background image

Configure security settings

Firewall

Digi TransPort WR Routers User Guide

692

The optional 

[icmp-code]

 field can also be a decimal number representing the ICMP code of the 

return ICMP packet but if the 

[icmp-type]

 is 

[unreach]

, then the code can also be one of the 

following pre-defined text codes:

For example, this rule causes the router to return an ICMP Unreachable packet in response to all 

packets received on PPP 

0

:

block return-icmp unreach in break end on ppp 0

Instead of using the 

return-icmp

 option to return an ICMP packet, you can use 

return-rst

 to return 

a TCP reset packet instead. This would only be applicable for a TCP packet. For example, this rule 

returns a TCP reset packet when the firewall receives a TCP packet on the Ethernet interface 0 with 

destination address 

10.1.2.*

.

block return-rst in break end on eth 0 proto tcp from any to 
10.1.2.0/24

pass

Allows packets that match the rule to pass through the firewall.

pass-ifup

Allows outbound packets that match the rule to pass through the firewall but only if the link is 

already active.

debug

Causes the router to tag any packets matching the rule for debug. This means that for every 

matching rule that is encountered from this point in the script onwards, an entry will be placed 

in the pseudo-file 

FWLOG.TXT

.

dscp

Causes any packets matching this rule to have its DSCP value adjusted according to this rule. 

The DSCP value of a packet indicates the type of service required. The router uses it in 

conjunction with QOS (Quality of Service) functions. A decimal or hexadecimal number must 

follow the 

dscp

 keyword to indicate the value that should be set.

vdscp

Similar to the 

dscp

 action as described above, in that it adjusts the DSCP value in a packet. The 

difference is that this is a virtual change only, which means that the actual packet is not 

changed, and that the packet is processed as if it had the DSCP value as indicated. Like the 

dscp

 

action, a decimal or hexadecimal number must follow.

ICMP code

Description

net-unr

Network unreachable

host-unr

Host unreachable

proto-unr

Protocol unrecognized

port-unr

Port unreachable

needfrag

Needs fragmentation

srcfail

Source route fail

Summary of Contents for TransPort WR11

Page 1: ...User Guide Digi TransPort WR Routers ...

Page 2: ...work status commands GOBI image load selection and MultiTX L February 2015 Added PPP CLI commands and fixed errors M December 2015 Added TransPort WR31 product information Created Hardware chapter to house all hardware content for models including content migrated from Installation Guides Addressed several technical issues Reorganized content and deleted obsolete product information N January 2016...

Page 3: ...d your comments to techcomm digi com Customer support Digi Technical Support Digi offers multiple technical support plans and service packages to help our customers get the most out of their Digi product For information on Technical Support plans and pricing contact us at 1 952 912 3456 or visit www digi com support ...

Page 4: ...Port WR21 hardware 35 TransPort WR21 front panel features 35 Reset the TransPort WR21 36 TransPort WR21 rear panel features 37 TransPort WR21 serial pinout 38 TransPort WR21 accessories 39 TransPort WR21 hardware specifications 39 Regulatory and safety statements 39 TransPort WR31 hardware 43 TransPort WR31 hardware features 43 TransPort WR31 hardware specifications 46 TransPort WR31 accessories 4...

Page 5: ... RR rear panel features 87 TransPort WR44 RR hardware specifications 87 TransPort WR44 RR accessories 87 TransPort WR44 RR Ethernet cable connectors and pinouts 88 Regulatory and safety statements 90 Purchase additional serial cables 94 Signal strength indicators 95 Antenna specifications for Wi Fi 2 4GHz modules 95 Use the web interface Log in to the device 97 Log out and return to the login page...

Page 6: ...132 One command per line 132 Application command syntax 132 Using wildcards 133 Using special usernames in commands 133 Using the CLI parameter tables in this guide 134 reboot command reboot router 135 config command show save configuration 136 config changes command show number of changes counter 136 ping command Troubleshoot connectivity problems 137 templog command temperature monitoring 137 tr...

Page 7: ...rameters 217 PVC Traffic Shaping parameters 221 Advanced DSL parameters 223 Configure GRE interfaces 225 Tunnel parameters 225 Advanced GRE parameters 228 Configure ISDN interfaces 230 ISDN Answering parameters 230 Advanced ISDN parameters 234 ISDN dialing parameters 238 Advanced ISDN parameters 242 ISDN LAPD parameters 245 Answering ISDN calls 249 Configure ISDN to answer V 120 calls 251 Configur...

Page 8: ...Related CLI commands 343 Configure network services Network Services page 345 Network Services parameters 346 Related CLI commands 348 Configure DNS servers and Dynamic DNS Configure DNS Servers 351 DNS Server n parameters 351 DNS Server Update parameters 353 Configure Dynamic DNS 356 Dynamic DNS parameters 356 Advanced Dynamic DNS parameters 359 Configure IP routing and forwarding View the TransP...

Page 9: ...rtual Routing Forwarding VRF Entity 396 Equivalent Routing Entry 396 Virtual Routing Entry 397 Multi Protocol BGP Entity 397 Equivalent Cross Virtual Routing Entry 398 Cross Virtual Routing Entry 398 Configuring VRFs 399 Configure Virtual Private Networking VPN About Virtual Private Networks VPNs 401 VPNs 401 About Internet Protocol Security IPSec 402 Benefits of IPSec 402 Protocols defined within...

Page 10: ...tion with a public private key pair 488 Configure FTP Relay About FTP relay agents 490 FTP Relay n parameters 491 Related CLI commands 493 Advanced FTP Relay parameters 494 Related CLI commands 494 Configure IP passthrough About IP passthrough 496 IP Passthrough page configuration parameters 497 Related CLI commands 499 Configure UDP echo About UDP echo 501 UDP Echo n parameters 501 Related CLI co...

Page 11: ...s 547 Configure X 25 parameters 550 General X 25 parameters 551 X 25 LAPB parameters 553 NUI Mappings parameters 559 NUA NUI Interface Mappings parameters 560 IP to X 25 Calls parameters 563 PADS parameters 565 Configure X 25 PVCs parameters 579 About X 25 packet switching 581 Configure MODBUS Gateway parameters 592 Requirements for MODBUS support in TransPort devices 592 Modbus Gateway configurat...

Page 12: ...Autorun Commands 655 Web command line interface 656 Miscellaneous configuration items 659 Configure Remote Management Digi Remote Manager 662 Remote Manager parameters 662 Advanced remote management settings 666 SNMP parameters 669 Supported Management Information Bases MIBs 669 SNMP settings 670 SNMP Users 672 SNMP Filter parameters 674 SNMP Trap parameters 675 Configure security settings System ...

Page 13: ...c applications 740 Manage Python applications 742 Python Files page 742 Manage networks and connections View network interface status 745 Ethernet ETH n parameters 745 Wi Fi interfaces 749 Mobile interfaces 753 DSL interface 760 GRE page 763 ISDN parameters 765 PSTN parameters 766 Serial parameters 768 PPP n status and statistics 769 IP routing table 773 IP hash table 775 Port Forwarding table 777...

Page 14: ...st key pairs 828 Certificate Authorities CAs 828 IPsec SSH HTTPS certificates 830 Key files 835 Key Generation 836 Private key files Splitting certificates 837 Update firmware 838 Reset the router to factory defaults 839 Reset the router from the command line 840 Reset the router using the hardware reset button 840 Execute a command 841 Save configuration settings to a file 842 Reboot the router 8...

Page 15: ...pon the popular VRRP failover standard providing true auto sensing auto failure and auto recovery of any line drop Digi TransPort WR routers are ideal for transportation POS energy medical financial and digital signage as well as cellular backup and remote device connectivity applications Digi management solutions provide easy setup configuration and maintenance of large installations of remote Di...

Page 16: ...ng the flexibility to scale from basic connectivity applications to enterprise class routing and security solutions With its high performance architecture Digi TransPort WR11 is designed for Wide Area Network connectivity including 2 5G 3G and 4G networks The TransPort WR11 XT model has a metal enclosure and allows an extended operating temperature range ...

Page 17: ... connectivity including 2 5G 3G 4G networks Digi TransPort WR21 is available with a range of Ethernet Serial RS232 RS422 485 and Power connector options Digi TransPort WR21 also offers an optional advanced routing security and firewall feature set including stateful inspection firewall and integrated VPN Enterprise class protocols incorporate BGP OSPF and VRRP a patented technology built upon the ...

Page 18: ... meaning one device that operates in 2G 3G or 4G across all major North Americancarriers Ethernet serial and I O for connecting diverse fieldassets Extremely resilient cellular connection through Digi s patented SureLink VRRP protocol and dualSIM slots Enterprise Routing features for security logging and redundancy e g stateful firewall VPN SNMP no annual enterprise software licenserequired Digi R...

Page 19: ...es or remote locations This drop in connectivity gives operators a way to reduce the cost of downtime and service calls and also increase revenue by bringing distributed sites online faster The TransPort WR31 is ideal for connecting the following Building and process automationcontrollers Smart grid assets meters switches controllers IP Cameras and accesscontrollers Remote data loggers flow meters...

Page 20: ...elemetry modules The Digi TransPort family also offers an advanced routing security and firewall feature set including stateful inspection firewall and integrated VPN Enterprise class protocols incorporate BGP OSPF and VRRP a patented technology built upon the popular VRRP failover standard providing true auto sensing auto failure and auto recovery of any line drop Digi TransPort WR routers are id...

Page 21: ...PS or I O telemetry modules The Digi TransPort family offers an advanced routing security and firewall feature set including stateful inspection firewall and integrated VPN Enterprise class protocols incorporate BGP OSPF and VRRP a patented technology built upon the popular VRRP failover standard providing true auto sensing auto failure and auto recovery of any line drop Digi TransPort WR44 is ide...

Page 22: ...r can act as a secure backup connection to the existing railroad network It features a flexible communications design with 3G 4G multicarrier GSM CDMA cellular plus integrated Wi Fi a ac b g n access point serial and 4 port Ethernet switch It also features full on board train certifications including AREMA C H and EN50155 Communications interfaces include hardened connectors including M12 for Ethe...

Page 23: ...nts pinout information and covers regulatory and safety statements and certifications TransPort WR11 hardware 24 TransPort WR21 hardware 35 TransPort WR31 hardware 43 TransPort WR41 hardware 59 TransPort WR44 WR44 R hardware 71 TransPort WR44 RR hardware 85 Signal strength indicators 95 Antenna specifications for Wi Fi 2 4GHz modules 95 ...

Page 24: ...er connector connects the device to a power source The connector should be inserted and rotated to lock in place Center pin is positive 3 LEDs Service LED Indicates the presence and level of cellular service running on the device Off No cellular service 1 Blink Device is running 1xRTT service 2 Blinks Device is running EDVO Rev 0 service 3 Blinks Device is running EDVO Rev A service Signal LED Ind...

Page 25: ...er cable connections 2 Power connector This locking power connector connects the device to a power source The connector should be inserted and rotated to lock in place Center pin is positive 3 LEDs SERVICE LED Indicates the presence and level of cellular service running on the device Off No cellular service 1 Blink GPRS mode 2 Blinks EDGE mode 3 Blinks UMTS mode 4 Blinks HSDPA mode 5 Blinks HSUPA ...

Page 26: ...n details refer to the Quick Start Guide that came with your device Note To remove the SIM door hold the device on a flat surface and using a screwdriver firmly pull the cover straight up 5 Cellular antenna connector This SMA female connector connects the device s primary cellular antenna 6 SIM Sockets SIM 1 and SIM 2 are for use with the Subscriber Identification Module s SIMs ...

Page 27: ...traight through or cross over cable connections 2 Power connector This locking power connector connects the device to a power source The connector should be inserted and rotated to lock in place Center pin is positive 3 LEDs SERVICE LED Indicates the presence and level of cellular service running on the device Off No cellular service 1 Blink GPRS mode 2 Blinks EDGE mode 3 Blinks UMTS mode 4 Blinks...

Page 28: ...ockets The SIM door must be opened to install the SIM cards For installation details refer to the Quick Start Guide that came with your device Note To open the SIM door slide the SIM door out using your finger 5 SIM sockets SIM 1 and SIM 2 are for use with the Subscriber Identification Module s SIMs 6 Primary LTE antenna connector This SMA female connector connects the device s primary cellular an...

Page 29: ... connector connects the device to a power source The connector should be inserted and rotated to lock in place Center pin is positive 3 LEDs SERVICE LED Indicates the presence and level of cellular service running on the device Off No cellular service 1 Blink GPRS mode 2 Blinks EDGE mode 3 Blinks UMTS mode 4 Blinks HSDPA mode 5 Blinks HSUPA mode 6 Blinks LTE mode SIGNAL LED Indicates strength of c...

Page 30: ... the bottom right corner of the device If you are using one SIM card only insert it in the SIM 1 slot 6 Primary cellular antenna connector This SMA female connector connects the device s primary cellular antenna 7 Secondary cellular antenna connector This SMA female connector connects the device s secondary cellular antenna TransPort WR11 accessories A variety of accessories are available for Tran...

Page 31: ...ate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help Labeling Requirements FCC 15 19 This device complies with Part 15 of FCC rules Operation is subject to the following two conditions 1 this devic...

Page 32: ...1 user manual documentation and ensure the final product does not exceed the specified power ratings antenna specifications and or installation requirements as specified in the user manual If any of these specifications are exceeded in the final product a submission must be made to a notified body for compliance testing to all required standards OEM labeling requirements The CE marking must be aff...

Page 33: ...for future reference 2 If the power supply shows signs of damage or malfunction stop using it immediately turn off the power and disconnect the power supply before contacting your supplier for a repair or replacement 3 Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment Use only the accessories attachments...

Page 34: ... of wireless appliances in an aircraft is forbidden to prevent interference with communications systems Failure to observe these instructions may lead to the suspension or denial of cellular services to the offender legal action or both As with any electrical equipment do not operate the router in the presence of flammable gases fumes or potentially explosive atmospheres Do not use radio devices a...

Page 35: ...n Green WWAN network connection Flashing WWAN traffic being transmitted or received 4 WWAN Wireless Network LED Indicates the presence and level of cellular service running on the device Off No cellular service 1 Blink GPRS mode 2 Blinks EDGE mode 3 Blinks UMTS mode 4 Blinks HSDPA mode 5 Blinks HSUPA mode 6 Blinks LTE mode 5 SIGNAL LED Indicate strength of cellular signal 3 LEDs Excellent 2 LEDs G...

Page 36: ...is 0 5A Reset the TransPort WR21 1 Turn the router on and wait 15 seconds for the router to complete its initialization process 2 Press and hold the reset button gently for 5 seconds After this time the router automatically reboots and display a pattern of alternating LEDs flashing followed by the normal boot sequence CAUTION Do not remove power from the router during this operation as corruption ...

Page 37: ...9 port provides an asynchronous RS232 RS485 optional serial port with optional RS422 485 support for connecting the router to a compatible serial device This is a DCE serial port and allows CLI access to the device by default the baud rate is 115200 For a pinout see TransPort WR21 serial pinout 5 Power connector This connector connects the router to a power source using either the supplied power s...

Page 38: ...5 Pin Direction RS232 DCE Description 1 Out DCD Data CarrierDetect 2 Out RXD ReceiveData 3 In TXD TransmitData 4 In DTR Data TerminalReady 5 N A GND Ground 6 Out DSR Data Set Ready 7 In RTS Ready ToSend 8 Out CTS Clear ToSend 9 Out RI Ring Indicate Pin Direction RS422 RS485 Description 1 Out CTS Clear ToSend 2 Out RD Receive Data 3 In TD Transmit Data 4 In RTS_B RTS Ready ToSend 5 N A GND Ground 6...

Page 39: ...harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try and correct the interference by one or more of the following measures Reorient or relocate...

Page 40: ... Directive A Declaration of Conformity must be issued for each of these standards and kept on file as described in the RE Directive Radio Equipment Directive Furthermore the manufacturer must maintain a copy of the Digi TransPort WR21 user manual documentation and ensure the final product does not exceed the specified power ratings antenna specifications and or installation requirements as specifi...

Page 41: ...stop using it immediately turn off the power and disconnect the power supply before contacting your supplier for a repair or replacement 3 Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment Use only the accessories attachments and power supplies provided by the manufacturer connecting non approved antenna...

Page 42: ... of wireless appliances in an aircraft is forbidden to prevent interference with communications systems Failure to observe these instructions may lead to the suspension or denial of cellular services to the offender legal action or both As with any electrical equipment do not operate the router in the presence of flammable gases fumes or potentially explosive atmospheres Do not use radio devices a...

Page 43: ... TransPort WR Routers User Guide 43 TransPort WR31 hardware TransPort WR31 hardware features 0 WW AN PR I 9 30 VD C 2A M AX 1 0 WW AN PR I 9 30 VD C 2A M AX 2 0 WW AN PR I 9 30 VD C 2A M AX 1 3 5 6 7 WWAN PRI 9 30VDC 2A MAX 9 8 12 11 10 4 ...

Page 44: ...ion only not a hazardous location 6 Serial connector This DB9 port provides an asynchronous RS232 RS485 optional serial port with optional RS422 485 support to connect the router to a compatible serial device This is a DCE serial port and allows CLI access to the device by default the default serial baud rate is 115200 For a pinout see TransPort WR31 serial pinout 7 Power connector A pluggable con...

Page 45: ...3 LEDs Excellent 2 LEDs Good 1 LED Fair 0 LEDs Poor or No signal SYSTEM LED Reserved for user defined functions 11 Earth ground 12 Digital analog I O connector An input output connector with two digital input output connections and a single analog input connection For more information and wiring diagrams see TransPort WR31 digital and analog inputs and outputs ...

Page 46: ...t WR31 Part Numbers and Accessories page TransPort WR31 mounting options You can mount the TransPort WR31 on a DIN rail directly to a wall or in a NEMA enclosure For wall mounting or NEMA enclosure installation purchase the TransPort WR31 Wall Mount Bracket Digi part number 76000963 and NEMA enclosure equipment such as the NEMA enclosure mounting plate special cabling and cable glands Hazardous Lo...

Page 47: ...Hardware TransPort WR31 hardware Digi TransPort WR Routers User Guide 47 TransPort WR31 serial pinout Note that all TransPort serial ports are DCE WWAN PRI 9 30VDC 2A MAX Pin 1 Pin 9 ...

Page 48: ...S485 Pin Direction RS232 DCE Description 1 Out DCD Data CarrierDetect 2 Out RXD ReceiveData 3 In TXD TransmitData 4 In DTR Data TerminalReady 5 N A GND Ground 6 Out DSR Data Set Ready 7 In RTS Ready ToSend 8 Out CTS Clear ToSend 9 Out RI Ring Indicate Pin Direction RS422 RS485 Description 1 Out CTS Clear ToSend 2 Out RD Receive Data 3 In TD Transmit Data 4 In RTS_B RTS Ready ToSend 5 N A GND Groun...

Page 49: ...t output connector with two digital input output connec tions and a single analog input connection I O connector pin assignments The figure and table show the I O connector pin assignments and the signals for each pin Pin Symbol Description 5 AIN0 Analog Input 0 4 AGND Analog Return 3 DIO0 Digital I O 0 2 GND Digital Return 1 DIO1 Digital I O 1 Pin 5 Pin 1 ...

Page 50: ...circuit TransPort WR31 analog input representative circuit Example digital and analog I O wiring WR31_3v3 PullͲup Enable Signal Digital Output Enable Digital Input DIGITAL INPUT DIGITAL RETURN 200ͲOhm Analog Select Signal Analog Input ANALOG INPUT ANALOG RETURN Current Loop Protector Current Loop Signal Voltage Input Signal ...

Page 51: ...ntact is CLOSED Digital output The wiring diagram assumes a current limiting resistor provided by installation or connected device is in use DIGITAL INPUT DIGITAL RETURN Digital Input WR31_3v3 PullͲup ON External Contact Door Contact etc DIGITAL INPUT DIGITAL RETURN Digital Input External Contact Door Contact etc Digital Output Enable DIGITAL RETURN DIGITAL INPUT ...

Page 52: ...Analog input 4 20mA input mode Analog input 0 10V input mode 200ͲOhm Analog Input Current Loop Protector ANALOG INPUT ANALOG RETURN ANALOG 4Ͳ20mA Sensor Analog Select Signal Current Mode Analog Input ANALOG INPUT ANALOG RETURN 0 10V input Analog Select Signal Voltage Mode DC ...

Page 53: ...ate at power up with no voltage applied is LOW Digital output This output is an open collector sinking driver output The default state at power up is off Specification Min Nom Max Units Rated Input Voltage 0 2 30 V Rated Input Current 1 0 200 mA Pull Up Resistance 10 k Ohms Specification Min Nom Max Units Threshold 1 6 V Threshold 1 0 V Input impedance 1 M Ohms Specification Min Nom Max Units Sink...

Page 54: ...ode default Current loop mode Specification Min Nom Max Units Resolution 12 BITS Accuracy 0 2 Rated Input Voltage 0 2 30 V Rated Input Current 0 40 mA Specification Min Nom Max Units Input Voltage 0 2 10 25 V Input Impedance 291 K Ohms Specification Min Nom Max Units Minimum Input Voltage 2 V Load Resistance 200 Ohms ...

Page 55: ...ate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help Labeling Requirements FCC 15 19 This device complies with Part 15 of FCC rules Operation is subject to the following two conditions 1 this devic...

Page 56: ...1 user manual documentation and ensure the final product does not exceed the specified power ratings antenna specifications and or installation requirements as specified in the user manual If any of these specifications are exceeded in the final product a submission must be made to a notified body for compliance testing to all required standards OEM labeling requirements The CE marking must be aff...

Page 57: ...stop using it immediately turn off the power and disconnect the power supply before contacting your supplier for a repair or replacement 3 Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment Use only the accessories attachments and power supplies provided by the manufacturer connecting non approved antenna...

Page 58: ... of wireless appliances in an aircraft is forbidden to prevent interference with communications systems Failure to observe these instructions may lead to the suspension or denial of cellular services to the offender legal action or both As with any electrical equipment do not operate the router in the presence of flammable gases fumes or potentially explosive atmospheres Do not use radio devices a...

Page 59: ...r received 4 WN LED Wi Fi models Illuminates steady if Wi Fi activity is present Non Wi Fi models Flashes to show which network mode the router is operating in Off No service 1 blink GPRS mode 2 blinks EDGE mode 3 blinks UMTS mode 4 blinks HSDPA mode 5 blinks HSUPA mode 6 blinks LTE mode 5 LINK LED Illuminates steadily when a wireless WAN data connection has been established 6 SIM LED Illuminates ...

Page 60: ... received 10 SIM R UIM Sockets SIM card models only SIM 1 and SIM 2 are for use with the Subscriber Identification Module s SIMs or Removable User Identification Module s R UIMs 11 Primary Wi Fi antenna connector Wi Fi models only This SMA connector connects the router s primary Wi Fi antenna 12 Secondary Wi Fi antenna connector Wi Fi models only This SMA connector connects the router s secondary ...

Page 61: ...ynchronous RS232 serial port for connecting the unit to a compatible serial device This is a DCE serial port and allows CLI access to the device by default the baud rate is 115200 See TransPort WR41 serial pinout for a pinout diagram 4 Hardware Expansion Port Various hardware upgrades are available for this unit and are populated via this expansion port See TransPort WR41 additional hardware featu...

Page 62: ...hole located on the underside of the router Reset the router 1 Turn the router on and wait 15 seconds for the router to complete its initializationprocess 2 Press and hold the reset button gently for 5 seconds After this time the router will automatically re boot and display a pattern of alternating LEDs flashing followed by the normal boot sequence CAUTION Do not remove power from the router duri...

Page 63: ... ASY Serial Port Option 3 SYN ASYN Serial Port Option 5 ISDN Option 10 ISDN U PSTN PSTN Option 9 PSTN ISDN Modem Option 11 DialServ To Modem Option 2 ASY Serial Port 3x GPS Option 4 GPS Option 6 Telemetry 1 I O Interface A B A B _ DC IN RLY IN OUT 1 OUT 2 OUT 3 _ _ _ OUT 4 Option 7 Telemetry 2 I O Interface A B A B A B A B D1 D2 D3 D4 AN1 AN2 AN3 AN4 D12C D34C Option 8 Fleet I O Interface Pwr Data...

Page 64: ... and 1 opto isolated digital output port It also provides a relay I O port a voltage monitoring port and internal temperature monitoring 7 Telemetry 2 I O Interface Provides 4 isolated analog I O ports and 4 non isolated digital I O ports 8 Fleet I O Interface Provides a CAN and J1708 interface GPS 4 non isolated digital I O ports ignition sense port and a 3 axis accelerometer 9 PSTN Provides a PS...

Page 65: ...re specifications For hardware specifications see Digi TransPort WR41 specifications TransPort WR41 accessories A variety of accessories are available for TransPort products For the current list of accessories and their Digi part numbers go to the TransPort WR41 Part Numbers and Accessories page ...

Page 66: ... DB25 connector available on some daughter cards Description RS232 signal Direction DB 25 Pin RJ45 Pin Transmit Data TxD in 2 6 Receive Data RxD out 3 3 Ready To Send RTS in 4 1 Clear To Send CTS out 5 8 Data Set Ready DSR out 6 n a Ground GND n a 7 5 Data Carrier Detect DCD out 8 7 Transmitter Clock TxC out 15 n a Receiver Clock RxC out 17 n a Data Terminal Ready DTR in 20 2 Ring Indicate RI out ...

Page 67: ...ate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help Labeling Requirements FCC 15 19 This device complies with Part 15 of FCC rules Operation is subject to the following two conditions 1 this devic...

Page 68: ...1 user manual documentation and ensure the final product does not exceed the specified power ratings antenna specifications and or installation requirements as specified in the user manual If any of these specifications are exceeded in the final product a submission must be made to a notified body for compliance testing to all required standards OEM labeling requirements The CE marking must be aff...

Page 69: ...our supplier for a repair or replacement 3 Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment Use only the accessories attachments and power supplies provided by the manufacturer connecting non approved antennas or power supplies may damage the router cause interference or create an electric shock hazard ...

Page 70: ... of wireless appliances in an aircraft is forbidden to prevent interference with communications systems Failure to observe these instructions may lead to the suspension or denial of cellular services to the offender legal action or both As with any electrical equipment do not operate the router in the presence of flammable gases fumes or potentially explosive atmospheres Do not use radio devices a...

Page 71: ... hardware Digi TransPort WR Routers User Guide 71 TransPort WR44 WR44 R hardware TransPort WR44 enclosure features TransPort WR44 1 Commercial enclosure 2 Mounting feet TransPort WR44 R 1 Rugged enclosure 2 Mounting tabs 1 2 2 2 2 1 ...

Page 72: ... when there is a network connection to the LAN port and flashes when data is transmitted or received 4 Wi Fi LED Wi Fi models Illuminates steadily if Wi Fi activity is present 5 SERIAL LED Illuminates steadily if a terminal is connected to the SERIAL port and the DTR signal is on Flashes when data is transmitted or received 6 LINK LED Illuminates steadily when a wireless data connection has been e...

Page 73: ...te strength of cellular signal 3 LEDs Excellent 2 LEDs Good 1 LED Fair 0 LEDs Poor or No signal Models without cellular interface Not operational 10 SIM R UIM Sockets Cellular SIM card models only Illuminates steadily when a valid SIM card is installed Models without cellular interface Not operational or accessible ...

Page 74: ...lock connector which can be secured by rotating it 90 degrees once installed into the TransPort router Center pin is positive 6 11 58VDC Aux Connects the router to an alternative 11 58VDC power supply not supplied using a fused power cable which can be purchased separately This cable also contains two programmable IO signal lines one is an input signal and the other is an input output signal 7 SER...

Page 75: ...Hardware TransPort WR44 WR44 R hardware Digi TransPort WR Routers User Guide 75 TransPort WR44 under unit features TransPort WR44 Front of Unit 1 2 3 1 Rear of Unit ...

Page 76: ...a small 2 5mm hole located on the underside of the router Reset the TransPort WR44 WR44 R 1 Turn the router on and wait 15 seconds for the router to complete its initializationprocess 2 Press and hold the reset button gently for 5 seconds After this time the router will automatically re boot and display a pattern of alternating LEDs flashing followed by the normal boot sequence CAUTION Do not remo...

Page 77: ...s GPS capabilities using an SMA male connector WWAN PRIMARY WIFI SECONDARY 11 58VDC 1 3A MAX MAIN AUX WIFI PRIMARY WWAN SECONDARY LAN3 LAN2 LAN1 LAN0 SERIAL 0 Option 1 ASY Serial Port 3x Option 3 GPS Option 5 Telemetry 1 I O Interface Option 10 DialServ Option 9 ISDN U PSTN SERIAL 1 SERIAL 3 SERIAL 2 Option 2 SYN ASYN Serial Port Option 4 ISDN GPS Option 6 Telemetry 2 I O Interface A B A B _ DC IN...

Page 78: ...4 isolated analog I O ports and 4 non isolated digital I O ports 7 Fleet I O interface Provides CAN and J1708 interface GPS 4 non isolated digital I O ports ignition sense port and a 3 axis accelerometer 8 PSTN Provides a PSTN interface via an RJ45 connector for dialing out and receiving calls 9 ISDN U PSTN Provides an ISDN U interface suitable for the USA plus PSTN interface It can be configured ...

Page 79: ...fications see Digi TransPort WR44 R specifications TransPort WR44 accessories A variety of accessories are available for TransPort products For the current list of accessories and their Digi part numbers go to the TransPort WR44 Part Numbers and Accessories page TransPort WR44 R accessories A variety of accessories are available for TransPort products For the current list of accessories and their ...

Page 80: ...5 Pin Transmit Data TxD in 2 3 6 Receive Data RxD out 3 2 3 Ready To Send RTS in 4 7 1 Clear To Send CTS out 5 8 8 Data Set Ready DSR out 6 6 n a Ground GND n a 7 5 5 Data Carrier Detect DCD out 8 1 7 Transmitter Clock TxC out 15 n a n a Receiver Clock RxC out 17 n a n a Data Terminal Ready DTR in 20 4 2 Ring Indicate RI out 22 9 n a External Transmitter Clock ETC in 24 n a n a ...

Page 81: ...cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try and correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which...

Page 82: ...nt Directive A Declaration of Conformity must be issued for each of these standards and kept on file as described in the RE Directive Radio Equipment Directive Furthermore the manufacturer must maintain a copy of the Digi TransPort WR44 user manual documentation and ensure the final product does not exceed the specified power ratings antenna specifications and or installation requirements as speci...

Page 83: ...arty responsible for compliance could void the user s authority to operate the equipment Use only the accessories attachments and power supplies provided by the manufacturer connecting non approved antennas or power supplies may damage the router cause interference or create an electric shock hazard and will void the warranty 4 Do not attempt to repair the product The router contains no electronic...

Page 84: ...tion of wireless appliances in an aircraft is forbidden to prevent interference with communications systems Failure to observe these instructions may lead to the suspension or denial of cellular services to the offender legal action or both As with any electrical equipment do not operate the router in the presence of flammable gases fumes or potentially explosive atmospheres Do not use radio devic...

Page 85: ...work connection to the LAN port and flashes when data is transmitted or received 3 Wi Fi LED Wi Fi models only Illuminates steady if Wi Fi activity is present 4 SERIAL LED Illuminates steadily if a terminal is connected to the SERIAL port and the DTR signal is on 5 LINK LED Illuminates steadily when a wireless WAN data connection has been established 6 SIM LED Illuminates steadily when a valid SIM...

Page 86: ...SIGNAL LEDs Indicate strength of cellular signal 3 LEDs Excellent 2 LEDs Good 1 LED Fair 0 LEDs Poor or No signal 9 SIM R UIM sockets SIM card models only SIM 1 and SIM 2 are for use with the Subscriber Identification Module s SIMs or Removable User Identification Module s R UIMs ...

Page 87: ...upply not supplied using the supplied fused power cable This cable also contains two programmable GPIO signal lines 7 Serial port This M12 port provides an asynchronous RS232 serial port for connecting the router to a compatible serial device This is a DCE serial port and allows CLI access to the device by default the baud rate is 115200 8 LAN ports These M12 ports connect the router to a 10 100 b...

Page 88: ...rdware TransPort WR44 RR hardware Digi TransPort WR Routers User Guide 88 TransPort WR44 RR Ethernet cable connectors and pinouts Pin locations 4 pin connector pin locations 8 pin connector pin locations ...

Page 89: ...n A Coded connector Pinout is as follows Ethernet connectors Ethernet connector M12 4 pin DCoded Ethernet connector M12 8 pin ACoded Pin Signal 1 Power ve 2 GPIO 0 3 Power ve 3 GPIO 1 Pin DB 9 DCE 1 2 RXD 2 3 TXD 3 8 CTS 4 7 RTS 5 5 GTM M12 Pin RJ45 Signal Notes 1 1 TX Twisted Pair 3 2 TX 2 3 RX Twisted Pair 4 6 RX M12 Pin RJ45 Signal Notes 4 6 RX Twisted Pair 6 3 RX 5 1 TX Twisted Pair 8 2 TX 1 N...

Page 90: ...ate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help Labeling Requirements FCC 15 19 This device complies with Part 15 of FCC rules Operation is subject to the following two conditions 1 this devic...

Page 91: ...WR44 RR user manual documentation and ensure the final product does not exceed the specified power ratings antenna specifications and or installation requirements as specified in the user manual If any of these specifications are exceeded in the final product a submission must be made to a notified body for compliance testing to all required standards OEM labeling requirements The CE marking must ...

Page 92: ...ed by the party responsible for compliance could void the user s authority to operate the equipment Use only the accessories attachments and power supplies provided by the manufacturer connecting non approved antennas or power supplies may damage the router cause interference or create an electric shock hazard and will void the warranty 4 Do not attempt to repair the product The router contains no...

Page 93: ...on of wireless appliances in an aircraft is forbidden to prevent interference with communications systems Failure to observe these instructions may lead to the suspension or denial of cellular services to the offender legal action or both As with any electrical equipment do not operate the router in the presence of flammable gases fumes or potentially explosive atmospheres Do not use radio devices...

Page 94: ...Purchase additional serial cables For TransPort models that include serial ports with RJ45 connectors Digi offers the following serial cables for connectivity Digi part number Description 76000855 RJ45 to DB9 Female 6 76000856 RJ45 to DB25 Male 6 76000857 RJ45 to DB25 Female 6 ...

Page 95: ...Fi 2 4GHz modules for this product obtained its complete certification by using the antenna described here End users in North America should use an antenna that matches these specifications to maintain the module s certification You can use antennas of the same type but operating with a lower gain Attribute Property Frequency Range 2 4 to 2 5 GHz Impedance 50 Ohm VSWR 1 92 max Return Loss 10dB max...

Page 96: ...lt in web interface for configuring the device managing the network and connections and managing applications This section describes the web interface Log in to the device 97 Log out and return to the login page 98 Signal strength indicators on the Mobile status page 99 Web interface wizards 100 ...

Page 97: ...tically work with either a straight through or cross over cable 2 Make sure your PC is configured to automatically receive an IP address by selecting Start Control Panel Network Configuration and verifying the configuration 3 Open a web browser Enter the router s Ethernet IP address 192 168 1 1 into your web browser after configuring your PC to have an address on the same subnet A login page appea...

Page 98: ... password the Home page is displayed This page is the main operations page for the router The main menu is on the left side of the Home page Clicking menu items displays the settings or operations for that item Log out and return to the login page To log out the current user and return to the web interface login page select Logout ...

Page 99: ...etwork Status Mobile page The signal strength is shown in negative dB which means that the stronger the signal the lower the number As a guide 51 dBm is a very strong signal normally only obtained very close to a cell site 115 dBm represents no signal If your router reports 115dBm try reorienting the antenna or consider adding an external antenna The following values are fairly specific to LTE At ...

Page 100: ...task Because these wizards configure a generic group of settings using them to configure features may not be suitable for specific configuration scenarios Quick Start wizard The Quick Start wizard displays the options required for basic configuration of the Eth 0 WLAN and WWAN interfaces From this wizard page you can configure Ethernet LAN interface You can get IP settings assigned automatically i...

Page 101: ...ofile for your application Create an aggressive mode LAN to LAN IPsec Tunnel wizard This wizard helps you configure an aggressive mode LAN to LAN IPsec tunnel to a remote host You can use the IPsec wizard to help configure an aggressive mode LAN to LAN VPN tunnel The tunnel is configured as an initiator This means the IPsec tunnel is responsible for starting the VPN connection ...

Page 102: ...y sends data over the W WAN The main advantage of passive techniques are No additional data charges if your mobile operator charges you for data In a hub and spoke deployment no additional load will be placed on equipment at the hub The main disadvantages are If the equipment on the LAN does not send data and a problem with the connection occurs it is not possible to connect to the router or the r...

