proxy server config cloud drm proxy enable true config b Set the hostname of the proxy server config cloud drm proxy host hostname config c Optional Set the port number on the proxy server that...

Page 642: ... or enable it if it has been disabled or to change the health sample interval WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Monitoring Device Health Device health data upload is enabled by default To disable click to toggle off Enable Device ...

Page 643: ...uploads is set to 60 minutes by default To change config monitoring devicehealth interval value config where value is one of 1 5 15 30 or 60 and represents the number of minutes between uploads of health sample data 5 By default the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded This is useful to reduce the bandwidth used to...

Page 644: ...a tuning parameter set its value to false For example to turn off all reporting for the serial port config monitoring devicehealth tuning all serial rx bytes enabled false config monitoring devicehealth tuning all serial tx bytes enabled false config 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuratio...

Page 645: ...nnect IT 16 48 User Guide 645 1 If you have not already done so click here to sign up for a Digi Remote Manager account 2 Check your email for Digi Remote Manager login instructions 3 Go to remotemanager digi com 4 Log into your Digi Remote Manager account ...

Page 646: ...device To view and manage your device 1 If you have not already done so connect to your Digi Remote Manager account 2 Click Device Management to display a list of your devices 3 Use the Search bar to locate the device you want to manage 4 Select the device and click Properties to view general information for the device 5 Click the More menu to perform a task ...

Page 647: ...el affixed to the bottom of the device 6 Click Add 7 Click OK Digi Remote Manager adds your Connect IT 16 48 device to your account and it appears in the Device Management view View Digi Remote Manager connection status To view the current Digi Remote Manager configuration WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 The dashboard includes a Digi Remote Manager status ...

Page 648: ... connection to Remote Manager use the show cloud command at the command line Command line show cloud Device Cloud Status Status Connected Server my devicecloud com Device ID 00000000 00000000 0040FFFF FF0F4594 The Device ID is the unique identifier for the device as used by the Remote Manager Use the Digi Remote Manager mobile app If you have a smart phone or tablet you can use the Digi Remote Man...

Page 649: ...rs Typically if you want to provision multiple Connect IT 16 48 routers 1 Using the Connect IT 16 48 local WebUI configure one Connect IT 16 48 router to use as the model configuration for all subsequent Connect IT 16 48s you need to manage 2 Register the configured Connect IT 16 48 device in your Digi Remote Manager account 3 In Digi Remote Manager create a profile based on the configured Connect...

Page 650: ...6 48 local file system 651 Display directory contents 651 Create a directory 652 Display file contents 653 Copy a file or directory 653 Move or rename a file or directory 654 Delete a file or directory 655 Upload and download files 656 Digi Connect IT 16 48 User Guide 650 ...

Page 651: ...ss reboots but are deleted if a factory reset of the system is performed See Erase device configuration and reset to factory defaults for more information Display directory contents To display directory contents by using the WebUI or the Admin CLI WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 On the menu click System Under Administration click File System The File Syste...

Page 652: ...ifying the name of the directory For example 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type mkdir path dir_name For example to create a directory named temp in etc config mkdir etc config temp 3 Verify that the directo...

Page 653: ...n4J0XT Rgr6ewr1yerHtXQdbafsatGswKg0YUm schema version 461 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Copy a file or directory This procedure is not available through the WebUI To copy a file or directory by using the Admin CLI use the cp command specifying the existing path and ...

Page 654: ...ts to final py 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type mv etc config scripts test py etc config scripts final py 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with...

Page 655: ...test py in etc config scripts 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type rm etc config scripts test py rm remove etc config scripts test py yes 3 Type exit to exit the Admin CLI Depending on your device configurati...

Page 656: ...by using the WebUI or from the command line by using the scp Secure Copy command or by using a utility such as SSH File Transfer Protocol SFTP or an SFTP application like FileZilla Upload and download files by using the WebUI Upload files 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 On the menu click System Under Administration click File System The File System page appears ...

Page 657: ...ws scp host hostname or ip user username remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied to the Connect IT 16 48 device n local path is the location on the Connect IT 16 48 device where t...

Page 658: ...t report 0040D0133536 21 02 26 8 04 23 bin Support report saved 2 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var log support report 00 40 D0 13 35 36 21 02 26 8 04 23 bin to remote admin 192 168 4 1 s password adminpwd support report 0040D0133536 21 02 26 8 04 23 bin Upload and download files using SFTP Transfer a file f...

