manualshive.com logo in svg

Digi IX14, User Manual

The Digi IX14 User Manual is available for free download on our website. This comprehensive manual provides detailed instructions and troubleshooting tips to enhance your experience with the Digi IX14 product. Visit our website today to access this valuable resource and unlock the full potential of your device.

Share
Download
background image

Virtual Private Networks (VPN)

OpenVPN

IX14 User Guide

587

  Command line

1. Log into the IX14 command line as a user with full Admin access rights.

Depending on your device configuration, you may be presented with an

Access selection

menu

. Type

admin

to access the Admin CLI.

2. At the command line, type

config

to enter configuration mode:

> config
(config)>

3. At the config prompt, type:

(config)> add vpn openvpn server

name

(config vpn openvpn server

name

)>

where

name

is the name of the OpenVPN server.

The OpenVPN server is enabled by default. To disable the server, type:

(config vpn openvpn server

name

)> enable false

(config vpn openvpn server

name

)>

4. Set the mode used by the OpenVPN server:

(config vpn openvpn server

name

)> device_type

value

(config vpn openvpn server

name

)>

where

value

is one of:

n

TUN (OpenVPN managed)

—Also known as routing mode. Each OpenVPN client is

assigned a different IP subnet from the OpenVPN server and other OpenVPN clients.
OpenVPN clients use Network Address Translation (NAT) to route traffic from devices
connected on its LAN interfaces to the OpenVPN server.

n

TAP - OpenVPN managed

—Also know as bridging mode. A more advanced

implementation of OpenVPN. The IX14 device creates an OpenVPN interface and uses
standard interface configuration (for example, a standard DHCP server configuration).

n

TAP - Device only

—An alternate form of OpenVPN bridging mode, in which the device,

rather than OpenVPN, controls the interface configuration. If this method is is, the
OpenVPN server must be included as a device in either an interface or a bridge.

See

OpenVPN

for information about OpenVPN modes. The default is

tun

.

5. If

tap

or

tun

are set for

device_type

:

a. Set the IP address and subnet mask of the OpenVPN server.

(config vpn openvpn server

name

)> address

ip_address/netmask

(config vpn openvpn server

name

)>

Summary of Contents for IX14

Page 1: ...IX14 User Guide Firmware version 22 2 ...

Page 2: ...gidevice location python module n Cellular modem carrier scanning and locking l New modem scan CLI command for listing available carriers for the current modem and SIM l Manual carrier selection option to allow you to lock the SIM to a specific carrier n Enhanced serial support l Certificate management control for TCP and autoconnect serial port setups l Autoconnect n Local REST API for automated ...

Page 3: ...the Admin CLI to display active DNS servers and their associated interface n Added a show ntp command to the Admin CLI to display the status of the NTP service n Expanded Port forwarding option to support a range of ports including one to one and many to one port mappings n Added options to control packet filtering for the network analyzer n VPN enhancements l IPsec enhancements o Added support fo...

Page 4: ...support for L2TPv3 tunneling l New option to enable disable or force IPsec IKE fragmentation n Improved options for creating a custom default configuration l system backup CLI commands for generating a custom default config file based on the active config settings on the device l New section on the File System page of the Web UI for loading a configuration backup file as the custom default config ...

Page 5: ...CP leases based on MAC address or IP address n Added speedtest command for performing on demand iPerf or nuttcp speedtests n Local users are now required to be assigned to an authentication group n New Network Advanced Sequential DHCP address allocation configuration setting for controlling if DHCP addresses are assigned sequentially or randomly disabled by default n Added ability to control if DH...

Page 6: ...default n Support for sending analog and digial I O health metrics to Digi Remote Manager n Added show containers Admin CLI command M March 2022 Release of Digi IX14 firmware version 22 2 n VPN enhancements l Renamed VPN IPsec Tunnels Policies Local network setting to Local traffic selector and added Remote traffic selector l Added a Dynamic option to the Local traffic selector to configuration of...

Page 7: ...All other trademarks mentioned in this document are the property of their respective owners 2022 Digi International Inc All rights reserved Disclaimers Information in this document is subject to change without notice and does not represent a commitment on the part of Digi International Digi provides this document as is without warranty of any kind expressed or implied including but not limited to ...

Page 8: ...gi offers multiple technical support plans and service packages Contact us at 1 952 912 3444 or visit us at www digi com support Feedback To provide feedback on this document email your comments to techcomm digi com Include the document title and part number IX14 User Guide 90002291 K in the subject line of your email ...

Page 9: ...IX14 to your Digi Remote Manager account 23 Next steps 23 Reset the device to factory defaults Digi IX14 hardware reference IX14 features and specifications 25 IX14 front view 25 IX14 back view 25 IX14 power supply requirements 26 IX14 LEDs 26 Digi IX14 serial connector pinout 27 IX14 accessory kits 28 IX14 antennas 28 Hardware setup Install SIM cards 30 Apply Dielectric Grease over SIM Contacts 3...

Page 10: ...onfigure system settings 54 Enable or disable Bluetooth service 61 Interfaces Wireless Wide Area Networks WWANs 66 Configure SureLink active recovery to detect modem failures 66 Configure the device to reboot when a failure is detected 76 Disable SureLink 84 Using cellular modems in a Wireless WAN WWAN 88 Configure a Wireless Wide Area Network WWAN 105 Show WWAN status and statistics 114 Delete a ...

Page 11: ...ACS user configuration 206 TACACS server failover and fallback to local authentication 207 Configure your IX14 device to use a TACACS server 207 Remote Authentication Dial In User Service RADIUS 212 RADIUS user configuration 213 RADIUS server failover and fallback to local configuration 213 Configure your IX14 device to use a RADIUS server 214 LDAP 218 LDAP user configuration 219 LDAP server failo...

Page 12: ...ce by using the Find Me feature 297 Configuration files 299 Save configuration changes 299 Save configuration to a file 300 Restore the device configuration 301 Schedule system maintenance tasks 304 Disable device encryption 309 Re enable cryptography after it has been disabled 310 Create a Virtual LAN VLAN route 311 Configure the speed of your Ethernet port 313 Services Allow remote access for we...

Page 13: ...he container 440 Create a custom container 442 Create the custom container file 442 Test the custom container file 443 Applications Configure scripts to run automatically 446 Task one Upload the application 446 Task two Configure the application to run automatically 448 Configure scripts to run manually 452 Task one Upload the application 453 Task two Configure the application to run automatically...

Page 14: ...to display data usage by host over time 522 Configure NetFlow Probe 523 Virtual Private Networks VPN IPsec 529 IPsec data protection 529 IPsec mode 529 IPsec modes 529 Internet Key Exchange IKE settings 529 Authentication 530 Configure an IPsec tunnel 530 Configure IPsec failover 557 Configure SureLink active recovery for IPsec 560 Show IPsec status and statistics 567 Debug an IPsec configuration ...

Page 15: ... for the network analyzer 685 Example filters for capturing data traffic 694 Capture packets from the command line 695 Stop capturing packets 696 Show captured traffic data 697 Save captured data traffic to a file 698 Download captured data to your PC 699 Clear captured data 700 Use the ping command to troubleshoot network connections 702 Ping to check internet connection 702 Stop ping commands 70...

Page 16: ...9 Innovation Science and Economic Development Canada IC certifications 769 RoHS compliance statement 770 Special safety notes for wireless routers 770 Product disposal instructions 771 Command line interface Access the command line interface 774 Log in to the command line interface 774 Exit the command line interface 775 Execute a command from the web interface 775 Display help for commands and pa...

Page 17: ...top 801 clear dhcp lease ip address 801 clear dhcp lease mac 801 container create 802 container delete 802 cp 802 help 802 ls 804 mkdir 805 modem at 805 modem at interactive 805 modem firmware check 805 modem firmware list 805 modem firmware ota check 806 modem firmware ota list 806 modem firmware ota update 806 modem firmware update 806 modem pin change 807 modem pin disable 807 modem pin enable ...

Page 18: ...show usb 821 show version 821 show vrrp 821 show web filter 821 speedtest 822 ssh 822 system backup 822 system disable cryptography 823 system duplicate firmware 823 system factory erase 823 system find me 823 system firmware ota check 824 system firmware ota list 824 system firmware ota update 824 system firmware update 824 system power ignition off_delay 824 system restore 825 system script star...

Page 19: ...tions with Digi Remote Manager l Enhanced security for communications with Digi Remote Manager by using client side certificates l The default URL for the device s Remote Manager connection is now edp12 devicecloud com This URL is required to utilize the client side certificate support n New Switch SIM SureLink action for WWAN interfaces which allows SureLink to be configured to switch to the alte...

Page 20: ...device You can affix this label to the top or side of the device such that you can access the label after the device is mounted or store the label in a safe place for future reference Note A subscription to Digi Remote Manager is bundled with your IX14 purchase See Digi Remote Manager product page to learn about Digi Remote Manager features Step 2 Gather accessories Note Digi offers several IX14 a...

Page 21: ...ards Power supply Use a power supply provided by a Digi accessory kit or use an alternate power supply that complies with the power supply requirements SIM card s Acquire SIM cards as needed Note the carrier network APN Access Point Name and SIM pin if any for each card Laptop or personal computer Use an Ethernet cable to connect the IX14 WAN ETH1 port to a laptop or PC to access the local web int...

Page 22: ...i Remote Manager a Click Sign Up to create a new account b You ll receive an email with login instructions c Click on the link in the email to log into Digi Remote Manager Step 5 Access the IX14 local web interface a If you have not already done so use an Ethernet cable to connect your IX14 WAN ETH1 port to your PC b Open a browser and go to 192 168 210 1 c Log into the IX14 User name Use the defa...

Page 23: ...nt in Sign up for Digi Remote Manager look for the Digi Remote Manager email that provides your login credentials c Click Device Management d Click Add Devices Select MAC address and provide the Ethernet MAC address for your device For Install Code enter the default password on the printed label packaged with your device The same default password is also shown on the label affixed to the bottom of...

Page 24: ...using the Reset button on the device You can also reset the device to the default configuration without removing scripts keys and logfiles by using the revert command WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 On the main menu click System Configuration Management 3 Click Erase 4 Click Confirm Command line 1 Log into the IX14 command line as a user with Admin access Depending on...

Page 25: ...l grade components operating temperatures from 29 F to 165 F 34 C to 74 C n LTE Category 1 cellular network speed up to 10 Mbps n LAN speed 10 100 BaseT See IX14 specifications for a detailed list of IX14 hardware specifications IX14 front view Connector port Description SIM door See Install SIM cards Reset button See Erase device configuration and reset to factory defaults LEDs See IX14 LEDs IX14...

Page 26: ...o meet the temperature criteria n If the IX14 is operated in an ambient temperature range from 34 C to 74 C use the Digi power supply accessory kits 76002079 or 76002081 to meet the temperature criteria n If you are providing the DC power source with a non Digi power supply you must use a certified LPS power supply rated at either 12 VDC 0 75 A or 24 VDC 0 375 A minimum The voltage tolerance suppo...

Page 27: ... port Solid yellow 100 Mbps connection Off for no connection Solid green Valid link detected Flashing for Ethernet activity Digi IX14 serial connector pinout The IX14 is a DTE device The pinout for the DB9 serial connector is as follows Signal name RS232 signal Direction DB9 pin number DTE DCE Transmit Data TxD Out In 3 Receive Data RxD In Out 2 Ready To Send RTS Out In 7 Clear to Send CTS In Out ...

Page 28: ...ennas 2 76002081 Accessory kit Extended temp AC DC power supply Ethernet cable Cellular antennas 2 See IX14 product page and click Part numbers and accessories for details IX14 antennas IX14 obtained complete certification by using the antenna described here Use an antenna that matches these specifications to maintain the product certification You can use antennas of the same type but operating wi...

Page 29: ...p This chapter contains the following topics Install SIM cards 30 Attach and position antennas 31 Connect the WAN ETH1 port 32 Connect the serial port 32 Power on the IX14 32 QR code definition 32 IX14 User Guide 29 ...

Page 30: ...the SIM cards to match the diagram on the device 4 After all SIM cards are in place use a 1 Phillips head screwdriver to carefully replace the SIM door WARNING Take care when you tighten the screws on the SIM door If you apply too much pressure and over tighten the screws you can damage the SIM door or strip the screw threads Torque to 2 9 inch pounds Apply Dielectric Grease over SIM Contacts Note...

Page 31: ... the contacts Apply gentle pressure 4 When the dielectric grease has been applied insert the SIM into the SIM slot as described above Attach and position antennas Note The IX14 does not include a power supply or antennas See IX14 accessory kits for information on IX14 power supplies and antennas n Connect IX14 compatible antennas to the WWAN 1 and WWAN 2 antenna connectors on the back of the devic...

Page 32: ...n of the serial port to which you are connecting The default serial port configuration for the IX14 device is n Baud rate 115200 n Data bits 8 n Parity None n Stop bits 1 n Flow control None See Serial port Power on the IX14 Note The IX14 does not include a power supply or antennas See IX14 accessory kits for information on IX14 power supplies and antennas 1 Power on the IX14 by connecting a DC po...

Page 33: ...Configuration and management This chapter contains the following topics Review IX14 default settings 34 Change the default password for the admin user 34 Configuration methods 36 Using Digi Remote Manager 37 Access Digi Remote Manager 37 Using the web interface 37 Use the local REST API to configure the IX14 device 38 Using the command line 43 Access the command line interface 43 Log in to the com...

Page 34: ... using the QR code on the device label You can disable Bluetooth service after the device is provisioned Monitoring n Device heath metrics uploaded to Digi Remote Manager at 60 minute interval Change the default password for the admin user The unique factory assigned password for the default admin user account is printed on the bottom label of the device and on the loose label included in the pack...

Page 35: ... Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Set a new password for the admin user The password must b...

Page 36: ... Remote Manager to manage and configure your IX14 device l The local web interface See Using the web interface for more information about using the local web interface to manage and configure your IX14 device Note Changes made to the device s configuration by using the local web interface will not be automatically reflected in Digi Remote Manager You must manually refresh Remote Manager for the ch...

Page 37: ...web interface To connect to the IX14 local WebUI 1 Use an Ethernet cable to connect the IX14 s LAN port to a laptop or PC 2 Open a browser and go to 192 168 2 1 3 Log into the device using a configured user name and password The default user name is admin and the default password is the unique password printed on the label packaged with your device Note If your device was manufactured prior to fir...

Page 38: ...vice Displays the IX14 device s status statistics and identifying information Network Interfaces Displays the status of the network interfaces configured on the device Modems Provides information about the signal strength and technology of the cellular modem s Log out of the web interface n On the main menu click your user name Click Log out Use the local REST API to configure the IX14 device Your...

Page 39: ...dmin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type question mark config auth Authentication cloud Central management firewall Firewall monitoring Monitoring network Network serial Serial service Services...

Page 40: ...e service ssh X GET Enter host password for user admin ok true result type object path service ssh collapsed acl zone 0 internal acl zone 1 edge acl zone 2 ipsec acl zone 3 setup enable true key mdns enable true mdns name mdns type _ssh _tcp port 22 protocol 0 tcp You can also use the GET method to return the configuration parameters associated with an item curl k u admin https 192 168 210 1 cgi b...

Page 41: ...and append parameters For example to add the external firewall zone to the ssh service curl k u admin https 192 168 210 1 cgi bin config cgi value path service ssh acl zone append true value external X POST Enter host password for user admin ok true result service ssh acl zone 4 Use the POST method to add objects to a list array Objects in an array that require one or more underlying values can be...

Page 42: ...e 1 Use the GET method to determine the SSH service s list number for the external zone curl k u admin https 192 168 210 1 cgi bin config cgi value service ssh acl zone X GET ok true result type array path service ssh acl zone collapsed 0 internal 1 edge 2 ipsec 3 setup 4 external 2 Use the DELETE method to remove the external zone list item 4 curl k u admin https 192 168 210 1 cgi bin config cgi ...

Page 43: ...line your device must be configured to allow access and you must log in as a user who has been configured for the appropriate access For further information about configuring access to these services see n Serial Serial port n WebUI Configure the web administration service n SSH Configure SSH access n Telnet Configure telnet access Log in to the command line interface Command line 1 Connect to the...

Page 44: ...assword 3 Depending on the device configuration you may be presented with another menu for example Access selection menu a Admin CLI s Shell q Quit Select access or quit admin Type a or admin to access the IX14 command line You will now be connected to the Admin CLI Connecting now exit to disconnect from Admin CLI See Command line interface for detailed instructions on using the command line inter...

Page 45: ...Configuration and management Exit the command line interface IX14 User Guide 45 Type q or quit to exit ...

Page 46: ... contains the following topics Configure cellular modem APNs 47 Change the default LAN subnet 51 Change the LAN address type 52 Configure SIM PIN 54 Configure system settings 54 Enable or disable Bluetooth service 61 IX14 User Guide 46 ...

Page 47: ...result it is generally not necessary to configure APNs However you can configure the system to use a specified APN To configure the APN WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces Modem APN list APN 4 For APN type the Access Point Na...

Page 48: ...is selected enter the Username and Password required to authenticate The default is None 7 To add additional APNs for Add APN click and repeat the preceding instructions 8 Optional To configure the device to bypass its preconfigured APN list and only use the configured APNs enable APN list only 9 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command li...

Page 49: ...6 address The default is auto 6 Optional Set the authentication method config network interface modem modem apn 0 auth method config where method is one of the following n none No authentication is required n auto The device will attempt to connect using CHAP first and then PAP n chap Uses the Challenge Handshake Authentication Profile CHAP to authenticate n pap Uses the Password Authentication Pr...

Page 50: ...cellular modem APNs IX14 User Guide 50 config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 51: ...n the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces LAN IPv4 4 For Address change the IP address to an alternate private IP You must also specify the subnet mask It must have the syntax of IPv4_address netmask 5 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line...

Page 52: ...aved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Change the LAN address type By default the LAN interface uses a static IP address To configure it to use a DHCP address instead WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Unde...

Page 53: ...h an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt set the LAN to use a DHCP address config network interface lan ipv4 type dhcp 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be...

Page 54: ...ding on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt set the SIM PIN config modem modem pin pin config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your d...

Page 55: ... device n Banner Optional Enter banner text to appear when a user logs into the device 5 Expand Scheduled tasks n Reboot time Optional If you want to reboot the system daily enter the time for the daily reboot n Expand System maintenance l Start time Duration window Enter a start time and duration window for system maintenance l Frequency Enter the frequency for the maintenance window l Select Mod...

Page 56: ...full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Provide the system information settings n Optional Set a name for the device This name will appear in log messages and at the command prompt config system name 192 168 3 1 ...

Page 57: ...number between 0 and 24 l Configure the frequency that the maintenance tasks should be run system schedule maintenance frequency value config where value is either daily or weekly daily is the default l Configure the device to look for any updated modem firmware during the maintenance window If updated firmware is found it will then be installed The device will look for updated firmware both on th...

Page 58: ...onfigure log options n Optional Set the minimum time between sending heartbeat status events config system log heartbeat_interval value config where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set heartbeat_interval to ten minutes enter either 10m or 600s config system log heartbeat_interval 600s config The default is 30 minutes n...

Page 59: ... events related to location information or change the status interval for location status event logging from the default of 30 minutes config system log event location status false config system log event location status_interval value config l Disable status events related to modem information or change the status interval for modem status event logging from the default of 5 minutes config system...

Page 60: ...ig l Disable error or informational logging of speed test results config system log event speed error false config system log event speed info false config l Disable status events related to network statistics or change the status interval for network statistics event logging from the default of 30 minutes config system log event network status false config system log event network status_interval...

Page 61: ... send error events config system log remote 1 error true config system log remote 1 n To send informational events config system log remote 1 info true config system log remote 1 n To send status events config system log remote 1 status true config system log remote 1 11 Save the configuration and apply the change config save Configuration saved 12 Type exit to exit the Admin CLI Depending on your...

Page 62: ...e the Bluetooth service as needed 5 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable or disabl...

Page 63: ...Initial configuration Enable or disable Bluetooth service IX14 User Guide 63 n To disable the Bluetooth service config service bluetooth enable false config ...

Page 64: ... and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Note You will not see the IX14 Bluetooth service listed on your smart phone or tablet ...

Page 65: ...ces These interfaces can be bridged in a Local Area Network LAN or assigned to a Wide Area Network WAN This chapter contains the following topics Wireless Wide Area Networks WWANs 66 Local Area Networks LANs 119 Show Surelink status and statistics 149 IX14 User Guide 65 ...

Page 66: ... modem is connected and has an IP address Use the SIM failover options to configure the IX14 device to automatically recover the modem in the event that it cannot obtain an IP address See Configure a Wireless Wide Area Network WWAN for details about SIM failover n The type of probe test to be performed one of l Test another interface s status Used to create a failover or coupled relationship betwe...

Page 67: ...arget is configured determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets Order of precedence for SureLink actions If multiple SureLink actions such as restarting the interface and rebooting the device are enabled the following order of precedence is used 1 Restart interface 2 Switch to the alternate SIM 3 Reset the modem 4 Rebo...

Page 68: ...ure The interface will restart again 7 Seventh Surelink failure The device will reboot To configure the IX14 device to regularly probe connections through the WWAN WebUI SureLink can be configured for both IPv4 and IPv6 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 ...

Page 69: ... If Switch SIM is enabled for Switch SIM fail count type or select the number of times that the Surelink test must fail before the modem switches to the alternate SIM The default is 5 Note The SureLink Switch SIM option differs from the SIM failover option which is set during WWAN configuration SIM failover applies when the modem is unable to connect to a cellular network whereas Switch SIM applie...

Page 70: ...DNS query to the DNS servers configured for this interface n Test the interface status The interface is considered to be down based on l Down time The amount of time that the interface can be down before this test is considered to have failed Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Down time to ten minutes enter 1...

Page 71: ...into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Create a new WWAN or edit an existing one n To create a new WWAN see Configure a Wireless Wide Area Network WWAN n To edit an exis...

Page 72: ...tween 1 through 5 The default is 1 7 SIM switching is enabled by default To disable config network interface my_wwan ipv4 surelink switch_sim false config network interface my_wwan ipv4 surelink Note The SureLink switch_sim option differs from the sim_failover option which is set during WWAN configuration sim_failover applies when the modem is unable to connect to a cellular network whereas switch...

Page 73: ...where value is one of n ping Tests connectivity by sending an ICMP echo request to a specified hostname or IP address l Specify the hostname or IP address config network interface my_wwan ipv4 surelink target 0 ping_ host host config network interface my_wwan ipv4 surelink target 0 l Optional Set the size in bytes of the ping packet config network interface my_wwan ipv4 surelink target 0 ping_ siz...

Page 74: ...t of time to wait for an initial connection to the interface before this test is considered to have failed config network interface my_wwan ipv4 surelink target 0 interface_timeout value config network interface my_wwan ipv4 surelink target 0 The default is 60 seconds l other Allows you to test another interface s status to create a failover or coupled relationship between interfaces config networ...

Page 75: ...fail Optional Repeat to add additional test targets 11 Optional active recovery configuration parameters a Move back two levels in the configuration by typing config network interface my_wwan ipv4 surelink target 0 config network interface my_wwan ipv4 surelink b Set the Interval between connectivity tests config network interface my_wwan ipv4 surelink interval value config network interface my_ww...

Page 76: ...ce to automatically recover the modem in the event that it cannot obtain an IP address See Configure a Wireless Wide Area Network WWAN for details about SIM failover n Enable device reboot upon interface failure n The type of probe test to be performed one of l Test another interface s status Used to create a failover or coupled relationship between two interfaces Requires the name of the alternat...

Page 77: ...s displayed 3 Click Network Interfaces 4 Create a new interface or select an existing one n To create a new interface see Configure a Wireless Wide Area Network WWAN n To edit an existing interface click to expand the appropriate interface 5 After creating or selecting the interface click IPv4 or IPv6 SureLink 6 Enable SureLink SureLink can be enabled for both IPv4 and IPv6 configurations By defau...

Page 78: ...mple if Expected status is set to Down but the alternate interface is determined to be up then this test will fail n Ping test Tests connectivity by sending an ICMP echo request to the hostname or IP address specified in Ping host You can also optionally change the number of bytes in the Ping payload size n DNS test Tests connectivity by sending a DNS query to the specified DNS server n HTTP test ...

Page 79: ... the device should wait for a response to a probe attempt before considering it to have failed Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Response timeout to ten minutes enter 10m or 600s The default is 15 seconds 13 Optional Repeat this procedure for IPv6 14 Click Apply to save the configuration and apply the change...

Page 80: ...ink restart_attempts int config network interface my_wwan ipv4 surelink where int is any number greater than 0 The default is 1 6 Set the device to reboot when the interface is considered to have failed config network interface my_wwan ipv4 surelink reboot true config network interface my_wwan ipv4 surelink Note If the reboot parameter is enabled at the same time as the restart parameter the reboo...

Page 81: ...arget 0 n dns_configured Tests connectivity by sending a DNS query to the DNS servers configured for this interface n http Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL l Specify the url config network interface my_wwan ipv4 surelink target 0 http_ url value config network interface my_wwan ipv4 surelink target 0 where value uses the format http s hostname path n ...

Page 82: ... 0 other_interface Interface The network interface Format network interface defaultip network interface defaultlinklocal network interface lan network interface loopback network interface modem Current value config network interface my_wan ipv4 surelink target 0 other_interface ii Set the interface For example config network interface my_wan ipv4 surelink target 0 other_interface network interface...

Page 83: ...r the interface should fail over based on the failure of one of the test targets or all of the test targets config network interface my_wwan ipv4 surelink success_condition value config network interface my_wwan ipv4 surelink Where value is either one or all d Set the number of probe attempts before the WAN is considered to have failed config network interface my_wwan ipv4 surelink attempts num co...

Page 84: ...ity tests You can also disable DNS lookup or other internet activity while retaining the SureLink interface test WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Select the appropriate WAN or WWAN on which SureLink should be disabled 5 ...

Page 85: ...ork interface modem ipv4 surelink enable false config network interface modem 5 Save the configuration and apply the change config network interface my_wwan ipv4 surelink save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Disable DNS lookup Alternatively you can...

Page 86: ...lick Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Select the appropriate WAN or WWAN on which SureLink should be disabled 5 After selecting the WAN or WWAN click IPv4 SureLink 6 Click to expand Test targets 7 Click to expand the second test target This test target has its Test type set to Test DNS servers configured for this interface ...

Page 87: ...Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Change to WAN or WWAN s node in the configuration schema For example to disable SureLink for an interface named my_wan config network interface my_wan config network interface my_wan 4 Determine the index number of the target config network interface my_wan show ip...

Page 88: ... the IX14 device cannot connect to the network using SIM1 it automatically fails over to SIM2 IX14 devices automatically use the correct cellular module firmware for each carrier when switching SIMs Configure cellular modem Configuring the IX14 s cellular modem involves configuring the following items Required configuration items n Enable the cellular modem The cellular modem is enabled by default...

Page 89: ...orks WWANs IX14 User Guide 89 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Modems Modem ...

Page 90: ...r switching is enabled by default 9 For Access technology select the type of cellular technology that this modem should use to access the cellular network or select All technologies to configure the modem to use the best available technology The default is All technologies 10 For Antennas select whether the modem should use the main antenna the auxiliary antenna or both the main and auxiliary ante...

Page 91: ...t The default is none 6 Set the maximum number of interfaces This is used when using dual APN SIMs The default is 1 config network modem modem max_intfs int config 7 Carrier switching allows the modem to automatically match the carrier for the active SIM Carrier switching is enabled by default To disable config network modem modem carrier_switch false config 8 Set the type of cellular technology t...

Page 92: ...presented with an Access selection menu Type quit to disconnect from the device Configure cellular modem APNs The IX14 device uses a preconfigured list of Access Point Names APNs when attempting to connect to a cellular carrier for the first time After the device has successfully connected it will remember the correct APN As a result it is generally not necessary to configure APNs However you can ...

Page 93: ...Authentication method select one of the following n None No authentication is required n Automatic The device will attempt to connect using CHAP first and then PAP n CHAP Uses the Challenge Handshake Authentication Profile CHAP to authenticate n PAP Uses the Password Authentication Profile PAP to authenticate If Automatic CHAP or PAP is selected enter the Username and Password required to authenti...

Page 94: ...g 3 At the config prompt type config network interface modem modem apn 0 apn value config where value is the APN for the SIM card 4 Optional To add additional APNs a Use the add command to add a new APN entry For example config add network interface modem modem apn end config network interface modem modem apn 1 b Set the value of the APN config network interface modem modem apn 1 apn value config ...

Page 95: ...uthenticate config network interface modem modem apn 0 username name config network interface modem modem apn 0 password pwd config The default is none 7 Optional To configure the device to bypass its preconfigured APN list and only use the configured APNs config network interface modem modem apn_lock true config 8 Save the configuration and apply the change config save Configuration saved 9 Type ...