Page 103: ...nstalled use the GOBI Module Carrier wizard to configure the router for a specified WWAN carrier This wizard allows you to select the GOBI module firmware to use for your WWAN connection Changes to the router configuration will be also made depending on the firmware selection The router is currently configured to load firmware ID 0 Generic UMTS ...

Page 104: ...the other Once it has failed over it will remain on the alternate SIM until another problem is detected in which case it will fail back to the original SIM This method keeps down time to a minimum Use this option when no SIM has preference over the other One SIM has a higher weighting than the other After boot up the router uses primary SIM if possible In the event that a problem occurs the router...

Page 105: ...this guide About the Digi TransPort command line interface 106 Supported command types 106 Required software for using the command line 106 Connect to the TransPort router from a PC 107 Log in to the command line interface 108 Exit the command line interface 108 Commands and the active port 108 When commands take effect 108 View current configuration changes 108 Save changes 108 Configure network ...

Page 106: ...s AT commands and S registers Digi TransPort supports AT commands and Special registers S registers to maintain compatibility with modems when using the router as a modem replacement For more information about the AT commands see AT commands Application commands also known as text commands Application commands are specific to Digi International products and control most features of the router when...

Page 107: ... connected to a PC 2 Verify that terminal emulation software such as TeraTerm or HyperTerminal is installed on the PC 3 Using the terminal emulation software configure the following settings for the router COM Port select the appropriate port typically COM1 Baud Rate 115200 Data Bits 8 Stop Bits 1 Parity No Parity No Parity Flow Control None 4 Verify that the connection is active by entering the c...

Page 108: ...ce To exit the command line interface enter the exit command Commands and the active port When entering AT or text commands in most cases the command only affects the settings for the active port This is usually the port to which you are physically connected but you may if necessary set the active port to another port of your choice using the AT PORT N command where N is a port number from 0 3 Whe...

Page 109: ...of the config c show command as 255 255 255 0 is a default value 3 To stop the DHCP server from serving addresses use the following command dhcp 0 ipmin x This command removes the minimum IP address that will be server via DHCP disabling the DHCP server For example to stop the DHCP sever from DHCP requests enter the command Note that the variable removes a value or set it back to its default dhcp ...

Page 110: ...going V 120 call Initiate a DUN session to establish a dial up PPP connection Make an outgoing X 25 call using the ATD command followed by the X 28 CALL command Make an outgoing TPAD Transaction PAD call using the TPAD a address command followed by the appropriate NUA This is normally only carried out under software control Similarly incoming calls are handled according to the protocols that have ...

Page 111: ...sitive Entering multiple commands Escape sequences AT command result codes S registers D command Dial a call H command Hang up Z command Reset C command DCD control F command Load factory settings R command CTS control V command View profiles W command Write SREGS DAT file Y command Set default profile Z command Store phone number AT command Ignore invalid AT commands LS command Lock speed PORT co...

Page 112: ...ho After this command has been entered further commands will be displayed without the echo AT commands are case insensitive The AT command prefix and the commands that follow it can be entered in upper or lower case Entering multiple commands After the prefix you can enter one or more commands on the same line of up to 40 characters When the line is entered the router will execute each command in ...

Page 113: ...se the ATV0 command to select numeric codes if required The results from the text based commands can be numeric or verbose The tables lists the result codes S registers S Special registers are registers in the router for storing certain types of configuration information They are essentially a legacy feature included to provide compatibility with software that was originally designed to interact w...

Page 114: ... use the ATD command to route a call to an ISDN sub address by following the telephone with the letter S and the required sub address The sub address can be up to 15 digits long For example atd01234567890s003 Dialing stored numbers To dial numbers that have previously been stored within the router using the AT Z command insert the S modifier within the dial string For example to dial stored number...

Page 115: ... control The AT C command configures how the router controls the DCD signal to the terminal Options include C0 DCD is always On C1 DCD is On only when an ISDN connection has been established Layer 2 is UP C2 DCD is always Off C3 DCD is normally On but pulses low for a time in 10 msec routers determined by S register 10 F command Load factory settings The AT F command loads a predefined default set...

Page 116: ...Write SREGS DAT file The AT W command saves the current command and S registers settings for the active port to the file SREGS DAT You can reload the settings in this file at any time using the ATZ command After the AT W command you can specify a profile number either 0 or 1 to store the settings in the specified profile For example the following command stores the current settings as profile 1 at...

Page 117: ...s enabled by setting S33 1 for the port the number associated with that port is dialed when the DTR signal for that port changes from Off to On This is because you can use DTR dialing with the number associated with the port to which the terminal is connected only AT command Ignore invalid AT commands This command is a work around for use with terminals that generate large amounts of extraneous te...

Page 118: ...to reconfigure the settings for port 2 you would first enter the command at port 2 PORT 2 OK Port 2 is now the active port and any AT commands or changes to S registers settings which affect the serial ports will now be applied to port 2 only This includes Commands Z D F K V Y W S registers S31 S45 The AT PORT command will display the port to which you are connected and the active port for command...

Page 119: ...ers User Guide 119 smib commands The at smib command allows you to view a single standard MIB variable To view the variable use the at smib mib_name command where mib_name is the variable to be displayed The variables are sorted according to the hierarchy shown below ...

Page 120: ...les Instead oid is output mib 2 system sysobjectid oid at smib mib 2 system sysuptime The time the router has been running in 10msec units hundredths of a second mib 2 system sysuptime 1806718 The above example shows that the router has been running for 5 hours 1 minute and 7 18 seconds at smib mib 2 system syscontact A description of the contact person for the router For TransPort this is always ...

Page 121: ...he set of services the router provides For each OSI layer the router provides services for 2 L 1 is added to the value where L is the layer The layers are shown below For TransPort this value is always 7 Physical layer 21 1 Data Link layer 22 1 Network layer 23 1 Layer Functionality 1 Physical 2 Data Link 3 Network 4 Transport 5 Session 6 Presentation 7 Application ...

Page 122: ... appended at smib mib 2 interfaces iftable ifentry at smib mib 2 interfaces iftable ifentry ifindex The unique index number of the interface at smib mib 2 interfaces iftable ifentry ifdescr This variable displays information about the interface This information is displayed in the format interface type instance where interface type can be one of PPP ETH TUN for IPSec tunnels SNAIP for SNAIP links ...

Page 123: ...tocol stack For interfaces without such an address a zero length octet string is returned For PPP SNAIP and SYNC ports a zero length string is returned at smib mib 2 interfaces iftable ifentry ifadminstatus The desired state of the interface The testing state 3 indicates no operational packets can be passed at smib mib 2 interfaces iftable ifentry ifoperstatus The current operational state of the ...

Page 124: ...el protocols requested this interface to transmit to a subnetwork unicast address including those that were discarded or not sent at smib mib 2 interfaces iftable ifentry ifoutnucastpkts The total number of packets that higher level protocols requested this interface to transmit to a non unicast such as broadcast or multicast address including those that were discarded or not sent at smib mib 2 in...

Page 125: ...b 2 ip ipaddrtable ipaddrentry ipadentifindex The index identifier for the interface associated with this IP address at smib mib 2 ip ipaddrtable ipaddrentry ipadentnetmask The subnet mask associated with the IP address at smib mib 2 ip ipaddrtable ipaddrentry ipadentbcastaddr The value of the least significant bit in the IP broadcast address for sending datagrams on the IP address of this interfa...

Page 126: ...primary routing metric for the route at smib mib 2 ip iproutetable iprouteentry iproutenexthop The IP address of the next hop of the route at smib mib 2 ip iproutetable iprouteentry iproutetype The type of route Valid values are 1 Valid 2 Invalid 3 Direct 4 Indirect at smib mib 2 ip iproutetable iprouteentry iproutemask The netmask for the route ...

Page 127: ...in the table below S0 V 120 Answer Enabled Units Rings Default 0 Range 0 255 Used in V 120 mode only Enables or disables automatic answering of incoming ISDN calls Auto answering is disabled when S0 is set to the default value of 0 Setting S0 to a non zero value enables auto answering The actual value stored determines the number of rings that the router will wait before answering For example the ...

Page 128: ...uter to switch from on line mode to command mode S12 Escape Delay Units ms Default 50 Range 0 255 The value stored in S12 defines the delay between sending the escape sequence and entering an AT command for the router to switch from on line mode to command mode S15 Data Forwarding Timer Units 10ms Default 0 Range 0 255 S15 sets the data forwarding timer for the ASY port in multiples of 10ms The de...

Page 129: ... 485 half duplex mode AT port 0 ATS16 3 AT w AT port The at port 0 is needed to ensure that subsequent AT commands are directed to the right port ASY0 The port settings can be saved permanently using AT W Issue the command ats16 and check that the value of this S register is 3 To set it back to RS232 then set ATS16 to 0 and save it with the w command S23 Parity Units N A Default 0 Range 0 2 5 6 Th...

Page 130: ... Then change the speed of your terminal to 38 400bps before entering any more AT commands When entering the ATS31 n command the data format selected becomes the data format for all further commands The auto detect option is only available for ASY0 and ASY1 S33 DTR Dialing Units N A Default 0 Range 0 1 S33 enables or disables DTR dialing for the port When DTR dialing is enabled the router dials the...

Page 131: ...Application commands are case insensitive One command per line Application command syntax Using wildcards Using the CLI parameter tables in this guide reboot command reboot router config command show save configuration templog command temperature monitoring traceroute command Troubleshoot connectivity problems ana command Clear the Analyser Trace clear command Clear the event log Activate and deac...

Page 132: ...K result code will be issued An invalid command will cause the ERROR result code to be issued Application command syntax The general syntax for an application commands is entity instance param_name value where entity is the name of the entity instance is the instance number for the entity that you are configuring param_name is the name of the parameter that you wish to configure value is the new v...

Page 133: ...r_comp OFF r_addr OFF r_callb 0 rxtimeout 23 rdoosdly 0 restdel 2000 rebootfails 0 rip 0 ripip ripauth 1 ripis OFF r_md5 1 r_ms1 1 r_ms2 1 rbcast OFF OK Using special usernames in commands You can use several special usernames for local and remote authentication If a symbol is part of the username you must enter another symbol as an escape character For example enter user 1 as user 1 Username Desc...

Page 134: ...he rightmost column shows the equivalent setting in the web interface If the Instance is n in the table it is because there are multiple instances available Use the instance number you need for your requirements If the Instance is set to a specific number such as 0 use the number specified in the table For example to set a Description of Local LAN on Ethernet 0 enter eth 0 descr Local LAN Because ...

Page 135: ...osed PPP interfaces are disconnected reboot n A time reboot reboots the router in n minutes where n is 1 to 65535 reboot cancel Cancels a timed reboot if entered before the time period has passed Reset the router to factory defaults To reset router to factory defaults see Reset the router to factory defaults Disable the reset button Normally when the reset button is held in for 5 seconds the route...

Page 136: ...guration either 0 or 1 powerup sets the specified configuration either 0 or 1 to use at power up or reboot For example to display the current configuration use the command config c show The output is similar to the following config c show eth 0 descr LAN 0 eth 0 IPaddr 192 168 1 1 eth 0 mask 255 255 255 0 eth 0 bridge ON eth 1 descr LAN 1 eth 2 descr LAN 2 eth 3 descr LAN 3 eth 4 descr ATM PVC 0 T...

Page 137: ...es in the temperature are logged to a special flash file templog c1 Use templog 0 status to view the last stored record in this file There are two temperature sensors built in one on the motherboard and one on the modem module If a temperature is reached that is outside of normal operating limits an event will be logged in the eventlog txt file traceroute command Troubleshoot connectivity problems...

Page 138: ...d as an activation request entity instance act_rq To manually deactivate or lower an interface enter the following command as an activation request entity instance deact_rq Where entity can be PPP for PPP interfaces TUN for GRE TUN interfaces OVPN for OpenVPN interfaces And instance is the interface number such as 0 1 2 etc For example to activate PPP 1 the command is ppp 1 act_rq and to deactivat...

Page 139: ...and is as follows gpio inout ON OFF input output Display current status of ports With no parameters the gpio command displays the current status of the ports For example gpio Input s in OFF Output s inout OFF OK Set the I O port as an output To set the I O port to be an output gpio inout output Input s in OFF Output s inout OFF OK Command Description gpio inout input Configures the I O port as an ...

Page 140: ...tions pins 2 and 3 are programmed via the command line using the gpio command The default setting for pins 2 and 3 is OFF as seen in the above example Note Use only one of the power connectors Never apply power to both the MAIN and AUX connectors at the same time The following image shows the pins and the corresponding numbers For more information on wiring and other details see the 4 pin DC Power...

Page 141: ...nd selects which image to load onto a GOBI cellular module The syntax of the command is qdl 0 fw n where n can be 0 14 The meaning of each value is below The default value is 0 Instance Value 0 Generic UMTS 1 Verizon 2 Sprint PCS 3 IUSACELL 4 Bell Mobility 5 Alltel 6 Cingular Blue 7 Cingular Orange 8 T Mobile 9 Docomo 10 Orange 11 Vodafone 12 Telefonica 13 Telital 14 OMH ...

Page 142: ...is behavior using the AT D command or the serial port settings The format of the command is TCPPERM ASY 0 1 Dest Host Dest Port UDP nodeact l listening port i inact_timeout f fwd_time e eth_ip d deact link k keepalive_time s src_port ok t telnet_mode ho host only ssl ao always open m mhome idx The tcpperm parameters are as follows Parameter Description ASY The number of the ASY port that the link ...

Page 143: ...nneled you may need to use en modifier so the source address of the socket matches the local subnet address specified in the appropriate eroute You can also set this behavior in the web interface on the Configuration Network Advanced Network Settings page by setting the parameter Default source IP address interface Ethernet n ok Open socket in quiet mode such as there is no OK response to the TCPP...

Page 144: ...9 maps to tcpdial asy 1 217 36 133 29 e0 Now whenever the attached terminal device attempts to dial the number defined the router maps it to an IP socket connection In this way you can direct multiple dial commands to the same or different IP hosts with other simple command mappings The tcpdial command is available only as an application command and has no equivalent setting in the web interface t...

Page 145: ...uter model This section covers configuring network interfaces from the web interface and command line Configure Ethernet interfaces 146 Configure Wi Fi interfaces 171 Configure mobile cellular interfaces 187 Configure DSL interfaces 216 Configure GRE interfaces 225 Configure ISDN interfaces 230 Configure PSTN interfaces 253 Configure DialServ interfaces 262 Configure serial interfaces 271 Configur...

Page 146: ...outers can be configured for either HUB mode or Port Isolate mode In HUB mode all the Ethernet ports are linked together and behave like an Ethernet hub or switch This means that the router will respond to all of its Ethernet IP addresses on all of its ports as the hub switch behavior links the ports together In Port Isolate mode the router will only respond to its Ethernet 0 IP address on physica...

Page 147: ... Ethernet port on your LAN Mask The subnet mask of the IP subnet to which the router is attached via this Ethernet port Typically this would be 255 255 255 0 for a Class C network Gateway The IP address of a gateway the router uses IP packets whose destination IP addresses are not on the LAN to which the router is connected are forwarded to this gateway DNS Server Secondary DNS Server The IP addre...

Page 148: ...Equivalent web parameters eth n descr Free text field Description eth n ipaddr Valid IP address IP Address eth n mask Valid Subnet Mask Mask eth n gateway IP address Gateway eth n dnsserver IP address DNS Server eth n secdns IP address Secondary DNS Server eth n dhcpcli on off On Get an IP address automatically using DHCP Off Use the following IP address ...

Page 149: ...ter will respond to all of its Ethernet IP addresses on all of its ports as the hub switch behavior links the ports together In Port Isolate mode the router will only respond to its Ethernet 0 IP address on physical port LAN 0 its Ethernet 1 IP address on physical port LAN 1 etc The router will not respond to its Ethernet 1 address on port LAN 0 unless routing has been configured appropriately Whe...

Page 150: ...normal operation leave this value unchanged MTU The Maximum Transmit Unit for the specified interface The default value is 0 meaning that the MTU will either be 1504 for routers using a Kendin Ethernet device or 1500 for non Kendin devices The non zero values must be greater than 128 and not more than the default value Values must also be multiples of 4 and the router will automatically adjust inv...

Page 151: ...rnet cable has been removed before routes that were using that interface are marked as out of service If the parameter is set to 0 the feature is disabled such as routes using the interface will not be marked as out of service if the cable is removed Enable NAT on this interface Selects whether the Ethernet interface uses IP Network Address Translation NAT or Network Address and Port Translation N...

Page 152: ...ine which private host to route the returning packets to and the connection would fail Enable IPsec on this interface Enables or disables IPSec security features for this Ethernet interface Use interface x y for the source IP address of IPsec packets By default the source IP address for an IPsec Eroute is the IP address of the interface on which IPSec was enabled By setting this parameter to eithe...

Page 153: ...uter to SYN packets such as transmitting an RST packet will restart the inactivity timer and prevent the router from disconnecting the link even when there is no genuine traffic This effect can be prevented by using the appropriate commands and options within the firewall script However on Digi 1000 series routers or where you are not using a firewall the same result can be achieved by selecting t...

Page 154: ...ten the router will transmit heartbeat packets to the specified destination in h Hours m Minutes and s Seconds Use interface x y for the source IP address By default heartbeat packets is sent with the source IP address of the interface on which they were generated If the heartbeat is required to be sent via an IPSec tunnel use this parameter to specify the source IP address of the heartbeat packet...

Page 155: ...n in h Hours m Minutes and s Seconds Switch to sending pings to IP host a b c d after n failures For this setting a b c d specifies an alternative destination IP address for the auto ping ICMP echo request to be sent to should the main IP address specified in the parameter above fail to respond This allows the router to double check there is a problem with the connection and not just with the remo...

Page 156: ...Half eth n maxkbps value in kbps Max Rx rate eth n maxtkbps value in kbps Max Tx rate eth n tcptxbuf value in bytes TCP transmit buffer size eth n linkdeact 0 86400 Take this interface out of service after n seconds when the link is lost eth n do_nat 0 1 2 Enable NAT on this interface 0 Disabled 1 IP address 2 IP address and Port eth n ipsec 0 1 Enable IPsec on this interface eth n ipsecent blank ...

Page 157: ...ridge on this interface eth n heartbeatip IP address Send Heartbeat messages to IP address a b c d every h hrs m mins s seconds eth n hrtbeatint 0 86400 Send Heartbeat messages to IP address a b c d every h hrs m mins s seconds This CLI value is entered in seconds only eth n hbipent blank eth ppp Use interface x y for the source IP address x Interface type eth n hbipadd 0 255 Use interface x y for...

Page 158: ...Link speed n Kbps Set this setting to the maximum data rate that this PPP link is capable of sustaining The router uses this setting when calculating whether or not the data rate from a queue can exceed its minimum Kbps setting as determined by the profile assigned to it and send at a higher rate up to the maximum Kbps setting Queue n Below this column heading is a list of ten queue instances Each...

Page 159: ...n q1prio 0 4 Queue 1 Priority qos n q2prof 0 11 Queue 2 Profile qos n q2prio 0 4 Queue 2 Priority qos n q3prof 0 11 Queue 3 Profile qos n q3prio 0 4 Queue 3 Priority qos n q4prof 0 11 Queue 4 Profile qos n q4prio 0 4 Queue 4 Priority qos n q5prof 0 11 Queue 5 Profile qos n q5prio 0 4 Queue 5 Priority qos n q6prof 0 11 Queue 6 Profile qos n q6prio 0 4 Queue 6 Priority qos n q7prof 0 11 Queue 7 Prof...

Page 160: ...oup ID The VRRP group ID parameter identifies routers that are configured to operate within the same VRRP group The default value is 0 which means that VRRP is disabled on this Ethernet interface The value may be set to a number from 1 to 255 to enable VRRP and include this Ethernet port in the specified VRRP group VRRP Priority The priority level of this Ethernet interface within the VRRP group f...

Page 161: ...t the Digi router WAN interface is tested and adjust the VRRP priority down if the WAN is not operational Another example would be to probe the WAN interface of another VRRP router and adjust the local VRRP priority up if that WAN interface is not operational When configured to probe in this manner it is necessary to configure a second Ethernet interface to be on the same subnet as the VRRP interf...

Page 162: ...to the MASTER state eth n vprobemode off TCP ICMP Send p probe to IP address a b c d TCP port n eth n vprobeip IP Address Send p probe to IP address a b c d TCP port n eth n vprobeport 0 65535 Send p probe to IP address a b c d TCP port n eth n vprobebackint 0 32767 every n seconds when in Backup state eth n vprobemastint 0 32767 every n seconds when in Master state eth n vprobeadj 0 255 Adjust pr...

Page 163: ... same physical Ethernet connection You can use Logical Ethernet interfaces as a bridging feature for example in a Wi Fi configuration where it is desirable to not use a physical interface for the bridging MAC Filtering Ethernet MAC filtering restricts which Ethernet devices can send packets to the router If MAC filtering is enabled on an Ethernet interface only Ethernet packets with a source MAC a...

Page 164: ...resses by configuring only the significant part of the MAC address such as 00 04 2d will allow all Ethernet packets with a source MAC address starting with 00 04 2d Related CLI commands Entity Instance Parameter Values Equivalent web parameter eth n macfilt on off Enable MAC filtering on Ethernet interfaces macfilt n mac MAC address with no separators Partial MAC address are allowed MAC Address ...

Page 165: ...ce the bridge has been configured the MAC addresses to bridge need to be configured in the MAC bridge table Enable Enables MAC bridging on the Ethernet interface Forward to Host The IP address of the remote router to which the Ethernet packets will be bridged Port The TCP port that the remote router is listening on Listen on Port The TCP port that the router will listen on for incoming bridged pac...

Page 166: ...e 166 Related CLI commands Entity Instance Parameter Values Equivalent web parameter eth n srcbhost IP Address Forward to IP address eth n srchport 0 65535 Port eth n srcblistenport 0 65535 Listen on Port bridgemac n mac MAC address with no separators Partial MAC address are allowed MAC Address ...

Page 167: ...device uses RSTP but this is backwards compatible with STP RSTP will not be enabled if the router is in Port Isolate mode If an Ethernet interface is configured with a hub group RSTP will be disabled on that interface Enable RSTP Enables RSTP on the router Priority The RSTP priority Group The RSTP group that the router is in Related CLI commands Entity Instance Parameter Values Equivalent web para...

Page 168: ...t frames are discarded Learning The port does not yet forward frames but learns source addresses from frames received and adds them to the MAC address table Forwarding The port receiving and sending data normal operation STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop Locking A port that would cause a switching loop no user data is sen...

Page 169: ...on the Ethernet interface VLAN ID This parameter specifies the ID of the Virtual LAN The TCP header uses the VLAN ID to identify the destination VLAN for the packet Ethernet Interface The Ethernet port that tags the outgoing packets Packets sent from this interface have VLAN tagging applied IP Address The destination IP address This parameter is optional If configured only packets destined for thi...

Page 170: ...net mask This parameter is optional If configured only packets from this IP subnet mask have VLAN tagging applied Ethernet VLANs CLI commands Entity Instance Parameter Values Equivalent web parameter eth n vlan on off Enable VLAN support on Ethernet interfaces vlan n vlanid 0 4095 VLAN ID vlan n ethctx Integer Ethernet Interface vlan n ipaddr IP Address IP Address vlan n mask IP Mask Mask vlan n s...

Page 171: ...channel can be selected to override the auto selection The Antenna setting is not available on some but not all TransPort WR routers Country Selecting a country from the drop down list restricts the channels that the router will use See Restricting Wi Fi channels by country for more info on licensed channels Network Mode Select your chosen mode of operation from the drop down list The available op...

Page 172: ...rding to the channels supported in a particular country Following is a list of the countries that are currently supported Entity Instance Parameter Values Equivalent web parameter wifi 0 country Country name Country wifi 0 chanmode a an anac bg bgn Network Mode wifi 0 channel auto 1 14 36 40 44 48 56 60 64 149 153 155 157 161 165 Channel wifi 0 nocfg 0 No restrictions 1 Disable management 2 Disabl...

Page 173: ...as Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jordan Kazakhstan Kenya North Korea South Korea Kuwait Latvia Lebanon Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Malaysia Mexico Monaco Morocco Netherlands New Zealand Nicaragua Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Si...

Page 174: ... Note It is illegal to use restricted channels in certain countries Region 2 4 GHz channels 5 GHz channels EMEA excluding France 1 13 36 40 44 48 France 10 13 36 40 44 48 Americas excluding Mexico 1 11 36 40 44 48 149 153 157 161 165 Mexico 1 8 Indoor 9 11 outdoor 36 40 44 48 149 153 157 161 165 Israel 3 9 36 40 44 48 149 153 157 161 165 China 1 11 149 153 157 161 165 Japan 1 14 36 40 44 48 ...

Page 175: ...ation If enabled specifies that Wi Fi hotspot authentication is required for Wi Fi clients You can then select the RADIUS configuration to use Hotspot Exceptions It is possible to configure a number of web locations for which authentication is not required These settings allow the splashscreen to access these locations in order to display them to the client when authenticating Wi Fi Hotspot CLI co...

Page 176: ...C address table will be allowed to connect MAC Address MAC addresses of Wi Fi client that you wish to allow access to A valid MAC address has the format 11 22 33 44 55 66 When entering this parameter omit the separators For example 112233445566 Note Carefully review settings before applying changes Incorrect settings can make the TransPort device inaccessible from the Wi Fi network Wi Fi Filtering...

Page 177: ...fset This parameter applies to TransPort WR44v2 models with a Wi Fi a b g n module only Normally users do not need to change this parameter An offset specified in dBm that is added to the noise floor calculated by the Wi Fi module and used in clear channel assessment when frames are transmitted and in determining the signal strength of clients Using this parameter can address problems in noisy env...

Page 178: ...e multiple Ethernet instances to a single Wi Fi instance If this is required only one Ethernet instance should be configured Enable this Wi Fi interface The Wi Fi interface can be enabled or disabled Description A descriptive name for the Wi Fi interface to make it easier to identify SSID When the Wi Fi interface is configured to be an Access Point this is the SSID that is advertised to the Wi Fi ...

Page 179: ...instance Note that multiple Wi Fi interfaces can be members of the same Bridge instance Link this Wi Fi client interface with Ethernet n When the Wi Fi interface is configured to be a client it must be bridged to a particular Ethernet interface This Wi Fi rogue scanner will use Ethernet n When the Wi Fi interface is configured to be a rogue scanner it uses the selected Ethernet interface Hide SSID...

Page 180: ...out consecutive seconds monitoring stops and the client starts scanning for Access Points Entity Instance Parameter Values Equivalent web parameter wifinode 0 enabled on off Enable this Wi Fi interface wifinode 0 descr String Description wifinode 0 ssid Stringupto32 characters SSID wifinode 0 mode ap client rogue Mode wifinode o bridge_inst 0 3 This Wi Fi interface is a member of Bridge instance n...

Page 181: ...ettings The various WEP security settings for both Access Point and Client modes WEP Key size The WEP key size to use WEP Key index The WEP key index number This needs to match the index selected on the connecting Wi Fi clients or Access Points that this router wishes to connect to WEP Key Confirm WEP Key If the WEP key size is 64 bits the key should be 5 characters long If the WEP key size is 128...

Page 182: ...S WPA2 RADIUS security settings for both Access Point and Client modes WPA Encryption The encryption algorithm to use The options are TKIP AES CCMP RADIUS NAS ID The NAS ID of the RADIUS server RADIUS Server IP Address The IP address of the RADIUS server RADIUS Server Password Confirm RADIUS Server Password The password of the RADIUS server ...

Page 183: ...ent web parameter wifinode 0 security none wep wpapsk wpa2psk wparadius wpa2radius Use the following security on this Wi Fi interface wifinode 0 weptype open sharedkey Not available on the WEB wifinode 0 wepkeylen 64 128 WEP Key size wifinode 0 wepkeyindex 1 4 WEP Key index wifinode 0 wpatype tkip aes WPA Encryption wifinode 0 sharedkey text WEP Key WPA pre shared key radcli n nasid String RADIUS ...

Page 184: ... WEP wifinode 0 security wep wifinode 0 weptype sharedkey wifinode 0 wepkeylen 64 128 wifinode 0 wepkeyindex 1 4 wifinode 0 sharedkey 5 or 13 char key WPA TKIP wifinode 0 security wparadius wifinode 0 wpatype tkip wifinode 0 radiuscfg 1 WPA2 TKIP wifinode 0 security wpa2radius wifinode 0 wpatype tkip wifinode 0 radiuscfg 1 WPA PSK TKIP wifinode 0 security wpapsk wifinode 0 wpatype tkip wifinode 0 ...

Page 185: ...WR Routers User Guide 185 WPA PSK AES wifinode 0 security wpapsk wifinode 0 wpatype aes wifinode 0 sharedkey 8 63 char key WPA2 PSK AES wifinode 0 security wpa2psk wifinode 0 wpatype aes wifinode 0 sharedkey 8 63 char key Network Authentication Data Encryption CLI Commands ...

Page 186: ...ted an event log entry is created and an alarm such as email SMS SNMP Trap can be triggered It is possible to configure a list of the MAC addresses of the authorized Access Points that will not be reported when detected MAC Address The MAC address of an authorized Access Point Add button Adds the authorized Access Point to the list of authorized Access Points Perform Rogue Scan button Performs a s...

Page 187: ...ating remote configuration of deployed routers Before attempting to connect to a wireless service you must set several parameters specific to your mobile network operator Have the following information on hand The assigned APN Access Point Name PIN Number for your SIM card if any Username and password Once the W WAN router is correctly configured check to see if it has obtained an IP address from ...

Page 188: ...nt misuse if they are lost or stolen The GSM operator should be able to confirm if the SIM requires a PIN code If you enter a PIN code in this field the router will try to unlock the SIM before attempting to connect to the network Confirm SIM PIN Enter the PIN again in this field to confirm it APN An alternative service APN for use in the event that the router cannot connect using the primary APN ...

Page 189: ... Backup APN modemcc 0 buapn Free text field Use backup APN modemcc 0 pin SIM PIN number SIM PIN Confirm SIM PIN ppp 1 username Free text field Username ppp 1 password Free text field Password Confirm Password Entity Instance Parameter Values Equivalent web parameter modemcc 0 Apn_2 Free text field Service Plan APN modemcc 0 Usebuapn_2 on off Checkbox Use Backup APN modemcc 0 Buapn_2 Free text fiel...

Page 190: ...tivity Timeout h hrs m mins s seconds The amount of time the router waits without receiving any PPP packets before disconnecting This inactivity timeout is reset with each received PPP packet Mobile Connection Settings CLI commands Entity Instance Parameter Values Equivalent web parameter ppp n rxtimeout off on Re establish connection when no data is received for a period of time ppp 1 rxtimeout 0...

Page 191: ... within an IPSec packet When enabled displays the following parameters Keep Security Associations SAs when this Mobile interface is disconnected Configures the router to keep any existing IKE and IPsec associations should the link drop This is usually applied on head end routers with fixed IP addresses Use interface X Y for the source IP address of IPsec packets By default the source IP address fo...

Page 192: ... 1 do_nat 2 Enable NAT on this interface IP Address and Port ppp 1 ipsec 1 Enable IPsec on this interface ppp 1 ipsec 2 Keep Security Associations SAs when this Mobile interface is disconnected ppp 1 ipsecent blank ETH PPP Use interface X Y for the source IP address of IPsec packets x Interface type ppp 1 ipsecadd 0 255 Use interface X Y for the source IP address of IPsec packets y interface numbe...

Page 193: ...bile cellular interfaces Digi TransPort WR Routers User Guide 193 SIM Selection The SIM Selection section launches the Dual SIM wizard for failing over from 1 SIM to another Click here to launch the Dual SIM wizard Launches the Dual SIM wizard ...

Page 194: ...tus Interfaces Mobile See Quick Note 25 CDMA Provisioning on a Digi TransPort Router for example configuration Provider If the router was not supplied pre provisioned obtain the following details from the Service Provider A 15 digit IMSI International Mobile Subscriber Identity An NAI Network Access Identifier An NAI password Once these details have been obtained it is possible to provision the CD...

Page 195: ...ning experience should not require these parameters explaining MSL The master subsidy lock MSL code Get this code from the mobile operator MDN The personal telephone number Get this number from the mobile operator MIN MSID The mobile station identifier Get this identifier from the mobile operator Manual provisioning CLI commands Entity Instance Parameter Values Equivalent web parameter provision 0...

Page 196: ... ID NAI The Network Access ID MIP Home Address The MIP Home Address Primary Home Agent The Primary Home Agent Secondary Home Agent The Secondary Home Agent HA shared secret 0xn HIPx strings must start 0x The HA shared secret AAA shared secret 0xn Hex strings must start 0x The AAA shared secret HA SPI The HA SPI AAA SPI The AAA SPI Enable Reverse tunneling Enables reverse tunneling if required ...

Page 197: ...Access ID NAI provision 0 String9 Free text field MIP Home Address provision 0 String10 Free text field Primary Home Agent provision 0 String11 Free text field Secondary Home Agent provision 0 String12 Hex string HA shared secret 0xn Hex strings must start 0x provision 0 String13 Hex string AAA shared secret 0xn Hex strings must start 0x provision 0 String14 Free text field HA SPI provision 0 Stri...

Page 198: ...the mobile operator PRL filename The name of preferred roaming list file Get this file name from the mobile operator Note Except for older Sierra Wireless modules PRL update on both the Verizon and Sprint networks is carried out over the air OTA Manual PRL update using a PRL file is not available To initiate automatic over the air PRL update click the Start button Please note that PRL update is no...

Page 199: ...acters AT then sent to the wireless module in the order specified until an empty string is encountered For example Initialisation string 3 is not sent unless Initialisation string 1 and Initialisation string 2 are both specified Initialisation strings are not normally required for most applications as the router will normally be preconfigured for correct operation with most networks Hang up string...

Page 200: ...alue Setting this parameter to 0 prevents the router from power cycling the wireless module if it cannot obtain an IP address Reset the module after n unsuccessful status retrieval attempts The router periodically collects status information from the internal wireless module This information which may be viewed on the Management Network Status Interfaces Mobile web page includes details of the sig...

Page 201: ...im puk code SIM PUK Confirm SIM PUK modemcc 0 init_str Free text field Initialisation string 1 modemcc 0 init_str1 Free text field Initialisation string 2 modemcc 0 init_str2 Free text field Initialisation string 3 modemcc 0 hang_str Free text field Hang up string modemcc 0 posthang_str Free text field Post Hang up string modemcc 0 intercall_idle 0 2147483647 Wait n seconds between hanging up and ...

Page 202: ...G2G 3G4G2G 3G4G 3G2G4G 3G2G 2G4G3G 2G4G 2G3G4G 2G3G Preferred System Allows the module to lock to a particular connection type 0 Auto Uses default setting may be set by the carrier in the SIM 1 GSM 2 WCDMA 2G 2G only 3G 3G only 4G 4G only 4G3G2G 4G 3G or 2G only 4G3G 4G or 3G only 4G2G3G 4G 2G 3G only 4G2G 4G or 2G only 3G4G2G 3G 4G or 2G only 3G4G 3G or 4G only 3G2G4G 3G 2G or 4G only 3G2G 3G or ...

Page 203: ...ext field Initialisation string 3 modemcc 0 hang_str_2 Free text field Hang up string modemcc 0 posthang_str_2 Free text field Post Hang up string modemcc 0 intercall_idle_2 0 2147483647 Wait n seconds between hanging up and allowing another call modemcc 0 att_interval_2 0 2147483647 Wait n seconds between attachment attempts modemcc 0 link_retries_2 0 2147483647 Reset the module after n unsuccess...

Page 204: ... is lost modemcc 0 Psys_ 0 1 2 2G 3G 4G 4G3G2G 4G3G 4G2G3G 4G2G 3G4G2G 3G4G 3G2G4G 3G2G 2G4G3G 2G4G 2G3G4G 2G3G Preferred System 0 Auto 1 GSM 2 WCDMA 2G 2G only 3G 3G only 4G 4G only 4G3G2G 4G 3G or 2G only 4G3G 4G or 3G only 4G2G3G 4G 2G 3G only 4G2G 4G or 2G only 3G4G2G 3G 4G or 2G only 3G4G 3G or 4G only 3G2G4G 3G 2G or 4G only 3G2G 3G or 2G only 2G4G3G 2G 4G or 3G only 2G4G 2G or 4G only 2G3G4...

Page 205: ...ter will transmit heartbeat packets to the specified IP address hostname at the specified interval Use interface x y for the source IP address Allows the selection of the source interface for the UDP heartbeats For example it may be required to send the heartbeat packets down a VPN tunnel And in order to match the corresponding subnets of the VPN it might require changing the source IP to match an...

Page 206: ...set the router uses this value as the interval to ping at when more than one ping request sent out the PPP interface is outstanding This should be set to a shorter interval than the above ping request interval so that the router may more quickly react to a broken PPP link Switch to sending pings to IP host a b c d after n failures Allows a for more reliable problem detection before fail over occur...