Page 659: ...stem Upload and download files Digi Connect IT 16 48 User Guide 659 sftp ahmed 192 168 2 1 Password Connected to 192 168 2 1 sftp get test py Fetching test py to test py test py 100 254 0 3KB s 00 00 sftp exit ...

Page 660: ...stem and event logs 662 Configure syslog servers 666 Configure options for the event and system logs 668 Analyze network traffic 673 Use the ping command to troubleshoot network connections 685 Use the traceroute command to diagnose IP routing problems 685 Digi Connect IT 16 48 User Guide 660 ...

Page 661: ...ay be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the system support report command to generate the report system support report var log Saving support report to var log support report 0040D0133536 21 02 26 8 04 23 bin Support report saved 3 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local ...

Page 662: ...on about configuring the information displayed in event and system logs View System Logs WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 On the main menu click System Logs The system log displays 3 Limit the display in the system log by using the Find search tool 4 Use filters to configure the types of information displayed in the system logs ...

Page 663: ... Use the show log number num command to limit the number of lines that are displayed For example to limit the log to the most recent ten lines show log number 10 Timestamp Message Nov 26 21 54 34 Connect IT 16 48 netifd Interface interface_wan is setting up now Nov 26 21 54 35 Connect IT 16 48 firewalld 621 reloading status 4 Optional Use the show log filter value command to limit the number of li...

Page 664: ... Type quit to disconnect from the device View Event Logs WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 On the main menu click System Logs 3 Click System Logs to collapse the system logs viewer or scroll down to Events 4 Click Events to expand the event viewer 5 Limit the display in the event log by using the Find search tool 6 Click to download the event log Command lin...

Page 665: ...t the event list to the most recent ten lines show event number 10 Timestamp Type Category Message Nov 26 21 42 37 status stat intf eth1 type ethernet rx 11332435 tx 5038762 Nov 26 21 42 35 status system local_time Thu 08 Aug 2019 21 42 35 0000 uptime 3 hours 0 minutes 48 seconds 4 Optional Use the show event table value command to limit the number of lines that are displayed Allowed values are er...

Page 666: ... with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Log 4 Add and configure a remote syslog server a Click to expand Server list b For Add Server click The log server configuration window is displayed Log servers are enabled by default To disable click to toggle off Enable c Type the host name...

Page 667: ... Connect IT 16 48 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Optional To configure remote syslog servers a Add a remote server config add system log remote end config system log remote 0 ...

Page 668: ...tem log remote 0 protocol value config system log remote 0 where value is either tcp or udp The default is udp 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure options for the event and system logs...

Page 669: ...nal To disable event categories or to enable them if they have been disabled a Click to expand Event Categories b Click an event category to expand c Depending on the event category you can enable or disable informational events status events and error events Some categories also allow you to set the Status interval which is the time interval between periodic status events 6 Optional See Configure...

Page 670: ...ds and takes the format number w d h m s For example to set the heartbeat interval to ten minutes enter either 10m or 600s config system log heartbeat_interval 600s config To disable the heartbeat interval set the value to 0s 4 Enable preserve system logs functionality to save the current session s system log after a reboot By default the Connect IT 16 48 device erases system logs each time the de...

Page 671: ...ble or disable informational events status events and error events Some categories also allow you to set the status interval which is the time interval between periodic status events For example to configure DHCP server logging i Use the question mark to determine what events are available for DHCP server logging configuration config system log event dhcpserver DHCP server Settings for DHCP server...

Page 672: ...r seconds and takes the format number w d h m s For example to set the status interval to ten minutes enter either 10m or 600s config system log event dhcpserver status_interval 600s config 6 Optional See Configure syslog servers for information about configuring remote syslog servers to which log messages will be sent 7 Save the configuration and apply the change config save Configuration saved 8...

Page 673: ...ce To perform a more detailed analysis you can download the captured data traffic from the device and view it using a third party application Note Data traffic is captured to RAM and the captured data is lost when the device reboots unless you save the data to a file See Save captured data traffic to a file This section contains the following topics Configure packet capture for the network analyze...

Page 674: ...specified event or at a particular time l The events or time that will trigger the analyzer to run using this capture configuration l The amount of time that the analyzer session will run l The frequency with which captured events will be saved To configure a packet capture configuration WebUI 1 Log into the Connect IT 16 48 WebUI as a user with full Admin access rights 2 On the menu click System ...