Page 96: ...d status and statistics use the show modem name name command show modem name modem modem Telit LM940 IMEI 781154796325698 Model LM940 FW Version 24 01 541_ATT Revision 24 01 541 Status State connected Signal Strength Good 85 dBm Bars 2 5 Access Mode 4G Network Technology CNTI LTE Band B2 Temperature 34C wwan1 Interface APN 1234 IPv4 surelink passing IPv4 address 189 232 229 47 IPv4 gateway 189 232...

Page 97: ...ommand line To unlock a SIM card 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt use the modem puk unlock command to set a new PIN for the SIM card modem puk unlock puk_code new_pin modem_name For example to unlock a SIM card in the mod...

Page 98: ...nal strength LEDs or the signal quality for your device indicate Poor or No service try the following things to improve signal strength n Move the IX14 device to another location n Try connecting a different set of antennas if available n Purchase a Digi Antenna Extender Kit l Antenna Extender Kit 1m l Antenna Extender Kit 3m AT command access To run AT commands from the IX14 command line Command ...

Page 99: ...0 GCAP CGSM OK 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure dual APNs Some cellular carriers offer a dual APN feature that allows a SIM card to be provisioned with two separate APNs that can be used simultaneously For example Verizon offers this service as its Split Data...

Page 100: ... interface WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Increase the maximum number of interfaces allowed for the modem a Click Network Modems Modem b For Maximum number of interfaces type 2 4 Create the WWAN interfaces In this example we will create two inte...

Page 101: ...figure the public APN If the public APN is not configured the IX14 will attempt to determine the APN i Click to expand APN list APN ii For APN type the public APN for your cellular carrier g For Add Interface type WWAN_Private and click h For Interface type select Modem i For Zone select External j For Device select Modem This should be the same modem selected for the WWAN_Public WWAN k Enable APN...

Page 102: ...2 168 2 101 through the private APN a Click Network Routes Policy based routing b Click the to add a new route policy c For Label enter Route through private APN d For Interface select Interface WWAN_Private e Configure the source address i Click to expand Source address ii For Type select IPv4 address iii For Address type 192 168 2 101 f Configure the destination address i Click to expand Destina...

Page 103: ... to enter configuration mode config config 3 Set the maximum number of interfaces for the modem config network modem modem max_intfs 2 config 4 Create the WWAN interfaces a Create the WWANPublic interface config add network interface WWANPublic config network interface WWANPublic b Set the interface type to modem config network interface WWANPublic type modem config network interface WWANPublic c ...

Page 104: ...vice modem config network interface WWANPrivate i Enable APN list only config network interface WWANPrivate apn_lock true config network interface WWANPrivate j Set the private APN config network interface WWANPublic modem apn private_apn config network interface WWANPublic 5 Create the routing policies For example to route all traffic from a device with the IP address of 192 168 2 101 through the...

Page 105: ...ce WWANPrivate config network route policy 1 6 Save the configuration and apply the change config network route policy 1 save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure a Wireless Wide Area Network WWAN Configuring a Wireless Wide Area Network WWAN ...

Page 106: ...covery to detect modem failures for further information n IPv6 configuration l The metric for IPv6 routes associated with the WAN l The relative weight for IPv6 routes associated with the WAN l The IPv6 management priority of the WAN The active interface with the highest management priority will have its address reported as the preferred contact address for central management and direct device acc...

Page 107: ...Match SIM by select a SIM matching criteria to determine when this WWAN should be used n If SIM slot is selected for Match SIM slot select which SIM slot must be in active for this WWAN to be used n If Carrier is selected for Match SIM carrier select which cellular carrier must be in active for this WWAN to be used n If PLMN identifier is selected for Match PLMN identifier type the PLMN id that mu...

Page 108: ... be accessible 15 SIM failover is enabled by default which means that the modem will automatically fail over from the active SIM to the next available SIM when the active SIM fails to connect If enabled a For Connection attempts before SIM failover type the number of times that the device should attempt to connect to the active SIM before failing over to the next available SIM b For SIM failover a...

Page 109: ... when multiple interfaces have the same DNS server the interface with the lowest metric will be used for DNS requests n When primary default route Only use the DNS servers provided for this WWAN when the WWAN is the primary route n Never Never use DNS servers for this WWAN The default setting is When primary default route 1 See Configure SureLink active recovery to detect modem failures for inform...

Page 110: ...dem Current value config network interface my_wwan device b Set the device config network interface my_wwan modem device modem config network interface my_wwan 6 Set theSIM matching criteria to determine when this WWAN should be used config network interface my_wwan modem match value config network interface my_wwan Where value is one of n any n carrier Set the cellular carrier must be in active f...

Page 111: ...ace my_wwan n plmn_id Set the PLMN id that must be in active for this WWAN to be used config network interface my_wwan modem plmn_id PLMN_ID config network interface my_wwan n sim_slot Set which SIM slot must be in active for this WWAN to be used config network interface my_wwan modem sim_slot value config network interface my_wwan where value is either 1 or 2 7 Set the PIN for the SIM Leave blank...

Page 112: ...technology config network interface my_wwan modem operator_technology value config network interface my_wwan where value is one of n all The best available technology will be used n 2G Only 2G technology will be used n 3G Only 3G technology will be used n 4G Only 4G technology will be used n NR5G NSA Only 5G non standalone technology will be used n NR5G SA Only 5G standalone technology will be use...

Page 113: ...lular carrier for the first time After the device has successfully connected it will remember the correct APN As a result it is generally not necessary to configure APNs See Configure cellular modem APNs for further information and instructions for setting an APN 13 Optional To configure the IP address of a custom gateway or a custom netmask a Enable the custom gateway config network interface my_...

Page 114: ...e config network interface my_wwan b Set the MTU config network interface my_wwan ipv4 mtu num config network interface my_wwan c Configure when the WWAN s DNS servers will be used config network interface my_wwan ipv4 dns value config network interface my_wwan Where value is one of n always DNS will always be used for this WWAN when multiple interfaces have the same DNS server the interface with ...

Page 115: ...01 30 modem IPv6 down 3 Additional information can be displayed by using the show network verbose command show network verbose Interface Proto Status Type Zone Device Metric Weight defaultip IPv4 up static setup LAN 10 10 defaultlinklocal IPv4 up static setup LAN 0 10 LAN IPv4 up static internal LAN 5 10 LAN IPv6 up static internal LAN 5 10 loopback IPv4 up static loopback loopback 0 10 modem IPv4...

Page 116: ... IPv6 DNS Server s fd00 244 1 fe80 234 f3f4 fe0e 4320 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a WWAN Follow this procedure to delete any WANs and WWANs that have been added to the system You cannot delete the preconfigured WAN LAN or the preconfigured WWAN Modem WebUI ...

Page 117: ...the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Use the del command to delete the WAN or WWAN For example to delete a WWAN named my_wwan config del network interface my_wwan 4 Save th...

Page 118: ...reless Wide Area Networks WWANs IX14 User Guide 118 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 119: ...th the following Local Area Networks LANs You can modify configuration settings for LAN and you can create new LANs This section contains the following topics About Local Area Networks LANs 120 Configure a LAN 120 Show LAN status and statistics 127 Delete a LAN 129 DHCP servers 131 Create a Virtual LAN VLAN route 147 ...

Page 120: ...is being used by a WAN with the same IP subnet you should change the default IP address and subnet of LAN1 Additional configuration items n Additional IPv4 configuration l The metric for IPv4 routes associated with the LAN l The relative weight for IPv4 routes associated with the LAN l The IPv4 management priority of the LAN The active interface with the highest management priority will have its a...

Page 121: ...ing LAN WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Create the LAN or select an existing LAN n To create a new LAN for Add interface type a name for the LAN and click n To edit an existing LAN click to expand the LAN The Interface ...

Page 122: ... default e Type the Server Password for the authentication server f Set the Reauth period g Optional Click to expand Accounting h Click Enable server to enable 802 1x authentication auditing on the IX14 device i Type the Server IP address of the auditing server j Server Port number defaults to 1813 Type a new port number for the auditing server if different than the default k Type the Server Passw...

Page 123: ...ck c Type the MAC address 13 Optional Click to expand MAC address allowlist If allowlist entries are specified incoming packets will only be accepted from the listed MAC addresses a Click to expand MAC address allowlist b For Add MAC address click c Type the MAC address 14 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full A...

Page 124: ...rk interface my_lan device device config network interface my_lan 6 Configure IPv4 settings n IPv4 support is enabled by default To disable config network interface my_lan ipv4 enable false config network interface my_lan n The LAN is configured by default to use a static IP address for its IPv4 configuration To configure the LAN to be a DHCP client rather than using a static IP addres config netw...

Page 125: ...onfig network interface my_lan ipv6 type dhcpv6 config network interface my_lan c Generally the default settings for IPv6 support are sufficient You can view the default IPv6 settings by using the question mark config network interface my_lan ipv6 IPv6 Parameters Current Value enable true Enable metric 0 Metric mgmt 0 Management priority mtu 1500 MTU prefix_id 1 Prefix ID prefix_length 48 Prefix l...

Page 126: ... interface my_lan 802_1x authentication ip IPv4_ address config network interface my_lan c Set the password for the authentication server config network interface my_lan 802_1x authentication password password config network interface my_lan d The authentication server port number defaults to 1812 To set an alternate port number config network interface my_lan 802_1x authentication port port confi...

Page 127: ...network interface my_lan add mac_denylist end mac_address config network interface my_lan where mac_address is a hyphen separated MAC address for example 32 A6 84 2E 81 58 b Repeat for each additional MAC address 10 Optional Configure the MAC address allowlist If allowlist entries are specified incoming packets will only be accepted from the listed MAC addresses a Add a MAC address to the allowlis...

Page 128: ...Pv6 up fd00 2704 1 48 loopback IPv4 up 127 0 0 1 8 modem IPv4 up 10 200 1 101 30 modem IPv6 down 3 Additional information can be displayed by using the show network verbose command show network verbose Interface Proto Status Type Zone Device Metric Weight defaultip IPv4 up static setup LAN 10 10 defaultlinklocal IPv4 up static setup LAN 0 10 LAN IPv4 up static internal LAN 5 10 LAN IPv6 up static ...

Page 129: ...ic 5 IPv6 Weight 10 IPv6 DNS Server s 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a LAN Follow this procedure to delete any LANs that have been added to the system You cannot delete the preconfigured LAN LAN1 WebUI 1 Log into the IX14 WebUI as a user with full Admin access...

Page 130: ...e configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Use the del command to delete the LAN For example to delete a LAN named my_lan config del network interface my_lan 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Adm...

Page 131: ...the device to use its local DHCP server For instructions about configuring the device to use a DHCP relay server see Configure DHCP relay Required configuration items n Enable the DHCP server Additional configuration items n The lease address pool the range of IP addresses issued by the DHCP server to clients n Lease time The length in minutes of the leases issued by the DHCP server n The Maximum ...

Page 132: ...or example 192 168 2 xxx The remainder of the IP address will be based on the LAN s static IP address as defined in the Address field Allowed values are between 1 and 254 and the default is 100 for Lease range start and 250 for Lease range end 9 Optional DHCP server settings a Click to expand Advanced settings b For Gateway select either n None No gateway is broadcast by the DHCP server Client des...

Page 133: ...ection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable the DHCP server for an existing LAN For example to enable the DHCP server for a LAN named my_lan config network interface my_lan ipv4 dhcp_server enable true config See Configure a LAN for information about creating a LAN 4 Optional Set the amount of time that a DHCP ...

Page 134: ...way value config where value is one of n none No gateway is broadcast by the DHCP server Client destinations must be resolvable without a gateway n auto Broadcasts the IX14 device s gateway n custom Allows you to identify the IP address of a custom gateway to be broadcast config network interface my_lan ipv4 dhcp_server advanced gateway_custom ip_address config The default is auto c Determine how ...

Page 135: ...interface my_lan ipv4 dhcp_server advanced primary_ wins value config network interface my_lan ipv4 dhcp_server advanced secondary_wins value config where value is one of n none No server is broadcast n auto Broadcasts the IX14 device s server n custom Allows you to identify the IP address of the server For example config network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_add...

Page 136: ...from the device Map static IP addresses to hosts You can configure the DHCP server to assign static IP addresses to specific hosts Required configuration items n IP address that will be mapped to the device n MAC address of the device Additional configuration items n A label for this instance of the static lease To map static IP addresses WebUI 1 Log into the IX14 WebUI as a user with full Admin a...

Page 137: ...ply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a static lease to the DHCP server configuration for an existing LAN For example to add stati...

Page 138: ... change config network interface my_lan ipv4 dhcp_server advanced static_lease 0 save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show current static IP mapping To view your current static IP mapping WebUI 1 Log into the IX14 WebUI as a user with Admin access ...

Page 139: ...iguration mode config cancel 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete static IP mapping entries To delete a static IP entry WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration ...

Page 140: ... CLI 2 At the command line type config to enter configuration mode config config 3 Show the static lease configuration For example to show the static leases for a lan named my_lan config show network interface my_lan ipv4 dhcp_server advanced static_ lease 0 ip 192 168 2 10 mac BF C3 46 24 0E D9 no name 1 ip 192 168 2 11 mac E3 C1 1F 65 C3 0E no name config 4 Use the del index_number command to de...

Page 141: ...u can also force the command to be sent to the clients DHCP options can be set on a per LAN basis or can be set for all LANs A total of 32 DHCP options can be configured Required configuration items n DHCP option number n Value for the DHCP option Additional configuration items n The data type of the value n Force the option to be sent to the DHCP clients n A label for the custom option WebUI 1 Lo...

Page 142: ...dmin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a custom DHCP option to the DHCP server configuration for an existing LAN For example to add static lease to a LAN named my_lan config add network interface my_lan ipv4 dhcp_...

Page 143: ...pv4 dhcp_server advanced custom_option 0 9 Optional Set the data type that the option uses If the incorrect data type is selected the device will send the value as a string config network interface my_lan ipv4 dhcp_server advanced custom_option 0 datatype value config network interface my_lan ipv4 dhcp_server advanced custom_option 0 where value is one of n 1byte n 2byte n 4byte n hex n ipv4 n str...

Page 144: ...se received Configuring DHCP relay involves the following items Required configuration items n Disable the DHCP server if it is enabled n IP address of the primary DHCP relay server to define the relay server that will respond to DHCP requests Additional configuration items n IP address of additional DHCP relay servers WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On th...

Page 145: ...ork interface my_lan ipv4 dhcp_relay end config network interface lan1 my_lan dhcp_relay 0 See Configure a LAN for information about creating a LAN 4 Set the IP address of the DHCP relay server config network interface my_lan ipv4 dhcp_relay 0 address 10 10 10 10 config network interface my_lan ipv4 dhcp_relay 0 5 Optional Add additional DHCP relay servers a Move back one step in the configuration...

Page 146: ...atus to monitor which devices have been given IP configuration by the IX14 device and to diagnose DHCP issues WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 On the main menu click Status 3 Under Networking click DHCP Leases Command line 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection me...

Page 147: ... Virtual LANs VLANs allow splitting a single physical LAN into separate Virtual LANs This is useful for security reasons and also helps to reduce broadcast traffic on the LAN Required configuration items n Device to be assigned to the VLAN n The VLAN ID The TCP header uses the VLAN ID to identify the destination VLAN for the packet To create a VLAN WebUI 1 Log into the IX14 WebUI as a user with fu...

Page 148: ...ion mode config config 3 Add the VLAN config add network vlan name config 4 Set the device to be used by the VLAN a View a list of available devices config network vlan vlan1 device Device The Ethernet device to use for this virtual LAN Format network device lan network device loopback network vlan vlan1 Current value config network vlan vlan1 b Add the device config network vlan vlan1 device netw...

Page 149: ...Admin CLI prompt type show surelink interface all Interface Test Proto Last Response Status LAN Interface is up IPv4 32 seconds Passing LAN Interface s DNS servers DNS IPv4 28 seconds Passing LAN Interface is up IPv4 21 seconds Passing LAN Interface s DNS servers DNS IPv4 20 seconds Passing modem Interface is up IPv4 115 seconds Passing modem Interface s DNS servers DNS IPv4 114 seconds Passing 3 ...

Page 150: ...in to access the Admin CLI 2 At the Admin CLI prompt type show surelink ipsec all IPsec Test Last Response Status test 194 43 79 74 Ping 29 seconds Passed test 194 43 79 75 Ping 5 seconds Passed test1 194 43 79 74 Ping 21 seconds Failed test2 194 43 79 75 Ping 21 seconds Waiting for result 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access ...

Page 151: ...in CLI prompt type show surelink openvpn all OpenVPN Client Test Last Response Status test_client1 194 43 79 74 Ping 29 seconds Passed test_client1 194 43 79 75 Ping 5 seconds Passed test_client2 194 43 79 74 Ping 21 seconds Failed test_client2 194 43 79 75 Ping 21 seconds Waiting for result 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Acces...

Page 152: ...ent1 OpenVPN Client Test Last Response Status test_client1 194 43 79 74 Ping 29 seconds Passed test_client1 194 43 79 75 Ping 5 seconds Passed 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 153: ...s socket level access to ports n Application Provides access to the serial device from Python applications n UDP serial Provides access to the serial port using UDP n Modbus Allows the device to function as a Modbus protocol gateway View serial port information n Show serial status and statistics n Log serial port messages Default serial port configuration The IX14 default serial port configuratio...

Page 154: ...able toggle off Enable 4 For Mode select Login This is the default 5 Optional For Label enter a label that will be used when referring to this port 6 Expand Serial Settings The entries in the following fields must match the information for the power controller Refer to your power controller manual for the correct entries a Baud rate For Baud rate select the baud rate used by the device to which yo...

Page 155: ...ice configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 The serial port is enabled by default To disable config serial port1 enable false config 4 Set the mode config serial port1 mode login config 5 Optional Set a label that will be used when referring to this port config ...

Page 156: ... saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure Remote Access mode Remote Access mode allows for remote access to another device that is connected to the serial port To change the configuration to match the serial configuration of the device to which you want to con...

Page 157: ...device to which you want to connect The default is 8 c Parity For Parity select the type of parity used by the device to which you want to connect The default is None d Stop bits For Stop bits select the number of stop bits used by the device to which you want to connect The default is 1 e Flow control For Flow control select the type of flow control used by the device to which you want to connect...

Page 158: ...sion Settings a Enable Exclusive access to limit access to the serial port to a single active session b For Escape sequence type the characters used to start an escape sequence If no characters are defined the escape sequence is disabled The default is b c For History size type or select the number of bytes of output from the serial port that are written to buffer These bytes are redisplayed when ...

Page 159: ...fault To disable config serial port1 enable false config 4 Set the mode config serial port1 mode remoteaccess config 5 Optional Set a label that will be used when referring to this port config path paramlabel label config 6 Set the baud rate used by the device to which you want to connect config path parambaudrate rate config 7 Set the number of data bits used by the device to which you want to co...

Page 160: ... the number of bytes of output from the serial port that are written to buffer These bytes are redisplayed when a user connects to the serial port config path paramhistory bytes config The default is 4000 bytes d Set the amount of time to wait before disconnecting due to user inactivity config path paramidle_timeout value config where value is any number of weeks days hours minutes or seconds and ...

Page 161: ...ication mode Application mode provides access to the serial device from Python applications To change the configuration to match the serial configuration of the device to which you want to connect WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 On the menu click System Under Configuration click Serial Configuration The Serial Configuration page is displayed Note You can also configur...

Page 162: ...epending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 The serial port is enabled by default To disable config serial port1 enable false config 4 Set the mode config serial port1 mode application config 5 Optional Set a label that will be used when refe...

Page 163: ... Configuration click Serial Configuration The Serial Configuration page is displayed Note You can also configure the serial port by using Device Configuration Serial Changes made by using either Device Configuration or Serial Configuration will be reflected in both 3 Click to expand the port that you want to configure for UDP serial mode The serial port is enabled by default To disable toggle off ...

Page 164: ...t 7 Expand Data Framing Settings a Click Enable to enable the data framing feature b For Maximum Frame Count enter the maximum size of the packet The default is 1024 c For Idle Time enter the length of time the device should wait before sending the packet d For End Pattern enter the end pattern The packet is sent when this pattern is received from the serial port e Click Strip End Pattern if you w...

Page 165: ...which data should be sent 9 Click Apply to save the configuration and apply the change The Apply button is located at the top of the WebUI page You may need to scroll to the top of the page to locate it Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access ...

Page 166: ...ne The default is none 9 Set the stop bits used by the device to which you want to connect config serial port1 label stopbits bits config 10 Set the type of flow control used by the device to which you want to connect config serial port1 label flow type config Allowed values are n none n rts cts n xon xoff The default is none 11 Enable data framing config serial port1 framing enable true config 12...

Page 167: ...the remote sites to which you want to send data If you do not specify any destinations the IX14 send new data to the last hostname and port from which data was received To add a destination i Add a destination config add serial port1 upd destination end config serial port1 udp destination 0 ii Optional Enter a description of the destination config serial port1 udp destination 0 description string ...

Page 168: ...Serial Configuration page is displayed Note You can also configure the serial port by using Device Configuration Serial Changes made by using either Device Configuration or Serial Configuration will be reflected in both 3 Click the name of the port that you want to configure The serial port is enabled by default To disable toggle off Enable 4 For Mode select Modbus 5 Optional For Label enter a lab...

Page 169: ...e default is None 1 Set the baud rate used by the device to which you want to connect config path parambaudrate rate config 2 Set the number of data bits used by the device to which you want to connect config path paramdatabits bits config 3 Set the type of parity used by the device to which you want to connect config path paramparity parity config Allowed values are n even n odd n none The defaul...

Page 170: ...our power controller manual for the correct entries a Baud rate For Baud rate select the baud rate used by the device to which you want to connect The default is 115000 b Data bits For Data bits select the number of data bits used by the device to which you want to connect The default is 8 c Parity For Parity select the type of parity used by the device to which you want to connect The default is ...

Page 171: ...your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show serial status and statistics To show the status and statistics for the serial port WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 On the main menu click Status 3 Under Connections click Serial Command line 1 Log into the IX14 command line as a user with Admin acc...

Page 172: ...1 Log into the IX14 WebUI as a user with Admin access 2 On the main menu click Status 3 Under Connections click Serial 4 Click Log The Serial port log window displays 5 Click Start to start serial port logging 6 Click Stop to stop serial port logging if it has been started 7 Click Refresh to refresh the log display 8 Click Download to download the serial port log 9 Optional For Log size configure ...

Page 173: ...4 Authentication groups 182 Local users 191 Terminal Access Controller Access Control System Plus TACACS 205 Remote Authentication Dial In User Service RADIUS 212 LDAP 218 Configure serial authentication 225 Disable shell access 227 Set the idle timeout for IX14 users 229 Example user configuration 232 IX14 User Guide 173 ...

Page 174: ...ns for a group You can modify the released groups and create additional groups as needed for your site A user can be assigned to more than one group n admin Provides the logged in user with administrative and shell access n serial Provides the logged in user with access to serial ports Users Defines local users for the IX14 n admin Belongs to both the admin and serial groups TACACS Configures supp...

Page 175: ...tion Dial In User Service RADIUS for information about configuring RADIUS authentication n TACACS Users authenticated by using a remote TACACS server for authentication See Terminal Access Controller Access Control System Plus TACACS for information about configuring TACACS authentication n LDAP Users authenticated by using a remote LDAP server for authentication See LDAP for information about con...

Page 176: ...o be used To add an authentication method WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Methods 4 For Add Method click 5 Select the appropriate authentication type for the new method from the Method drop down ...

Page 177: ...n you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add the new authentication method to the appropriate location in the list n To determine the current list of authentication methods a Log into the IX14 command line as a user with full Admin access rights Depending on your device conf...

Page 178: ...radius tacacs or ldap n You can also use the move command to rearrange existing methods See Rearrange the position of authentication methods for information about how to reorder the authentication methods 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selectio...

Page 179: ...user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Use the show auth method command to determine the index number of the authentication method to be deleted config show auth method 0 local 1 radius 2 tacacs config...

Page 180: ...sented with an Access selection menu Type quit to disconnect from the device Rearrange the position of authentication methods WebUI Authentication methods are reordered by changing the method type in the Method drop down for each authentication method to match the appropriate order For example the following configuration has Local users as the first method and RADIUS as the second To reorder these...

Page 181: ...ck Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Use the show command to display current configuration c...

Page 182: ... device by using the WebUI or the Admin CLI l Read only access to the WebUI and Admin CLI n Shell access Users with Shell access have the ability to access the shell when logging into the IX14 via ssh telnet or the serial console Shell access is not available if the Allow shell parameter has been disabled See Disable shell access for more information about the Allow shell parameter n Serial access...

Page 183: ...ndow is displayed 3 Click Authentication Groups 4 Click the authentication group to be changed either admin or serial to expand its configuration node 5 Click the box next to the following options as appropriate to enable or disable access rights for each n Admin access For groups assigned Admin access you can also determine whether the Access level should be Full access or Read only access l Full...

Page 184: ...device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable or disable access rights for the group For example n Admin access l To set the access level for Admin access of the admin group config auth group admin acl admin level value config where value is either o ful...

Page 185: ...oup config auth group admin acl serial enable true config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Add an authentication group Required configuration items n The access rights to be assigned to users...

Page 186: ...he Configuration window is displayed 3 Click Authentication Groups 4 For Add type a name for the group and click The group configuration window is displayed 5 Click the following options as appropriate to enable or disable access rights for each n Admin access For groups assigned Admin access you can also determine whether the Access level should be Full access or Read only access where value is e...

Page 187: ...tional Configure captive portal access a Enable captive portal access rights for users of this group by checking the box next to Captive portal access b Click Captive portals to expand the Captive portal node c For Add Captive portal click d In the Captive portal dropdown select a captive portal to which users of this group will have access e Click again to add additional captive portals 9 Optiona...

Page 188: ...vides users of this group with read only access to the WebUI and Admin CLI The default is full n Shell access config auth group test acl shell enable true config Shell access is not available if the Allow shell parameter has been disabled See Disable shell access for more information about the Allow shell parameter n Serial access config auth group test acl serial enable true config 5 Optional Con...

Page 189: ...acl bluetooth_scanner enable true config 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete an authentication group By default the IX14 device has two preconfigured authentication groups admin and seria...

Page 190: ...ghts Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth group groupname 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your devi...

Page 191: ... the device and is the most critical security feature for the device If you reset the device to factory defaults you must log in using the default user and password and you should immediately change the password to a custom password Before deploying or mounting the IX14 device record the default password so you have the information available when you need it even if you cannot physically access th...

Page 192: ...assword The password must be at least eight characters long and must contain at least one uppercase letter one lowercase letter one number and one special character For the admin user the password field can be left blank n If the password field for the admin user is left blank the admin user s password will be the default password printed on the device s label n If the admin user s password has be...

Page 193: ...de 193 You can also change the password for the active user by clicking the user name in the menu bar The active user must have full Admin access rights to be able to change the password 6 Click Apply to save the configuration and apply the change ...

Page 194: ...n you may be presented with an Access selection menu Type quit to disconnect from the device Configure a local user Required configuration items n A username n A password The password must be at least eight characters long and must contain at least one uppercase letter one lowercase letter one number and one special character For security reasons passwords are stored in hash form There is no way t...

Page 195: ... type for two factor authentication Either time based or counter based l The security key l Whether to allow passcode reuse time based verification only l The passcode refresh interval time based verification only l The valid code window size l The login limit l The login limit period l One time use eight digit emergency scratch codes To configure a local user WebUI 1 Log into the IX14 WebUI as a ...

Page 196: ...ne uppercase letter one lowercase letter one number and one special character 7 Click to expand Login failure lockout The login failure lockout feature is enabled by default To disable click to toggle off Enable a For Lockout tries type the number of unsuccessful login attempts before the user is locked out of the device The default is 5 b For Lockout duration type the amount of time that the user...

Page 197: ...er c Select the Verification type n Time based TOTP Time based One Time Password TOTP authentication uses the current time to generate a one time password n Counter based HOTP HMAC based One Time Password HOTP uses a counter to validate a one time password d Generate a Secret key i Click next to the field label and select Generate secret key ii Copy the secret key for use with an application or mo...

Page 198: ...od to ten minutes enter 10m or 600s j Scratch codes are emergency codes that may be used once at any time To add a scratch code i Click Scratch codes ii For Add Code click iii For Code enter the scratch code The code must be eight digits with a minimum of 10000000 iv Click again to add additional scratch codes 11 Click Apply to save the configuration and apply the change Command line 1 Log into th...

Page 199: ...is locked out of the device where value is any integer The minimum value is 1 and the default value is 5 b Set the amount of time that the user is locked out after the number of unsuccessful login attempts defined in lockout tries config auth user new_user lockout duration value config auth user new_user where value is any number of minutes or seconds and takes the format number m s For example to...

Page 200: ...w_user ssh_key b Add the key by using the ssh_key command and pasting or typing a public encryption key that this user can use for passwordless SSH login config auth user new_user ssh_key ssh_key key config auth user new_user ssh_key 9 Optional Configure two factor authentication for SSH telnet and serial console login a Change to the user s two factor authentication node config auth user new_user...