Page 207: ... s seconds An amount of time after which the device does not receive any ping response the router terminates the mobile connection in an attempt to re establish communications Because by default the mobile link is always on the router automatically attempts to re establish a PPP connection that has been terminated Use the ETH 0 IP address as the source IP address When enabled the router uses the I...

Page 208: ...formation in the Heartbeat message ppp 1 hbgps on off Include GPS information in the Heartbeat message ppp 1 off on Generate Ping packets on this interface ppp 1 pingsiz number Send n byte pings to IP host a b c d every h hrs m mins s secs ppp 1 pingip IP addressd Send n byte pings to IP host a b c d every h hrs m mins s secs ppp 1 pingint 0 2147483647 seconds Sendn byte pings to IP hosta b c d ev...

Page 209: ...e 209 ppp 1 pingdeact 0 2147483647 Reset the link if no response is received within s seconds ppp 1 pingfreth0 on off Use the ETH 0 IP address as the source IP address ppp 1 pingresetint on off Defer sending pings if IP traffic is being received Entity Instance Parameter Values Equivalent web parameter ...

Page 210: ...turns off checking Send received SMS messages to the command interpreter If enabled any received SMS messages are sent to the command interpreter Enable command replies via SMS Enables or disables replies to SMS commands Concatenate replies Normally an SMS message is limited to 160 characters However the ETSI standard specifies a way to allow a number of SMS messages to be linked together by the s...

Page 211: ...arms Event Settings SMS web page If no number is specified it is possible that the router operates using the default message centre for the GSM service to which you have subscribed SMS access level The access level for SMS commands The access level set here needs to match the level required by the command sent by SMS for the command to be accepted Use x as a command separator default is CR The cha...

Page 212: ...ult when enabled Concatenate replies modemcc 0 sca Free text field Use this SMS message centre number n instead of the network default modemcc 0 sms_access 0 Super default 1 High 2 Medium 3 Low 4 None 5 HighLow 6 HighMedium 7 CheckPar SMS access level modemcc 0 sms_cmd_sep Free text field Use as a command separator default is CR modemcc 0 sms_callerid Mobiletelephone number Allow CLI commands from...

Page 213: ...ult when enabled Concatenate replies modemcc 0 Sca_2 Free text field Use this SMS message centre number n instead of the network default modemcc 0 sms_access_2 0 Super default 1 High 2 Medium 3 Low 4 None 5 HighLow 6 HighMedium 7 CheckPar SMS access level modemcc 0 sms_cmd_sep Free text field Use as a command separator default is CR modemcc 0 sms_callerid Mobile telephone number Allow CLI commands...

Page 214: ...nfigured everything the W WAN SIM indicator on the front panel should illuminate green to show that a W WAN enabled SIM card is present 4 The router will now attempt to log on to the specified mobile network If it is able to do so the W WAN NET indicator will illuminate steady 5 Data passing to and from the network is reflected by the status of the DAT indicator which flashes green 6 If you cannot...

Page 215: ...Configure network interfaces Configure mobile cellular interfaces Digi TransPort WR Routers User Guide 215 ...

Page 216: ... this box to enable PVC settings Encapsulation The method of encapsulation to use when transporting data over this APVC The appropriate value can be selected from a drop list which includes the following options To use PPPoA or PPPoE encapsulation one of the available PPP instances must first be configured to use this APVC instance as its Layer 1 interface on the associated Configuration Interface...

Page 217: ...sabled no NAT occurs When this parameter is enabled the extra options described below are displayed NAT and NAPT can have many uses but they are generally employed to allow a number of private IP hosts PCs for example to connect to the Internet through a single shared public IP address This has two main advantages it saves on IP address space the ISP only need assign you one IP address and it isol...

Page 218: ...f such a scenario were to occur with NAT the router would be unable to determine which private host to route the returning packets to and the connection would fail NAT Source IP address If specified and NAT mode is set to NAT or NATP for this interface then the source address of packets being sent out this interface is changed to this address rather than the interface address Enable IPsec on this ...

Page 219: ...nd prevent further transfer Along with the Issue a warning event after parameter networks use this setting when the tariff is based on the amount of data transferred to help prevent excess charges being incurred You can select kilobytes megabytes or gigabytes via the drop down box Reset the data limit on the x day of the month If you wish to automatically unlock a locked interface at the start of ...

Page 220: ..._nat 1 on Enable NAT on this interface IP Address ppp 1 do_nat 2 on Enable NAT on this interface IP Address and port ppp 1 natip IP Address NAT Source IP Address ppp 1 ipsec on off Enable IPSec on this interface ppp 1 firewall on off Enable the firewall on this interface ppp 1 dlwarnkb Kbytes Mbytes GBytes Issue a warning event after ppp 1 dlstopkb Kbytes Mbytes GBytes Stop data from being transmi...

Page 221: ...arameters as follows This parameter specifies the maximum allowable rate at which cells can be transported along a connection in the ATM network The PCR is the determining factor in how often cells are sent in relation to time in an effort to minimize jitter PCR generally is coupled with the CDVT Cell Delay Variation Tolerance which indicates how much jitter is allowable Sustained cell rate cells ...

Page 222: ...outers User Guide 222 Related CLI commands Entity Instance Parameter Values Equivalent web parameter apvc 0 servcat UBR VBR ntr VBR rt CBR Service category apvc 0 pcr n Peak cell rate cells sec apvc 0 scr n Sustained cell rate cells sec apvc 0 mbs n Maximum burst size cells ...

Page 223: ...e this PVC using ATM OAM cells Using Alarm indication signal AIS cells downstream and Remote defect indication RDI cells upstream the router can detect faults between the connecting points of the VP VC and suspend transfer of ATM cells until the VC fault condition is cleared Values Equivalent web parameter Multi mode For Annex A models such as PSTN POTS this option provides automatic selection bet...

Page 224: ... web interface adsl 0 debug 0 1 Where 0 is off and 1 causes debugging information to be sent to the CLI Entity Instance Parameter Values Equivalent web parameter adsl 0 oper_mode Multi ANSI G dmt G lite ADS L2 ADSL2 Operational mode adsl 0 usefwfile on off Load DSL firmware from flash file adsl 0 watchdog on off Enable watchdog apvc 0 oammanage on off Manage this PVC using ATM OAM cells ...

Page 225: ...s parameter with the IP address parameter to clarify the subnet in use on the virtual interface This would normally be a 30 bit mask as this is a point to point link 255 255 255 252 Source IP Address The two sub options here allows you to specify a source address from a specified interface or by manually assigning an address If you do not select either option the router uses the default address fo...

Page 226: ...l interface is receiving traffic correctly or not If keepalives fail the tunnel is marked as down Send a keepalive every s seconds When configured to a non zero value keepalive packets is sent to the remote end of the tunnel and the response is monitored to detect if the tunnel is up or down If the tunnel is detected as down the routing table metric will be altered Value is configured in seconds I...

Page 227: ... interface x y for the source IP address of GRE packets x Interface type tun n source_add 0 255 Use interface x y for the source IP address of GRE packets y interface number tun n source Valid IP address Source IP address to use for GRE packets tun n dest Valid IP address Destination IP address to use for GRE packets tun n kadelay Seconds Send a keepalive every s seconds tun n karetries Number Bri...

Page 228: ...key number to be accepted by this tunnel When enabled the IP address parameter is not required Enable the firewall on this GRE tunnel Turns Firewall script processing on or off for this interface If using the firewall for problem detection on a tunnel interface the interface to put OOS will need to be specified such as pass out break end on tun n from any to 100 100 100 29 port 4000 flags S A insp...

Page 229: ... only Under the CLI commands for GRE Tunnels are parameters specifically relating to RIP Please see the Interfaces Ethernet PPP GRE parameters section on RIP routing for configuration of these sub parameters Entity Instance Parameter Values Equivalent web parameter tun n metric Numeric Metric value Metric for the route associated with this interface tun n MTU MTU value Maximum transmission unit si...

Page 230: ...to 3 incoming calls from 1234563 would be answered but calls from 1234567 would not with ISDN MSN ending with If answering is disabled this parameter is not used Provides the filter for the ISDN Multiple Subscriber Numbering facility It is blank by default but when set to an appropriate value on an answering interface it will cause the router to answer incoming calls to only telephone numbers wher...

Page 231: ...o incoming callers This parameter may require alteration if the default value 10 10 10 0 to 10 10 10 4 does not suit the remote network configuration Mask The IP netmask for the Remote network Use this setting to create a dynamic route to the remote network whenever the ISDN interface is active Primary DNS server The answering ISDN interface would normally supply its own PPP IP address to the peer...

Page 232: ...g IKE and IPsec associations should the link drop This is usually applied on head end routers with fixed IP addresses Use interface X Y for the source IP address of IPsec packets By default the source IP address for an IPSec Eroute is the IP address of the interface on which IPSec was enabled By setting this parameter to either a PPP or Ethernet interface the source IP address IPSec uses will matc...

Page 233: ...b c d to a b c d ppp 0 iprange 1 255 Assign remote IP addresses from a b c d to a b c d ppp 0 dnsserver IP address Primary DNS server ppp 0 secdns IP address Secondary DNS server ppp 0 do_nat 1 Enable NAT on this interface IP Address ppp 0 do_nat 2 Enable NAT on this interface IP address and Port ppp 0 ipsec 1 Enable IPsec on this interface ppp 0 ipsec 2 Keep Security Associations SAs when this IS...

Page 234: ...ction attempt fails Usually the always on interfaces do not go out of service unless they have connected at least once When this option is turned On the interface goes out of service even if the first connection attempt fails Attempt to re connect after n seconds The length of time in seconds the router will wait after an always on ISDN connection has been terminated before trying to re establish ...

Page 235: ...uration Routing Routing Static Route n pages The router uses this timeout until the PPP next deactivates only After that it uses the normal timeout value If the link has been idle for s seconds The router deactivates this interface after the time specified in this text box if it detects that the link has not passed any traffic for that period Alternative idle timer for static routes s seconds An a...

Page 236: ...ransferred The units are specified by a drop down list having the following options KBytes MBytes GBytes For example if the monthly tariff includes up to 5MB of data before excess usage charges are levied it would be useful to set this threshold to 4MB This would cause the router to create a warning entry in the event log once 4MB of data had been transferred You could use this event to trigger an...

Page 237: ...ctivating this interface ppp n tband 0 4 Control when this interface can connect using Time Band n ppp n minup 0 2147483647 Keep this interface up for at least s seconds ppp n maxup 0 2147483647 Close this interface after s seconds ppp n maxuptime 0 2147483647 if it has been up for m minutes in a day ppp n timeout 0 2147483648 if the link has been idle for s seconds ppp n timeout2 0 2147483648 Alt...

Page 238: ...rs The telephone numbers to use to make an outgoing connection in sequence Prefix n to the dial out number The dialing prefix to use if needed This may be necessary when using a PABX Username The username to use when using the PPP instance to connect to the remote peer This username is normally provided by an ISP for use with a dial in Internet access service Password The password to use for authe...

Page 239: ...ol configuration phase of the PPP negotiation process Primary DNS server The IP address of the primary DNS server that the remote peer should use when making DNS requests over the link Secondary DNS server The IP address of the secondary DNS server that the remote peer should use when making DNS requests should the primary server be unavailable Allow the PPP interface to answer incoming calls When...

Page 240: ... currently being configured as the source address for IPsec packets this may be achieved by selecting the desired interface from the drop down list and typing the desired interface instance number into the adjacent text box Enable the firewall on this interface When enabled applies the firewall rules to traffic using this interface Related CLI commands Entity Instance Parameter Values Equivalent w...

Page 241: ...remote IP addresses from a b c d to a b c d ppp n transDNS Valid IP address a b c d Primary DNS server a b c d ppp n sectransDNS Valid IP address a b c d Secondary DNS server a b c d ppp n ans off on Allow this PPP interface to answer incoming calls ppp n cingnb up to 25 digits Only allow calling numbers ending with n ppp n do_nat 0 1 2 0 Disabled 1 IP address 2 IP address and port Enable NAT on t...

Page 242: ...r should wait after an always on PPP connection has been terminated before trying to re establish the link If an inhibited PPP interface is connected attempt to re connect after s seconds The value in this setting takes precedence over the previous parameter when another PPP instance that is usually inhibited by this one is connected This parameter typically reduces the connection retry rate when ...

Page 243: ...receiving any PPP packets before disconnecting The timer is reset with each received PPP packet If the negotiation is not complete in s seconds The maximum time in seconds allowed for the PPP negotiation to complete If negotiations have not completed within this period the interface is deactivated Generate an event after this interface has been up for m minutes The number of minutes if any after w...

Page 244: ...n attempt fails ppp n aodi_dly 0 2147483647 Attempt to reconnect after s seconds ppp n aodi_dly2 0 2147483647 Ifan inhibitedPPP interface isconnected attempt to re connect after s seconds ppp n pwr_dly 0 2147483647 Wait s seconds after power up before activating this interface ppp n tband 0 4 Control when this interface can connect using Time Band n ppp n minup 0 2147483647 Keep this interface up ...

Page 245: ...g configuration parameters Mode When the DTE DCE mode parameter is set to DTE the router behaves as a DTE This is the default value and should not be changed for normal operation across the ISDN network If your application involves using two routers back to back one of the routers should have the DTE mode value set to DCE N400 Counter The standard LAPB LAPD retry counter The default value is 3 and...

Page 246: ...nces are sharing this LAPD instance the maximum transmission rates of all instances will be limited Rx Throughput Used in conjunction with the Tx Throughput parameter to limit the maximum data throughput on a LAPD link in bits per second If this parameter is set to 0 the router will transmit data across the LADP link as fast as possible whilst observing hardware or software flow control if enabled...

Page 247: ...on when an X 25 PAD session is terminated Enable D64S Mode D64S mode is a mode for using ISDN B channel s without the need to use any D channel protocol It is sometimes referred to as nailed up ISDN To enable this mode for this LAPD instance enable the D64S mode parameter and make sure the TEI parameter is set to 255 This means that for any application that uses ISDN such as PPP the application us...

Page 248: ...n t200 1 60000 T200 Timer n msecs LAPD n tei 0 255 TEI LAPD n window 1 7 D channel X 25 Tx Window Size LAPD n tthruput 0 1410065407 Tx Throughput LAPD n rthruput 0 1410065407 Rx Throughput LAPD n keepact off on Reactivate D channel connection LAPD n reactsecs 0 2147483647 Reactivate after n secs LAPD n nodeact off After X 25 PAD session is terminated Deactivate the LAPD session LAPD n nodeact on A...

Page 249: ...e true subject to the entity s MSN Calling Number and Sub address parameters being set to their default values An Adapt instance is bound to an asynchronous serial port ASY and the answer ring count S0 for that serial port is set to 1 A LAPB instance has its answering parameter set to On A PPP instance has its answering parameter set to On If more than one of these protocols are configured to auto...

Page 250: ... answering priority than PPP the Adapt instance will answer when either of the numbers are called However if the ISDN number dialed is 123456 and 456 is entered into the MSN parameter of PPP PPP will answer instead This will also have the effect of preventing PPP from answering if any other ISDN number such as 123457 has been called This means that whenever 123456 is called the PPP instance will a...

Page 251: ... command from the command line Other ASY port options such as command echo result code format etc should also be configured as necessary Initiating a V 120 call Once the initial configuration is complete V 120 calls may be initiated using the appropriate ATD command For example atd01234567890 A successful connection will be indicated by a CONNECT result code being issued to the ASY port and the ro...

Page 252: ...er protocols configured to answer on other ASY ports To do this disable answering for the other ports protocols or by using the MSN and or Sub address parameters to selectively answer calls to different telephone numbers using different protocols For example if you have subscribed to the ISDN MSN facility you may have been allocated say four telephone numbers ending in 4 5 6 and 7 You could then s...

Page 253: ...he interface Dial out using numbers The telephone numbers to make an outgoing connection in sequence Prefix n to the dial out number The dialing prefix to use if needed This may be necessary when using a PABX Username The username to use when using the PPP instance to connect to the remote peer This is normally provided by an ISP for use with a dial in Internet access service Password The password...

Page 254: ...tion process Primary DNS server The IP address of the primary DNS server that the remote peer should use when making DNS requests over the link Secondary DNS server The IP address of the secondary DNS server that the remote peer should use when making DNS requests should the primary server be unavailable Allow the PPP interface to answer incoming calls When enabled causes the PPP instance to answe...

Page 255: ... maintain such as not flush the SA when the interface becomes disconnected The normal behavior is to remove the SAs when the interface becomes disconnected Use interface x y for the source IP address of IPsec packets If it is required to use another interface such as not the interface currently being configured as the source address for IPsec packets this may be achieved by selecting the desired i...

Page 256: ...ter in conjunction with l_addr ppp n l_addr off on When on allows negotiation when off force use of specified IP address Use a b c d as the local IP address of this router ppp n DNSserver Valid IP address a b c d Use the following DNS servers if not negotiated Primary DNS server a b c d ppp n secDNS Valid IP address a b c d Use the following DNS servers if not negotiated Secondary DNS server a b c...

Page 257: ...interface IP address IP address and Port ppp n nat_ip Valid IP address a b c d NAT Source IP address a b c d ppp n ipsec 0 Disabled 1 Enabled 2 Enabled and Keep SAs Enable IPsec on this interface Keep Security Associations when this PSTN interface is disconnected ppp n firewall off on Enable the firewall on this interface Entity Instance Parameter Values Equivalent web parameter ...

Page 258: ...k If an inhibited PPP interface is connected attempt to re connect after s seconds The value in this text box takes precedence over the previous parameter when another PPP instance that is usually inhibited by this one is connected Use this parameter to reduce the connection retry rate when a lower priority PPP instance is connected Wait s seconds after power up before activating this interface Th...

Page 259: ... receiving any PPP packets before disconnecting The timer is reset with each received PPP packet If the negotiation is not complete in s seconds The maximum time in seconds allowed for the PPP negotiation to complete If negotiations have not completed within this period the interface is deactivated Generate an event after this interface has been up for m minutes The number of minutes if any after ...

Page 260: ...ls ppp n aodi_dly 0 2147483647 Attempt to reconnect after s seconds ppp n aodi_dly2 0 2147483647 If an inhibited PPP interface is connected attempt to re connect after s seconds ppp n pwr_dly 0 2147483647 Wait s seconds after power up before activating this interface ppp n tband 0 4 Control when this interface can connect using Time Band n ppp n minup 0 2147483647 Keep this interface up for at lea...

Page 261: ...erfaces Digi TransPort WR Routers User Guide 261 ppp n dlstopkb 0 2147483647 Stop data from being transmitted after n units ppp n dlrstday 0 255 Reset the data limit on the n day of the month Entity Instance Parameter Values Equivalent web parameter ...

Page 262: ... functionality to control traffic on the interface If PPP is selected the web page expands to display the standard PPP configuration settings If Protocol Switch is selected only the four settings described immediately below are visible Max time to RING line s seconds The maximum number of seconds that the RING signal should be generated for RING frequency n Hz The DialServ module generates a RING ...

Page 263: ...y Prefix n to the dial out number The dialing prefix to use if needed This may be necessary when using a PABX Username The username to use when using the PPP instance to connect to the remote peer Password The password to use for authenticating the remote peer specified in conjunction with the Username Confirm Password Type the password into this text box to enable the router to confirm that the p...

Page 264: ...ation phase of the PPP negotiation process Primary DNS server The IP address of the primary DNS server the remote peer should use when making DNS requests over the link Secondary DNS server The IP address of the secondary DNS server that the remote peer should use when making DNS requests should the primary server be unavailable Allow the PPP interface to answer incoming calls When enabled causes ...

Page 265: ...configured as the source address for IPsec packets this may be achieved by selecting the desired interface from the drop down list and typing the desired interface instance number into the adjacent text box Enable the firewall on this interface When enabled applies the firewall rules to traffic using this interface Related CLI commands Entity Instance Parameter Values Equivalent web parameter ppp ...

Page 266: ...resses from a b c d to a b c d ppp n transDNS Valid IP address a b c d Primary DNS server a b c d ppp n sectransDNS Valid IP address a b c d Secondary DNS server a b c d ppp n ans off on Allow this PPP interface to answer incoming calls ppp n do_nat 0 1 2 0 Disabled 1 IP address 2 IP address and port Enable NAT on this interface IP address IP address and Port ppp n natip Valid IP address a b c d N...

Page 267: ... router should wait after an always on PPP connection has been terminated before trying to re establish the link If an inhibited PPP interface is connected attempt to re connect after s seconds This setting takes precedence over the previous parameter when another PPP instance that is usually inhibited by this one is connected Use this parameter to reduce the connection retry rate when a lower pri...

Page 268: ...t receiving any PPP packets before disconnecting The timer is reset with each received PPP packet If the negotiation is not complete in s seconds The maximum time in seconds allowed for the PPP negotiation to complete If negotiations have not completed within this period the interface is deactivated Generate an event after this interface has been up for m minutes The number of minutes if any after...

Page 269: ...fails ppp n aodi_dly 0 2147483647 Attempt to reconnect after s seconds ppp n aodi_dly2 0 2147483647 If an inhibited PPP interface is connected attempt to re connect after s seconds ppp n pwr_dly 0 2147483647 Wait s seconds after power up before activating this interface ppp n tband 0 4 Control when this interface can connect using Time Band n ppp n minup 0 2147483647 Keep this interface up for at ...

Page 270: ...nterfaces Digi TransPort WR Routers User Guide 270 ppp n dlstopkb 0 2147483647 Stop data from being transmitted after n units ppp n dlrstday 0 255 Reset the data limit on the n day of the month Entity Instance Parameter Values Equivalent web parameter ...

Page 271: ...he basic configuration of a serial port Enable this serial interface When disabled this is the only item that appears in the section Enabling this setting displays additional configuration parameters Description A description for the interface For example if the serial interface is connected to a card payment device the description could read Till 1 or similar appropriate text Baud Rate The requir...

Page 272: ...The required level of verbosity for command result codes The available options are Verbose Numeric None Related CLI commands Entity Instance Parameter Values Equivalent web parameter asy n a descr Free text description of interface Description S31 n n a n a Where n 3 115200 4 57600 5 38400 6 19200 7 9600 8 4800 Baud rate S23 n n a n a Where n 0 None 1 Odd 2 Even 5 8 Data Odd 6 8 Data Even Default ...

Page 273: ... serial interfaces Digi TransPort WR Routers User Guide 273 En n a n a Where n 0 No echo 1 echo Enable echo on this interface Vn n a n a Where n 0 numeric 1 verbose CLI result codes Entity Instance Parameter Values Equivalent web parameter ...

Page 274: ... line when an ISDN connection has been established this is equivalent to AT C1 On Configures the router such that the DCD line is always asserted when the router is powered up this is equivalent to AT C0 Off Configures the router such that the DCD line is normally asserted but is de asserted for the time period specified by the S10 register after a call is disconnected this is equivalent to AT C2 ...

Page 275: ...sequence becomes a pause of 1 second and then AT to drop back to AT command mode If a delay of some other value is required enter it in the text box Forwarding Timeout s x 10 milliseconds The length of time that the router will wait for more data after receiving at least one octet of data through the serial port and transmitting it onwards This timer is reset each time more data is received The ro...

Page 276: ...ter n rings Cn n a n a Where n 0 On 1 Auto 2 Off 3 Pulse low DCD Dn n a n a Where n 0 None 1 Drop line 2 Drop line call 5 Drop call on transition 6 Drop line call on transition DTR S45 n n a n a Where n 0 255 DTR de bounce S2 n n a n a Where n ASCII value Escape Character S12 n n a n a Where n 0 255 Escape delay S15 n n a n a Where n 0 255 Forwarding Timeout S3 n n a n a Where n ASCII value Break ...

Page 277: ...r powers up Select 1 from the selection box to make profile 1 the active profile Load Config from Profile n Select 0 from the drop down selection box and click the button to load profile 0 Apply Save Changes to Profile n Select 0 from the drop down selection box and click the button to apply configuration changes and save profile 0 after making any changes Related CLI commands Entity Instance Para...

Page 278: ...ts available varies depending on the model and any optional modules fitted Description A description of the interface if one is required Clock source Internal External Select between internal or external clock sources for the interface Mode The specific serial protocol to use Which buttons appear depend upon the capabilities of the interface The options available are V 35 EIA530 RS232 EIA530A RS44...

Page 279: ...5 LAPB page When configuring LAPB parameters be aware that adapt 0 uses LAPB 2 and adapt 1 uses LAPB 3 Attempt to redial the connection n times if rate adaption has not been negotiated If an ISDN connection is established but rate adaption is not negotiated the value in this text box specifies how many times the router should drop the connection and redial it Drop the connection if it is idle for ...

Page 280: ...connection n times adapt 0 1 tinact 0 86400 Drop the connection if it is idle for h hrs m mins s secs adapt 0 1 leased_line off on Leased line mode adapt 0 1 sockmode 0 1 0 disable 1 enable Enable TCP rate adaption adapt 0 1 ip_addr valid IP address a b c d Connect to IP Address a b c d Port n adapt 0 1 ip_port valid TCP port number Connect to IP Address a b c d Port n adapt 0 1 lip_port valid TCP...

Page 281: ...table dir into the To column and then click the Add button From The substitute text To The command that should be substituted Add Click this button to add the command mapping Delete When the mapping has been added a Delete button is enabled in the right hand column Clicking this button removes the binding from the table Allow AT Responses Enables or disables entry of AT commands and their response...

Page 282: ...are bound to serial interfaces using a table with a drop down list box for selecting the protocol and a drop down list for selecting the serial port By default if no specific protocol is bound to a serial interface a PPP instance is automatically associated with that port This means that PPP is treated as the default protocol associated with the serial ports Protocol Select the desired protocol fr...

Page 283: ...ynchronous serial port 3 Access the Internet using PPP To access the Internet using PPP via a terminal connected to serial interface 2 enter the command bind ppp 1 asy 2 Bind a TANS instance to an ADAPT instance Currently it is only possible to bind a TANS instance to an ADAPT instance using the bind command The format of the command is bind adapt instance tans instance Entity Instance Parameter V...

Page 284: ...on the port defined above only Send TCP Keep Alives every s seconds The amount of time in seconds a connection stays open without any traffic being passed Enable Stay Connected mode When enabled causes the router to refrain from clearing the TCP socket at the end of a transaction data call or data session depending on what the TansIP serial port was bound to and what protocol it was using When dis...

Page 285: ...Entity Instance Parameter Values Equivalent web parameter transip n port Valid port number 0 65535 Listen on port transip n host Valid IP address a b c d or hostname Connect to IPaddress a b c d or Hostname transip n remport Valid port number 0 65535 Port transip n keepact 0 255 Send TCP Keep Alives every s seconds transip n staycon on off Enable Stay Connected mode transip n cmd_echo_off on off D...

Page 286: ...nabled or disabled Encrypted RealPort Digi devices also support RealPort software with encryption Encrypted RealPort offers a secure Ethernet connection between the COM or TTY port and a device server or terminal server Encryption prevents internal and external snooping of data across the network by encapsulating the TCP IP packets in a Secure Sockets Layer SSL connection and encrypting the data u...

Page 287: ...ng a device initiated connection Allow s seconds between connection attempts The interval in seconds between device initiated connection attempts Send TCP Keep Alives every s seconds The interval at which TCP Keep Alives are sent over the RealPort connection A value of 0 means that Keep Alives are not sent Send RealPort Keep Alives every s seconds The interval at which RealPort Keep Alives are sen...

Page 288: ...port rport 0 maxnbencsocks 0 255 Maximum number of encryption sockets rport 0 initiate off on Enable Device Initiated RealPort rport 0 IPaddr Valid IP address a b c d Connect to host a b c d Port n rport 0 initiateport 0 65535 Connect to host a b c d Port n rport 0 initiatebackoff 0 255 Allow s seconds between connection attempts rport 0 tcpkeepalives 0 255 Send TCP Keep Alives every s seconds rpo...

Page 289: ...e Multitx When enabled displays the MultiTX settings in the web interface and enables the MultiTX function on the router Serial Port The serial interface to use Data received on this serial will be forwarded to all configured remote hosts Protocol Selects the transport method either TCP or UDP Socket Inactivity Timeout If there is no data transmitted for the specified number of seconds the socket ...

Page 290: ...wards serial data to remote hosts only when the Match String text is present Strip match string before sending When enabled the text in the Match String field is removed before forwarding the data to the remote host Remote host Up to five remote hosts can be specified in these fields Host Enter the hostname or IP address of the remote host in this field Port Enter the TCP or UDP port number that t...

Page 291: ...t WR Routers User Guide 291 multitx 0 fwd_match 0 65535 Send serial data only when the match string is present multitx 0 matchstring 0 255 Match String multitx 0 Strip_match off on Strip match string before sending Entity Instance Parameter Values Equivalent web parameter ...

Page 292: ... that the PPP protocol is bound to the ASY port to which the terminal or PC is connected see Configuration Network Interfaces Serial Note To use ASYNC to SYNC PPP the attached terminal must also support PPP Windows dial up networking supports PPP In addition to ASYNC to SYNC operation where the router only converts the PPP from one form to another the router can initiate its own PPP sessions For e...

Page 293: ...ple external modems ASY Port The physical ASY port for the external modem W WAN mode Enables W WAN mode Initialisation string n These parameters Initialisation string 1 Initialisation string 2 Initialisation string 3 allow you to specify a number of command strings that are sent to the wireless module each time a wireless connection is attempted You can use these parameters to set non standard wir...

Page 294: ...necessary to include the AT as this is inserted automatically by the router Listening init string The listening initialization string parameter for external modems Listening init interval secs The listening init string is sent at intervals specified by a listening init interval parameter Maximum RING count before answering incoming call The count of the maximum number of rings before answering inc...

Page 295: ... by the router this varies between models Each row in the column contains a drop down list box that allows the user to select what function should be associated with each PPP instance The PPP instance number is the left most column For example to assign a W WAN interface to PPP instance 3 select Mobile SIM1 or SIM2 from the drop down box to the right of instance 3 If a W WAN interface is fitted to...

Page 296: ...is password is for both B channel PPP connections Confirm password When changing the password type the new password into this text box The router checks that both fields are the same before changing the value Enable remote CHAP authentication When enabled causes the router to authenticate itself with the remote system using CHAP If this parameter is set the connection will fail if authentication f...

Page 297: ...The second box contains the time in seconds for which the data rate must be below threshold before the second B channel is deactivated Note The following parameters are for use with Always On Dynamic ISDN Bring up the first ISDN B channel When the data rate is greater than n bytes sec for s seconds When Always On mode is enabled these two settings specify the data rate and duration for which the d...

Page 298: ...ppp 0 r_chap on off Enable remote CHAP authentication mlppp 0 l_shortseq on off Default off Enable short sequence numbers mlppp 0 up_rate 0 2147483648 Default 2000 When the data rate is greater than n bytes sec mlppp 0 up_delay 0 2147483648 Default 10 for s seconds mlppp 0 down_rate 0 2147483648 Default 1000 When data rate is less than n bytes sec mlppp 0 down_delay 0 2147483648 Default 10 for s s...

Page 299: ...ake it easier to refer to For example the PPP instance to connect to an ISP could be named MyISP This PPP interface will use If the PPP mappings have been set up previously using the PPP mappings page this box will contain the name of the protocol that has been assigned to this PPP instance If the mapping has not been set up previously and if no default mappings apply the value for this setting sh...

Page 300: ... use for MLPPP login This password is for both B channel PPP connections Confirm password Type the password in this text box to confirm that the password has been correctly typed in Note The following three radio buttons control how the IP address for the router is assigned Allow the remote device to assign a local IP address to this router When this radio button is selected the remote peer will a...

Page 301: ...mon practice for the DNS server to be assigned automatically by the ISP when making a connection Secondary DNS server The IP address of the secondary DNS server to use if one is not automatically assigned by the remote peer DNS Port The network port number of the DNS server Attempt to assign the following IP configuration to remote devices When enabled displays following four configuration paramet...

Page 302: ...alling numbers ending with n When set to answer calls this setting provides a filter for ISDN sub addresses This value is blank by default but when the PPP instance is set to answer calls only numbers having trailing digits that match the sub address value in this test will be answered So for example if this value is set to 123 only calls from numbers with trailing digits that match this value wil...

Page 303: ...egotiation is not complete in s seconds The maximum time in seconds allowed for the PPP negotiation to complete If negotiations have not completed within this period the interface is deactivated Enable NAT on this interface When enabled causes the router to apply Network Address Translation NAT to IP packets on this interface When enabled the following additional parameters appear IP address IP ad...

Page 304: ...users on this interface are prevented from managing the router via Telnet FTP or the web interface For Disable return RST whenever a router receives a TCP SYN packet for one of its own IP addresses with the destination port set to an unexpected value such as a port that the router would normally expect to receive TCP traffic on it will reply with a TCP RST packet This is normal behavior However th...

Page 305: ...numbers ppp n ph2 up to 25 digits Dial out using numbers ppp n ph3 up to 25 digits Dial out using numbers ppp n ph4 up to 25 digits Dial out using numbers ppp n prefix 0 9999999999 Prefix n to the dial out number ppp n username Valid username Username ppp n password Valid password Password ppp n epassword The encrypted password None this parameter is not configurable ppp n r_addr Default 0 0 0 0 s...

Page 306: ...ing with n ppp n msn up to 9 digits with ISDN MSN ending with n ppp n sub up to 17 digits with ISDN sub address ending with n cli ppp n maxup 0 2147483648 Close the PPP connection after s seconds ppp n maxuptime 0 2147483647 if it has been up for m minutes in a day ppp n timeout Default 300s 5 minutes if it has been idle for h m s ppp n timeout2 0 2147483648 Alternative idle timer for static route...

Page 307: ...his interface ppp n qos off on Enable QoS on this interface ppp n use_modem 0 1 This PPP interface will use ppp n cdma_backoff 0 1 Default 1 None ppp n ndis off on Request packet data connection ppp nocfg 0 1 2 3 Remote management access 0 No restrictions 1 Disable management 2 Disable return RST 3 Disable management and return RST ppp n igmp off on Enable IGMP ppp n ifspeed 64000 bps None CLI com...

Page 308: ...etween connection attempts Controls whether the module stays attached to the network if multiple connection attempts are required to establish a connection This functionality may be useful if the connection to the mobile telephone network is not very reliable Connecting to the mobile telephone network to send and receive data is a two stage process The first stage is where the module signals its w...

Page 309: ...tiation has completed This setting defines the delay in notification sent to the TCP layer that PPP negotiation has completed Enable Always On mode of this interface If the Always on option is available on the interface enabling this setting reveals the following two radio buttons When this functionality is enabled the router will automatically try to reconnect after about 10 seconds if the link b...

Page 310: ... on activation timers apply If set to 0 no delay is applied Keep this interface up for at least s seconds The minimum period that the PPP interface should remain available This means that even if the link becomes inactive before this period expires the connection will remain open Enable Multilink PPP on this interface When enabled enables the multilink PPP capability of the router See above for co...

Page 311: ... before the router terminates the link When set to 0 this functionality is disabled such as the router will not terminate the link if the LCP echo requests do not elicit a response from the remote Generate Heartbeats on this interface When enabled displays the configuration options controlling how the router sends heartbeat packets Generating a valid configuration enables the router to send heartb...

Page 312: ...n the left hand text box specifies the number of data bytes in the echo request Typical values are 32 or 64 octets The IP host text box specifies the IP address of the host to which the ping packets are sent The remaining parameters specify how often the ping should be sent Send pings every h hrs m mins s seconds if ping responses are not being received These three text boxes specify the interval ...

Page 313: ...empt to re establish communications since the router will automatically attempt to restart an always on link that has been terminated The router uses function primarily when IP traffic is being carried over a W WAN link and when the associated PPP instance is configured into the always on mode Use ETH 0 IP address as the source IP address When enabled causes the router to use the IP address of int...

Page 314: ...ecifies the total amount of data that may be transmitted by this PPP instance before the link is blocked for further traffic and the value in the drop down list specifies the units which are KBytes MBytes GBytes Reset the data limit on the n day of the month The day of the month on which the data limit is reset to 0 When the link disconnects indicate that the connection failed if no IP packets wer...

Page 315: ...N routers this setting specifies the number of times that a PPP instance which was connected and is then disconnected is allowed to attempt to reconnect before other PPP instances that were inhibited by this PPP instance will be allowed to connect Inhibit this PPP interface if the following PPP instances n are Active Active and not out of service Not out of service Connected and not out of service...

Page 316: ...mage files would be between 2 1 and 3 1 Using compression has the effect of increasing the effective throughput Using compression may offer cost savings on a network where charges are based upon the amount of data transferred such as W WAN networks If the data is already compressed such as zip files or jpg images then the compression algorithm detects this and sends the data without attempting fur...