Page 675: ...aved l If Interval is selected in Interval type the interval Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Interval to ten minutes enter 10m or 600s n Set time Runs the capture filter at a specified time of the day l If Set Time is selected specify the time that the capture filter should run in Run time using the format...

Page 676: ... network device eth1 network device eth2 network device loopback network device spf1 network device spf2 network interface defaultip network interface defaultlinklocal network interface eth1 network interface eth2 network interface loopback network interface sfp1 network interface sfp2 network interface wwan config network analyzer name add interface end network Repeat to add additional interfaces...

Page 677: ...set_time Runs the script at a specified time of the day If set_time is set set the time that the script should run using the format HH MM config network analyzer name run_time HH MM config network analyzer name n maintenance_time The script will run during the system maintenance time window c Set the amount of time that the scheduled analyzer session will run config network analyzer name duration ...

Page 678: ...s bpf html for detailed information about BPF syntax Example IPv4 capture filters n Capture traffic to and from IP host 192 168 1 1 ip host 192 168 1 1 n Capture traffic from IP host 192 168 1 1 ip src host 192 168 1 1 n Capture traffic to IP host 192 168 1 1 ip dst host 192 168 1 1 n Capture traffic for a particular IP protocol ip proto protocol where protocol is a number in the range of 1 to 255...

Page 679: ...pturing Additional analyzer commands allow you to n Stop capturing packets n Save captured data traffic to a file n Clear captured data Required configuration items n A configured packet capture See Configure packet capture for the network analyzer for packet capture configuration information To start packet capture from the command line Command line 1 Log into the Connect IT 16 48 command line as...

Page 680: ...h an Access selection menu Type admin to access the Admin CLI 2 Type the following at the Admin CLI prompt analyzer stop name capture_filter where capture_filter is the name of a packet capture configuration See Configure packet capture for the network analyzer for more information To determine available packet capture configurations use the analyzer stop name name Name of the capture filter to us...

Page 681: ...0 bytes Received on interface eth1 00 40 ff 80 01 20 b4 b6 86 21 b5 73 08 00 45 00 s E 00 28 3d 36 40 00 80 06 14 bc 0a 0a 4a 82 0a 0a 6 J 4a 48 cd ae 00 16 a4 4b ff 5f ee 1f d8 23 50 10 JH K _ P 08 02 c7 40 00 00 00 00 00 00 00 00 Ethernet Header Destination MAC Addr 00 40 D0 13 35 36 Source MAC Addr fb 03 53 05 11 2f Ethernet Type IP 0x0800 IP Header IP Version 4 Header Length 20 bytes ToS 0x00 ...

Page 682: ...o a file use the analyzer save command Command line 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Type the following at the Admin CLI prompt analyzer save filename filename name capture_filter where n filename is the name of the file that the cap...

Page 683: ... copy file command WebUI 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 On the menu click System Under Administration click File System The File System page appears 3 Highlight the analyzer directory and click to open the directory 4 Select the saved analyzer report you want to download and click download Command line 1 Log into the Connect IT 16 48 command line as a user with...

Page 684: ...92 168 210 2 s password eth0 pcpng 100 11KB 851 3KB s 00 00 Clear captured data To clear captured data traffic in RAM use the analyzer clear command Command line 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Type the following at the Admin CLI pr...

Page 685: ...vice configuration you may be presented with an Access selection menu Type quit to disconnect from the device Stop ping commands To stop pings when the number of pings to send the count parameter has been set to a high value enter Ctrl C Use the traceroute command to diagnose IP routing problems Use the traceroute command to diagnose IP routing problems This command traces the route to a remote IP...

Page 686: ...ting hops were required to reach the host 1 Log into the Connect IT 16 48 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt use the traceroute command to view IP routing information traceroute 8 8 8 8 traceroute to 8 8 8 8 8 8 8 8 30 hops max 52 byte packets...

Page 687: ...I power button n Red The LED is red when the power supply has failed 2 Status The LED lights up when the Connect IT starts up or you have activated the Find Me feature n Flashing blue The LED flashes blue once per second when the Connect IT starts up or you have activated the find me feature When starting up the WWAN Signal WWAN Service and Status LEDs on the back of the Connect IT also flash n So...