Page 201: ...h_interval 600s config auth user name 2fa The default is 30s g Configure the valid code window size This represents the allowed number of concurrently valid codes In cases where TOTP is being used increasing the valid code window size may be necessary when the clocks used by the server and client are not synchronized config auth user new_user 2fa window_size 3 config auth user new_user 2fa h Confi...

Page 202: ...ew_user 2fa scratch_code Where code is an digit number with a minimum of 10000000 iii To add additional scratch codes use the add end code command again 10 Save the configuration and apply the change config auth user new 2fa scratch_code save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to...

Page 203: ...tication Local users IX14 User Guide 203 3 Click Authentication Users 4 Click the menu icon next to the name of the user to be deleted and select Delete 5 Click Apply to save the configuration and apply the change ...

Page 204: ...tion menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth user username 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to discon...

Page 205: ...nd connection parameters to a TACACS server over TCP The TACACS server then authenticates the TACACS client requests and sends back a response message to the device When you are using TACACS authentication you can have both local users and TACACS users able to log in to the device To use TACACS authentication you must set up a TACACS server that is accessible by the IX14 device prior to configurat...

Page 206: ... sudo gedit etc tacacs tac_plus conf 2 Add users to the file using the following format This example will create two users one with admin and serial access and one with only serial access user user1 name User1 for IX14 pap cleartext password1 service system groupname admin serial user user2 name User2 for IX14 pap cleartext password2 service system groupname serial The groupname attribute is optio...

Page 207: ...lable or if the user is not defined on the TACACS server then you should list the TACACS authentication method prior to the Local users authentication method See User authentication methods for more information about authentication methods If the TACACS servers are unavailable and the IX14 device falls back to local authentication only users defined locally on the device are able to log in TACACS ...

Page 208: ...lick Device Configuration The Configuration window is displayed 3 Click Authentication TACACS Servers 4 Add TACACS servers a For Add server click b For Hostname type the hostname or IP address of the TACACS server c Optional Change the default Port setting to the appropriate port Normally this should be left at the default setting of port 49 d For Secret type the TACACS server s shared secret This...

Page 209: ...al Enable Command authorization which instructs the device to communicate with the TACACS server to determine if the user is authorized to execute a specific command Only the first configured TACACS server will be used for command authorization 9 Optional Enable Command accounting which instructs the device to communicate with the TACACS server to log commands that the user executes Only the first...

Page 210: ...ue of the service attribute in the the TACACS server s configuration For example in TACACS user configuration the value of the service attribute in the sample tac_plus conf file is system which is also the default setting in the IX14 configuration config auth tacacs service service name config 6 Optional Enable command authorization which instructs the device to communicate with the TACACS server ...

Page 211: ...n methods are attempted in the order they are listed until the first successful authentication result is returned This example will add TACACS to the end of the list See User authentication methods for information about adding methods to the beginning or middle of the list config add auth method end tacacs config 10 Save the configuration and apply the change config save Configuration saved 11 Typ...

Page 212: ...erver over UDP The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device When you are using RADIUS authentication you can have both local users and RADIUS users able to log in to the device To use RADIUS authentication you must set up a RADIUS server that is accessible by the IX14 device prior to configuration The process of setting up a RADIUS...

Page 213: ...ely if the user is also configured as a local user on the IX14 device and the RADIUS server authenticates the user but does not return any groups the local configuration determines the list of groups See Authentication groups for more information about authentication groups The Unix FTP Group Names attribute can contain one group or multiple groups in a comma separated list 3 Save and close the fi...

Page 214: ... This section describes how to configure a IX14 device to use a RADIUS server for authentication and authorization Required configuration items n Define the RADIUS server IP address or domain name n Define the RADIUS server shared secret n Add RADIUS as an authentication method for your IX14 device Additional configuration items n Whether other user authentication methods should be used in additio...

Page 215: ...et testing123 e For Timeout type or select the amount of time in seconds to wait for the RADIUS server to respond Allowed value is any integer from 3 to 60 The default value is 3 f Optional Click again to add additional RADIUS servers 5 Optional Enable Authoritative to prevent other authentication methods from being used if RADIUS authentication fails Other authentication methods will only be used...

Page 216: ...position of authentication methods for information about rearranging the position of the methods in the list 9 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command li...

Page 217: ...ing to the appropriate port config auth radius server 0 port port config auth radius server 0 d Configure the amount of time in seconds to wait for the RADIUS server to respond Allowed value is any integer from 3 to 60 The default value is 3 config auth radius server 0 timeout value config auth radius server 0 e Optional Repeat the above steps to add additional RADIUS servers 7 Add RADIUS to the a...

Page 218: ... parameters to an LDAP server The LDAP server then authenticates the LDAP client requests and sends back a response message to the device When you are using LDAP authentication you can have both local users and LDAP users able to log in to the device To use LDAP authentication you must set up a LDAP server that is accessible by the IX14 device prior to configuration The process of setting up a LDA...

Page 219: ...ng the following format dn uid john dc example dc com objectClass inetOrgPerson cn John Smith sn Smith uid john userPassword password ou admin serial n The value of uid and userPassword must correspond to the username and password used to log into the IX14 device n The ou attribute is optional If used the value must correspond to authentication groups configured on your IX14 Alternatively if the u...

Page 220: ... server then you should list the LDAP authentication method prior to the Local users authentication method See User authentication methods for more information about authentication methods If the LDAP servers are unavailable and the IX14 device falls back to local authentication only users defined locally on the device are able to log in LDAP users cannot log in until the LDAP servers are brought ...

Page 221: ...server click b For Hostname type the hostname or IP address of the LDAP server c Optional Change the default Port setting to the appropriate port Normally this should be left at the default setting of port 389 for non TLS and 636 for TLS d Optional Click again to add additional LDAP servers 5 Optional Enable Authoritative to prevent other authentication methods from being used if LDAP authenticati...

Page 222: ...ons 10 For User search base type the distinguished name DN on the server to search for users This can be the root of the directory tree for example dc example dc com or a sub tree for example ou People dc example dc com 11 For Login attribute enter the user attribute containing the login of the authenticated user For example in the LDAP user configuration the login attribute is uid If this attribu...

Page 223: ... non secure TCP connection on the LDAP standard port 389 n on Uses an SSL TLS encrypted connection on port 636 n start_tls Makes a non secure TCP connection to the LDAP server on port 389 then sends a request to upgrade the connection to a secure TLS connection This is the preferred method for LDAP The default is off 5 If tls is set to on or start_tls configure whether to verify the server certifi...

Page 224: ...s the user attribute containing the login of the authenticated user For example in the LDAP user configuration the login attribute is uid If this attribute is not set the user will be denied access 10 Optional Set the name of the user attribute that contains the list of IX14 authentication groups that the authenticated user has access to See LDAP user configuration for further information about th...

Page 225: ...result is returned This example will add LDAP to the end of the list See User authentication methods for information about adding methods to the beginning or middle of the list config add auth method end ldap config 14 Save the configuration and apply the change config save Configuration saved 15 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Ac...

Page 226: ... add the public certificates of custom CAs a For Add CA certificate type the name of a custom CA and click b Paste the public certificate for the custom CA in PEM format c Repeat for additional custom CA certificates 8 Click to expand Peer certificates to add the public certificates of trusted peers a For Add Peer certificate type the name of a trusted peer and click b Paste the public certificate...

Page 227: ...authority config add auth serial ca_certs CA cert name cert and private key config where n CA cert name is the name of the certificate for the custom certificate authority n cert and private key is the certificate and private key for the custom certificate authority Repeat for additional custom certificate authorities 7 Save the configuration and apply the change config save Configuration saved 8 ...

Page 228: ... 3 Click Authentication 4 Click to disable Allow shell Note If shell access is disabled re enabling it will erase the device s configuration and perform a factory reset 5 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection...

Page 229: ...figuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Set the idle timeout for IX14 users To configure the amount of time that the user s active session can be inactive before it is automatically disconnected set the Idle timeout parameter By default the Idle timeout is se...

Page 230: ...e the format number w d h m s For example to set Idle timeout to ten minutes enter 10m or 600s 5 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config...

Page 231: ...mber w d h m s For example to set idle_timeout to ten minutes enter either 10m or 600s config auth idle_timeout 600s config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 232: ...ith administrator rights who is authenticated locally on the device WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users 4 In Add User enter a name for the user and click The user configuration window is displayed ...

Page 233: ...ify that Local users is one of the configured authentication methods i Click Authentication Methods ii Verify that Local users is one of the methods listed in the list If not i For Add Method click ii For Method select Local users 7 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your devi...

Page 234: ...inuser config add auth user adminuser config auth user adminuser 6 Assign a password to the user config auth user adminuser password pwd config auth user adminuser 7 Assign the user to the admin group config auth user adminuser add group end admin config auth user adminuser 8 Save the configuration and apply the change config auth user adminuser save Configuration saved 9 Type exit to exit the Adm...

Page 235: ...RADIUS server If the RADIUS server is unavailable 2 The user is authenticated by the TACACS server If both the RADIUS and TACACS servers are unavailable 3 The user is authenticated by the IX14 device using local authentication This example uses a FreeRadius 3 0 server running on ubuntu and a TACACS server running on ubuntu Server configuration may vary depending on the platforms or type of servers...

Page 236: ... Group Names parameter c Save and close the users file 2 Configure a user on the TACACS server a On the ubuntu machine hosting the TACACS server open the etc tacacs tac_plus conf file sudo gedit etc tacacs tac_plus conf b Add a TACACS user to the tac_plus conf file user admin1 name Admin1 for TX64 pap cleartext password1 service system groupname admin In this example n The user s username is admin...

Page 237: ... methods a Click Authentication Methods b For Method select RADIUS c For Add Method click to add a new method d For the new method select TACACS e Click to add another new method f For the new method select Local users 6 Create the local user a Click Authentication Users b In Add User type admin1 and click c For password type password1 ...

Page 238: ... set to Full access If not select Full access 7 Click Apply to save the configuration and apply the change Command line 1 Configure a user on the RADIUS server a On the ubuntu machine hosting the FreeRadius server open the etc freeradius 3 0 users file sudo gedit etc freeradius 3 0 users b Add a RADIUS user to the users file admin1 Cleartext Password password1 Unix FTP Group Names admin In this ex...

Page 239: ...ameter c Save and close the tac_plus conf file 3 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 4 At the command line type config to enter configuration mode config config 5 Configure the authentication methods a Determine the current authentication m...

Page 240: ...h group admin acl admin level full config 7 Configure the local user a Create a local user with the username admin1 config add auth user admin1 config auth user admin1 b Assign a password to the user config auth user adminuser password password1 config auth user adminuser c Assign the user to the admin group config auth user adminuser add group end admin config auth user adminuser 8 Save the confi...

Page 241: ...his chapter contains the following topics Firewall configuration 242 Port forwarding rules 247 Packet filtering 255 Configure custom firewall rules 263 Configure Quality of Service options 264 IX14 User Guide 241 ...

Page 242: ...way l Setup Used for interfaces involved in the initial setup of the device By default the firewall will only allow this zone to access administration services l IPsec The default zone for IPsec tunnels l Dynamic routes Used for routes learned using routing services n Port forwarding A list of rules that allow network connections to the IX14 to be forwarded to other servers by translating the dest...

Page 243: ...ranslation NAT 6 Click Apply to save the configuration and apply the change See Configure the firewall zone for a network interface for information about how to configure network interfaces to use a zone Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access...

Page 244: ...e firewall zone for a network interface for information about how to configure network interfaces to use a zone Configure the firewall zone for a network interface Firewall zones allow you to group network interfaces for the purpose of packet filtering and access control There are several preconfigured firewall zones and you can create custom zones as well The firewall zone that a network interfac...

Page 245: ...ange Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config network interface LAN zone my_zone config ...

Page 246: ... from the device Delete a custom firewall zone You cannot delete preconfigured firewall zones To delete a custom firewall zone WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Zones 4 Click the menu icon next to the appropriate custom firewall zone...

Page 247: ...a public network from accessing servers on the private network To allow a computer on the Internet to connect to a specific server on a private network set up one or more port forwarding rules Port forwarding rules provide mapping instructions that direct incoming traffic to the proper device on a LAN Configure port forwarding Required configuration items n The network interface for the rule Netwo...

Page 248: ...e IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Port forwarding 4 For Add port forward click The port forwarding rule configuration window is displayed Port forwarding rules are enabled by default To disable click to toggle off Enable 5 Optional Type a Label that wi...

Page 249: ...hich traffic should be forwarded For example to forward traffic to ports one three and five through ten enter 1 3 5 10 12 Optional Click Access control list to create a white list of devices that are authorized to leverage this forwarding rule based on either the IP address or firewall zone n To white list IP addresses a Click Addresses b For Add Address enter an IP address and click c Repeat for ...

Page 250: ...he IP address of this network interface Format defaultip defaultlinklocal lan loopback modem Current value config firewall dnat 0 interface b Set the interface For example config firewall dnat 0 interface LAN config firewall dnat 0 5 Set the IP version Allowed values are ipv4 and ipv6 The default is ipv4 config firewall dnat 0 ip_version ipv6 config firewall dnat 0 6 Set the public facing port num...

Page 251: ...ne three and five through ten enter 1 3 5 10 10 Optional To create a white list of devices that are authorized to leverage this forwarding rule based on either the IP address or firewall zone change to the acl node config firewall dnat 0 acl config firewall dnat 0 acl n To white list an IP address l For IPv4 addresses config firewall dnat 0 acl add address end ip address config firewall dnat 0 acl...

Page 252: ...nfiguration saved 12 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a port forwarding rule To delete a port forwarding rule WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Conf...

Page 253: ...4 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Determine the index number of the port forwarding rule you want to delete config show firewall dnat 0 acl no address no zone enable true inter...

Page 254: ...tcp to_address6 c097 4533 bd63 bb12 9a6f 5569 4b53 c29a to_port 10003 config 4 To delete the rule use the index number with the del command For example config del firewall dnat 1 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to discon...

Page 255: ...figuration items n The action that the packet filtering rule will perform either Accept Reject or Drop n The source firewall zone Packets originating from interfaces on this zone will be monitored by this rule n The destination firewall zone Packets destined for interfaces on this zone will be accepted rejected or dropped by this rule Additional configuration requirements n A label for the rule n ...

Page 256: ...s matching network connections n Reject Blocks matching network connections and sends an ICMP error if appropriate n Drop Blocks matching network connections and does not send a reply 6 Select the IP version 7 Select the Protocol 8 For Source zone select the firewall zone that will be monitored by this rule for incoming connections from network interfaces that are a member of this zone See Firewal...

Page 257: ...the default packet filtering rule or another existing packet filtering rule a Determine the index number of the appropriate packet filtering rule config show firewall filter 0 action accept dst_zone any enable true ip_version any label Allow all outgoing traffic protocol any src_zone internal 1 action drop dst_zone internal enable true ip_version any label myfilter protocol any src_zone external c...

Page 258: ...reply 5 Set the firewall zone that will be monitored by this rule for incoming connections from network interfaces that are a member of this zone See Firewall configuration for more information about firewall zones config firewall filter 1 src_zone my_zone config firewall filter 1 6 Set the destination firewall zone Packets destined for network interfaces that are members of this zone will either ...

Page 259: ...ce configuration you may be presented with an Access selection menu Type quit to disconnect from the device Enable or disable a packet filtering rule To enable or disable a packet filtering rule WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Pack...

Page 260: ...ess the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Determine the index number of the appropriate port forwarding rule config show firewall filter 0 action accept dst_zone any enable true ip_version any label Allow all outgoing traffic protocol any src_zone internal 1 action drop dst_zone internal enable true ip_version any label My packet filter protoco...

Page 261: ...Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a packet filtering rule To delete a packet filtering rule WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Pack...

Page 262: ...ering rule you want to delete config show firewall filter 0 action accept dst_zone any enable true ip_version any label Allow all outgoing traffic protocol any src_zone internal 1 action drop dst_zone internal enable true ip_version any label My packet filter protocol any src_zone external config 4 To delete the rule use the index number with the del command For example config del firewall filter ...

Page 263: ...t cause changes to the firewall To configure custom firewall rules WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Custom rules 4 Enable the custom rules 5 Optional Enable Override to override all preconfigured firewall behavior and rely solely on...

Page 264: ...ustom rules shell command config 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure Quality of Service options Quality of Service QoS options allow you to manage the traffic performance of various se...

Page 265: ...led by default Enable the preconfigured bindings WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Quality of Service 4 Click to expand either Outbound or Inbound 5 Enable the binding 6 Select an Interface 7 Examine the remaining default settings an...

Page 266: ...f the binding for example to set the interface for the Outbound binding a Use the to determine available interfaces config firewall qos 0 interface Interface The network interface Format network interface defaultip network interface defaultlinklocal network interface lan network interface loopback network interface modem Current value config firewall qos 0 interface b Set the interface For example...

Page 267: ...r Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Quality of Service 4 For Add Binding click The quality of service binding configuration window is displayed 5 Enable the binding 6 Optional Type a Label for the binding 7 Select an Interface to queue egress packets on The binding will only match traffic that is being sent out on this interface ...

Page 268: ... Weight type a value for the amount of available bandwidth allocated to the policy relative to other policies for this binding The larger the weight with respect to the other policy weights the larger portion of the maximum bandwidth is available for this policy For example if a binding contains three policies and each policy contains a weight of 10 each policy will be allocated one third of the t...

Page 269: ...destination traffic matching criteria viii Click to expand Source address and select the Type n Any Source traffic from any address will be matched n Interface Only traffic from the selected Interface will be matched n IPv4 address Only traffic from the IP address typed in IPv4 address will be matched Use the format IPv4_address netmask or use any to match any IPv4 address n IPv6 address Only traf...

Page 270: ...ss the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a binding config add firewall qos end config firewall qos 2 New binding are enabled by default To disable config firewall qos 2 enable false config firewall qos 2 4 Optional Set a label for the new binding config firewall qos 2 label my_binding config firewall qos 2 5 Set the interface to queue egres...

Page 271: ... 2 policy 0 New QoS binding policies are enabled by default To disable config firewall qos 2 policy 0 enable false config firewall qos 2 policy 0 c Optional Set a label for the new binding policy config firewall qos 2 policy 0 label my_binding_policy config firewall qos 2 policy 0 d Set a value for the amount of available bandwidth allocated to the policy relative to other policies for this bindin...

Page 272: ...0 rule ii Add a rule config firewall qos 2 policy 0 rule add end config firewall qos 2 policy 0 rule 0 New QoS binding policy rules are enabled by default To disable config firewall qos 2 policy 0 rule 0 enable false config firewall qos 2 policy 0 rule 0 iii Optional Set a label for the new binding policy rule config firewall qos 2 policy 0 rule 0 label my_binding_policy_ rule config firewall qos ...

Page 273: ...policy 0 rule 0 where value is one of n any Source traffic from any address will be matched See Firewall configuration for more information about firewall zones n interface Only traffic from the selected interface will be matched Set the interface i Use the to determine available interfaces config network qos 2 policy 0 rule 0 src interface Interface Match the IP address with the specified interfa...

Page 274: ...twork qos 2 policy 0 rule 0 src mac MAC_address config network qos 2 policy 0 rule 0 ix Set the destination address type config network qos 2 policy 0 rule 0 dst type value config network qos 2 policy 0 rule 0 where value is one of n any Traffic destined for anywhere will be matched See Firewall configuration for more information about firewall zones n interface Only traffic destined for the selec...

Page 275: ...k or any to match any IPv4 address n address6 Only traffic destined for the IP address typed in IPv6 address will be matched Set the address that will be matched config network qos 2 policy 0 rule 0 src address6 value config network qos 2 policy 0 rule 0 where value uses the format IPv6_address prefix_length or any to match any IPv6 address Repeat to add a new rule Up to 30 rules can be configured...

Page 276: ...llular module firmware 286 Reboot your IX14 device 289 Erase device configuration and reset to factory defaults 292 Locate the device by using the Find Me feature 297 Configuration files 299 Schedule system maintenance tasks 304 Disable device encryption 309 Create a Virtual LAN VLAN route 311 Configure the speed of your Ethernet port 313 IX14 User Guide 276 ...

Page 277: ...rmation use the show system command n Show basic system information 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Enter show system at the prompt show system Model Digi IX14 Serial Number IX14 000065 SKU IX14 Hostname IX14 MAC Address DF DD E2 AE 21 18 Hardw...

Page 278: ...Build Date Thurs 03 March 2022 10 16 23 Bootloader Version 19 7 23 0 15f936e0ed Schema Version 715 Timezone UTC Current Time Thurs 03 March 2022 10 16 23 0000 CPU 1 4 Uptime 6 days 6 hours 21 minutes 57 seconds 541317s Load Average 0 01 0 03 0 02 RAM Usage 119 554MB 1878 984MB 6 Temperature 40C Disk Load Average 0 09 0 10 0 08 RAM Usage 127 843MB 1880 421MB 6 Disk etc config Usage 18 421MB 4546 37...

Page 279: ...2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System 4 For Name type a name for the device This name will appear in log messages and at the command prompt 5 For Contact type the name of a contact for the device 6 For Location type the location of the device 7 For Banner type a banner message that will be displayed when users...

Page 280: ...s MN 192 168 3 1 config 6 Set the banner for the device This is displayed when users access terminal services on the device 192 168 3 1 config system banner Welcome to the Digi IX14 192 168 3 1 config 7 Save the configuration and apply the change 192 168 3 1 config save Configuration saved 192 168 3 1 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented wit...

Page 281: ...figuration being erased Downgrading from firmware version 22 2 9 x Beginning with firmware version 22 2 9 x the IX14 device uses certificate based communication for enhanced security when connecting to Digi Remote Manager If you downgrade your firmware from version 22 2 9 x to version 21 11 x or previous your device will no longer be able to communicate with Remote Manager To remedy this issue sel...

Page 282: ...2 9 85 4 Perform an OTA firmware update n To perform an OTA firmware update by using the most recent available firmware from the Digi firmware repository a Update the firmware system firmware ota update Downloading firmware version 22 2 9 85 Downloaded firmware tmp cli_firmware bin remaining Applying firmware version 22 2 9 85 41388K netflash got tmp cli_firmware bin length 42381373 netflash authe...

Page 283: ...4 operating system firmware from the Digi Support FTP site to your local machine 2 Log into the IX14 WebUI as a user with Admin access 3 On the main menu click System Under Administration click Firmware Update 4 Click Choose file 5 Browse to the location of the firmware on your local file system and select the file 6 Click Update Firmware Command line 1 Download the IX14 operating system firmware ...

Page 284: ...the firmware file has been successfully uploaded to the device ls etc config scripts rw r r 1 root root 37511229 May 16 20 10 IX14 22 2 9 85 bin rw r r 1 root root 2580 May 16 16 44 accns json 5 Update the firmware by entering the system firmware update command specifying the firmware file name system firmware update file IX14 22 2 9 85 bin 36632K netflash got etc config IX14 22 2 9 85 bin length ...

Page 285: ...e version fails to load after three consecutive attempts it is marked as invalid and the device will use the previous firmware version stored in the alternate memory bank If the device consistently looses power during the boot process this may result in the current firmware being marked as invalid and the device downgrading to a previous version of the firmware As a result of this behavior you can...

Page 286: ...edule modem firmware updates See Schedule system maintenance tasks for details WebUI 1 Optional Download the appropriate modem firmware from the Digi repository to your local machine 2 Log into the IX14 WebUI as a user with Admin access 3 From the main menu click Status Modems 4 Click the modem firmware version The Modem firmware update window opens 5 To update using firmware from the Digi firmwar...

Page 287: ...are ota check Checking for latest ATT firmware Retrieving modem firmware list Newest firmware version available to download is 24 01 5x4_ATT Modem firmware update from 24 01 544_ATT to 24 01 5x4_ATT is needed 24 01 5x4_ATT 24 01 544_ATT 3 Use the modem firmware ota list command to list available firmware on the Digi firmware repository modem firmware ota list Retrieving modem firmware list 25 20 6...

Page 288: ...sented with an Access selection menu Type quit to disconnect from the device Update modem firmware by using a local firmware file You can update your modem firmware by uploading a modem firmware file to your IX14 device Firmware should be uploaded to opt MODEM_MODEL Custom_Firmware for example opt LM940 Custom_Firmware Modem firmware can be downloaded from Digi here Follow instructions on this pag...

Page 289: ...ware update by using a local file use the version parameter to identify the appropriate firmware version as determined using the modem firmware check or modem firmware list command For example modem firmware update version 24 01 5x4_ATT Updating modem firmware Successfully updated firmware Modem firmware update complete 5 Type exit to exit the Admin CLI Depending on your device configuration you m...

Page 290: ...nd line 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the prompt type reboot Schedule reboots of your device WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration ...

Page 291: ...dded to Reboot Time Allowed values are any number of hours minutes or seconds and take the format number h m s For example to set parameter name to ten minutes enter 10m or 600s The default is 10m and the maximum allowed time is 24h 6 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your de...

Page 292: ...sconnect from the device Erase device configuration and reset to factory defaults You can erase the device configuration in the WebUI at the command line or by using the RESET button on the device Erasing the device configuration performs the following actions n Clears all configuration settings When the device restarts it uses the factory default configuration n Deletes all user files including P...

Page 293: ...onnect the IX14 LAN port to your PC b Log into the IX14 User name Use the default user name admin Password Use the unique password printed on the bottom label of the device or the printed label included in the package Note If your device was manufactured prior to the release of firmware version 19 11 x the default user name may be root c Optional Reset the default password for the admin account Se...

Page 294: ...the RESET button 1 Locate the RESET button on your device 2 Press the RESET button perform a device reset The RESET button has the following modes n Configuration reset l Press and release the RESET button l The device reboots automatically and resets to factory defaults This does not remove any automatically generated certificates and keys n Full device reset l After the device reboots from the f...

Page 295: ...ed with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt enter revert config revert config 4 Set the password for the admin user prior to saving the changes config auth user admin password pwd config 5 Save the configuration and apply the change config save Configuration saved 6 Type exit ...

Page 296: ...set the device to factory defaults it will automatically have your required network configuration 3 On the main menu click System Under Configuration click Configuration Maintenance The Configuration Maintenance windows is displayed 4 In the Configuration backup section click SAVE Do not set a Passphrase for the configuration backup The file will be downloaded using your browser s standard downloa...

Page 297: ...LI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Locate the device by using the Find Me feature Use the Find Me feature to cause LEDs on the device to blink which can help you to identify the specific device To use this feature WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 On the menu click System U...

Page 298: ... Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 To activate the Find Me feature at the prompt type the following at the command prompt system find me on 3 To deactivate the Find Me feature type the following at the command prompt system find me off 4 To determi...

Page 299: ...plied when the device reboots Save configuration changes When you make changes to the IX14 configuration the changes are not automatically saved You must explicitly save configuration changes which also applies the changes If you do not save configuration changes the system discards the changes WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under...

Page 300: ...ype exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Save configuration to a file You can save your IX14 device s configuration to a file and use this file to restore the configuration either to the same device or to similar devices WebUI This procedure creates a binary archive file containi...

Page 301: ...either l archive Creates a binary archive file containing the device s configuration certificates and keys and other information l cli config Creates a text file containing only the configuration changes For example system backup etc config scripts type archive 3 Optional Use scp to copy the file from your device to another host scp host hostname or ip user username remote remote path local local ...

Page 302: ...The configuration will be restored and the device will be rebooted Command line 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 If the configuration backup is on a remote host use scp to copy the file from the host to your device scp host hostname or ip user u...

Page 303: ... the following system restore filepath passphrase passphrase where n filepath is the the path and filename of the configuration backup file on the IX14 s filesystem local path in the previous step n passphrase optional is the passphrase to restore the configuration backup if a passphrase was used when the backup was created For example system restore opt backup archive 0040FF800120 22 2 9 85 19 23...

Page 304: ...uired configuration items n Events that trigger the maintenance window to begin n Whether all configured triggers or only one of the triggers must be met n The tasks to be performed Options are l Firmware updates l Digi Remote Manager configuration check n Whether the device will check for updates to the device firmware n Whether the device will check for updates to the modem firmware n The freque...

Page 305: ...Immediately all scheduled tasks will begin at the exact time specified in Start time l If Duration window is set to 24 hours Start time is effectively obsolete and the maintenance tasks will be scheduled to run at any time Setting Duration window to 24 hours can potentially overstress the device and should be used with caution l If Duration window is set to any value other than to Immediately or 2...

Page 306: ...ellular connection 9 Optional Click to enable Configuration check to allow for the configuration to be updated including by custom scripts during the maintenance window 10 Optional Configure automated checking for device firmware updates a Click to expand Firmware update check b Device firmware update check is enabled by default This enables to automated checking for device firmware updates c Mode...

Page 307: ...value config system schedule maintenance trigger 0 interface ii Set the interface For example config system schedule maintenance trigger 0 interface network interface LAN config system schedule maintenance trigger 0 n out_of_service The maintenance window will only start if the Python Out of Service is set See Use Python to set the maintenance window for further information n time Configure a time...

Page 308: ...d 24 iii Configure the frequency that the maintenance tasks should be run config system schedule maintenance trigger 0 frequency value config system schedule maintenance trigger 0 where value is either daily or weekly Daily is the default 4 Optional Configure the device to look for any updated device firmware during the maintenance window If updated firmware is found it will then be installed The ...

Page 309: ...o ship unused devices from overseas without needing export licenses from the country from which the device is being shipped When device encryption is disabled the following occurs n The device is reset to the default configuration and rebooted n After the reboot l Access to the device via the WebUI and SSH are disabled l All internet connectivity is disabled including WAN and WWAN Connectivity to ...

Page 310: ... the device Re enable cryptography after it has been disabled To re enable cryptography 1 Configure your PC network to connect to the 192 168 210 subnet For example on a Windows PC a Select the Properties of the relevant network connection on the Windows PC b Click the Internet Protocol Version 4 TCP IPv4 parameter c Click Properties The Internet Protocol Version 4 TCP IPv4 Properties dialog appea...

Page 311: ...g into the device n Username admin n Password The default unique password for your device is printed on the device label 5 At the shell prompt type rm etc config nocrypt flatfsd i This will re enable encryption and leave the device at its factory default setting Create a Virtual LAN VLAN route Virtual LANs VLANs allow splitting a single physical LAN into separate Virtual LANs This is useful for se...

Page 312: ... 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Virtual LAN 4 Type a name for the VLAN and click 5 Select the Device 6 Type or select a unique numeric ID for the VLAN ID 7 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights De...

Page 313: ... network vlan vlan1 Current value config network vlan vlan1 b Add the device config network vlan vlan1 device network device lan config network vlan vlan1 5 Set the VLAN ID config network vlan vlan1 id value where value is an integer between 1 and 4095 6 Save the configuration and apply the change config network vlan vlan1 save Configuration saved 7 Type exit to exit the Admin CLI Depending on you...

Page 314: ...ect Auto to automatically detect the speed The default is Auto 5 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode con...

Page 315: ...y for devices with Gigabit Ethernet ports auto Configures the device to automatically determine the best speed for the Ethernet port The default is auto 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 316: ...ss 331 Use SSH with key authentication 339 Configure telnet access 342 Configure DNS 347 Simple Network Management Protocol SNMP 354 Location information 360 Modbus gateway 389 System time 406 Network Time Protocol 410 Configure a multicast route 417 Enable service discovery mDNS 419 Use the iPerf service 423 Configure the ping responder service 428 IX14 User Guide 316 ...

Page 317: ...he web administration or SSH service See Firewall configuration for information on zones n See Set the idle timeout for IX14 users for information about setting the inactivity timeout for the web administration and SSH services To allow web administration or SSH for the External firewall zone Add the External firewall zone to the web administration service WebUI 1 Log into the IX14 WebUI as a user...

Page 318: ...cess selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add the external zone to the web administration service config add service web_admin acl zone end external config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration yo...

Page 319: ...ebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Configuration Services SSH Access Control List Zones 4 For Add Zone click 5 Select External ...

Page 320: ...Services Allow remote access for web administration and SSH IX14 User Guide 320 6 Click Apply to save the configuration and apply the change ...

Page 321: ...ce by using the WebUI a browser based interface By default the web administration service is enabled and uses the standard HTTPS port 443 The default access control for the service uses the Internal firewall zone which means that only devices connected to the IX14 s LAN can access the WebUI If this configuration is sufficient for your needs no further configuration is required See Allow remote acc...

Page 322: ...On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Web administration 4 Click Enable 5 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Ty...

Page 323: ...it to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the service WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Web administration 4 O...

Page 324: ... service d Click again to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the IX14 device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone clic...

Page 325: ... addition to TLS 1 2 and later protocols This option is disabled by default which means that only TLS 1 2 and later encryption protocols are allowed with HTTPS connections 9 View is set to Auto by default and normally should not be changed 10 Legacy port redirection is used to redirect client HTTP requests to the HTTPS service Legacy port redirection is enabled by default and normally these settin...

Page 326: ...esses and networks config add service web_admin acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the web administratrion service Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified inte...

Page 327: ...outes edge external internal ipsec loopback setup config Repeat this step to list additional firewall zones 4 Optional If you have your own signed SSL certificate if you have your own signed SSL certificate set the certificate and private key by pasting their contents into the service web_ admin cert command Enclose the certificate and private key contents in quotes config service web_admin cert s...

Page 328: ...QYMBaAFDVtrWBHE1ZcBg9TRRxMn7chKYjX MA8GA1UdEwEB wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj mrgaKDNTspv9 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 Fw7GQNcYIKj aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81 bC8HJQfK9U80e vDV0 vA5OB2j DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs 9FRQ cwSTb5v47KYffeyY g3dyJw1 KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT q81WGstDXH QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOI...

Page 329: ...he mDNS protocol config service web_admin mdns enable true config n To disable the mDNS protocl config service web_admin mdns enable false config 6 Optional Set the port number for this service The default setting of 443 normally should not be changed config service web_admin port 444 config 7 Optional Configure the device to allow legacy encryption protocols Legacy encryption protocols allow clie...

Page 330: ...User Guide 330 9 Save the configuration and apply the change config save Configuration saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 331: ...s n Configure access control for the SSH service Additional configuration items n Port to use for communications with the SSH service n Multicast DNS mDNS support n A private key to use for communications with the SSH service n Create custom SSH configuration settings See Set the idle timeout for IX14 users for information about setting the inactivity timeout for the SSH service Enable or disable ...

Page 332: ...pending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable or disable the SSH service n To enable the service config service ssh enable true config n To disable the sevice config service ssh enable false config 4 Save the configuration and apply the c...

Page 333: ...the port number for the service Normally this should not be changed 5 Click Access control list to configure access control n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the IPv4 address or network that can access the device s SSH service Allowed values are l A single IP address or host name l A network designation in ...

Page 334: ...ditional firewall zones 6 Multicast DNS mDNS is enabled by default mDNS is a protocol that resolves host names in small networks that do not have a DNS server To disable mDNS or enable it if it has been disabled click Enable mDNS 7 For Private key type the private key in PEM format If Private key is blank the device will use an automatically generated key 8 To create custom SSH configuration setti...

Page 335: ...24 l any No limit to IPv4 addresses that can access the SSH service Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config add service ssh acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that ca...

Page 336: ...e or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external internal ipsec loopback setup config Repeat this step to list additional firewall zones 4 Optiona...

Page 337: ... custom enable true config b To override the standard SSH configuration and only use the config_file parameter config service ssh custom override true config n If override is set to true entries in Configuration file will be used in place of the standard SSH configuration n If override is set to false entries in Configuration file will be added to the standard SSH configuration The default is fals...

Page 338: ...es Configure SSH access IX14 User Guide 338 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 339: ... Linux host an SSH key pair is usually created automatically in the user s ssh directory The private and public keys are named id_rsa and id_rsa pub If you need to generate an SSH key pair you can use the ssh keygen application For example the following entry generates an RSA key pair in the user s ssh directory ssh keygen t rsa f ssh id_rsa The private key file is named id_rsa and the public key ...

Page 340: ...u can add configure passwordless SSH login for an existing user or include the support when creating a new user See User authentication for information about creating a new user These instructions assume an existing user named temp_user 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu ...

Page 341: ...er by pasting or typing a public encryption key that this user can use for passwordless SSH login 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 342: ...or the telnet service Additional configuration items n Port to use for communications with the telnet service n Multicast DNS mDNS support See Set the idle timeout for IX14 users for information about setting the inactivity timeout for the telnet service Enable the telnet service The telnet service is disabled by default To enable the service WebUI 1 Log into the IX14 WebUI as a user with full Adm...

Page 343: ...e config to enter configuration mode config config 3 Enable the telnet service config service telnet enable true config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the service WebUI 1 Log into...

Page 344: ...an access the telnet service d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s telnet service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8...

Page 345: ...ed with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure access control n To limit access to specified IPv4 addresses and networks config add service telnet acl address end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 ...

Page 346: ...Default IP defaultlinklocal Default Link local IP lan LAN loopback Loopback modem Modem config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service telnet acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall...

Page 347: ...gure DNS The IX14 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces and caches the results This server is used within the device and cannot be disabled Use the access control list to restrict external access to this server Required configuration items n Configure access control for the DNS service Additional configuration...

Page 348: ...S service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the DNS service d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or...

Page 349: ...rs is enabled by default This option is useful when only some DNS servers will be able to resolve hostnames To disable click Query all servers 7 Optional Rebind protection if enabled prevents upstream DNS servers from returning private IP addresses To enable click Rebind protection 8 Optional Allow localhost rebinding is enabled by default if Rebind protection is enabled This is useful for Real ti...

Page 350: ...rvice Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config add service dns acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the DNS service Repeat this step to list additional I...

Page 351: ...ists Additional Configuration any dynamic_routes edge external internal ipsec loopback setup config Repeat this step to list additional firewall zones 4 Optional Cache negative responses By default the device s DNS server caches negative responses Disabling this option may improve performance on networks with transient DNS results when one or more DNS servers may have positive results To disable c...

Page 352: ...DNS server config add service dns server end config service dns server 0 b Set the IP address of the DNS server config service dns server 0 address ip addr config service dns server 0 c To restrict the device s use of this DNS server based on the domain use the domain command If no domain are listed then all queries may be sent to this server config service dns server 0 domain domain config servic...

Page 353: ...his command is available only at the Admin CLI Command line Show DNS information 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the show dns command at the system prompt show dns Interface Label Server Domain LAN 192 168 3 1 LAN fd00 2704 1 LAN fe80 227 4...

Page 354: ...t if you want a IX14 device to receive SNMP packets you must configure the SNMP access control list to allow the device to receive the packets See Configure Simple Network Management Protocol SNMP Configure Simple Network Management Protocol SNMP Required configuration items n Enable SNMP n Firewall configuration using access control to allow remote connections to the SNMP agent n The user name an...

Page 355: ...ses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s SNMP agent Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the SNMP agent d Click...

Page 356: ... used 12 Optional Select the Privacy protocol either DES or AES The default is DES 13 Optional Click Enable version 2c access to enable read only access to SNMP version 2c 14 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selec...

Page 357: ...nd value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP lan LAN loopback Loopback modem Modem config Repeat this step to list additional interfaces n To limit access based on...

Page 358: ...t is 161 config service snmp port port config 8 Optional Configure Multicast DNS mDNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server For the SNMP agent mDNS is disabled by default To enable config service snmp mdns enable true config 9 Optional Set the authentication type Allowed values are MD5 or SHA The default is MD5 config service snmp auth_type SHA...

Page 359: ...IBs This procedure is available from the WebUI only Required configuration items n Enable SNMP To download a zip archive of the SNMP MIBs supported by this device WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 Enable SNMP See Configure Simple Network Management Protocol SNMP for information about enabling and configuring SNMP support on the IX14 device 3 On the main menu click Statu...

Page 360: ... the IX14 device or from external sources to a remote host Additionally the device can be configured to use a geofence to allow you to determine actions that will be taken based on the physical location of the device This section contains the following topics Configure the location service 361 Configure the device to use a user defined static location 363 Configure the device to accept location me...

Page 361: ... location service is enabled by default To disable or to enable if it has been disabled click Enable 5 For Location update interval type the amount of time to wait between polling location sources for new location data The default is ten seconds Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Location update interval to t...

Page 362: ...to the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable or disable the GNSS module n To enable the module config service location gnss true config n To disable the module config ser...

Page 363: ...og into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Location Location sources 4 Click to add a location source 5 Optional Type a Label for this location source 6 For Latitude type the latitude of the device Allowed values are 90 and 90 with up to six decimal p...

Page 364: ...tion source 0 4 Optional Set a label for this location source config service location source 0 label label config 5 Set the type of location source to server config service location source 0 type user_defined config service location source 0 6 Set the latitude of the device config service location source 0 coordinates latitude int config service location source 0 where int is any integer between 9...

Page 365: ...s a central repository for this location information and forward it to a remote host See Forward location information to a remote host for information about configuring the IX14 device to forward location messages This procedure configures a UDP port on the IX14 device that will be used to listen for incoming messages Required configuration items n The location server must be enabled n UDP port th...

Page 366: ...P address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the location server UDP port d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the...

Page 367: ... you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a location source config add service location source end config service location source 0 4 Optional Set a label for this location source config service location source 0 label label config service location source 0 5 Set the type ...

Page 368: ...location server UDP port Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the IX14 device config add service location source 1 acl interface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network ...

Page 369: ...e Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Forward location information to a remote host You can configure location clients on the IX14 device that forward location messages in either NMEA or TAIP format to a remote host Required configuration items n Enable the location service n The hostname or IP ...

Page 370: ...e TAIP ID message and can also be prepended to the forwarded message Configure the IX14 device to forward location information WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Location Destination servers 4 For Add destination server click 5 Option...

Page 371: ... types of messages that will be forwarded By default all message types are forwarded n To remove a filter a Click the down arrow next to the appropriate message type b Click Delete n To add a message type a For Add NMEA filter or Add TAIP filter click b Select the filter type Allowed values are l AL Reports altitude and vertical velocity l CP Compact position reports time latitude and longitude l ...

Page 372: ... line type config to enter configuration mode config config 3 Add a remote host to which location messages will be sent config add service location forward end config service location forward 0 4 Set the hostname or IP address of the remote host to which location messages will be sent config service location forward 0 server host config service location forward 0 5 Set the communication protocol t...

Page 373: ...and all forwarded sentences from remote sources will use the configured ID Format Default GA GB GI GL GN GP GQ Default value Default Current value Default config service location forward 0 b Set the talker ID config service location forward 0 talker_id value config service location forward 0 The default setting is Default which means that the talker ID provided by the source will be used 9 Optiona...

Page 374: ...ation azimuth and SNR l rmc Reports position velocity and time l vtg Reports direction and speed over ground To remove a message type a Use the show command to determine the index number of the message type to be deleted config service location forward 0 show filter_nmea 0 gga 1 gll 2 gsa 3 gsv 4 rmc 5 vtg config service location forward 0 b Use the index number to delete the message type For exam...

Page 375: ...ssage type config service location forward 0 del filter_taip 2 config service location forward 0 To add a message type a Change to the filter_taip node config service location forward 0 filter_taip config service location forward 0 filter_taip b Use the add command to add the message type For example to add the id message type config service location forward 0 filter_taip add id end config service...

Page 376: ...u can define actions for two types of events l Actions taken when the device enters the boundary of the geofence or is inside the boundary when the device boots l Actions taken when the device exits the boundary of the geofence or is outside the boundary when the device boots For each event type l Determine if the action s associated with the event type should be performed when the device boots in...

Page 377: ...isable or to enable if it has been disabled 5 For Update interval type the amount of time that the geofence should wait between polling for updated location data The default is one minute Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Update interval to ten minutes enter 10m or 600s 6 For Boundary type select the type of...

Page 378: ...epresents a vertex of the polygon A vertex is the point at which two sides of a polygon meet c Type the Latitude and Longitude of one of the vertices of the polygon Allowed values are l For Latitude any integer between 90 and 90 with up to six decimal places l For Longitude any integer between 180 and 180 with up to six decimal places d Click again to add an additional point and continue adding po...

Page 379: ...tion when the action is triggered l Custom script to execute a custom script when the action is triggered If Custom script is selected i Click to expand Custom script ii For Commands type the script that will be executed when the action is triggered If the script begins with then the proceeding file path will be used to invoke the script interpreter If not then the default shell will be used iii E...

Page 380: ...ipt when the action is triggered If Custom script is selected i Click to expand Custom script ii For Commands type the script that will be executed when the action is triggered If the script begins with then the proceeding file path will be used to invoke the script interpreter If not then the default shell will be used iii Enable Log script output to log the output of the script to the system log...

Page 381: ...default To disable config service location geofence test_geofence enable false config service location geofence test_geofence 4 Set the amount of time that the geofence should wait between polling for updated location data config service location geofence test_geofence update_interval value config service location geofence test_geofence where value is any number of weeks days hours minutes or seco...

Page 382: ...ius config service location geofence test_geofence where radius is an integer followed by m or km for example 100m or 1km n If boundary is set to polygonal a Set the coordinates of one vertex of the polygon A vertex is the point at which two sides of a polygon meet i Add a vertex config service location geofence test_geofence add coordinates end config service location geofence test_geofence coord...

Page 383: ...s config service location geofence test_geofence add coordinates end config service location geofence test_geofence coordinates 0 latitude 44 927220 config service location geofence test_geofence coordinates 0 longitude 93 399200 config service location geofence test_geofence coordinates 0 config service location geofence test_geofence coordinates add end config service location geofence test_geof...

Page 384: ...nside the geofence when it boots a Optional Configure the device to preform the actions if the device is inside the geofence when it boots config service location geofence test_geofence on_entry bootup true config b Set the number of update_intervals that must take place prior to performing the actions config service location geofence test_geofence on_entry num_ intervals int config For example if...

Page 385: ...0 commands script config service location geofence test_geofence on_entry action 0 If the script begins with then the proceeding file path will be used to invoke the script interpreter If not then the default shell will be used ii To log the output of the script to the system log config service location geofence test_geofence on_entry action 0 syslog_stdout true config service location geofence te...

Page 386: ...peat for any additional actions n To define actions that will be taken when the device exits the geofence or is outside the geofence when it boots a Optional Configure the device to preform the actions if the device is outside the geofence when it boots config service location geofence test_geofence on_exit bootup true config b Set the number of update_intervals that must take place prior to perfo...

Page 387: ... path will be used to invoke the script interpreter If not then the default shell will be used ii To log the output of the script to the system log config service location geofence test_geofence on_exit action 0 syslog_stdout true config service location geofence test_geofence on_exit action 0 iii To log the errors from the script to the system log config service location geofence test_geofence on...

Page 388: ...on saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show location information You can view status and statistics about location information from either the WebUI or the command line WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 On the main menu click Status 3 Und...

Page 389: ...LI 2 Use the show location geofence command at the system prompt show location geofence Geofence Status State Transitions Last Transition test_geofence Up Inside 0 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Modbus gateway The IX14 supports the ability to function as a Modbus gat...

Page 390: ...ection type is serial o The serial port to be used l Modbus address or addresses to determine if messages should be forwarded to a destination device Additional configuration items n Server configuration l The packet mode l The maximum time between bytes in a packet l If the connection type is set to socket o The port to use o The inactivity timeout o Access control list l If the connection type i...

Page 391: ...h full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Modbus Gateway 4 Click Enable to enable the gateway 5 Click Debug to allow verbose logging in the system log Configure gateway servers 1 Click to expand Gateway Servers 2 For Add Modbus server type a name for the server and click The new Modbus...

Page 392: ... and take the format number ms s For example to set Packet idle gap to 20 milliseconds enter 20ms 7 If Connection type is set to Socket for Inactivity timeout type the amount of time to wait before disconnecting the socket when it has become inactive Allowed values are any number of minutes or seconds up to a maximum of 15 minutes and take the format number m s For example to set Inactivity timeou...

Page 393: ...s to hosts connected through a specified interface on the IX14 device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See Firewall co...

Page 394: ...on type is set to Socket for Inactivity timeout type the amount of time to wait before disconnecting the socket when it has become inactive Allowed values are any number of minutes or seconds up to a maximum of 15 minutes and take the format number m s For example to set Inactivity timeout to ten minutes enter 10m or 600s 8 Optional If Connection type is set to Serial click Half duplex to enable h...

Page 395: ...ded to a destination device If the Modbus address in the message matches one or more of the filters the message is forwarded If it does not match the filters the message is not forwarded 13 For Address or address range type a Modbus address or range of addresses Allowed values are 1 through 255 or a hyphen separated range For example to have this client filter for incoming messages that contain th...

Page 396: ...eat these steps to configure additional clients 17 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 E...

Page 397: ...e port is an integer between 1 and 65535 The default is 502 iii Set the packet mode config service modbus_gateway server test_modbus_server socket packet_mode value config service modbus_gateway server test_modbus_server where value is either rtu or raw The default is rtu iv Set the maximum allowable time between bytes in a packet config service modbus_gateway server test_modbus_server socket idle...

Page 398: ...odbus_ server ii Set the port config service modbus_gateway server test_modbus_ server serial port config service modbus_gateway server test_modbus_ server ii Set the packet mode config service modbus_gateway server test_modbus_server serial packet_mode value config service modbus_gateway server test_modbus_server where value is either rtu or ascii The default is rtu iii Set the maximum allowable ...

Page 399: ...way client test_modbus_client The Modbus client is enabled by default To disable config service modbus_gateway client test_modbus_client enable false config service modbus_gateway client test_modbus_client c Set the connection type config service modbus_gateway client test_modbus_client connection_ type type config service modbus_gateway client test_modbus_client where type is either socket or ser...

Page 400: ...config service modbus_gateway client test_modbus_client inactivity_timeout value config service modbus_gateway client test_modbus_client where value is any number of minutes or seconds up to a maximum of 15 minutes and takes the format number m s For example to set inactivity_timeout to ten minutes enter either 10m or 600s config service modbus_gateway client test_modbus_client inactivity_timeout ...

Page 401: ...nt test_modbus_client where value is any number between 10 milliseconds and one second and take the format number ms s For example to set idle_gap to one second enter 1000ms or 1s iv Optional Enable half duplex two wire mode config service modbus_gateway client test_modbus_client serial half_duplex true config service modbus_gateway client test_modbus_client d Optional Enable the gateway to send b...

Page 402: ...set the index 0 entry to 20 30 config service modbus_gateway client test_modbus_client filter 0 20 30 config service modbus_gateway client test_modbus_client To add additional filters increment the index number For example to add an additional filter for addresses in the range of 50 100 config service modbus_gateway client test_modbus_client filter 1 50 100 config service modbus_gateway client tes...

Page 403: ...er address address of 20 to the device with address 10 i Repeat the above instructions for additional clients 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show Modbus gateway status and statistics You ca...

Page 404: ...1 139 49568 13 Client Uptime modbus_socket_41 0 modbus_socket_21 0 modbus_serial_client 428 If the message Server connections not available is displayed this indicates that there are no connected clients 3 Use the show modbus gateway verbose command at the system prompt to display more information show modbus gateway verbose Client Uptime modbus_socket_41 0 modbus_socket_21 0 modbus_serial_client ...

Page 405: ...ts 0 TX Broadcasts 0 TX Requests 4 modbus_socket_21 Address Translation Errors 0 Connection Errors 0 Packet Errors 0 RX Responses 4 RX Timeouts 0 TX Broadcasts 0 TX Requests 4 modbus_serial_client Address Translation Errors 0 Connection Errors 0 Packet Errors 0 RX Responses 4 RX Timeouts 0 TX Broadcasts 0 TX Requests 4 4 Type exit to exit the Admin CLI Depending on your device configuration you ma...

Page 406: ...IX14 device can also be configured to serve as an NTP server providing NTP services to downstream devices See Network Time Protocol for more information about NTP server support You can also set the local date and time manually if there is no access to NTP servers See Manually set the system date and time for information Configure the system time This procedure is optional The IX14 device s defaul...

Page 407: ...er the hostname of the upstream NTP server that the device will use to synchronize its time d Click to add additional NTP servers If multiple servers are included servers are tried in the order listed until one succeeds Note This list is synchronized with the list of servers included with NTP server configuration and changes made to one will be reflected in the other See Configure the device as an...

Page 408: ...list of NTP servers The default setting is time devicecloud com n To delete the default NTP server time devicecloud com config del service ntp server 0 config n To add the NTP server to the beginning of the list use the index value of 0 to indicate that it should be added as the first server config add service ntp server 0 time server com config n To add the NTP server to the end of the list use t...

Page 409: ...P port 123 server 52 2 40 158 stratum 2 offset 0 000216 delay 0 05800 server 35 164 164 69 stratum 2 offset 0 000991 delay 0 07188 24 Aug 22 01 20 ntpdate 28496 adjust time server 52 2 40 158 offset 0 000216 sec NTP test sync successful Testing NTP server time accns com on UDP port 123 server 128 136 167 120 stratum 3 offset 0 001671 delay 0 08455 24 Aug 22 01 20 ntpdate 28497 adjust time server 1...

Page 410: ...3 03 10 16 23 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Network Time Protocol Network Time Protocol NTP enables devices connected on local and worldwide networks to synchronize their internal software and hardware clocks to the same time source The IX14 device can be configured...

Page 411: ...NTP service n The time zone setting if the default setting of UTC is not appropriate To configure the IX14 device s NTP service WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services NTP 4 Enable the IX14 device s NTP service by clicking Enable 5 Optiona...

Page 412: ...ick Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones d Click again to allow ac...

Page 413: ...ay be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable the ntp service config service ntp enable true config 4 Optional Add an upstream NTP server that the device will use to synchronize its time to the appropriate location in the list of NTP servers The default setting is time deviceclou...

Page 414: ...dress or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the NTP server agent Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config add service ntp acl address6 end value config Where value can be l A single IP address or host name l A network desi...

Page 415: ...ll zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external internal ipsec loopback setup config Repeat this step to list additional firewall zones Note By default the access control list for the NTP service is e...

Page 416: ... CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show status and statistics of the NTP server You can display status and statistics for active NTP servers WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 On the main menu click Status 3 Under Services click NTP The NTP server status page is displayed ...

Page 417: ... you may be presented with an Access selection menu Type quit to disconnect from the device Configure a multicast route Multicast routing allows a device to transmit data to a single multicast address which is then distributed to a group of devices that are configured to be members of that group To configure a multicast route WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights ...

Page 418: ...l Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add the multicast route For example to add a route named test config add service multicast test config service multicast test 4 The multicast route is enabled by default If it...

Page 419: ...ace to send the multicast packets Format network interface defaultip network interface defaultlinklocal network interface lan network interface loopback network interface modem Current value config service multicast test src_interface b Set the interface For example config service multicast test add interface end network interface LAN config service multicast test c Repeat for each additional dest...

Page 420: ...ress click c For Address enter the IPv4 address or network that can access the device s mDNS service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the mDNS service d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and net...

Page 421: ... again to allow access through additional firewall zones 6 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config co...

Page 422: ...lue config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP lan LAN loopback Loopback modem Modem config Repeat this step to list additional interfaces n To limit access based on fire...

Page 423: ...can handle This is useful when diagnosing network speed issues to determine for example whether a cellular connection is providing expected throughput The IX14 implementation of iPerf3 supports testing with both TCP and UDP Note Using iPerf clients that are at a version earlier than iPerf3 to connect to the IX14 device s iPerf3 server may result in unpredictable results As a result Digi recommends...

Page 424: ...window is displayed 3 Click Services iPerf 4 Click Enable 5 Optional For IPerf Server Port type the appropriate port number for the iPerf server listening port 6 Optional Click to expand Access control list to restrict access to the iPerf server n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the IPv4 address or network ...

Page 425: ... click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones d Click again to allow access through additional firewall z...

Page 426: ...works n To limit access to specified IPv6 addresses and networks config add service iperf acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the service type Repeat this step to list additional IP addresses or networks n To limit access to hosts connect...

Page 427: ...amic_routes edge external internal ipsec loopback setup config Repeat this step to list additional firewall zones 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Example performance test using iPerf3 On a r...

Page 428: ... 0 1 60 MBytes ID Interval Transfer Bandwidth Retr 4 0 00 10 00 sec 315 MBytes 264 Mbits sec 37 sender 4 0 00 10 00 sec 313 MBytes 262 Mbits sec receiver iperf Done Configure the ping responder service Your IX14 device s ping responder service replies to ICMP and ICMPv6 echo requests The service is enabled by default You can disable the service or you can configure the service to use an access con...

Page 429: ...or Address enter the IPv6 address or network that can access the device s ping responder Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the ping responder d Click again to list additional IP addresses or networks n To limit access to hosts connected through a specified interface...

Page 430: ...d service iperf acl address end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the service type Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config add service iperf acl address6 end value...

Page 431: ... zones config add service iperf acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge ext...

Page 432: ...D Interval Transfer Bandwidth Retr Cwnd 4 0 00 1 00 sec 26 7 MBytes 224 Mbits sec 8 2 68 MBytes 4 1 00 2 00 sec 28 4 MBytes 238 Mbits sec 29 1 39 MBytes 4 2 00 3 00 sec 29 8 MBytes 250 Mbits sec 0 1 46 MBytes 4 3 00 4 00 sec 31 2 MBytes 262 Mbits sec 0 1 52 MBytes 4 4 00 5 00 sec 32 1 MBytes 269 Mbits sec 0 1 56 MBytes 4 5 00 6 00 sec 32 5 MBytes 273 Mbits sec 0 1 58 MBytes 4 6 00 7 00 sec 33 9 MB...

Page 433: ...rs 3 Click Upload New Container 4 From your local file system select the container file in tgz format You can download a simple example container file test_lxc tgz from the Digi website 5 Create Configuration is selected by default This will create a configuration on the device for the container when it is installed If deselected you will need to create the configuration manually 6 Click Apply 7 I...

Page 434: ...he device should including virtual networking capabilities Additional configuration items n If virtual networking is enabled l The bridge to be used to provide network connectivity l A static IP address for the container l The network gateway n Serial ports on the device that the container will have access to WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu cli...

Page 435: ...way type the IP address of the network gateway 7 Click to expand Serial ports to sssign serial ports that the container will have access to a For Add Port click b For Port select the serial port 8 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presente...

Page 436: ...ce Containers require a bridge to access the network Choose which bridge to connect the container to Format hotspot_bridge lan1 Current value config system container name ii Set the bridge config system container name bridge lan1 config system container name c Optional Set the IP address and netmask for the container config system container name address IP_address netmask config system container n...

Page 437: ...uring authentication groups that include shell access Starting the container There are two methods to start containers n Non persistent Changes made to the container file system will be lost when the container is stopped n Persistent Changes made to the container file system when not be lost when the container is stopped Starting a container in non persistent mode To start the container in non per...

Page 438: ...the shell profile This is useful when you use the Clone DAL option when uploading the container which includes the devices s system libraries In this case the command without any additional parameters will use the device s shell See Upload a new LXC container for more information For example to start a container and run a python script called my_python_script py in the default shell type lxc test_...

Page 439: ...ytest1 True enabled STOPPED test_lxc True enabled RUNNING PID 19327 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show status of a specific container Use the show containers container name command to show the status of the specified container 1 Log into the IX14 command line as a u...

Page 440: ... run in the container This simple example will 1 Start the container in non persistent mode 2 Execute a ping command every ten seconds from inside the container WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Scheduled tasks Custom scripts 4 For Add...

Page 441: ...container is used 10 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a script config add system ...

Page 442: ...d config system schedule script 0 sandbox false config system schedule script 0 9 Save the configuration and apply the change config save Configuration saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Create a custom container This example creates a simple custom container that...

Page 443: ... rootfs Test the custom container file 1 Add the new container to your IX14 device i Log into the IX14 WebUI as a user with Admin access ii From the main menu click Status Under Services click Containers iii Click Upload New Container iv From your local file system select the container file You can download a simple example container file test_lxc tgz from the Digi website v Create Configuration i...

Page 444: ...Containers Create a custom container IX14 User Guide 444 3 At the shell prompt type lxc python_lxc lxc 4 Execute the python command lxc python etc test py Hello world lxc ...

Page 445: ...ic intervals or at a specified time This chapter contains the following topics Configure scripts to run automatically 446 Configure scripts to run manually 452 Start a manual script 458 Stop a script that is currently running 459 Show script information 460 Run a Python application at the shell prompt 461 Start an interactive Python session 462 Digidevice module 464 Use Python to access serial por...

Page 446: ... a specified time l At a specified interval l During system maintenance Additional configuration items n A label used to identify the script n The action to take if the script finishes The actions that can be taken are l None l Restart the script l Reboot the device n Whether to write the script output and errors to the system log n If the script is set to run at a specified interval whether anoth...

Page 447: ...ocal path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied to the IX14 device n local path is the location on the IX14 device where the copied file will be placed For example To upload a script from a remote host with an IP ...

Page 448: ...rror checking Certain commands can render the device inoperable Use with care WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Scheduled tasks Custom scripts 4 For Add Script click The script configuration window is displayed ...

Page 449: ...k to enable Run single to run only a single instance of the script at a time If Run single is not enabled a new instance of the script will be started at every interval regardless of whether the script is still running from a previous interval n Set time Runs the script at a specified time of the day l If Set Time is selected specify the time that the script should run in Run time using the format...

Page 450: ...Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a script config add system schedule script end config system schedule script 0 Scheduled scripts are enable...

Page 451: ...config system schedule script 0 on_interval 600s config system schedule script 0 l Optional Configure the script to run only a single instance at a time config system schedule script 0 once true config system schedule script 0 If once is set to false a new instance of the script will be started at every interval regardless of whether the script is still running from a previous interval n set_time ...

Page 452: ...MB M GB G TB T 9 To run the script only once at the specified time config system schedule script 0 once true config system schedule script 0 If once is enabled rebooting the device will cause the script to run again The only way to re run the script is to n Remove the script from the device and add it again n Make a change to the script n Disable once 10 Sandbox is enabled by default This option p...

Page 453: ...The memory available to be used by the script n Whether the script should run one time only Task one Upload the application WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 On the menu click System Under Administration click File System The File System page appears 3 Highlight the scripts directory and click to open the directory 4 Click upload 5 Browse to the location of the script o...

Page 454: ...ced For example To upload a script from a remote host with an IP address of 192 168 4 1 to the etc config scripts directory on the IX14 device issue the following command scp host 192 168 4 1 user admin remote home admin bin test py local etc config scripts to local admin 192 168 4 1 s password adminpwd test py 100 36MB 11 1MB s 00 03 3 Type exit to exit the Admin CLI Depending on your device conf...

Page 455: ... script begins with then the script will be invoked in the location specified by the path for the script command Otherwise the default shell will be used equivalent to bin sh 8 Script logging options a Click to enable Log script output to log the script s output to the system log b Click to enable Log script errors to log script errors to the system log If neither option is selected only the scrip...

Page 456: ...ion and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a script config add system schedule script end config system schedule script 0 Sch...

Page 457: ...yslog_stdout and syslog_stderr are not enabled only the script s exit code is written to the system log 8 Set the maximum amount of memory available to be used by the script and its subprocesses config system schedule script 0 max_memory value config system schedule script 0 where value uses the syntax number b bytes KB k MB MB M GB G TB T 9 To run the script only once at the specified time config...

Page 458: ...access 2 At the Status page click Scripts The Scripts page displays 3 For scripts that are enabled and configured to have a run mode of Manual click Start Script to start the script Command line 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Determine the nam...

Page 459: ... 1 Log into the IX14 WebUI as a user with Admin access 2 At the Status page click Scripts The Scripts page displays 3 For scripts that are currently running click Stop Script to stop the script Command line 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Deter...

Page 460: ...cript information You can view status and statistics about location information from either the WebUI or the command line WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 At the Status page click Scripts The Scripts page displays Command line 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selectio...

Page 461: ... C Note Python applications cannot be run from the Admin CLI You must access the device shell in order to run Python applications from the command line See Authentication groups for information about configuring authentication groups that include shell access 1 Upload the Python application to the IX14 device WebUI a Log into the IX14 WebUI as a user with Admin access b On the menu click System Un...

Page 462: ...4 1 s password adminpwd test py 100 36MB 11 1MB s 00 03 c Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Note You can also create scripts by using the vi command when logged in with shell access 2 Log into the IX14 command line as a user with shell access Depending on your device conf...

Page 463: ...ython session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Type Python commands at the Python prompt For example to view help for the digidevice module type help digidevice Help on package digidevice NAME digidevice Digi device python extensions DESCRIPTION This module includes various extensions that allow Python...

Page 464: ... topics Use digidevice cli to execute CLI commands 465 Use digidevice datapoint to upload custom datapoints to Digi Remote Manager 466 Use digidevice config for device configuration 469 Use Python to respond to Digi Remote Manager SCI requests 471 Use digidevice runtime to access the runtime database 480 Use Python to upload the device name to Digi Remote Manager 482 Use Python to access the devic...

Page 465: ...n Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the cli submodule from digidevice import cli 4 Execute a CLI command using the cli execute command function For example to print the system status and statistics to stdout using the show system command response cli execute show system print response Model Digi IX14 Se...

Page 466: ...lp copyright credits or license for more information 3 Import the cli submodule from digidevice import cli 4 Use the help command with cli execute help cli execute Help on function execute in module digidevice cli execute command timeout 5 Execute a CLI command with the timeout specified returning the results 5 Use Ctrl D to exit the Python session You can also exit the session using exit or quit ...

Page 467: ...elp copyright credits or license for more information 3 Import the datapoint submodule and other necessary modules from digidevice import datapoint import time 4 Upload the datapoints to Remote Manager datapoint upload Velocity 69 units mph datapoint upload Temperature 24 geo_location 54 409469 1 718836 129 datapoint upload Emergency_Door closed timestamp time time 5 Use Ctrl D to exit the Python ...

Page 468: ...mation on web services and datapoints Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint upload and datapoint upload_multiple 1 Log into the IX14 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type...

Page 469: ...onfiguration Read the device configuration 1 Log into the IX14 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on lin...

Page 470: ...v4 address Which returns 192 168 2 1 24 Modify the device configuration Use the set and commit methods to modify the device configuration 1 Log into the IX14 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter ...

Page 471: ...ll 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the config submodule from digidevice import config 4 Use the help command with config help config Help on module acl config in acl NAME acl config Python int...

Page 472: ...vice_request module from digidevice import device_request 4 Create a function to handle the request from Remote Manager def handler target request print received request s for target s request target return OK 5 Register a callbackup function that will be called when the device receives a SCI request from Remote Manager device_request register myTarget handler Note Leave the interactive Python ses...

Page 473: ...e the handler on the device is executed n On the device you will receive the following output received request my payload string for target myTarget n In Remote Manager you will receive a response similar to the following sci_reply version 1 0 data_service device id 00000000 00000000 0000FFFF A83CF6A3 requests device_request target_name myTarget status 0 OK device_request requests device data_serv...

Page 474: ...ctory on two or more Digi devices In this example we will upload it to two devices and use the same request in Remote Manager to query both devices See Configure scripts to run automatically for information about uploading Python applications to your device You can also create the script on the device by using the vi command when logged in with shell access 3 For both devices a Configure the devic...

Page 475: ... scripts iv Click to add a custom script v For Label type Show system application vi For Run mode select On boot vii For Exit action select Restart script viii For Commands type python etc config scripts showsystem py ix Click Apply to save the configuration and apply the change Command line ...

Page 476: ...schedule script 0 label Show system application v Configure the application to run automatically when the device reboots config system schedule script 0 when boot config system schedule script 0 vi Configure the application to restart if it crashes config system schedule script 0 exit_action restart config system schedule script 0 vii Set the command that will execute the application config system...

Page 477: ... Add Targets c Enter or select the device ID of one of the devices d Click Add e Enter or select the device ID of the second device and click Add f Click OK 6 Click Examples SCI Data Service Send Request Code similar to the following will be displayed in the HTTP message body text box sci_request version 1 0 data_service targets device id 00000000 00000000 0000FFFF A83CF6A3 device id 00000000 0000...

Page 478: ...s 47 seconds 164987s Temperature 39C Contact Jane Smith Disk Load Average 0 10 0 05 0 00 RAM Usage 85 176MB 250 484MB 34 Disk etc config Usage 0 068MB 13 416MB 1 Disk opt Usage 47 724MB 5309 752MB 1 Disk overlay Usage MB MB Disk tmp Usage 0 004MB 40 96MB 0 Disk var Usage 0 820MB 32 768MB 3 device_ request requests device device id 00000000 00000000 0000FFFF 485740BC requests device_request target_...

Page 479: ...ending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the device_request submodule from d...

Page 480: ...me database Use the keys and get methods to read the device configuration 1 Log into the IX14 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9...

Page 481: ...ntime database 7 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Modify the runtime database Use the set method to modify the runtime database 1 Log into the IX14 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the...

Page 482: ...r device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the runt submodule from digidevice import runt 4...

Page 483: ... including overwriting existing usernames and passwords the name submodule should be used with caution As a result support for this functionality is disabled by default on Remote Manager Enable support on Digi Remote Manager for uploading custom device names 1 In Remote Manager click API Explorer 2 For the HTTP method select PUT 3 For Enter and API or select an example type ws v1 settings inventor...

Page 484: ... 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the name submodule from digidevice import name 4 Use the help command with name help name Help on module digidevice name in digidevice NAME digidevice name API for uploading name from the device 5 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Use Python to acce...

Page 485: ...ition 44 926195299999998 93 397084499999999 292 39999399999999 The coordinates are returned in the following order latitude longitude altitude altitude is in meters 6 You can also return only one of the coordinate positions n Use the latitude object to return the latitude loc latitude 44 926195299999998 n Use the longitude object to return the longitude loc longitude 93 397084499999999 n Use the a...

Page 486: ...9999999 292 39999399999999 loc update loc position 44 926231 93 397923 289 439229 5 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Output location data in json format The location submodule takes a snapshot of the current location and stores it in the runtime database You can update this snapsot 1 Log into the IX14 command line as a user with shell access De...

Page 487: ...urce_idx 0 latitude 44 902662 source_idx 0 latitude deg_min_sec 44 55 45 065 N source_idx 0 longitude 93 560648 source_idx 0 longitude deg_min_sec 93 16 52 966 W source_idx 0 num_satellites 12 source_idx 0 quality Standard GNSS 2D 3D source_idx 0 utc_date_time Mar 03 2022 10 16 23 source_idx 0 vertical_velocity 0 0 source_idx 1 label gnss source_idx 1 quality No Fix Invalid state Enabled signal ut...

Page 488: ...ion using exit or quit Use Python to set the maintenance window The maintenance Python module allows you to set the service state of a device When the module sets the device to out of service this can be used as trigger to begin maintenance activity See Schedule system maintenance tasks for more details 1 Log into the IX14 command line as a user with shell access Depending on your device configura...

Page 489: ... quit Help for the digidevice maintenance module Get help for the digidevice maintenance module 1 Log into the IX14 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Pytho...

Page 490: ... scripts that send and receive SMS message in tandem with the Digi Remote Manager or Digi aView by using the digidevice sms module To use a script to send or receive SMS messages you must also enable the ability to schedule SMS scripting Enable the ability to schedule SMS scripting WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuratio...

Page 491: ...and line type config to enter configuration mode config config 3 At the config prompt type config system schedule sms_script_handling true config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device See Configur...

Page 492: ...SMS message now print Execution halted until a message is received or 60 seconds have passed acquire the semaphore and wait until a callback occurs COND acquire try COND wait 60 0 except Exception as err print exception occured while waiting print err COND release my_callback unregister_callback Use Python to access serial ports You can use the Python serial module to access serial ports on your I...

Page 493: ...Paho MQTT python library Your IX14 device includes support for the Paho MQTT python library MQTT is a lightweight messaging protocol used to communicate with various applications including cloud based applications such as Amazon Web Services and Microsoft Azure The following is example code that reads CPU and RAM usage on the device updates the device firmware then publishes information about DHCP...

Page 494: ..._uri fname except print Failed to download FW file from URI format fw_uri return HTTPStatus NOT_FOUND try ret cli execute system firmware update file fname 60 except print Failed to run firmware update command return HTTPStatus INTERNAL_SERVER_ERROR if not Firmware update completed in ret print Failed to update firmware return HTTPStatus INTERNAL_SERVER_ERROR finally os remove fname print Firmware...

Page 495: ...sage format cid client id cmd command params optional_parameters Supported commands fw update params uri firmware_file_URL reboot params try m json loads msg payload cid m cid cmd m cmd try payload m params except payload None except print Invalid command format format msg payload if not cid Return if client ID not passed return None send_cmd_reply client msg topic cid cmd HTTPStatus BAD_REQUEST t...

Page 496: ...pt runt get system disk opt per disk_config runt get system disk etc config per msg json dumps load_avg 1min avg1 5min avg5 15min avg15 disk_usage opt disk_opt etc config disk_config ram ram_used client publish PREFIX_EVENT system json dumps msg runt start serial runt get system serial PREFIX router serial PREFIX_EVENT event PREFIX PREFIX_CMD cmd PREFIX PREFIX_RSP rsp PREFIX client mqtt Client cli...

Page 497: ...Collect device health data and set the sample interval 505 Enable event log upload to Digi Remote Manager 508 Log into Digi Remote Manager 510 Use Digi Remote Manager to view and manage your device 511 Add a device to Digi Remote Manager 512 View Digi Remote Manager connection status 512 Configure multiple devices using profiles 513 Learn more 514 IX14 User Guide 497 ...

Page 498: ...icecloud com n If your Digi device is configured to use a non default URL to connect to Remote Manager updating the firmware will not change your configuration However if you erase the device s configuration the Remote Manager URL will change to the default of edp12 devicecloud com n If you perform a factory reset by pressing the RESET twice the client side certificate will be erased and you must ...

Page 499: ...e 499 n SMS support n HTTP proxy server support To configure Digi Remote Manager WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed ...

Page 500: ...ault is 3199 7 Optional For Retry interval type the amount of time that the IX14 device should wait before reattempting to connect to remote cloud services after being disconnected The default is 30 seconds Allowed values are any number of hours minutes or seconds and take the format number h m s For example to set Retry interval to ten minutes enter 10m or 600s 8 Optional For Keep alive interval ...

Page 501: ...ption is disabled Allowed values are any number of hours minutes or seconds and take the format number h m s For example to set Reboot Timeout to ten minutes enter 10m or 600s The minimum value is 30 minutes and the maximum is 48 hours If not set this option is disabled The default is disabled 13 Optional Enable Locally authenticate CLI to require a login and password to authenticate the user from...

Page 502: ...com config cloud drm drm_url url config 6 Optional Set the amount of time that the IX14 device should wait before reattempting to connect to the remote cloud services after being disconnected The minimum value is ten seconds The default is 30 seconds config cloud drm retry_interval value where value is any number of hours minutes or seconds and takes the format number h m s For example to set the ...

Page 503: ...te cloud services If the connection is down you can configure the device to restart the connection or to reboot The watchdog is enabled by default To disable config cloud drm watchdog false config 11 If watchdog is enabled a Optional Set the amount of time to wait before restarting the connection to the remote cloud services once the connection is down where value is any number of hours minutes or...

Page 504: ...cloud services by using SMS a Enable SMS messaging config cloud drm sms enable true config b Set the phone number for Digi Remote Manager config cloud drm sms destination drm_phone_number config c Optional Set the service identifier config cloud drm sms sercice_id id config 1 Optional Configure the IX14 device to communicate with remote cloud services by using an HTTP proxy server a Enable the use...

Page 505: ...interval is set to 60 minutes To avoid a situation where several devices are uploading health metrics information to Remote Manager at the same time the IX14 device includes a preconfigured randomization of two minutes for uploading metrics For example if Health sample interval is set to five minutes the metrics will be uploaded to Remote Manager at a random time between five and seven minutes To ...

Page 506: ...tween health sample uploads 8 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Device health data upl...

Page 507: ... to you configure what data are uploaded to the Digi Remote Manager By default all tuning parameters are enabled To view a list of all available tuning parameters use the show command config show monitoring devicehealth tuning all cellular rx bytes enable true tx bytes enable true eth rx bytes enable true tx bytes enable true serial rx bytes enable true tx bytes enable true cellular 1 rx bytes ena...

Page 508: ...ed with an Access selection menu Type quit to disconnect from the device Enable event log upload to Digi Remote Manager You can configure your device to upload the event log to Digi Remote Manager and configure the interval between event log uploads To enable the event log upload or disable it if it has been disabled and to change the upload interval WebUI 1 Log into the IX14 WebUI as a user with ...

Page 509: ...ted with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Device health data upload is enabled by default To enable or disable n To enable config monitoring events enable true config n To disable config monitoring events enable false config 4 The interval between event log uploads is set to 60 minutes by defau...

Page 510: ...nted with an Access selection menu Type quit to disconnect from the device Log into Digi Remote Manager To start Digi Remote Manager 1 If you have not already done so click here to sign up for a Digi Remote Manager account 2 Check your email for Digi Remote Manager login instructions 3 Go to remotemanager digi com 4 Log into your Digi Remote Manager account ...

Page 511: ...o view and manage your device 1 If you have not already done so connect to your Digi Remote Manager account 2 Click Device Management to display a list of your devices 3 Use the Search bar to locate the device you want to manage 4 Select the device and click Properties to view general information for the device 5 Click the More menu to perform a task ...

Page 512: ...n the label affixed to the bottom of the device 6 Click Add 7 Click OK Digi Remote Manager adds your IX14 device to your account and it appears in the Device Management view View Digi Remote Manager connection status To view the current Digi Remote Manager configuration WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 The dashboard includes a Digi Remote Manager status pane Command li...

Page 513: ...icecloud com Device ID 00000000 00000000 0040FFFF FF0F4594 The Device ID is the unique identifier for the device as used by the Remote Manager Configure multiple devices using profiles Digi recommends you take advantage of Digi Remote Manager profiles to manage multiple IX14 routers Typically if you want to provision multiple IX14 routers 1 Using the IX14 local WebUI configure one IX14 router to u...

Page 514: ... more n For information on using Digi Remote Manager to configure and manage IX14 routers see the Digi Remote Manager User Guide n For information on using Digi Remote Manager APIs to develop custom applications see the Digi Remote Manager Programmer Guide ...

Page 515: ...Monitoring This chapter contains the following topics intelliFlow 516 Configure NetFlow Probe 523 IX14 User Guide 515 ...

Page 516: ...me intelliFlow charts are dymanic at any point you can click inside the chart to drill down to view more granular information and menu options allow you to change various aspects of the information being displayed Note When intelliFlow is enabled and the device is connected to Digi aView it adds an estimated 50MB of data usage for the device by reporting the metrics to aView intelliflow does not c...

Page 517: ...he configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable IntelliFlow config monitoring intelliflow enable true 4 Set the fi...

Page 518: ...rnal clients are present on the zone specified Format any dynamic_routes edge external internal ipsec loopback setup Default value internal Current value internal config b Set the zone to be used by IntelliFlow config monitoring intelliflow zone my_zone 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configura...

Page 519: ... into the IX14 WebUI as a user with Admin access 2 If you have not already done so enable intelliFlow See Enable intelliFlow 3 From the menu click Status intelliFlow The System Utilisation chart is displayed n Display more granular information 1 Click and drag over an area in the chart to zoom into that area and provide more granular information 2 Release to display the selected portion of the cha...

Page 520: ...Select the time period to be displayed n Save or print the chart 1 Click the menu icon 2 To save the chart to your local filesystem select Export to PNG 3 To print the chart select Print chart Use intelliFlow to display top data usage information With intelliFlow you can display top data usage information based on the following n Top data usage by host n Top data usage by server n Top data usage b...

Page 521: ... the Top Data Usage by Server chart click Top Data Usage by Server n To display the Top Data Usage by Service chart click Top Data Usage by Service 5 Change the type of chart that is used to display the data a Click the menu icon b Select the type of chart 6 Change the number of top users displayed You can display the top five top ten or top twenty data users ...

Page 522: ...Use intelliFlow to display data usage by host over time To generate a chart displaying a host s data usage over time WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 If you have not already done so enable intelliFlow See Enable intelliFlow 3 From the menu click Status intelliFlow 4 Click Host Data Usage Over Time n Display more granular information a Click and drag over an area in the...

Page 523: ...d configuration items n Enable NetFlow n The IP address of a NetFlow collector Additional configuration items n The NetFlow version n Enable flow sampling and select the flow sampling technique n The number of flows from which the flow sampler can sample n The number of seconds that a flow is inactive before it is exported to the NetFlow collectors n The number of seconds that a flow is active bef...

Page 524: ...e options are n NetFlow v5 Supports IPv4 only n NetFlow v9 Supports IPv4 and IPv6 n NetFlow v10 IPFIX Supports both IPv4 and IPv6 and includes IP Flow Information Export IPFIX The default is NetFlow v10 IPFIX 6 Enable Flow sampler by selecting a sampling technique Flow sampling can reduce flow processing and transmission overhead by providing a representative subset of all flows Available options ...

Page 525: ...een 1 and 1800 The default is 1800 10 For Maximum flows type the maximum number of flows to probe simultaneously Allowed value is any number between 0 and 2000000 The default is 2000000 11 Add collectors a Click to expand Collectors b For Add Collector click c Optional Type a Label for the collector d For Address type the IP address of the collector e Optional For Port enter the port number used b...

Page 526: ...w sample population n hash Randomly selects one out of every n flows using the hash of the flow key where n is the value of the flow sample population 5 If you are using a flow sampler set the number of flows for the sampler config monitoring netflow sampler_population value config where value is any number between 2 and 16383 The default is 100 6 Set the number of seconds that a flow can be inact...

Page 527: ...lector config monitoring netflow collector 0 port port config monitoring netflow collector 0 d Optional Set a label for the collector config monitoring netflow collector 0 label This is a collector config monitoring netflow collector 0 Repeat to add additional collectors 10 Save the configuration and apply the change config monitoring netflow collector 0 save Configuration saved 11 Type exit to ex...

Page 528: ...y connect two private networks together so that devices can connect from one network to the other using secure channels This chapter contains the following topics IPsec 529 OpenVPN 582 Generic Routing Encapsulation GRE 614 L2TP 635 L2TPv3 Ethernet 655 NEMO 661 IX14 User Guide 528 ...

Page 529: ...ec can run in two different modes Tunnel and Transport Tunnel The entire IP packet is encrypted and or authenticated and then encapsulated as the payload in a new IP packet Transport Only the payload of the IP packet is encrypted and or authenticated The IP header is left untouched This mode has limitations when using an authentication header because the IP addresses in the IP header cannot be tra...

Page 530: ...d key authentication mode provides additional security by using client authentication credentials in addition to the standard pre shared key The IX14 device can be configured to authenticate with the remote peer as an XAUTH client RSA Signatures With RSA signatures authentication the IX14 device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key Cert...

Page 531: ...Configure SureLink active recovery for IPsec for information about IPsec active recovery Additional configuration items The following additional configuration settings are not typically configured to get an IPsec tunnel working but can be configured as needed n Determine whether the device should use UDP encapsulation even when it does not detect that NAT is being used n If using IPsec failover id...

Page 532: ...h the networks for a WAN internet connection wired cellular or otherwise you must configure a static route to direct the traffic either through the IPsec tunnel or through the WAN outside of the IPsec tunnel See Configure a static route for information about configuring a static route WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configura...

Page 533: ...on your network configuration you may need to add a packet filtering rule to allow incoming traffic For example for the IPsec zone a Click to expand Firewall Packet filtering b For Add packet filter click c For Label type Allow incoming IPsec traffic d For Source zone select IPsec Leave all other fields at their default settings 10 For Metric enter or select the priority of routes associated with ...

Page 534: ... pre shared key This must be the same as the local key on the remote host n RSA signature Uses a private RSA key to authenticate with the remote peer i For Private key paste the device s private RSA key in PEM format ii Type the Private key passphrase that is used to decrypt the private key Leave blank if the private key is not encrypted iii For Peer public key paste the peer s public RSA key in P...

Page 535: ...ration information such as the private IP address from the remote peer 18 Click to expand Local endpoint a For Type select either n Default route Uses the same network interface as the default route n Interface Select the Interface to be used as the local endpoint b Click to expand ID i Select the ID type n Auto The ID will be automatically determined from the value of the tunnels endpoints n Raw ...

Page 536: ...type a hostname or IPv4 address If your device is not configured to initiate the IPsec connection see IKE Initiate connection you can also use the keyword any which means that the hostname is dynamic or unknown iii Click again to add additional hostnames d Click to expand ID i Select the ID type n Auto The ID will be automatically determined from the value of the tunnels endpoints n Raw Enter an I...

Page 537: ...figuration is displayed b Click to expand Local traffic selector c For Type select one of the following n Address The address of a local network interface For Address select the appropriate interface n Network The subnet of a local network interface For Address select the appropriate interface n Custom network A user defined network For Custom network enter the IPv4 address and optional netmask n ...

Page 538: ...or Port type the port matching criteria Allowed values are a port number a range of port numbers or any 21 Click to expand IKE a For IKE version select either IKEv1 or IKEv2 This setting must match the peer s IKE version b Initiate connection instructs the device to initiate the key exchange rather than waiting for an incoming request This must be disabled if Remote endpoint Hostname is set to any...

Page 539: ...c tunnel is renegotiated Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Lifetime margin to ten minutes enter 10m or 600s i Click to expand Phase 1 Proposals i Click to create a new phase 1 proposal ii For Cipher select the type of encryption iii For Hash select the type of hash to use to verify communication integrity iv...

Page 540: ...ck to expand NAT to create a list of destination networks that require source NAT a Click next to Add NAT destination b For Destination network type the IPv4 address and optional netmask of a destination network that requires source NAT You can also use any meaning that any destination network connected to the tunnel will use source NAT 24 See Configure SureLink active recovery for IPsec for infor...

Page 541: ...g vpn ipsec tunnel ipsec_example 4 Optional Set the tunnel to use UDP encapsulation even when it does not detect that NAT is being used config vpn ipsec tunnel ipsec_example force_udp_encap true config vpn ipsec tunnel ipsec_example 5 Set the firewall zone for the IPsec tunnel Generally this should be left at the default of ipsec config vpn ipsec tunnel ipsec_example zone zone config vpn ipsec tun...

Page 542: ...han one active route matches a destination the route with the lowest metric is used The metric can also be used in tandem with SureLink to configure IPsec failover behavior See Configure IPsec failover for more information config vpn ipsec tunnel ipsec_example metric value config vpn ipsec tunnel ipsec_example where value is any integer between 0 and 65535 7 Set the mode config vpn ipsec tunnel ip...

Page 543: ...metric pre shared keys to authenticate with the remote peer a Set the local pre shared key This must be the same as the remote key on the remote host config vpn ipsec tunnel ipsec_example auth local_secret key config vpn ipsec tunnel ipsec_example b Set the remote pre shared key This must be the same as the local key on the remote host config vpn ipsec tunnel ipsec_example auth remote_secret key c...

Page 544: ...unnel ipsec_example d Set the method for verifying the peer s X 509 certificate config vpn ipsec tunnel ipsec_example auth peer_verify value config vpn ipsec tunnel ipsec_example where value is either l cert Uses the peer s X 509 certificate in PEM format for verification o For the peer_cert parameter paste the peer s X 509 certificate in PEM format config vpn ipsec tunnel ipsec_example auth peer_...

Page 545: ...ocal network interface config vpn ipsec tunnel ipsec_example local type value config vpn ipsec tunnel ipsec_example where value is either n defaultroute Uses the same network interface as the default route n interface Select the Interface to be used as the local endpoint b Set the ID type config vpn ipsec tunnel ipsec_example local id type value config vpn ipsec tunnel ipsec_example where value is...

Page 546: ...erpreted as a Key ID and sent as an ID_KEY_ID IKE identity Set the key ID config vpn ipsec tunnel ipsec_example local id type keyid_id id config vpn ipsec tunnel ipsec_example n mac_address The device s MAC address will be used for the Key ID and sent as an ID_KEY_ID IKE identity n serial_number The ID device s serial number will be used for the Key ID and sent as an ID_KEY_ID IKE identity 14 Conf...

Page 547: ...c_example n any Any ID will be accepted n ipv4 The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity Set an IPv4 formatted ID This can be a fully qualified domain name or an IPv4 address config vpn ipsec tunnel ipsec_example remote id type ipv4_id id config vpn ipsec tunnel ipsec_example n ipv6 The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_AD...

Page 548: ...t the device will initiate the key exchange This must be disabled if remote hostname is set to any To disable config vpn ipsec tunnel ipsec_example ike initiate false config vpn ipsec tunnel ipsec_example c Set the IKE phase 1 mode config vpn ipsec tunnel ipsec_example ike mode value config vpn ipsec tunnel ipsec_example where value is either aggressive or main d Set the IKE fragmentation config v...

Page 549: ...config vpn ipsec tunnel ipsec_example where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set phase2_lifetime to ten minutes enter either 10m or 600s config vpn ipsec tunnel ipsec_example ike phase2_lifetime 600s config vpn ipsec tunnel ipsec_example The default is one hour h Set a randomizing amount of time before the IPsec tunnel ...

Page 550: ...ne available Diffie Hellman group types config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 dh_group curve25519 curve448 ecp192 ecp224 config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 ii Set the Diffie Hellman group type config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 dh_group value config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 The default is modp2048 v...

Page 551: ...92 aes256 or null The default is 3des iv Set the type of hash to use during phase 2 to verify communication integrity config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 hash value config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 where value is one of md5 sha1 sha256 sha384 or sha512 The default is sha1 v Set the type of Diffie Hellman group to use for key exchange during phase ...

Page 552: ... Change to the root of the configuration schema config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 config b To disable dead peer detection config vpn ipsec tunnel ipsec_example dpd enable false config c Set the number of seconds between transmissions of dead peer packets Dead peer packets are only sent when the tunnel is idle The default is 60 config vpn ipsec tunnel ipsec_example dpd del...

Page 553: ... selector config vpn ipsec tunnel ipsec_example policy 0 local type value config vpn ipsec tunnel ipsec_example policy 0 where value is one of n address The address of a local network interface Set the address i Use the to determine available interfaces config vpn ipsec tunnel ipsec_example policy 0 local address Address The local network interface to use the address of This field must be set when...

Page 554: ...ipsec tunnel ipsec_example policy 0 local custom value config vpn ipsec tunnel ipsec_example policy 0 where value is the IPv4 address and optional netmask The keyword any can also be used n request Requests a network from the remote peer n dynamic Uses the address of the local endpoint d Set the port matching criteria for the local traffic selector config vpn ipsec tunnel ipsec_example policy 0 lo...

Page 555: ... vpn ipsec tunnel ipsec_example policy 0 where value is the port number a range of port numbers or the keyword any h Set the protocol matching criteria for the remote traffic selector config vpn ipsec tunnel ipsec_example policy 0 remote protocol value config vpn ipsec tunnel ipsec_example policy 0 where value is one of n any Matches any protocol n tcp Matches TCP protocol only n udp Matches UDP p...

Page 556: ...out Connection retry timeout connection_try_interval Connection try interval ike_timeout IKE timeout config Generally the default settings for these should be sufficient c You can also enable debugging for IPsec config vpn ipsec advanced debug value config where value is one of n none n basic_auditing n detailed_control n generic_control n raw_data n sensitive_data 20 Save the configuration and ap...

Page 557: ...th tunnels are active simultaneously and there is minimal downtime due to failover l Identify the preferred tunnel during configuration of the backup tunnel In this scenario the backup tunnel is not active until the preferred tunnel fails IPsec failover using SureLink With this configuration when two IPsec tunnels are configured with the same local and remote endpoints but different metrics traffi...

Page 558: ...oint WebUI 1 Configure the primary IPsec tunnel See Configure an IPsec tunnel for instructions n During configuration of the IPsec tunnel set the metric to a low value for example 10 n Configure SureLink for the primary IPsec tunnel and enable Restart interface See Configure SureLink active recovery for IPsec for instructions 2 Create a backup IPsec tunnel Configure this tunnel to use the same loc...

Page 559: ...a value that is higher than the metric of the primary tunnel for example 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel metric 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel IPsec failover using Preferred tunnel WebUI 1 Configure the primary IPsec tunnel See Configure an IPsec tunnel for instructions 2 Create a backup IPsec tunnel See Configure an IPsec tunnel for instructions 3 During...

Page 560: ...nnel See Configure IPsec failover for further information Required configuration items n A valid IPsec configuration See Configure an IPsec tunnel for configuration instructions n Enable IPsec active recovery n The behavior of the IX14 device upon IPsec failure either l Restart the IPsec interface l Reboot the device Additional configuration items n The interval between connectivity tests n Whethe...

Page 561: ...n click Device Configuration The Configuration window is displayed 3 Click VPN IPsec 4 Create a new IPsec tunnel or select an existing one n To create a new IPsec tunnel see Configure an IPsec tunnel n To edit an existing IPsec tunnel click to expand the appropriate tunnel 5 After creating or selecting the IPsec tunnel click Active recovery 6 Enable active recovery ...

Page 562: ...o have failed Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Response timeout to ten minutes enter 10m or 600s The default is 15 seconds 13 Add a test target a Click to expand Test targets b For Add Test target click c Select the Test type n Test another interface s status Allows you to test another interface s status to...

Page 563: ... the interface before this test is considered to have failed Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Initial connection time to ten minutes enter 10m or 600s The default is 60 seconds 14 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Adm...

Page 564: ... hours minutes or seconds and takes the format number w d h m s For example to set interval to ten minutes enter either 10m or 600s config vpn ipsec tunnel ipsec_example surelink interval 600s config vpn ipsec tunnel ipsec_example The default is 15 minutes 8 Determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets config vpn ipsec ...

Page 565: ...ple surelink target 0 ping_host host config vpn ipsec tunnel ipsec_example surelink target 0 l Optional Set the size in bytes of the ping packet config vpn ipsec tunnel ipsec_example surelink target 0 ping_size num config vpn ipsec tunnel ipsec_example surelink target 0 n dns Tests connectivity by sending a DNS query to the specified DNS server l Specify the DNS server Allowed value is the IP addr...

Page 566: ...s 60 seconds l Optional Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed config vpn ipsec tunnel ipsec_example surelink target 0 interface_timeout value config vpn ipsec tunnel ipsec_example surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to se...

Page 567: ...ipsec tunnel ipsec_example surelink target 0 other_ip_version value config vpn ipsec tunnel ipsec_example surelink target 0 where value is one of any both ipv4 or ipv6 o Set the expected status of the alternate interface config vpn ipsec tunnel ipsec_example surelink target 0 other_status value config vpn ipsec tunnel ipsec_example surelink target 0 where value is either up or down For example if ...

Page 568: ...e the following at the prompt show ipsec all Name Enable Status Hostname ipsec1 true up 192 168 2 1 vpn1 false pending 192 168 3 1 3 To display details about a specific tunnel show ipsec tunnel ipsec1 Tunnel ipsec1 Enable true Status pending Hostname 192 168 2 1 Zone ipsec Mode tunnel Type esp 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Acc...

Page 569: ...ing information for example SA up SA down n Generic control flow Select this for basic debugging information n Detailed control flow More detailed debugging control flow n Raw data Includes raw data dumps in hexadecimal format n Sensitive material Also includes sensitive material in dumps for example encryption keys 6 Click Apply to save the configuration and apply the change Command line 1 Log in...

Page 570: ...ss selection menu Type quit to disconnect from the device Configure a Simple Certificate Enrollment Protocol client Simple Certificate Enrollment Protocol SCEP is a mechanism that allows for large scale X 509 certificate deployment You can configure IX14 device to function as a SCEP client that will connect to a SCEP server that is used to sign Certificate Signing Requests CSRs provide Certificate...

Page 571: ...nt configuration is displayed 5 Click Enable to enable the SCEP client 6 For Renewable Time type the number of days that the certificate enrollment can be renewed prior to the request expiring This value is configured on the SCEP server and is used by the IX14 device to determine when to start attempting to auto renew an existing certificate The default is 7 7 Optional For CRL file name type the f...

Page 572: ...essing the certificate authority You should leave this option at the default of cgi bin pkiclient exe unless directed by the CA to use another path 12 For Password type the challenge password as configured on the SCEP server 13 Click to expand Distinguished Name 14 Type the value for each appropriate Distinguished Name attribute 15 Click Apply to save the configuration and apply the change Command...

Page 573: ... required config network scep_client scep_client_name server ca_ident string config network scep_client scep_client_name 7 Set the HTTP URL path required for accessing the certificate authority You should leave this option at the default of cgi bin pkiclient exe unless directed by the CA to use another path config network scep_client scep_client_name server path path config network scep_client sce...

Page 574: ...Set the number of days that the certificate enrollment can be renewed prior to the request expiring This value is configured on the SCEP server and is used by the IX14 device to determine when to start attempting to auto renew an existing certificate The default is 7 config network scep_client scep_client_name renewable_time integer config network scep_client scep_client_name 11 Optional Set the f...

Page 575: ...left at their defaults or changed as appropriate f Click OK 3 Edit SCEP settings a From the menu click SCEP General b Click Enable SCEP if it is not enabled c For Default enrollment password enter a password The password entered here must correspond to the challenge password configured for the SCEP client on the IX14 device d The remaining fields can be left at their defaults or changed as appropr...

Page 576: ...IX14 device WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network SCEP Client 4 For Add clients enter a name for the SCEP client and click The new SCEP client configuration is displayed 5 Click Enable to enable the SCEP client ...

Page 577: ...ca crl 8 Click to expand SCEP server 9 For FQDN type the fully qualified domain name or IP address of the Fortinet server 10 For Password type the challenge password This corresponds to the Default enrollment password on the Fortinet server 11 Click to expand Distinguished Name 12 Type the value for each appropriate Distinguished Name attribute The values entered here must correspond to the DN att...

Page 578: ...ssword as configured on the SCEP server This corresponds to the Default enrollment password on the Fortinet server config network scep_client Fortinet_SCEP_client server password challenge_password config network scep_client Fortinet_SCEP_client 7 Set Distinguished Name attributes The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server a Set th...

Page 579: ...wal x days before the certified is expired option on the Fortinet server config network scep_client Fortinet_SCEP_client renewable_time integer config network scep_client Fortinet_SCEP_client 9 Optional Set the filename of the Certificate Revocation List CRL from the CA The CRL is stored on the IX14 device in the etc config scep_client client_name directory config network scep_client Fortinet_SCEP...

Page 580: ...Apply to save the configuration and apply the change The device must be rebooted for the change to take effect See Reboot your IX14 device Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configu...

Page 581: ...the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device The device must be rebooted for the change to take effect See Reboot your IX14 device ...

Page 582: ...ubnet from the OpenVPN server and other OpenVPN clients OpenVPN clients use Network Address Translation NAT to route traffic from devices connected on its LAN interfaces to the OpenVPN server The manner in which the IP subnets are defined depends on the OpenVPN topology in use The IX14 device supports two types of OpenVPN topology OpenVPN Topology Subnet definition method net30 Each OpenVPN client...

Page 583: ...rd interface configuration for example a standard DHCP server configuration l TAP Device only An alternate form of OpenVPN bridging mode in which the device rather than OpenVPN controls the interface configuration If this method is is the OpenVPN server must be included as a device in either an interface or a bridge n The firewall zone to be used by the OpenVPN server n The IP network and subnet m...

Page 584: ...resses that the OpenVPN server will provide to clients n The TCP UDP port to use By default the IX14 device uses port 1194 n Access control list configuration to restrict access to the OpenVPN server through the firewall n Additional OpenVPN parameters WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration T...

Page 585: ...server will use when providing IP addresses to clients The default is from 80 to 99 7 Optional Set the VPN port that the OpenVPN server will use The default is 1194 8 For Server managed certificates determine the method of certificate management If enabled the server will manage certificates If not enabled certificates must be created externally and added to the server 9 If Server managed certific...

Page 586: ...v6 address or network that can access the device s service type Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the service type d Click again to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the IX14 device a Click...

Page 587: ...d Also known as routing mode Each OpenVPN client is assigned a different IP subnet from the OpenVPN server and other OpenVPN clients OpenVPN clients use Network Address Translation NAT to route traffic from devices connected on its LAN interfaces to the OpenVPN server n TAP OpenVPN managed Also know as bridging mode A more advanced implementation of OpenVPN The IX14 device creates an OpenVPN inter...

Page 588: ...e routes match a destination the route with the lowest metric will be used config vpn openvpn server name metric value config vpn openvpn server name where value is an interger between 0 and 65535 The default is 0 d Optional Set the range of IP addresses that the OpenVPN server will use when providing IP addresses to clients i Set the first address in the range limit config vpn openvpn server name...

Page 589: ...uthentication type config vpn openvpn server name authentication value config vpn openvpn server name where value is one of n cert Uses only certificates for client authentication Each client requires a public and private key n passwd Uses a username and password for client authentication You must create an OpenVPN authentication group and user See Configure an OpenVPN Authentication Group and Use...

Page 590: ...r example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the service type Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config vpn openvpn server name add acl address6 end value config vpn openvpn server name Where value can be l A single IP address or host name l A network designation in CIDR notation for e...

Page 591: ... vpn openvpn server name firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external internal ipsec loopback setup config vpn openvpn server name Repeat this step to list additional firewall zones 9 Optional Set additional OpenVPN parameters a Enable the use of additi...

Page 592: ... from the device Configure an OpenVPN Authentication Group and User If username and password authentication is used for the OpenVPN server you must create an OpenVPN authentication group and user See Configure an OpenVPN server for information about configuring an OpenVPN server to use username and password authentication See IX14 user authentication for more information about creating authenticat...

Page 593: ...group for example OpenVPN_Group and click The new authentication group configuration is displayed c Click OpenVPN access to enable OpenVPN access rights for users of this group d Click to expand the OpenVPN node e Click to add a tunnel f For Tunnel select an OpenVPN tunnel to which users of this group will have access g Repeat to add additional OpenVPN tunnels ...

Page 594: ...word for the user This password is used for local authentication of the user You can also configure the user to use RADIUS or TACACS authentication by configuring authentication methods See User authentication methods for information d Click to expand the Groups node e Click to add a group to the user f Select a Group with OpenVPN access enabled 5 Click Apply to save the configuration and apply th...

Page 595: ...for users of this group config auth group OpenVPN_Group acl openvpn enable true 5 Add an OpenVPN tunnel to which users of this group will have access a Determine available tunnels config auth group OpenVPN_Group vpn openvpn server Servers A list of openvpn servers Additional Configuration OpenVPN_server1 OpenVPN server config auth group OpenVPN_Group b Add a tunnel config auth group OpenVPN_Group ...

Page 596: ... n The route metric for the OpenVPN client n The login credentials for the OpenVPN client if configured on the OpenVPN server See Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is dis...

Page 597: ...penVPN client If multiple active routes match a destination the route with the lowest metric will be used 9 Optional For Username and Password type the login credentials as configured on the OpenVPN server 10 For OVPN file paste the content of the client ovpn file 11 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin a...

Page 598: ... client name 5 Optional Set the route metric for the OpenVPN server If multiple active routes match a destination the route with the lowest metric will be used config vpn openvpn client name metric value config vpn openvpn client name where value is an interger between 0 and 65535 The default is 0 6 Optional Set the login credentials as configured on the OpenVPN server config vpn openvpn client na...

Page 599: ...by the OpenVPN client n The IP address of the OpenVPN server n Certificates and keys l The CA certificate usually in a ca crt file l The Public key for example client crt l The Private key for example client key Additional configuration items n The route metric for the OpenVPN client n The login credentials for the OpenVPN client if configured on the OpenVPN server n Additional OpenVPN parameters ...

Page 600: ...or the OpenVPN client and click The new OpenVPN client configuration is displayed 5 The OpenVPN client is enabled by default To disable click Enable 6 The default behavior is to use an OVPN file for client configuration To disable this behavior and configure the client manually click Use ovpn file to disable ...

Page 601: ...Click Enable to enable the use of additional OpenVPN parameters b Click Override if the additional OpenVPN parameters should override default options c For OpenVPN parameters type the additional OpenVPN parameters For example to override the configuration by using a configuration file enter config filename for example config etc config openvpn_config 15 Click Apply to save the configuration and ap...

Page 602: ...ent interface Format any dynamic_routes edge external internal ipsec loopback setup Current value config vpn openvpn client name 7 Optional Set the route metric for the OpenVPN server If multiple active routes match a destination the route with the lowest metric will be used config vpn openvpn client name metric value config vpn openvpn client name where value is an interger between 0 and 65535 Th...

Page 603: ...lient name 14 Optional Set additional OpenVPN parameters a Enable the use of additional OpenVPN parameters config vpn openvpn client name advanced_options enable true config vpn openvpn client name b Configure whether the additional OpenVPN parameters should override default options config vpn openvpn client name advanced_options override true config vpn openvpn client name c Set the additional Op...

Page 604: ...y tests n Whether the interface should be considered to have failed if one of the test targets fails or all of the test targets fail n The number of probe attempts before the OpenVPN connection is considered to have failed n The amount of time that the device should wait for a response to a probe attempt before considering it to have failed To configure the IX14 device to regularly probe the OpenV...

Page 605: ...AN connection is considered to have failed 9 Change the Interval between connectivity tests Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Interval to ten minutes enter 10m or 600s The default is 15 minutes 10 For Success condition determine whether the interface should fail over based on the failure of one of the test t...

Page 606: ...ize n DNS test Tests connectivity by sending a DNS query to the specified DNS server n HTTP test Tests connectivity by sending an HTTP or HTTPS GET request to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this interface Tests connectivity by sending a DNS query to the DNS servers configured for this interface n Test the in...

Page 607: ...ient1 config vpn openvpn client openvpn_client1 4 Enable active recovery config vpn openvpn client openvpn_client1 surelink enable true config vpn openvpn client openvpn_client1 5 To configure the device to restart the interface when its connection is considered to have failed config vpn openvpn client openvpn_client1 surelink restart true config vpn openvpn client openvpn_client1 This is useful f...

Page 608: ...t for a response to a probe attempt before considering it to have failed config vpn openvpn client openvpn_client1 surelink timeout value config vpn openvpn client openvpn_client1 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set timeout to ten minutes enter either 10m or 600s config vpn openvpn client openvpn_client1 surelink...

Page 609: ... to the DNS servers configured for this interface n http Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL l Specify the url config vpn openvpn client openvpn_client1 surelink target 0 http_url value config vpn openvpn client openvpn_client1 surelink target 0 where value uses the format http s hostname path n interface_up The interface is considered to be down based o...

Page 610: ...out to ten minutes enter either 10m or 600s config vpn openvpn client openvpn_client1 surelink target 0 interface_timeout 600s config vpn openvpn client openvpn_client1 surelink target 0 The default is 60 seconds l other Allows you to test another interface s status to create a failover or coupled relationship between interfaces config vpn openvpn client openvpn_client1 surelink target 0 other val...

Page 611: ... alternate interface config vpn openvpn client openvpn_client1 surelink target 0 other_status value config vpn openvpn client openvpn_client1 surelink target 0 where value is either up or down For example if other_status is set to down but the alternate interface is determined to be up then this test will fail 12 Save the configuration and apply the change config vpn openvpn client openvpn_client1...

Page 612: ...nVPN servers type the following at the prompt show openvpn server all Server Enable Type Zone IP Address Port OpenVPN_server1 true tun internal 192 168 30 1 24 1194 OpenVPN_server2 false tun internal 192 168 40 1 24 1194 3 To display details about a specific server show openvpn server name OpenVPN_server1 Server OpenVPN_server1 Enable true Type tun Zone internal IP Address 192 168 30 1 24 Port 119...

Page 613: ...CLI 2 To display details about all configured OpenVPN clients type the following at the prompt show openvpn client all Client Enable Status Username Use File Zone OpenVPN_Client1 true connected true internal OpenVPN_Client2 true pending true internal 3 To display details about a specific client show openvpn client name OpenVPN_client1 Client OpenVPN_client1 Enable true Status up Username user1 IP ...

Page 614: ...RE tunnel Configuring a GRE tunnel involves the following items Required configuration items n A GRE loopback endpoint interface n GRE tunnel configuration l Enable the GRE tunnel The GRE tunnels are enabled by default l The local endpoint interface l The IP address of the remote device peer Additional configuration items n A GRE key n Enable the device to respond to keepalive packets Task One Cre...

Page 615: ...expand IPv4 10 For Address enter the IP address and subnet mask of the local GRE endpoint for example 10 10 1 1 24 11 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the com...

Page 616: ...GRE endpoint s IP address and subnet mask to 10 10 1 1 24 config network interface gre_interface ipv4 address 10 10 1 1 24 config network interface gre_interface 7 Save the configuration and apply the change config network interface gre_interface save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type...

Page 617: ...this tunnel It must match the key set by the remote endpoint Allowed value is an interger between 0 and 4294967295 or an IP address 9 Optional Enable keepalive reply to enable the device to reply to Cisco GRE keepalive packets 10 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device ...

Page 618: ...e loopback network interface wan Current value config vpn iptunnel gre_example 5 Set the IP address of the GRE endpoint on the remote peer config vpn iptunnel gre_example remote ip_address config vpn iptunnel gre_example 6 Optional Set a key that will be inserted in GRE packets created by this tunnel The key must match the key set by the remote endpoint config vpn iptunnel gre_example key value co...

Page 619: ...iew information about currently configured GRE tunnels WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 On the menu click Status IP tunnels The IP Tunnelspage appears 3 To view configuration details about a GRE tunnel click the configuration icon in the upper right of the tunnel s status pane ...

Page 620: ... 0 2 32 2 Create an IPsec endpoint interface named ipsec_endpoint1 a Zone set to Internal b Device set to Ethernet Loopback c IPv4 Address set to the IP address of the local GRE tunnel 172 30 0 1 32 3 Create a GRE tunnel named gre_tunnel1 a Local endpoint set to the IPsec endpoint interface Interface ipsec_endpoint1 b Remote endpoint set to the IP address of the GRE tunnel on IX14 2 172 30 0 2 4 C...

Page 621: ...point2 b Remote endpoint set to the IP address of the GRE tunnel on IX14 1 172 30 0 1 4 Create an interface named gre_interface2 and add it to the GRE tunnel a Zone set to Internal b Device set to IP tunnel gre_tunnel2 c IPv4 Address set to a virtual IP address on the GRE tunnel 172 31 1 1 30 Configuration procedures Configure the IX14 1 device Task one Create an IPsec tunnel WebUI 1 Log into the ...

Page 622: ...lick to add a new policy 11 Click to expand Local network 12 For Type select Custom network 13 For Address type the IP address and subnet of the local GRE tunnel 172 30 0 1 32 14 For Remote network type the IP address and subnet of the remote GRE tunnel 172 30 0 2 32 15 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admi...

Page 623: ...fig vpn ipsec tunnel ipsec_gre1 add policy end config vpn ipsec tunnel ipsec_gre1 policy 0 7 Set the local network policy type to custom config vpn ipsec tunnel ipsec_gre1 policy 0 local type custom config vpn ipsec tunnel ipsec_gre1 policy 0 8 Set the local network address to the IP address and subnet of the local GRE tunnel 172 30 0 1 32 config vpn ipsec tunnel ipsec_gre1 policy 0 local custom 1...

Page 624: ...2 For Add Interface type ipsec_endpoint1 and click 3 For Zone select Internal 4 For Device select Ethernet loopback 5 Click to expand IPv4 6 For Address type the IP address of the local GRE tunnel 172 30 0 1 32 7 Click Apply to save the configuration and apply the change Command line 1 At the command line type config to enter configuration mode config config ...

Page 625: ...ipsec_endpoint1 5 Set the IPv4 address to the IP address of the local GRE tunnel 172 30 0 1 32 config network interface ipsec_endpoint1 ipv4 address 172 30 0 1 32 config network interface ipsec_endpoint1 6 Save the configuration and apply the change config vpn ipsec tunnel ipsec_endpoint1 policy 0 save Configuration saved Task three Create a GRE tunnel WebUI 1 Click VPN IP Tunnels 2 For Add IP Tun...

Page 626: ...Set the local endpoint to the IPsec endpoint interface created in Task two network interface ipsec_endpoint1 config vpn iptunnel gre_tunnel1 local network interface ipsec_ endpoint1 config vpn iptunnel gre_tunnel1 4 Set the remote endpoint to the IP address of the GRE tunnel on IX14 2 172 30 0 2 config vpn iptunnel gre_tunnel1 remote 172 30 0 2 config vpn iptunnel gre_tunnel1 5 Save the configurat...

Page 627: ...I 1 Click Network Interfaces 2 For Add Interface type gre_interface1 and click 3 For Zone select Internal 4 For Device select the GRE tunnel created in Task three IP tunnel gre_tunnel1 5 Click to expand IPv4 6 For Address type 172 31 0 1 30 for a virtual IP address on the GRE tunnel 7 Click Apply to save the configuration and apply the change ...

Page 628: ...iptunnel gre_ tunnel1 config network interface gre_interface1 5 Set 172 31 0 1 30 as the virtual IP address on the GRE tunnel config network interface gre_interface1 ipv4 address 172 31 0 1 30 config network interface gre_interface1 6 Save the configuration and apply the change config network interface gre_interface1 save Configuration saved 7 Type exit to exit the Admin CLI Depending on your devi...

Page 629: ...t was configured for the IX14 1 testkey 7 Click to expand Remote endpoint 8 For Hostname type public IP address of the IX14 1 device 9 Click to expand Policies 10 For Add Policy click to add a new policy 11 Click to expand Local network 12 For Type select Custom network 13 For Address type the IP address and subnet of the local GRE tunnel 172 30 0 2 32 14 For Remote network type the IP address and...

Page 630: ...unnel ipsec_gre2 4 Set the pre shared key to the same pre shared key that was configured for the IX14 1 testkey config vpn ipsec tunnel ipsec_gre2 auth secret testkey config vpn ipsec tunnel ipsec_gre2 5 Set the remote endpoint to public IP address of the IX14 1 device config vpn ipsec tunnel ipsec_gre2 remote hostname 192 168 100 1 config vpn ipsec tunnel ipsec_gre2 6 Add a policy config vpn ipse...

Page 631: ... GRE tunnel 172 30 0 1 32 config vpn ipsec tunnel ipsec_gre2 policy 0 remote network 172 30 0 1 32 config vpn ipsec tunnel ipsec_gre2 policy 0 10 Save the configuration and apply the change config vpn ipsec tunnel ipsec_gre2 policy 0 save Configuration saved Task two Create an IPsec endpoint interface WebUI 1 Click Network Interfaces 2 For Add Interface type ipsec_endpoint2 and click 3 For Zone se...

Page 632: ...k interface ipsec_endpoint2 3 Set the zone to internal config network interface ipsec_endpoint2 zone internal config network interface ipsec_endpoint2 4 Set the device to network device loopback config network interface ipsec_endpoint2 device network device loopback config network interface ipsec_endpoint2 5 Set the IPv4 address to the IP address of the local GRE tunnel 172 30 0 2 32 config networ...

Page 633: ...figuration and apply the change Command line 1 At the command line type config to enter configuration mode config config 2 Add a GRE tunnel named gre_tunnel2 config add vpn iptunnel gre_tunnel2 config vpn iptunnel gre_tunnel2 3 Set the local endpoint to the IPsec endpoint interface created in Task two network interface ipsec_endpoint2 config vpn iptunnel gre_tunnel2 local network interface ipsec_ ...

Page 634: ...r Create an interface for the GRE tunnel device WebUI 1 Click Network Interfaces 2 For Add Interface type gre_interface2 and click 3 For Zone select Internal 4 For Device select the GRE tunnel created in Task three IP tunnel gre_tunnel2 5 Click to expand IPv4 6 For Address type 172 31 1 1 30 for a virtual IP address on the GRE tunnel 7 Click Apply to save the configuration and apply the change ...

Page 635: ...e gre_interface2 5 Set 172 31 0 1 30 as the virtual IP address on the GRE tunnel config network interface gre_interface2 ipv4 address 172 31 1 1 30 config network interface gre_interface2 6 Save the configuration and apply the change config network interface gre_interface2 save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an...

Page 636: ...rs l L2TP network server port l The username and password of the L2TP server l The metric for the tunnel l Enable custom PPP configuration options for the tunnel o Whether to override the default configuration and only use the custom options o Optional configuration data in the format of a pppd options file l SureLink options for the tunnel n For L2TP network servers l The Authentication method l ...

Page 637: ... access the service type d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s service type Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l ...

Page 638: ...traffic on the tunnel j Optional Custom PPP configuration i Enable custom PPP configuration ii Enable Override if the custom configuration should override the default configuration and only use the custom options iii For Configuration file paste or type the configuration data in the format of a pppd options file k For SureLink see Configure SureLink active recovery for PPP over L2TP 7 To add an L2...

Page 639: ...None i Optional Type the Metric for the tunnel if other than the default of 1 j Select a firewall Zone for the tunnel This is used by packet filtering rules and access control lists to restrict network traffic on the tunnel k Optional Custom PPP configuration i Enable custom PPP configuration ii Enable Override if the custom configuration should override the default configuration and only use the ...

Page 640: ...g add vpn l2tp acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the service type Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the IX14 device config add vpn l2tp acl...

Page 641: ...onal Configuration any dynamic_routes edge external internal ipsec loopback setup config Repeat this step to list additional firewall zones 5 To add an L2TP access concentrator a Add an LAC config add vpn l2tp lac name config add vpn l2tp lac name where name is the name of the LAC For example to add an LAC named lac_tunnel config add vpn l2tp lac lac_tunnel config vpn l2tp lac lac_tunnel LACs are ...

Page 642: ...for the tunnel config vpn l2tp lac lac_tunnel metric int config vpn l2tp lac lac_tunnel where int is an integer between 0 and 65535 The default is 1 g Set the firewall zone for the tunnel This is used by packet filtering rules and access control lists to restrict network traffic on the tunnel i Use the to determine available zones config vpn l2tp lac lac_tunnel zone Zone The firewall zone assigned...

Page 643: ...n L2TP network server a Add an LNS config add vpn l2tp lns name config add vpn l2tp lac name where name is the name of the LNS For example to add an LNS named lns_server config add vpn l2tp lns lns_server config vpn l2tp lns lns_server LACs are enabled by default To disable config vpn l2tp lns lns_server enable false config vpn l2tp lns lns_server b Set the IP address of the L2TP access concentrat...

Page 644: ... Username and Password required to authenticate config vpn l2tp lns lns_server username username config vpn l2tp lns lns_server password password config vpn l2tp lns lns_server The default is none f Optional Set the metric for the tunnel config vpn l2tp lns lns_server metric int config vpn l2tp lns lns_server where int is an integer between 0 and 65535 The default is 1 g Set the firewall zone for ...

Page 645: ...ig vpn l2tp lns lns_server custom config_file data config vpn l2tp lns lns_server 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure SureLink active recovery for PPP over L2TP You can configure the I...

Page 646: ...for a response to a probe attempt before considering it to have failed To configure the IX14 device to regularly probe the PPP over L2TP connection WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click VPN PPP over L2TP 4 Create a new PPP over L2TP access concat...

Page 647: ...minutes or seconds and take the format number w d h m s For example to set Interval to ten minutes enter 10m or 600s The default is 15 minutes 10 For Success condition determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets 11 For Attempts type the number of probe attempts before the WAN is considered to have failed 12 For Respons...

Page 648: ...ing a DNS query to the specified DNS server n HTTP test Tests connectivity by sending an HTTP or HTTPS GET request to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this interface Tests connectivity by sending a DNS query to the DNS servers configured for this interface n Test the interface status The interface is considere...

Page 649: ...fig vpn l2tp lac lac_tunnel 4 Enable active recovery config vpn l2tp lac lac_tunnel surelink enable true config vpn l2tp lac lac_tunnel 5 To configure the device to restart the interface when its connection is considered to have failed config vpn l2tp lac lac_tunnel surelink restart true config vpn l2tp lac lac_tunnel This is useful for interfaces that may regain connectivity after restarting such...

Page 650: ...ac_tunnel where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interval to ten minutes enter either 10m or 600s config vpn l2tp lac lac_tunnel surelink timeout 600s config vpn l2tp lac lac_tunnel The default is 15 seconds 11 Configure test targets a Add a test target config vpn l2tp lac lac_tunnel add surelink target end config v...

Page 651: ...th n interface_up The interface is considered to be down based on the interfaces down time and the amount of time an initial connection to the interface takes before this test is considered to have failed l Optional Set the amount of time that the interface can be down before this test is considered to have failed config vpn l2tp lac lac_tunnel surelink target 0 interface_down_time value config vp...

Page 652: ...o determine available interfaces config vpn l2tp lac lac_tunnel surelink target 0 other_interface Interface The network interface Format network interface defaultip network interface defaultlinklocal network interface lan network interface loopback network interface modem Current value config vpn l2tp lac lac_tunnel surelink target 0 other_interface ii Set the interface For example config vpn l2tp...

Page 653: ...selectors This means that you cannot restrict traffic on the IPsec tunnel to L2TP traffic typically UDP port 1701 While multiple L2TP clients are supported on the IX14 by configuring a separate LNS for each client multiple clients behind a Network Address Translation NAT device are not supported because they will all appear to have the same IP address Show L2TP tunnel status WebUI Show the status ...

Page 654: ...t a specific tunnel show l2tp lac name lac_test2 lac_test2 L2TP Access Concentrator Status Enabled true Status pending 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show the status of L2TP network servers from the Admin CLI 1 Log into the IX14 command line as a user with Admin acce...

Page 655: ...ion 3 L2TPv3 static unmanaged Ethernet tunnels Configure an L2TPv3 tunnel Your IX14 device supports Layer 2 Tunneling Protocol Version 3 L2TPv3 static unmanaged Ethernet tunnels Required configuration items n A name for the L2TPv3 tunnel n Enable the tunnel n The remote endpoint IP address n The local endpoint IP address n The session ID n The peer session ID Additional configuration items n Encap...

Page 656: ...ct either UDP or IP If UDP is selected a For UDP source port type the number of the source UDP port to be used for the tunnel b For UDP destination port type the number of the destination UDP port to be used for the tunnel c Optional Click to enable UDP checksum to calculate and check the UDP checksum 10 Click to expand Sessions a For Add Sesssion type a name for a session carried by the parent tu...

Page 657: ...dmin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a L2TPv3 Ethernet tunnel For example to add a tunnel named L2TPv3_example config add vpn l2tpv3 L2TPv3_example config vpn l2tpeth L2TPv3_example The tunnel is enabled by defa...

Page 658: ...and 4294967295 7 Set the tunnel ID of the remote peer config vpn l2tpeth L2TPv3_example peer_tunnel_id value config vpn l2tpeth L2TPv3_example where value is any integer between 1 and 4294967295 8 Optional Set the encapsulation type config vpn l2tpeth L2TPv3_example encapsulation value config vpn l2tpeth L2TPv3_example where value is either udp or ip The default is upd If udp is set a Set the sour...

Page 659: ...lue config vpn l2tpeth L2TPv3_example session_example Allowed value is 8 or 16 hex digits 13 Optional Set the cookie value of the remote peer config vpn l2tpeth L2TPv3_example session_example peer cookie value config vpn l2tpeth L2TPv3_example session_example Allowed value is 8 or 16 hex digits 14 Set the Layer2Specific header type This must match what is configured on the remote peer config vpn l...

Page 660: ...ation details about an L2TPV3 tunnel click the configuration icon in the upper right of the tunnel s status pane Command line 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 To display details about all configured L2TPv3 Ethernet tunnels type the following at ...

Page 661: ...the home agent on the mobile private network and the IX14 device isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management Dynamic Mobile Network Routing DMNR is the implementation of NEMO for Verizon Wireless Private Networks DMNR support requires the use of Verizon SIM cards that have DMNR enabled Configure a NEMO tunnel Con...

Page 662: ... local interface to be used Generally this will be the Wirelesss WAN Modem l If set to IP address enter the IP address n The local network of the GRE endpoint negotiated by NEMO l If the local network is set to Interface identify the local interface to be used WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configu...

Page 663: ...aders 11 Click to expand Care of address to configure the local WAN interface of the internet facing network a For Type select the method to determine the local network interface that is used to communicate with the peer n If Default route is selected the network interface that is used will be the same as the default route n If Interface is selected specify the local network interface n If IP addr...

Page 664: ... carrier config vpn nemo nemo_example home_agent IPv4_address config vpn nemo nemo_example 6 Set the key used to authenticate to the home agent This is provided by your cellular carrier config vpn nemo nemo_example key value config vpn nemo nemo_example 7 Set the the number of seconds number of seconds until the authorization key expires This is provided by your cellular carrier config vpn nemo ne...

Page 665: ...lows it through the network 11 Configure the Care of Address the local WAN interface of the internet facing network a Set the method to determine the Care of Address config vpn nemo nemo_example coaddress type value config vpn nemo nemo_example where value is one of n defaultroute Uses the same network interface as the default route n interface If interface is used set the interface i Use the to d...

Page 666: ...ce Interface The network interface to use to communicate with the peer Set this field to blank if using the default route Format defaultip defaultlinklocal lan loopback modem Current value config vpn nemo nemo_example tun_local interface ii Set the interface For example config vpn nemo nemo_example tun_local interface LAN config vpn nemo nemo_example The default is defaultroute 13 Configure one or...

Page 667: ...mmand line 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 To display details about all configured NEMO tunnels type the following at the prompt show nemo NEMO Enable Status Address Agent CoAddress demo false test true up 1 2 3 4 4 3 2 1 10 10 10 1 3 To displa...

Page 668: ...s VPN NEMO IX14 User Guide 668 LAN2 192 168 3 1 24 Advertized 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 669: ...rt report 670 View system and event logs 672 Configure syslog servers 676 Configure options for the event and system logs 679 Analyze network traffic 684 Use the ping command to troubleshoot network connections 702 Use the traceroute command to diagnose IP routing problems 702 IX14 User Guide 669 ...

Page 670: ...erage 44 7588 Mbps Rx latency 30 05 ms 3 To output the result in json format use the output parameter speedtest host output json tx_avg 51 8510 tx_avg_units Mbps tx_latency 31 07 tx_latency_units ms rx_avg 39 5770 rx_avg_units Mbps rx_latency 34 19 rx_latency_units ms 4 To change the size of the speedtest packet use the size parameter speedtest host size int 5 By default the speedtest uses nuttcp ...

Page 671: ... access the Admin CLI 2 Use the system support report command to generate the report system support report var log Saving support report to var log support report 0040D0133536 22 03 03 10 16 23 bin Support report saved 3 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var log support report 00 40 D0 13 35 36 22 03 03 10 16 23...

Page 672: ...about configuring the information displayed in event and system logs View System Logs WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 On the main menu click System Logs The system log displays 3 Limit the display in the system log by using the Find search tool 4 Use filters to configure the types of information displayed in the system logs ...

Page 673: ...show log number num command to limit the number of lines that are displayed For example to limit the log to the most recent ten lines show log number 10 Timestamp Message Nov 26 21 54 34 IX14 netifd Interface interface_wan is setting up now Nov 26 21 54 35 IX14 firewalld 621 reloading status 4 Optional Use the show log filter value command to limit the number of lines that are displayed Allowed va...

Page 674: ...er with Admin access 2 On the main menu click System Logs 3 Click System Logs to collapse the system logs viewer or scroll down to Events 4 Click Events to expand the event viewer 5 Limit the display in the event log by using the Find search tool 6 Click to download the event log Command line 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you ma...

Page 675: ...v 26 21 42 37 status stat intf eth1 type ethernet rx 11332435 tx 5038762 Nov 26 21 42 35 status system local_time Thu 08 Aug 2019 21 42 35 0000 uptime 3 hours 0 minutes 48 seconds 4 Optional Use the show event table value command to limit the number of lines that are displayed Allowed values are error info and status For example to limit the event list to only info messages show event table info T...

Page 676: ...ers You can configure remote syslog servers for storing event and system logs WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Log ...

Page 677: ...r informational and status event categories by clicking to toggle off the category e For Syslog egress port type the port number to use for the syslog server The default is 514 f For Protocol select the IP protocol to use for communication with the syslog server Available options are TCP and UPD The default is UPD 5 Click Apply to save the configuration and apply the change Command line 1 Log into...

Page 678: ...essages config system log remote 0 info false config system log remote 0 n To disable status event messages config system log remote 0 status false config system log remote 0 n To disable informational event messages config system log remote 0 error false config system log remote 0 4 Set the port number to use for the syslog server config system log remote 0 port value config system log remote 0 w...

Page 679: ...or event and system logging is n The heartbeat interval which determines the amount of time to wait before sending a heartbeat event if no other events have been sent is set to 30 minutes n All event categories are enabled To change or disable the heartbeat interval or to disable event categories and to perform other log configuration WebUI 1 Log into the IX14 WebUI as a user with full Admin acces...

Page 680: ...able informational events status events and error events Some categories also allow you to set the Status interval which is the time interval between periodic status events 6 Optional See Configure syslog servers for information about configuring remote syslog servers to which log messages will be sent 7 Enable Preserve system logs to save the current session s system log after a reboot By default...

Page 681: ...rval set the value to 0s 4 Enable preserve system logs functionality to save the current session s system log after a reboot By default the IX14 device erases system logs each time the device is powered off or rebooted Note You should only enable Preserve system logs temporarily to debug issues Once you are finished debugging immediately disable Preserve system logs to avoid unnecessary wear to th...

Page 682: ... for DHCP server logging configuration config system log event dhcpserver DHCP server Settings for DHCP server events Informational events are generated when a lease is obtained or released Status events report the current list of leases Parameters Current Value info true Enable informational events status true Enable status events status_interval 30m Status interval config system log event dhcpse...

Page 683: ... Configure syslog servers for information about configuring remote syslog servers to which log messages will be sent 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 684: ... more detailed analysis you can download the captured data traffic from the device and view it using a third party application Note Data traffic is captured to RAM and the captured data is lost when the device reboots unless you save the data to a file See Save captured data traffic to a file This section contains the following topics Configure packet capture for the network analyzer 685 Example f...

Page 685: ...re configuration n Schedule the analyzer to run based on a specified event or at a particular time l The events or time that will trigger the analyzer to run using this capture configuration l The amount of time that the analyzer session will run l The frequency with which captured events will be saved To configure a packet capture configuration WebUI 1 Log into the IX14 WebUI as a user with full ...

Page 686: ... packets from a particular IP address or network i Click to expand Filter IP addresses or networks ii Click to add an IP address network iii For IP address or network type the IPv4 or IPv6 address and optional netmask iv For Source or destination IP address select whether the filter should apply to packets when the IP address network is the source the destination or both v Click Ignore this IP add...

Page 687: ... the filter should ignore packets that use this port By default is option is disabled which means that the filter will capture packets that use this port vii Click to add additional port filters e To create a filter that either captures or ignores packets from one or more specified MAC addresses i Click to expand Filter Ethernet MAC addresses ii Click to add a MAC address iii For Ethernet MAC addr...

Page 688: ...ing at the specified interval within 30 seconds after the configuration change is saved l If Interval is selected in Interval type the interval Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Interval to ten minutes enter 10m or 600s n Set time Runs the capture filter at a specified time of the day l If Set Time is select...

Page 689: ...syntax use the space bar autocomplete feature config network analyzer name add device end space network device lan network device loopback network interface aview network interface defaultip network interface defaultlinklocal network interface lan network interface loopback network interface modem config network analyzer name add interface end network Repeat to add additional interfaces 5 Optional...

Page 690: ...m this IP address network config network analyzer name filter address 0 ignore true config network analyzer name filter address 0 By default is option is set to false which means that the filter will capture packets from this IP address network v Repeat these steps to add additional IP address filters b To create a filter that either captures or ignores packets that use a particular IP protocol i ...

Page 691: ... i Add a new port filter config network analyzer name add filter port end config network analyzer name filter port 0 ii Set the transport protocol that should be filtered for the port config network analyzer name filter port 0 protocol value config network analyzer name filter port 0 where value is one of tcp udp or either The default is either iii Set whether the filter should apply to packets wh...

Page 692: ...name filter mac_address 0 where value is one of n source The filter will apply to packets when the MAC address is the source n destination The filter will apply to packets when the MAC address is the destination n either The filter will apply to packets when the MAC address is either the source or the destination iv Optional Set the filter should ignore packets from this port config network analyz...

Page 693: ...nfig network analyzer name schedule enable true config network analyzer name b Set the mode that will be used to run the capture filter config network analyzer name when mode config network analyzer name where mode is one of the following n boot The script will run once each time the device boots n interval The script will start running at the specified interval within 30 seconds after the configu...

Page 694: ...r w d h m s For example to set save_interval to ten minutes enter either 10m or 600s config network analyzer name save_interval 600s config network analyzer name 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the dev...

Page 695: ...0 13 35 36 ether host 00 40 D0 13 35 36 n Capture Ethernet packets from host 00 40 D0 13 35 36 ether src 00 40 D0 13 35 36 n Capture Ethernet packets to host 00 40 D0 13 35 36 ether dst 00 40 D0 13 35 36 Capture packets from the command line You can start packet capture at the command line with the analyzer start command Alternatively you can schedule the network analyzer to run based on a specifi...

Page 696: ...to 10 MB of data traffic in two 5 MB files per interface Note Data traffic is captured to RAM and the captured data is lost when the device reboots unless you save the data to a file See Save captured data traffic to a file Stop capturing packets You can stop packet capture at the command line with the analyzer stop command To stop packet capture from the command line Command line 1 Log into the I...

Page 697: ...6 bytes n Decoded information of the packet To show captured data traffic Command line 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Type the following at the Admin CLI prompt show analyzer name capture_filter Packet 1 Mar 03 2022 10 16 23 287682 Length 60 b...

Page 698: ...iguration See Configure packet capture for the network analyzer for more information To determine available packet capture configurations use the show anaylzer name name Name of the capture filter to use Format test_capture capture_ping show anaylzer name Save captured data traffic to a file Data traffic is captured to RAM and when the device reboots the data is lost To retain the captured data fi...

Page 699: ...capture for the network analyzer for more information To determine available packet capture configurations use the analyzer save name name Name of the capture filter to use Format test_capture capture_ping analyzer save name The file is stored in the etc config analyzer directory To transfer the file to your PC see Download captured data to your PC Download captured data to your PC After saving ca...

Page 700: ... on the remote host n remote path is the location on the remote host where the file will be copied n local path is the path and filename on the IX14 device For example To download the traffic saved in the file etc config analyzer eth0 pcpng to a PC with the IP 192 168 210 2 for a user named maria to the home maria directory scp host 192 168 210 2 user maria remote home maria local etc config analy...

Page 701: ...ion See Configure packet capture for the network analyzer for more information To determine available packet capture configurations use the anaylzer clear name name Name of the capture filter to use Format test_capture capture_ping anaylzer clear name Note You can remove data traffic saved to a file using the rm command ...

Page 702: ...tion you may be presented with an Access selection menu Type quit to disconnect from the device Stop ping commands To stop pings when the number of pings to send the count parameter has been set to a high value enter Ctrl C Use the traceroute command to diagnose IP routing problems Use the traceroute command to diagnose IP routing problems This command traces the route to a remote IP host and disp...

Page 703: ...ting hops were required to reach the host 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt use the traceroute command to view IP routing information traceroute 8 8 8 8 traceroute to 8 8 8 8 8 8 8 8 30 hops max 52 byte packets 1 192 168 8...

Page 704: ...Routing This chapter contains the following topics IP routing 705 Show the routing table 723 Dynamic DNS 725 Virtual Router Redundancy Protocol VRRP 731 IX14 User Guide 704 ...

Page 705: ...destination it forwards the IP packet to the configured IP gateway or interface 3 If it cannot find a route for the destination it uses a default route 4 If there are two or more routes to a destination the device uses the route with the longest mask 5 If there are two or more routes to a destination with the same mask the device uses the route with the lowest metric This section contains the foll...

Page 706: ...ms n A label used to identify this route n The IPv4 address of the gateway used to reach the destination n The metric for the route When multiple routes are available to reach the same destination the route with the lowest metric is used n The Maximum Transmission Units MTU of network packets using this route To configure a static route WebUI 1 Log into the IX14 WebUI as a user with full Admin acc...

Page 707: ...erface on the IX14 device that will be used with this static route 8 Optional For Gateway type the IPv4 address of the gateway used to reach the destination Set to blank if the destination can be accessed without a gateway 9 Optional For Metric type the metric for the route When multiple routes are available to reach the same destination the route with the lowest metric is used 10 Optional For MTU...

Page 708: ...k of 255 255 255 0 config network route static 0 dst 192 168 47 0 24 config network route static 0 The any keyword can also be used to route packets to any destination with this static route 6 Set the interface on the IX14 device that will be used with this static route a Use the to determine available interfaces config network route static 0 interface Interface The network interface to use to rea...

Page 709: ... Optional Set the Maximum Transmission Units MTU of network packets using this route config network route static 0 mtu integer config network route static 0 10 Save the configuration and apply the change config save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device...

Page 710: ... a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Determine the index number of the static route to be deleted config show network route static 0 dst 10 0 0 1 enable true no gateway interface network interface...

Page 711: ... to forward the packet based on other criteria such as the source of the packet For example you can configure the IX14 device so that high priority traffic is routed through the cellular connection while all other traffic is routed through an Ethernet WAN connection Policy based routing for the IX14 device uses the following criteria to determine how to route traffic n Firewall zone for example in...

Page 712: ...ource port This is only used if the protocol is set to tcp or udp l Destination port This is only used if protocol is set to tcp or udp n The network interface used to reach the destination Additional configuration items n A label for the routing policy n Whether packets that match this policy should be dropped when the gateway interface is disconnected rather than forwarded through other interfac...

Page 713: ...erentiated Services Code Point DSCP field match criteria This will match packets based on the DHCP field within the ToS field of the IP header 11 Configure source address information a Click to expand Source address b For Type select one of the following n Zone Matches the source IP address to the selected firewall zone See Firewall configuration for more information about firewall zones n Interfa...

Page 714: ...eat to add additional domains n Default route Matches packets destined for the default route excluding routes for local networks 13 Click Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CL...

Page 715: ...work route policy 0 interface network interface LAN config network route policy 0 6 Optional Enable exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected rather than forwarded through other interfaces config network route policy 0 exclusive true config network route policy 0 7 Select the IP version config network route policy 0 ip_versio...

Page 716: ...twork route policy 0 where value is the port number or the keyword any to match any port as the destination port n icmp The ICMP protocol is matched Identify the ICMP type config network route policy 0 icmp_type value config network route policy 0 where value is the ICMP type and optional code or set to any to match for any ICMP type 9 Set the source address type config network route policy 0 src ...

Page 717: ...an network interface loopback network interface modem Current value config network route policy 0 src interface b Set the interface For example config network route policy 0 src interface network interface LAN config network route policy 0 n address Matches the source IPv4 address to the specified IP address or network Set the address that will be matched config network route policy 0 src address ...

Page 718: ...e Match the IP address to the specified firewall zone Format any dynamic_routes edge external internal ipsec loopback setup Default value any Current value any config network route policy 0 dst zone b Set the zone For example config network route policy 0 dst zone external config network route policy 0 See Firewall configuration for more information about firewall zones n interface Matches the des...

Page 719: ...ified IP address or network Set the address that will be matched config network route policy 0 dst address6 value config network route policy 0 where value uses the format IPv6_address prefix_length or any to match any IPv6 address n mac Matches the destination MAC address to the specified MAC address Set the MAC address to be matched config network route policy 0 dst mac MAC_address config networ...

Page 720: ...2 The IPv4 Open Shortest Path First OSPF service supports OSPFv2 RFC2328 OSPFv3 The IPv6 Open Shortest Path First OSPF service supports OSPFv3 RFC2740 BGP The Border Gateway Protocol BGP service supports BGP 4 RFC1771 IS IS The IPv4 and IPv6 Intermediate System to Intermediate System IS IS service Configure routing services Required configuration items n Enable routing services n Enable and config...

Page 721: ...d 3 Click Network Routes Routing services 4 Click Enable The default firewall zone setting Dynamic routes is specifically designed to work with routing services and should be left as the default 5 Configure the routing services that will be used a Click to expand a routing service b Enable the routing service c Complete the configuration of the routing service 6 Click Apply to save the configurati...

Page 722: ... be used a Use the to display available routing services config network route service Routing services Settings for dynamic routing services and protocols Parameters Current Value enable true Enable zone dynamic_routes Zone Additional Configuration bgp BGP isis IS IS ospfv2 OSPFv2 ospfv3 OSPFv3 rip RIP ripng RIPng config b Enable a routing service that will be used For example to enable the RIP se...

Page 723: ...the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show the routing table To display the routing table WebUI 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configura...

Page 724: ...and line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type show route show route Destination Gateway Source Metric Interface default 10 0 71 1 5 default 192 168 210 254 10 10 0 8 162 10 0 71 1 10 0 71 146 5 network device lan 10 0 8 164 10 0 71 1 10 0 71 146 5 netwo...

Page 725: ...ows users to access websites and personal networks with easy to remember URLs Unfortunately IP addresses change frequently invalidating these mappings when they do Dynamic DNS has become the standard method of addressing this problem allowing devices to update name servers with their new IP addresses By providing the IX14 device with the domain name and credentials obtained from a dynamic DNS prov...

Page 726: ...update the IP address with the Dynamic DNS provider n The amount of time to wait to check if the interface s IP address needs to be updated n The amount of time to wait to force an update of the interface s IP address n The amount of time to wait for an IP address update to succeed before retrying the update n The number of times to retry a failed IP address update ...

Page 727: ...ck System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Dynamic DNS 4 Type a name for this Dynamic DNS instance in Add Service and click The Dynamic DNS configuration page displays New Dynamic DNS configurations are enabled by default To disable click to toggle Enable to off ...

Page 728: ...of the interface s IP address Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Forced update interval to ten minutes enter 10m or 600s The setting for Forced update interval must be larger than the setting for Check Interval 12 Optional For Retry interval type the amount of time to wait for an IP address update to succeed ...

Page 729: ...e from which to obtain the IP address to register with the dynamic DNS service Format defaultip defaultlinklocal lan loopback modem Current value config network ddns new_ddns_instance interface b Set the interface For example config network ddns new_ddns_instance interface LAN config network ddns new_ddns_instance 5 Set the Dynamic DNS provider service a Use the to determine available services con...

Page 730: ...config network ddns new_ddns_instance 10 Optional Set the amount of time to wait to check if the interface s IP address needs to be updated config network ddns new_ddns_instance check_interval value config network ddns new_ddns_instance where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set check_interval to ten minutes enter eithe...

Page 731: ...ices connected to the LAN then use this virtual router as their default gateway Responsibility for the virtual router is assigned to one of the VRRP enabled devices on a LAN the master router and this responsibility transparently fails over to backup VRRP devices if the master router fails This prevents the default gateway from being a single point of failure without requiring configuration of dyn...

Page 732: ...e Router ID must be the same on all VRRP devices that participate in the same VRRP device pool n The VRRP priority of this device n The shared virtual IP address for the VRRP virtual router Devices connected to the LAN will use this virtual IP address as their default gateway See Configure VRRP for information about configuring VRRP an extension to VRRP that uses network probing to monitor connect...

Page 733: ... the virtual router is mapped to the backup device with the next highest priority If this device s actual IP address is being used as the virtual IP address of the VRRP pool then the priority of this device should be set to 255 Allowed values are from 1 and 255 and it is configured to 100 by default 9 Optional For Password type a password that will be used to authenticate this VRRP router with VRR...

Page 734: ...which this VRRP instance should run a Use the to determine available interfaces config network vrrp VRRP_test interface Interface The network interface to communicate with VRRP peers on and listen for traffic to virtual IP addresses Format network interface defaultip network interface defaultlinklocal network interface lan network interface loopback network interface modem Current value config net...

Page 735: ...ork vrrp VRRP_test password pwd config network vrrp VRRP_test 9 Add a virtual IP address associated with this VRRP instance This can be an IPv4 or IPv6 address config network vrrp VRRP_test add virtual_address end ip_address config network vrrp VRRP_test Additional virtual IP addresses can be added by repeating this step with different values for ip_ address 10 Save the configuration and apply the...

Page 736: ... use a custom gateway that corresponds to one of the VRRP virtual IP addresses n Backup devices only l Enable and configure SureLink on the VRRP interface l Set the IP gateway to the IP address of the VRRP interface on the master device Additional configuration items n For backup VRRP devices enable the ability to monitor the VRRP master so that a backup device can increase its priority when the m...

Page 737: ... promote itself to master 9 For Priority modifier type or select the amount that the device s priority should be decreased due to SureLink connectivity failure and increased when SureLink succeeds again Along with the priority settings for devices in this VRRP pool the amount entered here should be large enough to automatically demote a master device when SureLink connectivity fails For example if...

Page 738: ...k to expand DHCP Server Advanced settings ii For Gateway select Custom iii For Custom gateway enter the IP address of one of the virtual IPs used by this VRRP instance e For backup devices enable and configure SureLink on the VRRP interface Generally this should be a LAN interface VRRP will then monitor the LAN using SureLink to determine if the interface has network connectivity and promote a bac...

Page 739: ...ick Apply to save the configuration and apply the change Command line 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Create a new VRRP instance or edit an existing one See...

Page 740: ...lly demote a master device when SureLink connectivity fails For example if the VRRP master device has a priority of 100 and the backup device has a priority of 80 then weight should be set to an amount greater than 20 so that if SureLink fails on the master it will lower its priority to below 80 and the backup device will assume the master role 7 Optional For backup devices enable the ability for ...

Page 741: ...Generally this should be a LAN interface VRRP will then monitor the LAN using SureLink to determine if the interface has network connectivity and promote a backup to master if SureLink fails config show network vrrp VRRP_test interface network interface LAN config ii Enable SureLink on the interface config network interface LAN ipv4 surelink enable true config iii Set the amount of time to wait be...

Page 742: ...ork interface LAN ipv4 surelinktarget 0 dns_ server ip_address config network interface LAN ipv4 surelinktarget 0 n dns_configured Tests connectivity by sending a DNS query to the DNS servers configured for this interface n http Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL l Specify the url config network interface LAN ipv4 surelink target 0 http_url value config...

Page 743: ...rk interface LAN ipv4 surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interface_timeout to ten minutes enter either 10m or 600s config network interface LAN ipv4 surelink target 0 interface_timeout 600s config network interface LAN ipv4 surelink target 0 The default is 60 seconds 9 Save the configuration an...

Page 744: ...figure device one master device WebUI Task 1 Configure VRRP on device one 1 Log into the IX14 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network VRRP ...

Page 745: ...ace LAN 7 For Router ID leave at the default setting of 50 8 For Priority leave at the default setting of 100 9 Click to expand Virtual IP addresses 10 Click to add a virtual IP address 11 For Virtual IP type 192 168 3 3 Task 2 Configure VRRP on device one 1 Click to expand VRRP 2 Click Enable 3 Click to expand Monitor interfaces 4 Click to add an interface for monitoring 5 Select Interface Modem ...

Page 746: ...t leave at the default of 100 3 For Lease range end type 199 4 Click to expand Advanced settings 5 For Gateway select Custom 6 For Custom gateway enter 192 168 3 3 7 Click Apply to save the configuration and apply the change Command line Task 1 Configure VRRP on device one 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be pre...

Page 747: ...ure VRRP on device one 1 Enable VRRP config network vrrp VRRP_test vrrp_plus enable true config network vrrp VRRP_test 2 Add the interface to monitor config network vrrp VRRP_test add vrrp_plus monitor_interface end network interface modem config network vrrp VRRP_test 3 Set the amount that the device s priority should be decreased or increased due to SureLink connectivity failure or success to 30...

Page 748: ...ace LAN ipv4 dhcp_server advanced gateway custom config 3 Set the custom gateway to 192 168 3 3 config network interface LAN ipv4 dhcp_server advanced gateway_custom 192 168 3 3 config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to ...

Page 749: ...name for the VRRP instance and click The new VRRP instance configuration is displayed 5 Click Enable 6 For Interface select Interface LAN 7 For Router ID leave at the default setting of 50 8 For Priority type 80 9 Click to expand Virtual IP addresses 10 Click to add a virtual IP address 11 For Virtual IP type 192 168 3 3 ...

Page 750: ...y modifier type 30 Task 3 Configure the IP address for the VRRP interface LAN on device two 1 Click Network Interfaces LAN IPv4 2 For Address type 192 168 3 2 24 3 For Default gateway type the IP address of the VRRP interface on the master device configured above in Task 3 step 2 192 168 3 1 Task 4 Configure SureLink for LAN on device two 1 Click Network Interfaces LAN IPv4 SureLink 2 Click Enable...

Page 751: ... 250 4 Click Advanced settings 5 For Gateway select Custom 6 For Custom gateway enter 192 168 3 3 7 Click Apply to save the configuration and apply the change Command line Task 1 Configure VRRP on device two 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admi...

Page 752: ...1 Enable VRRP config network vrrp VRRP_test vrrp_plus enable true config network vrrp VRRP_test 2 Add the interface to monitor config network vrrp VRRP_test add vrrp_plus monitor_interface end network interface modem config network vrrp VRRP_test 3 Enable the ability to monitor the master device config network vrrp VRRP_test vrrp_plus monitor_master true config network vrrp VRRP_test 4 Set the amo...

Page 753: ...e LAN ipv4 surelink target 0 3 Set the type of test to ping config network interface LAN ipv4 surelink target 0 test ping config network interface LAN ipv4 surelink target 0 4 Set my devicecloud com as the hostname to ping config network interface LAN ipv4 surelink target 0 ping_host my devicecloud com config network interface LAN ipv4 surelink target 0 Task 5 Configure the DHCP server for LAN on ...

Page 754: ...y the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show VRRP status and statistics This section describes how to display VRRP status and statistics for a IX14 device VRRP status is available from the Web UI only WebUI 1 Log into the IX14 WebU...

Page 755: ...show vrrp show vrrp VRRP Status Proto State Virtual IP VRRP_test Up IPv4 Backup 10 10 10 1 VRRP_test Up IPv4 Backup 100 100 100 1 3 To display additional information about a specific VRRP instance at the Admin CLI prompt type show vrrp name name show vrrp name VRRP_test VRRP_test VRRP Status Enabled True Status Up Interface lan IPv4 Virtual IP address es 10 10 10 1 100 100 100 1 Current State Mast...

Page 756: ...Routing Virtual Router Redundancy Protocol VRRP IX14 User Guide 756 ...

Page 757: ...he IX14 local file system 758 Display directory contents 758 Create a directory 759 Display file contents 760 Copy a file or directory 760 Move or rename a file or directory 761 Delete a file or directory 762 Upload and download files 763 IX14 User Guide 757 ...

Page 758: ...oots but are deleted if a factory reset of the system is performed See Erase device configuration and reset to factory defaults for more information Display directory contents To display directory contents by using the WebUI or the Admin CLI WebUI 1 Log into the IX14 WebUI as a user with Admin access 2 On the menu click System Under Administration click File System The File System page appears 3 H...

Page 759: ...ing the name of the directory For example 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type mkdir path dir_name For example to create a directory named temp in etc config mkdir etc config temp 3 Verify that the directory was created ...

Page 760: ...gr6ewr1yerHtXQdbafsatGswKg0YUm schema version 461 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Copy a file or directory This procedure is not available through the WebUI To copy a file or directory by using the Admin CLI use the cp command specifying the existing path and filename...

Page 761: ...ripts to final py 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type mv etc config scripts test py etc config scripts final py 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Acces...

Page 762: ...t py in etc config scripts 1 Log into the IX14 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type rm etc config scripts test py rm remove etc config scripts test py yes 3 Type exit to exit the Admin CLI Depending on your device configuration you may be p...

Page 763: ...using the WebUI or from the command line by using the scp Secure Copy command or by using a utility such as SSH File Transfer Protocol SFTP or an SFTP application like FileZilla Upload and download files by using the WebUI Upload files 1 Log into the IX14 WebUI as a user with Admin access 2 On the menu click System Under Administration click File System The File System page appears 3 Highlight the...

Page 764: ...ollows scp host hostname or ip user username remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied to the IX14 device n local path is the location on the IX14 device where the copied file will ...

Page 765: ...ar log support report 0040D0133536 22 03 03 10 16 23 bin Support report saved 2 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var log support report 00 40 D0 13 35 36 22 03 03 10 16 23 bin to remote admin 192 168 4 1 s password adminpwd support report 0040D0133536 22 03 03 10 16 23 bin Upload and download files using SFTP T...

Page 766: ...File system Upload and download files IX14 User Guide 766 sftp ahmed 192 168 2 1 Password Connected to 192 168 2 1 sftp get test py Fetching test py to test py test py 100 254 0 3KB s 00 00 sftp exit ...

Page 767: ...to correct the interference by one or more of the following measures n Reorient or relocate the receiving antenna n Increase the separation between the equipment and the receiver n Connect the equipment into an outlet that is on a circuit different from the receiver n Consult the dealer or an experienced radio TV technician for help Labeling Requirements FCC 15 19 IX14 complies with Part 15 of FCC...

Page 768: ...ration of Conformity DoC IX14 User Guide 768 Digi customers assume full responsibility for learning and meeting the required guidelines for each country in their distribution market Refer to the radio regulatory agency in the desired countries of operation for more information ...

Page 769: ...00 MHz Cellular LTE 2100 MHz 200 mW Cellular LTE 2600 MHz Cellular LTE 2300 MHz Cellular LTE 2500 MHz 158 49 mW Innovation Science and Economic Development Canada IC certifications This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications Le present appareil n...

Page 770: ...Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment Use only the accessories attachments and power supplies provided by the manufacturer connecting non approved antennas or power supplies may damage the router cause interference or create an electric shock hazard and will void the warranty n Do not attempt...

Page 771: ... of cellular services to the offender legal action or both As with any electrical equipment do not operate the router in the presence of flammable gases fumes or potentially explosive atmospheres Do not use radio devices anywhere that blasting operations occur Wireless routers receive and transmit radio frequency energy when power is on Interference can occur when using the router close to TV sets...

Page 772: ...tative for repair information Certification category Standards Electromagnetic Compatibility EMC compliance standards n EN 300 328 v1 8 1 n EN 301 489 17 V3 1 12017 n EN 301 489 52 V1 1 0 2016 n FCC Part 15 Subpart B Class B Safety compliance standards EN 60950 1 CSA 22 2 EN 62368 1 Environmental MIL STD 810G Cellular carriers See the current list of carriers on the IX14 datasheet available on the...

Page 773: ... the web interface 775 Display help for commands and parameters 776 Auto complete commands and parameters 779 Available commands 780 Use the scp command 781 Display status and statistics using the show command 782 Device configuration using the command line interface 784 Execute configuration commands at the root Admin CLI prompt 784 Configuration mode 786 Command line reference 799 IX14 User Guid...

Page 774: ...UI Configure the web administration service n SSH Configure SSH access n Telnet Configure telnet access Log in to the command line interface Command line 1 Connect to the IX14 device by using a serial connection SSH or telnet or the Terminal in the WebUI or the Console in the Digi Remote Manager See Access the command line interface for more information n For serial connections the default configu...

Page 775: ...ce Exit the command line interface Command line 1 At the command prompt type exit exit 2 Depending on the device configuration you may be presented with another menu for example Access selection menu a Admin CLI s Shell q Quit Select access or quit admin Type q or quit to exit Execute a command from the web interface 1 Log into the IX14 WebUI as a user with Admin access 2 At the main menu click Te...

Page 776: ... start of line Ctrl E Move cursor to end of line Ctrl W Delete word under cursor until start of line or Ctrl R If the current input is invalid then characters will be deleted until a prefix for a valid command is found Ctrl left Jump cursor left until start of line or Ctrl right Jump cursor right until start of line or The question mark command When executed from the root command prompt displays a...

Page 777: ...st ipsec Show IPsec statistics location Show loction information log Show syslog manufacture Show manufacturer information modbus gateway Show modbus gateway status statistics modem Show modem statistics network Show network interface statistics ntp Show NTP information openvpn Show OpenVPN statistics route Show IP routing information scripts Show scheduled scripts serial Show serial statistics su...

Page 778: ...Command line interface Display help for commands and parameters IX14 User Guide 778 ipv4 Display IPv4 routes ipv6 Display IPv6 routes verbose Display more information show arp ...

Page 779: ...o complete as much of the command and parameter as possible Typing the space bar has similar behavior If multiple commands are available that will match the entered text auto complete is not performed and the available commands are displayed instead Auto complete applies to these command elements only n Command names For example typing net Tab auto completes the command as network n Parameter name...

Page 780: ...on with another command See Display help for commands and parameters for information about the help command ls Lists the contents of a directory mkdir Creates a directory modem Executes modem commands more Displays the contents of a file mv Moves a file or directory ping Pings a remote host using Internet Control Message Protocol ICMP Echo Request messages reboot Reboots the IX14 device rm Removes...

Page 781: ...ame of the file on the remote host that will be copied to the IX14 device o The location on the IX14 device where the file will be copied l If the file is being copied to a remote host from the IX14 device o The path and filename of the file on the IX14 device that will be copied to the remote host o The location on the remote host where the file will be copied Copy a file from a remote host to th...

Page 782: ... To copy a support report from the IX14 device to a remote host at the IP address of 192 168 4 1 1 Use the system support report command to generate the report system support report var log Saving support report to var log support report 0040D0133536 22 03 03 10 16 23 bin Support report saved 2 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home ...

Page 783: ...ce including CPU usage show system Model Digi IX14 Serial Number IX14 000065 SKU IX14 Hostname IX14 MAC Address DF DD E2 AE 21 18 Hardware Version 50001947 01 1P Firmware Version 22 2 9 85 Alt Firmware Version 22 2 9 85 Alt Firmware Build Date Thurs 03 March 2022 10 16 23 Bootloader Version 19 7 23 0 15f936e0ed Current Time Thurs 03 March 2022 10 16 23 0000 CPU 1 4 Uptime 6 days 6 hours 21 minutes...

Page 784: ... this way changes to the device s configuration are automatically saved when the command is executed For example to disable the SSH service from the root prompt enter the following command config service ssh enable false The IX14 device s ssh service is now disabled Note When the config command is executed at the root prompt certain configuration actions that are available in configuration mode ca...

Page 785: ...the config service command config service Services Additional Configuration bluetooth Bluetooth dns DNS mdns Service Discovery mDNS multicast Multicast ntp NTP remote_control Remote control snmp SNMP ssh SSH telnet Telnet web_admin Web administration config service 3 Next display help for the config service ssh command config service ssh SSH An SSH server for managing the device Parameters Current...

Page 786: ...and without any parameters config config When the command line is in configuration mode the prompt will change to include config to indicate that you are currently in configuration mode Enter configuration commands in configuration mode There are two ways to enter configuration commands while in configuration mode n Enter the full command string from the config prompt For example to disable the ss...

Page 787: ...guration mode To return to configuration mode type config again Exit configuration mode without saving changes You can discard any unsaved configuration changes and exit configuration mode by using the cancel command config cancel After using cancel to discard unsaved changes to the configuration you will automatically exit configuration mode Configuration actions In configuration mode configurati...

Page 788: ...ommand line help in configuration mode Display additional configuration commands as well as available parameters and values by entering the question mark character at the config prompt For example 1 Enter at the config prompt config This will display the following help information config Additional Configuration application Custom scripts auth Authentication cloud Central management firewall Firew...

Page 789: ...S mdns Service Discovery mDNS multicast Multicast ntp NTP remote_control Remote control snmp SNMP ssh SSH telnet Telnet web_admin Web administration config service 3 Next to display help for the service ssh command use one of the following methods n At the config prompt enter service ssh config service ssh n At the config prompt a Enter service to move to the service node config service config ser...

Page 790: ...mation for the enable parameter use one of the following methods n At the config prompt enter service ssh enable config service ssh enable n At the config prompt a Enter service to move to the service node config service config service b Enter ssh to move to the ssh node config service ssh config service ssh c Enter enable to display help for the enable parameter config service ssh enable config s...

Page 791: ...to the acl node config service ssh acl config service ssh acl 4 Type zone to move to the zone node config service ssh acl zone config service ssh acl zone You can also enter multiple nodes at once to move multiple steps in the configuration config service ssh acl zone config service ssh acl zone n Move backward one node in the configuration by entering two periods config service ssh acl zone confi...

Page 792: ...ing of the list use the index number 0 config add auth method 0 tacacs config show auth method 0 tacacs 1 local config n To add the TACACS authentication method to the end of the list use the end keyword config add auth method end tacacs config show auth method 0 local 1 tacacs config The end keyword As demonstrated above the end keyword is used to add an element to the end of a list Additionally ...

Page 793: ...l index_number command For example a To delete the local authentication method use the index number 0 config del auth method 0 config b Use the show command to verify that the local authentication method was removed config show auth method 0 tacacs 1 radius config Move elements within a list Use the move command to reorder elements in a list For example to reorder the authentication methods 1 Use ...

Page 794: ...ation not only unsaved changes Revert all configuration changes to default settings To discard all configuration changes and revert to default settings use the revert command at the config prompt without the optional path parameter 1 At the config prompt enter revert config revert config 2 Set the password for the admin user prior to saving the changes config auth user admin password pwd config 3 ...

Page 795: ...er For example 1 Change to the auth method node config auth method config auth method 2 Enter the revert command config auth method revert config auth method 3 Save the configuration and apply the change config auth method save Configuration saved 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from...

Page 796: ...thentication groups 1 Log into the IX14 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt create a new user with the username user1 n Method one Create a user at the root of...

Page 797: ...o portals serial enable false no ports shell enable false serial acl admin enable true nagios enable false openvpn enable false no tunnels portal enable false no portals serial enable true ports 0 port1 shell enable false config auth user user1 6 Add the user to the admin group config auth user user1 add group end admin config auth user user1 7 Save the configuration and apply the change config au...

Page 798: ... interface Configuration mode IX14 User Guide 798 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 799: ... modem firmware ota list 806 modem firmware ota update 806 modem firmware update 806 modem pin change 807 modem pin disable 807 modem pin enable 807 modem pin status 808 modem pin unlock 808 modem puk status 808 modem puk unlock 808 modem reset 809 modem scan 809 modem sim slot 809 monitoring 809 monitoring metrics upload 810 more 810 mv 810 ping 810 reboot 812 rm 813 scp 814 show analyzer 814 sho...

Page 800: ... system backup 822 system disable cryptography 823 system duplicate firmware 823 system factory erase 823 system find me 823 system firmware ota check 824 system firmware ota list 824 system firmware ota update 824 system firmware update 824 system power ignition off_delay 824 system restore 825 system script start 825 system script stop 825 system serial clear 825 system serial save 826 system se...

Page 801: ...e s etc config analyzer directory analyzer start Start a capture session of packets on this devices interfaces Syntax analyzer start name Parameters name Name of the capture filter to use analyzer stop Stops the traffic capture session Syntax analyzer stop name Parameters name Name of the capture filter to use clear dhcp lease ip address Clear the DHCP lease for the specified IP address Syntax cle...

Page 802: ... container delete Delete a LXC container This will remove the LXC container configuration and the container image Syntax container delete container Parameters container Filepath for container image to be created This process creates a copy of the image so the orginal image may be deleted after creating the container without breaking the container cp Copy a file or directory Syntax cp source destin...

Page 803: ...Command line interface Command line reference IX14 User Guide 803 Parameters None ...

Page 804: ... Command line reference IX14 User Guide 804 ls List a directory Syntax ls path show hidden Parameters path List files and directories under this path show hidden Show hidden files and directories Hidden filenames begin with ...

Page 805: ...LI command on modem at interactive Start an AT command session on the modem s AT serial port Syntax modem at interactive name STRING imei STRING Parameters name The configured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem firmware check Inspect opt MODEM_MODEL Custom_Firmware directory for new modem firmware file Syntax modem firmw...

Page 806: ...ersions Syntax modem firmware ota list name STRING imei STRING Parameters name The configured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem firmware ota update Perform FOTA firmware over the air update The modem will be updated to the latest modem firmware image unless a specific firmware version is specified Syntax modem firmware ...

Page 807: ...ured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem pin disable Disable the PIN lock on the SIM card that is active in the modem Warning Attempting to use an incorrect PIN code may PUK lock the SIM Syntax modem pin disable pin name STRING imei STRING Parameters pin The SIM s PIN code name The configured name of the modem to execute ...

Page 808: ...h a PIN code Set the PIN field in the modem interface s configuration to unlock the SIM card automatically before use Warning Attempting to use an incorrect PIN code may PUK lock the SIM Syntax modem pin unlock pin name STRING imei STRING Parameters pin The SIM s PIN code name The configured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on ...

Page 809: ...xecute this CLI command on imei The IMEI of the modem to execute this CLI command on modem scan List of carriers present in the network Syntax modem scan name STRING imei STRING Parameters name The configured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem sim slot Show or change the modem s active SIM slot This applies only to modem...

Page 810: ...rent device health metrics Functions as if a scheduled upload was triggered Syntax monitoring metrics upload Parameters None more View a file Syntax more path Parameters path The file to view mv Move a file or directory Syntax mv source destination force Parameters source The source file or directory to move destination The destination path to move the source file or directory to force Do not ask ...

Page 811: ... reachable over a default route If not specified the system s primary default route will be used source The ping command will send a packet with the source address set to the IP address of this interface rather than the address of the interface the packet is sent from ipv6 If a hostname is defined as the value of the host parameter use the hosts IPV6 address size The number of bytes sent in the IC...

Page 812: ...Command line interface Command line reference IX14 User Guide 812 reboot Reboot the system Parameters None ...

Page 813: ...Command line interface Command line reference IX14 User Guide 813 rm Remove a file or directory Syntax rm path force Parameters path The path to remove force Force the file to be removed without asking ...

Page 814: ... host or from the remote host to the local device port The SSH port to use to connect to the remote host Minimum 1 Maximum 65535 Default 22 show analyzer Show packets from a specified analyzer capture Syntax show analyzer name Parameters name Name of the capture filter to use show arp Show ARP tables If no IP version is specified IPv4 IPV6 will be displayed Syntax show arp ipv4 ipv6 verbose Parame...

Page 815: ... session although individual output lines maybe context sensitive and unable to be entered in isolation show containers Show container status statistics Syntax show containers container STRING Parameters container Display more details and config data for a specific container show dhcp lease Show DHCP leases Syntax show dhcp lease all verbose Parameters all Show all leases active and inactive not i...

Page 816: ...s of a specific client to limit the status display to only this client show ipsec Show IPsec status statistics Syntax show ipsec tunnel STRING all verbose Parameters tunnel Display more details and config data for a specific IPsec tunnel all Display all tunnels including disabled tunnels verbose Display status of one or all tunnels in plain text show l2tp lac Show L2TP access concentrator status s...

Page 817: ...mation show log Show system log low level Syntax show log number INTEGER filter critical warning debug info Parameters number Number of lines to retrieve from log Minimum 1 Default 20 filter Filters for type of log message displayed critical warning info debug Note filters from the number of messages retrieved not the whole log this can be very time consuming If you require more messages of the fi...

Page 818: ... modem to execute this CLI command on verbose Display more information less concise more detail show nemo Show NEMO status and statistics Syntax show nemo name STRING Parameters name Display more details and configuration data for a specific NEMO instance show network Show network interface status statistics Syntax show network interface STRING all verbose Parameters interface Display more details...

Page 819: ...disabled clients show openvpn server Show OpenVPN server status statistics Syntax show openvpn server name STRING all Parameters name Display more details and config data for a specific OpenVPN server all Display all servers including disabled servers show route Show IP routing information Syntax show route ipv4 ipv6 verbose Parameters ipv4 Display IPv4 routes ipv6 Display IPv6 routes verbose Disp...

Page 820: ...surelink interface name STRING all Parameters name The name of a specific network interface all Show all network interfaces show surelink ipsec Show SureLink status statistics for IPsec tunnels Syntax show surelink ipsec tunnel STRING all Parameters tunnel The name of a specific IPsec tunnel all Show all IPsec tunnels show surelink openvpn Show SureLink status statistics for OpenVPN clients Syntax...

Page 821: ...w version Show firmware version Syntax show version verbose Parameters verbose Display more information build date show vrrp Show VRRP status statistics Syntax show vrrp name STRING all verbose Parameters name Display more details and config data for a specific VRRP instance all Display all VRRP instances including disabled instances verbose Display all VRRP status and statistics including disable...

Page 822: ...t user port INTEGER command STRING Parameters host The hostname or IP address of the remote host user The username to use when connecting to the remote host port The SSH port to use to connect to the remote host Minimum 1 Maximum 65535 Default 22 command The command that will be automatically executed once the SSH session to the remote host is established system backup Save the device s configurat...

Page 823: ...e device to normal operation perform the configuration erase procedure with the device s ERASE button twice consecutively Syntax system disable cryptography Parameters None system duplicate firmware Duplicate the running firmware to the alternate partition so that the device will always boot the same firmware version Syntax system duplicate firmware Parameters None system factory erase Erase the d...

Page 824: ...e ota list Parameters None system firmware ota update Perform FOTA firmware over the air update The device will be updated to the latest firmware version unless the version argument is used to specify the firmware version Syntax system firmware ota update version STRING Parameters version Firmware version name system firmware update Update the current firmware image Upon reboot the new firmware wi...

Page 825: ... path The path to the backup file passphrase Decrypt the archive with a passphrase system script start Run a manual script Scripts that are disabled not a manual script or already running can not be run Syntax system script start script Parameters script Script to start system script stop Stop an active running script Scripts scheduled to run again will still run again disable a script to prevent ...

Page 826: ... be saved to the device s etc config serial directory system serial show Displays the serial log on the screen Syntax system serial show port Parameters port Serial port system serial start Start logging data on a serial port Syntax system serial start port size INTEGER Parameters port Serial port size Maximum size of serial log Default 65536 system serial stop Start logging data on a serial port ...

Page 827: ...ting Syntax system time set datetime Parameters datetime The date in year month day hour minute second format e g 2021 09 26 12 24 48 system time sync Perform a NTP query to the configured server s and set the local time to the first server that responds Syntax system time sync Parameters None system time test Test the configured NTP server s for connectivity This test will not affect the device s...

Page 828: ...t 30 port Specifies the destination port base traceroute will use the destination port number will be incremented by each probe A value of 1 specifies that no specific port will be used Minimum 1 Default 1 nqueries Sets the number of probe packets per hop A value of 1 indicated Minimum 1 Default 3 src_addr Chooses an alternative source address Note that you must select the address of one of the in...

Reviews:

No comments

Related manuals for IX14

Amperes iPX5500 Instruction Manual preview
iPX5500
Brand: Amperes Pages: 8
Eneo PNR-5304 Quick Installation Manual preview
PNR-5304
Brand: Eneo Pages: 68
Patton electronics IPLink 2803 Specifications preview
IPLink 2803
Brand: Patton electronics Pages: 2
OneAccess One80XM Installation Manual preview
One80XM
Brand: OneAccess Pages: 47
Riverbed SteelCentral NetExpress 470 Upgrade And Maintenance Manual preview
SteelCentral NetExpress 470
Brand: Riverbed Pages: 140
Idis DR-8416 Quick Manual preview
DR-8416
Brand: Idis Pages: 40
IBM Turbo 16/4 Token-Ring PC Card 2 User Manual preview
Turbo 16/4 Token-Ring PC Card 2
Brand: IBM Pages: 123
Kraun KN.3R Quick Manual preview
KN.3R
Brand: Kraun Pages: 16
Cisco 1941-DC-A - MWR Mobile Wireless Edge Router Hardware Installation Manual preview
1941-DC-A - MWR Mobile Wireless Edge Router
Brand: Cisco Pages: 80
Cisco 1760 - VPN Bundle Router Quick Start Manual preview
1760 - VPN Bundle Router
Brand: Cisco Pages: 40
Cisco 1841 - 3G Bundle Router User Manual preview
1841 - 3G Bundle Router
Brand: Cisco Pages: 28
Cisco 1921-SEC/K9 Datasheet preview
1921-SEC/K9
Brand: Cisco Pages: 10
Cisco 2600-DC Series Datasheet preview
2600-DC Series
Brand: Cisco Pages: 20
Cisco 2010 Hardware Installation Manual preview
2010
Brand: Cisco Pages: 92
Cisco 1905 Hardware Installation Manual preview
1905
Brand: Cisco Pages: 102
Cisco 1760 - VPN Bundle Router Hardware Installation Manual preview
1760 - VPN Bundle Router
Brand: Cisco Pages: 112
Cisco 2654T6 Repacking Manual preview
2654T6
Brand: Cisco Pages: 26
Cisco 1905 Installing And Upgrading preview
1905
Brand: Cisco Pages: 24

Brands by name

Popular brands

Load more brands