Page 317: ...y encryption This is because the encryption keys are determined by the PPP engines themselves on start up Use PPP m for processing CHAP TCP transmit buffer size n bytes When the value in this text box is set to a non zero value the router uses the value to set the size of the TCP buffer for transmitted packets This is useful for slow and or lossy connections such as satellite links Setting this bu...

Page 318: ... on off Put this interface Out of Service when an always on connection attempt fails ppp n rdoosdly on off remote disconnect ppp n aodi_dly 0 2147483647 Attempt to reconnect after s seconds ppp n aodi_dly2 0 2147483647 If a PPP interface that would be inhibited by this PPP is connected attempt to re connect after s seconds ppp n pwr_dly 0 2147483647 Wait s seconds after power up before activating ...

Page 319: ...ery h hrs m mins s secs ppp n hbipent Blank PPP ETH Blank is default Use interface x y for the source IP address ppp n hbipadd Valid interface number 0 2147483648 Use interface x y for the source IP address ppp n hbiproute off on Select transmit interface using the routing table ppp n hbimsi off on Include IMSI information in the Heartbeat message ppp n hbgps off on Include GPS information in the ...

Page 320: ... traffic is being received ppp n off on Limit the data transmitted over this interface ppp n dlwarnkb 0 2147483647 Issue a warning event after n XBytes ppp n dlstopkb 0 2147483647 Stop Data from being transmitted after n XBytes ppp n dlrstday 0 255 Reset the data limit on the n day of the month ppp n When the link disconnects indicate that the connection failed if no IP packets were received ppp n...

Page 321: ...it this PPP interface if the following PPP instances n are Active Activeandnotoutofservice notoutof service Connected and not out of service ppp n actmode off on Inhibit other PPP interface if this PPP is interface is disconnected but operational ppp n trafficto 0 2147483648 If this PPP interface is inhibited and data needs to be sent do not bring up the interface bring up interface and use normal...

Page 322: ... settings External modems and PPP Digi TransPort WR Routers User Guide 322 ppp n tcptxbuf 0 2147483648 TCP transmit buffer size n bytes ppp n pppdebug off On ppp n norxrst off on ppp n noremaddr off on Entity Instance Parameter Values Equivalent web parameter ...

Page 323: ... time the PPP instance is disconnected Desired local ACCM The local Asynchronous Control Character Map which has the default value 0x00000000 Changing this value is for advanced users Desired remote ACCM The remote ACCM which has the default value 0xffffffff As above the default will work in nearly all circumstances and should be changed only where really necessary Desired local MRU n bytes The de...

Page 324: ...for outgoing connections Request remote CHAP authentication As with PAP above this setting controls whether or not the router should authenticate itself with the remote device using CHAP The connection will fail if authentication fails Generally this parameter is enabled for outgoing connection and disabled for inbound connections Request local VJ compression When enabled causes the router to requ...

Page 325: ...CHAP MD5 Selecting enabled from the drop down menu allows the router to authenticate logins using the CHAP MD 5 algorithm MS CHAP Selecting enabled from the drop down menu allows the router to authenticate logins using Microsoft s proprietary MS CHAP algorithm MS CHAPv2 Selecting enabled from the drop down menu allows the router to authenticate logins using version 2 of Microsoft s proprietary MS ...

Page 326: ...mru 0 n Default 1500 Desired local MRU ppp n r_mru 0 n Default 1500 Desired remote MRU ppp n l_acfc off on Request local ACFC ppp n r_acfc off on Request remote ACFC ppp n l_pap off on Request local PAP authentication ppp n r_pap off on Request remote PAP authentication ppp n l_chap off on Request local CHAP authentication ppp n r_chap off on Request remote CHAP authentication ppp n l_comp off on ...

Page 327: ...henticate using MS CHAP ppp n l_ms2 0 2 0 Disabled 1 Enabled 2 Preferred Allow this unit to authenticate using MS CHAPv2 ppp n r_ms2 0 1 0 Off 1 On Allow remote unit to authenticate using MS CHAPv2 ppp n lcn 0 4096 LCN ppp n lcnup 1 up 0 down LCN direction ppp n defpak 16 32 64 128 256 5 12 or 1024 Default X 25 packet size ppp n cingnua text valid NUA Use NUA ppp n ipmode 0 XOT 1 raw TCP Use TPAD ...

Page 328: ...es Configure Advanced interfaces settings External modems and PPP Digi TransPort WR Routers User Guide 328 ppp n bakcingnua ppp n baknum ppp n dmnr_reg ppp n dmnrtun_add Entity Instance Parameter Values Equivalent web parameter ...

Page 329: ...bled displays the following QoS configuration parameters Link speed n Kbps The value in this text entry box should be set to the maximum data rate that this PPP link is capable of sustaining The router uses this setting when calculating whether the data rate from a queue exceeds its minimum Kbps setting as determined by the profile assigned to it and send at a higher rate up to the maximum Kbps se...

Page 330: ... Profile qos n q1prio 0 4 Queue 1 Priority qos n q2prof 0 11 Queue 2 Profile qos n q2prio 0 4 Queue 2 Priority qos n q3prof 0 11 Queue 3 Profile qos n q3prio 0 4 Queue 3 Priority qos n q4prof 0 11 Queue 4 Profile qos n q4prio 0 4 Queue 4 Priority qos n q5prof 0 11 Queue 5 Profile qos n q5prio 0 4 Queue 5 Priority qos n q6prof 0 11 Queue 6 Profile qos n q6prio 0 4 Queue 6 Priority qos n q7prof 0 11...

Page 331: ...b The instance number for a sub config Description The name to easily identify the sub config Username The username for authenticating with the remote system Usually required for outgoing PPP calls only Password The password for authentication with the remote system Confirm When changing the password enter it into this text box also to allow the router to check for simple typing errors Dialout Num...

Page 332: ...ser Guide 332 Related CLI commands Entity Instance Parameter Values Equivalent web parameter pppcfg 1 50 name Up to 25 characters Description pppcfg 1 50 username Validusernameup to 60 characters Username pppcfg 1 50 password Valid password up to 40 characters Password pppcfg 1 50 phonenum Up to 25 digits Dialout Number ...

Page 333: ...ould be initialized The setting This PPP interface will use x y defines the physical Ethernet interface over which the PPPoE session will operate In most cases this is PPPoE 0 for Ethernet 0 The fact that you have selected PPPoE 0 as the physical interface for operation with PPP automatically enables PPPoE mode If the router uses another Ethernet instance for example Eth 1 this must be specified a...

Page 334: ...ion covers configuring DHCP servers from the web interface and command line About DHCP servers 335 DHCP Server parameters for Ethernet n 336 Advanced DHCP parameters 339 Advanced DHCP options 340 Logical Ethernet interfaces 341 DHCP options 342 Static lease reservations 343 ...

Page 335: ...one for each Ethernet port DHCP is a standard Internet protocol that allows a DHCP server to dynamically distribute IP addressing and configuration information to network clients The Configuration Network DHCP server pages in the web interface include a web page for configuring each of the DHCP servers Additionally there is a separate page for mapping MAC addresses to fixed IP addresses ...

Page 336: ...nable the DHCP service there must be at least one minimum IP address and a range Using the CLI this is specified slightly differently a starting address and a range are specified instead Mask The subnet mask on the network to which the router is connected Gateway A gateway is required in order to route data to IP addresses that are not on the local subnet The value in this text box specifies the I...

Page 337: ...r uses the value in the text box as the delay to use prior to sending out the DHCP_OFFER message Enabling this functionality and setting the delay to a non zero value will allow other DHCP servers on the network to respond first Duplicate Address Detection If enabled causes the router to detect duplicate addresses Only send offers to Wi Fi clients When enabled causes the router to only send DHCP o...

Page 338: ...IPrange3 0 2147483647 Default 0 to a b c d dhcp n mask Valid IP address a b c d Mask dhcp n gateway Valid IP address a b c d Gateway dhcp n DNS Valid IP address a b c d DNS Server dhcp n DNS2 Valid IP address a b c d Secondary DNS Server dhcp n domain Up to 64 characters Domain Name dhcp n lease 0 2147483648 minutes Default 20160 minutes 14 days Lease Duration d days h hrs m mins dhcp n respdelms ...

Page 339: ...he DHCP client can make contact with in order to download a boot file Boot file The name of the boot file the client can download from the host specified in the Server Hostname text box Send unicast responses If enabled sends unicast responses to DHCP clients from the DHCP server Related CLI commands Entity Instance Parameter Values Equivalent web parameter dhcp n nxtsvr Valid IP address a b c d N...

Page 340: ...rminals The IP address of an FTP server and is a custom option for use with WYSE terminals FTP Root Dir for WYSE Terminals The root directory for FTP transfers This is also a custom option for use with WYSE terminals Related CLI commands Entity Instance Parameter Values Equivalent web parameter dhcp n NBNS Valid IP address a b c d NetBIOS Name Server a b c d dhcp n NBNS2 Valid IP address a b c d S...

Page 341: ...nsPort WR Routers User Guide 341 Logical Ethernet interfaces The web pages in the Logical Ethernet Interfaces section are simply a duplicate of the previously described Ethernet interface pages but they apply to logical rather than physical Ethernet interfaces ...

Page 342: ...owing fields Option The DHCP option number Data type The data type for the option and can be any one of the following 1 2 or 4 byte value IPv4 address text string or hexadecimal data Value The actual data that will be sent in the DHCP option message Related CLI commands For example to set the option number to 9 for the LPR Server the command is dhcpopt 0 optnb 9 Entity Instance Parameter Values Eq...

Page 343: ...DO NOT fall within the IP address ranges specified in the DHCP server page IP Address a b c d The IP address to be assigned MAC Address aa bb cc dd ee ff The MAC address which is to be given the above IP address As is usual with the configuration tables clicking the Add button adds the entry to the table and clicking the Delete button removes an existing entry from the table Add button Adds the sp...

Page 344: ...ransPort WR Routers User Guide 344 Configure network services This section covers configuring network services from the web interface and command line Network Services page 345 Network Services parameters 346 ...

Page 345: ... page The Network Services web page collects together a number of services that are provided by the router into one section to enable the user to quickly enable or disable these services without having to navigate to multiple sections of the menu Some network services have additional configuration settings ...

Page 346: ...ed Encryption Standard AES Enable Network Management Protocol SNMP Enables and disables remote management of the router using SNMP This setting does not actually directly control the SNMP functionality but enables or disables the remaining SNMP controls on this page To perform detailed configuration including setting up command filters users and SNMP traps go to Configuration Remote Management SNM...

Page 347: ...er When enabled the router uses File Transfer Protocol FTP for file transfers Enable HTTP Server When enabled the router uses HTTP or insecure web server You can perform most router configuration using the HTTP web server as described here However HTTP is an insecure protocol For security reasons you can disable this service by deselecting this radio button which enables the following secure web s...

Page 348: ...y Instance Parameter Values Equivalent web parameter addp 0 enable on off Enable Device Discovery ADDP rport 0 enabled on off Enable RealPort rport 0 encryption on off Enable Encrypted RealPort snmp n v1enable 0 1 0 Off 1 On Enable Network Management Protocol Enable SNMP v1 snmp n port Default 161 Enable Network Management Protocol UDP Port n snmp n v2cenable 0 1 0 Off 1 On Enable Network Manageme...

Page 349: ...es 0 telnets on off Enable Telnet over SSL Server services 0 asytcp on off Enable ASY Port Server tcpperm ASY 0 9 l listening port listening port ASY 0 9 Listening Port services 0 zing on off Enable ZING cmd 0 rcihttp on off Enable RCI over HTTP Entity Instance Parameter Values Equivalent web parameter ...

Page 350: ...R Routers User Guide 350 Configure DNS servers and Dynamic DNS This section describes configuring DNS servers and Dynamic DNS from the web interface and command line Configure DNS Servers 351 Configure Dynamic DNS 356 ...

Page 351: ...ures all the DNS lookup configuration is kept together for ease of troubleshooting Otherwise the lookups will use the DNS server configured on the interface of the default route DNS Server a b c d The IP address of the DNS server to use when a DNS request matches the hostname pattern Secondary DNS Server a b c d In the event of the primary DNS server not being available the IP address in this text...

Page 352: ...erver is via an IPsec tunnel to ensure the local and remote subnet selectors match Related CLI commands Entity Instance Parameter Values Equivalent web parameter dnssel n pattern domain com For DNS requests matching pattern send the request to dnssel n svr Valid IP address DNS Server a b c d dnssel n secsvr Valid IP address Secondary DNS Server a b c d dnssel n ent PPP Ethernet Interface x y dnsse...

Page 353: ...DNS server that should be sent the updated information The server must support DNS Update messages Dynamic DNS is generally offered as a subscription based service by ISPs but for a large number of deployed routers it may be more appropriate to set up a dedicated DNS server locally Name The member of the DNS zone to update Along with the zone parameter uniquely identifies the router For example if...

Page 354: ...ansmitted as part of the message it appears in a signature appended to the message If the password is issued as a hexadecimal string and not straight text you must use the prefix 0x in the password text box Confirm DNS Server Password Enter the password in this text box to confirm it Local time offset from GMT Auto detect These two radio buttons control whether the offset of the local time from GM...

Page 355: ...es active dnsupd 0 upd_int 0 2147483648 seconds Also send an update every h hrs m mins s secs dnsupd 0 delprevrr off on The DNS server should delete all previous records dnsupd 0 username Valid username up to 20 characters DNS Server Username dnsupd 0 password Valid password up to100 characters DNS Server Password dnsupd 0 b64pwd off on Password is Base64 encoded dnsupd 0 autozone off on Local tim...

Page 356: ...d from the previous connection the Dynamic DNS service is contacted and the hostnames specified in the Hostname parameters are updated with the new address Dynamic DNS parameters Service Provider Selects the Dynamic DNS service provider Dynamic TransPort routers support the Dynamic DNS services Dynamic DNS at dyn com No IP at noip com TransPort routers may be compatible with other Dynamic DNS serv...

Page 357: ...s to be updated The available options are Dynamic DNS Static DNS Custom DNS When default route interface x y becomes active send DDNS update The radio buttons select whether or not the router should use the default interface or the interface specified from the drop down list If the specified interface option is selected the required interface is selected from the drop down list and the interface i...

Page 358: ...characters Host and Domain Name s dyndns 0 hostname5 Up to 40 characters Host and Domain Name s dyndns 0 port 0 65535 Destination port dyndns 0 username Up to 20 characters DynDNS User Name dyndns 0 password Up to 25 characters DynDNS Password dyndns 0 system Blank statdns custom DynDNS DDNS System dyndns 0 ifent Blank ETH PPP When default route interface x y becomes active send DDNS update dyndns...

Page 359: ...DNS update When unchecked the IP address is not supplied and the DYNDNS server attempts to determine the correct IP address by other means IP source address in update packet Use this mode if the router is behind a NAT router only Only send update when this router is the VRRP master When enabled causes the router to not send DDNS updates unless at least one Ethernet interface is a VRRP master Enabl...

Page 360: ...and line View the TransPort routing table 361 Supported routes 362 IP Routing parameters 364 Static routes 367 Default Route n parameters 373 RIP parameters 379 Interfaces Ethernet PPP GRE parameters 384 OSPF parameters 387 BGP parameters 389 IP Port Forwarding Static NAT Mappings parameters 391 Multicast Routes parameters 393 Virtual Routing and Forwarding VRF 395 ...

Page 361: ...routing table Digi TransPort WR Routers User Guide 361 View the TransPort routing table To view the Digi TransPort routing table from the web interface navigate to Management Network Status IP Routing Table From the command line use the command route print ...

Page 362: ...atic route are IP Address Mask Interface Interface number If a static route is pointing at an Ethernet interface you can optionally add a gateway IP address If you do not add a gateway IP address the router automatically uses gateway IP address configured for the Ethernet interface itself Default routes To add default routes configure a route in Configuration Network IP Routing Forwarding Static R...

Page 363: ...is compared with the IP Address and Mask of each entry in the routing table There may be more than one match and in this case the router uses the most specific route to route the packet For example a the router uses a matching 24 route before a matching 16 route If multiple routes match the destination and have the same prefix length the router uses the index number of the routes in the routing ta...

Page 364: ...CIDR metric that the router should apply to connected interfaces Static Routes The CIDR metric that the router should use for static routes The default is 1 eBGP Routes The CIDR metric that the router should use for eBGP routes The default is 20 OSPF Routes The CIDR metric that the router should use for OSPF routes The default is 110 RIP Routes The CIDR metric that the router should use for RIP ro...

Page 365: ...ast sent from one interface to the subnet of another uses these directed IP broadcasts Wait s seconds before using an alternative route The value in this text box specifies the latency to apply before passing traffic on an alternative route in the current route becomes unavailable If an interface is configured for dial on demand and fails to connect Mark a static route as Out Of Service for s seco...

Page 366: ... 0 admin_ospf 0 2147483647 OSPF Routes ip 0 admin_rip 0 2147483647 RIP Routes ip 0 admin_ibgp 0 2147483647 iBGP Routes ip 0 inf_metric 0 2147483647 Maximum static route metric ip 0 route_dbcast 0 255 Route directed IP broadcasts ip 0 route_dly 0 2147483647 Wait s seconds before using an alternative route ip 0 route_dwn 0 2147483647 If an interface is configured for dial on demand and fails to conn...

Page 367: ...network or IP address for the route If the router receives a packet with a destination IP address that matches the Destination Network Mask combination it will route the packet through the interface specified below Mask a b c d The network mask Gateway a b c d Overrides the default gateway IP address configured for the Ethernet interfaces Packets matching the route use the gateway address specifie...

Page 368: ...ric for a route whose interface is inactive Normally both values should be the same but in some advanced routing scenarios necessary to use different values If a particular route fails it automatically has its metric set to 16 which means that it is temporarily deemed as being out of service The default out of service period is set by the IP route out of service parameter Note however that this de...

Page 369: ...he packet matches When enabled the following two parameters are enabled IP Address a b c d If necessary use the IP Address and Mask parameters to further qualify the way in which the router routes packets If the values in this text box and the Mask parameter are set the source address of the packet being routed must match these parameters before the packet will be routed through the specified inte...

Page 370: ...he route metric is set to 16 for the period of time specified by the Mark a static route as Out Of Service for s seconds parameter on the Configuration Network IP Routing Forwarding IP Routing page If the value in this text box is non zero the route metric will not be set to 16 until the number of connection attempts specified by this parameter have been made If the interface fails to connect try ...

Page 371: ...options are None PPP Ethernet and Tunnel Keep this route in service for s seconds after OOS state is cleared When enabled the following text box is enabled such as it is no longer disabled allowing a value to be entered The value specifies the period that the interface specified above will remain in service even though it is actually unable to pass traffic immediately This is behavior useful in si...

Page 372: ...he interface fails to connect after n consecutive attempts route n chkoos_int 0 2147483647 If the interface fails to connect try again in s seconds route n chkoos_deact 0 255 Deactivate the interface after it successfully connects route n dial_int 0 255 Default 10 Do not allow this interface to be activated by thisroute for sseconds afterthelast activation attempt route n q1 on off Only queue one ...

Page 373: ...s Available options are None PPP Ethernet Tunnel Metric n The routing metric to use when the interface is connected This should have a value between 1 and 16 It selects which route to use when the subnet for a packet matches more than one of the IP route entries Each route may be assigned a connected metric and a disconnected metric The connected metric parameter specifies the metric for a route w...

Page 374: ... CLI commands Entity Instance Parameter Values Equivalent web parameter def_route n descr Up to 20 characters Description def_route n gateway Valid IP address a b c d Gateway a b c d def_route n ll_ent Blank PPP ETH TUN Interface x y def_route n ll_add 0 2147483647 Interface x y def_route n upmetric 1 16 Metric ...

Page 375: ...cket matches When enabled the following two parameters are enabled IP address a b c d If necessary use this parameter IP Address and the Mask parameter to further qualify the way in which the router routes packets If the values in this text box and the Mask parameter are set the source address of the packet being routed must match these parameters before the packet will be routed through the speci...

Page 376: ... a route and fails to connect the route metric is set to 16 for the period of time specified by the Mark a static route as Out Of Service for s seconds parameter on the Configuration Network IP Routing Forwarding IP Routing page If the value in this text box is non zero the route metric will not be set to 16 until the number of connection attempts specified by this parameter have been made If the ...

Page 377: ...terface options are None PPP Ethernet and Tunnel Keep this route in service for s seconds after OOS state is cleared When enabled the following text box is enabled such as it is no longer disabled out allowing a value to be entered The value specifies the period that the interface specified above will remain in service even though it is actually unable to pass traffic immediately This is behavior ...

Page 378: ...face fails to connect after n consecutive attempts def_route n chkoos_int 0 2147483647 If the interface fails to connect try again in s seconds def_route n chkoos_deact 0 2147483647 Deactivate the interface after it successfully connects def_route n dial_int 0 255 Default 10 Donot allow this interfaceto be activatedby this route for s seconds after the last activation attempt def_route n q1 on off...

Page 379: ...s for s seconds The time for which an updated metric will apply when a RIP update is received If no updates are received within this period the usual metric will take over Delete routes after another s seconds The length of time that the router will continue to advertise this route when a RIP update timeout occurs and the route metric is 16 This behavior is designed to help propagate the dead rout...

Page 380: ...r rip n enable on off Enable RIP rip n interval 0 2147483647 Send RIP advertisement every s seconds rip n ripto 0 2147483647 Mark routes as unusable if we don t get advertisement for s seconds rip n riplingerto 0 2147483647 Delete routes after another s seconds rip n updatestatic on off Allow RIP to update static routes rip n poisonreverse on off Enable Poison Reverse ...

Page 381: ...nforced for 180 seconds unless another RIP response is received within that time RIP packets must have a source address that is included in the RIP access list Adding permitted IP addresses to the access list is controlled using a table with the single parameter described below IP Address a b c d The IP address to be added to the list of IP addresses that RIP packets must come from if they are to ...

Page 382: ... These two radio buttons select between having the validity period for the key starting immediately of allowing a start date to be defined The starting date is specified using a drop down list to select the start day a drop down list to select the start month and a text box to enter the start year Selecting the Disable option from the day and None from the month means to not use this key To specif...

Page 383: ...r Values Equivalent web parameter ripauth 0 9 key Up to 16 characters Key k ripauth 0 9 keyid 0 255 Key ID ripauth 0 9 sday 0 31 Valid from d m y ripauth 0 9 smon 0 12 Valid from d m y ripauth 0 9 syear 0 65535 Valid from d m y ripauth 0 9 eday 0 31 Expires d m y ripauth 0 9 emon 0 12 Expires d m y ripauth 0 9 eyear 0 65535 Expires d m y ...

Page 384: ...ill transmit RIP version 2 packets to the subnet broadcast address This allows V1 capable routers to act upon these packets Send RIP advertisements as Broadcasts RIP packets are by default sent out on a broadcast basis or to a multi cast address Do not change this parameter unless you intend to alter this behavior Multicasts Only visible when V2 is selected in the Use RIP option above This is auto...

Page 385: ...P packet a valid plain text key must be present in the packet before it will be accepted You can use this method with both RIP V1 and RIP V2 MD5 When set to MD5 V2 only the interface uses the first valid key it finds set on the Configuration Network IP Routing Forwarding RIP Global RIP settings Authentication Keys Authentication Key n pages and uses the MD5 authentication algorithm before sending ...

Page 386: ...b parameter tun ppp n rip 0 1 Enable RIP 1 Disable RIP 0 tun ppp n ripip Valid IP address a b c d Unicast RIP update address tun ppp n ripauth 0 3 0 None 1 Access List 2 Plain Password 3 MD5 v2 only tun ppp n ripis on off Turn on to send updates only when in service tun ppp n inrip on off Include interface subnet in RIP advertisements tun ppp n triggeredrip on off Enable RIP RFC2091 ...

Page 387: ...verywhere They converge quickly thus preventing such problems as routing loops and Count to Infinity where routers continuously increment the hop count to a particular network This makes for a stable network To use OSPF on the router a valid configuration file must exist in the router s filing system Enable OSPF When enabled displays the following parameters OSPF Configuration Filename The file th...

Page 388: ...e is advertised in the OSPF packets When checked the router ignores received packets that have a MTU that differs from that of the router itself Use Interface IPsec source IP When enabled OSPF functions use the source IP address of the interface specified in Configuration Network Interfaces Advanced PPP n Use interface x y for the source IP address of IPsec packets on the interface being used When...

Page 389: ...nd specify the configuration file to use Enable BGP When enabled enables BGP routing BGP Configuration Filename The configuration file to use is selected from this drop down list The default filename is bgp cnf An error message will be displayed if the specified file cannot be found Load Config file Click this button to load the file specified from the drop down list The contents of the file will ...

Page 390: ...l of debug tracing information is selected from this drop down list The available levels are Off Low Med and High Related CLI commands Entity Instance Parameter Values Equivalent web parameter bgp 0 enable on off Enable BGP bgp 0 conffile BGP Configuration Filename bgp 0 new_cfg_rest on off Restart BGP after configuration file is saved bgp 0 fatal_rest on off Restart BGP if a fatal error occurs bg...

Page 391: ...ackets destined for particular ports to be directed to specific local IP addresses For example to have a server running on a local network externally accessible a static NAT mapping would be set up using the local IP address of the server and the port number for accessing the required service Configuring IP port forwarding and static NAT mapping is done by entering the following configuration valu...

Page 392: ...Example commands To set the IP address for entry 0 in the table to 10 1 2 10 enter the command nat 0 IPaddr 10 1 2 10 Entity Instance Parameter Values Equivalent web parameter nat 0 29 minport 0 65535 External Min Port nat 0 29 maxport 0 65535 External Max Port nat 0 29 IPaddr Valid IP address a b c d Forward to Internal IP Address a b c d nat 0 29 mapport 0 65535 Forward to Internal Port ...

Page 393: ... specified Multicast Address Mask combination it routes that packet through the interface specified by the Interface parameters below Mask a b c d The address mask specified with the Multicast Address parameter as described above Interface x y These two parameters in the drop down list and adjacent text box specify the interface and interface instance for routing packets matching the Multicast Add...

Page 394: ...ce Parameter Values Equivalent web parameter mcast 0 19 IPaddr Valid IP address a b c d Multicast Address a b c d mcast 0 19 mask Valid IP address a b c d Mask a b c d mcast 0 19 ll_ent PPP ETH TUN Interface x y mcast 0 19 ll_add Valid interface number 0 2147483647 Interface x y mcast 0 mult_spc ON OFF Enable multicast source path checking ...

Page 395: ...er Edge PE router You can enable use of VRF through a license VRF Lite Multi VRF VRF Lite is an application based on VRF that extends the concept of VRF to the Customer Edge CE router on the customer s premises It supports multiple overlapping independent routing and forwarding tables per customer You can use any routing protocol supported by normal VRF in a VRF Lite CE implementation The CE suppo...

Page 396: ...Entries IPCore Configuration Exported Route Targets Array of route target identifiers IPCore Configuration Imported Route Targets Array of route target identifiers IPCore Configuration Address Families List of the address families IPv4 IPv6 or both IPCore Configuration Route Distinguisher Route distinguisher IPCore Configuration ARP Entity Address resolution entity ARP entity IPCore Configuration ...

Page 397: ...destination IP subnet IPCore Configuration Next Hop IP Address Next hop IP address IPCore Configuration Type Route entry type Null Other Invalid Direct Indirect Static IPCore Configuration Routing Protocol Type Routing protocol type Null Other Local Network Managed ICMP EGP GGP Hello RIP IS IS ES IS Cisco IGRP BBN SPF IGP OSPF BGP EIGRP IPCore Configuration Outgoing Interface Name Outgoing IP inte...

Page 398: ...ts Virtual Routing Entity VRF name IPCore Configuration Attribute name Attribute description Scheme Polling interval Outgoing Virtual Routing Entity Identifier Outgoing virtual routing entity Object Identifier OID IPCore Configuration Incoming and Outgoing Virtual Routing Tags Incoming and outgoing virtual routing tags IPCore Configuration Destination IP Subnet Final destination IP subnet IPCore C...

Page 399: ...d export route target communities for the specified VRF Enter either an AS number and an arbitrary number xxx y or an IP address and arbitrary number A B C D y Note This command is effective only if BGP is running 6 Switch config vrf import map route map Optional Associates a route map with the VRF 7 Switch config vrf interface interface id Enters interface configuration mode and specifies the Lay...

Page 400: ...e Networking VPN This section covers configuring Virtual Private Networking VPN from the web interface and command line About Virtual Private Networks VPNs 401 About Internet Protocol Security IPSec 402 IPsec parameters 406 PPTP parameters 460 OpenVPN parameters 462 ...

Page 401: ...the Internet This section covers concepts and settings for configuring VPNs VPNs Virtual Private Networks are networks that use the IPSec protocols to provide one or more secure routes or tunnels between endpoints Users are issued either a shared secret key or public private key pair that is associated with their identity When a message is sent from one user to another it is automatically signed w...

Page 402: ...or applications such as passing confidential information between two users across a private network Protocols defined within IPSec The protocols defined within IPSec include IKE Internet Key Exchange protocol ISAKMP Internet Security Association and Key Management Protocol AH Authentication Header protocol ESP Encapsulating Security Payload protocol HMAC Hash Message Authentication Code MD5 Messag...

Page 403: ...ey Again this is a well established and accepted protocol but as it involves encrypting the data three times using DES with a different key each time it has a very high processor overhead This also renders it almost impossible for casual hackers to attack and very difficult to break in any meaningful time frame even for well equipped and knowledgeable parties AES 128 bit key Also known as Rijndael...

Page 404: ... as encrypting the message to someone in the first place only requires that you know their public key anyone who knows that can send them an encrypted message so you can send a secure message to someone knowing only their publicly available key You can also prove who you are by including in the message your identity whereupon they can look up the certified public key for that identity and send a m...

Page 405: ...Our ID Should be set to info Digi co uk This is the same as the subject Altname in certificate cert01 pem which makes it possible for the router to locate the correct certificate to send to the host Authentication Method Should be set to RSA Signatures This indicates to IKE to use RSA signatures certificates for authentication When IKE receives a signature from a remote unit it must be able to ret...

Page 406: ...le information about each other This enables the endpoint responding to the request to decide whether it wishes to enter a secure dialogue with the endpoint requesting it To achieve this the two endpoints commonly identify themselves and verify the identity of the other party They must do this in a secure manner so that the process cannot be listened in to by any third party The IKE protocol perfo...

Page 407: ...includes items such as what source and destination addresses will be connected by the tunnel and what type of encryption and authentication procedures will be applied to the packets being tunneled For obvious reasons it is essential that parameters such as encryption and authentication are the same at each end of the tunnel If they are not then the two systems cannot agree on which set of rules or...

Page 408: ...ce on the local subnet such as a PC running a client or host application Mask Use this IP mask for the local LAN subnet The mask sets the range of IP addresses that will be allowed to use the IPsec tunnel Use interface x y Use the IP address and mask of the specified interface Remote LAN Use these settings for the remote LAN These define the remote LAN subnet settings on the IPsec tunnel IP Addres...

Page 409: ...emote peer Security type Description Preshared Keys Requires that both IPsec peers share a secret key or password that can be matched by and verified by both peers To configure the PSK a user will need configuring that matches the inbound ID of the remote peer and the PSK is configured using the password parameter This is done via Configuration Security Users The User configuration serves a dual p...

Page 410: ...ires encryption enabling See your Digi sales contact regarding enabling encryption Use auth authentication on this tunnel The ESP authentication algorithm to use with this IPsec tunnel The options are No None MD5 SHA1 Use Diffie Hellman group The Diffie Hellman DH group to use when negotiating new IPsec SAs If enabled the IPsec SA keys cannot be predicted from any of the previous keys generated Th...

Page 411: ...d authentication Bring this tunnel down if it is idle for h hrs m mins s secs Used when the IPsec tunnel is configured to come up on demand and defines how long the IPsec tunnel should remain up if there is no traffic is being sent on the tunnel Renew the tunnel after Defines the constraints of when the IPsec tunnel SA has to be renewed h hrs m mins s secs Renew the IPsec SA after the specified am...

Page 412: ...ace number eroute n remip IP address IP Address for Remote LAN eroute n remmsk IP Mask IP Mask for Remote LAN eroute n remnetid String Remote Subnet ID eroute n authmeth Off Preshared xauthinitpre rsa xauthinitrsa Use the following security on this tunnel eroute n ourid String Our ID eroute n ouridtype 0 IKE ID 1 FQDN 2 User FQDN 3 IPv4 Address Our ID type eroute n peerid String Remote ID eroute n...

Page 413: ...nnel is down and a packet is ready to be sent eroute n inact_to Integer Bring this tunnel down if it is idle for h hrs m mins s secs This CLI value is entered in seconds only eroute n ltime Integer Renew the tunnel after h hrs m mins s secs This CLI value is entered in seconds only eroute n lkbytes Integer Renew the tunnel after n units of traffic This CLI value is entered in Kbytes only Entity In...

Page 414: ...ending on which IPsec tunnel is in use IP Address The alternative IP address to negotiate Mask The alternative IP mask to negotiate Negotiate a virtual IP address using MODECFG Used when the remote peer is a Cisco device using MODECFG to assign a specific IP address to this router during SA setup negotiations This is commonly seen in Remote Access RA type VPNs and EasyVPN solutions XAuth ID Extend...

Page 415: ...ec tunnel In Tunnel mode the entire IP packet header and payload is encrypted In Transport mode only the IP payload is encrypted Use algorithm AH authentication on this tunnel The AH authentication algorithm to use with this IPsec tunnel The options are No None MD5 SHA1 Use algorithm compression on this tunnel The compression algorithm to use with this IPsec tunnel The options are No None DEFLATE ...

Page 416: ...ith interface with x y When enabled this parameter can be set so that the IPsec tunnel will only match packets using the specified interface When this parameter is enabled the route will take outgoing packets going through this IPsec tunnel and recheck to see if the resultant packet also goes through a tunnel If the inner tunnel is an IPsec tunnel such as needs IKE you can get the inner IKE to use...

Page 417: ...ular packets to a NAT device in order to prevent the NAT table entry from expiring Allow protocol IP protocol s in this tunnel This restricts the type of IP packets that will be tunneled through the IPsec tunnel The options are All TCP UDP GRE IP packets with ToS values n must use this tunnel Packets with matching ToS fields will only be tunneled through this IPsec tunnel and no others The usual t...

Page 418: ... the range of n1 to n2 Allow IP packets with source TCP UDP ports in the specified range to be tunneled This is only available when IKEv2 is in use remote TCP UDP port in the range of n1 to n2 Allow IP packets with destination TCP UDP ports in the specified range to be tunneled This is only available when IKEv2 is in use ...

Page 419: ...in APN 1 Backup APN This tunnel can only use apn eroute n ifent blank ETH PPP Link tunnel with interface with x y x Interface type eroute n ifadd Integer Link tunnel with interface with x y y Interface number eroute n inhibitno Comma separated list of Integers Inhibit this IPsec tunnel when IPsec tunnels n are up eroute n requireno Integer Inhibit this IPsec tunnel unless IPsec tunnel n is up erou...

Page 420: ...nel IP packets with remote TCP UDP port eroute n locfirstport 0 65535 Only tunnel IP packets with local TCP UDP port in the range of n1 to n2 eroute n loclastport 0 65535 Only tunnel IP packets with local TCP UDP port in the range of n1 to n2 eroute n remfirstport 0 65535 Only tunnel IP packets with remote TCP UDP port in the range of n1 to n2 eroute n remlastport 0 65535 Only tunnel IP packets wi...

Page 421: ...s way first set up the Our ID parameter on the host unit to a suitable name such as Host1 Then set the Peer ID parameter to Remote for example In addition an entry would be made in the user table with Remote for the Username and a suitable Password value such as mysecret Each of the remote units that required access to the host would then have to be configured with an Our ID parameter of Remote01 ...

Page 422: ...ion to all devices behind the router If you select the Pass the packet option packets that match an IPsec tunnel are decrypted and authenticated depending on the IPsec tunnel s configuration but data that does not match will also be allowed to pass When a packet is to be transmitted which does not match any IPsec tunnel How the router will respond if a packet is transmitted when there is no SA If ...

Page 423: ...ers must be set up wide enough to encompass all the local and remote networks The VPN Concentrator can act as an initiator and or a responder In situations where there are more remote sites than the router can support concurrent sessions it is normally necessary for the VPN Concentrator and the remote sites to be both an initiator and a responder This is so both the remote sites and the head end c...

Page 424: ... Once the site specific information is retrieved the router creates a dynamic IPsec Tunnel which is based upon the base IPSec tunnel configuration plus the site specific information from the MySQL database 4 The router then uses the completed IPsec tunnel configuration and IKE to create the IPsec SAs 5 For the pre shared key IKE uses the password returned from the MySQL database rather than doing ...