Page 688: ... for WAN DHCP client SFP1 is the bottom slot n SFP2 Enabled for LAN DHCP server SFP2 is the top slot Note When you use an SFP module you cannot use the equivalent Ethernet port For example if you insert an SFP module into the SFP1 slot you cannot use the ETH1 slot If you insert an SFP module into the SFP2 slot you cannot use the ETH2 slot The LED indicates the connection status n Green The LED lig...

Page 689: ...m Name Description 1 Power and fan item Connect the power supply and fan unit to the device For installation information see Connect the power supplies and fans 2 WWAN2 Antennas can be attached if the module is used to complete a cellular connection See Connect hardware and connect to a cellular network 3 CORE module The CORE module is used to complete a cellular connection See Connect hardware an...

Page 690: ...second when the modem is connecting to the cellular network n Solid blue A modem is detected and a cellular data session is established n Solid red A SIM card is not detected in the modem 8 PSU1 The LED indicates the status of the PS1 power supply and fan unit n Off No power is connected to the PS1 power supply n Solid blue Power is connected to the PS1 power supply and is in use by the Connect IT...

Page 691: ...ion see Connect the power supplies and fans Hardware specifications Hardware Description Input rating for redundant dual power n 100 240 VAC n 50 60 Hz n 2 4 A maximum for each power supply Operating temperature 0 C 50 C Power supply The Connect IT 16 or 48 must be operated only with power supplies from a Digi provided power supply kit either ITPS PSIK for Port Side Air Intake or ITPS PSIK for Por...

Page 692: ... again and you can see that the blue circle next to Find Me is blinking to alert you that the Find Me feature is active 4 To de activate the Find Me feature select System Administration Find Me A notification message appears noting that the Status LED is no longer flashing on the device Click the X in the message to close it QR code definition A QR code is printed on the label attached to the devi...

Page 693: ...seconds 2 Locate the Reset button on the back of the device 3 Press and hold the Reset button for 15 seconds 4 The device resets to factory defaults and then reboots automatically Tips for improving cellular signal strength If the signal strength LEDs or the signal quality for your device indicate Poor or No servcie try the following things to improve signal strength n If available connect a diffe...

Page 694: ... the power cord is connected to a socket outlet with earthing connection n This appliance does not contain any user serviceable parts Never open the equipment For safety reasons the equipment should be opened only by qualified personnel WARNING Risk of electric shock WARNING Disconnect all energy sources AVERTISSEMENT Notice the following safety warnings n Il y a risque d explosion si la batterie ...

Page 695: ...roperly n Do not operate the device with one power supply module empty Proper device cooling requires both modules and the supplemental fan to be present n The device will continue to operate if one of the power supplies and or the supplemental fan are in a failed state unless the internal temperature exceeds a safe limit If this occurs the device will write a failure message to the internal flash...

Page 696: ...interface 698 Display help for commands and parameters 699 Auto complete commands and parameters 701 Available commands 702 Use the scp command 703 Display status and statistics using the show command 704 Device configuration using the command line interface 706 Execute configuration commands at the root Admin CLI prompt 706 Configuration mode 708 Command line reference 720 Digi Connect IT 16 48 U...

Page 697: ...et access Log in to the command line interface Command line 1 Connect to the Connect IT 16 48 device by using a serial connection SSH or telnet or the Terminal in the WebUI or the Console in the Digi Remote Manager See Access the command line interface for more information n For serial connections the default configuration is l 115200 baud rate l 8 data bits l no parity l 1 stop bit l no flow cont...

Page 698: ...he command prompt type exit exit 2 Depending on the device configuration you may be presented with another menu for example Access selection menu a Admin CLI 1 Serial port1 9600 8 1 none none q Quit Select access or quit admin Type q or quit to exit Execute a command from the web interface 1 Log into the Connect IT 16 48 WebUI as a user with Admin access 2 At the main menu click Terminal The devic...

Page 699: ...Move cursor to start of line Ctrl E Move cursor to end of line Ctrl W Delete word under cursor until start of line or Ctrl R If the current input is invalid then characters will be deleted until a prefix for a valid command is found Ctrl left Jump cursor left until start of line or Ctrl right Jump cursor right until start of line or The question mark command When executed from the root command pro...