Page 425: ...igured IPsec tunnel must also exist 3 Once the information is retrieved from the MySQL database IKE negotiations continue and the created IPsec SAs will be associated with the dynamic IPsec tunnel 4 As long as the dynamic IPsec tunnel exists it behaves just like a normal IPsec tunnel such as SAs being replaced removed as required 5 If errors are received from the MySQL database or not enough field...

Page 426: ...into the IPsec tunnel Wildcard matching is supported which means that the peerid may contain and characters If only one IPsec tunnel is configured the peerid field may contain a indicating that all remote IDs result in a MySQL look up Local subnet IP address Local subnet mask Configured as usual Remote subnet IP address Remote subnet mask These fields should be configured in such a way that packet...

Page 427: ... is held This configuration also identifies which IPsec tunnels create dynamic IPsec tunnels Example MySQL schema mysql describe eroutes Field Type Null Key Default Extra peerip varchar 20 YES NULL bakpeerip varchar 20 YES NULL peerid varchar 20 NO PRI password varchar 20 YES NULL ourid varchar 20 YES NULL remip varchar 20 YES UNI NULL remmsk varchar 20 YES NULL 7 rows in set 0 01 sec The IPsec gr...

Page 428: ...s or hostname of the MySQL Server MySQL Server Port The port that the MySQL Server is listening on Username The username to use when logging into the MySQL Server Password Confirm Password The password to use when logging into the MySQL Server Database name The name of the database to connect to Database table The name of the table when the remote site information is stored Remote subnet IP The na...

Page 429: ...uivalent web parameter egroup n eroute Integer Link this IPsec group with IPsec Tunnel egroup n remmsk IP Mask Remote mask to use for tunnels egroup n dbhost IP Address or Hostname MySQL Server IP Address or Hostname egroup n dbport 0 65535 MySQL Server Port egroup n dbuser String Username egroup n dbpwd String Password Confirm Password egroup n dbname String Database name egroup n dbtable String ...

Page 430: ...the database file into memory and check the memory allocated and free using the smem command This will show the memory allocated and left available Increase the memory in the dbsrvmem command if required dbfile name This is the name of the csv file that the router will use to store the table definitions 1st line and data records This file is stored in flash The router uses it to populate the datab...

Page 431: ...e locally you can use this backup csv database if the main SQL database goes offline Required configuration parameters are 1 Configure the IP address of the SQL server to use egroup 0 dbhost 192 168 0 50 2 Configure the IP address of the SQL server that will have a backup database If a socket connection fails to this IP address the router will use the backup IP address ipbu 0 IPaddr 192 168 0 50 3...

Page 432: ...xample sqldo select from site where subnet 10 110 100 0 limit 3 Limit the sqldo command to only act on specified fields sqlfields field1 field2 field3 After issuing the sqlfields command all further sqldo commands will apply to these fields only For example sqlfields remmsk password peerip Close the SQL server connection correctly sqlclose Use the SQL debug command If the database being queried is...

Page 433: ...ifetime exceeds the lifetime of an existing IKE SA and attempts to negotiate a lifetime for the IKE SA that is 60 seconds longer than the desired lifetime of the IPsec SA Mark the IPsec tunnel as suspect if there is no traffic for n seconds The period of time of inactivity on a tunnel before it is deemed to be suspect such as if there is no activity on a healthy link for the time period defined th...

Page 434: ...lues Equivalent web parameter dpd 0 inact Integer Mark the IPsec tunnel as suspect if there is no traffic for n seconds dpd 0 okint Integer Send a DPD request on a healthy link every n seconds dpd 0 failint Integer Send a DPD request on a suspect link every n seconds dpd 0 maxfail Integer Close the IPsec tunnels after no response for n DPD requests ...

Page 435: ...KE Debug Enables IKE debugging to be displayed on the debug port Debug Level Sets the level of IKE debugging The options are Low Medium High Very High Debug IP Address Filter Used to filter out IKE packets with particular source or destination IP addresses The format of this parameter is a comma separated list of IP addresses For example to exclude the capture of IKE traffic from IP hosts 10 1 2 3...

Page 436: ...ers User Guide 436 Related CLI commands Entity Instance Parameter Values Equivalent web parameter ike 0 deblevel 0 Off 1 Low 2 Medium 3 High 4 Very High Debug Level ike 0 ipaddfilt Comma separated list of IP addresses Debug IP Address Filter ike 0 debug on off Forward debug to port ...

Page 437: ...on mode The options are Main Aggressive Historically setting up IPSec tunnel have involved fixed IP addresses Today it is more common particularly with Internet ISPs to dynamically allocate the user a temporary IP address as part of the process of connecting to the Internet In this case the source IP address of the party trying to initiate the tunnel is variable and cannot be preconfigured In Main...

Page 438: ...y length Note however that this will slow down the process of generating the phase 1 session keys typically from 1 2 seconds for group 1 to 4 5 seconds MODP Group for Phase 2 The minimum width of the numeric field in the calculations for phase 2 of the security exchange With No PFS Perfect Forwarding Security selected the data transferred during phase 1 can be reused to generate the keys for the p...

Page 439: ...re information refer to the Configuration Network IPsec Dead Peer Detection DPD page NAT Traversal Mode Selects the NAT traversal mode for IKE IPsec Auto Disabled or Force When one end of an IPsec tunnel is behind a NAT box some form of NAT traversal may be required before the IPsec tunnel can pass packets Turning NAT Traversal on enables the IKE protocol to discover whether or not one or both end...

Page 440: ...n certificate exchanges See X 509 Certificates section for further explanation SA Removal Mode Determines how IPsec and IKE SAs are removed Normal operation does not delete the IKE SA when all the IPsec SAs that were created by it are removed and does not remove IPsec SAs when the IKE SA that created them is deleted Remove IKE SA when last IPSec SA removed deletes the IKE SA when all the IPsec SAs...

Page 441: ...5 Stop IKE negotiation if no packet received for n seconds ike n dpd on off Enable Dead Peer Detection ike n natt on off Enable NAT Traversal ike n initialcontact on off Send INITIAL CONTACT notifications ike n keepph1 on off Retain phase 1 SA after failed phase 2 negotiation ike n privrsakey Filename RSA private key file ike n delmode 0 Normal 1 Remove IKE SA when last IPsec SA removed 2 Remove I...

Page 442: ...ith Defines the settings that the router will accept during the negotiation Encryption The acceptable encryption algorithms Authentication The acceptable authentication algorithms MODP Group between x and y The acceptable range for MODP group Renegotiate after h hrs m mins s secs How long the initial IKE Security Association will stay in force When the IKE Security Association expires any attempt ...

Page 443: ...es aes Multiple algorithms can specified in a comma separated list Encryption ike 0 keybits 0 128 192 256 Encryption Minimum AES Key length ike 0 rauthalgs md5 sha1 Multiple algorithms can specified in a comma separated list Authentication ike 0 rdhmingroup 1 2 5 MODP Group between x and y ike 0 rdhmaxgroup 1 2 5 MODP Group between x and y ike 0 ltime 1 28800 Renegotiate after h hrs m mins s secs ...

Page 444: ...f NAT is not being performed The version of NAT traversal supported is that described in the IETF draft document draft ietf ipsec nat t ike 03 txt Send INITIAL CONTACT notifications Enables INITIAL CONTACT notifications to be sent Send RESPONDER LIFETIME notifications Enables RESPONDER LIFETIME notifications sent to the initiator If an initiator requests an IKE lifetime that is greater than the re...

Page 445: ...Both removes IPSec SAs when their IKE SA is deleted and delete IKE SAs when their IPSec SAs are removed Delete SAs when invalid SPI notifications are received Deletes IKE SAs when the router receives invalid SPI notifications Related CLI commands Entity Instance Parameter Values Equivalent web parameter ike 0 inactto 0 255 Stop IKE negotiation if no packet received for n seconds ike 0 natt on off ...

Page 446: ...can have their destination address set to the source address of the original packet in the same way as standard NAT If the remote end of the tunnel can access units connected to the local interface the unit that has been assigned the virtual IP address needs to have some static NAT entries set up When a packet is received through the tunnel the router first looks up existing NAT entries followed b...

Page 447: ...User Guide 447 Related CLI commands Entity Instance Parameter Values Equivalent web parameter tunsnat n minport 0 65535 External Port tunsnat n maxport 0 65535 Port Range Count tunsnat n ipaddr IP Address Forward to Internal IP Address tunsnat n mapport 0 65535 Forward to Internal Port ...

Page 448: ...have been upgraded to support IKEv2 do not require any changes to their configuration to continue working with IKEv1 Use the following settings for negotiation The settings for the IKEv2 negotiation Encryption The encryption algorithm The options are None DES 3DES AES 128 bit keys AES 192 bit keys AES 256 bit keys Authentication The authentication algorithm The options are None MD5 SHA1 SHA256 PRF...

Page 449: ...e remote system will result in IKE attempting to establish a new SA Rekey after h hrs m mins s secs When the time left until expiry for this SA reaches the value specified by this parameter the IKEv2 SA will be renegotiated such as a new IKEv2 SA is negotiated and the old SA is removed Any IPSec child SAs that were created are retained and become children of the new SA Related CLI commands Entity ...

Page 450: ...nables support for NAT Traversal within IKE IPsec When one end of an IPsec tunnel is behind a NAT box some form of NAT traversal may be required before the IPsec tunnel can pass packets Turning NAT Traversal on enables the IKE protocol to discover whether or not one or both ends of a tunnel is behind a NAT box and implements a standard NAT traversal protocol if NAT is not being performed The versi...

Page 451: ...eter ike2 n retranint 0 255 Retransmit a frame if no response after n seconds ike2 n retran 0 9 Stop IKE negotiation after n retransmissions ike2 n inactto 0 255 Stop IKE negotiation if no packet received for n seconds ike2 n natt on off Enable NAT Traversal ike2 n natkaint Integer NAT traversal keep alive interval n seconds ike2 n privrsakey Filename RSA private key file ...

Page 452: ... algorithms PRF Algorithm The acceptable PRF Pseudo Random Function algorithms MODP Group between x and y The acceptable range for MODP group Renegotiate after h hrs m mins s secs How long the initial IKE Security Association will stay in force When it expires any attempt to send packets to the remote system will result in IKE attempting to establish a new SA Rekey after h hrs m mins s secs When t...

Page 453: ...its 128 192 256 Encryption Minimum AES key length ike2 0 rauthalgs md5 sha1 Authentication ike2 0 rprfalgs md5 sha1 PRF Algorithm ike2 0 rdhmingroup 1 2 5 MODP Group between x and y ike2 0 rdhmaxgroup 1 2 5 MODP Group between x and y ike2 0 ltime 1 28800 Renegotiate after h hrs m mins s secs This CLI value is entered in seconds only ike2 0 rekeyltime 1 28800 Rekey after h hrs m mins s secs This CL...

Page 454: ...ents a standard NAT traversal protocol if NAT is not being performed The version of NAT traversal supported is that described in the IETF draft document draft ietf ipsec nat t ike 03 txt NAT traversal keep alive interval n seconds The interval in seconds in which the NAT Traversal keepalive packets are sent to a NAT device in order to prevent NAT table entry from expiring RSA private key file The ...

Page 455: ...he one which terminates the physical connection Typically both the physical layer and logical layer PPP connections would be terminated on the same device for example a TransPort router With L2TP answering the call the router terminates the layer 2 connection only and the PPP frames are passed in an L2TP tunnel to another device which terminates the PPP connection This device is sometimes referred...

Page 456: ...ins the IP address of the remote server to use Bring this tunnel up All the time On demand This parameter only applies to tunnels initiated from this router Bring this tunnel down if it is idle for h hrs m mins s secs These radio buttons select whether or not the tunnel is permanently available or not When set to On demand the tunnel will not activate automatically but will wait until it is trigge...

Page 457: ... shared with the host The router uses this passphrase if the remote host requests authentication and Authentication is set to Off here Related CLI commands Entity Instance Parameter Values Equivalent web parameter l2tp n listen off on Act as a listener only l2tp n swap_io off on Enable server mode l2tp n remhost Valid IP address a b c d Initiate connections to a b c d l2tp n backremhost Valid IP a...

Page 458: ...ynchronous serial ports When Sync port n is selected the sync port number is selected from the drop down list Allow this L2TP tunnel to answer incoming ISDN calls When enabled the L2TP entity answers incoming ISDN calls MSN The filter for the ISDN Multiple Subscriber Numbering MSN It is blank by default but when the answering facility above is enabled the router only answers ISDN calls where the t...

Page 459: ...ance Parameter Values Equivalent web parameter l2tp n retxto 0 4294967296 Retransmit interval s milliseconds l2tp n retxcnt 0 4294967296 Retransmit count l2tp n l1iface 0 255 Layer 1 Interface l2tp n ans off on Allow this L2TP tunnel to answer incoming ISDN calls l2tp n msn Up to 9 digits MSN l2tp n sub Up to 17 digits Sub address ...

Page 460: ...fore it leaves their network This because the server tries to build a tunnel back to the router on port 1723 but fails when the traffic is blocked by the mobile operator s firewall PPTP n parameters Description An identifier for the router Remote Host a b c d The IP address of the remote host such as the device that will terminate the PPTP connection Use Interface x y The interface name and instan...

Page 461: ...tions are Use default TLSv1 only SSLv2 only Enable PPTP debug When enabled enables debug tracing Related CLI commands Entity Instance Parameter Values Equivalent web parameter pptp 0 9 name Up to 30 characters Description pptp 0 9 remhost Valid IP address a b c d Remote Host a b c d pptp 0 9 ll_ent Blank PPP ETH Blank means Auto Use Interface x y pptp 0 9 ll_add 0 4294967296 Use Interface x y pptp...

Page 462: ...ss control policies using firewall rules applied to the VPN virtual interface OpenVPN is not a web application proxy and does not operate through a web browser The Digi TransPort implementation of OpenVPN can be configured as an OpenVPN server shown above or as an OpenVPN client connecting to an OpenVPN server On TransPort firmware OpenVPN has been implemented as an interface That means when an Op...

Page 463: ...lient address and the fourth address is the broadcast address This address must be configured as the second IP address in the block of four For example the IP address 192 168 0 1 if configured as a server or 192 168 0 2 if configured as a client Destination host a b c d Required only when the router is configured as an OpenVPN client This is the IP address of the OpenVPN server Link socket interfa...

Page 464: ... routes created automatically for this interface NAT mode Selects whether to use IP Network Address Translation NAT or Network Address and Port Translation NAPT at the Ethernet interface When the parameter is set to disabled no NAT will occur IP analysis When enabled the un encapsulated IP traffic will be captured into the analyser trace Firewall Enables or disables Firewall script processing for ...

Page 465: ... subnets that should be routed via the OpenVPN server Push DNS server address 1 2 When configured as an OpenVPN server use these parameters to push DNS server settings to the OpenVPN client Pull interface IP address When configured as an OpenVPN client this option must be enabled for the router to obtain and use the local IP address supplied from the OpenVPN server Pull routes When configured as a...

Page 466: ...nel key negotiation Key renegotiation interval seconds Interval between key re negotiations Key renegotiation bytes If non zero a key renegotiation will take place after this many bytes have traveled through the data channel in either direction Key renegotiation packets If non zero a key renegotiation will take place after this many packets have traveled through the data channel Inactivity timeout...

Page 467: ... Get link socket source address from this interface x y y interface number ovpn n mtu 0 2147483647 MTU ovpn n metric 0 2147483647 Metric ovpn n do_nat 0 1 2 0 Off 1 Address only 2 Address and port NAT mode ovpn n ipanon off on IP analysis ovpn n firewall off on Firewall ovpn n igmp off on IGMP ovpn n inrip off on Include in RIP advertisements ovpn n autoup off on Automatically connect interface ov...

Page 468: ...dow ovpn n treplay 0 2147483647 Packet replay time window seconds ovpn n pingint 0 2147483647 OpenVPN TX ping interval seconds ovpn n pingto 0 2147483647 OpenVPN RX ping timeout seconds ovpn n inciv off on Include IV ovpn n neg_timeout 0 2147483647 Key negotiation timeout seconds ovpn n reneg_int 0 2147483647 Key renegotiation interval seconds ovpn n reneg_bytes 0 2147483647 Key renegotiation byte...

Page 469: ...ted Cipher and Digest values for OpenVPN Cipher values Digest values DES EDE CBC md2WithRSAEncryption AES128 ssl2 md5 DES MD5 DES CBC sha1WithRSAEncryption AES 128 CBC ssl3 sha1 AES192 ssl3 md5 AES 192 CBC SHA1 DES EDE3 CBC MD2 AES 256 CBC RSA MD2 AES 256 md5WithRSAEncryption DES3 RSA SHA1 RSA SHA1 2 RSA MD5 ...

Page 470: ...ide 470 Configure Secure Sockets Layer SSL This section covers configuring the Secure Sockets Layer SSL from the web interface and command line About the Secure Sockets Layer SSL 471 SSL Clients parameters 472 SSL Server parameters 474 ...

Page 471: ...m is supported by Digi s TransPort routers Some sites require client side authentication when connecting to them The router s SSL client handles the authentication for SSL connections using certificates signed by a Certificate Authority CA For more information regarding certificates and certificate requests refer to the certificates page Administration X 509 Certificate Management Certificate Auth...

Page 472: ...an represent a list of cipher suites containing a certain algorithm or cipher suites of a certain type For example SHA1 represents all cipher suites using the SHA1 digest algorithm Lists of cipher suites can be combined in a single cipher string using the character This forms the logical AND operation For example SHA1 DES represents all cipher suites containing SHA1 and DES algorithms If left empt...

Page 473: ...ameter Values Equivalent web parameter sslcli 0 4 certfile Up to 12 characters DOS 8 3 format Client Certificate Filename sslcli 0 4 keyfile Up to 12 characters DOS 8 3 format Client Private Key Filename sslcli 0 4 cipherlist Colon separated list of ciphers Cipher List sslcli 0 4 IPaddr Apply to Destination IP Address ...

Page 474: ...e is selected from this drop down list Client Private Key Filename The file containing the private key that matches the above certificate is selected from this drop down list SSL Version The version of the SSL protocol to use is selected from this drop down list Selecting Any allows the use of any version The available options are Any TLSv1 only SSLv2 only Cipher List The list of ciphers is the sa...

Page 475: ...stance Parameter Values Equivalent web parameter sslsvr 0 certfile Up to 12 characters DOS 8 3 format Server Certificate Filename sslsvr 0 keyfile Up to 12 characters DOS 8 3 format Server Private Key Filename sslsvr 0 ver Blank TLS1 SSL2 SSL Version sslsvr 0 cipherlist Colon separated list Cipher List sslsvr 0 debug off on n a ...

Page 476: ...and client from the web interface and command line About the Secure Shell SSH server 477 Configure Secure Shell SSH server parameters 478 Configure Secure Shell SSH Client 483 SSH parameters 487 Generate an SSH private key from the web interface 487 Generate an SSH private key from the CLI 488 SSH Authentication with a public private key pair 488 ...

Page 477: ...mpossible to read the files using any of the normal methods such as FTP It is possible using the genkey command to create host keys in either format for use with SSH Using this utility it is not necessary to have the host key files present on any other storage device thus providing an additional level of security For details on generating a private key file see Generate an SSH private key from the...

Page 478: ... Servers Enables or disables the SSH servers on the router SSH Server n parameters The router supports eight individual SSH servers that are configured independently using the options described below Enable SSH Server When enabled enables the SSH server Use TCP port p The TCP port number default 22 that the SSH server will use to listen for incoming connections Port 22 is the standard SSH port All...

Page 479: ...sion before the SSH socket will be closed Use Deflate compression No Yes level n Sets use of DEFLATE compression If compression is selected the compression level is chosen from the drop down list Enable Port Forwarding When enabled the router accepts traffic on ports other than 23 This functionality is for use with SSH client applications such as PuTTY that have port forwarding capability For exam...

Page 480: ...process when a new SSH session is started unless they have data to send to the server in which case they will initiate the key exchange themselves When enabled this setting causes the router to automatically initiate a key exchange without waiting for the client Rekey Never After n units of data have been transferred With SSH V2 it is possible to negotiate new encryption keys after using the curre...

Page 481: ...be given the value 1 and the other options given a value of 2 or greater If all these parameters are set to the same value the router automatically uses them in the following order SHA1 SHA1 96 MD5 MD5 96 MAC MD5 The preference level for MAC MD5 MAC MD5 96 The preference level for MAC MD5 96 MAC SHA1 The preference level for MAC SHA1 MAC SHA1 96 The preference level for MAC SHA1 96 Enable Debug Th...

Page 482: ...Deflate compression level ssh 0 7 fwd 0 2147483647 Enable port forwarding ssh 0 7 cmdhost Valid IP address a b c d Command session IP address a b c d ssh 0 7 cmdport 0 2147483647 Command session port p ssh 0 7 svrkeybits 0 2147483647 Server key size ssh 0 7 initkex off on Actively start key exchange ssh 0 7 rekeybytes 0 2147483647 0 Do not rekey Rekey After n units of data have been transferred ss...

Page 483: ... seconds to wait for the server to begin the banner exchange part of the protocol after the socket connects known_hosts Filename The name of file to use the regular SSH client identity Filename The name of file to use as the regular SSH client id_rsa Filename The name of an SSH V1 or V2 host key There are two id_rsa files to allow the user to configure a SSHv1 private key into one field and a SSHv...

Page 484: ...e A value of 0 disables the option 3DES The preference level for the Triple DES algorithm AES 128 bits The preference level for the 128 bit AES algorithm AES 192 bits The preference level for the AES algorithm using 192 bits AES 256 bits The preference level for the AES algorithm using 256 bits Authentication Preferences The following configuration options allocate preferences to the selected auth...

Page 485: ...lives When enabled enables server keepalives to use the same tcp connection for HTTP conversation instead of opening new one with each new request Enable Debug The router supports logging and output of debugging information for situations where there are problems establishing a SSH connection When enabled this setting causes the router to trace and output information that should be helpful in diag...

Page 486: ...r an SSH V1 or SSH V2 host key sshcli 0 7 comp 0 disabled Use Deflate compression level sshcli 0 7 pubkeyauth 0 disabled Enables SSH public key authentication to connect to OpenSSH sshcli 0 7 pwdauth 0 disabled Enables SSH password authentication to connect to OpenSSH sshcli 0 7 enc3descbc 0 2147483647 0 Disabled 3DES sshcli 0 7 encaes128cbc 0 2147483647 AES 128 bits sshcli 0 7 encaes192cbc 0 2147...

Page 487: ...hose already present using the drop down selector The filename should have a prefix of priv and a file extension of pem such as privssh1 pem The 8 3 file name convention applies 3 Check the checkbox marked Save in SSHv1 format to generate a version 1 SSH key Click the Generate Key button to generate the private key file The key file is then stored in the router s FLASH filing system 4 To generate ...

Page 488: ... 1 but this time omit the ssh1 switch For example genkey 1024 privssh2 pem 3 Set the first private key as the SSH Host key 1 using the following command ssh 0 hostkey1 privssh1 pem 4 Set the second private key as SSH Host Key 2 using the following command ssh 0 hostkey2 privssh2 pem 5 Save the configuration config 0 save SSH Authentication with a public private key pair Once SSH access has been co...

Page 489: ...de 489 Configure FTP Relay This section covers configuring File Transfer Protocol FTP relay agents from the web interface and command line interface About FTP relay agents 490 FTP Relay n parameters 491 Advanced FTP Relay parameters 494 ...

Page 490: ...eful when using the router to collect data files from a locally attached device such as a webcam which must then be to a host system over a slower data connection such as W WAN In effect the routers acts as a temporary data buffer for the files The FTP Relay Agent can also be configured to email as an attachment any file it was unable to transfer to the FTP server To do this go to Configuration Al...

Page 491: ...e usernames assigned in the Configuration Security Users web page This name then serves as the FTP login username when the local device needs to relay a file The value in the right hand text box is the name of the FTP host to which the files from the locally attached device are relayed Server Username The username required to log in to the specified FTP host Server Password The password to use to ...

Page 492: ...ace existing file Attempt to connect to the FTP Server n times The number of connection attempts that the router should make if the first attempt is not successful Wait s seconds between attempts The interval in seconds the router should wait in between successive connections attempts Remain connected for s seconds after a file has been transferred How long in seconds the router maintains the conn...

Page 493: ...s Entity Instance Parameter Values Equivalent web parameter frelay n locuser Up to 15 characters Relay files for user locuser frelay n ftphost Up to 64 characters to FTP Server ftphost frelay n ftpuser Up to 20 characters Server Username frelay n ftppwd Up to 20 characters Server Password frelay n ftpdir Up to 40 characters Remote directory frelay n norename off on Rename file frelay n ascii off o...

Page 494: ... Routers User Guide 494 Advanced FTP Relay parameters Tx Buffer Size n bytes The value in this text box specifies the size of the Tx socket buffer Related CLI commands Entity Instance Parameter Values Equivalent web parameter ftpcli n txbuf 0 2147483647 Tx Buffer Size ...

Page 495: ...s User Guide 495 Configure IP passthrough This topic covers configuring IP Passthrough from the web interface and command line About IP passthrough 496 IP Passthrough page configuration parameters 497 Related CLI commands 499 ...

Page 496: ...a network needs to have access to it from the Internet with a public IP address With IP passthrough configured all IP traffic not just TCP UDP is forwarded back to the host computer This feature can be useful for applications that do not function reliably through network address translation In the web interface IP passthrough is configured on the Configuration Network IP Passthrough page ...

Page 497: ...face to which the local PC is connected either an Ethernet or PPP connection WAN PPP interface The PPP interface that will share its WAN address with the local PC Ethernet DHCP Mode Selects the mode of operation for the passthrough functionality The available options are Normal 24 bit mask and Fixed IP Address 32 bit mask The default is Normal 24 bit mask When Fixed IP 32 bit mask mode of operatio...

Page 498: ...s Telnet from passthrough Telnet over SSL Excludes SSL from passthrough SSH SFTP Excludes SSH SFTP from passthrough SNMP Excludes SNMP from passthrough GRE Excludes GRE from passthrough Ping Excludes the ICMP echo request from passthrough Other Ports The list of TCP and UDP port numbers in this text box are added to the list of port numbers that are not forwarded to the local PC Separate port numb...

Page 499: ... passthru 0 pppadd 0 2147483647 PPP interface passthru 0 mode 0 1 0 Normal 1 32 bit mask Mode passthru 0 http off on HTTP passthru 0 https off on HTTPS passthru 0 telnet off on Telnet passthru 0 telnets off on Telnet over SSL passthru 0 ssh off on SSH SFTP passthru 0 snmp off on SNMP passthru 0 gre off on GRE passthru 0 ping off on Ping passthru 0 ports Comma separated list of ports Other Ports pa...

Page 500: ... TransPort WR Routers User Guide 500 Configure UDP echo This section covers configuring UDP echo from the web interface or command line About UDP echo 501 UDP Echo n parameters 501 Related CLI commands 502 ...

Page 501: ...splayed Send a UDP packet to IP address a b c d port n every s seconds The values in these three text boxes define the destination IP address for the UDP packets the port number to which they should be sent and the sending interval If the destination IP address is left blank the router will not attempt to send any packets Use local port n The local port the router should listen on for UDP packets ...

Page 502: ...es Equivalent web parameter udpecho n dstip Valid hostname Send a UDP packet to IP address a b c d port n every s seconds udpecho n dstport 0 65535 Send a UDP packet to IP address a b c d port n every s seconds udpecho n interval 0 2147483647 Send a UDP packet to IP address a b c d port n every s seconds udpecho n locport 0 65535 Use local port n udpecho n userouting off on Route via Routing table...

Page 503: ...uality of Service QoS This section covers configuring the Quality of Service QoS from the web interface and command line About Quality of Service QoS 504 Configuring QoS in the web interface 505 DSCP Mappings parameters 506 Queue Profiles parameters 508 ...

Page 504: ... priority queue to allow packets to be routed at a specific data rate providing that queues of a higher priority are not already using the available bandwidth Have the router use Weighted Random Early Dropping WRED of packets as queues become busy to get the TCP socket generating the packets to back off its transmit timers This prevents the queue overflow which results in dropping all subsequent p...

Page 505: ... Mappings page contains parameters to configure DSCP operation The Configuration Network Queue Profiles page contains parameters to manage the queue profiles Each Configuration Interfaces Ethernet and Configuration Interfaces PPP instance page contains a QoS sub page which controls how QoS behaves on that particular interface When configuring QoS be aware that the router supports ten queues number...

Page 506: ...fault Selects the default queue When this is changed any DSCP codes that are set to use the default will have their queue number changed DSCP A list of valid DSCP codes with an associated drop down list box to the right Queue Each of the DSCP codes in the left hand column has a queue associated with it To change the value from what is shown select the desired value from the drop down list Related ...

Page 507: ...de from 0 to 63 or 64 see note below To change the value of a parameter use the following command dscp code q value Where code is a valid DSCP code and value is from 0 to 9 To set the default mapping value enter the command dscp 64 q value Where value is the default queue number required and has a value from 0 to 9 Note DSCP code 64 is not actually a valid code but is employed here to set up the d...

Page 508: ...kilobits second that the router tries to attain for this queue This means that if the router determines that bandwidth is available to send more packets from a queue that has reached its Minimum kbps setting it sends more packets from that queue until the Maximum kbps setting is reached If the bandwidth on a queue should be restricted setting the Maximum kbps value to the same as or lower than the...

Page 509: ...factor A weighting factor the WRED algorithm uses when calculating the weighted queue length The weighted queue length is based on the previous queue length and has a weighting factor that may be adjusted to provide different transmit characteristics The actual formula is new_length old_length 1 1 2 n current_length 1 2 n Small weighting factor values result in a weighted queue length that moves q...

Page 510: ...instance parameter value To set the maximum throughput for queue profile 5 to 10kbps enter the following command qprof 5 maxkbps 10 Entity Instance Parameter Values Equivalent web parameter qprof n minkbps 0 2147483647 Minimum kbps qprof n maxkbps 0 2147483647 Maximum kbps qprof n qlen 0 2147483647 Maximum Packet Queue Length qprof n minth 0 2147483647 WRED Minimum Threshold qprof n maxth 0 214748...

Page 511: ...e 511 Configure time bands This section covers configuring time bands from the web interface or command line About time bands 512 Enable and disable time bands for a PPP instance 512 Timeband page parameters 514 Related CLI commands 515 ...

Page 512: ...me band is On which means that PPP instances that are associated with unconfigured time bands will operate normally The router supports four time band configurations Whenever a time band transition occurs an entry is made in the event log Enable and disable time bands for a PPP instance On the Configuration Network Timebands page enabling and disabling time bands for a particular PPP or Wi Fi inst...

Page 513: ...t WR Routers User Guide 513 Timeband Selects which of the four available time band instances should be associated with the PPP instance Related CLI commands Entity Instance Parameter Values Equivalent web parameter ppp n tband 0 3 The default state of this parameter is blank Timeband ...

Page 514: ...kbox To select the weekend only check the Sat Sun checkbox To select weekdays only check the Mon Fri checkbox Time The transition time specified in 24 hour format with a colon separator between hours and minutes State The routing state which can be On or Off For convenience this parameter toggles state for each new addition if an On transition is configured the default state for the next addition ...

Page 515: ...h as Mon Wed Fri You can use the abbreviation MF to specify Monday through Friday For example to allow PPP routing only on weekdays between 9 00 a m and 5 30 p m enter these commands tband 0 days 0 mf tband 0 time0 9 tband 0 state0 on tband 0 days1 mf tband 0 time1 5 30 tband 0 state1 off Entity Instance Parameter Values Equivalent web parameter tband 0 3 days ALL MF Mon Tue Wed Thu Fri Sat Sun Da...

Page 516: ...hose cases the settings should not require changes The Advanced Network Settings are available for those instances where detailed settings for network features require changes To view the advanced network settings in the web interface go to Configuration Network Advanced Network Settings First settings group 517 Socket settings 519 XOT settings 521 Backup IP addresses 523 ...

Page 517: ...connected to a Serial interface using TCP Advertise an MSS of n bytes The maximum segment size an asynchronous serial port connected to TCP sockets uses advertises Use a Rx Window size of n bytes The Rx window size an asynchronous serial port connected to TCP sockets uses advertises Default SSL version for outgoing connections Selects which version of the SSL protocol to use in the tcpdial command...

Page 518: ...alues Equivalent web parameter cmd n sec_ip Valid IP address Secondary IP address a b c d sockopt n asymss 0 2147483648 When connected to a serial interface using TCP Advertise an MSS of n bytes sockopt n asyrxwin 0 2147483648 Use a Rx Window size of n bytes sockopt n sslver 0 3 0 Auto 1 TLSv1 2 SSLv2 Default SSL version for outgoing connections ...

Page 519: ...es the interface from which the source address should be derived Note Even when this parameter is not configured the router uses IP address from the interface on which the socket was created It uses the source address specified in this parameter only if it causes the traffic to match an Eroute and therefore be sent using IPsec or GRE Connect Timeout s seconds The amount of time after which a TCP s...

Page 520: ... parameter sockopt n gp_ipent 0 PPP ETH Default source IP address interface x y sockopt n gp_ipadd Valid interface number Default source IP address interface x y sockopt n sock_connto 0 2147483648 Connect Timeout s seconds sockopt n sock_inact 0 2147483648 TCP socket inactivity timer s seconds sockopt n sock_keepact 0 2147483648 TCP socket keep alive s seconds ...

Page 521: ...ts The maximum number of XOT sockets available Use this setting to reduce the number of XOT sockets in order to free up more general purpose sockets for other purposes The default value of 0 enables the maximum number of XOT sockets available Maximum ACK time for XOT data The maximum time allowance for a remote unit to acknowledge TCP data transmitted by a unit s socket If this timer expires the s...

Page 522: ...ter Values Equivalent web parameter sockopt n xot_ipent Valid interface type ETH PPP Default source IP address interface x y sockopt n xot_ipadd Valid interface number Default source IP address interface x y sockopt n xot_listens 0 2147483648 NB of XOT listening sockets sockopt n xot_maxack 0 2147483648 Maximum ACK time for XOT data ...

Page 523: ...ess to try when the router fails to open a connection to the previous IP address Retry Time s seconds The length of time in seconds the router waits between checks to see if a connection can be made to IP Address Try Next When connection to the primary IP address has just failed this text box determines whether a connection to the backup IP address should be attempted immediately or when the appli...

Page 524: ...ew backup IP address for that IP address When the original IP address becomes unavailable the router tries the backup IP address If that IP address is unavailable the router tries its backup IP address and so on For example if the original IP address is 192 168 0 1 with a backup IP address of 192 168 0 2 setting the IP address in the next row to 192 168 0 2 with a backup IP address of 192 168 0 3 ...

Page 525: ...configuring legacy protocols from the web interface or command line About legacy protocols 526 Configure Systems Network Architecture over IP SNAIP 527 Configure TPAD parameters 537 Configure X 25 parameters 550 Configure MODBUS Gateway parameters 592 Configure Protocol Switch software 596 ...

Page 526: ...ferred to as legacy protocols Examples of legacy protocols are X 25 SNA and LAPB Digi TransPort routers can connect to legacy networks such as X 25 They can also simulate a legacy network so that equipment that in the past would have connected to a legacy network can connect to the Digi TransPort router instead This means old equipment can be connected to modern networks such as HSUPA ...

Page 527: ...ure SNA traffic over TCP IP using the DLSw protocol often called SNAIP They can also can send HDLC traffic over TCP IP About SNA SNA uses Synchronous Data Link Control SDLC an unbalanced mode in which there is one master station and one or more secondary stations Each secondary station owns a station address and can only respond when this address has just been polled by the master A typical scenar...

Page 528: ...a DLSw state independently of all other stations The SNAIP parameter Priority is the SNAIP instance to use when more than one is available the highest number being given preference For example consider that 4 SNAIP instances to all share sync port 0 To do this configure SNAIP 0 in the usual way on PORT 0 then configure SNAIP instances 1 2 and 3 to use SharedPort and Sync Port from SNAIP 0 Use prot...

Page 529: ... Do not send TEST frames When this parameter is enabled TEST frames are not transmitted and the TEST response is not expected Instead the router assumes the station exists and proceeds with the protocol as if the DLSw has received the TEST response Toggle DCD output each time the DLSw protocol enters the DISCONNECTED state When this parameter is set to On the DCD Data Carrier Detect output turns o...

Page 530: ...ed above Send Null XID XID with no Data When this parameter is set to On a null XID SSP message will be sent when the router has just received or sent a REACH ACK SSP message Send XID with Data A hex string to define binary data and defines an XID SSP message that would be sent in response to a XIDFRAME SSP message being received Tx Turn Around Time The time in milliseconds between receiving a fra...

Page 531: ...r Window Size The X 25 window size The value range is from 1 to 7 with the default being 7 Disconnect link if there has been no activity for x seconds The length of time in seconds before the link is disconnected if there has been no activity If this parameter is 0 or not specified the inactivity timer is disabled When the router uses a LAPB instance over ISDN it is useful to set this to a short p...

Page 532: ... protocol Use interface for source IP address Setting this parameter to a PPP or ETH instance causes the source address for this SNAIP instance to match that of the Ethernet or PPP interface specified Close TCP connection if it is idle for x secs The maximum period of inactivity in seconds that may occur before an open TCP IP socket is closed The default value is 300 seconds 5 minutes Normally it ...

Page 533: ... to CONNECT PENDING state During the DLSw negotiation phase and when XID messages are being exchanged this parameter controls which end sends the CONTACT message Normally this would be off in which case this router would send the CONTACT message but if this parameter is set we would not send this message but instead wait for it to be sent to us before progressing in the DLSw state machine Make imm...

Page 534: ...ith the specified text snaip x autocontact 1 enabled 0 disabled Assume station exists Do not send TEST frames snaip x dcd_toggle 1 enabled 0 disabled Toggle DCD output each time the DLSw protocol enters the DISCONNECTED state snaip x l1oos 1 enabled 0 disabled Sync port should not send or receive data when WAN link is down snaip x master 1 enabled 0 disabled Router to be Master on an unbalanced li...

Page 535: ...naip x srcipadd 0 255 Use interface for source IP address snaip x sock_inact 0 2147483647 Close TCP connection if it is idle for x secs snaip x ver 0 2 DLSw Ver snaip x passive 0 active 1 passive DLSw Role snaip x dlswwindow 1 100 DLSw Window snaip x udp_cap 1 enabled 0 disabled UDP Capable snaip x use1sock On Off Compatible Use 1 socket snaip x inc_mac_exc 1 enabled 0 disabled Include MAC Exclusi...

Page 536: ...AIP instances share an ASY port a switchover to a specific instance can be initiated by issuing snasw x where x is the SNAIP instance number This instance must be available to go online or this command will fail To revert back and use the default instance issue the snadis x command The router uses normal priorities to determine which SNAIP instance gets to use the SYNC port ...

Page 537: ... channel operation or operation through a synchronous port select LAPB In the case of LAPB and LAPD an interface number can also be specified This parameter specifies which LAPB or LAPD instance to use for the relevant TPAD instance Select 0 or 1 for LAPB or 0 or 1 for LAPD When using LAPB with ISDN this parameter may be set to 255 which means use any free LAPB instance This is useful when more th...

Page 538: ...may be set to contain additional numbers that are dialed after the number specified by B channel ISDN For example if B channel ISDN is set to 123456 and Suffix is set to 789 the actual number dialed is 123456789 On the main interface Deactivate LAPB session x seconds after TPAD X 25 call has been cleared Once a TPAD X 25 call has been cleared the router keeps a LAPB instance active for the length ...

Page 539: ...icular service to which you subscribe usually 4 Each logical channel must be assigned a valid Logical Channel Number LCN The LCN parameter is the value of the first LCN that will be assigned for outgoing X 25 CALLs The default is 1027 For incoming calls the router accepts the LCN specified by the caller LCN direction Specifies whether the X 25 LCN for outgoing TPAD calls is incremented or decremen...

Page 540: ... X 25 RESTART packets Sends X 25 RESTART packets Delay the X 25 RESTART packets by x milliseconds The time in milliseconds to wait before sending the X 25 RESTART packets Call User Data A text string that will be placed in the Call User Data field of an outgoing X 25 call request packet Whether or not this information is required will depend on the X 25 host that you are connecting to In most case...

Page 541: ...TXT for a complete list of events XoT TCP settings Connect to remote IP address When the router is configured for XOT or TCP socket mode this parameter sets the IP address of the host to which the TCP XOT connection is made The transport protocol must be set to TCP Port When making a TCP socket connection such as the transport protocol has been set to TCP not XoT this parameter sets the TCP port n...

Page 542: ...placed by the ID set in the Use Terminal ID field above The TID will be become inactive in n seconds The time in seconds before the Terminal ID is considered inactive Local authorizations may be configured to occur on active TIDs terminal Ids so this parameter defines how long a time without transactions must pass for a TID to change from active to inactive Use TID xxxxxxxxx with incoming APACS 50...

Page 543: ...eir destination without the terminal having to perform any call control If this parameter is set to Yes the next time the router is rebooted it operates in direct mode For direct mode to work you must set up the appropriate addressing information such as Transport protocol NUA NUI IP address etc If this parameter is not enabled the router still tries to use direct mode if it detects that it is req...

Page 544: ...acter is not received within this time the data is retransmitted A value of 0 sets a delay of 1 second the default Transmit TPAD transactions directly in a Synchronous frame If enabled TPAD transactions are transmitted without any outer protocol such as X 25 such as they are placed directly in a synchronous frame on ISDN This sometimes referred to as HDLC by certain card acquirers Include LRC The ...

Page 545: ...n a transaction to an SOH character Terminate TPAD call is EOT only A TPAD call is normally terminated with a DLE EOT sequence Some terminals only require the EOT character on its own If this is the case then enable this parameter Clear TPAD call if there is no response to a TPAD transaction request for x seconds The length of time in seconds the router waits for a response to a TPAD transaction r...

Page 546: ...een on the ASY TPAD port the network call X25 or TCP socket is cleared The number 1 is a special value If set to the number 1 the call is cleared immediately instead of after 1 second If the terminal dial command specifies V 120 use PANS context x This parameter is for advanced users only It enables TPAD transactions to be carried out using the V 120 protocol ATDV command Use this parameter with t...

Page 547: ...in ATD command tpad n suffix text numeric Use suffix x tpad n tl2deact 0 10000 On the main interface Deactivate LAPB session x seconds after TPAD X 25 call has been cleared tpad n baktl2deact 0 10000 On the backup interface Deactivate LAPB session x seconds after TPAD X 25 call has been cleared tpad n defpak 16 32 64 128 256 512 1024 Default X 25 Packet Size tpad n nua text Use NUA tpad n nui text...

Page 548: ...g calls tpad n merchnum text Use merchant Number tpad n useconstr 1 enabled 0 disabled Use Connect String tpad n constr text Use Connect String tpad n pollchars text The polling character set is c tpad n domsgnb 1 enabled 0 disabled Enable Message Numbering tpad n disdir 1 enabled 0 disabled Disable Direct Mode tpad n bdir 1 enabled 0 disabled Boot to Direct Mode tpad n uaarc 0 99 Use response cod...

Page 549: ... 1 enabled 0 disabled Force parity when sending data to the host tpad n strip_tspaces 1 enabled 0 disabled Strip Trailing Spaces tpad n ackdat 1 enabled 0 disabled Acknowledge TPAD data packets tpad n stx_2_soh 1 enabled 0 disabled Convert leading STX character to SOH tpad n eot_only 1 enabled 0 disabled Terminate TPAD call is EOT only tpad n tresp 0 1000 Clear TPAD call if there is no response to...

Page 550: ...WR Routers User Guide 550 Configure X 25 parameters The Configuration Network Legacy Protocol X 25 menu has the following sub menu options General LAPB NUI Mappings NUA NUI Interface Mappings Calls Macros IP to X 25 Calls PADS n X 25 Settings IP Settings PADs X 25 PVCs ...

Page 551: ... links Reset XOT PVC if the router is the Responder If set to On the router is responsible for resetting the links on XOT PVC links when it is the responder The default for this parameter is Off Include length of header in IP length header For all X 25 calls that include an IP header length indication such as IP Length Header is set to On a TPAD or PAD etc this parameter specifies whether the leng...

Page 552: ...ddr 1 enabled 0 disabled When answering a X 25 call use the addresses from CALL packet in the CALL CNF packet LAPB setting X25gen 0 xot_cnf_addr 1 enabled 0 disabled When answering a X 25 call use the addresses from CALL packet in the CALL CNF packet XoT setting X25gen 0 reset_xotpvc_ini 1 enabled 0 disabled Reset XOT PVC if the router is the Initiator X25gen 0 reset_xotpvc_resp 1 enabled 0 disabl...

Page 553: ...e Serial port Port x in Synchronous Mode To use the LAPB instance over a synchronous serial port enable this setting and select a serial port number To configure settings of the synchronous port such as speed and clock source navigate to Configuration Network Interfaces Serial Serial Port n Sync Port n Use ISDN Enable this setting to use LAPB over ISDN Mode DTE or DCE Determines whether LAPB will ...

Page 554: ...ds before the link is disconnected if there has been no X 25 activity If this parameter is 0 or not specified then the inactivity timer is disabled Disconnect link if there has been no activity for x seconds The length of time in seconds before the link is disconnected if there has been no activity If this parameter is 0 or not specified then the inactivity timer is disabled It is useful to set th...

Page 555: ...sion terminated When this parameter is enabled the following setting is enabled Wait x milliseconds before attempting to establish the LAPB link after B channel becoming active This parameter sets the length of time in milliseconds that the LAPB instance will wait from an ISDN B channel becoming active before attempting to establish a LAPB connection such as the length of time for which the LAPB i...

Page 556: ...ser Guide 556 Mux mode Controls the multiplexing mode DLC The data link channel number to use for this virtual ASY port ASY port The physical ASY port over which to multiplex Virtual ASY port The virtual ASY port number that this LAPB instance will multiplex over the physical port ...

Page 557: ... x milliseconds lapb n Window 1 7 X 25 Window Size lapb n tinactx25 0 3000 Disconnect link if there has been no X 25 activity for x seconds lapb n tinact 0 3000 Disconnect link if there has been no activity for x seconds lapb n restartact 1 enabled 0 disabled Send X 25 Restart packet on receipt of SABM frame lapb n ans 1 enabled 0 disabled Allow this unit to answer calls lapb n msn text Only accep...

Page 558: ...legacy protocols Configure X 25 parameters Digi TransPort WR Routers User Guide 558 lapb n asyport 0 255 ASY port lapb n virt_async 0 255 Virtual ASY port Entity Instance Parameter Values Equivalent web parameter ...

Page 559: ...the X 25 network requires an NUA instead of an NUI to determine the destination of a call you can use the NUI Mappings table to convert an NUI to an NUA If a TPAD call specifies a call in which the NUI matches an entry the call actually placed on the network will contain the respective NUA and no NUI Related CLI commands Entity Instance Parameter Values Equivalent web parameter nuimap n nua text M...

Page 560: ...A called NUI called X 25 Call Data PID You can use the wildcard matching characters and in the comparison fields NUA NUI Call Data and PID Note The Configuration Network Protocol Switch NUA to Interface Mappings section duplicates this table as the Protocol Switch can also use it Not all of the fields are visible in the Protocol Switch section as they do not all apply to the Protocol Switch NUA Th...

Page 561: ...ance Parameter Values Equivalent web parameter nuaip N nua text NUA nuaip N nui text NUI nuaip N cud text Call Data nuaip n pid text PID nuaip n IPaddr IP address IP Address nuaip n ip_port 0 65535 IP Port nuaip n swto 0 15 Interface nuaip n buswto 0 15 Backup Interface Parameter Value Interface Type 0 Default 1 LAPD 2 LAPB 0 3 LAPB 1 4 XOT 5 LAPD x instance determined by NUA 6 LAPB 0 PVC 7 LAPB 1...

Page 562: ...he name X25test and then executed simply by entering CALL X25test To create a macro enter a name for the macro in the left column of the Call Macros table and in the right column enter the appropriate command string excluding the ATD Then click Add Macro The name of the macro this can be any text Command The X 25 call command Add button Adds the X 25 call macro to the X 25 configuration Related CL...

Page 563: ...ets unless you are confident other applications need them Port Used to set up the port numbers for those IP ports that will listen for incoming connections that are to be switched over X 25 or other protocol In the case of switching to X 25 when such a connection is made the router will make an X 25 Call to the address specified in the X 25 Call field Once this call has been connected data from th...

Page 564: ...ocket The protocol selects whether incoming or outgoing support is required IP Length Header When IP length header is On the IP length indicator field is inserted at the start of each packet When set to 8583 Ascii 4 byte the IP length header conforms to the ISO 8583 format In the example above 3 IP sockets will listen for an incoming connection on IP Port 2004 Once connected each socket makes an X...

Page 565: ...rk There are two main elements to the configuration procedure for accessing X 25 networks General and service related parameters PAD parameters X 3 Each X 25 PAD configuration page also includes a sub page detailing the X 3 PAD parameters Collectively this set of values is known as a PAD profile Your router contains four pre defined standard PAD profiles numbered 50 51 90 and 91 You can also creat...

Page 566: ...r incoming calls from NUA The NUA that the router responds to for incoming X 25 calls Only answer calls with CUG The PAD will only answer calls with this Call User Group CUG specified Use X 25 Call Macro macroname to an ATD command The name of an X 25 call macro to use when the router receives an ATD command The router ignores the ATD command replacing it with a PAD CALL command using the macro Th...

Page 567: ...the supplied NUI to connect over B channel for backup On the backup interface LCN Sets the first LCN to use for the backup interface On the backup interface LCN Direction Whether the LCN for the backup X 25 interface is incremented or decremented from the starting value when multiple X 25 instances share a single layer 2 connection On the backup interface NUI NUA selection If both an NUI and an NU...

Page 568: ...mpt To change the prompt enter a new string of up to 15 characters into the text box PAD mode The PAD Mode parameter can be set to Normal or Prompt Always On In Prompt Always On mode the ASY port attached to the PAD behaves as if it were permanently connected at layer 2 such as it always displays a PAD prompt AT commands may still be entered but the normal result codes are suppressed To disable th...

Page 569: ...ed from the X 25 or other type of connection to the terminal upon initial connection Terminate the PAD call after x seconds if there has been no data transmission The length of time in seconds after which the PAD will terminate an X 25 call if there has been no data transmission Disconnect the layer 2 call if there is no layer 3 call in progress for x seconds The length of time in seconds after wh...

Page 570: ...with CUG pad n amacro text Use X 25 Call Macro macroname to an ATD command pad n cingnua text valid NUA Use NUA pad n lcn 1 4095 LCN pad n lcnup 1 up 0 down LCN Direction pad n nuaimode 0 NUI and NUA 1 NUA only 2 NUI only NUI NUA selection pad n dorest 1 enabled 0 disabled Enable X 25 Restart Packets pad n restdel 0 60000 ms Restart delay pad n IPaddr text Remote IP address pad n buipaddr text Rem...

Page 571: ...led 0 disabled Enable Leased Line Mode pad n enqcon 1 enabled 0 disabled Send ENQ on Connect pad n stxmode 1 enabled 0 disabled Enable STX ETX Filtering pad n delconmsg 0 10 Delay connect message n x 10 milliseconds pad n data_del 0 2147483647 Delay data transfer after connection by n x 10 milliseconds pad n inacttim 0 1000 Terminate the PAD call after x seconds if there has been no data transmiss...

Page 572: ...equirements and save the resulting customized user profile to non volatile memory Loading and Saving PAD Profiles To create your own PAD profiles edit the appropriate parameters and then select user profile 1 2 3 or 4 as required from the list and click the Save Profile button Each PAD profile page includes two list boxes for loading and saving PAD profiles To load a particular profile select the ...

Page 573: ...he remote system 2 Echo Enables or disables local echo of data transmitted during a call When echo is enabled you can use X 3 parameter 20 to inhibit echoing certain characters 3 Data forwarding characters Defines which characters cause data to be assembled into a packet and forwarded to the network Combinations of the above sets of characters are possible by adding the respective values together ...

Page 574: ...f flow control the PAD uses to temporarily halt and restart the flow of data from the DTE during a call 6 Suppression of PAD service signals Determines whether or not the PAD prompt and or Service Command signals are issued to the DTE Option Description 0 No data forwarding time out 1 Data forwarding time out in 20ths of a second Option Description 0 No flow control 1 XON XOFF flow control 3 RTS C...

Page 575: ...stem can re enable output to your DTE using parameter 8 Option Description 8 Discard output Determines whether data received during a call is passed to the DTE or discarded The remote system can directly set this value only you can use this setting in a variety of circumstances when the remote DTE cannot handle a continuous flow of data at high speed 9 Padding after CR Slower terminal devices such...

Page 576: ...sertion after CR Controls the automatic generation of a Line Feed by the PAD The line feed values can be added together to select Line Feed insertion to any desired combination Option Description 0 No line folding 1 255 Width of line before the PAD generates CR LF Option Description 15 19 200 bps 14 9 600 bps 12 2 400 bps 3 2 400 bps Option Description 0 No flow control 1 XON XOFF flow control 3 R...

Page 577: ...ed to the DTE during editing When editing is enabled the idle timer delay parameter 4 is disabled You must use parameter 3 to select the desired data forwarding condition 16 Character delete character The edit mode delete character ASCII 0 127 The default is backspace ASCII 08 17 Line delete character The edit mode line buffer delete character ASCII 0 127 The default is CTRL X ASCII 24 18 Line red...

Page 578: ... length for paged mode output A page wait condition is cleared when the PAD receives a character from the terminal Related CLI commands To edit the X 3 PAD parameters from the command line use the set command described in X 28 commands Option Description 0 No echo mask all characters are echoed 1 CR 2 LF 4 VT HT or FF 8 BEL BS 16 ESC ENQ 32 ACK NAK STX SOH EOT ETB ETX 64 No echo of characters set ...

Page 579: ...t though the XOT PVC connection always uses an LCN of 1 For an XOT PVC this field should contain the remote connection s LCN PVC Mode The lower layer interface use for the PVC This setting can be set to LAPB LAPD or TCP for XOT mode Connect this PVC to PAD x What type of upper layer interface is connected to this PVC and can be set to PAD for an X 25 PAD TPAD for a TPAD instance or XSW for X 25 sw...

Page 580: ...you must refer to the documentation or the configuration files of the other unit to determine the names of the interfaces Responder interface The name of the interface to which a PVC initiator is connected such as Serial 2 Related CLI commands Entity Instance Parameter Values Equivalent web parameter pvc n l2iface Blank or lapb lapd tcp Enable this PVC pvc n lcn 0 4096 LCN pvc n uliface pad tpad x...

Page 581: ...e service The Packet Assembler Disassembler PAD interface conforms to the X 3 X 28 and X 29 standards Up to 6 PAD instances from an available pool of 8 can be created and dynamically assigned to the asynchronous serial ports or the REM pseudo port Each application that uses the router to access an X 25 network has its own particular configuration requirements For example you may need to program yo...

Page 582: ...g table Command Description CALL Make an X 25 call CLR Clear an X 25 call ICLR Invitation to CLR INPAR List X 3 parameters of specified PAD instance INPROF Load or save specified PAD profile INSET Set X 3 parameters of specified PAD instance INT Send Interrupt packet LOG Logoff and disconnect PAR List local X 3 parameters PROF Load or save PAD profile RESET Send reset packet RPAR List remote X 3 p...

Page 583: ...restriction Q Fast select restricted response Gnn Closed User Group Gnnnn Extended Closed User Group R Reverse charging N NUI Network User Identity code NUI Example The following command places a call to address 56512120 using reverse charging and specifying Closed User Group 12 The string MYNUI is your Network User Identity The string Hello appears in the user data field of the call packet CALL R...

Page 584: ...sting Restricted response fast select and a window size of 2 The user or system then has 15 seconds in which to pass up to 124 bytes of data to the PAD to be included in the clear indication packet that is sent in response to the call The PAD does not differentiate between standard and restricted response Fast select on incoming calls and consequently will always respond with a clear indication Ne...

Page 585: ...Abort a CALL command To abort an X 25 CALL use the X 28 CLR command do one of the following Press Enter Drop DTR from the terminal while the call is in progress Dropping DTR will also terminate an established call If a call is terminated by the network or by the remote host the router returns a diagnostic message before the NO CARRIER result code Messages can be numeric or verbose depending on the...

Page 586: ...ested facility not subscribed 57 Bearer capability not authorized 58 Bearer capability not presently available 63 Service or option not available unspecified 65 Bearer capability not implemented 66 Channel type not implemented 69 Requested facility not implemented 70 Only restricted digital information bearer 79 Service or option not implemented unspecified 81 Invalid call reference value 82 Ident...

Page 587: ...istent or not implemented 98 Message not compatible with call state or message type nonexistent or not implemented 99 Information element non existent or not implemented 100 Invalid information element contents 101 Message not compatible with call state 102 Recovery on timer expired 111 Protocol error unspecified 127 Interworking unspecified 128 General level 2 call control failure probable networ...

Page 588: ...e numeric equivalent of the clear down code text is a description of the reason for clear down The clear down reason codes supported by the router are listed in the following table If an unknown reason code is received the text field is blank Reason Code Numeric Code Text DTE 0 by remote device OOC 1 number busy INV 3 invalid facility requested NC 5 temporary network problem DER 9 number out of or...

Page 589: ...ave PAD profile The PROF command stores or retrieves a pre defined set of X 3 PAD parameters called a PAD profile The information is stored in system file called X3PROF There are 4 pre defined profiles numbered 50 51 90 and 91 Additionally you can create 4 user PAD profiles numbered 1 to 4 Profile 50 is automatically loaded when a PAD is first activated To load one of the other pre defined profile...

Page 590: ... in non volatile memory and are not lost when the router is switched off When in the following format the PROF command loads the stored profile specified by nn prof nn Parameter Profile 50 51 90 91 1 1 0 1 0 2 0 0 1 0 3 0 0 126 0 4 5 5 0 20 5 0 3 1 0 6 5 5 1 0 7 0 8 2 2 8 0 0 0 0 9 0 0 0 0 10 0 0 0 0 11 15 15 15 15 12 0 3 1 0 13 0 0 0 0 14 0 0 0 0 15 0 0 0 0 16 8 8 127 127 17 24 24 24 24 18 18 18 ...

Page 591: ...PAR lists the current X 3 parameter settings for the remote system RSET command Set remote X 3 parameters RSET sets one or more X 3 parameters for the remote system It is entered in the format RSET par value par value par value SET command Set local X 3 parameters SET sets one or more of the local X 3 parameters for the duration of the current session The format of the command is SET par value par...

Page 592: ...ng a MODBUS server only Clients such as remote PCs can send overlapping requests The router will create a queue of info requests and deal with them appropriately sending them out over the serial port and relaying the responses back Overlapping polls from multiple clients are supported Modbus Gateway configuration parameters Modbus Gateway parameters are configured on the Configuration Network Lega...

Page 593: ...e gap pause with no reception of characters is detected the message currently received from the station is at that staged forwarded on as the complete response Fix slave address The address of the slave is fixed at this value An address conversion will occur if a message that does not contain this address is received from the TCP master If you do not use this setting the TCP master must use the co...

Page 594: ...Duplex Mode modbus n idle_gap 0 2147483647 Idle Gap modbus n fix_slave_address 0 255 Fix slave address modbus n adj_slave_address 0 255 Adjust slave address modbus n ipport0 0 65535 IP Port row 1 modbus n nbsocks0 0 currently available Number of sockets row 1 modbus n ipmode0 0 TCP 1 UDP IP Mode row 1 modbus n rawmode0 1 enabled 0 disabled Raw Mode row 1 modbus n Ipport1 0 65535 IP Port row 2 modb...

Page 595: ... slaves when operating as act as slave Up to 32 slave definitions may be defined Slave addresses unit ids The address of the slave unit Remote Host The IP address of the remote host such as the slave unit IP Port The IP port number The default port is 502 IP Mode Select the IP mode using this drop down list The default mode is TCP Add Adds the slave to the MODBUS configuration ...

Page 596: ...ervice LAPD X As above but the actual LAPD instance to use is determined by the NUA LAPB 0 Data is switched from or backed up to LAPB 0 LAPB 1 Data is switched from or backed up to LAPB 1 LAPB 2 Data is switched from or backed up to LAPB 2 LAPB 0 PVC Data is switched from or backed up to an X 25 PVC on LAPB 0 LAPB 1 PVC Data is switched from or backed up to an X 25 PVC on LAPB 1 LAPB 2 PVC Data is...

Page 597: ...oftware Digi TransPort WR Routers User Guide 597 Protocol Switch software logic This flowchart outlines the logic in the switching software The notes after the flowchart provide a more in depth explanation of the actions taken in each of the numbered boxes ...

Page 598: ...ch NUA Mappings table to see if there are any matches for the Called or Calling NUA values on the specified interface When the Interface Description is Off None data is not switched from or backed up from this protocol is a match the NUA In value is substituted by the NUA Out value as the mapping is applied individually to both the Calling NUA and Called NUA for the packet The router checks the le...

Page 599: ...Port WR Routers User Guide 599 Protocol Switch parameters The Configuration Network Protocol Switch menu has the following sub menu options A table for setting interface switches and backup interfaces LAPD parameters LAPB parameters IP Stream XOT parameters X 25 parameters ...

Page 600: ...PVC Select the interface to which data should be switched from the drop down list or select Off and the protocol switch will not respond to any incoming XOT PVC calls Backup to interface If any of the Switch from parameters has been set to XOT and XOT is unavailable you can use this parameter to specify an alternative interface to switch the X 25 call to Any of the other interfaces can be selected...

Page 601: ...removed from the calling NUA field D Channel LCN The value of the first LCN assigned for outgoing X25 calls on LAPD D Channel LCN Direction Max VCs Unlimited The maximum number of Virtual Circuits VCs on an LAPD interface When the maximum has been reached the backup call will take place immediately or the call will clear if there is no backup call If this parameter is set to 0 there is no limit De...

Page 602: ...he router connects to it the X 25 switch sends a data packet on the LAPB X 25 SVC containing the ENQ character LAPB 0 Default Packet Size 128 256 512 1024 The default packet size for calls being switched onto LAPB 0 The default packet size is 128 Other possible values are 256 512 or 1024 bytes LAPB 0 Default Window Size 2 1 3 4 5 6 7 The default window size for calls being switched onto LAPB 0 The...

Page 603: ...UA NUI to IP addresses table if the call matches any entry in that table IP Length Header Off On 8583 Ascii 4 byte On inclusive When IP length header is On a length indicator field is inserted at the start of each packet When set to 8583 Ascii 4 byte the IP length header conforms to the ISO 8583 format Source IP address interface Auto Ethernet PPP The default value for this parameter is Auto which...

Page 604: ... in which clear causes are always 0 when issued if the router is the DTE Interpret no facilities on Call Accept as P7W2 When this parameter is set to On the X 25 switch interprets any call accept packets that do not include the window size W or packet size P as if the call accept has P7W2 such as a packet size of 128 bytes and a windows size of 2 Notes on PAD Answering Because the other interfaces...

Page 605: ...frlapb2 0 10 13 15 see below Switch from LAPB 2 to x25sw 0 swfrlapb2pvc 0 10 12 14 15 see below Switch from LAPB 2 PVC to x25sw 0 swfrlapd 0 2 10 12 15 see below Switch from LAPD to x25sw 0 swfrxot 0 3 5 10 12 15 see below Switch from XOT TCP to x25sw 0 swfrxotpvc 0 7 9 10 12 15 see below Switch from XOT PVC to x25sw 0 callprefix NUA Calling Prefix x25sw 0 dlcn 0 65535 D Channel LCN x25sw 0 dlcnup...

Page 606: ...ault Window Size x25sw 0 lapb2ppar 7 8 9 10 7 128 8 256 9 512 10 1024 LAPB 2 Default Packet Size x25sw 0 lapb2wpar 1 7 LAPB 2 Default Window Size x25sw 0 ipaddr IP address IP Stream or XOT Remote IP Address x25sw 0 buipaddr IP address IP Stream or XOT Backup IP Address x25sw 0 ip_port 0 65535 IP Stream Port x25sw 0 iphdr 0 1 2 0 Off 1 On 2 8583 Ascii 4 byte IP Length Header x25sw 0 srcipadd Interf...

Page 607: ...TransPort WR Routers User Guide 607 x25sw 0 l2deactcc 0 65535 L2 Deactivation Clear Cause x25sw 0 x25ver84 off on Off 88 On 84 X25 Version x25sw 0 accdefp7w2 off on Interpret no facilities on Call Accept as P7W2 Entity Instance Parameter Values Equivalent web parameter ...

Page 608: ...rt WR Routers User Guide 608 Interfaces are coded as follows Parameter value Interface type 0 None 1 LAPD 2 LAPB 0 3 LAPB 1 4 XOT 5 LAPD X actual instance is determined by NUA 6 LAPB 0 PVC 7 LAPB 1 PVC 8 XOT PVC 9 TCP stream 10 UDP stream 12 LAPB 2 13 LAPB 2 PVC 14 VXN 15 SSL ...

Page 609: ...age displays a table with four columns in which you can specify the CUD In values corresponding CUD Out values and to which interfaces the mappings should be applied The interface field defines which output interfaces this mapping applies to Wildcard characters are allowed and In each case the interface type to which the mapping applies can be selected from ANY LAPD LAPB0 LAPB1 LAPB2 or XOT Relate...

Page 610: ...ified in the X 25 Call field Once this call has been connected data from the port is switched over the X 25 session Number of Sockets How many IP sockets should simultaneously listen for data on the specified port The number of available IP sockets depend on your router model and how many are already in use See note at the end of these settings descriptions X25 Call The X 25 call field may contain...

Page 611: ... each packet When set to 8583 Ascii 4 byte the IP length header conforms to the ISO 8583 format In the example above 3 IP sockets will listen for an incoming connection on IP Port 2004 Once connected they each make an X 25 Call to jollyroger The router recognizes that jollyroger is a pre defined macro as illustrated below and translates it into an X 25 Call to address 32423 with the string x25 dat...

Page 612: ...valent web parameter ipx25 n ip_port 0 65535 IP Port ipx25 n nb_listens 0 software dependent max Number of Sockets ipx25 n x25call NUA NUI or X 25 macro name X25 Call ipx25 n pid hex numbers PID ipx25 n cnf_mode 1 enabled 0 disabled Confirm Mode ipx25 n rfc1086_mode 1 enabled 0 disabled RFC 1086 Mode ipx25 n iphdr 0 Off 1 On 2 8583 Ascii 4 byte IP length header ...

Page 613: ...nfiguration Network Legacy Protocols X 25 NUA NUI Interface Mappings page Similarly NUIs can also be matched In this example a call with NUI of value test is switched onto a TCP socket using IP address 100 100 100 1 on port 678 All three comparison fields NUA NUI and Call Data can use the wildcard matching characters and In the example shown above when an X 25 call is received with either the NUA ...

Page 614: ... nua 0 65536 NUA nuaip 0 255 ipaddr IP address IP Address nuaip 0 255 ip_port 0 65536 IP Port nuaip 0 255 swto 0 10 12 15 see table below Interface nuaip 0 255 buswto 0 10 12 15 see table below Backup Interface Parameter Value Interface Type 0 Default 1 LAPD 2 LAPB 0 3 LAPB 1 4 XOT 5 LAPD X actual instance determined by NUA 6 LAPB 0 PVC 7 LAPB 1 PVC 8 XOT PVC 9 TCP stream 10 UDP stream 12 LAPB 2 1...

Page 615: ...ces the mappings should be applied and whether the mapping should apply if the router is making the call receiving the call or both For example if the called NUA is 123456789345 and there is an NUA In table entry of 9345 with Called Calling set to either Both or Called this will match and the entire called NUA will be replaced with the corresponding NUA Out entry In each case the interface type to...

Page 616: ...the Alarm parameters of your router with Digi TransPort Web Interface This section covers configuring alarms from the web interface on the Configuration Alarms page and from the command line Event Settings parameters 617 Event Logcodes parameters 632 SMTP Account parameters 638 ...

Page 617: ...ents in the logcodes txt pseudo file When an event of a specified or lower priority level occurs a syslog message an email alert or SMS alert can be sent to a pre defined address The Configuration Alarms Event Settings menu has the following sub menu items Email Notifications SNMP Traps SMS Local Logging Syslog Messages Syslog Server n pages ...

Page 618: ... up that the router should wait before sending any alert messages This is useful when the sending of those items would fail if sent too soon after the router powers up because the underlying interface to use has not completed initialization Include event number in the event log and Email SNMP traps or Syslog messages If enabled event numbers from the logcodes txt file are included Related CLI comm...

Page 619: ...late An email template is a text file that defines the appearance and content of the email messages generated by the event logger Email template structure An email template consists of a header section followed by a body section One or more blank lines separate the two sections Header section The header section MUST contain the following three fields TO Used to specify at least one recipient s ema...

Page 620: ... for all emails Date If this field is present in the header the router inserts the current date and time into the header The date and time are values local to the router and do not contain any time zone information Body section The body section can include any text This text is parsed for any function calls that may be present Function calls must be enclosed between and These sequences are substit...

Page 621: ...nfiguration This blank line is required Time timeSmtp Serial Number serial_number Req CFG_RQ IP Address smtpip PPP 1 IP address pppip 1 Example 2 TO fred anyco com jane anyco co uk FROM MyRouter SUBJECT automatic email MIME Version 1 0 This blank line is required Unit smtpid Event email_event This event had sufficient priority to cause the transmission of this email Please check the attached logs ...

Page 622: ... of this email Please check the attached logs and review run_cmd ati5 run_cmd bufs run_cmd msgs You can also specify an extra parameter which indicates the required priority of the event before the command is executed This allows events to be sent off without attachments but if the event has an equal or higher priority than the value of this parameter the attachments are included This ensures that...

Page 623: ...a maximum of n emails per day The limit on the number of emails that can be sent during any 24 hour period The intention is to prevent excessive alerts being sent when the event trigger value is set to a high priority low value for example 1 2 or 3 such as a value that results in a large number of automated email alert messages being generated A maximum of 255 emails can be sent in a day n emails ...

Page 624: ... Parameter Values Equivalent web parameter event n etrig 0 9 0 disables sending alerts Send an email notification when the event priority is at least n event n emax 0 255 Send a maximum of n emails per day event n etemp The name of a template file Default is event emL Use email template file event n to A valid email address such as you yourdomain com Email To event n from A valid email address Ema...

Page 625: ... trigger an automated SNMP trap message To disable SNMP traps set this value to 0 Send a maximum of n SNMP taps per day Sets the limit on the number of emails that may be sent during any 24 hour period The intention is to prevent excessive alerts being sent when the event trigger value is set to a high priority low value for example 1 2 or 3 such as a value that results in a large number of SNMP t...

Page 626: ...o the value 6 only events with a priority of 6 or higher will trigger an automated SMS alert Setting this field to 0 disables sending SMS alerts Use SMS template The name of the template file to form the basis of any alarm messages generated by the event logger The default template file is a file called event sms that is stored in the compressed web file A new template can be created and if named ...

Page 627: ...If the event priority is at least n event n sms_to2 A valid mobile number such as 447871445677 Send SMS messages to event n sms_trig2 0 9 If the event priority is at least n event n sms_to3 A valid mobile number such as 447871445677 Send SMS messages to event n sms_trig3 0 9 If the event priority is at least n event n sms_temp event sms templatefilestoredin the compressed web file Use SMS template...

Page 628: ...ng parameters set the following values in the web interface Local Drive to log to Determines the drive letter where the USB flash drive is located This is designated u for a USB drive Log filename The name of the file for the secondary event log Log size The maximum size of the log file in kilobytes XML logs On platforms that support it event logs can be saved in XML format This field specifies th...

Page 629: ...slog message To disable syslog messages set this value to 0 Send a maximum of n Syslog messages per day Sets the limit on the number of syslog messages that may be sent during any 24 hour period The intention is to prevent excessive alerts being sent when the event trigger value is set to a high priority low value 1 2 or 3 for example such as a value that results in a large number of syslog messag...

Page 630: ...on modes these are selected from a drop down list and are TCP UDP and a protocol described in IETF RFC 3195 TCP timeout s seconds For TCP communications this parameter sets the timeout on the socket Route using These radio buttons select which method of establishing a route to the server to use Routing table When this radio button is selected the routing table determines the interface that to use ...

Page 631: ...ameter syslog n server IP address Syslog server IP address syslog n port IP port number Port syslog n mode UDP TCP RFC3195 Mode syslog n tcp_to Timeout in seconds such as 86400 TCP timeout s seconds syslog n source_ent PPP ETH Interface x y x Interface type syslog n source_add 0 4 Interface x y y interface number syslog n priority Hyphen separated 0 7 Comma separated 0 3 5 or all Priority checkbox...

Page 632: ...the logcodes are retained The Event Logcodes page initially shows a table containing the event descriptions and reason Clicking on any of the items that are links in the table opens a configuration page associated with that item The newly opened page allows that item to be configured The configuration options shown on that page are described below Event This is not a configurable parameter it is s...

Page 633: ...ult of enabling the parameter Do not log this event as described below Event Priority Controls the priority of the event and determines whether an event will trigger email SMS messages or SNMP traps Reasons The reason why the event occurred Not every event has a list of reasons Reason Priority This parameter is for information only Attachment List ID A fixed list of values for conveniently referri...