Page 700: ...either show or show help show Commands arp Show ARP tables cloud Show drm statistics config Show config deltas dhcp lease Show DHCP leases event Show event list ipsec Show IPsec statistics log Show syslog manufacture Show manufacturer information modbus gateway Show modbus gateway status statistics modem Show modem statistics network Show network interface statistics openvpn Show OpenVPN statistic...

Page 701: ...s possible Typing the space bar has similar behavior If multiple commands are available that will match the entered text auto complete is not performed and the available commands are displayed instead Auto complete applies to these command elements only n Command names For example typing net Tab auto completes the command as network n Parameter names For example l ping hostname int Tab auto comple...

Page 702: ... information about the help command ls Lists the contents of a directory mkdir Creates a directory modem Executes modem commands more Displays the contents of a file mv Moves a file or directory ping Pings a remote host using Internet Control Message Protocol ICMP Echo Request messages reboot Reboots the Connect IT 16 48 device rm Removes a file scp Uses the secure copy protocol SCP to transfer fi...

Page 703: ...ng copied to a remote host from the Connect IT 16 48 device o The path and filename of the file on the Connect IT 16 48 device that will be copied to the remote host o The location on the remote host where the file will be copied Copy a file from a remote host to the Connect IT 16 48 device To copy a file from a remote host to the Connect IT 16 48 device use the scp command as follows scp host hos...

Page 704: ...ar log Saving support report to var log support report 0040D0133536 21 02 26 8 04 23 bin Support report saved 2 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var log support report 00 40 D0 13 35 36 21 02 26 8 04 23 bin to remote admin 192 168 4 1 s password adminpwd support report 0040D0133536 21 02 26 8 04 23 bin Display ...

Page 705: ...DF DD E2 AE 21 18 Hardware Version 50001947 01 1P Firmware Version 21 2 39 67 Alt Firmware Version 21 2 39 67 Bootloader Version 19 7 23 0 15f936e0ed Current Time Fri 26 Feb 2021 8 04 23 0000 CPU 1 4 Uptime 6 days 6 hours 21 minutes 57 seconds 541317s Temperature 40C show network The show network command displays status and statistics for network interfaces show network Interface Proto Status Addr...

Page 706: ... way changes to the device s configuration are automatically saved when the command is executed For example to disable the SSH service from the root prompt enter the following command config service ssh enable false The Connect IT 16 48 device s ssh service is now disabled Note When the config command is executed at the root prompt certain configuration actions that are available in configuration ...

Page 707: ...ional Configuration dns DNS mdns Service Discovery mDNS multicast Multicast ntp NTP remote_control Remote control snmp SNMP ssh SSH telnet Telnet web_admin Web administration config service 3 Next display help for the config service ssh command config service ssh SSH An SSH server for managing the device Parameters Current Value enable true Enable key private Private key port 22 Port Additional Co...

Page 708: ...e to include config to indicate that you are currently in configuration mode Enter configuration commands in configuration mode There are two ways to enter configuration commands while in configuration mode n Enter the full command string from the config prompt For example to disable the ssh service by entering the full command string at the config prompt config service ssh enable false config n E...

Page 709: ...gain Exit configuration mode without saving changes You can discard any unsaved configuration changes and exit configuration mode by using the cancel command config cancel After using cancel to discard unsaved changes to the configuration you will automatically exit configuration mode Configuration actions In configuration mode configuration actions are available to perform tasks related to saving...

Page 710: ...nd line help in configuration mode Display additional configuration commands as well as available parameters and values by entering the question mark character at the config prompt For example 1 Enter at the config prompt config This will display the following help information config Additional Configuration application Custom scripts auth Authentication cloud Central management firewall Firewall ...

Page 711: ...on dns DNS mdns Service Discovery mDNS multicast Multicast ntp NTP remote_control Remote control snmp SNMP ssh SSH telnet Telnet web_admin Web administration config service 3 Next to display help for the service ssh command use one of the following methods n At the config prompt enter service ssh config service ssh n At the config prompt a Enter service to move to the service node config service c...

Page 712: ...n for the enable parameter use one of the following methods n At the config prompt enter service ssh enable config service ssh enable n At the config prompt a Enter service to move to the service node config service config service b Enter ssh to move to the ssh node config service ssh config service ssh c Enter enable to display help for the enable parameter config service ssh enable config servic...

Page 713: ...e config service ssh acl zone You can also enter multiple nodes at once to move multiple steps in the configuration config service ssh acl zone config service ssh acl zone n Move backward one node in the configuration by entering two periods config service ssh acl zone config service ssh acl You can also move back multiples nodes in the configuration by typing multiple sets of two periods config s...

Page 714: ... authentication method to the end of the list use the end keyword config add auth method end tacacs config show auth method 0 local 1 tacacs config The end keyword As demonstrated above the end keyword is used to add an element to the end of a list Additionally the end keyword is used to add an element to a list that does not have any elements For example to add an authentication group to a user t...

Page 715: ... method use the index number 0 config del auth method 0 config b Use the show command to verify that the local authentication method was removed config show auth method 0 tacacs 1 radius config Move elements within a list Use the move command to reorder elements in a list For example to reorder the authentication methods 1 Use the show command to display current authentication method configuration...

Page 716: ...revert to default settings use the revert command at the config prompt without the optional path parameter 1 At the config prompt enter revert config revert config 2 Set the password for the admin user prior to saving the changes config auth user admin password pwd config 3 Save the configuration and apply the change config save Configuration saved 4 Type exit to exit the Admin CLI Depending on yo...

Page 717: ... device configuration you may be presented with an Access selection menu Type quit to disconnect from the device n You can also use a combination of both of these methods 1 Change to the auth node config auth config auth 2 Enter the revert command with the path set to method config auth revert method config auth 3 Save the configuration and apply the change config auth save Configuration saved 4 T...

Page 718: ...on mode config config 3 At the config prompt create a new user with the username user1 n Method one Create a user at the root of the config prompt config add auth user user1 config auth user user1 n Method two Create a user by moving through the configuration a At the config prompt enter auth to move to the auth node config auth config auth b Enter user to move to the user node config auth user co...

Page 719: ...le false no portals serial enable true ports 0 port1 shell enable false config auth user user1 6 Add the user to the admin group config auth user user1 add group end admin config auth user user1 7 Save the configuration and apply the change config auth user user1 save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access se...

Page 720: ...User Guide 720 Command line reference analyzer 721 cp 722 help 723 ls 724 mkdir 725 modem 726 modem puk status imei STRING name STRING 731 modem scan imeiSTRING nameSTRING 732 more 734 mv 735 ping 736 reboot 738 rm 739 scp 740 show 741 ssh 748 system 750 traceroute 754 ...

Page 721: ...nt captured traffic to a file Parameters filename The filename to save captured traffic to The file will be saved to the device s etc config analyzer directory Syntax STRING name Name of the capture filter to use Syntax STRING analyzer start name STRING Start a capture session of packets on this devices interfaces Parameters name Name of the capture filter to use Syntax STRING analyzer stop name S...

Page 722: ...SOURCE DESTINATION Copy a file or directory Parameters source The source file or directory to copy Syntax STRING destination The destination path to copy the source file or directory to Syntax STRING force Do not ask to overwrite the destination file if it exists Syntax BOOLEAN Default False Optional True ...

Page 723: ...Command line interface Command line reference Digi Connect IT 16 48 User Guide 723 help Show CLI editing and navigation commands Parameters None ...

Page 724: ...User Guide 724 ls Directory listing command ls show hidden PATH List a directory Parameters path List files and directories under this path Syntax STRING show hidden Show hidden files and directories Hidden filenames begin with Syntax BOOLEAN Default False Optional True ...

Page 725: ...line interface Command line reference Digi Connect IT 16 48 User Guide 725 mkdir mkdir PATH Create a directory Parent directories are created as needed Parameters path The directory path to create Syntax STRING ...

Page 726: ...ntax STRING Optional True modem at interactive imei STRING name STRING Start an AT command session on the modem s AT serial port Parameters imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True modem firmware Commands for interacting with cellular modem firmware See Upda...

Page 727: ...ei The IMEI of the modem to execute this CLI command on Optional True Type string name The configured name of the modem to execute this CLI command on Optional True Ref network modem Type string firmware ota Commands for performing FOTA firmware over the air interactions with cellular modem ota check imei STRING name STRING Query the Digi firmware server for the latest remote modem firmware versio...

Page 728: ... modem will be updated to the latest modem firmware image unless a specific firmware version is specified Parameters imei The IMEI of the modem to execute this CLI command on Optional True Type string name The configured name of the modem to execute this CLI command on Optional True Ref network modem Type string version Firmware version name Optional True Type string firmware update imei STRING na...

Page 729: ... PIN code Warning Attempting to use an incorrect PIN code may PUK lock the SIM Parameters old pin The SIM s PIN code Syntax STRING new pin The PIN code to change to Syntax STRING imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True pin disable imei STRING name STRING PI...

Page 730: ... use an incorrect PIN code may PUK lock the SIM Parameters pin The SIM s PIN code Syntax STRING imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True pin status imei STRING name STRING Print the PIN lock status and the number of PIN enable disable unlock attempts remaini...

Page 731: ...ntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True modem puk PUK commands puk status imei STRING name STRING Print the PUK status and the number of PUK unlock attempts remaining Parameters modem puk status imei STRING name STRING Print the PUK status and the number of PUK unlock attempts remaining imei The IMEI of the modem to...

Page 732: ...odem reset imei STRING name STRING Reset the modem hardware reboot it This can be useful if the modem has stopped responding to the network or is behaving inconsistently Parameters imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True modem scan imeiSTRING nameSTRING ime...

Page 733: ...LOT Show or change the modem s active SIM slot This applies only to modems with multiple SIM slots Parameters slot The SIM slot to change to Syntax 1 2 show imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on Syntax STRING Optional True ...

Page 734: ...Command line interface Command line reference Digi Connect IT 16 48 User Guide 734 more path The file to view Syntax STRING ...

Page 735: ... directory mv force SOURCE DESTINATION Parameters source The source file or directory to move Syntax STRING destination The destination path to move the source file or directory to Syntax STRING force Do not ask to overwrite the destination file if it exists Syntax BOOLEAN Default False Optional True ...

Page 736: ...ing functionality Syntax BOOLEAN Default False Optional True count The number of ICMP ping requests to send before terminating Syntax INT Minimum 1 Default 100 interface The network interface to send ping packets from when the host is reachable over a default route If not specified the system s primary default route will be used Syntax STRING Optional True ipv6 If a hostname is defined as the valu...

Page 737: ...rence Digi Connect IT 16 48 User Guide 737 source The ping command will send a packet with the source address set to the IP address of this interface rather than the address of the interface the packet is sent from Syntax STRING Optional True ...

Page 738: ...Command line interface Command line reference Digi Connect IT 16 48 User Guide 738 reboot Reboot the system Parameters None ...

Page 739: ...ne reference Digi Connect IT 16 48 User Guide 739 rm Remove a file or directory rm force PATH Parameters path The path to remove Syntax STRING force Force the file to be removed without asking Syntax BOOLEAN Default False Optional True ...

Page 740: ...host Syntax STRING local The file to copy to or from on the local device Syntax STRING port The SSH port to use to connect to the remote host Syntax INT Maximum 65535 Minimum 1 Default 22 remote The file to copy to or from on the remote host Syntax STRING to Copy the file from the local device to the remote host or from the remote host to the local device Syntax remote local user The username to u...

Page 741: ...ed IPv4 IPV6 will be displayed Parameters ipv4 Display IPv4 routes If no IP version is specififed IPv4 and IPV6 will be displayed Syntax BOOLEAN Default False Optional True ipv6 Display IPv6 routes If no IP version is specififed IPv4 and IPV6 will be displayed Syntax BOOLEAN Default False Optional True verbose Display more information less concise more detail Syntax BOOLEAN Default False Optional ...

Page 742: ...n less concise more detail Syntax BOOLEAN Default False Optional True show event number INTEGER table STRING Show event list high level Parameters number Number of lines to retrieve from log Syntax INT Minimum 1 Default 20 table Type of event log to be displayed status error info Syntax status error info Optional True show hotspot ip STRING name STRING Show hotspot statistics Parameters ip IP addr...

Page 743: ... verbose Display status of one or all tunnels in plain text Syntax BOOLEAN Default False Optional True show location geofence Show location information Parameters geofence Shows the status of any configured geofences show log filter STRING number INTEGER Show system log low level Parameters filter Filters for type of log message displayed critical warning info debug Note filters from the number of...

Page 744: ...ptional True show modbus gateway verbose Show Modbus gateway status and statistics verbose Display more information Syntax BOOLEAN Default False Optional True show modem verbose imei STRING name STRING Show modem status and statistics Parameters imei The IMEI of the modem to execute this CLI command on Syntax STRING Optional True name The configured name of the modem to execute this CLI command on...

Page 745: ...ll interfaces including disabled interfaces Syntax BOOLEAN Default False Optional True interface Display more details and config data for a specific network interface Syntax STRING Optional True verbose Display more information less concise more detail Syntax BOOLEAN Default False Optional True show openvpn Show OpenVPN status and statistics openvpn client all name STRING Show OpenVPN client statu...

Page 746: ...sabled servers Syntax BOOLEAN Default False Optional True name Display more details and config data for a specific OpenVPN server Syntax STRING Optional True show route ipv4 ipv6 verbose Show IP routing information Parameters ipv4 Display IPv4 routes Syntax BOOLEAN Default False Optional True ipv6 Display IPv6 routes Syntax BOOLEAN Default False Optional True verbose Display more information less ...

Page 747: ...ntax STRING Optional True show system verbose Show system status and statistics Parameters verbose Display more information disk usage etc Syntax BOOLEAN Default False Optional True show usb Show USB information Parameters None show version verbose Show firmware version Parameters verbose Display more information build date Syntax BOOLEAN Default False Optional True show vrrp all verbose name STRI...

Page 748: ...nstances Syntax True False Type boolean show web filter Show web filter status and statistics Parameters None ssh Use SSH protocol to log into a remote server ssh command STRING host STRING port INTEGER user STRING Parameters command The command that will be automatically executed once the SSH session to the remote host is established Optional True Type string host The hostname or IP address of th...

Page 749: ...Command line interface Command line reference Digi Connect IT 16 48 User Guide 749 Syntax Integer Type integer user The username to use when connecting to the remote host Type string ...

Page 750: ...ration backups are a list of CLI commands used to build the device s configuration Syntax cli config archive Default archive path The file path to save the backup to Syntax STRING system disable cryptography Erase the device s configuration and reboot into a limited mode with no cryptography available The device s shell will be accessible over Telnet port 23 at IP address 192 168 210 1 To return t...

Page 751: ...rom a backup archive or CLI commands file Parameters path The path to the backup file Syntax STRING passphrase Decrypt the archive with a passphrase Syntax STRING Optional True system script stop SCRIPT Stop an active running script Scripts scheduled to run again will still run again disable a script to prevent it from running again Parameters script Script to stop Syntax STRING system serial clea...

Page 752: ...w PORT Displays the serial log on the screen Parameters port Serial port Type string system serial start size INTEGER PORT Start logging data on a serial port Parameters size Maximum size of serial log Default 65536 Syntax Integer Type integer port Serial port Type string system serial stop PORT Start logging data on a serial port Parameters port Serial port Type string system support report PATH ...

Page 753: ...Command line interface Command line reference Digi Connect IT 16 48 User Guide 753 Parameters path The file path to save the support report to Syntax STRING ...

Page 754: ... the normal routing tables and send directly to a host on an attached network Syntax BOOLEAN Default False Optional True debug Enable socket level debugging Syntax BOOLEAN Default False Optional True dontfragment Do not fragment probe packets Syntax BOOLEAN Default False Optional True first_ttl Specifies with what TTL to start Syntax INT Minimum 1 Default 1 gateway Tells traceroute to add an IP so...

Page 755: ...l True max_ttl Specifies the maximum number of hops max time to live value traceroute will probe Syntax INT Minimum 1 Default 30 nomap Do not try to map IP addresses to host names when displaying them Syntax BOOLEAN Default False Optional True nqueries Sets the number of probe packets per hop A value of 1 indicated Syntax INT Minimum 1 Default 3 packetlen Total size of the probing packet Default 6...

Page 756: ...ne of the interfaces By default the address of the outgoing interface is used Syntax STRING Optional True tos For IPv4 set the Type of Service ToS and Precedence value Useful values are 16 low delay and 8 high throughput Note that in order to use some TOS precedence values you have to be super user For IPv6 set the Traffic Control value A value of 1 specifies that no value will be used Syntax INT ...

Search results

Summary of Contents for Connect IT 16

Reviews:

Related manuals for Connect IT 16

Brands by name

Popular brands

Digi Connect IT 16, User Manual

Search results

Summary of Contents for Connect IT 16

Reviews:

Related manuals for Connect IT 16

Brands by name

Popular brands