Page 634: ...is means that after changing this parameter you must save the changes by clicking the save changes link when prompted this appears after clicking the Apply button If you click the Save All Event Code Changes your changes are not reflected Log Priority The priority of the event to determine whether the event will trigger emails SMS messages or SNMP traps 0 disabled 1 highest priority 9 lowest prior...

Page 635: ...ive Causes a snapshot of the analyser trace to be stored on the USB flash drive If this event creates an Email alarm Attach a snapshot of the Traffic Analyser trace Causes a snapshot of the analyser trace to be attached to the email After this event Leave the Analyser trace Leaves the analyser trace unchanged Freeze the Analyser trace Causes the analyser to be frozen such as no more logging will t...

Page 636: ...h to the email The ID refers to the table of files If this event creates a Syslog alarm use Syslog Priority This drop down selection box contains the following options Emergency Alert Critical Error Warning Info Debug Syslog Facility This drop down selection box contains the following options Kernel User Mail System Auth Syslog ...

Page 637: ...eckbox There is the following additional parameter Inherit alarm priority from event Causes the following Alarm Priority parameter to be disabled and causes the priority to be the same as the event that triggered it The Alarm Priority parameter is the same as in the Configuring Events page Related CLI commands There are no CLI commands for editing Event logcodes However you can edit the LOGCODES T...

Page 638: ...ferent TCP port enter it here Username Email accounts are controlled by requiring a username and password in order to send and receive mail This field is where the account username is set This information will be provided by the administrator of the email server Password This field is where the account password is set Confirm password Re enter the password The two passwords are compared to check t...

Page 639: ...is inserted into the email header if no reply address exists in the appropriate email template If the email template does contain an address in the reply to field that will override the default reply address Route using Routing table Interface x y When selected the routing code determines the outbound interface and that interface determines the source IP address If the Route using routing table op...

Page 640: ...rname smtp n password Free text field containing account password such as my_password Password smtp n mail_from Free text field Display Email From as smtp n att_lim 0 65535 Attachment size limit This CLI value is entered in Kilobytes only smtp n reply_to Free text field If the email template does not contain one use Reply To address smtp n userouting 0 1 Route using routing table smtp n ll_ent Bla...

Page 641: ...ration settings for general behavior of the system on the Configuration Systems pages This section covers configuring system settings from the web interface and command line Device Identity parameters 642 Date and Time parameters 644 Autoset Date and Time parameters 646 NTP parameters 649 General system parameters 655 ...

Page 642: ...string for the router which again may be helpful when referring to a particular router within a site or for identifying a particular site Device ID This field is taken from the Remote Manager configuration and should not normally need to be changed When using Remote Manager to manage the router the configuration procedure assigns a device ID to the router The device ID is a 64 byte value with each...

Page 643: ... 012345 entering the string My_Router_ s would show the prompt My_Router_012345 during a remote login Hostname Assigns a hostname to the local IP address of the router Secondary Hostname Allows a second hostname to be assigned to a router This is associated with the secondary IP address Note Character limitations of the Description and Hostname fields should be 64 characters Related CLI commands E...

Page 644: ... may be configured to use one of these protocols for maintaining the internal system time The router uses the 24 hour clock Current system time The current system time appears at the top of this web page Manually set the time h hours m minutes s seconds M month D day Y year These parameters are set using the associated drop down selection menus Hours Select from the drop down list to set the hours...

Page 645: ...outers User Guide 645 Year Select from the drop down list to set the year Set Click this button to cause the above settings to take effect Related CLI commands Entity Instance Parameter Values Equivalent web parameter n a n a time hh mm ss DD MM YYYY Manually set the time ...

Page 646: ...scribed below SNTP server The hostname or IP address of the desired SNTP server Check on Power up When checked causes the router to attempt to connect to the SNTP server every time it boots Update every h hours The interval in hours the router should wait between updating the system clock Update randomly between s1 and s2 seconds It is possible to use a random update interval rather than a fixed i...

Page 647: ...ly adjust the system time to ensure the router uses local Daylight Saving Time Start parameters Month The month in which to switch to daylight saving time Day The day on which to switch to daylight saving time Hour The hour at which to switch to daylight saving time End Month The desired month in which to switch back to GMT UTC Day The desired day on which to switch back to GMT Hour The desired ho...

Page 648: ... sntp n interval 0 255 Update every h hours Default 24 sntp n randintsecs 0 86400 Randomly between s1 and s2 seconds Use format s1 s2 For example min 50 max 500 would be 50 500 sntp n offset 12 to 13 Offset from GMT sntp n dstonmon 0 12 Start Month Update for Daylight Saving Time 0 disables daylight saving sntp n dstonday 0 31 Start Day sntp n dstonhr 0 23 Start Hour sntp n dstoffmon 0 12 End Mont...

Page 649: ...or using as the time source Configure SNTP before using NTP The router calculates the accuracy of the NTP time servers over a period of time up to 2 hours Once the drift compensation is calculated the router uses NTP client The drift compensation value is stored in NVRAM and written to the config da0 file If the router loses power or is rebooted it does not need to re calculate the accuracy of the...

Page 650: ...Configure system settings NTP parameters Digi TransPort WR Routers User Guide 650 ...

Page 651: ...ver 1 2 3 4 Hostname The NTP server hostname or IP address Broadcast Mode When enabled the NTP client operates in a different manner Rather than sending out an NTP client message and expecting a reply the NTP module sends out a broadcast mode packet to the IP address configured in NTP host field The broadcast interval is determined by the value of Minimum poll interval Poll Interval s1 to s2 secon...

Page 652: ...e type ntp n inhibit_add 0 255 Disable NTP when interface x y is out of service y interface number ntp n server Valid IP address or hostname such as ntp1 timeserver org NTP Server ntp n bcast 0 1 Broadcast Mode 0 disabled 1 enabled ntp n minpoll 3 14 Poll Interval s1 s2 3 8 4 16 5 32 6 64 7 128 8 256 9 512 10 1024 11 2048 12 4096 13 8192 14 16384 ntp n maxpoll 3 14 Poll Interval s1 s2 See minpoll ...

Page 653: ...0 1 0 disabled 1 enabled Broadcast Mode ntp n minpoll 3 14 Poll Interval s1 s2 See minpoll parameter for values ntp n maxpoll 3 14 Poll Interval s1 s2 See minpoll parameter for values ntp n burstint3 0 255 Startup burst Interval s seconds ntp n server4 Valid IP address or hostname such as ntp4 timeserver org NTP Server ntp n bcast4 0 1 0 disabled 1 enabled Broadcast Mode ntp n minpoll4 3 14 Poll I...

Page 654: ...54 ntpstat command Check NTP client status To check the status of the NTP client use the ntpstat command View NTP system status information ntpstat sys View NTP peer information ntpstat peers Reset system information and allow NTP to recalculate the drift compensation ntpstat rst ...

Page 655: ... Basic script sample bas must be run at boot up Autorun commands are normally associated with an ASY port but running a script for example is not ASY port specific To configure the autorun commands set the following values The command interface to be associated with the command In the above example this would be set to the number 0 Command The CLI command to run on start up In the above example th...

Page 656: ... Use access level None Low Med High Super For security purposes logging into the router is controlled by a user access level This parameter controls the access level that applies when logging in via the local asynchronous serial port Automatically log user out Never If idle for h hrs m mins s secs How long the local port allows access before terminating the connection and requiring the user to log...

Page 657: ... or any site specific user instructions CLI Post Login Banner Once the user has successfully logged on to the router a second message can be displayed This parameter specifies the name of a file containing the text to display As above the file may contain site specific instructions to be carried out once the user has logged in Allow CLI access from X 25 address n Enables disables logging into the ...

Page 658: ...al n access 0 4 Use access level 0 Super 1 High 2 Medium 3 Low 4 None 8 Read only local n tlocto Free text field Never h hrs m mins s secs cmd n noremecho 0 1 0 Off default 1 On Enable Remote command echo cmd n prebanner Valid filename such as welcome1 txt CLI Pre Login Banner cmd n postbanner Valid filename such as welcome2 txt CLI Post Login Banner cmd n cmdnua 0 1023 Allow CLI access from X 25 ...

Page 659: ... NAT port n Standard FTP uses two well known ports a control port and data port These are low number ports and can be blocked by firewall rules As such it may be that an FTP server may be listening on a non standard control port This parameter sets the port the router should monitor for FTP PORT and PASV commands These commands contain information relating to IP addresses and ports that should be ...

Page 660: ...e the drop down selection box to choose which signal status to display On modules fitted with W WAN this LED has additional functionality you can use this LED to display the W WAN signal strength Related CLI commands Entity Instance Parameter Values Equivalent web parameter config n powerup 0 1 Use Config n when the router powers up cmd n anonftp 0 1 0 Off default 1 On Allow anonymous FTP login sn...

Page 661: ...Configure system settings General system parameters Digi TransPort WR Routers User Guide 661 ...

Page 662: ...Configure system settings General system parameters Digi TransPort WR Routers User Guide 662 ...

Page 663: ...Configure system settings General system parameters Digi TransPort WR Routers User Guide 663 ...

Page 664: ...e Remote Management This section covers configuring the router to connect to and be managed remotely by Digi Remote Manager or Simple Network Management Protocol SNMP Digi Remote Manager 662 Advanced remote management settings 666 SNMP parameters 669 ...

Page 665: ... manager Remote Manager parameters Remote Manager parameters are configured on the Configuration Remote Management pages Connection Settings To configure Digi Remote Manager connection settings parameters set the following values Enable Remote Management using a client initiated connection Displays the basic configuration parameters and enable the router to make the connection to the Remote Manage...

Page 666: ...1 Enable Remote Management and Configuration using a client initiated connection 0 Off 1 On cloud n server Valid IP address such as 1 2 3 4 or domain name such as login remotemanager digi com Server Address cloud n reconnect 0 1 Automatically reconnect the server after being disconnected 0 Off 1 On cloud n reconnsecs 0 86400 Reconnect after h m s This CLI value is entered in seconds only ...

Page 667: ...at you have subscribed to the SMS service Check this box to enable opt in Enable Strict Sender You can enable the Strict Sender mode to ensure that the SMS messages from Remote Manager are never blocked Check this box to enable the Strict Sender framework Enable responses to be sent to the sender s phone number Check this box to enable responses to be sent to the sender s phone number Accept Remot...

Page 668: ...ault off Enable Strict Sender cloudsms n replytosender off on Default off Enable responses to be sent to the sender s phone number cloudsms n pagedconnect off on Default off Accept Remote Manager client connection requests cloudsms n connectoverride off on Default off Accept requests to connect to other Remote Manager servers cloudsms n phnum Number Override the destination phone number with the f...

Page 669: ...lt keepalive intervals are different This is owing to the different characteristics of PPP and Ethernet links Connection Settings Disconnect when Remote Manager is idle Once the router has connected to the Remote Manager server and the server has established that all the settings it holds for the router are current and no new changes are being requested the traffic between the router and Remote Ma...

Page 670: ...l packet loss is to be expected This parameter allows for a specified number of lost keep alive packets before the connection is deemed to have failed Ethernet Settings Receive Interval s seconds The time between keep alive packets that the router should wait before considering that the connection may be lost Transmit Interval s seconds The interval between transmission of keep alive packets Assum...

Page 671: ...nt web parameter cloud n idledisconn 0 1 Disconnect when Remote Manager server is idle 0 Do not disconnect 1 Disconnect cloud n disconnsecs 0 28800 Idle Timeout h m s This CLI value is entered in seconds only cloud n ppprxkeepalive 0 28800 WAN Receive Interval seconds cloud n ppptxkeepalive 0 28800 WAN Transmit Interval seconds cloud n pppwaitfor 1 255 WAN Assume connection is lost after n timeout...

Page 672: ...ollowing groups tables in RFC3414 are not supported usmUserTable Other MIBs may be available on request Besides the above MIBs there are two other MIBs that are supplied as standard There is a MIB that is generated after the firmware has been installed This is accomplished using the mibprint CLI command and the MIBEXE DOS tool available from Digi Technical Support This MIB changes with every firmw...

Page 673: ...ion 3 of the protocol Use UDP Port n The UDP port number to use The default is UDP port 161 SNMPv3 Engine ID Required as part of the SNMP v3 protocol This is a 24 hexadecimal character string any trailing zeros in this string making the value up to 24 characters can be omitted A remote engine ID is required when a SNMP v3 Inform is configured The router uses the remote engine ID to compute the sec...

Page 674: ... CLI commands Entity Instance Parameter Values Equivalent web parameter snmp n v1enable 0 1 Enable SNMPv1 0 Off 1 On snmp n v2cenable 0 1 Enable SNMPv2c 0 Off 1 On snmp n v3enable 0 1 Enable SNMPv3 0 Off 1 On snmp n port 0 65535 Use UDP Port Default 161 snmp n engineid String SNMPv3 Engine ID ...

Page 675: ...this text entry box specifies the community string for Version 1 and Version 2c SNMP packets Confirm Community The community string is echoed as dots in the text entry box Having a second confirmation field where the string is retyped allows a simple check to be performed for correct entry Access The SNMPv1 or SNMPv2c community name SNMPv3 settings Username This field is the name of the SNMP user ...

Page 676: ...ch encryption privacy algorithm should be applied to the SNMP data Encryption Password Enter the user s password for controlling privacy of the SNMP transactions into this text box Confirm Encryption Password The encryption password is not shown as clear text The confirmation box allows a simple check that the password was entered correctly Related CLI commands Entity Instance Parameter Values Equ...

Page 677: ...able has a capacity of ten entries SNMP filter instances range from 0 to 9 Username The username as configured in the Configuration Security Users section of the user to whom the access restriction is applied OID Prefix The Object ID OID prefix for the range of objects in the MIB that the user is not allowed to view such as 1 3 6 1 2 1 4 Add Adds the username and OID prefix into the table Delete D...

Page 678: ...eneric traps Cold Start Warm Start Link Down Link Up etc When this setting is enabled generic traps are generated Generate Authentication Failure traps Enables the generation of authentication failure traps Generate VRRP traps Enables or disables generation of VRRP traps For details on VRRP configuration see Ethernet VRRP Parameters Related CLI commands Entity Instance Parameter Values Equivalent ...

Page 679: ...for this service Use SNMP Version Select the required SNMP version number from this drop down selection box Send Inform Request message If you select SNMP version 2c or 3 the router can send a SNMP Inform Request message instead of a Trap message Inform Request messages are acknowledged by the SNMP Trap server whereas Trap messages are not If no response retransmit the Inform Request message after...

Page 680: ...ap server This should match a user from one of the previously configured SNMP users Configuration Remote Management SNMP Users User Security Level Select the desired security level from this drop down selection box The choices are these No Authentication No Privacy Authentication No Privacy Authentication Privacy SNMPv3 settings Username The SNMPv3 user name Authentication SNMPv3 authentication ty...

Page 681: ...mptrap n sendInforms on off Send Inform Request messages snmptrap n informto Integer If no response retransmit the Inform Request message after n seconds snmptrap n informretries Integer Retransmit a maximum n times snmptrap n community String Community snmptrap n engineid String Trap Server Engine ID snmptrap n securityname String SNMP User snmptrap n securitylevel noauthnopriv authnopriv authpri...

Page 682: ...Configure Remote Management SNMP parameters Digi TransPort WR Routers User Guide 679 ...

Page 683: ...Configure Remote Management SNMP parameters Digi TransPort WR Routers User Guide 680 ...

Page 684: ...gs This section covers the configuring security settings from the web interface and command line System security settings 680 User security settings 681 Firewall 685 RADIUS parameters 715 TACACS parameters 722 Advanced TACACS security settings 725 Command filters 726 ...

Page 685: ...s security settings USB Security Disable the following USB devices This parameter provides an option of enabling or disabling any of the following USB devices All devices Mass storage devices Serial devices Hub devices Allow autoexec bat files to run from Mass Storage Devices Enables disables running the autoexec bat files from the mass storage devices Miscellaneous system security settings Enable...

Page 686: ...red as user 1 Password Confirm Password The password for the user Up to 14 characters are allowed Access Level Selects the access level for the user There are the following options Username Description s Uses the serial number of the router as the username i Uses the IMEI of the cellular module as the username c Uses the ICCID of the SIM as the username Access level Access allowed Super Allows ful...

Page 687: ...ame field enter the new user name Up to 14 characters are allowed in a username For additional details on the username see User system security setting 3 In the Password Confirm Password field enter the new password For additional details on the password see User system security setting 4 Select the access level for the user Super High Medium Low Read Only or None Descriptions of these access leve...

Page 688: ...password to create the HASH if it becomes the responder of some new negotiation If the IKE becomes a responder and IKE negotiations fail after supplying the HASH the next negotiation uses the other password Using this Alternate Key it should be possible to configure new passwords into both ends of a tunnel and not have too many failed negotiations The process would be to add the Alternate Key into...

Page 689: ...the call The network address for the dynamic route comes from the entry in the user table matching the username the remote unit used during PPP authentication Remote Peer IP subnet mask The remote subnet mask parameter Use with the Remote Peer IP subnet parameter above to fully qualify the network address for the user Public Key file The name of the file containing the public key for that user If ...

Page 690: ...a custom firewall configuration Firewall parameters Firewall configuration is performed on the Configuration Security Firewalls page Parameter descriptions follow There are three other buttons that appear just below the table Their use will also be described Since a default file is supplied when this page loads it displays the rules in the default fw txt file If fw txt does not exist a blank table...

Page 691: ...be lost if the router is rebooted or loses power Restore If after reviewing changes to the table it is decided that the edit should be abandoned clicking this button restores the original fw txt to the table provided that they have not been saved Below the firewall editor table is another table that controls the interfaces to which the firewall rules apply Interface A list of the available interfa...

Page 692: ...h time a packet is processed by the associated stateful inspection rule TCP Closing s seconds The time allowed for a TCP socket to close once the first FIN packet has been received If the timer expires before the socket has completed closing the stateful inspection rule is removed TCP Closed s seconds The time that a stateful inspection rule remains in place after a TCP connection has closed UDP s...

Page 693: ...cho is active on an interface that becomes disconnected Related CLI commands Entity Instance Parameter Values Equivalent web parameter fwall 0 opening 0 4294967296 TCP Opening s seconds fwall 0 open 0 4294967296 TCP Open s seconds fwall 0 closing 0 4294967296 TCP Closing s seconds fwall 0 closed 0 4294967296 TCP Closed s seconds fwall 0 udp 0 4294967296 UDP s seconds fwall 0 icmp 0 4294967296 ICMP...

Page 694: ...em that allows or prevents the transmission of data in either direction based on a set of rules These rules allow filtering based on the following criteria Source and destination IP addresses Source and destination IP port or port ranges Type of protocol in use Direction of the data in or out Interface type The eroute the packet is on Whether an interface is OOS out of service ICMP message type TC...

Page 695: ... new location Comments Any line starting with the hash character is considered a comment and is ignored Filter rules The syntax for a filter rule is action in out options tos proto dnslist ip range inspect state When the firewall is active the script is processed one line at a time as each packet is received or transmitted Even when a packet matches a filter rule processing still continues and all...

Page 696: ...be returned to the interface from which that packet was received You can use blocking to confuse hackers by having different responses to different packets or for fooling an attacker into thinking a service is not present on a network The syntax for specifying the return of an ICMP packet is return icmp icmp type icmp code where icmp_type is a decimal number representing the ICMP type or one of th...

Page 697: ...ch the rule to pass through the firewall but only if the link is already active debug Causes the router to tag any packets matching the rule for debug This means that for every matching rule that is encountered from this point in the script onwards an entry will be placed in the pseudo file FWLOG TXT dscp Causes any packets matching this rule to have its DSCP value adjusted according to this rule ...

Page 698: ... is specified an SNMP trap containing similar information to the normal log entry is generated when a packet matches the rule If syslog is specified a syslog message is sent to the configured syslog manager IP address This message contains the same information as that entered into the log file but in a different format If the body option has also been specified some of the IP packet information is...

Page 699: ... packets associated with the specified eroute For example including the option oneroute 2 causes the rule to only match on packets transmitted or received over Eroute 2 The oneroute option can be followed with the keyword any which will match if the packet is on any eroute routeto When the routeto option is specified and the firewall is processing a received packet if the rule is the last matching...

Page 700: ...e of several ways The basic syntax is ip range all from ip object to ip object flags icmp where ip object is an IP address specification For full details of the syntax with examples see Specifying IP addresses and ranges inspect state Creates rules for stateful inspection This is a powerful option in which the firewall script includes rules that allow the router to keep track of a TCP UDP or ICMP ...

Page 701: ...ce or destination address The most basic form for an ip object is an IP address preceded by from or to For example to block all packets destined for address 10 1 2 98 the script rule is block out from any to 10 1 2 98 You can specify an ip object using an address mask describing which bits of the IP address are relevant when matching The script processor supports two formats for specifying masks M...

Page 702: ...ort numbers Suppose a Telnet server is running on a machine on IP address 10 1 2 63 and you want to make this server accessible The filter from the previous example blocks all packets to 10 1 2 To make the Telnet server available on 10 1 2 63 add the following line before the blocking rule pass break end from any to 10 1 2 63 port 23 A packet sent to the Telnet server port 23 on IP address 10 1 2 ...

Page 703: ...erently on your system in which case you should use the port numbers explicitly and not the defined names Keyword Std Port Service Ftpdat 20 File Transfer Protocol data port Ftpcnt 21 File Transfer Protocol control port telnet 23 Telnet server port smtp 25 SMTP server port http 80 Web server port pop3 110 Mail server port sntp 123 NTP server port ike 500 Source destination port for IKE key xot 199...

Page 704: ...a flag being off with all other flags ignored flags s a As a further example suppose we want to allow outward connections from a machine on 10 1 2 33 to a Telnet server We have to define a filter rule to pass outbound connections and the inbound response packets Because this is an outbound Telnet service we can make use of the fact that all incoming packets will have their ACK bits set Only the fi...

Page 705: ...t of a low level protocol and are frequently exploited by hackers for attacking networks For this reason most network administrators want to restrict the use of ICMP packets The syntax for including ICMP filtering is icmp icmp type icmp type code decnum icmp type Can be one of the pre defined strings listed in the following table or the equivalent decimal numeric value ICMP type ICMP value Unreach...

Page 706: ...d the code field must also match Specify the ICMP code field with a decimal number For example to allow only echo replies and ICMP unreachable type ICMP packets from interface ppp 0 Then the rules would look something like this pass in break end on ppp 0 proto icmp from any to 10 1 2 0 24 icmp type echorep code 0 pass in break end on ppp 0 proto icmp from any to 10 1 2 0 24 icmp type unreach code ...

Page 707: ...ing that some other route with a lower metric will be selected When a firewall stateful inspection rule expires a decision is made as to whether the traffic being allowed to pass by this rule completed successfully or not For example if the stateful rule monitors SYN and FIN packets in both directions for a TCP socket then that rule will expire successfully However if SYNs are seen to pass in one ...

Page 708: ...ll have the SYN flag set we can use a rule that checks the SYN flag pass out break end on ppp 0 from 10 1 2 0 24 to any port 80 flags s inspect state block in break end on ppp 0 The first rule matches only the first outgoing packet because it checks the status of the s SYN flag and will only pass the packet if the SYN flag is set At first glance it appears that the second rule blocks all inbound p...

Page 709: ...askreq Using inspect state with Flags As can be seen above you can use the inspect state option with flags To illustrate this this example builds on an earlier example of filtering using flags It is possible to simplify the script by using the inspect state option The original script was pass out break end from 10 1 2 33 port 1023 to any port telnet pass in break end from any port telnet to 10 1 2...

Page 710: ...hey are only allowed in once an echo request has been sent out on that interface The moment that a valid echo reply comes back or there is a timeout echo replies will again be blocked Furthermore the full IP address is checked the IP source and destination must exactly match the IP destination and source of the echo request If you compare this to the rule to allow echo replies in without using ins...

Page 711: ... and can be tested in other firewall rules with the oosed keyword secs The length of time in seconds for which the routes that are using the specified interface are marked as out of service t secs Optional The length of time in seconds the router will wait for a response the packet that matched the rule c count Optional The number of times the stateful inspection engine must trigger on the rule be...

Page 712: ...gine deactivates PPP 1 The stateful inspection engine marks any routes that use PPP 1 as out of service AND deactivates PPP 1 if no reply is detected within 10 seconds for two packets in a row Routes come back into service when either the specified timeout expires or if there are no other routes with a higher metric in service PPP interfaces re activate when the routes using them are back in servi...

Page 713: ...may have already been assigned but if necessary the router can be configured to assign them by inserting the appropriate rules in the firewall This is done by using the dscp command For example the following rule sets the DSCP value to 46 for almost any type of packet received on ETH 0 from IP address 100 100 100 25 addressed to 1 2 3 4 on port 4000 This allows you to set the DSCP value for almost...

Page 714: ...direction the packet is traveling Line The line number of the rule that cause the packet to be logged Hits The number of matches for the rule that caused this packet to be logged Iface The Interface the packet was to be transmitted received on Source IP The source IP address in the IP packet Dest IP The destination IP address in the IP packet ID The value of the ID field in the IP packet TTL The v...

Page 715: ...y with the body option 15 8 2002 16 27 56 FW LOG Dir IN Line 7 Hits 1 IFACE ETH 0 Source IP 100 100 100 25 Dest IP 100 100 100 50 ID 40140 TTL 128 PROTO ICMP 1 block return icmp echorep log body break end proto icmp icmp type echo From REM TO LOCIFACE ETH 0 45 IP Ver 4 Hdr Len 20 00 TOS Routine Delay Normal Throughput Normal Reliability Normal 00 3C Length 60 9C CC ID 40140 00 00 Frag Offset 0 Con...

Page 716: ...ilter Filter Rule block return icmp unreach host unr in log syslog break end on eth 0 proto tcp from any to 100 100 100 50 port telnet Line 10 Hits 4 Syslog message with the body option specified 2002 08 30 16 19 59 User Info100 100 100 50Aug 10 16 21 56 arm 1140 IP Filter Filter Rule block return icmp unreach port unr in log body syslog break end on eth 0 proto tcp from any to 100 100 100 50 port...

Page 717: ... 60 seconds To override the default time allowed by the stateful rule for a connection to open use the t secs option For example to override the default TCP opening time of 60 seconds to 10 seconds pass out break end on PPP 2 proto TCP from 10 1 1 1 to 10 1 2 1 port telnet flags S A inspect state oos 60 t 10 A socket now has 10 seconds to become established such as exchange SYNs before the statefu...

Page 718: ...s unsuccessful The rd x option disconnects the interface after a recovery attempt completes Use this option to deactivate the interface after a recovery failure success or either x is a bitmask indicating when the interface should be deactivated Bit 0 deactivates the interface after a recovery failure Bit 1 deactivates the interface after a recovery success such as rd 1 means deactivate after a re...

Page 719: ...ng a firewall When creating and managing firewall scripts the scripts may need debugging to ensure that packets are being processed correctly To assist in this you can use a rule with the debug action If a rule with the debug action is encountered an entry is made in the FWLOG TXT pseudo file each time the packet in question matches a rule from that point on This allows you to follow a packet thro...

Page 720: ...tively If no response is received from the first server the second server is tried if configured If that server fails to respond the router uses local authentication unless disabled If both servers are unreachable and local authentication is disabled all authentication attempts fail If a RADIUS server replies with a REPLY MESSAGE attribute 18 the message is displayed after the login attempt and af...

Page 721: ...ization Primary Authorization Server IP Address a b c d The IP address of the primary authorization NAS NAS ID An identifier passed to the primary authorization NAS Identifies the RADIUS client The primary authorization NAS administrator supplies the appropriate value Password The password supplied by the primary authorization NAS administrator This password and the primary authorization NAS ID ar...

Page 722: ...word Type the above password into this text box so the router can determine if the two are identical Enable local authorization if there is no response from the authorization server s Enables or disables local authorization if the RADIUS servers are unreachable or not configured Default is enabled Un check the box to disable local authorization Accounting Primary Accounting Server IP Address The I...

Page 723: ...o the secondary accounting NAS Identifies the RADIUS client The appropriate value is supplied by the secondary accounting NAS administrator Password The password that is supplied by the secondary accounting NAS administrator Enter with the secondary accounting NAS ID to authenticate RADIUS packets Confirm Password Type the above password into this text box to enable the router to check that they a...

Page 724: ...haracters Secondary Authorization Server NAS ID radcli 0 1 password2 Up to 40 characters Secondary Authorization Server Password radcli 0 1 localauth off on Default on Enable local authorization if there is no response from the authorization server s radcli 0 1 aserver Valid IP Address a b c d Primary Accounting Server IP Address radcli 0 1 anasid Up to 80 characters Primary Accounting Server NAS ...

Page 725: ...rom the drop down list and enter the interface instance in the text box Interface options are Auto PPP Ethernet If there is no response from the server Retransmit the request after s seconds The interval between retransmissions of RADIUS packets Stop the negotiation after n retransmissions The maximum number of times RADIUS data should be transmitted to the NAS before the negotiation is deemed to ...

Page 726: ...nt web parameter radcli 0 ip_ent Blank ETH PPP Blank Auto Use Source IP Address radcli 0 1 retranint 0 2147483647 Default 5 Retransmit the request after s seconds radcli 0 1 retran 0 2147483647 Default 3 Stop the negotiation after n retransmissions radcli 0 1 inactto 0 2147483647 Default 30 Stop the negotiation if there is no activity for s seconds ...

Page 727: ...tions of the AAA services If TACACS authentication is enabled the request is sent to the TACACS server If disabled the router performs the authentication At this point authorization is also performed If TACACS authorization is disabled the user access level is obtained from the local user table on the router If TACACS authorization is enabled an authorization request is sent to the TACACS server T...

Page 728: ...ght hand text box TACACS uses TCP port 49 by default Entering a different number into this text box will cause the router to use that port instead The primary and secondary TACACS servers use this port number Server Key The encryption key to use when communicating with the primary server Confirm Server Key The key to allow the router to confirm that the two strings are identical Secondary TACACS S...

Page 729: ... also takes place Enable TACACS Accounting Enables accounting Sends accounting messages at the start and end of application sessions where applicable and update messages from command sessions when commands are denied locally or after they are executed Related CLI Commands Entity Instance Parameter Values Equivalent web parameter tacplus 0 svr Up to 64 characters for hostname or valid IP address a ...

Page 730: ... the instance of that interface into the adjacent text box The available interface options are Auto PPP Ethernet Response Timeout s seconds Text box Stop the negotiation if there is no activity for s seconds The amount of time in seconds before an inactive socket is closed Related CLI commands Entity Instance Parameter Values Equivalent web parameter tacplus 0 ip_ent Blank ETH PPP Blank Auto Use s...

Page 731: ...nd in the Command Filters table The command filter uses wild card character matching so that command filters such as cmd are permitted which would allow all cmd 0 commands to be executed Note that the command mapping table is checked first and the command filter table is only checked if there was not a match in the command matching table For more information on command filtering see Application No...

Page 732: ...ion is to respond with the OK response If the response needed is ERROR use the parameter cmd n cfilterr 1 Where n is the instance number Note Enclose any blank characters by double quotation marks When substituting a command upper case characters are considered the same as the corresponding lowercase characters Entity Instance Parameter Values Equivalent web parameter cfilter n cmd Valid command l...

Page 733: ...ts calls from other numbers using a standard ISDN reject code Note Only experienced personnel should use this feature for network testing and fault diagnosis It is not required for normal use To use this feature the ISDN circuit must support the Calling Line Identification CLI facility If CLI is supported incoming calls from specified numbers can be answered normally or rejected with an optional r...

Page 734: ...e calling numbers list enter the command rejlst instance where instance is 0 9 For example rejlst 5 To set up an entry to reject a number use the following commands rejlst 0 num 1234567 rejlst 0 ans OFF rejlst 0 code 42 To set up an entry to answer a number use the following commands rejlst 1 num 1234567 rejlst 1 ans ON ...

Page 735: ...30 Configure telemetry settings This section describes configuring telemetry settings from the web interface and command line About the GPS module on TransPort routers 731 GPS parameters 732 Configure GPS support for the GOBI3000 module 738 ...

Page 736: ...l or external In either situation the router uses an internal asynchronous serial ASY port for the connection The standard way that GPS modules send the data is using National Marine Electronics Association NMEA standard 0183 messages This protocol is usually simply referred to as NMEA Routers offering this functionality support the most common NMEA data messages These messages are described below...

Page 737: ...ver module when the router initializes the module The table described here controls which NMEA messages should be sent from the module The default is to enable all messages Fix data GGA Displays the fix data in the selected format 2D 3D or no fix Position GLL Displays the Geographic position Latitude Longitude sentence Active Satellites GSA Displays the NMEA sentence containing the number of activ...

Page 738: ... be sent and so on For this feature to work over a TCP IP connection the ZDA message must be enabled Use TCP UDP The protocol to use for sending the messages Prefix the message with t A text string that should precede the NMEA data if desired Suffix the message with t A text string that should follow the NMEA data if desired IP Connection 2 Send GPS messages to IP address a b c d The IP address to...

Page 739: ...Port WR Routers User Guide 734 Use TCP UDP The protocol to use for sending the messages Prefix the message with t A text string that should precede the NMEA data if desired Suffix the message with t A text string that should follow the NMEA data if desired ...

Page 740: ...ver GPS Module Initialization string gps 0 gga_on 0 1 0 Off 1 On Fix data GGA gps 0 gll_on 0 1 0 Off 1 On Position GLL gps 0 gsa_on 0 1 0 Off 1 On Active Satellites GSA gps 0 gsv_on 0 1 0 Off 1 On Satellites in view GSV gps 0 rmc_on 0 1 0 Off 1 On Position and time RMC gps 0 vtg_on 0 1 0 Off 1 On Course over Ground VTG gps 0 zda_on 0 1 0 Off 1 On UTC and local date time ZDA gps 0 oth_on 0 1 0 Off ...

Page 741: ...e to IP address 2 gps 0 IPport2 Valid IP port n port n gps 0 nsecs2 Time s seconds every n interval s gps 0 udpmode2 0 1 0 TCP 1 UDP Use TCP UDP gps 0 IPprefix2 Free text Prefix the message with gps 0 IPsuffix2 Free text Suffix the message with Entity Instance Parameter Values Equivalent web parameter Entity Instance Parameter Values Equivalent web parameter gps 0 gga_int s seconds 0 255 n a gps 0...

Page 742: ...eceiver so that commands received by that instance should be ignored rather than being treated as invalid commands The at gps command uses this parameter to determine where the GPS messages originate at gps command at gps This command causes messages from the GPS receiver to be sent directly to the ASY port from which the command has been entered This requires that the gpson parameter above is set...

Page 743: ...r Guide 738 Configure GPS support for the GOBI3000 module GOBI3000 module supports the use of the GPS functionality To configure the GOBI3000 module with GPS functionality Configure the GPS init string should be configured with GPS_START command gps 0 init_str GPS_START Set the GPS asy_add parameter to 3 ...

Page 744: ...uide 739 Manage applications This section describes how to manage applications written in the ScriptBasic and Python languages from the web interface and command line Manage ScriptBasic applications 740 Manage Python applications 742 ...

Page 745: ... number of the parameter that appears in the next column You can configure up to 30 parameters It is best to enter the numbers in a consecutive ascending sequence since this is how the parameters will be referred to in any ScriptBasic script Parameter The name of the parameter to create This can be any alphanumeric string Once defined you can reference these parameters by a ScriptBasic script For ...

Page 746: ...4 address 10 1 1 1 enter basic 0 string1 10 1 1 1 To execute a script from the CLI enter bas myscript sb To kill a running script from the CLI enter Basic 0 kill Entity Instance Parameter Values Equivalent web parameter basic 0 string1 string30 Free form alphanumeric text Parameter basic 0 n a kill Stop bas n a n a Name of ScriptBasic script Run Script ...

Page 747: ...mmer s Guide on www digi com Python Files page To manage Python application files go to Applications Python Python Files This page has the following settings Module search path The search path for Python modules that are not in the default search path Specify multiple locations by separating pathnames with colons such as pymod1 zip python21 zip This causes the interpreter to search for two compres...

Page 748: ...when developing Python scripts pycfg files Displays the status of any Python files pycfg mem Shows the memory usage for the router pycfg scripts Shows the status of any scripts and change count Entity Instance Parameter Values Equivalent web parameter pycfg 0 modpath valid search path such as mymod py Module search path pycfg 0 stderr2stdout 0 1 0 Off 1 On Redirect the Python output to debug ...

Page 749: ...d connections This section covers how to manage networks and connections the web interface and command line View network interface status 745 Manage connections 785 Manage Telemetry data 793 View and manage the event log 795 Use the Analyser 796 Top Talkers 806 ...

Page 750: ... selected Ethernet interface IP Address The IP address of the Ethernet interface which is either manually configured or assigned via DHCP Mask The mask of the Ethernet interface which is either manually configured or assigned via DHCP DNS Server Secondary DNS Server The primary and secondary DNS Server IP addresses of the Ethernet interface which are either manually configured or assigned via DHCP...

Page 751: ...received on the Ethernet interface Packets Sent The number of packets sent on the Ethernet interface Unicast Packets Received The number of unicast packets received on the Ethernet interface Unicast Packets Sent The number of unicast packets sent on the Ethernet interface Broadcast Packets Received The number of broadcast packets received on the Ethernet interface Broadcast Packets Sent The number...

Page 752: ...sm Flood protection is designed to stop the router from being overwhelmed by the sudden large increase in packets on the Ethernet network Alignment Errors The number of alignment errors that have been detected when receiving an Ethernet packet FCS Errors The number of Ethernet packets that have been received but had an invalid FCS Tx Deferred The Ethernet packets successfully transmitted after bei...

Page 753: ...occurred that are not counted by the other statistics Related CLI commands Command Instance Parameter Equivalent web parameter eth n status Displays the current configuration and status of Ethernet interface n ethstat n n a Displays the statistics for Ethernet interface n at mibclr eth n stats n a n a Clears the statistics for Ethernet interface n ...

Page 754: ...Down Channel Mode The Wi Fi channel mode in use The possible values for this parameter are A A N A N AC B G B G N Channel The Wi Fi channel in use Bytes Received The number of bytes received on the Wi Fi interface Bytes Sent The number of bytes sent on the Wi Fi interface Packets Received The number of packets received on the Wi Fi interface Packets Sent The number of packets sent on the Wi Fi int...

Page 755: ...ddress of the connected Wi Fi client Wi Fi Node The Wi Fi node on the router the client is connected to RSSI The signal strength experienced by the Wi Fi client Flags The state information for the Wi Fi client connection Power Save The current power saving state of the Wi Fi client The possible values are Awake and Sleep Neg Rates Mbps The transmission rates that have been negotiated with the Wi F...

Page 756: ...e router is connected to Wi Fi Node The Wi Fi node that for connecting to the Access Point RSSI The signal strength experienced by the router when connected to the Wi Fi Access Point Flags The state information for the Wi Fi Access Point connection Power Save The current power saving state of the router The possible values are Awake and Sleep Neg Rates Mbps The transmission rates that have been ne...

Page 757: ... status Digi TransPort WR Routers User Guide 752 Related CLI commands Command Options Parameter Equivalent web parameter wificonn n a Displays the Wi Fi connection table wificonn x cscan Performs wifi network scan wifistat n a Displays the Wi Fi statistics ...

Page 758: ... networks and connections View network interface status Digi TransPort WR Routers User Guide 753 Mobile interfaces The Mobile status page displays the current mobile connection network and module information ...

Page 759: ...entifier CI Signal Strength The signal strength in dBm being received by the mobile module The range is 113dBm min to 51dBm max The signal strength bars should match the Signal Strength LEDs on the front of the router Signal Quality A measure of the signal level of the cellular network measured in dB Connection type Cellular connection type Mobile Statistics IP Address The IP address of the mobile...

Page 760: ...uired SIM PUK SIM blocked unblocking code required ERROR SIM is not installed or is faulty Signal strength The signal strength in dBm being received by the mobile module The range is 113dBm min to 51dBm max The signal strength bars should match the Signal Strength LEDs on the front of the router Radio technology The current network technology in use It may be one of the following GSM GPRS EDGE UMT...

Page 761: ...IMSI of the mobile module ICCID This field specifies Integrated Circuit Card Identifier ICCID of the SIM card Firmware This specifies firmware running on mobile module Bootcode This field specifies bootcode firmware running on the mobile module Hardware version The hardware version of the mobile module GPRS Attachment Status This is the current status of the mobile module with respect to the Mobil...

Page 762: ...rks the Mobile Information can have the following items Network The current network reported by the mobile module Signal strength 1xRTT The signal strength in dBm being received by the mobile module from 1xRTT networks Signal strength EVDO The signal strength in dBm being received by the mobile module from EVDO networks Manufacturer The manufacturer of the mobile module Model The model of the mobi...

Page 763: ... hardware version of the mobile module Registration State See Registration Status Roaming status The current roaming status of the mobile module Radio interfaces in use It can be one of the following CDMA 1x EVDO No service Unknown PRL version The version of the Preferred Roaming List PRL loaded on the mobile module Activation status The activation state of the mobile module It can be of the follo...

Page 764: ...ommands Command Option Equivalent web parameter modemstat Mobile Information modemstat s Scan for Networks pppstat n Mobile Statistics where n is the PPP interface the mobile interface uses at mibs ppp n stats n Displays the current interface statistics at mibclr ppp n stats n Clears the current interface statistics ...

Page 765: ... displays the current status and statistics of the DSL interface Modem Status The current status of the DSL modem On the DR64 platform the values can be one of the following Idle Activating Ghs Training Up Link Uptime The amount of time the modem has been in the Up state Firmware Version The version of the firmware running on DSL modem ...

Page 766: ...ative capacity is the percentage of your overall available bandwidth fir obtaining your ATM service rate Attenuation The current attenuation in decibels on the downstream and upstream DSL channels Attenuation is the measure of how much the signal has degraded between the DSLAM and the DSL modem The lower the attenuation the better the performance will be Noise Margin The current noise margin in de...

Page 767: ...number of Severely Errored Frame SEF errors that have occurred downstream and upstream Corrected Blocks The number of blocks received and corrected by the forward error correction FEC code Uncorrected Blocks The number of blocks that were received and could not be corrected by the forward error correction FEC code Overrun Cells The number of cells lost because of overrun errors Idle Cells The numb...

Page 768: ...he GRE interface is up Lower Layer Down The GRE interface has keepalives enabled but is not getting any response from the configured destination IP Address The configured IP address for the GRE interface Mask The configured IP subnet mask for the GRE interface Source The configured source IP address or interface of the GRE interface Destination The configured destination IP address or domain name ...

Page 769: ...ce Rx Errors The number of receive errors that have occurred on the GRE interface These can include the received being an invalid GRE packet Tx Errors The number of transmit errors that have occurred on the GRE interface These can include an internal error due to no packet buffers being available Rx Unknown The number of packets that have been received with an unknown IP protocol and have been dro...

Page 770: ... data channels action The Action column will only appear when the associated channel becomes active Status The status of each channel The status is either ON or OFF Protocol The protocol in use by the channel This should be as set up in the configuration procedure For D channels this will be LAPD If the associated channel is not active this entry will be blank Action When the link becomes active a...

Page 771: ...ddress assigned to the interface Mask The subnet mask in use by the interface DNS Server The IP address of the DNS server in use by the interface Bytes Received The number of bytes received by the interface Bytes Sent The number of bytes sent by the interface LCP Packets Received The number of Link Control Protocol LCP packets received LCP Packets Sent The number of LCP packets sent by the interfa...

Page 772: ...ansmit but were found to contain an error Refresh Clicking this button causes the status page to be refreshed with the updated statistics Clear PPP n Statistics Clicking this button causes the statistics to be reset to 0 Related CLI commands The CLI commands are the same as for other interfaces and are described in the PPP status section The command to display the PPP status is pppstat n where n i...

Page 773: ...eived data being dropped Tx Underruns The number of transmit underruns that have occurred on the serial interface A transmit underrun occurs when there is not enough data available when it is about to be transmitted Breaks Received The number of times a break signal has been received Framing Errors Received The number of framing errors detected when receiving data on the serial interface Parity Er...

Page 774: ...of the selected PPP interface Name The name assigned to the PPP interface Uptime The amount of time the PPP interface has been up MRU The maximum receive unit MRU that has been negotiated by each peer on the PPP connection Command Instance Parameter Equivalent web parameter at mibs asy n n a n a Displays the statistics for serial interface n at mibclr asy n n a n a Clears the statistics for serial...

Page 775: ...dary DNS Server IP Address The primary and secondary DNS server IP addresses the PPP interface is using Outgoing Call To If this is dial out PPP interface this is the number for making the call Total Data Transferred The total amount of data bytes received and transmitted on the PPP interface including PPP headers and payload Total Up Time Today The total amount of time in minutes the PPP interfac...

Page 776: ...ived on the PPP interface BACP Packets Sent The number of Bandwidth Allocation Control Protocol BACP packets sent on the PPP interface BAP Packets Received The number of Bandwidth Allocation Protocol BAP packets received on the PPP interface BAP Packets Sent The number of Bandwidth Allocation Protocol BAP packets sent on the PPP interface Unknown Packets Received The number of packets received wit...

Page 777: ...ansaction Time The longest response time in milliseconds for a PPP transaction Average Transaction Time The average response time in milliseconds for the successful PPP transactions Route OOS Count The number of Route Out Of Service messages sent by the firewall to the routing code These messages put routes out of service for a period of time and are sent when enough failed PPP transactions have o...

Page 778: ...lt routes when no other route matches the destination IP address of an IP packet Src Addr When source address routing in use to use the route the Src Addr value must match the source IP address of an IP packet Gateway The IP address of the next router to which the IP packet will be routed to reach the destination network On PPP and TUN interfaces and ETH interfaces that have the gateway configured...

Page 779: ...to the router Remote The route is for a remote network accessed via a PPP connection Static The route is a static route Static RIP The route is a static route that has been updated by RIP RIP The route is a RIP route IBGP The route is an interior BGP route EBGP The route is an exterior BGP route OSPF The route is an OSPF route Setting Description UP The route is up and is ready for use in routing ...

Page 780: ...Pv4 routing table changes such as a route is added deleted or modified all entries in the IP hash table are flushed out To flush the IP hash table manually click the Flush button If there is no use of the table for 10 seconds the router deletes entries in the IP hash table Src IP Address The source IP address of the routed IP packet Src Port The source TCP UDP port of the routed IP packet If the I...

Page 781: ...rs User Guide 776 Age The age in seconds of the entry in the IP hash table Idx The index in the IP hash table of the entry Usage The number of times the entry was used Related CLI commands Command Options Action route hash Displays the IP hash table route flush Flushes the IP hash table ...

Page 782: ...P Address The source IP address of the modified IP packet Dest IP Address The destination IP address of the modified IP packet IP Protocol The IP protocol field of the modified IP packet Src Port The source TCP UDP port of the modified IP packet For ICMP packets this defines the ICMP Echo identifier value NAPT Port The new destination TCP UDP of the modified IP packet For ICMP packets this defines...

Page 783: ...ts The number of packets that have matched a stateful rule Undersized Packets The number of packets received by the firewall that are too small Oversized Packets The number of packets received by the firewall that are too large Return TCP RST The number of times the firewall has returned a TCP Reset packet Return ICMP The number of times the firewall has returned an ICMP packet Stateful rule short...

Page 784: ...y to live When this reaches 0 the entry is removed from the table Hits The number of times an IP packet has been matched against the firewall rule Direction The direction of the IP packets that match the firewall rule Src IP Addr The source IP address of the IP packets that match the firewall rule Src Port The source TCP UDP port of the IP packets that match the firewall rule Dest IP Addr The dest...

Page 785: ...address of the IP packets Trans Dest Port If the firewall is configured to modify such as NAPT the destination TCP UDP port of the IP packets that match the firewall this defines the new destination TCP UDP port of the IP packets Protocol The IP protocol of the IP packets that match the entry Interface The interface over which the IP packets that match the entry are sent or received Related CLI co...

Page 786: ...34 133 21 ID 35372 TTL 136 PROTO TCP 6 Src Port FTP CTL 21 Dst Port 16794 block log break end Next is the time stamp of the blocked packet 5 10 2009 23 12 08 FW LOG Dir IN Line 37 Hits 4730 IFACE ETH 3 Source IP 222 45 112 59 Dest IP 217 34 133 21 ID 256 TTL 106 PROTO TCP 6 Src Port 12200 Dst Port 8118 Dir is the direction of the packet that was logged either IN or OUT of the router Line is the li...

Page 787: ...hich the IP address has been assigned Lease time left mins The length of time in minutes the IP address lease is valid for After this time the DHCP client will need to renew its IP address Mac Address The MAC address Related CLI commands Command Options Action type fwlog txt n a Displays the current Firewall trace Entity Instance Parameter Action dhcp 0 status Displays the current status of the DH...

Page 788: ...le Hostname The hostname that has been resolved IP Address The IP address of the hostname TTL The time to live in seconds for the DNS entry When the TTL reaches 0 the entry is deleted Related CLI commands Entity Instance Parameter Action dns 0 status Displays the current status of the DNS table dns 0 clear Deletes all the entries in the DNS table ...

Page 789: ... Service QoS status table for a particular interface Priority Q The priority queue in the table TX rate kbps The current transmit rate in kbps of the queue Limit The current transmit rate limit in kbps of the queue Weighted Q length The weighted queue length using the Weighted Random Early Discard WRED algorithm Q length The number of packets on the queue ...

Page 790: ...t status of the TCP sockets on the router The router has two types of sockets TCP Sockets ID The TCP socket identifier SID An internal socket identifier State The current state of the socket Local IP Addr The IP address on the router in use for the TCP connection Socket type Use TCP Sockets Reserved for WEB and FTP connections General Purpose Sockets Any application for TCP connections can use thi...

Page 791: ...address of the remote device that has the TCP connection to the router Remote Port The TCP port in use by the connected remote device SYNs Waiting The number of TCP SYN packets that are currently being processed by the router s Free SYN entries The number of entries available to process an incoming TCP SYN packet Related CLI commands Command Options Action socks None Displays the current status of...

Page 792: ... software task that created the socket Protocol The protocol in use by the socket Mode The mode of operation of the socket State The current state of the socket Local Port The port of the router that in use by the socket Remote IP Addr The IP address of the remote device that has a TCP connection with the socket Remote Port The TCP port in use by the remote device ...

Page 793: ...connection is closed Total Number of Sockets The total number of general purpose sockets available on the router Number of Free Sockets The number of free general purpose sockets available on the router Related CLI commands Command Options Action gpstat None Displays the current status of the general purpose sockets gpstat close ID Closes the GP Socket connection with the ID number specified ...

Page 794: ...ing the data in the IPsec tunnel Peer IP The IP address of the remote device that is the other end of the IPsec tunnel Local Network The local IP network of the IPsec tunnel that is connected to the router Remote Network The remote IP network of the IPsec tunnel that is connected to the remote device First Rem IP Last Rem IP For IPsec tunnels that have been negotiated using IKEv2 this is the range...

Page 795: ... Left The time left in seconds before the time duration limit is reached The time duration is negotiated between the router and the remote device Interface The interface over which the IPsec tunnel operates Related CLI commands Command Options Description sastat dyn Displays the current status of all of the IPsecs tunnels You can use the optional dyn parameter to display the status of the dynamic ...

Page 796: ...list of remote devices that have successfully negotiated an IPsec tunnel with the router Peer IP Address The IP address of the remote device Our ID The ID of the router Peer ID The ID of the remote device Dead Peer Detection DPD The DPD status and the time until the next DPD request NATT Local Port The local NAT Traversal port NATT Remote Port The remote NAT Traversal port ...

Page 797: ...ID The ID of the router Peer ID The ID of the remote device with which the IKE SA has been negotiated Peer IP Address The IP address of the remote device Our IP Address The IP address the router uses to negotiate the IKE SA Time Left The time remaining in seconds for the IKE SA to remain in force Session ID The ID of the IKE SA Internal ID An internal identifier for the IKE SA ...

Page 798: ... Latitude The current latitude contained in the last GGA GLL or RMC message from the GPS module No of Satellites The current number of satellites in use as indicated in the last GGA message from the GPS module Type of fix The current fix status as indicated in the last GGA GLL or RMC message followed by the type of fix such as 2D 3D or no fix as indicated in the last GSA message UTC The current UT...

Page 799: ...rom the GPS module Integrity The current data integrity as indicated in the last RMC message from the GPS module It can be either Valid or Not Valid IP Connections The current IP address port number connection type and status of the IP connections Related CLI commands Command Options Action at mibs gps 0 stats Displays the current status of the GPS receiver ...

Page 800: ...a single line containing the date time and a brief description of the event In some case it may also identify The type number of the protocol instance the generated the message such as PPP 0 A reason code Additional information such as an X 25 address or ISDN telephone number The specific events that generate a log entry are pre defined and cannot be altered although the text and priority of each ...

Page 801: ...he maximum size is reached the oldest captured data packets are overwritten when new packets are captured The maximum value is 180Kb but the data is compressed so more than 180Kb of trace data will be captured Protocol layers The check boxes under this heading specify which protocol layers are captured and included in the Analyser trace You can choose to capture Layer 1 physical PPP Layer 2 Layer ...

Page 802: ... over which packets are captured and included in the Analyser trace DSL PVC Sources Selects the ADSL ATM PVCs over which packets are captured and included in the Analyser trace PPP Interfaces Selects the PPP interfaces over which packets are captured and included in the Analyser trace IP Sources Selects the IP sources over which packets are captured and included in the Analyser trace These sources...

Page 803: ...bers The format of this parameter is a comma separated list of protocol numbers For example suppose you want to exclude the capture of TCP traffic that would otherwise swamp the data of interest To do this enter 6 for this parameter Conversely to capture traffic with a specific IP protocol number only use a tilde symbol before the list of protocol numbers For example to only capture UDP traffic en...

Page 804: ...le SNAIP trace ana 0 lapdon 0 7 See below ISDN Sources ana 0 lapbon 0 7 See below LAPB Links ana 0 asyon Bitmap See below Serial Interfaces ana 0 syon Bitmap See below Raw SYNC Sources ana 0 discardson on off IP Options Trace discarded packets ana 0 loopon on off IP Options Trace loopback packets ana 0 ipfilt Comma separated list IP Packet Filters TCP UDP Ports ana 0 ipprotfilt Comma separated lis...

Page 805: ...thanon on off Ethernet Interfaces eth n ipanon on off IP Sources ovpn n ipanon on off IP Sources ppp n ipanon on off IP Sources ppp n pppanon on off PPP Interfaces tun n ipanon on off GRE IP Sources tun n tunanon on off GRE Tunnel Interfaces Entity Instance Parameter Values Equivalent web parameter ...

Page 806: ...ld that lowbufcmd uses ana 0 lowmsgcmd Command String Run this command when the number of free system messages match lowmsglvel ana 0 lowmsglev Integer Displays the free system message threshold that lowmsgcmd uses ana 0 logdrive String Specifies analternatefilesystemdrive on which to store the Analyser trace To use an external USB flash device this should be set to u If the router has an internal...

Page 807: ...LAPD0 Value OFF OFF OFF 0 OFF OFF ON 1 OFF ON OFF 2 OFF ON ON 3 ON OFF OFF 4 ON OFF ON 5 ON ON OFF 6 ON ON ON 7 LAPD1 LAPD0 Value OFF OFF 0 OFF ON 1 ON OFF 2 ON ON 3 Interface Value Serial 0 1 Serial 1 2 Serial 2 4 Serial 3 8 Serial 4 16 Serial 5 32 Serial 6 64 Serial 7 128 Serial 8 256 Serial 9 512 Serial 10 1024 Serial 11 2048 Serial 12 4096 ...

Page 808: ...ces 2 and 3 the value should be 12 4 8 The number of serial interfaces can vary on different depending on which hardware and software options are available Raw Sync Interfaces To enable the Analyser on multiple serial interfaces add the appropriate values together For example to enable the Analyser on Physical Ports 0 and 1 the value should 24 8 16 Interface Value ISDN D 1 ISDN B1 2 ISDN B2 4 Phys...

Page 809: ...WR Routers User Guide 804 Display Analyser trace Management Analyser Trace displays the current Analyser trace Related CLI commands Command Options Action type ana txt None Displays the contents of the event log ana 0 anaclr None Clears the contents of the event log ...

Page 810: ...ose network protocol issues with relative ease There are several PCAP files available to download Each file contains a different set of captured packets Wireshark is free software To download go to http www wireshark org Following is an example of Analyzer traffic output viewed in Wireshark Option PCAP File Contents IP anaip pcap IP traffic captured from all enabled IP sources Ethernet anaeth pcap...

Page 811: ... block particular IP traffic flows to stop them from using bandwidth The Management Top Talkers page has the following menu options Top Talkers settings Management Top Talkers Settings displays the current settings for the Top Talkers monitor Ethernet Interfaces Selects the Ethernet interfaces Top Talkers will monitor PPP Interfaces Selects the PPP interfaces Top Talkers will monitor Related CLI c...

Page 812: ...Manage networks and connections Top Talkers Digi TransPort WR Routers User Guide 807 Display Top Talkers trace Management Top Talkers Trace displays the current top talkers trace For example ...

Page 813: ...Manage networks and connections Top Talkers Digi TransPort WR Routers User Guide 808 ...

Page 814: ...Manage networks and connections Top Talkers Digi TransPort WR Routers User Guide 809 ...

Page 815: ...Manage networks and connections Top Talkers Digi TransPort WR Routers User Guide 810 ...

Page 816: ...Manage networks and connections Top Talkers Digi TransPort WR Routers User Guide 811 ...

Page 817: ...Manage networks and connections Top Talkers Digi TransPort WR Routers User Guide 812 ...

Page 818: ...Manage networks and connections Top Talkers Digi TransPort WR Routers User Guide 813 ...

Page 819: ...describes how to perform those device administration tasks from the web interace and command line View system information 809 Manage files 812 Manage X 509 certificates and host key pairs 828 Update firmware 838 Reset the router to factory defaults 839 Execute a command 841 Save configuration settings to a file 842 Reboot the router 843 ...

Page 820: ...r Ethernet 0 MAC Address The MAC address of the Ethernet 0 interface Firmware Version The firmware version that is currently running on the router SBIOS Version The SBIOS firmware version that is currently running on the router Build Version The build configuration of the firmware that is currently running on the router HW Version The hardware version on the router This item may be blank CPU Utili...

Page 821: ... the router Used Memory The amount of RAM that is currently in use on the router Free Memory The amount of RAM that is currently free on the router Mobile Module Which mobile module is fitted on the router SW Opts Which firmware options are enabled on the router SW Cnts Configuration parameters in use by firmware Switch Mode The current setting of the Ethernet switch on routers with multiple Ether...

Page 822: ...LI commands Command Options Equivalent web parameter ati5 n a Model Firmware Version SBIOS Version Build Version Mobile Module SW Opts hw n a Part Number Ethernet 0 MAC Address HW Version cpu n a CPU Utilization uptime n a Up Time time n a Date and Time mem n a Total Memory Used Memory Free Memory ...

Page 823: ...nd settings are stored in one of two CONFIG files AT command and S register settings are stored in one file named SREGS DAT Filename Description ana txt Pseudo file for Protocol Analyser output config da0 Data file containing Config 0 settings direct File directory eventlog txt Pseudo file for Event Log output fw txt Firewall script file fwstat txt Firewall script status file image Main system ima...

Page 824: ...s dat file A combined set of AT command and S register settings are called a profile Two such profiles profile 0 and profile 1 can be stored for each ASY port in a file called sregs dat To save the file use the Save Profile button on the relevant Configuration Network Interfaces Serial Serial Port n web page or use the AT W command Saving the settings for one ASY port does not save the settings fo...

Page 825: ...rd is changed from default and the configuration is saved The router then removes encrypted versions of the default passwords from the config da0 file and instead creates and uses a new pwds da0 file If you delete a pwds da0 file all remote access to the router that requires authentication will fail In such a case you will need a serial cable connection to re configure passwords to gain access to ...

Page 826: ... 8 characters followed by the separator and a 3 character extension The filing system stores the system software web pages configuration information and statistics in a single root directory Files appear as hyperlinks which can be downloaded and displayed in the web browser as long an appropriate viewer is installed and a file association with the viewer has been made The directory listing of file...

Page 827: ...ch read write file for deletion File The name of the file in the flash file system Size bytes The size of the file in bytes This is not a fixed value When downloaded the size of the downloaded file will be different Access This is the access settings for the file Last Modified The date and time of when the file was last modified Delete Selected Files button Deletes the selected files Related CLI c...

Page 828: ...he active web file The web file is shown on the FLASH file system as a single file This file is compressed and holds approximately 300 files Direct access to these files by an engineer is not normally required File The name of the file in web file Size Bytes The size of the file in bytes Compressed Size Bytes The compressed size of the file in bytes ...

Page 829: ...tor you can edit text files on the router Filename The name of the file to edit In this field you can create a new file by typing in the filename and clicking on the Save File button Load File Load the file specified in the Filename field into the editor box Save File Save the file to the flash file system ...

Page 830: ...n existing file newfilename The name of the new copy that will be created del command Delete a file The del command deletes files from the filing system The format is del filename filename The name of an existing file You can also use wild cards in the filename in order to delete several files at once The character can represent one or more characters in the filename For example del fw txt will de...

Page 831: ...a particular file operation has been carried out You can also use wildcards with the dir command in order to narrow your search The character can represent one or more characters in the filename For example dir fw txt will list only the fw txt and fwstat txt files if they are present on the TransPort flock command Lock files The flock command prevents any further writing to the FLASH memory This m...

Page 832: ...ormat is type filename For example type config da0 CFG config last_saved 12 04 45 31 Jan 2011 config last_saved_changes 1 config last_saved_user ASY 0 eth 0 descr LAN 0 eth 0 IPaddr 10 1 51 3 eth 0 mask 255 255 0 0 eth 0 bridge ON eth 1 descr LAN 1 eth 2 descr LAN 2 eth 3 descr LAN 3 eth 4 descr ATM PVC 0 xmodem command Initiate an XMODEM file upload The xmodem command initiates an XMODEM file upl...

Page 833: ...ard is s To access the SD memory using an FTP client the subdirectory assigned is sdmmc You can use the SD card in the same way as USB MSDs The SD card is internal and cannot be removed Batch control commands Batch files can contain one of the following two control lines ERROR_EXIT or ERROR_RUN ERROR_EXIT causes any commands run after that point in the file to terminate the batch file if that comm...

Page 834: ...lable from firmware version 4891 onwards The TransPort firmware can be upgraded using the USB storage device To perform an upgrade 1 Create a simple batch file named pb2 bat 2 Place the relevant firmware upgrade files into the root directory of the USB storage device 3 Insert the USB device into the TransPort router 4 Press the reset button twice The firmware upgrade will begin You will see output...

Page 835: ...ere to the 8 3 filename convention owing to limits of the FAT file system or the process will fail USB security To prevent unauthorized access to a TransPort router using a USB storage device such as inserting a USB storage device with an autoexec bat file designed to copy usernames and passwords etc there are several commands available 1 Use the usbcon command to define an access key If the bat f...

Page 836: ...ple To disable a Flash Stick on the top port only usbcon 0 dislist usb 2 2 MSD To use wildcards to disable flash devices entirely usbcon 0 dislist usb MSD This will match on ALL MSD devices even if in another HUB To disable both external USB ports on a DR64x0 enter the following commands usbcon 0 dislist usb 1 2 usb 2 2 or usbcon 0 dislist usb 2 The final 2 is important in both cases Otherwise the...

Page 837: ...ic hardware type or firmware version The tag values you can use are The base model for example DR6410 The complete model for example DR6410 H0A The platform build string for example 8W The type of DSL for example DSL2 2 The type of WWAN module detected for example E Edge C CDMA The complete WWAN module string for example MOTO_G24 SIEMENS_GPRS SIEMENS_MC75 NOVATEL_3G SIERRA_3G OPTION_3G NOVATEL_CDM...

Page 838: ...e below the info_asy_add parameters are for illustration purposes only and are not the actual ASY port numbers in use DR6410 H0A Start of DR6410 H0A config NOVATEL_3G Start of Novatel specific config modemcc 0 asy_add 7 modemcc 0 info_asy_add 8 End of Novatel specific config NOVATEL_3G OPTION_3G Start of Option specific config modemcc 0 asy_add 7 modemcc 0 info_asy_add 9 End of Option specific con...

Page 839: ...ties digital certificates issued by the CA contain a public key The certificate also contains information about the individual or organization to which the public key belongs A CA verifies digital certificate applicant s credentials The CA certificate allows verification of digital certificates and the information contained therein issued by that CA Installed Certificate Authority Certificates Thi...

Page 840: ...erver is listening If the port is 0 the router uses default port of 80 Path The path on the server to the SCEP application The path can either be entered manually if known or select from cgi bin or Microsoft SCEP from the drop down list Application The SCEP application running on the server CA identifier The identifier for the CA server The CA identifier to use to identify a particular CA when mul...

Page 841: ...ls with other routers and support SSH and HTTPS connections For more information on using certificates with the router See the Application Note 22 IPSec VPN tunnel between two Digi Routers using Certificates and SCEP available at www digi com Installed certificates This table lists the current certificates that have been installed onto the router It is possible to view the contents of each certifi...

Page 842: ...ny aging certificates are re enrolled SCEP Server IP address The IP address of the SCEP server CA server Port The port on which the SCEP server is listening If the port is 0 the router uses the default port of 80 Path The path on the server to the SCEP application You can either enter your own path or select from cgi bin or Microsoft SCEP from the drop down list Application The SCEP application ru...

Page 843: ...critical Digital Signature Non Repudiation If a CA signature certificate has been installed by the CA you wish to use for the certificate request enter the CA signature certificate If no CA signature certificate has been installed for the CA leave this file blank RSA Private key Selects either using an existing private key or generating a private key for each certificate request Private key filena...

Page 844: ...r is located Organisation O The company to whom the router belongs to Organisational unit OU The company department maintaining the router E mail An appropriate email address of a contact for the router Unstructured name This parameter is optional It can contain some descriptive to help identify the certificate Digest Algorithm The digest algorithm MD5 or SHA1 when signing the certificate request ...

Page 845: ...pem To generate a 512 bit private key named private pem and a certificate request named certreq pem using that file enter creq new b512 kprivate pem ocertreq pem Entity Instance Parameter Values Equivalent web parameter scep 0 host IP Address SCEP Server IP address scep 0 port 0 65535 Port scep 0 path String Path scep 0 app String Application scep 0 caident String CA Identifier scep 0 cafile Filen...

Page 846: ... 835 Key files In the Key files section you can upload RSA key files Upload File Use the Choose File button to browse for and select the file to upload Filename The name of the RSA key file to upload Passphrase Confirm Passphrase The passphrase for the RSA key file Upload button Uploads the RSA key file ...

Page 847: ...ows Key filename A name for the private key The filename must be prefixed with priv and have a pem extension Key size The size of the private key in bits The larger the key the more secure the connection But also the larger the key the slower the connection The key size can be one of the following 384 512 768 1024 1536 2048 Save in SSHv1 format If enabled generates the private key in SSH version 1...

Page 848: ...nter genkey 1024 privkey pem Command output is OK Starting 1024 bit key generation Please wait This may take some time Key generated saving to FLASH file privkey pem Closing file Private key file created All tasks completed Private key files Splitting certificates For increased security you can split the private key file between the router flash and an USB memory stick Once a private key has been ...

Page 849: ...C before starting the firmware update CAUTION Do not remove the power from the router while an update is in progress as it can corrupt the router s flash file system and might leave the router unable to boot up Do not navigate away from the Update Firmware page while an update is in progress as that action can cause the update to abort prematurely Model The model of the router Firmware Version The...

Page 850: ...he router before the configuration changes take effect Keep network settings Preserves certain network settings and does not revert them back to the factory defaults Network settings that are preserved are Ethernet 0 IP address Ethernet 0 Mask Ethernet 0 Gateway Ethernet 0 DHCP Client Ethernet 0 DNS Server Default Route 0 Interface PPP 1 Username PPP 1 Password PPP 3 Username PPP 3 Password Mobile...

Page 851: ...work settings Reset the router using the hardware reset button Most routers have a reset button on the underside of the router To perform a factory reset on the router press and hold the reset button for 5 seconds When the reset is initiated in this manner the LEDs on the front of the router flash to indicate a reset is in progress The router automatically reboots once the factory reset is complet...

Page 852: ...d On the Administration Execute a Command page you can enter TransPort CLI commands from the web interface You can enter almost all of the CLI commands mentioned in this User Guide Enter the command name and click the Execute button The command output is displayed as shown in the following example ...

Page 853: ...cated in the selection box The default power up profile is profile 0 Save All button The Save All button saves the router s entire configuration This operation Saves the current configuration parameters to the file config da0 or config da1 The default power up profile is profile 0 da0 profile 0 da1 profile 1 Saves the ciphered versions of the passwords to the file pwds da0 or pwds da1 file Saves t...

Page 854: ...sockets are closed PPP interfaces are disconnected Immediately Causes the router to reboot after a few seconds The router cleanly terminates any TCP and VPN connections before rebooting In h hrs m mins s secs Schedules a reboot to occur after the configured period of time To cancel a scheduled reboot enter the reboot cancel command from the command line Reboot button Reboots the router or sets the...

Page 855: ...Device administration Reboot the router Digi TransPort WR Routers User Guide 844 ...

Page 856: ...esandprocessesavailablefortroubleshootingyourDigi TransPort device and covers resolution of several common issues Troubleshooting Resources 845 Download the debug txt file 846 Cannot open the web interface 847 Cannot log into the web interface 847 Troubleshoot the LTE MIMO antenna orientation 847 ...

Page 857: ...t knowledge base Digi TransPort support documents If the knowledge base or support forums do not have the information you need fill out an Online Support Request via https mydigi secure force com customers You will need to create a user account if one is not already set up When submitting a support request please include a copy of the debug txt file from the device s flash This will greatly improv...

Page 858: ...router s IP address to connect to the web interface 2 Navigate to Administration File Management FLASH Directory 3 Scroll to the debug txt file It is usually near the end of the file list 4 Right click on debug txt and choose the available option on your operating system to save the file such as Save link as 5 Once debug txt is downloaded send it to Digi Technical Support as file attachment ...

Page 859: ...ress of 192 168 1 1 The Digi Device Discovery Utility can usually discover the device on a network unless your system s firewall is enabled Check the PC s IP configuration Make sure it is set to obtain an IP address automatically If not configure it to automatically obtain the IP address Refresh the PC s IP settings by opening a command window and entering the commands ipconfig release and ipconfi...

Page 860: ...gue Front End AH Authentication Header AIS Alarm Indication Signal AODI Always On Dynamic ISDN APACS Association of Payment Clearing Services the UK payments association APN Access Point Name ATM Asynchronous Transfer Mode or Automatic Teller Machine ARFCN Absolute Radio Frequency Channel Number B BACP Bandwidth Allocation and Control Protocol BAP Bandwidth Allocation Protocol BCC Base station Col...

Page 861: ...Distinguished Encoding Rules DES Data Encryption Standard DHCP Dynamic Host Configuration Protocol DLSw Data Link Switching DNS Domain Name Server DPD Dead Peer Detection DSCP Differentiated Services Code Point DSL Digital Subscriber Line DTE Data Terminal Equipment DUN Dial Up Networking E EDGE Enhanced Data GSM Environment ESP Encapsulating Security Payload protocol F FC Frame Check Sequence FEC...

Page 862: ... Management Protocol IGP Interior Gateway Protocol IKE Internet Key Exchange IMEI International Mobile Equipment Identification IMSI International Mobile Subscriber Identity IP Internet Protocol IPCP Internet Protocol Control Protocol IPSec Internet Protocol Security ISAKMP Internet Security Association and Key Management Protocol ISDN Integrated Services Digital Network L L2TP Layer 2 Tunnelling ...

Page 863: ...icrosoft Point to Point Encryption MRU Maximum Receive Unit MSN Multiple Subscriber Number MSS Maximum Segment Size MTU Maximum Transmit Unit N NAPT Network Address and Port Translation NAS Network Access Server NAT Network Address Translation NCC Network Colour Code NOM Network Operation Mode NUA Network User Address NUI Network User Identifier O OAM Operation Administration and Maintenance OOS O...

Page 864: ...LMN Public Land Mobile Network PPP Point to Point Protocol PPPoA Point to Point Protocol over ATM PPPoE Point to Point Protocol over Ethernet PSDN Packet Switched Data Network PSI Packet System Information PSTN Public Switched Telephone Network PUK Power Up Key PVC Permanent Virtual Circuit Q QOS Quality of Service R RAC Routing Area Code RACH Random Access Channel RADIUS Remote Authentication Dia...

Page 865: ...Protocol SNMP Simple Network Management Protocol SNTP Simple Network Time Protocol SPF Shortest Path First SPI Security Parameters Index SSH Secure Shell SSL Secure Socket Layer SVC Switched Virtual Circuit T TANS TPAD Answering TCH Traffic Channel TCP Transmission Control Protocol TEI Terminal Endpoint Identifier TOS Type of Service TPAD Transaction Packet Assembler Disassembler U UBR Unspecified...

Page 866: ...ssary Digi TransPort WR Routers User Guide 854 W WAN Wide Area Network WCDMA Wide band Code Division Multiple Access WRED Weighted Random Early Dropping W WAN Wireless Wide Area Network X XOT X 25 Over TCP ...

Reviews: