Digi TransPort User Manual Download Page 665

Page: 665 / 813

Firewall configuration

Digi TransPort User Guide

665

Filtering on TCP flags

ip-object

can be followed by an optional

[flags]

field.

[flags]

Allows the script to filter based on any combination of TCP flags. The

[flags]

field is used to

specify the flags to check and consists of the flags keyword followed by a string specifying the

flags themselves. Each letter in this string represents a particular flag type as listed below:

These flag codes allow the filter to check any combination of flags.

Following on from the previous example, to block packets that have all the flags set you would

need to precede the pass rule with the following block rule:

block break end from any to 10.1.2.0/24 port=telnet flags frspua

Here, the list of flags causes the router to check that those flags are set. This list may be

optionally followed by an exclamation mark (

) and a second list of flags that the router should

check for being clear.
For example. the following

[flags]

field tests for the

flag being on and the

flag being off with

all other flags ignored.

flags s!a

As a further example, suppose we want to allow outward connections from a machine on

10.1.2.33

to a Telnet server. We have to define a filter rule to pass outbound connections and the

inbound response packets. Because this is an outbound Telnet service we can make use of the

fact that all incoming packets will have their

ACK

bits set. Only the first packet establishing the

connection will have the

ACK

bit off. The filter rules to do this would look like this:

pass out break end from 10.1.2.33 port>1023 to any port=telnet

pass in break end from any port=telnet to 10.1.2.33 port>1023 flags !a

The first rule allows the outward connections, and the second rule allows the response packets

back in which the

ACK

flag must always be on. This second rule will filter out any packets that do

not have the

ACK

flag on. This will bar any attackers from trying to open connections onto the

private network by simply specifying the source port as the Telnet port. Note that there is a

simpler way to achieve the same effect using the inspect state option, described below.

Code

Flag

FIN Flag

RESET Flag

SYN Flag

PUSH Flag

URG Flag

ACK Flag

Summary of Contents for TransPort

Page 1: ...User Guide Digi TransPort ...

Page 2: ...tive owners 2016 Digi International All rights reserved Revision Date Description A February 2009 Initial Release B February 2009 Added bug fixes C April 2009 Revised with firmware updates D October 2009 Revised with firmware updates E May 2005 Added minor changes F March 2012 Changed default IP address and added temperature monitoring section G May 2012 Updated autosa and ouridtype parameters H A...

Page 3: ...ssistance contact technical support Telephone 8 00 am 5 00 pm U S Central Time 866 765 9885 toll free U S A Canada 801 765 9885 Worldwide Fax 952 912 4952 Online www digi com support eservice Mail Digi International 11001 Bren Road East Minnetonka MN 55343 USA ...

Page 4: ...b interface Log in to the device 101 Log out and return to the login page 103 Accessing the web interface Via a LAN port 103 Configure and test W WAN models from the web interface 104 Signal strength indicators on the Mobile status page 105 Web interface wizards 106 Use the Digi TransPort command line interface About the Digi TransPort command line interface 112 Supported command types 112 Require...

Page 5: ... lease reservations 333 Configure network services Network Services page 334 Network Services parameters 335 Configure DNS servers and Dynamic DNS Configure DNS Servers 338 Configure Dynamic DNS 344 Configure IP routing and forwarding View the TransPort routing table 349 Supported routes 349 IP Routing parameters 352 Static routes 355 Default Route n parameters 361 RIP parameters 368 Interfaces Et...

Page 6: ... FTP relay agents 471 FTP Relay n parameters 472 Advanced FTP Relay parameters 475 Configure IP passthrough About IP passthrough 476 IP Passthrough page configuration parameters 477 Related CLI commands 478 Configure UDP echo About UDP echo 480 UDP Echo n parameters 480 Related CLI commands 481 Configure Quality of Service QoS About Quality of Service Qos 483 Configuring QoS in the web interface 4...

Page 7: ...Time parameters 614 Start parameters 615 NTP parameters 617 General system parameters 621 Configure Remote Manager About Digi Remote Manager 626 Remote Manager parameters 627 SNMP parameters 635 Configure security settings System security settings 645 Users security settings 646 Firewall configuration 651 RADIUS parameters 682 TACACS parameters 687 Advanced security settings 691 Command filters 69...

Page 8: ...ation tasks View system information 766 Manage files 769 Manage X 509 certificates and host key pairs 788 Update firmware 797 Reset the router to factory default settings 798 Execute a command 799 Save configuration settings to a file 800 Reboot the router 801 Troubleshooting Troubleshooting Resources 803 Download the debug txt file 804 Cannot open the web interface 805 Cannot log into the web int...

Page 9: ... sensing auto failure and auto recovery of any line drop Digi TransPort WR routers are ideal for transportation POS energy medical financial and digital signage as well as cellular backup and remote device connectivity applications Digi management solutions provide easy setup configuration and maintenance of large installations of remote Digi TransPort devices Digi Remote Manager offers web based ...

Page 10: ...r router offering the flexibility to scale from basic connectivity applications to enterprise class routing and security solutions With its high performance architecture Digi TransPort WR11 is designed for Wide Area Network connectivity including 2 5G 3G and 4G networks WWAN PRI WWAN SEC SERVICE SIGNAL POWER ...

Page 11: ...connectivity including 2 5G 3G 4G networks Digi TransPort WR21 is available with a range of Ethernet Serial RS232 RS422 485 and Power connector options Digi TransPort WR21 also offers an optional advanced routing security and firewall feature set including stateful inspection firewall and integrated VPN Enterprise class protocols incorporate BGP OSPF and VRRP a patented technology built upon the p...

Page 12: ...er networking with Gobi 4G LTE meaning one device that operates in 2G 3G or 4G across all major North American carriers Ethernet serial and I O for connecting diverse field assets Extremely resilient cellular connection through Digi s patented SureLink VRRP protocol and dualSIM slots Enterprise Routing features for security logging and redundancy e g stateful firewall VPN SNMP no annual enterprise...

Page 13: ... grid assets on third party sites or remote locations This drop in connectivity gives operators a way to reduce the cost of downtime and service calls and also increase revenue by bringing distributed sites online faster The TransPort WR31 is ideal for connecting the following Building and process automation controllers Smart grid assets meters switches controllers IP Cameras and access controller...

Page 14: ...fers an advanced routing security and firewall feature set including stateful inspection firewall and integrated VPN Enterprise class protocols incorporate BGP OSPF and VRRP a patented technology built upon the popular VRRP failover standard providing true auto sensing auto failure and auto recovery of any line drop Digi TransPort WR routers are ideal for transportation and mobile applications Fle...

Page 15: ...ry modules The Digi TransPort family offers an advanced routing security and firewall feature set including stateful inspection firewall and integrated VPN Enterprise class protocols incorporate BGP OSPF and VRRP a patented technology built upon the popular VRRP failover standard providing true auto sensing auto failure and auto recovery of any line drop Digi TransPort WR44 is ideal for transporta...

Page 16: ...TransPort WR44 WR44 R Digi TransPort User Guide 16 Digi TransPort WR routers are available on the following networks Model GPRS EDGE UMTS HSUPA EVDO 1xRTT WR 44 E WR 41 G WR44 U WR44 C WR44 U5 ...

Page 17: ... secure backup connection to the existing railroad network It features a flexible communications design with 3G 4G multicarrier GSM CDMA cellular plus integrated Wi Fi b g n access point serial and 4 port Ethernet switch It also features full on board train certifications including AREMA C H and EN50155 Communications interfaces include hardened connectors including M12 for Ethernet and serial as ...

Page 18: ...tatements and certifications TransPort WR11 hardware on page 19 TransPort WR21 hardware on page 29 TransPort WR31 hardware on page 36 TransPort WR41 hardware on page 50 TransPort WR44 WR44 R hardware on page 60 TransPort WR44 RR hardware on page 71 LTE specifications on page 77 Accessories on page 78 Signal strength indicators on page 79 Regulatory and safety statements on page 85 ...

Page 19: ...TransPort WR11 hardware Digi TransPort User Guide 19 TransPort WR11 hardware TransPort WR11 EVDO model hardware features 1 2 4 3 ...

Page 20: ... and rotated to lock in place 3 LEDs Service LED Indicates the presence and level of cellular service running on the device Off No cellular service 1 Blink Device is running 1xRTT service 2 Blinks Device is running EDVO Rev 0 service 3 Blinks Device is running EDVO Rev A service Signal LED Indicates strength of cellular signal Off Poor or No signal Place the device in a location where it gets a be...

Page 21: ...ower connector connects the device to a power source The connector should be inserted and rotated to lock in place 3 LEDs SERVICE LED Indicates the presence and level of cellular service running on the device Off No cellular service 1 Blink GPRS mode 2 Blinks EDGE mode 3 Blinks UMTS mode 4 Blinks HSDPA mode 5 Blinks HSUPA mode SIGNAL LED Indicates strength of cellular signal Off Poor or No signal ...

Page 22: ... refer to the Quick Start Guide that came with your device Note Toremove the SIM door hold the device on a flat surface and using a screwdriver firmly pull the cover straight up 5 Cellular antenna connector This SMA female connector connects the device s primary cellularantenna 6 SIM Sockets SIM 1 and SIM 2 are for use with the Subscriber Identification Module s SIMs ...

Page 23: ...TransPort WR11 hardware Digi TransPort User Guide 23 TransPort WR11 LTE MIMO hardware features 1 2 WWAN PRI WWAN SEC WWAN PRI WWAN SEC 5 6 7 3 4 ...

Page 24: ...HSDPA mode 5 Blinks HSUPA mode 6 Blinks LTE mode SIGNAL LED Indicates strength of cellular signal Off Poor or No signal Place the device in a location where it gets a better signal Amber Fair Green Good POWER LED Off No power Green TransPort device is powered 4 SIM door Encloses the SIM sockets The SIM door must be opened to install the SIM cards For installation details refer to the Quick Start G...

Page 25: ... 10 100 base T Local Area Network LAN The port is capable of auto sensing for speed and wiring so it can accept both straight through or cross over cable connections 2 Power cord input This locking power connector connects the device to a power source The connector should be inserted and rotated to lock in place 1 2 6 7 4 5 3 ...

Page 26: ...r Green TransPort device is powered 4 SIM door Encloses the SIM sockets The SIM door must be opened to install the SIM cards For installation details refer to the Quick Start Guide that came with your device 5 SIM sockets SIM 1 and SIM 2 are for use with the Subscriber Identification Module s SIMs Insert SIM cards with the notch facing the bottom right corner of the device If you are using one SIM...

Page 27: ... 800 1900 MHz LTE AT T 700 B17 850 B5 AWS1700 B4 1900 B2 LTE Verizon 700 B13 AWS1700 B4 LTE Worldwide 800 B20 1800 B3 2600 B7 Power requirements Power input voltage 5V DC 5 Power 3 5W typical 15W maximum Power connector Locking barrel Environmental Operating temperature 0 C to 40 C required TransPort WR11 XT only 30 to 70 C See also Restricted Access Location notice for TransPort WR11 XT on page 8...

Page 28: ... and A2 2009 Class B EN 61000 3 3 2008 Class B EN 301 489 07 V1 3 1 2005 Class B EN 550024 2010 EN 301 489 07 V1 3 1 2005 Safety EN 60950 1 2006 A1 2010 A11 2009 A12 2011 IEC 60950 1 2005 A1 2009 UL 60950 1 2nd Ed Revised 2011 12 19 CSA C22 2 No 60950 1 07 A1 2011 Mobile certifications GSM AT T PTCRB Mobile certifications EVDO Sprint Verizon Mobile certifications LTE AT T Verizon PTCRB Wireless ca...

Page 29: ...ansmitted or received 4 WWAN Wireless Network LED Indicates the presence and level of cellular service running on the device Off No cellular service 1 Blink GPRS mode 2 Blinks EDGE mode 3 Blinks UMTS mode 4 Blinks HSDPA mode 5 Blinks HSUPA mode 6 Blinks LTE mode 5 SIGNAL LED Indicate strength of cellular signal 3 LEDs Excellent 2 LEDs Good 1 LED Fair 0 LEDs Poor or No signal 6 Reset button Returns...

Page 30: ...mplete its initialization process 2 Press and hold the reset button gently for 5 seconds After this time the router will automatically re boot and display a pattern of alternating LEDs flashing followed by the normal boot sequence CAUTION Do not remove power from the router during this operation as corruption of the flash memory may occur ...

Page 31: ... asynchronous RS232 RS485 optional serial port with optional RS422 485 support which may be which may be used to connect the router to a compatible serial device This is a DCE serial port and allows CLI access to the device by default the baud rate is 115200 For a pinout see TransPort WR21 serial pinout on page 32 5 Power cord input This socket connects the router to a power source using either th...

Page 32: ...L 0 9 30VDC 2A MAX WWAN PRIMARY LAN 1 LAN 0 SERIAL 0 Pin 1 Pin 9 Pin Direction RS232 DCE Description 1 Out DCD Data Carrier Detect 2 Out RXD Receive Data 3 In TXD Transmit Data 4 In DTR Data Terminal Ready 5 N A GND Ground 6 Out DSR Data Set Ready 7 In RTS Ready To Send 8 Out CTS Clear To Send 9 Out RI Ring Indicate ...

Page 33: ...D and RD pair should be connected together The CTS and RTS signals for optional and not normally needed for RS485 Pin Direction RS422 RS485 Description 1 Out CTS Clear ToSend 2 Out RD Receive Data 3 In TD Transmit Data 4 In RTS_B RTS Ready ToSend 5 N A GND Ground 6 Out RD Receive Data 7 In RTS Ready ToSend 8 Out CTS Clear ToSend 9 In TD Transmit ...

Page 34: ...0 1900 MHz HSDPA HSUPA UMTS 850 900 1900 2100 MHz with Rx Diversity CDMA models CDMA EV DO Rev A Dual band 800 1900 MHz with Rx Diversity Optional multi mode GSM EV DO Gobi support 450 MHz 3 1 Mbps down 1 8 Mbps up R UIM support Power requirements Power input 9 30 VDC Power supply 100 240 VAC 50 60 Hz with barrel connector Optional barrel connector with bare wire leads Power consumption 6W 12 VDC ...

Page 35: ...60950 EN60950 Mobile Certifications GSM UMTS R TTE EN 301 511 Mobile Certifications CDMA EV DO CDG TIA EIA 690 CDG TIA EIA 98 E Wireless Carrier Certifications Certified by most major carriers See www digi com for current listing Safety UL 60950 CSA 22 2 No 60950 EN60950 Emissions Immunity CE FCC Part 15 Class B AS NZS CISPR 22 EN55022 Class A Category Specification Value ...

Page 36: ...i TransPort User Guide 36 TransPort WR31 hardware TransPort WR31 hardware features 0 WW AN PR I 9 30 VD C 2A M AX 1 0 WW AN PR I 9 30 VD C 2A M AX 2 0 WW AN PR I 9 30 VD C 2A M AX 1 3 5 6 7 WWAN PRI 9 30VDC 2A MAX 9 8 12 11 10 4 ...

Page 37: ...ous location 6 Serial connector This DB9 port provides an asynchronous RS232 RS485 optional serial port with optional RS422 485 support which may be which may be used to connect the router to a compatible serial device This is a DCE serial port and allows CLI access to the device by default the default serial baud rate is 115200 For a pinout see TransPort WR31 serial pinout on page 39 7 Power conn...

Page 38: ...on For more information and wiring diagrams see TransPort WR31 digital and analog inputs and outputs on page 41 TransPort WR31 mounting options The TransPort WR31 can be mounted on a DIN rail directly to a wall or in a NEMA enclosure For wall mounting or NEMA enclosure installation purchase the TransPort WR31 Wall Mount Bracket Digi part number 76000963 and NEMA enclosure equipment such as the NEM...

Page 39: ...TransPort WR31 hardware Digi TransPort User Guide 39 TransPort WR31 serial pinout WWAN PRI 9 30VDC 2A MAX Pin 1 Pin 9 ...

Page 40: ...irection RS232 DCE Description 1 Out DCD Data Carrier Detect 2 Out RXD Receive Data 3 In TXD Transmit Data 4 In DTR Data Terminal Ready 5 N A GND Ground 6 Out DSR Data Set Ready 7 In RTS Ready To Send 8 Out CTS Clear To Send 9 Out RI Ring Indicate Pin Direction RS422 RS485 Description 1 Out CTS Clear ToSend 2 Out RD Receive Data 3 In TD Transmit Data 4 In RTS_B RTS Ready ToSend 5 N A GND Ground 6 ...

Page 41: ...tor with two digital input output connections and a single analog input connection I O connector pin assignments The following figure and table shows the I O connector pin assignments and the signals for each pin Pin Symbol Description 5 AIN0 Analog Input 0 4 AGND Analog Return 3 DIO0 Digital I O 0 2 GND Digital Return 1 DIO1 Digital I O 1 Pin 5 Pin 1 ...

Page 42: ...entative circuit TransPort WR31 analog input representative circuit WR31_3v3 PullͲup Enable Signal Digital Output Enable Digital Input DIGITAL INPUT DIGITAL RETURN 200ͲOhm Analog Select Signal Analog Input ANALOG INPUT ANALOG RETURN Current Loop Protector Current Loop Signal Voltage Input Signal ...

Page 43: ...when contact is CLOSED Digital output The wiring diagram assumes a current limiting resistor provided by installation or connected device is in use DIGITAL INPUT DIGITAL RETURN Digital Input WR31_3v3 PullͲup ON External Contact Door Contact etc DIGITAL INPUT DIGITAL RETURN Digital Input External Contact Door Contact etc Digital Output Enable DIGITAL RETURN DIGITAL INPUT ...

Page 44: ... inverting Schmitt trigger input The default state at power up with no voltage applied is LOW 200ͲOhm Analog Input Current Loop Protector ANALOG INPUT ANALOG RETURN ANALOG 4Ͳ20mA Sensor Analog Select Signal Current Mode Specification MIN NOM MAX UNITS Rated Input Voltage 0 2 30 V Rated Input Current 1 0 200 mA Pull Up Resistance 10 k Ohms Analog Input ANALOG INPUT ANALOG RETURN 0 10V input Analog ...

Page 45: ...l output This output is an open collector sinking driver output The default state at power up is OFF Specification MIN NOM MAX UNITS Threshold 1 6 V Threshold 1 0 V Input impedance 1 M Ohms Specification MIN NOM MAX UNITS Sink Current 200 mA Pull up Voltage 3 V ...

Page 46: ...t Current loop mode Specification MIN NOM MAX UNITS Resolution 12 BITS Accuracy 0 2 Rated Input Voltage 0 2 30 V Rated Input Current 0 40 mA Specification MIN NOM MAX UNITS Input Voltage 0 2 10 25 V Input Impedance 291 K Ohms Specification MIN NOM MAX UNITS Minimum Input Voltage 2 V Load Resistance 200 Ohms ...

Page 47: ...Mbps Up 100 Mbps Down LTE EMEA APAC L1 800 850 900 1800 1900 2100 2600 MHz 3G fall back to 850 900 1900 2100 MHz 2G fall back to 850 900 1800 1900 MHz Transfer Rate max 50 Mbps Up 100 Mbps Down HSPA U9 850 900 1700 AWS 1900 2100 MHz Transfer Rate max 5 76 Mbps Up 21 Mbps Down Connectors 1 x 50 SMA Center pin female 2x connectors for LTE models SIM Slots 2 SIM Security Screw down SIM cover Software...

Page 48: ...log inputs and outputs on page 41 Connector 5 pin screw down terminal block Digital 0 30VDC 2 I O software selectable Analog 1 analog input 4 20mA or 0 10V Software Selectable 12 bit resolution USB Ports 1 USB Type A Standard USB2 0 Physical Dimensions L x W x H 5 in x 3 5 in x 2 in 12 7 cm x 8 9 cm x 5 1cm Weight 1 1 lb 5kg Status LEDs Power Service WWAN Signal strength 3x System user programmabl...

Page 49: ...95 non condensing Approvals Safety Hazardous Locations ANSI ISA 12 12 01 2015 CAN CSA C22 2 NO 213 15 EN 60079 0 2012 A11 2013 EN 60079 15 2010 See the TransPort WR31 Hazardous Locations User Guide Digi part number 90001490 Ordinary Locations UL 60950 1 2nd Edition 2014 10 14 Emissions Immunity CE FCC Part15 Class B AS NZS CISPR22 EN55024 EN55022 Class B GSM UMTS PTCRB Cellular Carriers Certified ...

Page 50: ...tenna if fitted 4 LAN LED Illuminates steadily when there is a network connection to the LAN port and flashes when data is transmitted or received 5 WN LED Wi Fi models Illuminates steady if Wi Fi activity is present Non Wi Fi models Flashes to show which network mode the router is operating in Off No service 1 blink GPRS mode 2 blinks EDGE mode 3 blinks UMTS mode 4 blinks HSDPA mode 5 blinks HSUP...

Page 51: ...a terminal is connected to the SERIAL port and the DTR signal is on Flashes when data is transmitted or received 11 Primary Wi Fi antenna connector Wi Fi models only This SMA connector is used to connect the router s primary Wi Fi antenna 12 SIM R UIM Sockets SIM card models only SIM 1 and SIM 2 are for use with the Subscriber Identification Module s SIMs or Removable User Identification Module s ...

Page 52: ...t WR41 hardware Digi TransPort User Guide 52 TransPort WR41 rear panel features WWAN SECONDARY WWAN PRIMARY LAN GND SERIAL 0 1 2 3 4 5 6 7 9 48VDC 2A MAX 1 2 3 6 7 WWAN 4 5 WWAN PRIMARY 9 48VDC SERIAL0 GND LAN ...

Page 53: ...d on the underside of the router Reset the router 1 Turn the router on and wait 15 seconds for the router to complete its initialization process 2 Press and hold the reset button gently for 5 seconds After this time the router will automatically re boot and display a pattern of alternating LEDs flashing followed by the normal boot sequence CAUTION Do not remove power from the router during this op...

Page 54: ...l Port Option 3 SYN ASYN Serial Port Option 5 ISDN Option 10 ISDN U PSTN PSTN Option 9 PSTN ISDN Modem Option 11 DialServ To Modem Option 2 ASY Serial Port 3x GPS Option 4 GPS Option 6 Telemetry 1 I O Interface A B A B _ DC IN RLY IN OUT 1 OUT 2 OUT 3 _ _ _ OUT 4 Option 7 Telemetry 2 I O Interface A B A B A B A B D1 D2 D3 D4 AN1 AN2 AN3 AN4 D12C D34C Option 8 Fleet I O Interface Pwr Data GPS SERIA...

Page 55: ...o isolated digital output port It also provides a relay I O port a voltage monitoring port and internal temperature monitoring 7 Telemetry 2 I O Interface Provides 4 isolated analog I O ports and 4 non isolated digital I O ports 8 Fleet I O Interface Provides CAN and J1708 interface GPS 4 non isolated digital I O ports ignition sense port and a 3 axis accelerometer 9 PSTN Provides a PSTN interface...

Page 56: ...vailable on some daughter cards Description RS232 signal Direction1 DB 25 Pin RJ45 Pin Transmit Data TxD in 2 6 Receive Data RxD out 3 3 Ready To Send RTS in 4 1 Clear To Send CTS out 5 8 Data Set Ready DSR out 6 n a Ground GND n a 7 5 Data Carrier Detect DCD out 8 7 Transmitter Clock TxC out 15 n a Receiver Clock RxC out 17 n a Data Terminal Ready DTR in 20 2 Ring Indicate RI out 22 n a External ...

Page 57: ...rt ASY 0 pinout ANT ANT 9 48VDC ASY 0 GND LAN Pin 1 Pin 8 ASY 0 Pin Direction RS232 DCE Description 1 In RTX Ready To Send 2 In DTR Data Terminal Ready 3 Out RxD Receive Data 4 5 N A GND Ground 6 In TxD Transmit Data 7 Out DCD Data Carrier Detect 8 Out CTS Clear To Send ...

Page 58: ...00 2100 MHz with Rx Diversity RF features CDMA models CDMA EV DO Rev A Dual band 800 1900 MHz with Rx Diversity Optional multi mode GSM EV DO Gobi support 450 MHz 3 1 Mbps down 1 8 Mbps up R UIM support Power requirements Power Input 8 48 VDC Power Supply 100 240 VAC 50 60 Hz with barrel connector Optional barrel connector with bare wire leads Power Consumption 6W 12 VDC to WR41 Environmental Oper...

Page 59: ... EN60950 Mobile Certifications GSM UMTS PTCRB NAPRD 03 GCF CC R TTE EN 301 511 Mobile Certifications CDMA EV DO CDG TIA EIA 690 CDG TIA EIA 98 E Wireless Carrier Certifications Certified by most major carriers See www digi com for current listing Vehicle Related Certifications 2004 104 EC 2005 49 EC 2005 83 EC 2006 28 EC 72 245 EEC ISO7637 2 Class C Category Specification Value ...

Page 60: ...R hardware Digi TransPort User Guide 60 TransPort WR44 WR44 R hardware TransPort WR44 enclosure features TransPort WR44 1 Commercial enclosure 2 Mounting feet TransPort WR44 R 1 Rugged enclosure 2 Mounting tabs 2 1 2 2 1 2 ...

Page 61: ... WR44 R hardware Digi TransPort User Guide 61 TransPort WR44 front panel features TransPort WR44 models with cellular interface TransPort WR44 models without cellular interface 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 ...

Page 62: ...dily if a terminal is connected to the SERIAL port and the DTR signal is on Flashes when data is transmitted or received 6 LINK LED Illuminates steadily when a wireless data connection has been established 7 SIM LED Cellular models Illuminates steadily when a valid SIM card is installed Models without cellular interface Not operational 8 ACT LED Flashes to indicate that data is being transferred o...

Page 63: ...tor which can be secured by rotating it 90 degrees once installed into the TransPort router 6 11 58VDC Aux This socket can be used to connect the router to an alternative 11 58VDC power supply not supplied using a fused power cable which can be purchased separately This cable also contains two programmable IO signal lines one is an input signal and the other is an input output signal 7 SERIAL 0 po...

Page 64: ...TransPort WR44 WR44 R hardware Digi TransPort User Guide 64 TransPort WR44 under unit features TransPort WR44 Front of Unit 1 2 3 1 Rear of Unit ...

Page 65: ...mm hole located on the underside of the router Reset the TransPort WR44 WR44 R 1 Turn the router on and wait 15 seconds for the router to complete its initialization process 2 Press and hold the reset button gently for 5 seconds After this time the router will automatically re boot and display a pattern of alternating LEDs flashing followed by the normal boot sequence CAUTION Do not remove power f...

Page 66: ...n 1 ASY Serial Port 3x Option 3 GPS Option 5 Telemetry 1 I O Interface Option 10 DialServ Option 9 ISDN U PSTN SERIAL 1 SERIAL 3 SERIAL 2 Option 2 SYN ASYN Serial Port Option 4 ISDN GPS Option 6 Telemetry 2 I O Interface A B A B _ DC IN RLY IN OUT 1 OUT 2 OUT 3 _ _ _ OUT 4 Option 7 Fleet I O Interface Option 8 PSTN Pwr Data GPS ISDN Modem ISDN A B A B A B A B D1 D2 D3 D4 AN1 AN2 AN3 AN4 D12C D34C ...

Page 67: ...port It also provides a relay I O port a voltage monitoring port and internal temperature monitoring 6 Telemetry 2 I O interface Provides 4 isolated analog I O ports and 4 non isolated digital I O ports 7 Fleet I O interface Provides CAN and J1708 interface GPS 4 non isolated digital I O ports ignition sense port and a 3 axis accelerometer 8 PSTN Provides a PSTN interface via an RJ45 connector tha...

Page 68: ...n DB 9 Pin RJ45 Pin Transmit Data TxD in 2 3 6 Receive Data RxD out 3 2 3 Ready To Send RTS in 4 7 1 Clear To Send CTS out 5 8 8 Data Set Ready DSR out 6 6 n a Ground GND n a 7 5 5 Data Carrier Detect DCD out 8 1 7 Transmitter Clock TxC out 15 n a n a Receiver Clock RxC out 17 n a n a Data Terminal Ready DTR in 20 4 2 Ring Indicate RI out 22 9 n a External Transmitter Clock ETC in 24 n a n a ...

Page 69: ... HSUPA UMTS 850 900 1900 2100 MHz with Rx Diversity CDMA models CDMA EV DO Rev A Dual band 800 1900 MHz with Rx Diversity Optional multi mode GSM EV DO Gobi support 450 MHz 3 1 Mbps down 1 8 Mbps up R UIM support Power requirements Power Input 11 58 VDC Power Supply 100 240 VAC 50 60 Hz with barrel connector Optional Molex connector with bare wire leads Power Consumption 15W 12 VDC to WR44 Environ...

Page 70: ...TS PTCRB NAPRD 03 GCF CC R TTE EN 301 511 MobileCertifications CDMA EV DO CDG TIA EIA 690 CDG TIA EIA 98 E Wireless Carrier Certifications Certified by most major carriers See www digi com for current listing Safety UL 60950 CSA 22 2 No 60950 EN60950 Emissions Immunity CE FCC Part 15 Class B AS NZS CISPR 22 EN55022 Class A Vehicle Related Certifications 2004 104 EC 2005 49 EC 2005 83 EC 2006 28 EC...

Page 71: ...TransPort WR44 RR hardware Digi TransPort User Guide 71 TransPort WR44 RR hardware TransPort WR44 RR enclosure features 1 Rugged Enclosure 2 Mounting Tabs 2 1 2 ...

Page 72: ...terminal is connected to the SERIAL port and the DTR signal is on 5 LINK LED Illuminates steadily when a wireless WAN data connection has been established 6 SIM LED Illuminates steadily when a valid SIM card is installed 7 ACT LED Flashes to indicate that data is being transferred over the wireless WAN network 8 SIGNAL LEDs Indicate strength of cellular signal 3 LEDs Excellent 2 LEDs Good 1 LED Fa...

Page 73: ...rsity In most circumstances dual antennas will provide improved signal strength thus better performance 5 Secondary Wi Fi WLAN antenna connector Wi Fi models only This TNC male connector is used to connect the router s secondary Wi Fi antenna 6 9 36VDC socket This M12 socket is used to connect the router to an alternative 9 36VDC power supply not supplied using the supplied fused power cable This ...

Page 74: ...TransPort WR44 RR hardware Digi TransPort User Guide 74 TransPort WR44 RR connectors and pinouts Pin locations 4 pin connector pin locations 8 pin connector pin locations ...

Page 75: ... The power connector is an M12 4 pin A Coded connector Pinout is as follows Serial connector The serial connector is an M12 5 pin A Coded connector Pinout is as follows Pin Signal 1 Power ve 2 GPIO 0 3 Power ve 3 GPIO 1 Pin DB 9 DCE 1 2 RXD 2 3 TXD 3 8 CTS 4 7 RTS 5 5 GTM ...

Page 76: ...i website www digi com To view the Digi TransPort WR44 RR Hardware Specifications go to the Specifications tab of the TransPort WR44 RR product page To view available accessories including cables and antennas for the Digi TransPort WR44 RR go to the Models tab for the TransPort WR44 RR product page and click View Accessories Pin RJ45 Signal Notes 1 1 TX Twisted Pair 2 2 TX 3 3 RX Twisted Pair 4 6 ...

Page 77: ...TE North America L5 Multi Carrier Verizon AT T and Sprint Speed 700 850 1700 AWS 1900 MHz Fall back 2G 3G GSM fall back to 850 900 1700AWS 1800 1900 2100MHz 2G 3G CDMA fall back to 800 1900MHz Maximum transfer rate 50 Mbps Up 100 Mbps Down LTE North America L6 Speed 700 850 1700 AWS 1900MHz Fall back 2G 3G fall back to 850 1900MHz Maximum transfer rate 50 Mbps Up 100 Mbps Down LTE Verizon L8 Speed...

Page 78: ...s list the pin designations of each type of connector for each Digi model The RS 232 port pinouts are suitable for both Async and Sync port connections When used in Async mode the pins for TxC RxC ETC are not required these are needed for Sync mode only The serial pinouts for all TransPort models are included with the hardware information for each model All TransPort serial ports are DCE Note that...

Page 79: ...nk or clock source LEDs lit Signal strength None Under 113 dBm effectively no signal 1 112 dBm to 87 dBm weak signal 2 86 dBm to 71 dBm medium strength signal 3 70 dBm to 51 dBm strong signal Description RS232 signal Direction1 DB 25 Pin DB 9 Pin Transmit Data A TxDA in 2 1 Receive Data A RxDA out 3 2 Control A CTLA in 4 3 Indication B INDA out 5 4 Ground GND n a 7 5 Clock B CLKB in or out2 9 n a ...

Page 80: ...operating asynchronously it is strongly recommended that the clock pins TxC RxC and ETC are left disconnected 25 Pin to 25 Pin straight through cable This cable is normally used to connect a V 24 synchronous terminal to a Digi router Note Frame Ground is optional DB 25 Digi Side DB 25 Signal Pin DCE Pin DTE Signal Frame Ground Case Shield Shield Frame Ground Case TxD 2 2 TxD RxD 3 3 RxD RTS 4 4 RT...

Page 81: ...This cable is normally used to connect a V 24 synchronous terminal to a Digi router DB 25 Digi Side DB 9 Signal Pin DCE Pin DTE Signal Frame Ground Case Shield Shield Frame Ground Case TxD 2 3 TxD RxD 3 2 RxD RTS 4 7 RTS CTS 5 8 CTS DSR 6 6 DSR GND 7 5 GND DCD 8 1 DCD DTR 20 4 DTR RING 22 9 RING RJ45 Digi Side DB 25 Signal Pin DCE Pin DTE Signal RTS 1 4 RTS DTR 2 20 DTR RxD 3 3 RxD GND 5 7 GND TxD...

Page 82: ... normally used to connect the router to a V 24 leased line Note Frame Ground is optional RJ45 Digi Side DB 9 Signal Pin DCE Pin DTE Signal RTS 1 7 RTS DTR 2 4 DTR RxD 3 2 RxD GND 5 5 GND TxD 6 3 TxD DCD 7 1 DCD CTS 8 8 CTS DB 25 Digi Side DB 25 Signal Pin DCE Pin DTE Signal Frame Ground Case Shield Shield Frame Ground Case TxD 2 3 RxD RxD 3 2 TxD RTS 4 5 CTS CTS 5 4 RTS GND 7 7 GND DCD 8 20 DTR Rx...

Page 83: ...cable This cable is normally used to connect the router to a V 24 leased line DB 25 Digi Side DB 9 Signal Pin DCE Pin DTE Signal Frame Ground Case Shield Shield Frame Ground Case TxD 2 2 RxD RxD 3 3 TxD RTS 4 8 CTS CTS 5 7 RTS GND 7 5 GND DCD 8 4 DTR DTR 20 1 DCD RJ45 Digi Side DB 25 Signal Pin DCE Pin DTE Signal RTS 1 5 CTS DTR 2 8 DCD RxD 3 2 TxD GND 5 7 GND TxD 6 3 RxD DCD 7 20 DTR CTS 8 4 RTS ...

Page 84: ...e 84 RJ45 to 9 Pin crossover cable This cable is normally used to connect the router to an external asynchronous modem RJ45 Digi Side DB 25 Signal Pin DCE Pin DTE Signal RTS 1 8 CTS DTR 2 1 DCD RxD 3 3 TxD GND 5 5 GND TxD 6 2 RxD DCD 7 4 DTR CTS 8 7 RTS ...

Page 85: ...s device must accept any interference including interference that may cause undesired operation of the device Under Industry Canada regulations this radio transmitter may only operate using an antenna of a type and maximum or lesser gain approved for the transmitter by Industry Canada To reduce potential radio interference to other users the antenna type and its gain should be so chosen that the e...

Page 86: ...ill be responsible for re evaluating the end product including the transmitter and obtaining a separate Industry Canada authorization End product labeling The WR44v2 Module is labeled with its own IC Certification Number If the IC Certification Number is not visible when the module is installed inside another device then the outside of the device into which the module is installed must also displa...

Page 87: ...ntrolled environment End users must follow the specific operating instructions for satisfying RF exposure compliance This transmitter must not be co located or operating in conjunction with any other antenna or transmitter Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment The antenna s used for this tran...

Page 88: ...should use an antenna that matches these specifications to maintain the module s certification Antennas of the same type but operating with a lower gain may be used Attribute Property Frequency Range 2 4 to 2 5 GHz Impedance 50 Ohm VSWR 1 92 max Return Loss 10dB max Gain 1 8 dBi Polarization Linear Radiation Pattern Near omni directional in the horizontal plane Admitted Power 1W Electrical 1 2 Dip...

Page 89: ... of the enclosure installations with operating temperatures greater than 122F 50C must be limited to Restricted Access Locations accessible only to trained service personnel Hazardous Location installation information for TransPort WR31 For Hazardous Location installation see the TransPort WR31 Hazardous Location User Guide Digi part number 90001490 ...

Page 90: ...power supplies provided by the manufacturer connecting non approved antennas or power supplies may damage the router cause interference or create an electric shock hazard and will void the warranty 4 Do not attempt to repair the product The router contains no electronic components that can be serviced or replaced by the user Any attempt to service or repair the router by the user will void the pro...

Page 91: ...less appliances in an aircraft is forbidden to prevent interference with communications systems Failure to observe these instructions may lead to the suspension or denial of cellular services to the offender legal action or both As with any electrical equipment do not operate the router in the presence of flammable gases fumes or potentially explosive atmospheres Radio devices should not be used a...

Page 92: ...N 60950 1 2006 A2 2013 EN 50385 2002 EMC article 3 1b EN 301 489 1 V1 9 2 2011 09 in accordance with the specific requirements of EN 301 489 3 V1 6 1 2013 08 EN 301 489 7 V1 3 1 2005 11 EN 301 489 24 V1 5 1 2010 10 Spectrum article 3 2 EN 300 440 2 V1 4 1 EN 301 511 V9 0 2 2003 03 EN 301 908 1 V6 2 1 2013 04 EN 301 908 2 V5 4 1 2012 12 RoHS2 EN 50581 2012 Minnesota USA July 24th 2014 Place and dat...

Page 93: ...ng European Representative Andreas Burghart Digi International GmbH Branch Breisach Kueferstr 8 79206 Breisach Germany Telephone 49 7667 908 124 Safety article 3 1a EN60950 1 2006 A11 2009 to which this declaration relates are in conformity with the essential requirements and other relevant requirements of the R TTE Directive 1999 5 EC WR21 NNHH DFF XX Where NN C0 C3 C8 E1 U4 U5 U6 U7 U8 HH 11 12 ...

Page 94: ... 2010 CISR24 EN61000 6 1 2007 EN 61000 3 2 2014 EN 61000 3 3 2013 EN61000 4 2 EN61000 4 3 EN61000 4 4 EN61000 4 5 EN61000 4 6 EN61000 4 11 EN 300 386 ETSI EN 301 489 1 ETSI EN 301 489 3 ETSI EN 301 489 7 EN 301 489 24 V1 5 1 2010 Spectrum article 3 2 ETSI EN 301 908 2 V5 2 1 2011 07 ETSI EN 301 511 V9 0 2 2002 11 ETSI EN 300 328 V1 9 1 2015 02 ETSI EN 301 893 V1 8 1 2015 03 ETSI EN 301 908 1 V1 7 ...

Page 95: ...Regulatory and safety statements Digi TransPort User Guide 95 TransPort WR41Declaration of Conformity ...

Page 96: ...Regulatory and safety statements Digi TransPort User Guide 96 ...

Page 97: ...Regulatory and safety statements Digi TransPort User Guide 97 TransPort WR44 Declaration of Conformity ...

Page 98: ...4 08 G4 G8 W C N to which this declaration relates are in conformity with the essential requirements and other relevant requirements of the Directive 2004 108 EC EMC Directive 2006 95 EC LVD and Council Directive 1999 5 EC R TTE Safety article 3 1a EN60950 1 2006 A11 2009 A1 2010 A12 2011 EMC article 3 1b EN 55022 2010 EN 55024 2010 EN 301 489 17 V2 1 1 EN 301 489 24 V1 5 1 Spectrum article 3 2 EN...

Page 99: ...safety statements Digi TransPort User Guide 99 ECDeclaration Of Conformity European Representative Andreas Burghart Digi International GmbH Branch Breisach Kueferstr 8 79206 Breisach Germany Telephone 49 7667 908 124 ...

Page 100: ...ections and managing applications This section covers the following topics Log in to the device on page 101 Log out and return to the login page on page 103 Accessing the web interface Via a LAN port on page 103 Configure and test W WAN models from the web interface on page 104 Signal strength indicators on the Mobile status page on page 105 Web interface wizards on page 106 ...

Page 101: ... your PC to have an address on the same subnet You will be presented with a login page similar to the following image The default Username and password are username and password respectively Enter these and click the Log in button to access the configuration pages The password will be displayed as a series of dots for security purposes Note For security purposes Digi recommends changing the userna...

Page 102: ...utton displays a representation of the front panel of your router that will be updated every few seconds to show the actual status of the LED indicators The model number of your router will be shown at the top of the screen The router s serial number and ID are shown below the front panel representation In the left side of the page you will see the main menu with subsections which further expand w...

Page 103: ...e router using a web browser such as Internet Explorer simply connect an Ethernet cable between the LAN port on the Digi Transport and your PC Make sure your PC is setup to automatically receive an IP address by selecting Start Control Panel Network Configuration and verifying the configuration Note All models are auto sensing for 10 100 operation Most models are also auto MDI MDX such as will aut...

Page 104: ...anel should illuminate green to show that a W WAN enabled SIM card is present 4 The router will now attempt to log on to the specified mobile network If it is able to do so the W WAN NET indicator will illuminate steady 5 Data passing to and from the network is reflected by the status of the DAT indicator which flash greens 6 If you cannot connect to the network go to the Management Network Status...

Page 105: ...at the stronger the signal the lower the number As a guide 51dB is a very strong signal normally only obtained very close to a cell site 115dB represents no signal If your router reports 115dB try reorienting the antenna or consider adding an external antenna The following values are fairly specific to LTE At 2G 3G technology any strength lower than 100dBm becomes unusable LEDs lit Signal Strength...

Page 106: ...task Note that due to the generic nature of the wizards they may not be suitable in all scenarios Quick Start wizard The Quick Start Wizard displays the options required for basic configuration of the Eth 0 WLAN and WWAN interfaces This page allows you to set up your Ethernet LAN interface You can get IP settings assigned automatically if your network supports this capability Otherwise you can ass...

Page 107: ...plication Create an aggressive mode LAN to LAN IPsec Tunnel wizard This wizard helps you configure an aggressive mode LAN to LAN IPsec tunnel to a remote host The IPsec wizard can be used to help configure an aggressive mode LAN to LAN VPN tunnel The tunnel is configured as an initiator this means it is responsible for starting the VPN connection ...

Page 108: ...es passive and active Passive techniques Passive techniques work by monitoring data that would be sent over the W WAN network anyway As it is necessary for data to be sent in order to detect a problem these techniques are only suitable if the equipment on the router s LAN Local Area Network regularly sends data over the W WAN The main advantage of passive techniques are No additional data charges ...

Page 109: ...lting in no delays sending data The main disadvantages are Some mobile operators charge for the data sent to test the link In a hub and spoke deployment additional load will be placed on equipment at the hub end by the test data GOBI Module Carrier wizard GOBI Module Carrier wizard is used with routers that have a GOBI module installed to configure the router for a specified WWAN carrier This wiza...

Page 110: ...ce it has failed over it will remain on the alternate SIM until another problem is detected in which case it will fail back to the original SIM This method keeps down time to a minimum and is used when no SIM is to be given preference over the other One SIM has a higher weighting than the other After boot up the primary SIM will be used if possible In the event that a problem occurs the router wil...

Page 111: ... Required software for using the command line on page 112 Connect to the TransPort router from a PC on page 113 Log in from the command line on page 113 Commands and the active port on page 113 When commands take effect on page 113 View current configuration changes on page 114 Save changes on page 114 Establish a remote connection on page 115 AT commands on page 116 Application commands on page 1...

Page 112: ... maintain compatibility with modems when the router is used as a modem replacement For more information about the AT commands see AT commands on page 116 Application commands also known as text commands Application commands are specific to Digi International products and control most features of the router when not using the Web interface For more information about application commands see Applica...

Page 113: ... the command AT If the device is functioning properly it will return the response OK To learn more about the AT commands see AT commands on page 116 5 Make sure the COM port is set up correctly by entering the command ATI5 Log in from the command line When the login prompt appears on the command line enter the default user name and password Username username Password password Note For security pur...

Page 114: ...the following commands would be entered eth 0 ipaddr 192 168 10 254 eth 0 mask 255 255 255 0 Note When setting the mask in the above example to 255 255 255 0 the mask s value will not be displayed in the output of the config c show command as 255 255 255 0 is a default value 3 Tostop the DHCP server from serving addresses use the following command dhcp 0 ipmin x This command removes the minimum IP...

Page 115: ...there are several ways of establishing a link to a remote system Use the ATD command to make an outgoing V 120 call Initiate a DUN session to establish a dial up PPP connection Make an outgoing X 25 call using the ATD command followed by the X 28 CALL command Make an outgoing TPAD Transaction PAD call using the TPAD a address command followed by the appropriate NUA This is normally only carried ou...

Page 116: ...on page 119 D command Dial a call on page 119 H command Hang up on page 119 Z command Reset on page 120 C command DCD control on page 120 F command Load factory settings on page 120 R command CTS control on page 120 V command View profiles on page 121 W command Write SREGS DAT file on page 121 Y command Set default profile on page 121 Z command Store phone number on page 122 AT command Ignore inva...

Page 117: ...outer should respond with the message OK This message is issued after successful completion of each command If an invalid command is entered the router will respond with the message ERROR If there is no response check that the serial cable is properly connected and that your terminal or PC communications software is correctly configured before trying again If you have local command echo enabled on...

Page 118: ...om the remote system unless you specifically instruct it to do so using ATH or another method of disconnecting If you have not disconnected the call the ATO command may be used to go back on line AT command result codes Each time an AT command line is executed the router responds with a result code to indicate whether the command was successful If all commands entered on the line are valid the OK ...

Page 119: ...to route a call to an ISDN sub address by following the telephone with the letter S and the required sub address The sub address may be up to 15 digits long For example atd01234567890s003 Dialing stored numbers To dial numbers that have previously been stored within the router using the AT Z command insert the S modifier within the dial string For example to dial stored number 3 use the command at...

Page 120: ... been established Layer 2 is UP C2 DCD is always Off C3 DCD is normally On but pulses low for a time in 10 msec routers determined by S register 10 F command Load factory settings The AT F command is used to load a pre defined default set of S register and AT command settings the default profile These are E1 V1 C1 K1 D2 S0 0 S2 43 All other values are set to 0 R command CTS control The AT R comman...

Page 121: ...ed to save the current command and S registers settings for the active port to the file SREGS DAT The settings contained in this file can be reloaded at any time using the ATZ command The AT W command may be immediately followed by a profile number either 0 or 1 to store the settings in the specified profile for example at w1 would store the current settings as profile 1 If no profile number is sp...

Page 122: ...rt is not specified the number will be stored against the port from which the command was entered such as entering the command at z 0800123456 from ASY 3 has the same effect as at z3 0800123456 from any port Once a number has been stored it may be dialed from the command line using the ATD command with the S modifier atds 3 This means that any stored number can be dialed from any port If DTR diali...

Page 123: ...at 1 To turn off the feature type the following command at at 0 When this feature is turned on the ASY port ignores all commands except real AT commands As with other ASY modes this can be saved by AT W but is not included in the AT V status display To determine whether or not this mode is enabled type at at The router will display 0 if the feature is Off 1 if it is On LS command Lock speed The AT...

Page 124: ...he settings for port 2 you would first enter the command at port 2 PORT 2 OK Port 2 is now the active port and any AT commands or changes to S registers settings which affect the serial ports will now be applied to port 2 only This includes Commands Z D F K V Y W S registers S31 S45 The AT PORT command will display the port to which you are connected and the active port for command S register sett...

Page 125: ...ib commands The at smib command allows you to view a single standard MIB variable To view the variable use the at smib mib_name command where mib_name is the variable to be displayed The variables are sorted according to the hierarchy shown below ...

Page 126: ...tput mib 2 system sysobjectid oid at smib mib 2 system sysuptime The time the router has been running in 10msec units hundredths of a second mib 2 system sysuptime 1806718 The above example shows that the router has been running for 5 hours 1 minute and 7 18 seconds at smib mib 2 system syscontact A description of the contact person for the router For TransPort this is always a zero length string ...

Page 127: ...e router provides For each OSI layer the router provides services for 2 L 1 is added to the value where L is the layer The layers are shown below For TransPort this value is always 7 Physical layer 21 1 Data Link layer 22 1 Network layer 23 1 Layer Functionality 1 Physical 2 Data Link 3 Network 4 Transport 5 Session 6 Presentation 7 Application ...

Page 128: ...he interface This information is displayed in the format interface type instance where interface type can be one of PPP ETH TUN for IPSec tunnels SNAIP for SNAIP links or SYNC and instance is the instance For example mib 2 interfaces iftable ifentry ifdescr 1 PPP 0 at smib mib 2 interfaces iftable ifentry iftype The type of interface as described by the physical link protocol below the network lay...

Page 129: ...smib mib 2 interfaces iftable ifentry ifinucastpkts The number of subnetwork unicast packets delivered by this interface to a higher layer protocol at smib mib 2 interfaces iftable ifentry ifinnucastpkts The number of non unicast such as broadcast or multicast packets delivered by this interface to a higher layer protocol at smib mib 2 interfaces iftable ifentry ifinerrors The number of inbound pa...

Page 130: ...at smib mib 2 ip ipaddrtable ipaddrentry ipadentnetmask The subnet mask associated with the IP address at smib mib 2 ip ipaddrtable ipaddrentry ipadentbcastaddr The value of the least significant bit in the IP broadcast address used for sending datagrams on the IP address of this interface at smib mib 2 ip iproutetable The iproutetable node contains iprouteentry nodes for each route defined on the...

Page 131: ...rt User Guide 131 at smib mib 2 ip iproutetable iprouteentry iproutetype The type of route Valid values are 1 Valid 2 Invalid 3 Direct 4 Indirect at smib mib 2 ip iproutetable iprouteentry iproutemask The netmask for the route ...

Page 132: ...value 4 in S31 The router maintains one set of registers for each ASY port By default the S command operates ONLY on the S register set for the active port To select an alternative default port use the AT PORT command first Each register can only be set to a limited range of values as shown in the table below Register Description Units Default Range S0 V 120 Answer enable Rings 0 0 255 S1 Ring cou...

Page 133: ...equals the value in S0 the call is answered S1 Ring count Units Rings Default n a Range n a When ADAPT detects an incoming ISDN call on an ASY port it will print RING to the ASY port at 2 second intervals It also increments the S1 register counting how many times RING is printed S2 Escape Character Units ASCII Default 43 Range 0 255 The value stored in S2 defines which ASCII character is used as t...

Page 134: ...ity with older systems S16 RS422 485 serial port settings The RS485 option is only available on specific hardware versions Units N A Default 0 Range 0 2 3 where 0 RS232 2 RS485 full duplex 3 RS485 half duplex Following example shows how to setup and save ASY 0 in 485 half duplex mode AT port 0 ATS16 3 AT w AT port The at port 0 is needed to ensure that subsequent AT commands are directed to the ri...

Page 135: ...e from the following table For example to change the speed of ASY 1 to 38 400bps connect your terminal to that port with the speed set to 9600bps Enter the command ats31 5 then change the speed of your terminal to 38 400bps before entering any more AT commands The data format used when the ATS31 n command is entered is selected as the data format for all further commands The auto detect option is ...

Page 136: ...e value in S45 determines the length of time for which the DTR signal from the terminal device must go off before the router acts upon any options that are set to trigger on loss of DTR Increasing or decreasing the value in S45 makes the router less or more sensitive to bouncing of the DTR signal respectively ...

Page 137: ...mmand syntax on page 138 Using wildcards on page 139 Using the CLI parameter tables in this guide on page 140 reboot command reboot router on page 141 config command show save configuration on page 142 ping command Troubleshoot connectivity problems on page 143 traceroute command Troubleshoot connectivity problems on page 143 ana command Clear the Analyser Trace on page 143 clear command Clear the...

Page 138: ...set the port speed at 19 200bps enter the command ATS31 6 And then change your terminal settings to match Note Speed locking is not necessary when you use the text commands via a Telnet session Application commands are case insensitive Digi application commands referred to just as text commands or CLI commands throughout the remainder of this guide can be entered in upper or lower case One command...

Page 139: ...0 rxtimeout 23 rdoosdly 0 restdel 2000 rebootfails 0 rip 0 ripip ripauth 1 ripis OFF r_md5 1 r_ms1 1 r_ms2 1 rbcast OFF OK Using special usernames in commands There are some special usernames that can also be used for both local and remote authentication these are If a symbol is part of the username it must be escaped with another symbol For example user 1 should be entered as user 1 Username Desc...

Page 140: ...ivalent setting in the web interface If the Instance is n in the table it is because there are multiple instances available Use the instance number you need for your requirements If the Instance is set to a specific number such as 0 use the number specified in the table For example to set a Description of Local LAN on Ethernet 0 enter eth 0 descr Local LAN Because of the space between Local and LA...

Page 141: ...e been disconnected reboot n A time reboot reboots the router in n minutes where n is 1 to 65 535 reboot cancel Cancels a timed reboot if entered before the time period has passed Reset the router to factory defaults To reset router to factory defaults see Reset the router to factory default settings on page 798 Disable the reset button Normally when the reset button is held in for 5 seconds the r...

Page 142: ...powerup sets the specified configuration either 0 or 1 to be used at power up or reboot For example to display the current configuration use the command config c show The output will appear similar to the following example config c show eth 0 descr LAN 0 eth 0 IPaddr 192 168 1 1 eth 0 mask 255 255 255 0 eth 0 bridge ON eth 1 descr LAN 1 eth 2 descr LAN 2 eth 3 descr LAN 3 eth 4 descr ATM PVC 0 The...

Page 143: ...ill be sent To stop pings when n has been set to a high value use ping stop traceroute command Troubleshoot connectivity problems From the CLI the traceroute command can be used to help troubleshoot connectivity problems The syntax of the traceroute command is traceroute ip address FQDN To stop a failed trace if hosts can not be detected use traceroute stop ana command Clear the Analyser Trace To ...

Page 144: ...nstance act_rq To manually deactivate or lower an interface enter the following CLI command as an activation request entity instance deact_rq Where entity can be PPP for PPP interfaces TUN for GRE TUN interfaces OVPN for OpenVPN interfaces And instance is the interface number such as 0 1 2 etc For example to activate PPP 1 the CLI command is ppp 1 act_rq and to deactivate PPP 1 ppp 1 deact_rq ...

Page 145: ...command displays the current status of the ports For example gpio Input s in OFF Output s inout OFF OK Set the I O port as an output To set the I O port to be an output gpio inout output Input s in OFF Output s inout OFF OK Set the I O port to ON when configured as an output To set the I O port to ON when it is configured as an output gpio inout on Input s in OFF Output s inout ON OK Command Descr...

Page 146: ...FF as seen in the above example Note Only one of the power connectors should be used Never apply power to both the MAIN and AUX connectors at the same time The following image shows the pins and the corresponding numbers For more information on wiring and other details see the 4 pin DC Power Cord User Guide Digi part number 90001246 Pin Description Pin 1 GROUND Pin 2 INPUT Pin 3 Input Output Pin 4...

Page 147: ...cify which image to load onto a GOBI cellular module The syntax of the command is qdl 0 fw n where n can be 0 14 The default value is 0 Instance Value 0 Generic UMTS 1 Verizon 2 Sprint PCS 3 IUSACELL 4 Bell Mobility 5 Alltel 6 Cingular Blue 7 Cingular Orange 8 T Mobile 9 Docomo 10 Orange 11 Vodafone 12 Telefonica 13 Telital 14 OMH ...

Page 148: ...ently relay data between the socket and the ASY port The format of the CONNECT message can be modified using the standard AT commands such as ATV ATE etc or using the Configuration Network Interfaces Serial Serial Port n web page Note The serial port should also be pre configured to use the appropriate word format speed and flow control While the serial to IP connection is established if the attac...

Page 149: ...hen the socket is closed and there are no other sockets using the interface then the interface connection is dropped switched connections only f The forwarding time x10ms for packetizing data from the serial port ho Host Indicates that the socket should only accept connections from the specified host i The inactivity timeout s after which the socket will be closed k Keep alive packet timer s l Lis...

Page 150: ...ands and has no equivalent web pages tcpdial operates in an identical manner to tcpperm except that establishment of the socket connection is not automatic and must be initiated by the tcpdial command The simplest method of achieving this is to map a command using the Configuration Network Interfaces Serial Command Mappings such as Command to Map ATDT0800456789 maps to tcpdial asy 1 217 36 133 29 ...

Page 151: ...uring network interfaces from the web interface and command line It covers the following topics Configure Ethernet interfaces on page 152 Configure Wi Fi interfaces on page 177 Configure mobile interfaces on page 189 Configure GRE interfaces on page 223 Configure ISDN interfaces on page 228 Configure PSTN interfaces on page 250 Configure DialServ interfaces on page 258 Configure serial interfaces ...

Page 152: ...ured for either HUB mode or Port Isolate mode In HUB mode all the Ethernet ports are linked together and behave like an Ethernet hub or switch This means that the router will respond to all of its Ethernet IP addresses on all of its ports as the hub switch behavior links the ports together In Port Isolate mode the router will only respond to its Ethernet 0 IP address on physical port LAN 0 its Eth...

Page 153: ... The subnet mask of the IP subnet to which the router is attached via this Ethernet port Typically this would be 255 255 255 0 for a Class C network Gateway The IP address of a gateway to be used by the router IP packets whose destination IP addresses are not on the LAN to which the router is connected will be forwarded to this gateway DNS Server Secondary DNS Server The IP address of DNS servers ...

Page 154: ...eters eth n descr Free text field Description eth n ipaddr Valid IP address IP Address eth n mask Valid Subnet Mask Mask eth n gateway IP address Gateway eth n dnsserver IP address DNS Server eth n secdns IP address Secondary DNS Server eth n dhcpcli on off On Get an IP address automatically using DHCP Off Use the following IP address ...

Page 155: ...ant that no more than one of the router s Ethernet interfaces is connected to another hub or switch on the same physical network otherwise an Ethernet loop can occur The default behavior is HUB rather than Port Isolate Port Isolate mode If the router is running in Port Isolate mode the following will be displayed with an option to switch to Hub mode Hub Mode factory default If the router is runnin...

Page 156: ... mode is shown in brackets after the parameter name Note enabling Auto negotiation and manually setting the speed will only allow the selected speed to be negotiated Duplex Selects either of Full Duplex Half Duplex or Auto mode Enabling Auto negotiation and manually setting the Duplex will only allow the selected Duplex mode to be negotiated Max Rx rate On models with multiple Ethernet interfaces ...

Page 157: ...n the example of connecting private hosts to the Internet NAT or NAPT should be enabled on the router s WAN side interface and should be disabled on the router s LAN side interface IP address When a private IP host sends a UDP or TCP packet to an Internet IP address the router will change the source address of the packet from the private host IP to the router s public IP address before forwarding ...

Page 158: ...dresses with the destination port set to an unexpected value such as a port that the router would normally expect to receive TCP traffic on it will reply with a TCP RST packet This is normal behavior However the nature of internet traffic is such that whenever an internet connection is established TCYP SYN packets are to be expected As the router s PPP inactivity timer is restarted each time the r...

Page 159: ...th Remote Manager Send Heartbeat messages to IP address a b c d every h hrs m mins s seconds For this setting a b c d specifies the destination IP address for heartbeat packets and h m and s specifies how often the router will transmit heartbeat packets to the specified destination in h Hours m Minutes and s Seconds Use interface x y for the source IP address By default heartbeat packets is sent w...

Page 160: ...tes and s Seconds Switch to sending pings to IP host a b c d after n failures For this setting a b c d specifies an alternative destination IP address for the auto ping ICMP echo request to be sent to should the main IP address specified in the parameter above fail to respond This allows the router to double check there is a problem with the connection and not just with the remote device not respo...

Page 161: ... in kbps Max Tx rate eth n tcptxbuf value in bytes TCP transmit buffer size eth n linkdeact 0 86400 Take this interface out of service after n seconds when the link is lost eth n do_nat 0 1 2 Enable NAT on this interface 0 Disabled 1 IP address 2 IP address and Port eth n ipsec 0 1 Enable IPsec on this interface eth n ipsecent blank ETH PPP Use interface x y for the source IP address of IPsec pack...

Page 162: ...onds eth n hrtbeatint 0 86400 Send Heartbeat messages to IP address a b c d every h hrs m mins s seconds This CLI value is entered in seconds only eth n hbipent blank ETH PPP Use interface x y for the source IP address x Interface type eth n hbipadd 0 255 Use interface x y for the source IP address y interface number eth n hbroute 0 1 Select the transmit interface using the routing table eth n hbi...

Page 163: ...s setting should be set to the maximum data rate that this PPP link is capable of sustaining This is used when calculating whether or not the data rate from a queue may exceed its minimum Kbps setting as determined by the profile assigned to it and send at a higher rate up to the maximum Kbps setting Queue n Below this column heading is a list of ten queue instances Each instance is associated wit...

Page 164: ... Priority qos n q2prof 0 11 Queue 2 Profile qos n q2prio 0 4 Queue 2 Priority qos n q3prof 0 11 Queue 3 Profile qos n q3prio 0 4 Queue 3 Priority qos n q4prof 0 11 Queue 4 Profile qos n q4prio 0 4 Queue 4 Priority qos n q5prof 0 11 Queue 5 Profile qos n q5prio 0 4 Queue 5 Priority qos n q6prof 0 11 Queue 6 Profile qos n q6prio 0 4 Queue 6 Priority qos n q7prof 0 11 Queue 7 Profile qos n q7prio 0 4...

Page 165: ...p ID parameter identifies routers that are configured to operate within the same VRRP group The default value is 0 which means that VRRP is disabled on this Ethernet interface The value may be set to a number from 1 to 255 to enable VRRP and include this Ethernet port in the specified VRRP group VRRP Priority The priority level of this Ethernet interface within the VRRP group from 0 to 255 255 is ...

Page 166: ...st the local VRRP priority up if that WAN interface is not operational When configured to probe in this manner it is necessary to configure a second Ethernet interface to be on the same subnet as the VRRP interface This is because the VRRP interface cannot be used when it is in backup mode The probes should be sent on this second interface The second interface will have the other VRRP router as it...

Page 167: ...ort 0 65535 Send p probe to IP address a b c d TCP port n eth n vprobebackint 0 32767 every n seconds when in Backup state eth n vprobemastint 0 32767 every n seconds when in Master state eth n vprobeadj 0 255 Adjust priority n dir after x probe failures eth n vprobeadjup 0 down 1 up Adjust priority n dir after x probe failures eth n vprobefailcnt 0 255 Adjust priority n dir after x probe failures...

Page 168: ...irable to not use a physical interface for the bridging MAC Filtering Ethernet MAC filtering restricts which Ethernet devices can send packets to the router If MAC filtering is enabled on an Ethernet interface only Ethernet packets with a source MAC address that is configured in the MAC Filter table will be allowed If the source MAC address is not in the MAC Filter table the packet will dropped En...

Page 169: ...User Guide 169 Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter eth n macfilt on off Enable MAC filtering on Ethernet interfaces macfilt n mac MAC address with no separators Partial MAC address are allowed MAC Address ...

Page 170: ...nfigured the MAC addresses to bridge need to be configured in the MAC bridge table Enable Enables MAC bridging on the Ethernet interface Forward to IP address The IP address of the remote router to which the Ethernet packets will be bridged to Port The TCP port that the remote router is listening on Listen on Port The TCP port that the router will listen on for incoming bridged packet from the rem...

Page 171: ...mmands Entity Instance Parameter Values Equivalent Web Parameter eth n srcbhost IP Address Forward to IP address eth n srchport 0 65535 Port eth n srcblistenport 0 65535 Listen on Port bridgemac n mac MAC address with no separators Partial MAC address are allowed MAC Address ...

Page 172: ... this is backwards compatible with STP RSTP will not be enabled if the router is in Port Isolate mode If an Ethernet interface is configured with a hub group RSTP will be disabled on that interface Enable RSTP Enables RSTP on the router Priority The RSTP priority Group The RSTP group that the router is in Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter stp 0 enable o...

Page 173: ... Backup A backup redundant path to a segment where another bridge port already connects State Description Disabled The port is not functioning and cannot send or receive data Listening The port is sending and receiving BPDUs and participates in the election process of the root bridge Ethernet frames are discarded Learning The port does not yet forward frames but it does learn source addresses from...

Page 174: ...Forwarding The port receiving and sending data normal operation STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop Discarding A port that would cause a switching loop no user data is sent or received but it may go into forwarding mode if the other links in use were to fail and the spanning tree algorithm determines the port may transition...

Page 175: ...et Interface The Ethernet port that tags the outgoing packets Packets sent from this interface have VLAN tagging applied IP Address The destination IP address This parameter is optional If configured only packets destined for this IP address will have VLAN tagging applied Mask The destination IP subnet mask This parameter is optional If configured only packets destined for this IP subnet mask will...

Page 176: ...meter Values Equivalent Web Parameter eth n vlan on off Enable VLAN support on Ethernet interfaces vlan n vlanid 0 4095 VLAN ID vlan n ethctx Integer Ethernet Interface vlan n ipaddr IP Address IP Address vlan n mask IP Mask Mask vlan n srcipaddr IP Address Source IP Address vlan n srcmask IP Mask Source Mask ...

Page 177: ... by the router If required a specific channel can be selected to over ride the auto selection Country Selecting a country from the drop down list restricts the channels that the router will use See table for more info on licensed channels Network Mode Select your chosen mode of operation from the drop down list The options are A B G This parameter is not available on all routers Channel Selecting ...

Page 178: ... Global Wi Fi Settings CLI Commands Below is a list of the countries that are currently supported Entity Instance Parameter Values Equivalent Web Parameter wifi 0 country Country name Country wifi 0 chanmode a bg Network Mode wifi 0 channel auto 1 14 Channel ...

Page 179: ... Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jordan Kazakhstan Kenya North Korea South Korea Kuwait Latvia Lebanon Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Malaysia Mexico Monaco Morocco Netherlands New Zealand Nicaragua Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Singapore Slovak Repub...

Page 180: ...channels that is used by the router when Auto is selected for the channel number Note It is illegal to use restricted channels in certain countries Region Channels EMEA excluding France 1 13 France 10 13 Americas excluding Mexico 1 11 Mexico 1 8 Indoor 9 11 outdoor Israel 3 9 China 1 11 Japan 1 14 ...

Page 181: ...he amount of time that a Wi Fi client can use the Wi Fi hotspot before having to re authenticate Hotspot Exceptions It is possible to configure a number of web locations for which authentication is not required These settings allow the splashscreen to access these locations in order to display them to the client when authenticating Wi Fi Hotspot CLI Commands Entity Instance Parameter Values Equiva...

Page 182: ... be allowed to connect MAC Address MAC addresses of Wi Fi client that you wish to allow access to A valid MAC address has the format 11 22 33 44 55 66 When entering this parameter omit the separators For example 112233445566 Note Carefully review settings before applying changes Incorrect settings can make the TransPort device inaccessible from the Wi Fi network Wi Fi Filtering CLI Commands Entity...

Page 183: ...nfigured to be an Access Point this is the SSID that is advertised to the Wi Fi clients to When the Wi Fi interface is configured to be a Client this is the SSID of the Access Point you wish to connect to Mode The Wi Fi interface can run in various modes The options are Access Point Client Rogue Detection Scan for unauthorised Access Points This Wi Fi interface is a member of Bridge instance n and...

Page 184: ...y Instance Parameter Values Equivalent Web Parameter wifinode 0 enabled on off Enable this Wi Fi interface wifinode 0 descr String Description wifinode 0 ssid String up to 32 characters SSID wifinode 0 mode ap client rogue Mode wifinode o bridge_inst 0 3 This Wi Fi interface is a member of Bridge instance n and therefore bridged to the following interfaces eth n bridge_inst 0 3 Interface eth n wif...

Page 185: ...ngs The various WEP security settings for both Access Point and Client modes WEP Key size The WEP key size to use WEP Key index The WEP key index number This needs to match the index selected on the connecting Wi Fi clients or Access Points that this router wishes to connect to WEP Key Confirm WEP Key If the WEP key size is 64 bits the key should be 5 characters long If the WEP key size is 128 bit...

Page 186: ... Fi 0 uses radcli 1 Wi Fi 1 uses radcli 2 Wi Fi 2 uses radcli 3 and so on Entity Instance Parameter Values Equivalent Web Parameter wifinode 0 security none wep wpapsk wpa2psk wparadius wpa2radius Use the following security on this Wi Fi interface wifinode 0 weptype open sharedkey Not available on the WEB wifinode 0 wepkeylen 64 128 WEP Key size wifinode 0 wepkeyindex 1 4 WEP Key index wifinode 0 ...

Page 187: ...rity wep wifinode 0 weptype sharedkey wifinode 0 wepkeylen 64 128 wifinode 0 wepkeyindex 1 4 wifinode 0 sharedkey 5 or 13 char key WPA TKIP wifinode 0 security wparadius wifinode 0 wpatype tkip wifinode 0 radiuscfg 1 WPA2 TKIP wifinode 0 security wpa2radius wifinode 0 wpatype tkip wifinode 0 radiuscfg 1 WPA PSK TKIP wifinode 0 security wpapsk wifinode 0 wpatype tkip wifinode 0 sharedkey 8 63 char ...

Page 188: ...mail SMS SNMP Trap can be triggered It is possible to configure a list of the MAC addresses of the authorized Access Points that will not be reported when detected MAC Address The MAC address of an authorized Access Point Rogue Scan CLI Commands WPA PSK AES wifinode 0 security wpapsk wifinode 0 wpatype aes wifinode 0 sharedkey 8 63 char key WPA2 PSK AES wifinode 0 security wpa2psk wifinode 0 wpaty...

Page 189: ...mpting to connect to a wireless service you need to set several parameters specific to your mobile network operator It will be useful to have the following information to hand The assigned APN Access Point Name PIN Number for your SIM card if any Username and password Once the W WAN router is correctly configured check to see if it has obtained an IP address from the network by navigating to the D...

Page 190: ...ails and the Use backup APN parameter is enabled Retry the main APN after n minutes If the Use backup APN parameter is enabled this parameter defines how long the router will use the backup APN before attempting to revert to the primary APN SIM PIN Some SIM cards are locked with a Personal Identification Number PIN code to prevent misuse if they are lost or stolen The GSM operator should be able t...

Page 191: ...pn Free text field Use backup APN modemcc 0 pin SIM PIN number SIM PIN Confirm SIM PIN ppp 1 username Free text field Username ppp 1 password Free text field Password Confirm Password Entity Instance Parameter Values Equivalent Web Parameter modemcc 0 Apn_2 Free text field Service Plan APN modemcc 0 Usebuapn_2 on off Checkbox Use Backup APN modemcc 0 Buapn_2 Free text field Use backup APN modemcc ...

Page 192: ...m mins s seconds The amount of time the router will wait without receiving any PPP packets before disconnecting An inactivity timeout reset with each received PPP packet Mobile Connection Settings CLI Commands Entity Instance Parameter Values Equivalent Web Parameter ppp n rxtimeout OFF ON Re establish connection when no data is received for a period of time ppp 1 rxtimeout 0 86400 seconds Inactiv...

Page 193: ...is checkbox opens to show the following parameters Keep Security Associations SAs when this Mobile interface is disconnected Configures the router to keep any existing IKE and IPsec associations should the link drop This is usually applied on head end routers with fixed IP addresses Use interface X Y for the source IP address of IPsec packets By default the source IP address for an IPSec Eroute wi...

Page 194: ...meter ppp 1 do_nat 1 Enable NAT on this interface IP Address ppp 1 do_nat 2 Enable NAT on this interface IP Address and Port ppp 1 ipsec 1 Enable IPsec on this interface ppp 1 ipsec 2 Keep Security Associations SAs when this Mobile interface is disconnected ppp 1 ipsecent blank ETH PPP Use interface X Y for the source IP address of IPsec packets x Interface type ppp 1 ipsecadd 0 255 Use interface ...

Page 195: ...t on your TransPort router If provisioning fails the device does not obtain a phone number contact the carrier and verify that the device has an active account You will need to provide the MEID of the device which is available under Management Network Status Interfaces Mobile See Quick Note 25 CDMA Provisioning on a Digi TransPort Router for example configuration Provider If the router was not sup...

Page 196: ... the Automatic configuration page This information is provided by Sprint If required enter the MSL PTN MSID parameters before clicking Start MSL The master subsidy lock MSL code Get this code from the mobile operator PTN The personal telephone number Get this number from the mobile operator MSID The mobile station identifier Get this identifier from the mobile operator Automatic Provisioning CLI C...

Page 197: ...ld not require these parameters explaining MSL The master subsidy lock MSL code Get this code from the mobile operator MDN The personal telephone number Get this number from the mobile operator MIN MSID The mobile station identifier Get this identifier from the mobile operator Manual provisioning CLI commands Entity Instance Parameter Values Equivalent Web Parameter provision 0 String4 Free text f...

Page 198: ...ss ID MIP Home Address The MIP Home Address Primary Home Agent The Primary Home Agent Secondary Home Agent The Secondary Home Agent HA shared secret 0xn Hex strings must start 0x The HA shared secret AAA shared secret 0xn Hex strings must start 0x The AAA shared secret HA SPI The HA SPI AAA SPI The AAA SPI Enable Reverse tunneling Enables reverse tunneling if required ...

Page 199: ... String9 Free text field MIP Home Address provision 0 String10 Free text field Primary Home Agent provision 0 String11 Free text field Secondary Home Agent provision 0 String12 Hex string HA shared secret 0xn Hex strings must start 0x provision 0 String13 Hex string AAA shared secret 0xn Hex strings must start 0x provision 0 String14 Free text field HA SPI provision 0 String15 Free text field AAA ...

Page 200: ...filename The name of preferred roaming list file Get this file name from the mobile operator Note Except for older Sierra Wireless modules PRL update on both the Verizon and Sprint networks is carried out over the air OTA Manual PRL update using a PRL file is not available To initiate automatic over the air PRL update click the Start button Please note that PRL update is normally carried out as pa...

Page 201: ...reless module in the order specified until an empty string is encountered For example Initialisation string 3 will not be sent unless Initialisation string 1 and Initialisation string 2 are both specified Initialisation strings are not normally required for most applications as the router will normally be pre configured for correct operation with most networks Hang up string In a typical wireless ...

Page 202: ...collects status information from the internal wireless module This information which may be viewed on the Management Network Status Interfaces Mobile web page includes details of the signal strength and network attachment status As a safeguard against problems communicating with the wireless module the Status retries parameter may be used to specify the number of unsuccessful attempts to retrieve ...

Page 203: ...cc 0 intercall_idle 0 2147483647 Wait n seconds between hanging up and allowing another call modemcc 0 att_interval 0 2147483647 Wait n seconds between attachment attempts modemcc 0 link_retries 0 2147483647 Reset the module after n unsuccessful connection attempts modemcc 0 stat_retries 0 2147483647 Reset the module after n unsuccessful status retrieval attempts modemcc 0 ss_interval 0 2147483647...

Page 204: ...cc 0 intercall_idle_2 0 2147483647 Wait n seconds between hanging up and allowing another call modemcc 0 att_interval_2 0 2147483647 Wait n seconds between attachment attempts modemcc 0 link_retries_2 0 2147483647 Reset the module after n unsuccessful connection attempts modemcc 0 stat_retries_2 0 2147483647 Reset the module after n unsuccessful status retrieval attempts modemcc 0 ss_interval_2 0 ...

Page 205: ...transmit heartbeat packets to the specified IP address hostname at the specified interval Use interface x y for the source IP address Allows the selection of the source interface for the UDP heartbeats For example it may be required to send the heartbeat packets down a VPN tunnel And in order to match the corresponding subnets of the VPN it might require changing the source IP to match an inside E...

Page 206: ... value as the interval to ping at when more than one ping request sent out the PPP interface is outstanding This should be set to a shorter interval than the above ping request interval so that the router may more quickly react to a broken PPP link Switch to sending pings to IP host a b c d after n failures Allows a for more reliable problem detection before fail over occurs by testing connectivit...

Page 207: ...time after which the device does not receive any ping response the router terminates the mobile connection in an attempt to re establish communications Because by default the mobile link is always on the router automatically attempts to re establish a PPP connection that has been terminated Use the ETH 0 IP address as the source IP address When enabled the router uses the IP address of ETH0 instea...

Page 208: ... message ppp 1 hbgps on off Include GPS information in the Heartbeat message ppp 1 OFF ON Generate Ping packets on this interface ppp 1 pingsiz number Send n byte pings to IP host a b c d every h hrs m mins s secs ppp 1 pingip IP addressd Send n byte pings to IP host a b c d every h hrs m mins s secs ppp 1 pingint 0 2147483647 seconds Send n byte pings to IP host a b c d every h hrs m mins s secs ...

Page 209: ...147483647 Reset the link if no response is received within s seconds ppp 1 pingfreth0 on off Use the ETH 0 IP address as the source IP address ppp 1 pingresetint on off Defer sending pings if IP traffic is being received Entity Instance Parameter Values Equivalent Web Parameter ...

Page 210: ...g SMS messages Setting this interval to 0 turns off checking Enable command replies via SMS Enables or disables replies to SMS commands Concatenate replies Normally an SMS message is limited to 160 characters However the ETSI standard specifies a way to allow a number of SMS messages to be linked together by the sender in this case the router This enables the router to reply with long responses to...

Page 211: ...page If no number is specified it is possible that the router operates using the default message centre for the GSM service to which you have subscribed SMS access level The access level for SMS commands The access level set here needs to match the level required by the command sent by SMS for the command to be accepted Use x as a command separator default is CR The character to be used to separat...

Page 212: ...te replies modemcc 0 sca Free text field Use this SMS message centre number n instead of the network default modemcc 0 sms_access 0 Super default 1 High 2 Medium 3 Low 4 None 5 HighLow 6 HighMedium 7 CheckPar SMS access level modemcc 0 sms_cmd_sep Free text field Use as a command separator default is CR modemcc 0 sms_callerid Mobile telephone number Allow CLI commands from the following SMS number...

Page 213: ...nate replies modemcc 0 Sca_2 Free text field Use this SMS message centre number n instead of the network default modemcc 0 sms_access_2 0 Super default 1 High 2 Medium 3 Low 4 None 5 HighLow 6 HighMedium 7 CheckPar SMS access level modemcc 0 sms_cmd_sep Free text field Use as a command separator default is CR modemcc 0 sms_callerid Mobiletelephone number Allow CLI commands from the following SMS n...

Page 214: ...iguration in this section is suitable for the majority of ADSL service providers in the UK However advanced users or users outside of the U K may wish or need to adjust some of the parameters Enable DSL Enables or disables the use of DSL ADSL functionality on the router Configure PVC Select the required PVC instance from the drop down selection box Subsequent settings applies to the selected insta...

Page 215: ...tion Interfaces PPP PPP n Advanced page VPI The Virtual Path Identifier for this APVC in the range 0 255 VCI The Virtual Channel Identifier for this APVC in the range 0 65535 Option Description PPPoA VC Mux RFC 2364 VC multiplexed PPP over AAL5 PPPoA LLC RFC 2364 LLC encapsulated PPP over AAL5 PPPoE VC Mux RFC 2516 VC multiplexed PPP over Ethernet PPPoE LLC RFC 2516 LLC encapsulated PPP over Ether...

Page 216: ...tively providing a simple firewall because unsolicited traffic from the Internet cannot be routed directly to the private IP hosts To use NAT or NAPT correctly in the example of connecting private hosts to the Internet NAT or NAPT should be enabled on the router s WAN side interface and should be disabled on the router s LAN side interface IP address Enable standard Network Address Translation NAT...

Page 217: ...rs with fixed IP addresses Use interface X Y for the source IP address of IPsec packets By default the source IP address for an IPSec Eroute is the IP address of the interface on which IPSec was enabled By setting this parameter to either a PPP or Ethernet interface the source IP address used by IPSec will match that of the Ethernet or PPP interface specified Enable the firewall on this interface ...

Page 218: ...ameter to the appropriate day of the month from 1 to 28 When this date is reached the router will unlock the interface and data transfer may resume If the parameter is set to 0 automatic unlocking will not occur and manual unlocking will be necessary by clicking on the Clear Total Data Transferred button on the appropriate Diagnostics Statistics PPP PPP n page This parameter will also reset the st...

Page 219: ... on this interface IP Address ppp 1 do_nat 2 ON Enable NAT on this interface IP Address and port ppp 1 natip IP Address NAT Source IP Address ppp 1 ipsec ON OFF Enable IPSec on this interface ppp 1 firewall ON OFF Enable the firewall on this interface ppp 1 dlwarnkb Kbytes Mbytes GBytes Issue a warning event after ppp 1 dlstopkb Kbytes Mbytes GBytes Stop data from being transmitted after x Bytes d...

Page 220: ...The PCR is the determining factor in how often cells are sent in relation to time in an effort to minimize jitter PCR generally is coupled with the CDVT Cell Delay Variation Tolerance which indicates how much jitter is allowable Sustained cell rate cells sec A calculation of the average allowable long term cell transfer rate on a specific connection Maximum burst size cells The maximum allowable b...

Page 221: ...ATM OAM cells Using Alarm indication signal AIS cells downstream and Remote defect indication RDI cells upstream the router can detect faults between the connecting points of the VP VC and suspend transfer of ATM cells until the VC fault condition is cleared Values Equivalent Web Parameter Multi mode For Annex A models such as PSTN POTS this option provides automatic selection between G dmt G lite...

Page 222: ...0 debug 0 1 Where 0 is off and 1 causes debugging information to be sent to the CLI Entity Instance Parameter Values Equivalent Web Parameter adsl 0 oper_mode Multi ANSI G dmt G lite A DSL2 ADSL2 Operational mode adsl 0 usefwfile ON OFF Load DSL firmware from flash file adsl 0 watchdog ON OFF Enable watchdog apvc 0 oammanage ON OFF Manage this PVC using ATM OAM cells ...

Page 223: ...address parameter to clarify the subnet in use on the virtual interface This would normally be a 30 bit mask as this is a point to point link 255 255 255 252 Source IP Address The two sub options here allows you to specify a source address either from a specified interface or by manually assigning an address If you do not select either option the default address for the route the packet leaves the...

Page 224: ...is receiving traffic correctly or not If keepalives fail the tunnel is marked as down Send a keepalive every s seconds When configured to a non zero value keepalive packets is sent to the remote end of the tunnel and the response is monitored to detect if the tunnel is up or down If the tunnel is detected as down the routing table metric will be altered Value is configured in seconds If this value...

Page 225: ...he source IP address of GRE packets x Interface type tun n source_add 0 255 Use interface x y for the source IP address of GRE packets y interface number tun n source Valid IP address Source IP address to use for GRE packets tun n dest Valid IP address Destination IP address to use for GRE packets tun n kadelay Seconds Send a keepalive every s seconds tun n karetries Number Bring this GRE tunnel d...

Page 226: ...xtra field to the GRE header where a key number can be applied When used incoming GRE packets must have a matching tunnel key number to be accepted by this tunnel When the Tunnel key parameter is used the IP address parameter is not required Enable the firewall on this GRE tunnel The Firewall parameter turns Firewall script processing on or off for this interface If using the firewall for problem ...

Page 227: ...s and keepalives is captured to the analyser trace Related CLI Commands Note RIP Routing Parameters CLI only Under the CLI commands for GRE Tunnels are parameters specifically relating to RIP Please see the Interfaces Ethernet PPP GRE parameters on page 373 section on RIP routing for configuration of these sub parameters Entity Instance Parameter Values Equivalent Web Parameter tun n metric Numeri...

Page 228: ...ing with If answering is disabled this parameter is not used Provides the filter for the ISDN Multiple Subscriber Numbering facility It is blank by default but when set to an appropriate value on an answering interface it will cause the router to answer incoming calls to only telephone numbers where the trailing digits match the value selected For example setting this parameter to 123 will prevent...

Page 229: ...w the following options IP Address Enable standard Network Address Translation NAT IP address and Port Enable Network Address and Port Translation NAPT Enable IPsec on this interface Enables or disables IPSec processing on the ISDN interface If enabled packets sent or received on this interface must pass through the IPSec code before being transmitted IPSec may drop the packet pass it unchanged or...

Page 230: ... 0 iprange 1 255 Assign remote IP addresses from a b c d to a b c d ppp 0 dnsserver IP address Primary DNS server ppp 0 secdns IP address Secondary DNS server ppp 0 do_nat 1 Enable NAT on this interface IP Address ppp 0 do_nat 2 Enable NAT on this interface IP address and Port ppp 0 ipsec 1 Enable IPsec on this interface ppp 0 ipsec 2 Keep Security Associations SAs when this ISDN interface is disc...

Page 231: ... connection attempt fails Attempt to re connect after n seconds The length of time in seconds the router will wait after an always on ISDN connection has been terminated before trying to re establish the link If an inhibited PPP interface is connected attempt to re connect after n seconds The value of this parameter takes precedence over Configuration Network Interfaces ISDN ISDN Answering Advance...

Page 232: ... deactivates After that the normal timeout value is used If the link has not received any packets for s seconds The amount of time that the router waits without receiving any PPP packets before disconnecting The timer is reset with each received PPP packet If the negotiation is not complete in s seconds The maximum time in seconds allowed for the PPP negotiation to complete If negotiations have no...

Page 233: ...eturn to service immediately ppp n immoos ON OFF Put this interface Out of Service when an always on connection attempt fails ppp n aodi_dly 0 2147483647 Attempt to reconnect after s seconds ppp n aodi_dly2 0 2147483647 If an inhibited PPP interface is connected attempt to re connect after s seconds ppp n pwr_dly 0 2147483647 Wait s seconds after power up before activating this interface ppp n tba...

Page 234: ...ogmins 0 2147483647 Generate an event after this interface has been up for m mins ppp n dlwarnkb 0 2147483647 Issue a warning after n units ppp n dlstopkb 0 2147483647 Stop data from being transmitted after n units ppp n dlrstday 0 255 Reset the data limit on the n day of the month Entity Instance Parameter Values Equivalent Web Parameter ...

Page 235: ...sed in sequence to make an outgoing connection Prefix n to the dial out number The dialing prefix to use if needed This may be necessary when using a PABX Username The username that should be used when using the PPP instance to connect to the remote peer This will normally be provided by an ISP for use with a dial in Internet access service Password The password to use for authenticating the remot...

Page 236: ... use when making DNS requests over the link Secondary DNS server The IP address of the secondary DNS server that the remote peer should use when making DNS requests should the primary server be unavailable Allow the PPP interface to answer incoming calls When checked this checkbox causes the PPP instance to answer an incoming call Only allow calling numbers ending with n When set to answer calls t...

Page 237: ...face When enabled applies the firewall rules to traffic using this interface Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter ppp n name Up to 25 characters Description ppp n phonenum up to 25 digits Dial out using numbers ppp n ph2 ppp n ph3 ppp n ph4 ppp n prefix 0 9999999999 Prefix n to the dial out number ppp n username Up to 60 characters Username ppp n password ...

Page 238: ... c d Secondary DNS server a b c d ppp n ans OFF ON Allow this PPP interface to answer incoming calls ppp n cingnb up to 25 digits Only allow calling numbers ending with n ppp n do_nat 0 1 2 0 Disabled 1 IP address 2 IP address and port Enable NAT on this interface IP address IP address and Port ppp n nat_ip Valid IP address a b c d NAT Source IP address a b c d ppp n ipsec 0 Disabled 1 Enabled 2 E...

Page 239: ...ious parameter when another PPP instance that is usually inhibited by this one is connected This parameter typically reduces the connection retry rate when a lower priority PPP instance is connected Wait s seconds after power up before activating this interface The initial delay that the router applies before activating the PPP instance after power up After the initial power up delay the normal al...

Page 240: ... minutes The number of minutes if any after which the router should create an event in the event log that states that the interface has been active for this period Limit the data transmitted over this interface When enabled displays the following parameters that control any data volume restrictions that should be applied to this interface Issue a warning event after n units The amount of traffic w...

Page 241: ...face ppp n tband 0 4 Control when this interface can connect using Time Band n ppp n minup 0 2147483647 Keep this interface up for at least s seconds ppp n maxup 0 2147483647 Close this interface after s seconds ppp n maxuptime 0 2147483647 if it has been up for m minutes in a day ppp n timeout 0 2147483648 if the link has been idle for s seconds ppp n timeout2 0 2147483648 Alternative idle timer ...

Page 242: ...ration across the ISDN network If your application involves using two routers back to back one of the routers should have the DTE mode value set to DCE N400 Counter The standard LAPB LAPD retry counter The default value is 3 and it should not normally be necessary to change this RR Timer n msecs The standard LAPB LAPD Receiver Ready timer The default value is 10 000ms 10 seconds and it should not ...

Page 243: ...ts that receive throughput exceeds the specified rate Note If multiple PAD or IP instances are sharing this LAPD instance the maximum transmission rates of all instances will be limited Reactivate D channel connection When enabled the router tries to reactivate a D channel connection after disconnection by the network by transmitting SABME frames If it is unable to reactivate the connection after ...

Page 244: ...ther channel is requested from an application then it will use the other unused B channel Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter LAPD n enabled off on Enable LAPD n LAPD n dtemode off on Mode LAPD n n400 1 255 N400 Counter LAPD n tnoact 1000 60000 RR Timer n msecs LAPD n t1time 1 60000 T1 Timer n msecs LAPD n t200 1 60000 T200 Timer n msecs LAPD n tei 0 255 ...

Page 245: ...e entity s MSN Calling Number and Sub address parameters being set to their default values An Adapt instance is bound to an asynchronous serial port ASY and the answer ring count S0 for that serial port is set to 1 A LAPB instance has its answering parameter set to On A PPP instance has its answering parameter set to On If more than one of these protocols are configured to auto answer then the pri...

Page 246: ...Consider the following An Adapt instance is bound to a serial port and ATS0 for that serial port is set to 1 PPP instance 0 has answering turned On The ISDN line to which the router is connected has two numbers the main number is 123456 and the MSN number is 123789 Normally because ADAPT has a higher answering priority than PPP the Adapt instance will answer when either of the numbers are called H...

Page 247: ... of the PPP instances are busy the PPP instance with the highest number will answer first MSNs can also be used to ensure that a chosen PPP instance answers the call The multiple protocol entity answering instance rules are as follow Adapt The lowest free Adapt instance with auto answering enabled will answer first PPP The lowest free PPP instance with answering on will answer first LAPB The lowes...

Page 248: ...ine Other ASY port options such as command echo result code format etc should also be configured as necessary Initiating a V 120 call Once the initial configuration is complete V 120 calls may be initiated using the appropriate ATD command For example atd01234567890 A successful connection will be indicated by a CONNECT result code being issued to the ASY port and the router will switch into on li...

Page 249: ...gured to answer on other ASY ports To do this disable answering for the other ports protocols or by using the MSN and or Sub address parameters to selectively answer calls to different telephone numbers using different protocols For example if you have subscribed to the ISDN MSN facility you may have been allocated say four telephone numbers ending in 4 5 6 and 7 You could then set the MSN paramet...

Page 250: ...numbers that should be used in sequence to make an outgoing connection Prefix n to the dial out number The dialing prefix to use if needed This may be necessary when using a PABX Username The username that should be used when using the PPP instance to connect to the remote peer This is normally provided by an ISP for use with a dial in Internet access service Password The password to use for authe...

Page 251: ...s over the link Secondary DNS server The IP address of the secondary DNS server that the remote peer should use when making DNS requests should the primary server be unavailable Allow the PPP interface to answer incoming calls When enabled causes the PPP instance to answer an incoming call Only allow calling numbers ending with n When set to answer calls the value in this text box provides a filte...

Page 252: ...face When enabled applies the firewall rules to traffic using this interface Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter ppp n name Up to 25 characters Description ppp n phonenum up to 25 digits Dial out using numbers ppp n ph2 ppp n ph3 ppp n ph4 ppp n prefix 0 9999999999 Prefix n to the dial out number ppp n username Up to 60 characters Username ppp n password ...

Page 253: ... c d Secondary DNS server a b c d ppp n ans OFF ON Allow this PPP interface to answer incoming calls ppp n cingnb up to 25 digits Only allow calling numbers ending with n ppp n do_nat 0 1 2 0 Disabled 1 IP address 2 IP address and port Enable NAT on this interface IP address IP address and Port ppp n nat_ip Valid IP address a b c d NAT Source IP address a b c d ppp n ipsec 0 Disabled 1 Enabled 2 E...

Page 254: ...P instance that is usually inhibited by this one is connected This parameter would typically be used to reduce the connection retry rate when a lower priority PPP instance is connected Wait s seconds after power up before activating this interface The initial delay that the router applies before activating the PPP instance after power up After the initial power up delay the normal always on activa...

Page 255: ...inutes The number of minutes if any after which the router should create an event in the event log that states that the interface has been active for this period Limit the data transmitted over this interface When enabled displays the following parameters that control what data volume restrictions if any should be applied to this interface Issue a warning event after n units The amount of traffic ...

Page 256: ...0 2147483647 Wait s seconds after power up before activating this interface ppp n tband 0 4 Control when this interface can connect using Time Band n ppp n minup 0 2147483647 Keep this interface up for at least s seconds ppp n maxup 0 2147483647 Close this interface after s seconds ppp n maxuptime 0 2147483647 if it has been up for m minutes in a day ppp n timeout 0 2147483648 if the link has been...

Page 257: ...igi TransPort User Guide 257 ppp n dlstopkb 0 2147483647 Stop data from being transmitted after n units ppp n dlrstday 0 255 Reset the data limit on the n day of the month Entity Instance Parameter Values Equivalent Web Parameter ...

Page 258: ...rol traffic on the interface If PPP is selected the web page expands to reveal the standard PPP configuration settings If Protocol Switch is selected only the four settings described immediately below are visible Max time to RING line s seconds The maximum number of seconds that the RING signal should be generated for RING frequency n Hz The DialServ module generates a RING signal The frequency of...

Page 259: ...e to connect to the remote peer Password The password to use for authenticating the remote peer and is used in conjunction with the above username Confirm Password Type the password into this text box to enable the router to confirm that the password has been entered identically in both boxes Allow the remote device to assign a local IP address to this router When this radio button is selected the...

Page 260: ...blank by default but when the PPP instance is set to answer calls only numbers having trailing digits that match the sub address value in this test will be answered For example if this value is set to 123 only calls from numbers with trailing digits that match this value will be answered for example 01942 605123 Enable NAT on this interface When enabled enables Network Address Translation to opera...

Page 261: ... 40 characters Password ppp n IPaddr 0 0 0 0 Allow the remote device to assign a local IP address to this router ppp n IPaddr Valid IP address a b c d Try to negotiate a b c d as the local IP address for this router in conjunction with l_addr ppp n l_addr OFF ON When ON allows negotiation when OFF force use of specified IP address Use a b c d as the local IP address for this router not negotiable ...

Page 262: ... address 2 IP address and port Enable NAT on this interface IP address IP address and Port ppp n natip Valid IP address a b c d NAT Source IP address a b c d ppp n ipsec 0 Disabled 1 Enabled 2 Enabled and Keep SAs Enable IPsec on this interface Keep Security Associations when this DialServ interface is disconnected ppp n firewall OFF ON Enable the firewall on this interface Entity Instance Paramet...

Page 263: ...t is usually inhibited by this one is connected This parameter would typically be used to reduce the connection retry rate when a lower priority PPP instance is connected Wait s seconds after power up before activating this interface The initial delay that the router will apply before activating the PPP instance after power up After the initial power up delay the normal always on activation timers...

Page 264: ...for m minutes The number of minutes if any after which the router should create an event in the event log that states that the interface has been active for this period Limit the data transmitted over this interface When enabled displays the following parameters that control what data volume restrictions if any should be applied to this interface Issue a warning event after n units The amount of t...

Page 265: ...y 0 2147483647 Wait s seconds after power up before activating this interface ppp n tband 0 4 Control when this interface can connect using Time Band n ppp n minup 0 2147483647 Keep this interface up for at least s seconds ppp n maxup 0 2147483648 Close this interface after s seconds ppp n maxuptime 0 2147483647 if it has been up for m minutes in a day ppp n timeout 0 2147483648 if the link has be...

Page 266: ... Digi TransPort User Guide 266 ppp n dlstopkb 0 2147483647 Stop data from being transmitted after n units ppp n dlrstday 0 255 Reset the data limit on the n day of the month Entity Instance Parameter Values Equivalent Web Parameter ...

Page 267: ...on models fitted with an analogue MODEM one of the interfaces will be entitled PSTN port This section describes the basic configuration of a serial port Enable this serial interface When disabled this is the only item that appears in the section Enabling this setting displays additional configuration parameters Description A description for the interface For example if the serial interface is conn...

Page 268: ...is drop down list to select Software Hardware or a combination of Both To disable flow control select the None option Enable echo on this interface When enabled enables command echo when using the command line interpreter Disable this setting if the attached terminal provides local echo CLI result codes The required level of verbosity for command result codes The available options are Verbose Nume...

Page 269: ...rface Description S31 n n a n a Where n 3 115200 4 57600 5 38400 6 19200 7 9600 8 4800 Baud rate S23 n n a n a Where n 0 None 1 Odd 2 Even 5 8 Data Odd 6 8 Data Even Default 0 Data Bits Parity Kn n a n a Where n 0 None 1 Hardware 2 Software 3 Both Flow Control En n a n a Where n 0 No echo 1 echo Enable echo on this interface Vn n a n a Where n 0 numeric 1 verbose CLI result codes ...

Page 270: ...r after a call is disconnected this is equivalent to AT C2 Pulse Low DTR Control This drop down selection box controls how the router responds to the DTR signal The available options are None Configures the router to ignore the DTR signal this is equivalent to AT D0 Drop call Configures the router to disconnect the current call and return to AT command mode when the DTR signal from the attached te...

Page 271: ...it onwards This timer is reset each time more data is received The router will forward data onwards when either the forwarding timer expires or the input buffer becomes full This parameter applies to ADAPT TCPDIAL TCPPERM and PANS Break Transmit Escape Character c The character used in the escape sequence The symbol ASCII value 45 0x2d is a recommended value Changing this value has the same effect...

Page 272: ... a Where n 0 On 1 Auto 2 Off 3 Pulse low DCD Dn n a n a Where n 0 None 1 Drop line 2 Drop line call 5 Drop call on transition 6 Drop line call on transition DTR S45 n n a n a Where n 0 255 DTR de bounce S2 n n a n a Where n ASCII value Escape Character S12 n n a n a Where n 0 255 Escape delay S15 n n a n a Where n 0 255 Forwarding Timeout S3 n n a n a Where n ASCII value Break Transmit Escape Char...

Page 273: ...o be active when the router powers up Select 1 from the selection box to make profile 1 the active profile Load Profile n Select 0 from the drop down selection box and click the button to load profile 0 Save Profile Select 0 from the drop down selection box and click the button to save profile 0 after making any changes Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter...

Page 274: ...nding on the model and any optional modules fitted Description A description of the interface should one be required Clock source Internal External Select between internal or external clock sources for the interface Mode The specific serial protocol to use Which buttons appear depend upon the capabilities of the interface The options available are V 35 EIA530 RS232 EIA530A RS449 and X 21 Invert RX...

Page 275: ...g LAPB parameters be aware that LAPB 2 is used for adapt 0 and LAPB 3 is used for adapt 1 Attempt to redial the connection n times if rate adaption has not been negotiated If an ISDN connection is established but rate adaption is not negotiated the value in this text box specifies how many times the router should drop the connection and redial it Drop the connection if it is idle for h hrs m mins ...

Page 276: ...dapt 0 1 tinact 0 86400 Drop the connection if it is idle for h hrs m mins s secs adapt 0 1 leased_line OFF ON Leased line mode adapt 0 1 sockmode 0 1 0 disable 1 enable Enable TCP rate adaption adapt 0 1 ip_addr valid IP address a b c d Connect to IP Address a b c d Port n adapt 0 1 ip_port valid TCP port number Connect to IP Address a b c d Port n adapt 0 1 lip_port valid TCP port number Listen ...

Page 277: ... enter ls into the From column in the table dir into the To column and then click the Add button From The substitute text To The command that should be substituted Add Click this button to add the command mapping Delete When the mapping has been added a Delete button is enabled in the right hand column Clicking this button removes the binding from the table Note If either string contains spaces th...

Page 278: ...d to serial interfaces using a table with a drop down list box for selecting the protocol and a drop down list for selecting the serial port By default if no specific protocol has been bound to a serial interface a PPP instance will automatically be associated with that port This means that PPP is treated as the default protocol associated with the serial ports Protocol Select the desired protocol...

Page 279: ...nchronous serial port 3 To access the Internet using PPP via a terminal connected to serial interface 2 enter the command bind ppp 1 asy 2 Currently it is only possible to bind a TANS instance to an ADAPT instance using the bind command The format of the command is bind adapt instance tans instance Entity Instance Parameter Values Equivalent Web Parameter bind n prot1 Valid protocol such as PAD 0 ...

Page 280: ...nnection stays open without any traffic being passed Enable Stay Connected mode When enabled causes the router to refrain from clearing the TCP socket at the end of a transaction data call or data session depending on what the TansIP serial port was bound to and what protocol it was using Leaving this checkbox unchecked allows the router to clear the socket For example if the TransIP port is bound...

Page 281: ...n host Valid IP address a b c d or hostname Connect to IPaddress a b c d or Hostname transip n remport Valid port number 0 65535 Port transip n keepact 0 255 Send TCP Keep Alives every s seconds transip n staycon ON OFF Enable Stay Connected mode transip n cmd_echo_off ON OFF Disable command echo transip n escchar Valid ASCII character Escape char c transip n esctime 0 255 Escape delay s milliseco...

Page 282: ...throughput Access to RealPort services can be enabled or disabled Encrypted RealPort Digi devices also support RealPort software with encryption Encrypted RealPort offers a secure Ethernet connection between the COM or TTY port and a device server or terminal server Encryption prevents internal and external snooping of data across the network by encapsulating the TCP IP packets in a Secure Sockets...

Page 283: ...TCP port that the router should use when making a device initiated connection Allow s seconds between connection attempts The interval in seconds between device initiated connection attempts Send TCP Keep Alives every s seconds The interval at which TCP Keep Alives are sent over the RealPort connection A value of 0 means that Keep Alives are not sent Send RealPort Keep Alives every s seconds The i...

Page 284: ...socks 0 255 Maximum number of encryption sockets rport 0 initiate OFF ON Enable Device Initiated RealPort rport 0 IPaddr Valid IP address a b c d Connect to host a b c d Port n rport 0 initiateport 0 65535 Connect to host a b c d Port n rport 0 initiatebackoff 0 255 Allow s seconds between connection attempts rport 0 tcpkeepalives 0 255 Send TCP Keep Alives every s seconds rport 0 rportkeepalives ...

Page 285: ... configured remote hosts Protocol Whether TCP or UDP will be used as the transport method Socket Inactivity Timeout If there is no data transmitted for the specified number of seconds the socket will be closed 0 no timeout Send Socket ID When enabled the text entered into the Socket ID field is transmitted to the remote host when the socket connects Reopen Closed Socket Enables an always on mode I...

Page 286: ...ostname or IP address of the remote host in this field Port Enter the TCP or UDP port number that the remote host is listening on Add Click this button to add the remote host Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter multitx 0 enabled OFF ON Enable MultiTX multitx 0 srcport OFF ON default OFF Serial Port multitx 0 prot1 OFF ON default OFF protocol multitx 0 sen...

Page 287: ...o which the terminal or PC is connected see Configuration Network Interfaces Serial Note In order to use ASYNC to SYNC PPP the attached terminal must also support PPP Windows dial up networking supports PPP In addition to ASYNC to SYNC operation where the router only converts the PPP from one form to another the router can initiate its own PPP sessions This is used for example when The router is c...

Page 288: ...ternal modems ASY Port The physical ASY port for the external modem W WAN mode Enables W WAN mode Initialization string n These parameters Initialisation string 1 Initialisation string 2 Initialisation string 3 allow you to specify a number of command strings that are sent to the wireless module each time a wireless connection is attempted These can be used to set non standard wireless operating m...

Page 289: ...his is inserted automatically by the router Listening init string The listening initialization string parameter for external modems Listening init interval secs The listening init string is sent at intervals specified by a listening init interval parameter Maximum RING count before answering incoming call The count of the maximum number of rings before answering incoming call can be set in this fi...

Page 290: ...ork in most cases and should only be changed if it is known that other characters should be used Username The username used for logging on to the remote system Password The password used for authentication with the remote system when using MLPP This password is used for both B channel PPP connections Confirm password When changing the password type the new password into this text box The router ch...

Page 291: ... in seconds for which the data rate must be below threshold before the second B channel is deactivated Note The following parameters are for use with Always On Dynamic ISDN Bring up the first ISDN B channel When the data rate is greater than n bytes sec for s seconds When Always On mode is enabled these two settings specify the data rate and duration for which the data rate must be sustained befor...

Page 292: ...e CHAP authentication mlppp 0 l_shortseq ON OFF Default OFF Enable short sequence numbers mlppp 0 up_rate 0 2147483648 Default 2000 When the data rate is greater than n bytes sec mlppp 0 up_delay 0 2147483648 Default 10 for s seconds mlppp 0 down_rate 0 2147483648 Default 1000 When data rate is less than n bytes sec mlppp 0 down_delay 0 2147483648 Default 10 for s seconds mlppp 0 dup_rate 0 214748...

Page 293: ... instance If the mapping has not been set up previously and if no default mappings apply the value for this setting should be Not Assigned Select the required the required physical interface from the drop down selection box Dial out using numbers To allow the router to automatically make outgoing calls the ISDN number must be specified The four text boxes allow four telephone numbers to be entered...

Page 294: ...sign this PPP interface an IP address Try to negotiate a b c d as the local IP address for this router If it would be useful but not essential to have a predefined IP address for the interface the second radio button should be selected and the desired IP address entered into the text box to the right Use a b c d as the local IP address for this router If it is essential that the PPP interface has ...

Page 295: ... parameters which control how the PPP instance assigns an IP address to a connecting remote peer The primary and secondary DNS server addresses will also be sent to the remote peer Assign remote IP addresses from a b c d to a b c d The IP addresses in these text boxes define the pool of IP addresses to assign to remote peers during the IP protocol configuration phase of the PPP negotiation process...

Page 296: ...his text box if it has been idle for h hrs m mins s secs The router deactivates the PPP instance after the time specified in these text boxes if it detects that the link has not seen traffic Alternative idle timer for static routes s seconds An alternative inactivity timeout for use in conjunction with the Make PPP n interface use the alternative idle timeout when this route becomes available para...

Page 297: ...Enable IPsec on this interface When enabled causes the router to use the IPsec protocol to secure the connection When enabled the following additional parameters are displayed Keep Security Associations SAs when this PSTN interface is disconnected When enabled causes the router to maintain such as not flush the SA when the interface becomes disconnected The normal behavior is to remove the SAs whe...

Page 298: ...e destination port set to an unexpected value such as a port that the router would normally expect to receive TCP traffic on it will reply with a TCP RST packet This is normal behavior However the nature of internet traffic is such that whenever an internet connection is established TCYP SYN packets are to be expected As the router s PPP inactivity timer is restarted each time the router transmits...

Page 299: ...onenum up to 25 digits Dial out using numbers ppp n ph2 up to 25 digits Dial out using numbers ppp n ph3 up to 25 digits Dial out using numbers ppp n ph4 up to 25 digits Dial out using numbers ppp n prefix 0 9999999999 Prefix n to the dial out number ppp n username Valid username Username ppp n password Valid password Password ppp n epassword The encrypted password None this parameter is not confi...

Page 300: ...d IP address Primary DNS server ppp n sectransDNS Valid IP address Secondary DNS server ppp n cingnb up to 25 digits Only allow numbers ending with n ppp n msn up to 9 digits with ISDN MSN ending with n ppp n sub up to 17 digits with ISDN sub address ending with n cli ppp n maxup 0 2147483648 Close the PPP connection after s seconds ppp n maxuptime 0 2147483647 if it has been up for m minutes in a...

Page 301: ...r Use interface x y for the source address of IPsec packets ppp n firewall OFF ON Enable the firewall on this interface ppp n qos OFF ON Enable QoS on this interface ppp n use_modem ppp n cdma_backoff 0 1 Default 1 ppp n ndis OFF ON ppp nocfg 0 1 2 3 Remote management access 0 No restrictions 1 Disable management 2 Disable return RST 3 Disable management and return RST ppp n igmp OFF ON Enable IGM...

Page 302: ...ion attempts Controls whether the module stays attached to the network if multiple connection attempts are required to establish a connection This functionality may be useful if the connection to the mobile telephone network is not very reliable Connecting to the mobile telephone network to send and receive data is a two stage process The first stage is where the module signals its wish to join th...

Page 303: ...led the router will automatically try to reconnect after about 10 seconds if the link becomes disconnected This parameter should be enabled when using AODI or W WAN On Default action the interface will always try and raise this PPP link On and return to service immediately These two radio buttons enable the Always on functionality and additionally the facility to return to the in service state aft...

Page 304: ...e router See above for configuration details Click here to assign a timeband to this interface Clicking this link redirects the browser to the timeband configuration page Configuration Network Timebands Add a route to a b c d if the peer s IP address is not negotiated Normally the IP address for a device connecting to a remote peer is assigned by the remote peer If this is not the case then the ro...

Page 305: ...nd heartbeat packets to the specified destination Heartbeat packets are UDP packets that contain various items of information about the router and which may include status information that may be used to locate its current dynamic IP address Heartbeats may also contain GPS position information and mobile telephone module information Send Heartbeat messages to IP address a b c d every h hrs m minut...

Page 306: ...d the primary host become unavailable for any reason and stops responding to the ICMP echo requests the router will check an alternative IP address before initiating the failover procedure The value in the second text box is the number of pings that should be allowed to fail before checking the secondary IP address Ping responses are expected within s seconds When the value in this text box is set...

Page 307: ...anually by clicking the Clear Total Data Transferred button on the Management Network Status Interfaces Advanced PPP PPP n page Alternatively it may be reset automatically on a certain day of the month Issue a warning event after n Kbytes Mbytes GBytes The value in this text box is the amount of traffic which will cause a warning event to be generated in the event log stating that the specified am...

Page 308: ...mes as a consequence of the value n packets described above being exceeded Reboot the router after n consecutive connection failures If the value in this text box is non zero the router will reboot if it fails to establish a connection over this PPP instance after the specified number of consecutive attempts Use RADIUS for authentication when acting as a server Use RADIUS instance Allow this PPP i...

Page 309: ...nd use idle period of s seconds Causes the interface to become activated but rather than using the idle timer associated with the interface specify the idle timeout Inhibit other PPP interface if this PPP interface is disconnected but operational When enabled enables this PPP instance to inhibit other PPP instances if it is operational but not currently active Attempt to negotiate DEFLATE compress...

Page 310: ...ecified else the PPP negotiations will fail Enable MPPE stateless mode When this checkbox is checked the router negotiates stateless mode in which the session key is changed after the transmission of each packet Stateless mode may be useful for lossy links Note MPPE does not provide authentication only encryption This is because the encryption keys are determined by the PPP engines themselves on s...

Page 311: ... when an always on connection attempt fails ppp n rdoosdly ON OFF remote disconnect ppp n aodi_dly 0 2147483647 Attempt to reconnect after s seconds ppp n aodi_dly2 0 2147483647 If a PPP interface that would be inhibited by this PPP is connected attempt to re connect after s seconds ppp n pwr_dly 0 2147483647 Wait s seconds after power up before activating this interface ppp n minup 0 2147483647 K...

Page 312: ...e routing table ppp n hbimsi OFF ON Include IMSI information in the Heartbeat message ppp n hbgps OFF ON Include GPS information in the Heartbeat message ppp n OFF ON Generate Ping packets on this interface ppp n pingsiz 0 2147483648 Send n byte pings to IP host a b c d every h hrs m mins s secs ppp n pingip Valid IP address a b c d Send n byte ping to IP host a b c d every h hrs m mins s secs ppp...

Page 313: ...t the data limit on the n day of the month ppp n When the link disconnects indicate that the connection failed if no IP packets were received ppp n sscnt 0 2147483648 Reset this interface if n packets are transmitted and the connection has been up for at least s seconds ppp n sssecs 0 2147483648 Reset this interface if n packets are transmitted and the connection has been up for at least s seconds...

Page 314: ...terface if this PPP is interface is disconnected but operational ppp n trafficto 0 2147483648 If this PPP interface is inhibited and data needs to be sent do not bring up the interface bring up interface and use normal idle period bring up interface and use idle period of s seconds ppp n deflate 0 1 0 Off 1 On Attempt to negotiate DEFLATE compression on this interface ppp n mppe OFF ON Attempt to ...

Page 315: ...rol Character Map which has the default value 0x00000000 Changing this value is for advanced users Desired remote ACCM The remote ACCM which has the default value 0xffffffff As above the default will work in nearly all circumstances and should be changed only where really necessary Desired local MRU n bytes The desired local Maximum Receive Unit MRU the default value of 1500 octets will work fine ...

Page 316: ...authentication fails Generally this parameter is enabled for outgoing connection and disabled for inbound connections Request local VJ compression When enabled causes the router to request the use of Van Jacobson compression which compresses TCP IP headers to about 3 octets rather than the standard 40 octets This is generally only used to improve efficiency on slow links Request remote VJ compress...

Page 317: ...menu allows the router to authenticate logins using Microsoft s proprietary MS CHAP algorithm MS CHAPv2 Selecting enabled from the drop down menu allows the router to authenticate logins using version 2 of Microsoft s proprietary MS CHAP algorithm Allow a remote unit to authenticate using CHAP MD5 When enabled allows the router to authenticate with a remote unit using the CHAP MD5 algorithm MS CHA...

Page 318: ...al MRU ppp n r_mru 0 n Default 1500 Desired remote MRU ppp n l_acfc OFF ON Request local ACFC ppp n r_acfc OFF ON Request remote ACFC ppp n l_pap OFF ON Request local PAP authentication ppp n r_pap OFF ON Request remote PAP authentication ppp n l_chap OFF ON Request local CHAP authentication ppp n r_chap OFF ON Request remote CHAP authentication ppp n l_comp OFF ON Request local VJ compression ppp...

Page 319: ...led 1 Enabled 2 Preferred Allow this unit to authenticate using MS CHAPv2 ppp n r_ms2 0 1 0 Off 1 On Allow remote unit to authenticate using MS CHAPv2 ppp n lcn 0 4096 LCN ppp n lcnup 1 up 0 down LCN direction ppp n defpak 16 32 64 128 25 6 512 or 1024 Default X 25 packet size ppp n cingnua text valid NUA Use NUA ppp n ipmode 0 XOT 1 raw TCP Use TPAD over interface ppp n baklcn 1 4095 Backup LCN p...

Page 320: ...x should be set to the maximum data rate that this PPP link is capable of sustaining This is used when calculating whether or not the data rate from a queue may exceed its minimum Kbps setting as determined by the profile assigned to it and send at a higher rate up to the maximum Kbps setting Queue n Below this column heading is a list of ten queue instances Each instance is associated with the pr...

Page 321: ...1 Priority qos n q2prof 0 11 Queue 2 Profile qos n q2prio 0 4 Queue 2 Priority qos n q3prof 0 11 Queue 3 Profile qos n q3prio 0 4 Queue 3 Priority qos n q4prof 0 11 Queue 4 Profile qos n q4prio 0 4 Queue 4 Priority qos n q5prof 0 11 Queue 5 Profile qos n q5prio 0 4 Queue 5 Priority qos n q6prof 0 11 Queue 6 Profile qos n q6prio 0 4 Queue 6 Priority qos n q7prof 0 11 Queue 7 Profile qos n q7prio 0 ...

Page 322: ...number for a sub config Description The name to easily identify the sub config Username The username that is used when authenticating with the remote system and is usually only required for outgoing PPP calls Password The password for authentication with the remote system Confirm When changing the password enter it into this text box also to allow the router to check for simple typing errors Dialo...

Page 323: ...s Entity Instance Parameter Values Equivalent Web Parameter pppcfg 1 50 name Up to 25 characters Description pppcfg 1 50 username Valid username up to 60 characters Username pppcfg 1 50 password Valid password up to 40 characters Password pppcfg 1 50 phonenum Up to 25 digits Dialout Number ...

Page 324: ...P interface will use x y defines the physical Ethernet interface over which the PPPoE session will operate In most cases this is PPPoE 0 for Ethernet 0 The fact that you have selected PPPoE 0 as the physical interface for operation with PPP automatically enables PPPoE mode If another Ethernet instance is used Eth 1 for example this will need to be specified as PPPoE 1 to ensure the correct MAC add...

Page 325: ...31 DHCP options on page 332 Static lease reservations on page 333 About DHCP servers Digi routers incorporate one or more Dynamic Host Configuration Protocol DHCP servers one for each Ethernet port DHCP is a standard Internet protocol that allows a DHCP server to dynamically distribute IP addressing and configuration information to network clients The Configuration Network DHCP server pages in the...

Page 326: ...ere must be at least one minimum IP address and a range Using the CLI this is specified slightly differently a starting address and a range are specified instead Mask The subnet mask used to on the network to which the router is connected Gateway A gateway is required in order to route data to IP addresses that are not on the local subnet The value in this text box specifies the IP address of the ...

Page 327: ...heckbox box is enabled the router will use the value in the text box as the delay to use prior to sending out the DHCP_OFFER message Enabling this functionality and setting the delay to a non zero value will allow other DHCP servers on the network to respond first Only send offers to Wi Fi clients When enabled causes the router to only send DHCP offers to Wi Fi clients This is useful if the router...

Page 328: ...3647 Default 0 to a b c d dhcp n mask Valid IP address a b c d Mask dhcp n gateway Valid IP address a b c d Gateway dhcp n DNS Valid IP address a b c d DNS Server dhcp n DNS2 Valid IP address a b c d Secondary DNS Server dhcp n domain Up to 64 characters Domain Name dhcp n lease 0 2147483648 minutes Default 20160 minutes 14 days Lease Duration d days h hrs m mins dhcp n respdelms 0 2147483647 Wait...

Page 329: ...name The name of a host that the DHCP client can make contact with in order to download a boot file Boot file The name of the boot file the client can download from the host specified in the Server Hostname text box Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter dhcp n nxtsvr Valid IP address a b c d Next Bootstrap Server dhcp n sname Up to 64 characters Server Host...

Page 330: ...dress of an FTP server and is a custom option for use with WYSE terminals FTP Root Dir for WYSE Terminals The root directory for FTP transfers This is also a custom option for use with WYSE terminals Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter dhcp n NBNS Valid IP address a b c d NetBIOS Name Server a b c d dhcp n NBNS2 Valid IP address a b c d Secondary NetBIOS ...

Page 331: ...Digi TransPort User Guide 331 Logical Ethernet interfaces The web pages in this section are simply a duplicate of the previously described Ethernet interface pages but they apply to logical rather than physical Ethernet interfaces ...

Page 332: ...on The DHCP option number Data type The data type for the option and can be any one of the following 1 2 or 4 byte value IPv4 address text string or hexadecimal data Value The actual data that will be sent in the DHCP option message Related CLI commands For example to set the option number to 9 for the LPR Server the command is dhcpopt 0 optnb 9 Entity Instance Parameter Values Equivalent Web Para...

Page 333: ...dresses specified here DO NOT fall within the IP address ranges specified in the DHCP server page IP Address a b c d The IP address to be assigned MAC Address aa bb cc dd ee ff The MAC address which is to be given the above IP address As is usual with the configuration tables clicking the Add button adds the entry to the table and clicking the Delete button removes an existing entry from the table...

Page 334: ...mmand line Network Services page The Network Services web page collects together a number of services that are provided by the router into one section to enable the user to quickly enable or disable these services without having to navigate to multiple sections of the menu Detailed configuration is performed within the specific section ...

Page 335: ...le SNMP v2c When enabled the router uses SNMP version 2c Enable SNMP v3 When enabled the router uses SNMP version 3 Enable Simple Network Timer Server SNTP When enabled the router acts as a Simple Network Time Protocol SNTP time server Source This drop down selection menu selects the source used to supply time data for the SNTP server The usual options are Internal real time clock RTC device A GPS...

Page 336: ...not such an issue selecting this option allows the simpler and slightly more convenient web server to be used Enable Secure Web Server HTTPS Select this radio button to disable the insecure HTTP protocol and enable the HTTPS service Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter snmp n v1enable 0 1 0 Off 1 On Enable SNMP v1 snmp n port Default 161 UDP Port n snmp n ...

Page 337: ...igure DNS servers and Dynamic DNS This section describes configuring DNS servers and Dynamic DNS from the web interface and command line It covers the following topics Configure DNS Servers on page 338 Configure Dynamic DNS on page 344 ...

Page 338: ...he DNS server selection parameters give the ability to specify a DNS server based on the DNS query For example DNS lookups for internal servers can be directed to an internal DNS server and all other DNS requests can be sent direct to an external DNS server managed by the ISP ...

Page 339: ... available the IP address in this text box specifies the destination for DNS queries matching the hostname pattern Route using Routing table Interface x y The two radio buttons associated with this text control whether the router should look up the route to the DNS server by using the routing table or should send the DNS query out of a specific interface When the Interface radio button is selected...

Page 340: ...n com For DNS requests matching pattern send the request to dnssel n svr Valid IP address DNS Server a b c d dnssel n secsvr Valid IP address Secondary DNS Server a b c d dnssel n ent PPP Ethernet Interface x y dnssel n add Valid interface number Interface x y dnssel n ipent PPP Ethernet Interface x y dnssel n ipadd Valid interface number Interface x y ...

Page 341: ... on page 344 Send an update to DNS Server a b c d for The IP address in this text box specifies the DNS server that should be sent the updated information The server must support DNS Update messages Dynamic DNS is generally offered as a subscription based service by ISPs but for a large number of deployed routers it may be more appropriate to set up a dedicated DNS server locally Name The member o...

Page 342: ...is the case check this check box to switch on the Base64 decoding of the password before transmission The password is not actually transmitted as part of the message but is used to create a signature that is appended to the message If the password is issued as a hexadecimal string and not straight text the password in the password text box must be given the prefix 0x Confirm DNS Server Password Th...

Page 343: ...t 0 2147483648 seconds Also send an update every h hrs m mins s secs dnsupd 0 delprevrr OFF ON The DNS server should delete all previous records dnsupd 0 username Valid username up to 20 characters DNS Server Username dnsupd 0 password Valid password up to100 characters DNS Server Password dnsupd 0 b64pwd OFF ON Password is Base64 encoded dnsupd 0 autozone OFF ON Local time offset from GMT auto de...

Page 344: ...he specification supplied by DynDNS go to http dyn com referred to in the web interface as Dynamic DNS When an interface connects the client checks the current IP address of that interface If the IP address differs from that obtained from the previous connection the Dynamic DNS service is contacted and the hostnames specified in the Hostname parameters are updated with the new address Dynamic DNS ...

Page 345: ...rname to use when updating the hostnames This will have been supplied by the service provider DynDNS Password The password to use when updating the hostnames This will have been supplied by the service provider Confirm DynDNS Password Enter the password into this text box to confirm it DynDNS DDNS System The value selected from this drop down list is used to identify the dynamic DNS system contain...

Page 346: ...0 characters Host and Domain Name s dyndns 0 hostname2 Up to 40 characters Host and Domain Name s dyndns 0 hostname3 Up to 40 characters Host and Domain Name s dyndns 0 hostname4 Up to 40 characters Host and Domain Name s dyndns 0 hostname5 Up to 40 characters Host and Domain Name s dyndns 0 port 0 65535 Destination port dyndns 0 username Up to 20 characters DynDNS User Name dyndns 0 password Up t...

Page 347: ...ddress is not supplied and the DYNDNS server attempts to determine the correct IP address by other means IP source address in update packet This mode would normally only be used if the router is behind a NAT router Only send update when this router is the VRRP master When enabled causes the router to not send DDNS updates unless at least one Ethernet interface is a VRRP master Enable debug When en...

Page 348: ...upported routes on page 349 IP Routing parameters on page 352 Static routes on page 355 Default Route n parameters on page 361 RIP parameters on page 368 Interfaces Ethernet PPP GRE parameters on page 373 BGP parameters on page 377 IP Port Forwarding Static NAT Mappings parameters on page 379 IP Port Forwarding Static NAT Mappings parameters on page 379 Multicast Routes parameters on page 381 Virt...

Page 349: ...et 0 interface Static routes To add static routes configure a route in Configuration Network IP Routing Forwarding Static Routes Routes 0 9 Route n where n is an instance number The minimum configuration settings required to add a static route are IP Address Mask Interface Interface number If a static route is pointing at an Ethernet interface then optionally a gateway IP address can be added If a...

Page 350: ...ting table or length of mask There may be more than one match and in this case the index number of the route is taken into account The index number is simply the route number in the config That is Static Route 0 or 1 is index 0 or 1 Static routes are checked first then dynamic routes then default routes CLI command ip 0 cidr off CIDR routing mode When the TransPort receives an IP packet to route t...

Page 351: ...uting table Route metrics can be configured by means of the following route parameters Connected Metric Disconnected Metric Route metrics can be altered automatically according to various circumstances This allows for automatic backup connection paths Routes and interfaces can be put out of service Whenever an interface is out of service OOS any route pointing at the interface will also be out of ...

Page 352: ...hould use for static routes The default is 1 eBGP Routes The CIDR metric that the router should use for eBGP routes The default is 20 OSPF Routes The CIDR metric that the router should use for OSPF routes The default is 110 RIP Routes The CIDR metric that the router should use for RIP routing The default is 120 iBGP Routes The CIDR metric that the router should use for iBGP routes The default is 2...

Page 353: ...ing an alternative route The value in this text box specifies the latency to apply before passing traffic on an alternative route in the current route becomes unavailable If an interface is configured for dial on demand and fails to connect Mark a static route as Out Of Service for s seconds The value in this text box specifies the default time that a route should be marked as out of service if th...

Page 354: ...647 OSPF Routes ip 0 admin_rip 0 2147483647 RIP Routes ip 0 admin_ibgp 0 2147483647 iBGP Routes ip 0 inf_metric 0 2147483647 Maximum static route metric ip 0 route_dbcast 0 255 Route directed IP broadcasts ip 0 route_dly 0 2147483647 Wait s seconds before using an alternative route ip 0 route_dwn 0 2147483647 If an interface is configured for dial on demand and fails to connect Mark a static route...

Page 355: ... destination IP address that matches the Destination Network Mask combination it will route the packet through the interface specified below Mask a b c d The network mask that is used in conjunction with the above destination network address to specify the Gateway a b c d Used to override the default gateway IP address configured for the Ethernet interfaces Packets matching the route will use the ...

Page 356: ...nterface is inactive Normally both values should be the same but in some advanced routing scenarios necessary to use different values If a particular route fails it automatically has its metric set to 16 which means that it is temporarily deemed as being out of service The default out of service period is set by the IP route out of service parameter Note however that this default period may be ove...

Page 357: ... route in RIP advertisements When enabled the router includes this static route to be included in RIP advertisements Make PPP n interface use the alternative idle timeout when this route becomes available When enabled this check box in conjunction with the PPP interface instance number in the text box cause the router to use the alternative inactivity timeout specified for that interface when this...

Page 358: ...eactivate the interface after it successfully connects When enabled the router deactivates an interface once a successful activation attempt has been made This is used in conjunction with the above retry parameter If the above retry parameter is not set this checkbox is disabled Do not allow this interface to be activated by this route for s seconds after the last activation attempt The delay to w...

Page 359: ...terface is unable to pass traffic it will be marked Out of Service and the next interface will be tried Assign this route to recovery group n Assigns the route to a recovery group This means that if all the routes in a particular recovery group go out of service the out of service status is cleared for all routes in that group If one route in a group comes back into service all routes with a lower...

Page 360: ...ff Only queue one packet whilst waiting for the interface to connect route n deact_ent Blank PPP When this route becomes available deactivate the following interfaces x y route n deact_add 0 2147483647 When this route becomes available deactivate the following interfaces x y route n deact_ent2 Blank PPP When this route becomes available deactivate the following interfaces x y route n deact_add2 0 ...

Page 361: ...ent text box The available options are None PPP Ethernet Tunnel Metric n The routing metric to use when the interface is connected This should have a value between 1 and 16 and is used to select which route should be used when the subnet for a packet matches more than one of the IP route entries Each route may be assigned a connected metric and a disconnected metric The connected metric parameter ...

Page 362: ...stance Parameter Values Equivalent Web Parameter def_route n descr Up to 20 characters Description def_route n gateway Valid IP address a b c d Gateway a b c d def_route n ll_ent Blank PPP ETH TUN Interface x y def_route n ll_add 0 2147483647 Interface x y def_route n upmetric 1 16 Metric ...

Page 363: ...routed must match these parameters before the packet will be routed through the specified interface Mask a b c d The netmask that is used in conjunction with the IP address as explained above Include this route in RIP advertisements When enabled the router includes this static route to be included in RIP advertisements Make PPP x interface use the alternative idle timeout when this route becomes a...

Page 364: ...Forwarding IP Routing page If the value in this text box is non zero the route metric will not be set to 16 until the number of connection attempts specified by this parameter have been made If the interface fails to connect try again in s seconds If an interface is requested to connect by this route due to IP traffic being present and it fails to connect the route will be marked as out of service...

Page 365: ...nel and instance that should be taken out of the Out of Service state when the interface that this route is configured to use is deactivated Keep this route in service for s seconds after OOS state is cleared When enabled the following text box is enabled such as it is no longer disabled out allowing a value to be entered The value specifies the period that the interface specified above will remai...

Page 366: ... 255 Wait for s seconds after power up before allowing this route to activate the interface def_route n actooslim 0 2147483647 Mark this route as Out Of Service if the interface fails to connect after n consecutive attempts def_route n chkoos_int 0 2147483647 If the interface fails to connect try again in s seconds def_route n chkoos_deac t 0 2147483647 Deactivate the interface after it successful...

Page 367: ... interfaces x y def_route n deact_add2 0 2147483647 When this route becomes available deactivate the following interfaces x y def_route n unoos_secs 0 2147483647 Keep this route in service for s seconds after OOS state is cleared def_route n rgroup 0 255 Assign this route to recovery group n Entity Instance Parameter Values Equivalent Web Parameter ...

Page 368: ...e for which an updated metric will apply when a RIP update is received If no updates are received within this period the usual metric will take over Delete routes after another s seconds The length of time that the router will continue to advertise this route when a RIP update timeout occurs and the route metric is 16 This behavior is designed to help propagate the dead route to other routers The ...

Page 369: ...nable RIP rip n interval 0 2147483647 Send RIP advertisement every s seconds rip n ripto 0 2147483647 Mark routes as unusable if we don t get advertisement for s seconds rip n riplingerto 0 2147483647 Delete routes after another s seconds rip n updatestatic on off Allow RIP to update static routes rip n poisonreverse on off Enable Poison Reverse ...

Page 370: ...unless another RIP response is received within that time RIP packets must have a source address that is included in the RIP access list Adding permitted IP addresses to the access list is controlled using a table with the single parameter described below IP Address a b c d The IP address to be added to the list of IP addresses that RIP packets must come from if they are to modify route metrics Up ...

Page 371: ... validity period for the key starting immediately of allowing a start date to be defined The starting date is specified using a drop down list to select the start day a drop down list to select the start month and a text box to enter the start year Selecting the Disable option from the day and None from the month means that this key should not be used The year can be specified as either two or fou...

Page 372: ...Parameter ripauth 0 9 key Up to 16 characters Key k ripauth 0 9 keyid 0 255 Key ID ripauth 0 9 sday 0 31 Valid from d m y ripauth 0 9 smon 0 12 Valid from d m y ripauth 0 9 syear 0 65535 Valid from d m y ripauth 0 9 eday 0 31 Expires d m y ripauth 0 9 emon 0 12 Expires d m y ripauth 0 9 eyear 0 65535 Expires d m y ...

Page 373: ...ge this parameter unless you intend to alter this behavior Multicasts Only visible when V2 is selected in the Use RIP option above This is automatically selected for sending to the default RIP v2 multicast address 224 0 0 9 BLANK BOX This parameter may be used to force RIP packets to be sent to a specified IP or multicast address It is particularly useful if you need to route the packets via a VPN...

Page 374: ...ey can be found the interface will not send any RIP packets Received RIP packets must be authenticated using the MD5 authentication algorithm before they will be accepted This method can be used with RIP V2 Only send RIP advertisements when this interface is in service Select this parameter for RIP advertisements only to be sent when the interface is in the UP state in the routing table Use Trigge...

Page 375: ...nting such problems as routing loops and Count to Infinity where routers continuously increment the hop count to a particular network This makes for a stable network To use OSPF on the router a valid configuration file must exist in the router s filing system Enable OSPF When enabled displays the following parameters OSPF Configuration Filename The file that contains the configuration data for OSP...

Page 376: ...F packets When checked the router ignores received packets that have a MTU that differs from that of the router itself Use Interface IPsec source IP When enabled OSPF functions use the source IP address of the interface specified in Configuration Network Interfaces Advanced PPP n Use interface x y for the source IP address of IPsec packets on the interface being used When unchecked OSPF uses the s...

Page 377: ... used Enable BGP When enabled enables BGP routing BGP Configuration Filename The configuration file to use is selected from this drop down list The default filename is bgp cnf An error message will be displayed if the specified file cannot be found Load Config file Click this button to load the file specified from the drop down list The contents of the file will be visible in the edit window which...

Page 378: ...mation is selected from this drop down list The available levels are Off Low Med and High Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter bgp 0 enable on off Enable BGP bgp 0 conffile BGP Configuration Filename bgp 0 new_cfg_rest on off Restart BGP after configuration file is saved bgp 0 fatal_rest on off Restart BGP if a fatal error occurs bgp 0 allow_non_nets on of...

Page 379: ...allow received packets destined for particular ports to be directed to specific local IP addresses For example to have a server running on a local network externally accessible a static NAT mapping would be set up using the local IP address of the server and the port number used to access the required service Configuring IP port forwarding and static NAT mapping is done by entering the following c...

Page 380: ...the IP address for entry 0 in the table to 10 1 2 10 enter the command nat 0 IPaddr 10 1 2 10 Entity Instance Parameter Values Equivalent Web Parameter nat 0 29 minport 0 65535 External Min Port nat 0 29 maxport 0 65535 External Max Port nat 0 29 IPaddr Valid IP address a b c d Forward to Internal IP Address a b c d nat 0 29 mapport 0 65535 Forward to Internal Port ...

Page 381: ...rameter is used in conjunction with the Mask parameter below to specify the destination multicast group address for packets that will match this route So if a router receives a packet with a destination multicast group address that matches the specified Multicast Address Mask combination it will route that packet through the interface specified by the Interface parameters below Mask a b c d The ad...

Page 382: ... Instance Parameter Values Equivalent Web Parameter mcast 0 19 IPaddr Valid IP address a b c d Multicast Address a b c d mcast 0 19 mask Valid IP address a b c d Mask a b c d mcast 0 19 ll_ent PPP ETH TUN Interface x y mcast 0 19 ll_add Valid interface number 0 2147483647 Interface x y ...

Page 383: ...e is an application based on VRF that extends the concept of VRF to the Customer Edge CE router on the customer s premises It supports multiple overlapping independent routing and forwarding tables per customer Any routing protocol supported by normal VRF can be used in a VRF Lite CE implementation The CE supports traffic separation between customer networks As there is no MPLS functionality on th...

Page 384: ...ion Exported Route Targets Array of route target identifiers IPCore Configuration Imported Route Targets Array of route target identifiers IPCore Configuration Address Families List of the address families IPv4 IPv6 or both IPCore Configuration Route Distinguisher Route distinguisher IPCore Configuration ARP Entity Address resolution entity ARP entity IPCore Configuration Name VRF name IPCore Conf...

Page 385: ...IPCore Configuration Next Hop IP Address Next hop IP address IPCore Configuration Type Route entry type Null Other Invalid Direct Indirect Static IPCore Configuration Routing Protocol Type Routing protocol type Null Other Local Network Managed ICMP EGP GGP Hello RIP IS IS ES IS Cisco IGRP BBN SPF IGP OSPF BGP EIGRP IPCore Configuration Outgoing Interface Name Outgoing IP interface name IPCore Conf...

Page 386: ...ty VRF name IPCore Configuration Attribute name Attribute description Scheme Polling interval Outgoing Virtual Routing Entity Identifier Outgoing virtual routing entity Object Identifier OID IPCore Configuration Incoming and Outgoing Virtual Routing Tags Incoming and outgoing virtual routing tags IPCore Configuration Destination IP Subnet Final destination IP subnet IPCore Configuration Next Hop I...

Page 387: ...mmunities for the specified VRF Enter either an AS number and an arbitrary number xxx y or an IP address and arbitrary number A B C D y Note This command is effective only if BGP is running 6 Switch config vrf import map route map Optional Associates a route map with the VRF 7 Switch config vrf interface interface id Enters interface configuration mode and specifies the Layer 3 interface to associ...

Page 388: ...iguring Virtual Private Networking VPN from the web interface and command line It covers the following topics About Virtual Private Networks VPNs on page 389 About Internet Protocol Security IPSec on page 389 IPsec parameters on page 394 PPTP parameters on page 445 OpenVPN parameters on page 447 ...

Page 389: ...r information to create session keys that only apply for the lifetime of that IKE exchange About Internet Protocol Security IPSec An inherent problem with the TCP protocol used to carry data over the vast majority of LANs and the Internet is that it provides virtually no security features This lack of security and publicity about hackers and viruses prevent many people from even considering using ...

Page 390: ... known as Rijndael Two key protocols within the framework are AH and ESP AH is used to authenticate users and ESP applies cryptographic protection The combination of these techniques is designed to ensure the integrity and confidentiality of the data transmission Put simply IPSec is about ensuring that Only authorized users can access a service No one else can see what data passes between one poin...

Page 391: ...this is a well established and accepted protocol but as it involves encrypting the data three times using DES with a different key each time it has a very high processor overhead This also renders it almost impossible for casual hackers to attack and very difficult to break in any meaningful time frame even for well equipped and knowledgeable parties AES 128 bit key Also known as Rijndael encrypti...

Page 392: ...o someone in the first place only requires that you know their public key anyone who knows that can send them an encrypted message so you can send a secure message to someone knowing only their publicly available key You can also prove who you are by including in the message your identity whereupon they can look up the certified public key for that identity and send a message back that only you ca...

Page 393: ...his is the same as the subject Altname in certificate cert01 pem which makes it possible for the router to locate the correct certificate to send to the host Authentication Method Should be set to RSA Signatures This indicates to IKE that RSA signatures certificates are to be used for authentication When IKE receives a signature from a remote unit it needs to be able to retrieve the correct public...

Page 394: ...about each other This enables the endpoint responding to the request to decide whether it wishes to enter a secure dialogue with the endpoint requesting it To achieve this the two endpoints commonly identify themselves and verify the identity of the other party They must do this in a secure manner so that the process cannot be listened in to by any third party The IKE protocol is used to perform t...

Page 395: ...ostname of the remote unit The IP address or hostname of the remote IPsec peer that a VPN will be initiated to Use a b c d as a backup unit The IP address or hostname of a backup peer If the router cannot open a connection to the primary peer this configuration will be used Please note that the backup peer device must have an identical IPsec tunnel configuration as the primary peer Use these setti...

Page 396: ...These settings define the security identities used on the IPsec tunnel Security type Description Preshared Keys Requires that both IPsec peers share a secret key or password that can be matched by and verified by both peers To configure the PSK a user will need configuring that matches the inbound ID of the remote peer and the PSK is configured using the password parameter This is done via Configu...

Page 397: ...n Aggressive mode is Off this parameter must be the IP address of the remote peer RSA Key File This parameter can be used to override the private key filename in the IKE configuration It is only used when RSA Signatures Certificates are being used for the authentication stage of the IKE negotiation Use enc encryption on this tunnel The ESP encryption protocol to use with this IPsec tunnel The opti...

Page 398: ...e IKE configuration The IKE configuration instance to use with this Eroute when the router is configured as an Initiator Bring this tunnel up Controls how the IPsec tunnel is brought up The options are All the time Whenever a route to the destination is available On demand If the tunnel is down and a packet is ready to be sent Defines the action that is performed when the IPsec tunnel is down and ...

Page 399: ...n eroute n peerip IP address or hostname The IP address or hostname of the remote unit eroute n bakpeerip IP address or hostname Use n as a backup unit eroute n locip IP address IP Address for Local LAN eroute n locmsk IP Mask IP Mask for Local LAN eroute n locipifent blank ETH PPP Use interface x y x Interface type eroute n locipifadd Integer Use interface x y y interface number eroute n remip IP...

Page 400: ...on eroute n autosa 0 On Demand 1 When a route to the destination is available 2 All the time Bring this tunnel up eroute n nosa drop pass try If the tunnel is down and a packet is ready to be sent eroute n inact_to Integer Bring this tunnel down if it is idle for h hrs m mins s secs This CLI value is entered in seconds only eroute n ltime Integer Renew the tunnel after h hrs m mins s secs This CLI...

Page 401: ...sec tunnel gets used IP Address The alternative IP address to negotiate Mask The alternative IP mask to negotiate Negotiate a virtual IP address using MODECFG Used when the remote peer is a Cisco device using MODECFG to assign a specific IP address to this router during SA setup negotiations This is commonly seen in Remote Access RA type VPNs and EasyVPN solutions XAuth ID Extended Authentication ...

Page 402: ...hment fails The router will take the IPsec tunnel out of service if the automatic establishment fails rather than continually retrying Go out of service after n consecutive auto negotiation failures The router will take the IPsec tunnel out of service if the auto negotiation fails for the specified consecutive number of times rather than continually retrying This tunnel can only use apn When enabl...

Page 403: ...twork Advanced Network Settings page Interface x y Use the IP address of the specified interface Tunnel this IPsec tunnel inside another IPsec tunnel It is possible to tunnel packets from an IPsec tunnel within a second or more tunnel When this parameter is enabled NAT Traversal Keepalive timer s seconds Sets the interval period in seconds that the router will use to send regular packets to a NAT ...

Page 404: ...se c compression on this tunnel eroute n oosdelsa on off Delete SAs when this tunnel is down eroute n ifvrrpmaster on off Delete SAs when router is not a VRRP master eroute n nosaoos on off Go out of service if automatic establishment fails eroute n nosadeactcnt Integer Go out of service after n consecutive auto negotiation failures eroute n check_apnbu on off This tunnel can only use apn eroute n...

Page 405: ...slist Comma separated list of Integers IP packets with ToS values n must use this tunnel eroute n locport 0 65535 Only tunnel IP packets with local TCP UDP port eroute n remport 0 65535 Only tunnel IP packets with remote TCP UDP port eroute n locfirstport 0 65535 Only tunnel IP packets with local TCP UDP port in the range of n1 to n2 eroute n loclastport 0 65535 Only tunnel IP packets with local T...

Page 406: ... ID parameter on the host unit to a suitable name such as Host1 Then set the Peer ID parameter to Remote for example In addition an entry would be made in the user table with Remote for the Username and a suitable Password value such as mysecret Each of the remote units that required access to the host would then have to be configured with an Our ID parameter of Remote01 Remote02 etc and each woul...

Page 407: ...the router If you select the Pass the packet option packets that match an IPsec tunnel are decrypted and authenticated depending on the IPsec tunnel s configuration but data that does not match will also be allowed to pass When a packet is to be transmitted which does not match any IPsec tunnel How the router will respond if a packet is transmitted when there is no SA If you select the Drop the pa...

Page 408: ...ugh to encompass all the local and remote networks The VPN Concentrator can act as an initiator and or a responder In situations where there are more remote sites than the router can support concurrent sessions it will normally be necessary for the VPN Concentrator and the remote sites to be both an initiator and a responder This is so both the remote sites and the head end can initiate the IPsec ...

Page 409: ...c information is retrieved the router creates a dynamic IPsec Tunnel which is based upon the base IPSec tunnel configuration plus the site specific information from the MySQL database 4 The router then uses the completed IPsec tunnel configuration and IKE to create the IPsec SAs 5 For the pre shared key IKE uses the password returned from the MySQL database rather than doing a local look up in the...

Page 410: ... also exist 3 Once the information is retrieved from the MySQL database IKE negotiations continue and the created IPsec SAs will be associated with the dynamic IPsec tunnel 4 As long as the dynamic IPsec tunnel exists it behaves just like a normal IPsec tunnel such as SAs being replaced removed as required 5 If errors are received from the MySQL database or not enough fields are returned the dynam...

Page 411: ...card matching is supported which means that the peerid may contain and characters If only one IPsec tunnel is configured the peerid field may contain a indicating that all remote IDs result in a MySQL look up Local subnet IP address Local subnet mask Configured as usual Remote subnet IP address Remote subnet mask These fields should be configured in such a way that packets to ALL remote sites fall...

Page 412: ...ameter allows the router to see that an IPsec tunnel should use the group configuration to retrieve dynamic information from the database Remote mask to use for tunnels Used in the SQL SELECT query in conjunction with the destination IP address of packets to be tunneled from the host to the remote peer to identify the correct record to select from the MySQL database MySQL Server IP Address or Host...

Page 413: ... field in the table where the bakpeerip data is stored Peer ID The name of the field in the table where the peerid data is stored Our ID The name of the field in the table where the ourid data is stored Password The name of the field in the table where the password to use in IKE negotiations is stored Note The default MySQL field names match the matching IPsec tunnel configuration parameter name T...

Page 414: ...rver IP Address or Hostname egroup n dbport 0 65535 MySQL Server Port egroup n dbuser String Username egroup n dbpwd String Password Confirm Password egroup n dbname String Database name egroup n dbtable String Database table egroup n fremip String Remote subnet IP egroup n fremmsk String Remote subnet Mask egroup n fpeerip String Peer IP Address egroup n fbakpeerip IP Address Backup Peer IP Addre...

Page 415: ...abase file into memory and check the memory allocated and free using the smem command This will show the memory allocated and left available Increase the memory in the dbsrvmem command if required dbfile name This is the name of the csv file that the router will use to store the table definitions 1st line and data records This file is stored in flash and is used to populate the database stored in ...

Page 416: ...arned entries or it can be saved to a new file To save the dbfile to flash from RAM use the following command sqlsave 0 filename Where filename is the name of the destination file For example to save the learned database entries to a file called backup csv sqlsave 0 backup csv If there are no learned entries this command will not create a file To view the number to learned entries use the command ...

Page 417: ...nfigure the backup database IP address that is the loopback address of the router or an alternative SQL server this example shows the loopback IP address of the router ipbu 0 BUIPaddr 127 0 0 1 4 Set the amount of time in seconds that the connection to the main SQL server will be retried ipbu 0 retrysec 30 5 Set the router to use the backup IP address if the main database is unavailable ipbu 0 don...

Page 418: ...te where subnet 10 110 100 0 limit 3 To limit the sqldo command to only act on specified fields the following command can be used sqlfields field1 field2 field3 For example sqlfields remmsk password peerip After issuing the sqlfields command all further sqldo commands will apply to these fields only When finished to close the SQL server connection correctly sqlclose If the database being queried i...

Page 419: ...me of an existing IKE SA and attempts to negotiate a lifetime for the IKE SA that is 60 seconds longer than the desired lifetime of the IPsec SA Mark the IPsec tunnel as suspect if there is no traffic for n seconds The period of time of inactivity on a tunnel before it is deemed to be suspect such as if there is no activity on a healthy link for the time period defined then the tunnel is them deem...

Page 420: ...ter dpd 0 inact Integer Mark the IPsec tunnel as suspect if there is no traffic for n seconds dpd 0 okint Integer Send a DPD request on a healthy link every n seconds dpd 0 failint Integer Send a DPD request on a suspect link every n seconds dpd 0 maxfail Integer Close the IPsec tunnels after no response for n DPD requests ...

Page 421: ...s IKE debugging to be displayed on the debug port Debug Level Sets the level of IKE debugging The options are Low Medium High Very High Debug IP Address Filter Used to filter out IKE packets with particular source or destination IP addresses The format of this parameter is a comma separated list of IP addresses For example to exclude the capture of IKE traffic from IP hosts 10 1 2 3 and 10 2 2 2 e...

Page 422: ... CLI commands Entity Instance Parameter Values Equivalent Web Parameter ike 0 deblevel 0 Off 1 Low 2 Medium 3 High 4 Very High Debug Level ike 0 ipaddfilt Comma separated list of IP addresses Debug IP Address Filter ike 0 debug on off Forward debug to port ...

Page 423: ...lowing settings for negotiation The settings used during the IKE negotiation Encryption The encryption algorithm used The options are None DES 3DES AES 128 bit keys AES 192 bit keys AES 256 bit keys Authentication The authentication algorithm used The options are None MD5 SHA1 ...

Page 424: ...ss when using certificates This is because the ID of the remote unit its public key can be retrieved from the certificate file MODP Group for Phase 1 The key length used in the IKE Diffie Hellman exchange to 768 bits group 1 or 1024 bits group 2 Normally this option is set to group 1 this is sufficient for normal use For particularly sensitive applications you can improve security by selecting gro...

Page 425: ...lg des 3des aes Encryption ike n keybits 0 128 192 256 Encryption AES Key length ike n authalg md5 sha1 Authentication ike n aggressive on off Mode ike n ikegroup 1 2 5 MODP Group for Phase 1 ike n ipsecgroup 1 2 5 MODP Group for Phase 2 ike n ltime 1 28800 Renegotiate after h hrs m mins s secs This CLI value is entered in seconds only ...

Page 426: ... IPsec When one end of an IPsec tunnel is behind a NAT box some form of NAT traversal may be required before the IPsec tunnel can pass packets Turning NAT Traversal on enables the IKE protocol to discover whether or not one or both ends of a tunnel is behind a NAT box and implements a standard NAT traversal protocol if NAT is not being performed The version of NAT traversal supported is that descr...

Page 427: ...etes IKE SAs when their IPSec SAs are removed Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter ike n retranint 0 255 Retransmit a frame if no response after n seconds ike n retran 0 9 Stop IKE negotiation after n retransmissions ike n inactto 0 255 Stop IKE negotiation if no packet received for n seconds ike n dpd on off Enable Dead Peer Detection ike n natt on off En...

Page 428: ...ngs that the router will accept during the negotiation Encryption The acceptable encryption algorithms Authentication The acceptable authentication algorithms MODP Group between x and y The acceptable range for MODP group Renegotiate after h hrs m mins s secs How long the initial IKE Security Association will stay in force When the IKE Security Association expires any attempt to send packets to th...

Page 429: ... can specified in a comma separated list Encryption ike 0 keybits 0 128 192 256 Encryption Minimum AES Key length ike 0 rauthalgs md5 sha1 Multiple algorithms can specified in a comma separated list Authentication ike 0 rdhmingroup 1 2 5 MODP Group between x and y ike 0 rdhmaxgroup 1 2 5 MODP Group between x and y ike 0 ltime 1 28800 Renegotiate after h hrs m mins s secs This CLI value is entered ...

Page 430: ...quests an IKE lifetime that is greater than the responder a notification will be sent and the initiator should reduce its lifetime value accordingly Retain phase 1 SA after failed phase 2 negotiation The name of a X 509 certificate file holding the router s private part of the public private key pair used in certificate exchanges See X 509 Certificates on page 392 for further explanation RSA priva...

Page 431: ...e 0 natt on off Enable NAT Traversal ike 0 initialcontact on off Send INITIAL CONTACT notifications ike 0 respltime on off Send RESPONDER LIFETIME notifications ike 0 keepph1 on off Retain phase 1 SA after failed phase 2 negotiation ike 0 privrsakey Filename RSA private key file ike 0 delmode 0 Normal 1 Remove IKE SA when last IPsec SA removed 2 Remove IPsec SAs when IKE SA remove 3 Both SA Remova...

Page 432: ...orts can have their destination address set to the source address of the original packet in the same way as standard NAT If the remote end of the tunnel can access units connected to the local interface the unit that has been assigned the virtual IP address needs to have some static NAT entries set up When a packet is received through the tunnel the router first looks up existing NAT entries follo...

Page 433: ... commands Entity Instance Parameter Values Equivalent Web Parameter tunsnat n minport 0 65535 External Port tunsnat n maxport 0 65535 Port Range Count tunsnat n ipaddr IP Address Forward to Internal IP Address tunsnat n mapport 0 65535 Forward to Internal Port ...

Page 434: ... are None DES 3DES AES 128 bit keys AES 192 bit keys AES 256 bit keys Authentication The authentication algorithm used The options are None MD5 SHA1 PRF Algorithm The PRF Pseudo Random Function algorithm used The options are MD5 SHA1 MODP Group for Phase 1 Sets the key length used in the IKE Diffie Hellman exchange to 768 bits group 1 or 1024 bits group 2 Normally this option is set to group 1 and...

Page 435: ... new IKEv2 SA is negotiated and the old SA is removed Any IPSec child SAs that were created are retained and become children of the new SA Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter ike2 n iencalg des 3des aes Encryption ike2 n ienkeybits 128 192 256 Encryption AES Key length ike2 n iauthalg md5 sha1 Authentication ike2 n iprfalg md5 sha1 PRF Algorithm ike2 n id...

Page 436: ...al within IKE IPsec When one end of an IPsec tunnel is behind a NAT box some form of NAT traversal may be required before the IPsec tunnel can pass packets Turning NAT Traversal on enables the IKE protocol to discover whether or not one or both ends of a tunnel is behind a NAT box and implements a standard NAT traversal protocol if NAT is not being performed The version of NAT traversal supported ...

Page 437: ...5 Retransmit a frame if no response after n seconds ike2 n retran 0 9 Stop IKE negotiation after n retransmissions ike2 n inactto 0 255 Stop IKE negotiation if no packet received for n seconds ike2 n natt on off Enable NAT Traversal ike2 n natkaint Integer NAT traversal keep alive interval n seconds ike2 n privrsakey Filename RSA private key file ...

Page 438: ...m The acceptable PRF Pseudo Random Function algorithms MODP Group between x and y The acceptable range for MODP group Renegotiate after h hrs m mins s secs How long the initial IKE Security Association will stay in force When it expires any attempt to send packets to the remote system will result in IKE attempting to establish a new SA Rekey after h hrs m mins s secs When the time left until expir...

Page 439: ... Minimum AES key length ike2 0 rauthalgs md5 sha1 Authentication ike2 0 rprfalgs md5 sha1 PRF Algorithm ike2 0 rdhmingroup 1 2 5 MODP Group between x and y ike2 0 rdhmaxgroup 1 2 5 MODP Group between x and y ike2 0 ltime 1 28800 Renegotiate after h hrs m mins s secs This CLI value is entered in seconds only ike2 0 rekeyltime 1 28800 Rekey after h hrs m mins s secs This CLI value is entered in seco...

Page 440: ...protocol if NAT is not being performed The version of NAT traversal supported is that described in the IETF draft draft ietf ipsec nat t ike 03 txt NAT traversal keep alive interval n seconds The interval in seconds in which the NAT Traversal keepalive packets are sent to a NAT device in order to prevent NAT table entry from expiring RSA private key file The name of a X 509 certificate file holdin...

Page 441: ...e physical connection Typically both the physical layer and logical layer PPP connections would be terminated on the same device for example a TransPort router With L2TP answering the call the router terminates the layer 2 connection only and the PPP frames are passed in an L2TP tunnel to another device which terminates the PPP connection This device is sometimes referred to as a Network Access Se...

Page 442: ...ver to use Bring this tunnel up All the time On demand This parameter only applies to tunnels initiated from this router Bring this tunnel down if it is idle for h hrs m mins s secs These radio buttons select whether or not the tunnel is permanently available or not When set to On demand the tunnel will not activate automatically but will wait until it is triggered by PPP When set to On demand the...

Page 443: ...ost and which will be used if the remote host requests authentication and Authentication is set to Off here Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter l2tp n listen OFF ON Act as a listener only l2tp n swap_io OFF ON Enable server mode l2tp n remhost Valid IP address a b c d Initiate connections to a b c d l2tp n backremhost Valid IP address a b c d Use a b c d ...

Page 444: ...N calls MSN The filter for the ISDN Multiple Subscriber Numbering MSN It is blank by default but when the answering facility above is enabled the router only answers ISDN calls where the trailing digits match this MSN value For example setting the MSN value to 123 prevents the router from answering calls from any calling number that does not end in 123 This parameter is not used when answering is ...

Page 445: ...a tunnel back to the router on port 1723 but fails when the traffic is blocked by the mobile operator s firewall PPTP n parameters Description An identifier for the router Remote Host a b c d The IP address of the remote host such as the device that will terminate the PPTP connection Use Interface x y The interface to be used for the PPTP tunnel is selected from this drop down list the text box ne...

Page 446: ...1 only SSLv2 only Enable PPTP debug When enabled enables debug tracing Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter pptp 0 9 name Up to 30 characters Description pptp 0 9 remhost Valid IP address a b c d Remote Host a b c d pptp 0 9 ll_ent Blank PPP ETH Blank means Auto Use Interface x y pptp 0 9 ll_add 0 4294967296 Use Interface x y pptp 0 9 listen OFF ON Accept ...

Page 447: ... using firewall rules applied to the VPN virtual interface OpenVPN is not a web application proxy and does not operate through a web browser The Digi TransPort implementation of OpenVPN can be configured as an OpenVPN server shown above or as an OpenVPN client connecting to an OpenVPN server On TransPort firmware OpenVPN has been implemented as an interface That means when an OpenVPN tunnel connec...

Page 448: ...ured OpenVPN sockets are only allowed to from this interface and the routing table will be ignored When set to Auto the OpenVPN sockets use the routing table to identify the best interface to use Get link socket source address from this interface x y The values in these two text boxes define the interface Auto PPP ETH and the instance number of the interface to use as a source address for IP socke...

Page 449: ...ed and a member of a multicast group is discovered on this interface multicast packets for this group received on other interfaces will be sent out this interface Include in RIP advertisements When enabled the router includes this static route in RIP advertisements Automatically connect interface If enabled this OpenVPN instance will be considered as an Always On interface Server mode listener Con...

Page 450: ... for the router to use DNS servers sent from the OpenVPN server Packet replay ID window When set to a non zero value this enables sequence number replay detection It indicates the number of packet IDs lower than the current highest ID to allow out of sequence Packet replay time window seconds Set to a non zero value to enable time tracking of incoming packets OpenVPN TX ping interval seconds Inter...

Page 451: ...nables output of OVPN related debug Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter ovpn n descr Up to 30 characters Description ovpn n IPaddr Valid IP address a b c d IP address a b c d ovpn n dest Valid IP address a b c d Destination host a b c d ovpn n ll_ent blank PPP ETH Link socket interface x y x interface type ovpn n ll_add 0 2147483647 Link socket interface ...

Page 452: ... b c d ovpn n pushmask2 Valid netmask a b c d Push mask 2 a b c d ovpn n puship3 Valid subnet a b c d Push IP address 3 a b c d ovpn n pushmask3 Valid netmask a b c d Push mask 3 a b c d ovpn n pushdns Valid IP address a b c d Push DNS server address 1 a b c d ovpn n pushdns2 Valid IP address a b c d Push DNS server address 2 a b c d ovpn n pullip OFF ON Pull interface IP address ovpn n pullroute ...

Page 453: ... packets ovpn n inact_timeout 0 2147483647 Inactivity timeout seconds ovpn n cipher See cipher list below Data channel cipher ovpn n digest See digest list below Data channel digest ovpn n debug OFF ON Debug Cipher values Digest values DES EDE CBC md2WithRSAEncryption AES128 ssl2 md5 DES MD5 DES CBC sha1WithRSAEncryption AES 128 CBC ssl3 sha1 AES192 ssl3 md5 AES 192 CBC SHA1 DES EDE3 CBC MD2 AES 2...

Page 454: ...7 About the Secure Sockets Layer SSL The secure socket layer SSL provides a secure transport mechanism is supported by Digi s TransPort routers Some sites require client side authentication when connecting to them The router s SSL client handles the authentication for SSL connections using certificates signed by a Certificate Authority CA For more information regarding certificates and certificate...

Page 455: ... SHA It can represent a list of cipher suites containing a certain algorithm or cipher suites of a certain type For example SHA1 represents all cipher suites using the SHA1 digest algorithm Lists of cipher suites can be combined in a single cipher string using the character This forms the logical AND operation For example SHA1 DES represents all cipher suites containing SHA1 and DES algorithms If ...

Page 456: ...s Equivalent Web Parameter sslcli 0 4 certfile Up to 12 characters DOS 8 3 format Client Certificate Filename sslcli 0 4 keyfile Up to 12 characters DOS 8 3 format Client Private Key Filename sslcli 0 4 cipherlist Colon separated list of ciphers Cipher List sslcli 0 4 IPaddr Apply to Destination IP Address ...

Page 457: ...he SSL protocol to use is selected from this drop down list Selecting Any allows the use of any version The available options are Any TLSv1 only SSLv2 only Cipher List The list of ciphers is the same as described above for the client side configuration table Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter sslsvr 0 certfile Up to 12 characters DOS 8 3 format Server Ce...

Page 458: ...topics About the Secure Shell SSH server on page 459 Configure Secure Shell SSH server parameters on page 460 Configure Secure Shell SSH Client on page 464 SSH parameters on page 468 Generate an SSH private key from the web interface on page 468 Generate an SSH private key from the CLI on page 469 SSH Authentication with a public private key pair on page 469 ...

Page 459: ...mal methods such as FTP It is possible using the genkey command to create host keys in either format for use with SSH Using this utility it is not necessary to have the host key files present on any other storage device thus providing an additional level of security For details on generating a private key file see Generate an SSH private key from the web interface on page 468 Unlike the Telnet ser...

Page 460: ...generated using the facilities described in the Certificates section of this manual Host Key 2 Filename The filename of either an SSH V1 or V2 key as above Note The maximum length for these filenames is 12 characters and they must use the DOS 8 3 file naming convention Maximum login time s seconds The maximum length of time in seconds a user can successfully complete the login procedure once the S...

Page 461: ...bled the server negotiates SSH V2 The router must also have a SSH V2 key present and the filename entered into the SSG configuration Actively start key exchange This option applies to V2 SSH Some SSH clients wait for the server to initiate the key exchange process when a new SSH session is started unless they have data to send to the server in which case they will initiate the key exchange themsel...

Page 462: ...and the other options given a value of 2 or greater If all these parameters are set to the same value the router automatically uses them in the following order SHA1 SHA1 96 MD5 MD5 96 MAC MD5 The preference level for MAC MD5 MAC MD5 96 The preference level for MAC MD5 96 MAC SHA1 The preference level for MAC SHA1 MAC SHA1 96 The preference level for MAC SHA1 96 Enable Debug The router supports log...

Page 463: ...wd 0 2147483647 Enable port forwarding ssh 0 7 cmdhost Valid IP address a b c d Command session IP address a b c d ssh 0 7 cmdport 0 2147483647 Command session port p ssh 0 7 svrkeybits 0 2147483647 Server key size ssh 0 7 initkex OFF ON Actively start key exchange ssh 0 7 rekeybytes 0 2147483647 0 Do not rekey Rekey After n units of data have been transferred ssh 0 7 enc3descbc 0 2147483647 0 Dis...

Page 464: ...Configure Secure Shell SSH Client Full book title 464 Configure Secure Shell SSH Client SSH clients are configured on the Configuration Network SSH Client page ...

Page 465: ...not DEFLATE compression will be used If compression is selected the compression level is chosen from the drop down list Enable Public Key Authentication When enabled enables SSH public key authentication to connect to OpenSSH Enable Password Authentication When enabled enables SSH password authentication to connect to OpenSSH Note No other authentication methods are supported Encryption Preference...

Page 466: ... the same value the router automatically uses them in the following order SHA1 SHA1 96 MD5 MD5 96 MAC MD5 The preference level for MAC MD5 MAC MD5 96 The preference level for MAC MD5 96 MAC SHA1 The preference level for MAC SHA1 MAC SHA1 96 The preference level for MAC SHA1 96 Enable Server Keepalives When enabled enables server keepalives to use the same tcp connection for HTTP conversation inste...

Page 467: ...file1 Up to 12 characters 8 3 format Name of either an SSH V1 or SSH V2 host key sshcli 0 7 comp 0 disabled Use Deflate compression level sshcli 0 7 pubkeyauth 0 disabled Enables SSH public key authentication to connect to OpenSSH sshcli 0 7 pwdauth 0 disabled Enables SSH password authentication to connect to OpenSSH sshcli 0 7 enc3descbc 0 2147483647 0 Disabled 3DES sshcli 0 7 encaes128c bc 0 214...

Page 468: ...convention applies 3 Check the checkbox marked Save in SSHv1 format in order to generate a version 1 SSH key Click the Generate Key button to generate the private key file The key file will be stored in the router s FLASH filing system 4 To generate the second key repeat steps 1 through 3 This time however make sure that the Save in SSHv1 format checkbox is unchecked Give this key file a different...

Page 469: ... For example genkey 1024 privssh2 pem 3 Set the first private key as the SSH Host key 1 using the following command ssh 0 hostkey1 privssh1 pem 4 Set the second private key as SSH Host Key 2 using the following command ssh 0 hostkey2 privssh2 pem 5 Save the configuration config 0 save SSH Authentication with a public private key pair Once SSH access has been configured and confirmed to be working ...

Page 470: ...lay This section covers configuring FTP relay agents from the web interface and command line interface It includes the following topics About FTP relay agents on page 471 FTP Relay n parameters on page 472 Advanced FTP Relay parameters on page 475 ...

Page 471: ...r is being used to collect data files from a locally attached device such as a webcam which must then be to a host system over a slower data connection such as W WAN In effect the router acts as a temporary data buffer for the files The FTP Relay Agent can also be configured to email as an attachment any file it was unable to transfer to the FTP server To do this go to Configuration Alarms SMTP Ac...

Page 472: ...s to be saved Rename file When enabled the router stores the uploaded files internally with a filename in the form relnnnn where nnnn is a number that is incremented for each new file received When the file is relayed to the FTP host the original filename is used When unchecked the file is stored internally using its original filename This parameter should be set if it a file having a filename lon...

Page 473: ...ollowing this checkbox are normally disabled they should appear disabled in the browser When this checkbox is enabled the parameters are enabled and data can be entered into the text boxes Use Email Template File The name of the template file that will be used to form the basis of any email messages generated by the FTP Relay Agent This would normally be the standard EVENT EML template provided wi...

Page 474: ...ir Up to 40 characters Remote directory frelay n norename OFF ON Rename file frelay n ascii OFF ON Transfer Mode frelay n appe OFF ON Transfer Command frelay n retries 0 2147483647 Attempt to connect to the FTP Server n times frelay n retryint 0 2147483647 Wait s seconds between attempts frelay n timeout 0 2147483647 Remain connected frelay n savemode OFF ON Delete Retain file frelay n smtp_temp U...

Page 475: ...uide 475 Advanced FTP Relay parameters Tx Buffer Size n bytes The value in this text box specifies the size of the Tx socket buffer Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter ftpcli n txbuf 0 2147483647 Tx Buffer Size ...

Page 476: ...meters on page 477 Related CLI commands on page 478 About IP passthrough IP passthrough is a useful feature if a host computer or server on the local area network needs to have access to it from the Internet with a public IP address With IP passthrough configured all IP traffic not just TCP UDP is forwarded back to the host computer This feature can be useful for applications that do not function ...

Page 477: ...Ethernet interface to 192 168 1 1 32 Pinhole Configuration The following parameters are checkboxes allowing specific protocols to be excluded from the IP passthrough feature An excluded protocol terminates at the router instead of being forwarded to the local PC HTTP When checked this checkbox excludes HTTP from passthrough HTTPS When checked this checkbox excludes HTTPS from passthrough Telnet Wh...

Page 478: ...ble IP Pass through passthru 0 ethadd 0 2147483647 Ethernet interface passthru 0 pppadd 0 2147483647 PPP interface passthru 0 mode 0 1 0 Normal 1 32 bit mask Mode passthru 0 http OFF ON HTTP passthru 0 https OFF ON HTTPS passthru 0 telnet OFF ON Telnet passthru 0 telnets OFF ON Telnet over SSL passthru 0 ssh OFF ON SSH SFTP passthru 0 snmp OFF ON SNMP passthru 0 gre OFF ON GRE passthru 0 ping OFF ...

Page 479: ...479 Configure UDP echo This section covers configuring UDP echo from the web interface or command line It covers the following topics About UDP echo on page 480 UDP Echo n parameters on page 480 Related CLI commands on page 481 ...

Page 480: ... to which they should be sent and the sending interval If the destination IP address is left blank the router will not attempt to send any packets Use local port n The local port the router should listen on for UDP packets If any UDP packets are sent to this port the router will send a copy back to the IP address and port they were sent from Route via Routing table Interface x y These two radio bu...

Page 481: ... address a b c d port n every s seconds udpecho n interval 0 2147483647 Send a UDP packet to IP address a b c d port n every s seconds udpecho n locport 0 65535 Use local port n udpecho n userouting OFF ON Route via Routing table udpecho n ifent PPP ETH Interface x y udpecho n ifadd Valid interface instance 0 4294967296 Interface x y udpecho n onlyis OFF ON Only send packet when the interface is I...

Page 482: ...vers configuring the Quality of Service QoS from the web interface and command line It covers the following topics About Quality of Service Qos on page 483 Configuring QoS in the web interface on page 484 DSCP Mappings parameters on page 485 Queue Profiles parameters on page 486 ...

Page 483: ... specific data rate providing that queues of a higher priority are not already using the available bandwidth Weighted Random Early Dropping WRED of packets can be used as queues become busy in an attempt to get the TCP socket generating the packets to back off its transmit timers This prevents the queue overflow which would result in all subsequent packets being dropped QoS is a complex subject an...

Page 484: ...s parameters to configure DSCP operation The Configuration Network Queue Profiles page contains parameters to manage the queue profiles Each Configuration Interfaces Ethernet and Configuration Interfaces PPP instance page contains a QoS sub page which controls how QoS behaves on that particular interface When configuring QoS be aware that the router supports ten queues numbered from 0 to 9 and tha...

Page 485: ...queue associated with it To change the value from what is shown select the desired value from the drop down list Related CLI commands Examples To display a DSCP mapping from the command line type the following dscp code Where code is a valid DSCP code from 0 to 63 or 64 see note below To change the value of a parameter use the following command dscp code q value Where code is a valid DSCP code and...

Page 486: ...lower than the Minimum kbps value ensures that only the Minimum kbps setting is achieved Maximum Packet Queue Length The maximum length of a queue in terms of the number of packets in the queue Any packets received by the router that would cause the maximum length to be exceeded are dropped WRED Minimum Threshold The minimum queue length threshold for using the WRED algorithm to drop packets Once ...

Page 487: ...ves too slowly large weighting factor it allows a burst of traffic through without dropping packets but may result in dropped packets for some time after the actual transmit rate drops off Therefore use care in selecting the weighting factor to suit the type of traffic using the queue Related CLI commands Examples To display a queue profile enter the following command gqprof instance Where instanc...

Page 488: ...iods of time during which PPP interfaces allowed or prevented from activating For example a router in an office could be configured so that the ADSL PPP interface is only raised on weekdays Time bands can only be applied to PPP instances Time bands are specified by a series of transition times At each of these times routing is either enabled or disabled The default state for a time band is On whic...

Page 489: ...Lists the available PPP instances Enable This column contains checkboxes each checkbox controls whether or not time bands are enabled for the PPP instance in the left hand column of the row Check the checkbox to enable time bands for the associated PPP instance Timeband Selects which of the four available time band instances should be associated with the PPP instance Related CLI commands The defau...

Page 490: ...he weekend only check the Sat Sun checkbox To select weekdays only check the Mon Fri checkbox Time The transition time specified in 24 hour format with a colon separator between hours and minutes State The routing state which can be On or Off For convenience this parameter toggles state for each new addition if an On transition is configured the default state for the next addition is Off Clicking ...

Page 491: ...d Fri The abbreviation MF is used to specify Monday to Friday For example to allow PPP routing only on weekdays between 9 00 a m and 5 30 p m enter these commands tband 0 days 0 mf tband 0 time0 9 tband 0 state0 on tband 0 days1 mf tband 0 time1 5 30 tband 0 state1 off Entity Instance Parameter Values Equivalent Web Parameter tband 0 3 days ALL MF Mon Tue Wed Thu Fri Sat Sun Days tband 0 3 time HH...

Page 492: ... About advanced network settings on page 492 Advanced Network Settings descriptions on page 493 About advanced network settings The basic network configuration settings cover most configurations and implementations and in those cases the settings should not require changes The Advanced Network Settings are available for those instances where detailed settings for network features require changes ...

Page 493: ...d route any IP packets for this address When connected to a Serial interface using TCP Advertise an MSS of n bytes The maximum segment size used advertised by an asynchronous serial port connected to TCP sockets Use a Rx Window size of n bytes The Rx window size used advertised by an asynchronous serial port connected to TCP sockets Default SSL version for outgoing connections Selects which versio...

Page 494: ...nt Web Parameter cmd n sec_ip Valid IP address Secondary IP address a b c d sockopt n asymss 0 2147483648 When connected to a serial interface using TCP Advertise an MSS of n bytes sockopt n asyrxwin 0 2147483648 Use a Rx Window size of n bytes sockopt n sslver 0 3 0 Auto 1 TLSv1 2 SSLv2 Default SSL version for outgoing connections ...

Page 495: ...if it causes the traffic to match an Eroute and therefore be sent using IPsec or GRE Connect Timeout s seconds The amount of time after which a TCP socket may remain idle before being closed If the value is set to 0 the socket may remain open indefinitely TCP socket inactivity timer s seconds The maximum period of inactivity in seconds that can occur before and open TCP IP socket is closed The def...

Page 496: ... sockets available Maximum ACK time for XOT data The maximum time allowance for a remote unit to acknowledge TCP data transmitted by a unit s socket If this timer expires the socket is aborted The default value of 0 disables the timer Note There is no requirement for the remote unit to acknowledge received data immediately therefore setting this parameter to too small a value is not recommended So...

Page 497: ... the primary IP address has just failed this text box determines whether a connection to the backup IP address should be attempted immediately or when the application next attempts to open a connection When checked the socket attempts to connect to the backup IP address immediately after the connection to the primary IP address failed and before reporting this failure to the calling application su...

Page 498: ... with a backup IP address of 192 168 0 2 setting the IP address in the next row to 192 168 0 2 with a backup IP address of 192 168 0 3 causes the router to try all these IP addresses in succession Note The time that it takes for a connection to an IP address to fail is determined by the Connect timeout parameter on the Configuration Network Advanced Network Settings Socket Settings web page Relate...

Page 499: ...that in the past would have connected to a legacy network can connect to the Digi TransPort router instead This means old equipment can be connected to modern networks such as HSUPA This section covers configuring legacy protocols from the web interface or command line It covers the following topics Configure Systems Network Architecture over IP SNAIP on page 500 Configure TPAD parameters on page ...

Page 500: ...r TCP IP using the DLSw protocol often called SNAIP They can also can send HDLC traffic over TCP IP About SNA SNA uses Synchronous Data Link Control SDLC an unbalanced mode in which there is one master station and one or more secondary stations Each secondary station owns a station address and can only respond when this address has just been polled by the master A typical scenario is shown in the ...

Page 501: ...ly of all other stations The SNAIP parameter Priority is used to select the SNAIP instance to use when more than one is available the highest number being given preference For example consider that 4 SNAIP instances to all share sync port 0 To do this configure SNAIP 0 in the usual way on PORT 0 then configure SNAIP instances 1 2 and 3 to use SharedPort and Sync Port from SNAIP 0 Use protocol The ...

Page 502: ... see signals changing state Sync port should not send or receive data when WAN link is down Causes the Sync port to be deaf and dumb and have DCD low while the connection with the WAN is down This setting is supported to prevent terminals from assuming if L2 is up the rest of the WAN link should be working at which point the router could go into a management error state SNA parameters Router to be...

Page 503: ... change this T1 timer A standard LAPB timer The default value is 1000 milliseconds 1 second and under normal circumstances it should not be necessary to change it T200 timer A standard LAPB re transmit timer The default value is 1000 milliseconds 1 second and under normal circumstances it should not be necessary to change it Window Size The X 25 window size The value range is from 1 to 7 with the ...

Page 504: ...rface specified Close TCP connection if it is idle for x secs The maximum period of inactivity in seconds that may occur before an open TCP IP socket is closed The default value is 300 seconds 5 minutes and should not normally require altering DLSw Ver The DLSw version to be used Set to 0 default for version 1 set to 2 for version 2 DLSw Role When this parameter is set to Active and the router is ...

Page 505: ...ch case this router would send the CONTACT message but if this parameter is set we would not send this message but instead wait for it to be sent to us before progressing in the DLSw state machine Make immediate connection attempts before backing off The number of successive connection attempts before backing off for the number of seconds default 30 defined in the Backoff for x seconds parameter T...

Page 506: ...th the specified text snaip x autocontact 1 enabled 0 disabled Assume station exists Do not send TEST frames snaip x dcd_toggle 1 enabled 0 disabled Toggle DCD output each time the DLSw protocol enters the DISCONNECTED state snaip x l1oos 1 enabled 0 disabled Sync port should not send or receive data when WAN link is down snaip x master 1 enabled 0 disabled Router to be Master on an unbalanced lin...

Page 507: ... the DLSw protocol snaip X srcipent auto eth ppp Use interface for source IP address snaip x srcipadd 0 255 Use interface for source IP address snaip x sock_inact 0 2147483647 Close TCP connection if it is idle for x secs snaip x ver 0 2 DLSw Ver snaip x passive 0 active 1 passive DLSw Role snaip x dlswwindow 1 100 DLSw Window snaip x udp_cap 1 enabled 0 disabled UDP Capable snaip x use1sock On Of...

Page 508: ...number This instance must be available to go online or this command will fail To revert back and use the default instance issue the snadis x command Normal priorities are used to determine which SNAIP instance gets to use the SYNC port snaip x con_attempts 0 2147483647 Make immediate connection attempts before backing off snaip x con_boff_time 0 2147483647 Backoff for x seconds before attempting t...

Page 509: ...a simplified version of the X 25 PAD specification that is commonly used for carrying out credit card clearance transactions Digi routers support the use of TPAD over ISDN B and D channels TCP UDP SSL XoT Automatic back up between any two of these layer 2 interfaces or transport protocols is supported ...

Page 510: ...instance to use for the relevant TPAD instance Select 0 or 1 for LAPB or 0 or 1 for LAPD When using LAPB with ISDN this parameter may be set to 255 which means use any free LAPB instance This is useful when more than 2 POS terminals are connected to the router and the acquirer does not support multiple Switched Virtual Circuits SVCs on a single B Channel A value of 254 uses an available LAPB insta...

Page 511: ...nal numbers that are dialed after the number specified by B channel ISDN For example if B channel ISDN was set to 123456 and Suffix was set to 789 the actual number dialed would be 123456789 On the main interface Deactivate LAPB session x seconds after TPAD X 25 call has been cleared Once a TPAD X 25 call has been cleared the router will keep a LAPB instance active for the length of time set by th...

Page 512: ...r incoming calls the router accepts the LCN specified by the caller LCN direction Whether the X 25 LCN used for outgoing TPAD calls is incremented or decremented from the starting value when multiple TPAD instances share one layer 2 LAPB or LAPD connection The default is DOWN and LCNs are decremented such as if the first CALL uses 1024 the next will use 1023 etc Setting the parameter to UP causes ...

Page 513: ...t Allow concurrent transactions Multiple transactions per X 25 call are allowed irrespective of whether a response has been received from the host Use ASCII character x as the delimiter character The character used to separate a main NUA from a backup NUA and a main NUI from a backup NUI in an ATD command The default value is the ASCII character decimal 33 Forward mode time x milliseconds If not f...

Page 514: ...culation When set to 8583 Ascii 4 byte the IP length header conforms to the ISO 8583 format Setting this parameter to On Inclusive pre pends a 2 byte length header and the calculation of the length includes the 2 bytes of the length header TPAD Settings Use Terminal ID TID Inserts or replaces a Terminal ID in the APACS 30 string Replace TID provided by connected terminal with configured TID When e...

Page 515: ...ment the APACS 30 message number Disable Direct Mode Enabling this setting will prevent the router from automatically using Direct Mode see below when it receives an APACS 30 packet without any call set up Boot to Direct Mode Direct mode is a mode of operation whereby the router automatically routes APACS 30 packets to their destination without the terminal having to perform any call control If th...

Page 516: ...ting the data The time the router waits for an ACK character to be received after sending data to the terminal If an ACK character is not received within this time the data is retransmitted A value of 0 sets a delay of 1 second the default Transmit TPAD transactions directly in a Synchronous frame If enabled TPAD transactions are transmitted without any outer protocol such as X 25 such as they are...

Page 517: ...if there is no response to a TPAD transaction request for x seconds The length of time in seconds the router waits for a response to a TPAD transaction request before clearing the TPAD call Generate an event when a TPAD transaction takes longer than x seconds Setting this parameter to a non zero value causes the router to generate an Excessive Transaction Time event code 56 each time a TPAD transa...

Page 518: ...ace tpad n bakl2iface lapb lapd tcp ssl vxn Use backup interface tpad n bakl2nb 0 255 Use backup interface tpad n bnumber text valid ISDN number Use number x to make outgoing ISDN calls tpad n prefix text numeric Use prefix x tpad n prefix_rem text numeric Remove prefix x from number in ATD command tpad n suffix text numeric Use suffix x tpad n tl2deact 0 10000 On the main interface Deactivate LAP...

Page 519: ...al ID TID tpad n dotermid 1 enabled 0 disabled Replace TID provided by connected terminal with configured TID tpad n tid text Use TID xxxxxxxxx with incoming APACS 50 polling calls tpad n merchnum text Use merchant Number tpad n useconstr 1 enabled 0 disabled Use Connect String tpad n constr text Use Connect String tpad n pollchars text The polling character set is c tpad n domsgnb 1 enabled 0 dis...

Page 520: ...par 1 enabled 0 disabled Strip parity when sending data to the host tpad n lfpar 1 enabled 0 disabled Force parity when sending data to the host tpad n strip_tspaces 1 enabled 0 disabled Strip Trailing Spaces tpad n ackdat 1 enabled 0 disabled Acknowledge TPAD data packets tpad n stx_2_soh 1 enabled 0 disabled Convert leading STX character to SOH tpad n eot_only 1 enabled 0 disabled Terminate TPAD...

Page 521: ... XOT PVC comes up This parameter should only be set to Off when it is known that the responder will reset the links Reset XOT PVC if the router is the Responder If set to On the router is responsible for resetting the links on XOT PVC links when it is the responder The default for this parameter is Off Include length of header in IP length header For all X 25 calls that include an IP header length...

Page 522: ...abled When answering a X 25 call use the addresses from CALL packet in the CALL CNF packet LAPB setting X25gen 0 xot_cnf_addr 1 enabled 0 disabled When answering a X 25 call use the addresses from CALL packet in the CALL CNF packet XoT setting X25gen 0 reset_xotpvc_ini 1 enabled 0 disabled Reset XOT PVC if the router is the Initiator X25gen 0 reset_xotpvc_resp 1 enabled 0 disabled Reset XOT PVC if...

Page 523: ... in Synchronous Mode To use the LAPB instance over a synchronous serial port enable this setting and select a serial port number To configure settings of the synchronous port such as speed and clock source navigate to Configuration Network Interfaces Serial Serial Port n Sync Port n Use ISDN Enable this setting to use LAPB over ISDN Mode DTE or DCE Determines whether LAPB will behave as DTE Data T...

Page 524: ...fail to instruct TPAD to hang up then this timer can be used as a backup hang up timer thus saving ISDN call charges When LAPB is being used on a synchronous port this parameter should normally be set to 0 Send X 25 Restart packet on receipt of SABM frame This parameter can be set to No or Immediate When set to Immediate the LAPB instance sends an X 25 restart packet immediately on receipt of an S...

Page 525: ... the LAPB link Use as x a calling party number when making ISDN calls This is Calling Line Identification The router will only answer calls from numbers whose trailing digits match what is entered in this field The line the router is connected to must have CLI enabled by the telecoms provider and the calling number cannot be withheld Async Mux 0710 Parameters For certain W WAN modules LAPB is used...

Page 526: ...econds lapb n Window 1 7 X 25 Window Size lapb n tinactx25 0 3000 Disconnect link if there has been no X 25 activity for x seconds lapb n tinact 0 3000 Disconnect link if there has been no activity for x seconds lapb n restartact 1 enabled 0 disabled Send X 25 Restart packet on receipt of SABM frame lapb n ans 1 enabled 0 disabled Allow this unit to answer calls lapb n msn text Only accept calls f...

Page 527: ...onfigure X 25 parameters Digi TransPort User Guide 527 lapb n dlc 0 63 DLC lapb n asyport 0 255 ASY port lapb n virt_async 0 255 Virtual ASY port Entity Instance Parameter Values Equivalent Web Parameter ...

Page 528: ...ires an NUA instead of an NUI to determine the destination of a call then the NUI Mappings table can be used to convert an NUI to an NUA If a TPAD call specifies a call in which the NUI matches an entry the call actually placed on the network will contain the respective NUA and no NUI Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter nuimap n nua text Maps to NUA nuima...

Page 529: ... upon data in the call request matching the following comparison fields NUA called NUI called X 25 Call Data PID All the comparison fields NUA NUI Call Data and PID can use the wildcard matching characters and NUA The Network User Address NUI The Network User Identifier Call Data The X 25 Call Data PID The Protocol Identifier IP address The IP address IP Port The IP port number Interface The Prima...

Page 530: ...ot all of the fields are visible in the Protocol Switch section as they do not all apply to the Protocol Switch Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter nuaip N nua text NUA nuaip N nui text NUI nuaip N cud text Call Data nuaip n pid text PID nuaip n IPaddr IP address IP Address nuaip n ip_port 0 65535 IP Port nuaip n swto 0 15 Interface nuaip n buswto 0 15 Ba...

Page 531: ...interface and backup interface values are as follows Parameter Value Interface Type 0 Default 1 LAPD 2 LAPB 0 3 LAPB 1 4 XOT 5 LAPD x instance determined by NUA 6 LAPB 0 PVC 7 LAPB 1 PVC 8 XOT PVC 9 TCP Stream 10 UDP Stream 12 LAPB 2 13 LAPB 2 PVC 14 VXN 15 SSL ...

Page 532: ...0123456 789012Dtest data could be given the name X25test and then executed simply by entering CALL X25test To create a macro enter a name for the macro in the left column of the Call Macros table and in the right column enter the appropriate command string excluding the ATD Then click Add Macro The name of the macro this can be any text Command The X 25 call command Related CLI commands Entity Ins...

Page 533: ...n for incoming connections that are to be switched over X 25 or other protocol In the case of switching to X 25 when such a connection is made the router will make an X 25 Call to the address specified in the X 25 Call field Once this call has been connected data from the port will be switched over the X 25 session Number of Sockets Selects how many IP sockets should simultaneously listen for data...

Page 534: ...gth header is On the IP length indicator field is inserted at the start of each packet When set to 8583 Ascii 4 byte the IP length header conforms to the ISO 8583 format In the example above 3 IP sockets will listen for an incoming connection on IP Port 2004 Once connected each socket makes an X 25 Call to jollyroger The router recognizes that jollyroger is a pre defined macro as illustrated below...

Page 535: ...in elements to the configuration procedure for accessing X 25 networks General and service related parameters PAD parameters X 3 Each X 25 PAD configuration page also includes a sub page detailing the X 3 PAD parameters Collectively this set of values is known as a PAD profile Your router contains four pre defined standard PAD profiles numbered 50 51 90 and 91 You can also create up to four custom...

Page 536: ...e X 25 Call Macro macroname to an ATD command The name of an X 25 call macro used when an ATD command is received by the router The ATD command is ignored and a PAD CALL command using the macro replaces it The purpose of this feature is to allow non PAD terminals to use an X 25 PAD network connection X 25 call macros are set up in the Configuration Network Legacy Protocols X 25 Call Macros web pag...

Page 537: ...kets It is normally possible to make X 25 CALLs immediately following the initial SABM UA exchange In some cases however the X 25 network may require an X 25 Restart before it will accept X 25 CALLs The correct mode to select depends upon the particular X 25 service to which you subscribe The default value is On This means that the router will issue X 25 Restart packets To prevent the router from ...

Page 538: ...e If set to On causes the PAD to always attempt to be connected using the Auto macro setting as the call command Send ENQ on Connect If set to On the PAD sends an ENQ character on the ASY link when an outgoing call has been answered Enable STX ETX Filtering If set to On the PAD ignores data that is not encapsulated between ASCII characters STX Ctrl B and ETX Ctrl C To disable this feature select t...

Page 539: ...Use PAD over interface pad n ip_stream 0 off for XoT 1 TCP 2 UDP Use PAD over interface pad n defpak 16 32 64 128 256 512 or 1024 Default X 25 packet size pad n ansnua text valid NUA Answer incoming calls from NUA pad n anscug text valid CUG Only answer calls with CUG pad n amacro text Use X 25 Call Macro macroname to an ATD command pad n cingnua text valid NUA Use NUA pad n lcn 1 4095 LCN pad n l...

Page 540: ...ad n delconmsg 0 10 Delay connect message n x 10 milliseconds pad n data_del 0 2147483647 Delay data transfer after connection by n x 10 milliseconds pad n inacttim 0 1000 Terminate the PAD call after x seconds if there has been no data transmission pad n nocalltim 0 60000 Disconnect the layer 2 call if there is no layer 3 call in progress for x seconds pad n trig_str text Create an event when the...

Page 541: ... commands stoppads Stops all PAD instances from accepting and performing any PAD commands gopads Resumes processing of PAD commands The stoppads and gopads commands can have the PAD number specified in the syntax to stop and start individual PAD instances For example To stop PAD 1 from processing PAD commands stoppads 1 To re enable PAD 1 gopads 1 ...

Page 542: ...e resulting customized user profile to non volatile memory Loading and Saving PAD Profiles To create your own PAD profiles edit the appropriate parameters and then select user profile 1 2 3 or 4 as required from the list and click the Save Profile button Each PAD profile page includes two list boxes that allow you to load and save PAD profiles To load a particular profile select the profile from t...

Page 543: ...ho Enables or disables local echo of data transmitted during a call When echo is enabled X 3 parameter 20 can be used to inhibit the echo of certain characters 3 Data Forwarding Characters Defines which characters cause data to be assembled into a packet and forwarded to the network Combinations of the above sets of characters are possible by adding the respective values together For example to de...

Page 544: ...y the PAD to temporarily halt and restart the flow of data from the DTE during a call 6 Suppression of PAD Service Signals Determines whether or not the PAD prompt and or Service Command signals are issued to the DTE Option Description 0 No data forwarding time out 1 Data forwarding time out in 20ths of a second Option Description 0 No flow control 1 XON XOFF flow control 3 RTS CTS flow control no...

Page 545: ...e output to your DTE using parameter 8 Option Description 8 Discard Output Determines whether data received during a call is passed to the DTE or discarded It can only be directly set by the remote system and may be used in a variety of circumstances when the remote DTE is not able to handle a continuous flow of data at high speed 9 Padding after CR Slower terminal devices such as printers may req...

Page 546: ...ntrols the automatic generation of a Line Feed by the PAD The line feed values can be added together to select Line Feed insertion to any desired combination Option Description 0 No line folding 1 255 Width of line before the PAD generates CR LF Option Description 15 19 200 bps 14 9 600 bps 12 2 400 bps 3 2 400 bps Option Description 0 No flow control 1 XON XOFF flow control 3 RTS CTS flow control...

Page 547: ...editing When editing is enabled the idle timer delay parameter 4 is disabled and parameter 3 must be used to select the desired data forwarding condition 16 Character Delete Character The edit mode delete character ASCII 0 127 The default is backspace ASCII 08 17 Line Delete Character The edit mode line buffer delete character ASCII 0 127 The default is CTRL X ASCII 24 18 Line Redisplay Character ...

Page 548: ...e output A page wait condition is cleared when the PAD receives a character from the terminal Related CLI commands The X 3 PAD parameters can be edited from the command line using the set command described in X 28 commands on page 552 Option Description 0 No echo mask all characters are echoed 1 CR 2 LF 4 VT HT or FF 8 BEL BS 16 ESC ENQ 32 ACK NAK STX SOH EOT ETB ETX 64 No echo of characters set b...

Page 549: ...ance or XSW for X 25 switching If set to XSW for the X 25 switch the X 25 switch must also be configured regarding the interfaces to switch this PVC to from For example if this is an incoming XOT PVC we are configuring the Switch from XOT PVC parameter must be set to the desired destination interface Use packet size The packet size for the PVC Select the appropriate value from the drop down list U...

Page 550: ...liface pad tpad xsw Connect this PVC to PAD x pvc n psize 0 default 4 16 5 32 6 64 7 128 8 256 9 512 10 1024 Use packet size pvc n window 1 7 Use window size pvc n ipaddr IP address Remote IP address pvc n srcipent auto eth ppp Use the source IP address from interface x y pvc n srcipadd 0 255 Use the source IP address from interface x y pvc n iniface text Initiator interface pvc n respiface text R...

Page 551: ...er Disassembler PAD interface conforms to the X 3 X 28 and X 29 standards Up to 6 PAD instances from an available pool of 8 can be created and dynamically assigned to the asynchronous serial ports or the REM pseudo port Each application that uses the router to access an X 25 network has its own particular configuration requirements For example you may need to program your Network User Address NUA ...

Page 552: ...cription CALL Make an X 25 call CLR Clear an X 25 call ICLR Invitation to CLR INPAR List X 3 parameters of specified PAD instance INPROF Load or save specified PAD profile INSET Set X 3 parameters of specified PAD instance INT Send Interrupt packet LOG Logoff and disconnect PAR List local X 3 parameters PROF Load or save PAD profile RESET Send reset packet RPAR List remote X 3 parameters RSET Set ...

Page 553: ...ect restricted response Gnn Closed User Group Gnnnn Extended Closed User Group R Reverse charging N NUI Network User Identity code NUI Example The following command places a call to address 56512120 using reverse charging and specifying Closed User Group 12 The string MYNUI is your Network User Identity The string Hello appears in the user data field of the call packet CALL R G12 NMYNUI 56512120DH...

Page 554: ...ct and a window size of 2 The user or system then has 15 seconds in which to pass up to 124 bytes of data to the PAD to be included in the clear indication packet that is sent in response to the call The PAD does not differentiate between standard and restricted response Fast select on incoming calls and consequently will always respond with a clear indication Network User Identity NUI The N facil...

Page 555: ... 16 bytes as user data The same is true for a fast select call except the maximum amount of user data is increased from 124 to 128 bytes When entering user data the tilde character can be used to toggle between ASCII and binary mode In ASCII mode data is accepted as typed but in binary mode each byte must be entered as the required decimal ASCII code separated by commas For example to enter the da...

Page 556: ...The following table lists the verbose messages and equivalent numeric codes Code Verbose message 1 Unallocated unassigned number 2 No route to specified transit network 3 No route to destination 4 Channel unacceptable 6 Channel unacceptable 7 Call awarded and being delivered in an established channel 16 Normal call clearing 17 User busy 18 No user responding 19 No answer from user user alerted 21 ...

Page 557: ...not implemented unspecified 81 Invalid call reference value 82 Identified channel does not exist 83 A suspended call exists but this call identity does not 84 Call identity in use 85 No call suspended 86 Call having the requested call identity has been cleared 88 Incompatible destination 90 Destination address missing or incomplete 91 Invalid transit network selection 95 Invalid message unspecifie...

Page 558: ... Guide 558 Note Some verbose messages may be abbreviated by the router 102 Recovery on timer expired 111 Protocol error unspecified 127 Interworking unspecified 128 General level 2 call control failure probable network failure Code Verbose message ...

Page 559: ...meric equivalent of the clear down code text is a description of the reason for clear down The clear down reason codes supported by the router are listed in the following table If an unknown reason code is received the text field is blank Reason Code Numeric Code Text DTE 0 by remote device OOC 1 number busy INV 3 invalid facility requested NC 5 temporary network problem DER 9 number out of order ...

Page 560: ...auses PAD to transmit an interrupt packet These packets flow outside normal buffering flow control constraints and are used to interrupt the current activity LOG command logoff and disconnect LOG terminates an X 25 session It causes the PAD to clear any active X 25 calls disconnect and return to AT command mode PAR command List Local X 3 parameters PAR lists the local X 3 parameters for the curren...

Page 561: ...e PROF 90 To create a user PAD profile use the SET command to configure the various PAD parameters to suit your application then use the PROF command in the format PROF nn where nn is the number of the User PAD profile to be stored such as 03 Alternatively you can use the web interface to edit the parameters directly Configuration Network Legacy Protocols X 25 PADs n n PAD n PAD Settings The pre d...

Page 562: ...ransit is lost RPAR command Read remote X 3 parameters RPAR lists the current X 3 parameter settings for the remote system RSET command Set remote X 3 parameters RSET sets one or more X 3 parameters for the remote system It is entered in the format RSET par value par value par value SET command Set local X 3 parameters SET sets one or more of the local X 3 parameters for the duration of the curren...

Page 563: ...ligence in the router to minimize the effect of the higher latency Digi TransPort supports being a MODBUS server only Clients such as remote PCs can send overlapping requests The router will create a queue of info requests and deal with them appropriately sending them out over the serial port and relaying the responses back Overlapping polls from multiple clients are supported Modbus Gateway confi...

Page 564: ...eration mode to master or slave Idle Gap When receiving an modbus response from a station when this idle gap pause with no reception of characters is detected the message currently received from the station is at that staged forwarded on as the complete response Fix slave address The address of the slave is fixed at this value An address conversion will occur if a message that does not contain thi...

Page 565: ...n idle_gap 0 2147483647 Idle Gap modbus n fix_slave_address 0 255 Fix slave address modbus n adj_slave_address 0 255 Adjust slave address modbus n ipport0 0 65535 IP Port row 1 modbus n nbsocks0 0 currently available Number of sockets row 1 modbus n ipmode0 0 TCP 1 UDP IP Mode row 1 modbus n rawmode0 1 enabled 0 disabled Raw Mode row 1 modbus n Ipport1 0 65535 IP Port row 2 modbus n nbsocks1 0 cur...

Page 566: ...ting as act as slave Up to 32 slave definitions may be defined Slave addresses unit ids The address of the slave unit Remote Host The IP address of the remote host such as the slave unit IP Port The IP port number The default port is 502 IP Mode Select the IP mode using this drop down list The default mode is TCP Add Click on the add button to add the slave ...

Page 567: ... but the actual LAPD instance used is determined by the NUA LAPB 0 Data is switched from or backed up to LAPB 0 LAPB 1 Data is switched from or backed up to LAPB 1 LAPB 2 Data is switched from or backed up to LAPB 2 LAPB 0 PVC Data is switched from or backed up to an X 25 PVC on LAPB 0 LAPB 1 PVC Data is switched from or backed up to an X 25 PVC on LAPB 1 LAPB 2 PVC Data is switched from or backed...

Page 568: ...i TransPort User Guide 568 Protocol Switch software logic The logic used in the switching software is outlined in the flowchart below The following notes provide a more in depth explanation of the actions taken in each of the numbered boxes ...

Page 569: ... to see if there are any matches for the Called or Calling NUA values on the specified interface When the Interface Description is Off None data is not switched from or backed up from this protocol is a match the NUA In value is substituted by the NUA Out value as the mapping is applied individually to both the Calling NUA and Called NUA for the packet The router checks the leading characters of t...

Page 570: ... Digi TransPort User Guide 570 Digi TransPort Protocol Switch parameters The Configuration Network Protocol Switch menu has the following sub menu options CUD Mappings IP Sockets to Protocol Switch NUA to Interface Mappings NUA Mappings ...

Page 571: ...e to which data should be switched from the drop down list or select Off and the protocol switch will not respond to any incoming XOT PVC calls TCP XOT backup to interface If any of the Switch from parameters has been set to XOT and XOT is unavailable this parameter can be used to specify an alternative interface to switch the X 25 call to Any of the other interfaces can be selected or None If Non...

Page 572: ...ng NUA field D Channel LCN The value of the first LCN assigned for outgoing X25 calls on LAPD D Channel LCN Direction Max VCs Unlimited The maximum number of Virtual Circuits VCs used on an LAPD interface When the maximum has been reached the backup call will take place immediately or the call will clear if there is no backup call If this parameter is set to 0 there is no limit Default Packet Size...

Page 573: ...aining the ENQ character LAPB 0 Default Packet Size 128 256 512 1024 The default packet size for calls being switched onto LAPB 0 The default packet size is 128 Other possible values are 256 512 or 1024 bytes LAPB 0 Default Window Size 2 1 3 4 5 6 7 The default window size for calls being switched onto LAPB 0 The default window size is 2 The valid range is 1 to 7 LAPB 1 Default Packet Size 128 256...

Page 574: ...scii 4 byte On inclusive When IP length header is On a length indicator field is inserted at the start of each packet When set to 8583 Ascii 4 byte the IP length header conforms to the ISO 8583 format Source IP address interface Auto Ethernet PPP The default value for this parameter is Auto which means that the source IP address of an outgoing XOT connection on an un NATed W WAN link is the addres...

Page 575: ...ses are always 0 when issued if the router is the DTE Interpret no facilities on Call Accept as P7W2 When this parameter is set to On the X 25 switch interprets any call accept packets that do not include the window size W or packet size P as if the call accept has P7W2 such as a packet size of 128 bytes and a windows size of 2 Notes on PAD Answering Because the other interfaces can operate as nor...

Page 576: ...0 swfrlapb2pvc 0 10 12 14 15 see below Switch from LAPB 2 PVC to X25sw 0 swfrlapd 0 2 10 12 15 see below Switch from LAPD to X25sw 0 swfrxot 0 3 5 10 12 15 see below Switch from XOT TCP to X25sw 0 swfrxotpvc 0 7 9 10 12 15 see below Switch from XOT PVC to X25sw 0 callprefix NUA Calling Prefix X25sw 0 dlcn 0 65535 D Channel LCN X25sw 0 dlcnup off on Off Down On Up D Channel LCN Direction X25sw 0 dm...

Page 577: ... X25sw 0 ipaddr IP address IP Stream or XOT Remote IP Address X25sw 0 buipaddr IP address IP Stream or XOT Backup IP Address X25sw 0 ip_port 0 65535 IP Stream Port X25sw 0 iphdr 0 1 2 0 Off 1 On 2 8583 Ascii 4 byte IP Length Header X25sw 0 srcipadd Interface number 0 65535 Source IP address interface X25sw 0 srcipent blank PPP ETH Source IP address interface X25sw 0 noswfac off on Don t switch fac...

Page 578: ...Guide 578 Interfaces are coded as follows Parameter value Interface type 0 None 1 LAPD 2 LAPB 0 3 LAPB 1 4 XOT 5 LAPD X actual instance is determined by NUA 6 LAPB 0 PVC 7 LAPB 1 PVC 8 XOT PVC 9 TCP stream 10 UDP stream 12 LAPB 2 13 LAPB 2 PVC 14 VXN 15 SSL ...

Page 579: ...e with four columns in which you can specify the CUD In values corresponding CUD Out values and to which interfaces the mappings should be applied The interface field defines which output interfaces this mapping applies to Wildcard characters are allowed and In each case the interface type to which the mapping applies can be selected from ANY LAPD LAPB0 LAPB1 LAPB2 or XOT Related CLI commands Enti...

Page 580: ...h PAD and not the protocol switch IP Port Used to set up the port numbers for those IP ports that will listen for incoming connections to be switched over X 25 or other protocol In the case of switching to X 25 when such a connection is made the router makes an X 25 Call to the address specified in the X 25 Call field Once this call has been connected data from the port is switched over the X 25 s...

Page 581: ...ntified the X 25 call is made If successful data is switched between the X 25 call and the IP socket The protocol selects whether incoming or outgoing support is required IP length header When IP length header is On the IP length indicator field is inserted at the start of each packet When set to 8583 Ascii 4 byte the IP length header conforms to the ISO 8583 format In the example above 3 IP socke...

Page 582: ...r ipx25 n ip_port 0 65535 IP Port ipx25 n nb_listens 0 software dependent max Number of Sockets ipx25 n x25call NUA NUI or X 25 macro name X25 Call ipx25 n pid hex numbers PID ipx25 n cnf_mode 1 enabled 0 disabled Confirm Mode ipx25 n rfc1086_mode 1 enabled 0 disabled RFC 1086 Mode ipx25 n iphdr 0 Off 1 On 2 8583 Ascii 4 byte IP length header ...

Page 583: ... Legacy Protocols X 25 NUA NUI Interface Mappings page Similarly NUIs can also be matched In this example a call with NUI of value test is switched onto a TCP socket using IP address 100 100 100 1 on port 678 All three comparison fields NUA NUI and Call Data can use the wildcard matching characters and In the example shown above when an X 25 call is received with either the NUA having 1234 followe...

Page 584: ...aip 0 255 ipaddr IP address IP Address nuaip 0 255 ip_port 0 65536 IP Port nuaip 0 255 swto 0 10 12 15 see table below Interface nuaip 0 255 buswto 0 10 12 15 see table below Backup Interface Parameter Value Interface Type 0 Default 1 LAPD 2 LAPB 0 3 LAPB 1 4 XOT 5 LAPD X actual instance determined by NUA 6 LAPB 0 PVC 7 LAPB 1 PVC 8 XOT PVC 9 TCP stream 10 UDP stream 12 LAPB 2 13 LAPB 2 PVC 14 VXN...

Page 585: ...ould be applied and whether the mapping should apply if the router is making the call receiving the call or both For example if the called NUA is 123456789345 and there is an NUA In table entry of 9345 with Called Calling set to either Both or Called this will match and the entire called NUA will be replaced with the corresponding NUA Out entry In each case the interface type to which the mapping ...

Page 586: ... parameters of your router with Digi TransPort Web Interface This section covers configuring alarms on the Configuration Alarms page It covers the following topics Event Settings parameters on page 587 Event Logcodes parameters on page 602 SMTP Account parameters on page 606 ...

Page 587: ...r that ensures that only events having a specified severity or lower level are logged Do not log the following events A numerical list of comma separated values specifying events to be excluded from the log These numerical values can be found in the eventlog txt file on the router After power up wait s seconds before sending Emails SNMP traps SMS or Syslog messages The delay in seconds after power...

Page 588: ...oglevel 0 9 0 none 1 low 9 high Only log events with a log priority of at least n event n ev_filter Comma separated list of event numbers Do not log the following events event n action_dly Number of seconds such as 60 After power up wait s seconds before sending Email SNMP traps SMS or Syslog messages event n incevnums 0 1 Include event number ...

Page 589: ...template is a text file that defines the appearance and content of the email messages generated by the event logger Email template structure An email template consists of a header section followed by a body section One or more blank lines separate the two sections Header section The header section MUST contain the following three fields TO Used to specify at least one recipient s email address Mul...

Page 590: ...ils Date If this field is present in the header the router inserts the current date and time into the header The date and time are values local to the router and do not contain any time zone information Body section The body section can include any text This text is parsed for any function calls that may be present Function calls must be enclosed between and These sequences are substituted by text...

Page 591: ...is blank line is required Time timeSmtp Serial Number serial_number Req CFG_RQ IP Address smtpip PPP 1 IP address pppip 1 Example 2 TO fred anyco com jane anyco co uk FROM MyRouter SUBJECT automatic email MIME Version 1 0 This blank line is required Unit smtpid Event email_event This event had sufficient priority to cause the transmission of this email Please check the attached logs and review ...

Page 592: ... Please check the attached logs and review run_cmd ati5 run_cmd bufs run_cmd msgs You can also specify an extra parameter which indicates the required priority of the event before the command is executed This allows events to be sent off without attachments but if the event has an equal or higher priority than the value of this parameter the attachments are included This ensures that the attachmen...

Page 593: ...er of emails that can be sent during any 24 hour period The intention is to prevent excessive alerts being sent when the event trigger value is set to a high priority low value for example 1 2 or 3 such as a value that results in a large number of automated email alert messages being generated n emails have been sent today A status message indicating how many emails have been sent during the last ...

Page 594: ...les sending alerts Send an email notification when the event priority is at least n event n emax 0 255 Send a maximum of n emails per day event n etemp The name of a template file Default is EVENT EML Use email template file event n to A valid email address such as you yourdomain com Email To event n from A valid email address Email From event n subject A brief description of the content of the em...

Page 595: ... 6 or lower 7 8 or 9 will trigger an automated SNMP trap message To disable SNMP traps set this value to 0 Send a maximum of n SNMP taps per day Sets the limit on the number of emails that may be sent during any 24 hour period The intention is to prevent excessive alerts being sent when the event trigger value is set to a high priority low value for example 1 2 or 3 such as a value that results in...

Page 596: ... value 6 only events with a priority of 6 or higher will trigger an automated SMS alert Setting this field to 0 disables sending SMS alerts Use SMS template The name of the template file that used to form the basis of any alarm messages generated by the event logger The default template file is a file called EVENT SMS that is stored in the compressed web file A new template can be created and if n...

Page 597: ...ority is at least n event n sms_to2 A valid mobile number such as 447871445677 Send SMS messages to event n sms_trig2 0 9 If the event priority is at least n event n sms_to3 A valid mobile number such as 447871445677 Send SMS messages to event n sms_trig3 0 9 If the event priority is at least n event n sms_temp event sms template file stored in the compressed web file Use SMS template event n sms_...

Page 598: ...set the following values in the web interface Local Drive to log to Determines the drive letter where the USB flash drive is located This is designated u for a USB drive Log filename The name of the file for the secondary event log Log size The maximum size of the log file in kilobytes XML logs On platforms that support it event logs can be saved in XML format This field specifies the size of the ...

Page 599: ... will trigger an automated syslog message To disable syslog messages set this value to 0 Send a maximum of n Syslog messages per day Sets the limit on the number of syslog messages that may be sent during any 24 hour period The intention is to prevent excessive alerts being sent when the event trigger value is set to a high priority low value 1 2 or 3 for example such as a value that results in a ...

Page 600: ... a protocol described in RFC 3195 TCP timeout s seconds For TCP communications this parameter sets the timeout on the socket Route using These radio buttons select which method of establishing a route to the server to use Routing table When this radio button is selected the routing table is used to determine the interface that will be used to transmit the syslog message Interface x y If the routin...

Page 601: ...Syslog server IP address syslog n port IP port number Port syslog n mode UDP TCP RFC3195 Mode syslog n tcp_to Timeout in seconds such as 86400 TCP timeout s seconds syslog n source_ent PPP ETH Interface x y x Interface type syslog n source_add 0 4 Interface x y y interface number syslog n priority Hyphen separated 0 7 Comma separated 0 3 5 or all Priority checkboxes syslog n facility Hyphen separa...

Page 602: ...ration options shown on that page are described below Event This is not a configurable parameter it is simply the event number displayed for information only This is the number to refer to when filtering events in the event log settings Configuration Alarms Event Settings Description A description of the event code Clicking on a link in this field brings up the configuration page associated with t...

Page 603: ...his event When checked this checkbox disables logging of the event Note This parameter is not saved in the logcodes txt file but in the config dan file This means that after changing this parameter you must save the changes by clicking the save changes link when prompted this appears after clicking the Apply button If you click the Save All Event Code Changes your changes are not reflected Log Pri...

Page 604: ...e log drive Selecting this checkbox causes a snapshot of the analyser trace to be stored on the USB flash drive If this event creates an Email alarm Attach a snapshot of the Traffic Analyser trace Checking this checkbox causes a snapshot of the analyser trace to be attached to the email After this event Leave the Analyser trace Leaves the analyser trace unchanged Freeze the Analyser trace Causes t...

Page 605: ...his event checkbox There is the following additional parameter Inherit alarm priority from event Selecting this checkbox causes the following Alarm Priority parameter to be disabled and causes the priority to be the same as the event that triggered it The Alarm Priority parameter is the same as in the Configuring Events page Related CLI commands There are no CLI commands for editing Event logcodes...

Page 606: ...it here Username Email accounts are controlled by requiring a username and password in order to send and receive mail This field is where the account username is set This information will be provided by the administrator of the email server Password This field is where the account password is set Confirm Password Used to re enter the password The two passwords are compared to check that they are t...

Page 607: ...o the email header if no reply address exists in the appropriate email template If the email template does contain an address in the reply to field that will override the default reply address Route using Routing table Interface x y When selected the routing code determines the outbound interface and that interface determines the source IP address If the Route using routing table option is not sel...

Page 608: ...assword Free text field containing account password such as my_password Password smtp n mail_from Free text field Display Email From as smtp n att_lim 0 65535 Attachment size limit This CLI value is entered in Kilobytes only smtp n reply_to Free text field If the email template does not contain one use Reply To address smtp n userouting 0 1 Route using routing table smtp n ll_ent Blank PPP ETH Rou...

Page 609: ...n settings for general behavior of the system on the Configuration Systems pages This section covers configuring system settings from the web interface and command line It covers the following topics Device Identity parameters on page 610 Date and Time parameters on page 612 General system parameters on page 621 ...

Page 610: ...ger to manage the router the configuration procedure assigns a device ID to the router The device ID is a 64 byte value with each 8 byte section separated with a character Valid digits are upper case hexadecimal The first 16 digits reading from left to right are normally set to 0 The second 16 digits comprise the MAC address of the primary Ethernet interface and the digits FF to make up the full 8...

Page 611: ...tions of the Description and Hostname fields should be 64 characters Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter snmp n Name Free text field up to 64 characters Description snmp n Contact Free text field Contact snmp n Location Free text field Location cmd n Unitid Free text field Router Identity cmd n Hostname Free text field up to 64 characters Hostname cmd n s...

Page 612: ...em time The router uses the 24 hour clock Current system time The current system time appears at the top of this web page Manually set the time h hours m minutes s seconds M month D day Y year These parameters are set using the associated drop down selection menus Hours Select from the drop down list to set the hours Minutes Select from the drop down list to set the minutes Seconds Select from the...

Page 613: ...Date and Time parameters Digi TransPort User Guide 613 Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter n a n a time hh mm ss DD MM YYYY Manually set the time ...

Page 614: ...to the SNTP server every time it boots Update every h hours The interval in hours the router should wait between updating the system clock Randomly between s1 and s2 seconds It is possible to use a random update interval rather than a fixed interval There are two text entry boxes for this purpose Enter the minimum interval into the left hand box and the maximum desired interval into the right hand...

Page 615: ...ch to daylight saving time Day The day on which to switch to daylight saving time Hour The hour at which to switch to daylight saving time End Month The desired month in which to switch back to GMT UTC Day The desired day on which to switch back to GMT Hour The desired hour at which to switch back to GMT ...

Page 616: ...Update every h hours Default 24 sntp n randintsecs 0 86400 Randomly between s1 and s2 seconds Use format s1 s2 For example min 50 max 500 would be 50 500 sntp n offset 12 to 13 Offset from GMT sntp n dstonmon 0 12 Start Month Update for Daylight Saving Time 0 disables daylight saving sntp n dstonday 0 31 Start Day sntp n dstonhr 0 23 Start Hour sntp n dstoffmon 0 12 End Month sntp n dstoffday 0 31...

Page 617: ...ue is stored in NVRAM and written to the config da0 file If the router loses power or is rebooted it does not need to re calculate the accuracy of the NTP servers again The compensation value is constantly monitored to make sure it remains correct Note Using SNTP achieves an accuracy of around 1 second Using NTP achieves an accuracy of 200 microsecond Not all models support NTP this option only ap...

Page 618: ...address configured in NTP host field The broadcast interval is determined by the value of Minimum poll interval Poll Interval s1 to s2 seconds The minimum and maximum intervals between poll broadcasts The values are time in seconds represented as a power of 2 This means that a value of 4 means that the minimum poll interval is 2 4 16 seconds Startup burst Interval s seconds When connecting to an N...

Page 619: ...t of service y interface number ntp n server Valid IP address or hostname such as ntp1 timeserver org NTP Server ntp n bcast 0 1 Broadcast Mode 0 disabled 1 enabled ntp n minpoll 3 14 Poll Interval s1 s2 3 8 4 16 5 32 6 64 7 128 8 256 9 512 10 1024 11 2048 12 4096 13 8192 14 16384 ntp n maxpoll 3 14 Poll Interval s1 s2 See minpoll for values ntp n burstint 0 255 Startup burst Interval s seconds nt...

Page 620: ...l s seconds ntp n server3 Valid IP address or hostname such as ntp3 timeserver org NTP Server ntp n bcast3 0 1 Broadcast Mode 0 disabled 1 enabled ntp n minpoll 3 14 Poll Interval s1 s2 See minpoll for values ntp n maxpoll 3 14 Poll Interval s1 s2 See minpoll for values ntp n burstint3 0 255 Startup burst Interval s seconds ntp n server4 Valid IP address or hostname such as ntp4 timeserver org NTP...

Page 621: ...le bas must be run at boot up Autorun commands are normally associated with an ASY port but running a script for example is not ASY port specific To configure the autorun commands set the following values The command interface to be associated with the command In the above example this would be set to the number 0 Command The CLI command to run on start up In the above example this field would be ...

Page 622: ... local asynchronous serial port Automatically log user out Never If idle for h hrs m mins s secs How long the local port allows access before terminating the connection and requiring the user to log in again Selecting the Never buttons allows permanent access to the router via the local asynchronous serial port If for security reasons it is required that the access should be limited the appropriat...

Page 623: ...ity access level when using TRANSIP to access the router Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter cmd n tremto 0 86400 seconds Automatically log user out if idle for h hrs m mins s seconds This CLI value is entered in seconds only local n access 0 4 Use access level 0 Super 1 High 2 Medium 3 Low 4 None 8 Read only local n tlocto Free text field Never h hrs m m...

Page 624: ...d be modified during the NAT process The NAT modifications may result in different sized packets being generated that then require that the TCP sequence numbers be modified to allow for the changes SNMP Enterprise number The value of the OID Object IDentifier used by SNMP management tools when accessing the MIB Management Information Block This number must form part of the OID used to access indiv...

Page 625: ...fault 1 On snmp n ftpnatport 0 65535 Additional FTP NAT port snmp n ent_nb 0 65535 SNMP Enterprise Number Default 16378 cmd n ent_name Free text field SNMP Enterprise Name cmd n dnsname Valid Domain name such as mydomain org Only resolve DNS request for domain cmd n gprsled_mode 0 1 W WAN LED to display W WAN ISDN PSTN 0 W WAN 1 ISDN PSTN cmd n asyled_mode 0 1 Serial LED to display Connection DTR ...

Page 626: ... numbers of routers Digi Remote Manager provide a web based interface that shows the configuration of selected routers allows the configuration to be changed and also facilitates remote firmware upgrade The Digi Remote Manager servers also provide a data storage facility Using Digi Remote Manager requires setting up a Digi Remote Manager account Applying for an account is a straightforward procedu...

Page 627: ...Remote Manager parameters Digi TransPort User Guide 627 Remote Manager parameters Remote Manager parameters are configured on the Configuration Remote Management pages ...

Page 628: ...ws the router to detect that it is no longer connected to the server Enabling this checkbox causes the router to attempt a reconnection when it discovers that the connection has been lost Reconnect after h hours m minutes s seconds If the reconnect checkbox is enabled these parameters specify the interval to wait before attempting to reconnect to the server Related CLI commands Entity Instance Par...

Page 629: ...cally establish its EDP connection with Remote Manager Send user defined data to and from Remote Manager and Remote Manager registered router Perform limited device management such as pinging the router as well as provisioning it properly for SMS functionality with Remote Manager For more information on the SMS feature see the Remote Manager User Guide Digi part number 90001436 You can configure t...

Page 630: ...nager client connection requests Enable client connection requests to accept the incoming connections Check this box to enable Remote Manager client connection requests Accept requests to connect to other Remote Manager servers Check this box to accept request to connect to other Remote Manager servers Override the destination phone number with the following number Check this box to override the d...

Page 631: ...ON Default OFF Enable responses to be sent to the sender s phone number cloudsms n pagedconnect OFF ON Default OFF Accept Remote Manager client connection requests cloudsms n connectoverride OFF ON Default OFF Accept requests to connect to other Remote Manager servers cloudsms n phnum Number Override the destination phone number with the following number cloudsms n svcid Number Override the servic...

Page 632: ...e different This is owing to the different characteristics of PPP and Ethernet links Connection Settings Disconnect when Remote Manager is idle Once the router has connected to the Remote Manager server and the server has established that all the settings it holds for the router are current and no new changes are being requested the traffic between the router and Remote Manager server reduces to t...

Page 633: ...xpected This parameter allows for a specified number of lost keep alive packets before the connection is deemed to have failed Ethernet Settings Receive Interval s seconds The time between keep alive packets that the router should wait before considering that the connection may be lost Transmit Interval s seconds The interval between transmission of keep alive packets Assume connection is lost aft...

Page 634: ...idledisconn 0 1 Disconnect when Remote Manager server is idle 0 Do not disconnect 1 Disconnect cloud n disconnsecs 0 28800 Idle Timeout h m s This CLI value is entered in seconds only cloud n ppprxkeepalive 0 28800 WAN Receive Interval seconds cloud n ppptrxkeepalive 0 28800 WAN Transmit Interval seconds cloud n pppwaitfor 1 255 WAN Assume connection is lost after n timeouts cloud n ethrxkeepalive...

Page 635: ...ince the firmware revision is embedded in the Object Identifiers OIDs This MIB provides access to most of the configuration and statistics that are associated with the router The second MIB is the Monitor MIB which is a standard MIB that gives access to various Digi TransPort proprietary objects The OIDs in this MIB do not change with every release although it is possible for new objects to be add...

Page 636: ...tocol Use UDP Port n The UDP port number to use The default is UDP port 161 SNMPv3 Engine ID This is required as part of the SNMP v3 protocol This is a 24 hexadecimal character string any trailing zeroes in this string making the value up to 24 characters can be omitted A remote engine ID is required when a SNMP v3 Inform is configured The remote engine ID is used to compute the security digest fo...

Page 637: ...y Instance Parameter Values Equivalent Web Parameter snmp n v1enable 0 1 Enable SNMPv1 0 Off 1 On snmp n v2cenable 0 1 Enable SNMPv2c 0 Off 1 On snmp n v3enable 0 1 Enable SNMPv3 0 Off 1 On snmp n port 0 65535 Use UDP Port Default 161 snmp n engineid String SNMPv3 Engine ID ...

Page 638: ...MPv1 SNMPv2c Community The text in this text entry box specifies the community string for Version 1 and Version 2c SNMP packets Confirm Community The community string is echoed as dots in the text entry box Having a second confirmation field where the string is retyped allows a simple check to be performed for correct entry ...

Page 639: ...tion privacy algorithm should be applied to the SNMP data Encryption Password The user s password that is used to control the privacy of the SNMP transactions is entered into this text entry box Confirm Encryption Password The encryption password is not shown as clear text The confirmation box allows a simple check that the password has been entered correctly Related CLI commands Entity Instance P...

Page 640: ...of ten entries SNMP filter instances range from 0 to 9 Username The username as configured in the Configuration Security Users section of the user to whom the access restriction is applied OID Prefix The Object ID OID prefix for the range of objects in the MIB that the user is not allowed to view such as 1 3 6 1 2 1 4 Add Adds the username and OID prefix into the table Delete Deletes the associate...

Page 641: ...t Link Down Link Up etc When this checkbox is ticked generic traps are generated Generate Authentication Failure traps Enables the generation of authentication failure traps Generate VRRP traps Checking this checkbox enables the generation of VRRP traps For details on VRRP configuration see Ethernet VRRP Parameters on page 165 Related CLI commands Entity Instance Parameter Values Equivalent Web Pa...

Page 642: ...essage after n seconds The period after which the Inform Request message is retransmitted if no response has been received Retransmit a maximum n times The maximum number of times an Inform Request message is retransmitted If no acknowledgment is received after the maximum number of retransmissions an event is logged Community Enter the desired community string into this text entry box Confirm Com...

Page 643: ...ap n sendInforms on off Send Inform Request messages snmptrap n informto Integer If no response retransmit the Inform Request message after n seconds snmptrap n informretries Integer Retransmit a maximum n times snmptrap n community String Community snmptrap n engineid String Trap Server Engine ID snmptrap n securityname String SNMP User snmptrap n securitylevel noauthnopriv authnopriv authpriv Us...

Page 644: ...ngs from the web interface and command line It covers the following topics System security settings on page 645 Users security settings on page 646 Firewall configuration on page 651 RADIUS parameters on page 682 TACACS parameters on page 687 Advanced security settings on page 691 Command filters on page 692 ...

Page 645: ...urity Disable the following USB devices This parameter provides an option of enabling or disabling any of the following USB devices All devices Mass storage devices Serial devices Hub devices Allow autoexec bat files to run from Mass Storage Devices Enables disables running the autoexec bat files from the mass storage devices Enable Factory Default reset button Enables disables execution of a comp...

Page 646: ...word Confirm Password The password for the user Up to 14 characters are allowed Access Level Selects the access level for the user There are the following options Username Description s Uses the serial number of the router as the username i Uses the IMEI of the cellular module as the username c Uses the ICCID of the SIM as the username Access level Access allowed Super Allows full access to all fa...

Page 647: ...e 647 Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter user 0 name String up to 40 chars Username user 0 password String up to 40 chars Password user 0 access 0 Super 1 High 2 Medium 3 Low 4 None 8 Read Only Access Level ...

Page 648: ...1 From the Main menu navigate to Configuration Security Users User n 2 In the Username field enter the new user name Up to 14 characters are allowed in a username For additional details on the username see User parameters on page 646 3 In the Password Confirm Password field enter the new password For additional details on the password see User parameters on page 646 4 Select the access level for t...

Page 649: ...y newpwd from the configuration Should a negotiation take place during the period where the Alternate Key has been entered into the remote router but not the local router there should be no more than one failed negotiation and only if the remote router is the initiator Remote Peer IP address In certain circumstances it may be desirable for a user connecting in over a PPP connection to be allocated...

Page 650: ...this user to log in over a PPP network user 0 phonenum Number Use this number x when PPP dial back is required for this user user 0 newpwd String up to 14 chars Alternate IKE Key user 0 fieldip IP Address Remote Peer IP address user 0 ipaddr IP Address Remote Peer IP subnet user 0 mask IP Mask Remote Peer IP subnet mask user 0 keyfile Filename Public Key file ...

Page 651: ... firewall configuration Firewall parameters On the Configuration Security Firewalls page firewall configuration done using settings in the table described below There are three other buttons that appear just below the table Their use will also be described Since a default file is supplied when this page loads it will show the rules in the default fw txt file If fw txt does not exist a blank table ...

Page 652: ...re If after reviewing changes to the table it is decided that the edit should be abandoned clicking this button restores the original fw txt to the table provided that they have not been saved Below the firewall editor table is another table that controls the interfaces to which the firewall rules apply Interface A list of the available interfaces to which the firewall rules may be applied Enabled...

Page 653: ...g the stateful inspection rule is removed TCP Closed s seconds The time that a stateful inspection rule remains in place after a TCP connection has closed UDP s seconds The time that a stateful inspection rule remains in place following the receipt of UDP packet The timer is restarted each time packets matching the rule pass in each direction As a consequence rules based on UDP should only be used...

Page 654: ...Open s seconds fwall 0 closing 0 4294967296 TCP Closing s seconds fwall 0 closed 0 4294967296 TCP Closed s seconds fwall 0 udp 0 4294967296 UDP s seconds fwall 0 icmp 0 4294967296 ICMP s seconds fwall 0 other 0 4294967296 Other protocols s seconds fwall 0 maxuni 0 2147483647 Expire entry after n consecutive packets in one direction fwall 0 cntmissedecho OFF ON Default OFF Count missed UDP echo pac...

Page 655: ...s on Whether an interface is OOS out of service ICMP message type TCP flags SYN ACK URG RESET PUSH FIN TOS field Status of a link and or data packets on UDP TCP and ICMP protocols Besides providing comprehensive filtering facilities Digi TransPort routers support rules relating to the logging of information for audit debugging purposes This information can be logged to a pseudo file on the router ...

Page 656: ... a packet matches a filter rule processing still continues and all the other filter rules are checked until the end of the script is reached The action taken on a particular packet is that specified by the last matching rule With the break option the script processing can be redirected to a new location or to the end of the script if required The default action that the firewall assigns to a packe...

Page 657: ...ch that packet was received This technique is sometimes used to confuse hackers by having different responses to different packets or for fooling an attacker into thinking a service is not present on a network The syntax for specifying the return of an ICMP packet is return icmp icmp type icmp code where icmp_type is a decimal number representing the ICMP type or one of the predefined text codes l...

Page 658: ...the rule to pass through the firewall but only if the link is already active debug Causes the router to tag any packets matching the rule for debug This means that for every matching rule that is encountered from this point in the script onwards an entry will be placed in the pseudo file FWLOG TXT dscp Causes any packets matching this rule to have its DSCP value adjusted according to this rule The...

Page 659: ... packet is shown The log field can also be followed by a further sub option that specifies a different type of log output This may either be snmp syslog or event If snmp is specified an SNMP trap containing similar information to the normal log entry is generated when a packet matches the rule If syslog is specified a syslog message is sent to the configured syslog manager IP address This message ...

Page 660: ...ert rule processing here for packets that are not on ppp 0 break end ppp_label insert rule processing here for packets that are on ppp 0 on The interface to which the rule applies must be followed by a valid interface name For example if you were only interested in applying a particular rule to packets being transmitted or received by PPP 0 you would include ppp 0 in the rule Valid interface names...

Page 661: ...ield is also important when stateful inspection is enabled for a rule using the inspect state field as it describes the protocol to inspect see inspect state below dnslist Used to match packets containing DNS names in a given dnslist Following dnslist there needs to be a name of a DNS list as specified by the dns command For example consider the following DNS list dns gglist www Digi co www co nz ...

Page 662: ...rule applies The syntax for specifying an IP address range is ip range all from ip object to ip object flags icmp where ip object addr port comp port range flags flags flags flags icmp icmp type icmp type code decnum addr any ip addr decnum mask ip addr mask hexnum port comp port compare port num port range port port num port num ip addr IP address in format nnn nnn nnn nnn decnum a decimal number...

Page 663: ...PP interface or to the Ethernet interface This is useful when IP addresses are obtained automatically and therefore are not known by the author of the filtering rules For example block in break end on ppp 0 from addr eth 0 to any Address Port translation One further option for specifying addresses is to use address translation The syntax for this is srcdst all fromto ip object to object such as di...

Page 664: ...ny to 10 1 2 63 port 23 28 To simplify ports references some commonly used port numbers are associated with the predefined strings listed in the table below For example in the example above if we substitute the number 23 with the string telnet the rule would be pass break end from any to 10 1 2 63 port telnet Other port keywords that are defined are as follows The service keywords are predefined b...

Page 665: ...e a flag being off with all other flags ignored flags s a As a further example suppose we want to allow outward connections from a machine on 10 1 2 33 to a Telnet server We have to define a filter rule to pass outbound connections and the inbound response packets Because this is an outbound Telnet service we can make use of the fact that all incoming packets will have their ACK bits set Only the ...

Page 666: ...otocol and are frequently exploited by hackers for attacking networks For this reason most network administrators will want to restrict the use of ICMP packets The syntax for including ICMP filtering is icmp icmp type icmp type code decnum icmp type Can be one of the pre defined strings listed in the following table or the equivalent decimal numeric value ICMP Type ICMP Value Unreach 3 Echo 8 Echo...

Page 667: ...also match The ICMP code field is specified with a decimal number For example suppose we wish to allow only echo replies and ICMP unreachable type ICMP packets from interface ppp 0 Then the rules would look something like this pass in break end on ppp 0 proto icmp from any to 10 1 2 0 24 icmp type echorep code 0 pass in break end on ppp 0 proto icmp from any to 10 1 2 0 24 icmp type unreach code 0...

Page 668: ...that some other route with a lower metric will be selected When a firewall stateful inspection rule expires a decision is made as to whether the traffic being allowed to pass by this rule completed successfully or not For example if the stateful rule monitors SYN and FIN packets in both directions for a TCP socket then that rule will expire successfully However if SYNs are seen to pass in one dire...

Page 669: ...ore effective as described below As a consequence of the fact that only the first packet in a TCP handshake will have the SYN flag set we can use a rule that checks the SYN flag pass out break end on ppp 0 from 10 1 2 0 24 to any port 80 flags s inspect state block in break end on ppp 0 The first rule matches only the first outgoing packet because it checks the status of the s SYN flag and will on...

Page 670: ... ICMP packets The ICMP types that can be used with the inspect state option are echo timest inforeq and maskreq Using inspect state with Flags As can be seen above the inspect state option can be used with flags To illustrate this we will refer back to the earlier example of filtering using flags It is possible to simplify the script by using the inspect state option The original script was pass o...

Page 671: ...hey are only allowed in once an echo request has been sent out on that interface The moment that a valid echo reply comes back or there is a timeout echo replies will again be blocked Furthermore the full IP address is checked the IP source and destination must exactly match the IP destination and source of the echo request If you compare this to the rule to allow echo replies in without using ins...

Page 672: ...cs The length of time in seconds for which the routes that are using the specified interface are marked as out of service t secs An optional parameter that specifies the length of time in seconds the router will wait for a response the packet that matched the rule c count An optional parameter that specifies the number of times that the stateful inspection engine must trigger on the rule before th...

Page 673: ...s in a row Routes will come back into service when either the specified timeout expires or if there are no other routes with a higher metric in service PPP interfaces will be re activated when either the routes using them are back in service and there is a packet to route and the AODI mode parameter is set to On TCP example pass out log break end on ppp 3 proto tcp from any to 192 168 0 1 flags S ...

Page 674: ...ne by using the dscp command For example the following rule sets the DSCP value to 46 for almost any type of packet received on ETH 0 from IP address 100 100 100 25 addressed to 1 2 3 4 on port 4000 This allows you to set the DSCP value for almost any type of packet dscp 46 in on eth 0 from 100 100 100 25 to 1 2 3 4 port 4000 As a further example the following rule causes outgoing mail traffic to ...

Page 675: ...e packet is traveling Line The line number of the rule that cause the packet to be logged Hits The number of matches for the rule that caused this packet to be logged Iface The Interface the packet was to be transmitted received on Source IP The source IP address in the IP packet Dest IP The destination IP address in the IP packet ID The value of the ID field in the IP packet TTL The value of the ...

Page 676: ...ody option 15 8 2002 16 27 56 FW LOG Dir IN Line 7 Hits 1 IFACE ETH 0 Source IP 100 100 100 25 Dest IP 100 100 100 50 ID 40140 TTL 128 PROTO ICMP 1 block return icmp echorep log body break end proto icmp icmp type echo From REM TO LOCIFACE ETH 0 45 IP Ver 4 Hdr Len 20 00 TOS Routine Delay Normal Throughput Normal Reliability Normal 00 3C Length 60 9C CC ID 40140 00 00 Frag Offset 0 Congestion Norm...

Page 677: ... Rule block return icmp unreach host unr in log syslog break end on eth 0 proto tcp from any to 100 100 100 50 port telnet Line 10 Hits 4 Syslog message with the body option specified 2002 08 30 16 19 59 User Info100 100 100 50Aug 10 16 21 56 arm 1140 IP Filter Filter Rule block return icmp unreach port unr in log body syslog break end on eth 0 proto tcp from any to 100 100 100 50 port telnet Line...

Page 678: ...t time allowed by the stateful rule for a connection to open can be overridden by using the t secs option Such as to override the default TCP opening time of 60 seconds to 10 seconds pass out break end on PPP 2 proto TCP from 10 1 1 1 to 10 1 2 1 port telnet flags S A inspect state oos 60 t 10 A socket will now only have 10 seconds to become established such as exchange SYNs before the stateful ru...

Page 679: ... also an option rd x to disconnect the interface after a recovery attempt completes You can use this option to deactivate the interface after a recovery failure success or either x is a bitmask indicating the cases where the interface should be deactivated Bit 0 is used to deactivate the interface after a recovery failure Bit 1 is used to deactivate the interface after a recovery success such as r...

Page 680: ...he address lists are created using the following syntax addrs list name address1 address2 address3 address4 Address lists can span multiple lines if required for example addrs list name address1 address2 addrs list name address3 address4 The address list is called using the recovery option pingl An example firewall rule is pass out break end on PPP 1 proto ICMP from 10 1 1 1 to 10 1 2 1 inspect st...

Page 681: ...s created in the FWLOG TXT file as the result of a debug rule can be identified by the short description FW_DEBUG at the top of the log entry An example rule set using a debug rule debug in on ppp 2 proto tcp from any to any port http pass in break end proto tcp from any to any port http flags s sa inspect state pass out break end proto udp If placed at the top of the rule set any packet received ...

Page 682: ...eceived from the first server the second server is tried if configured If that server fails to respond local authentication is used unless disabled If both servers are unreachable and local authentication is disabled all authentication attempts fail If a RADIUS server replies with a REPLY MESSAGE attribute 18 the message is displayed after the login attempt and after any configured post banner mes...

Page 683: ...he above password into this text box so that the router can determine if the two are identical Secondary Authorization Server IP Address a b c d The IP address of the secondary authorization NAS server NAS ID An identifier passed to the secondary authorization NAS and is used to identify the RADIUS client The appropriate value will be supplied by the secondary authorization NAS administrator Passw...

Page 684: ...US packets Confirm Password Type the above password into this text box to enable the router to check that they are identical Secondary Accounting Server IP Address The IP address of the secondary accounting NAS NAS ID An identifier that is passed to the secondary accounting NAS and is used to identify the RADIUS client The appropriate value will be supplied by the secondary accounting NAS administ...

Page 685: ... Authorization Server NAS ID radcli 0 1 password2 Up to 40 characters Secondary Authorization Server Password radcli 0 1 localauth OFF ON Default ON Enable local authorization if there is no response from the authorization server s radcli 0 1 aserver Valid IP Address a b c d Primary Accounting Server IP Address radcli 0 1 anasid Up to 80 characters Primary Accounting Server NAS ID radcli 0 1 apass...

Page 686: ...ADIUS packets Stop the negotiation after n retransmissions The maximum number of times RADIUS data should be transmitted to the NAS before the negotiation is deemed to have failed Stop the negotiation if there is no activity for s seconds The inactivity period after which the negotiation procedure is deemed to have failed Related CLI Commands Entity Instance Parameter Values Equivalent Web Paramet...

Page 687: ...he TACACS client the client first checks to see if a socket to the server primary or backup is already open If a socket is already open that socket is used for the TACACS request If no socket is open the primary server is tried first If the primary server socket fails to open the backup server will be tried Regardless of whether the primary or backup socket connected the primary server is always t...

Page 688: ...n authorized the login is allowed If the connection is via telnet or SSH a welcome message showing the access level and the method of authentication is displayed If the access level was assigned locally the following message is displayed Welcome Your access level is SUPER If the access level was assigned by the TACACS server the following message is displayed Welcome Your access level is obtained ...

Page 689: ...e opened Server Key The encryption key to use when communicating with the secondary server Confirm Server Key Enter the key into this text box to allow the router to confirm that the two entries are identical Enable local authentication if there is no response from the server s When checked this checkbox will allow local authentication if TACACS authentication fails Enable TACACS Authentication Wh...

Page 690: ... key Up to 20 characters Server Key tacplus 0 svr2 Up to 64 characters or valid IP address a b c d Hostname or IP address of server tacplus 0 key2 Up to 20 characters Server Key tacplus 0 localauth OFF ON Enable local authentication if there is no response from the server s tacplus 0 authent OFF ON Enable TACACS Authentication tacplus 0 author OFF ON Enable TACACS Authorization tacplus 0 acct OFF ...

Page 691: ...rface into the adjacent text box The available interface options are Auto PPP Ethernet Response Timeout s seconds Text box Stop the negotiation if there is no activity for s seconds The amount of time in seconds before an inactive socket is closed Related CLI commands Entity Instance Parameter Values Equivalent Web Parameter tacplus 0 ip_ent Blank ETH PPP Blank Auto Use source IP Address x y tacpl...

Page 692: ...te 17 Command Line Response Manipulation which is available on the Digi web site www digi com The table is generated by typing the desired command into the text box and clicking the Add button Once a command has been entered into the table it can be removed by clicking the Delete button that appears on the right hand side Command This text box contains the command to filter Related CLI commands Co...

Page 693: ...ature the ISDN circuit must support the Calling Line Identification CLI facility If CLI is supported incoming calls from specified numbers can be answered normally or rejected with an optional reject code Number The telephone number to either answer or reject Mode The drop down list in this column selects either Answer to answer calls or Reject to reject calls Reject Code The reason code pertainin...

Page 694: ...lity to connect a GPS receiver which enables the router access to geographical position information The GPS module may be internal or external In either situation an internal asynchronous serial ASY port is used for the connection The standard way that GPS modules send the data is using National Marine Electronics Association NMEA standard 0183 messages This protocol is usually simply referred to ...

Page 695: ...e associated checkbox is checked the fix data 2D 3D or no fix will be output Position GLL This checkbox when checked causes the Geographic position Latitude Longitude sentence to be output Active Satellites GSA Checking this checkbox causes the NMEA sentence containing the number of active satellites used to calculate the position to be output Satellites in view GSV Checking this checkbox causes t...

Page 696: ...hat should precede the NMEA data if desired Suffix the message with t A text string that should follow the NMEA data if desired IP Connection 2 Send GPS messages to IP address a b c d The IP address to which the GPS data should be sent Port n The required TCP UDP port number to which the GPS data should be sent Every n interval s How often the GPS data is transmitted to the specified host A value ...

Page 697: ... 0 gga_on 0 1 0 Off 1 On Fix data GGA gps 0 gll_on 0 1 0 Off 1 On Position GLL gps 0 gsa_on 0 1 0 Off 1 On Active Satellites GSA gps 0 gsv_on 0 1 0 Off 1 On Satellites in view GSV gps 0 rmc_on 0 1 0 Off 1 On Position and time RMC gps 0 vtg_on 0 1 0 Off 1 On Course over Ground VTG gps 0 zda_on 0 1 0 Off 1 On UTC and local date time ZDA gps 0 oth_on 0 1 0 Off 1 On All other messages gps 0 IPaddr1 Va...

Page 698: ... port n port n gps 0 nsecs2 Time s seconds every n interval s gps 0 udpmode2 0 1 0 TCP 1 UDP Use TCP UDP gps 0 IPprefix2 Free text Prefix the message with gps 0 IPsuffix2 Free text Suffix the message with Entity Instance Parameter Values Equivalent Web Parameter gps 0 gga_int s seconds 0 255 n a gps 0 gll_int s seconds 0 255 n a gps 0 gsa_int s seconds 0 255 n a gps 0 gsv_int s seconds 0 255 n a g...

Page 699: ...o determine where the GPS messages originate at gps command at gps This command causes messages from the GPS receiver to be sent directly to the ASY port from which the command has been entered This requires that the gpson parameter above is set to on for one of the command interpreter instances As soon as the at gps command has been issued data from the GPS receiver will be sent to that ASY port ...

Page 700: ...This section describes how to manage applications written in the ScriptBasic and Python languages from the web interface and command line It covers the following topics Manage ScriptBasic applications on page 701 Manage Python applications on page 703 ...

Page 701: ... the parameter that appears in the next column Up to 30 parameters can be configured It is best to enter the numbers in a consecutive ascending sequence since this is how the parameters will be referred to in any ScriptBasic script Parameter Type the name of the parameter you wish to create This can be any alphanumeric string These parameters can then be referenced by a ScriptBasic script For exam...

Page 702: ...and basic 0 string1 10 1 1 1 To execute a script from the CLI enter the command bas myscript sb To kill a running script from the CLI enter the command Basic 0 kill Entity Instance Parameter Values Equivalent Web Parameter basic 0 string1 string30 Free form alphanumeric text Parameter basic 0 n a kill Stop bas n a n a Name of ScriptBasic script Run Script ...

Page 703: ...m Python Files page To manage Python application files go to Applications Python Python Files This page has the following settings Module search path Sets the search path for Python modules that are not in the default search path Multiple locations may be specified by separating pathnames with colons such as pymod1 zip python21 zip This causes the interpreter to search for the two compressed files...

Page 704: ...Python scripts pycfg files Displays the status of any Python files pycfg mem Shows the memory usage for the router pycfg scripts Shows the status of any scripts and change count Entity Instance Parameter Values Equivalent Web Parameter pycfg 0 modpath valid search path such as mymod py Module search path pycfg 0 stderr2stdout 0 1 0 Off 1 On Redirect the Python output to debug ...

Page 705: ...nections the web interface and command line It covers the following topics View network interface status on page 706 Manage connections on page 743 Manage position GPS information on page 751 View and manage the event log on page 753 Use the Analyser on page 754 Monitor and manage network top talkers on page 763 ...

Page 706: ...he Ethernet interface This could be either manually configured or assigned via DHCP Mask The mask of the Ethernet interface This could be either manually configured or assigned via DHCP DNS Server Secondary DNS Server The primary and secondary DNS Server IP addresses of the Ethernet interface These could be either manually configured or assigned via DHCP Gateway The IP gateway of the Ethernet inte...

Page 707: ...ts Received The number of broadcast packets received on the Ethernet interface Broadcast Packets Sent The number of broadcast packets sent on the Ethernet interface Multicast Packets Received The number of multicast packets received on the Ethernet interface Multicast Packets Sent The number of multicast packets sent on the Ethernet interface Rx Overruns The number of receive overruns that have oc...

Page 708: ...packets that have been received which are too long Carrier Sense Error The number of carrier sense errors that have occurred These occur when the router attempts to transmit an Ethernet packet but cannot detect the carrier sense condition on the Ethernet network Rx MAC Errors The number of internal errors that have occurred when receiving an Ethernet packet Tx MAC Errors The number of internal err...

Page 709: ...i Fi channel mode that is being used The possible values for this parameter are B G and A Channel The Wi Fi channel being used Bytes Received The number of bytes received on the Wi Fi interface Bytes Sent The number of bytes sent on the Wi Fi interface Packets Received The number of packets received on the Wi Fi interface Packets Sent The number of packets sent on the Wi Fi interface Receive Error...

Page 710: ...ed Wi Fi client Wi Fi Node The Wi Fi node on the router the client is connected to RSSI The signal strength experienced by the Wi Fi client Flags The state information for the Wi Fi client connection Power Save The current power saving state of the Wi Fi client The possible values are Awake and Sleep Neg Rates Mbps The transmission rates that have been negotiated with the Wi Fi client Capability I...

Page 711: ...ienced by the router when connected to the Wi Fi Access Point Flags The state information for the Wi Fi Access Point connection Power Save The current power saving state of the router The possible values are Awake and Sleep Neg Rates Mbps The transmission rates that have been negotiated with the Wi Fi Access Point Capability Info The capabilities of the Access Point that the router is connected to...

Page 712: ...View network interface status Digi TransPort User Guide 712 Mobile interfaces The Mobile interfaces status page displays the current mobile connection network and module information ...

Page 713: ... Location Area Code LAC and the Cell Identifier CI Signal Strength The signal strength in dBm being received by the mobile module The range is 113dBm min to 51dBm max The signal strength bars should match the Signal Strength LEDs on the front of the router Mobile Statistics IP Address The IP address of the mobile interface Primary DNS Address Secondary DNS Address The primary and secondary DNS add...

Page 714: ...n use It may be one of the following GSM GPRS EDGE UMTS HSDPA HSUPA CDMA Manufacturer The manufacturer of the mobile module Model The model of the mobile module IMEI The International Mobile Equipment Identification IMEI of the mobile module ESN The Electronic Serial Number ESN of the mobile module MEID The Mobile Equipment Identifier MEID of the mobile module IMSI The International Mobile Subscri...

Page 715: ...ble Preferred system The preferred technology It can be one of following Auto GSM only WCDMA only For CDMA networks the Mobile Information can have the following items Current system ID The current system ID reported by the mobile module Current network ID The current network ID reported by the mobile module Network The current network reported by the mobile module Signal strength 1xRTT The signal...

Page 716: ... the mobile module Hardware version The hardware version of the mobile module Registration State See Registration Status Roaming status The current roaming status of the mobile module Radio interfaces in use It can be one of the following CDMA 1x EVDO No service Unknown PRL version The version of the Preferred Roaming List PRL loaded on the mobile module Activation status The activation state of t...

Page 717: ...valent Web Parameter modemstat Mobile Information modemstat s Scan for Networks pppstat n Mobile Statistics where n is the PPP interface being used by the mobile interface at mibs ppp n st ats n Displays the current interface statistics at mibclr ppp n s tats n Clears the current interface statistics ...

Page 718: ...us and statistics of the DSL interface Modem Status The current status of the DSL modem On the DR64 platform the values can be one of the following Idle Activating Ghs Training Up Link Uptime The amount of time the modem has been in the Up state Firmware Version The version of the firmware running on DSL modem ...

Page 719: ...ibels on the downstream and upstream DSL channels Attenuation is the measure of how much the signal has degraded between the DSLAM and the DSL modem The lower the attenuation the better the performance will be Noise Margin The current noise margin in decibels on the downstream and upstream DSL channels The noise margin aka Signal to Noise Ratio is the relative strength of the DSL signal to noise T...

Page 720: ...orward error correction FEC code Uncorrected Blocks The number of blocks that were received and could not be corrected by the forward error correction FEC code Overrun Cells The number of cells lost because of overrun errors Idle Cells The number of idle cells received Related CLI commands Command Instance Equivalent Web Parameter adslst n a Displays the current DSL interface status at mibs adsl 0...

Page 721: ...up Lower Layer Down The GRE interface has keepalives enabled but is not getting any response from the configured destination IP Address The configured IP address for the GRE interface Mask The configured IP subnet mask for the GRE interface Source The configured source IP address or interface of the GRE interface Destination The configured destination IP address or domain name of the GRE interface...

Page 722: ...rrors The number of receive errors that have occurred on the GRE interface These can include the received being an invalid GRE packet Tx Errors The number of transmit errors that have occurred on the GRE interface These can include an internal error due to no packet buffers being available Rx Unknown The number of packets that have been received with an unknown IP protocol and have been dropped Tx...

Page 723: ...olumn will only appear when the associated channel becomes active Status The status of each channel The status is either ON or OFF Protocol The protocol in use by the channel This should be as set up in the configuration procedure For D channels this will be LAPD If the associated channel is not active this entry will be blank Action When the link becomes active a button should appear in this colu...

Page 724: ... the interface Bytes Sent The number of bytes sent by the interface LCP Packets Received The number of Link Control Protocol LCP packets received LCP Packets Sent The number of LCP packets sent by the interface PAP Packets Received The number of Password Authentication Protocol PAP packets sent by the interface PAP Packets Sent The number of PAP packets sent by the interface IPCP Packets Received ...

Page 725: ...statistics to be reset to zero Related CLI commands The CLI commands are the same as for other interfaces and are described in the PPP status section The command to obtain the status is pppstat n where n is the interface number for the PPP interface assigned to the PSTN module and is shown at the top of the web page ...

Page 726: ... there is not enough data available when it is about to be transmitted Breaks Received The number of times a break signal has been received Framing Errors Received The number of framing errors that have been detected when receiving data on the serial interface Parity Errors Received The number of parity errors detected when receiving data on the serial interface Buffer Shortages The number of time...

Page 727: ...View network interface status Digi TransPort User Guide 727 Advanced PPP n parameters This page displays the current status and statistics of the selected PPP interface ...

Page 728: ...red or assigned by the remote PPP peer DNS Server IP Address Secondary DNS Server IP Address The primary and secondary DNS server IP addresses that are being used by the PPP interface Outgoing Call To If this is dial out PPP interface this is the number it used to make the call Total Data Transferred The total amount of data bytes received and transmitted on the PPP interface including PPP headers...

Page 729: ...P packets received on the PPP interface BAP Packets Sent The number of Bandwidth Allocation Protocol BAP packets sent on the PPP interface Unknown Packets Received The number of packets received with an unknown or unsupported PPP protocol Receive Errors The number of receive errors that have occurred on the PPP interface Transmit Errors The number of transmit errors that have occurred on the PPP i...

Page 730: ...er of Route Out Of Service messages sent by the firewall to the routing code These messages put routes out of service for a period of time and are sent when enough failed PPP transactions have occurred Related CLI commands Command Instance Parameter Equivalent Web Parameter ppp n status Displays the current status of PPP interface n at mibs ppp n stats n a n a Displays the statistics for PPP inter...

Page 731: ...ute matches the destination IP address of an IP packet Src Addr When source address routing is being used the Src Addr value needs to match the source IP address of an IP packet for the route to be used Gateway The IP address of the next router to which the IP packet will be routed to in order to reach the destination network On PPP and TUN interfaces and ETH interfaces that have the gateway confi...

Page 732: ...te is for a remote network accessed via a PPP connection Static The route is a static route Static RIP The route is a static route that has been updated by RIP RIP The route is a RIP route IBGP The route is an interior BGP route EBGP The route is an exterior BGP route OSPF The route is an OSPF route UP The route is up and can be used for routing DOWN The interface that the route uses is currently ...

Page 733: ...n the IP hash table are flushed out The IP hash table can be flushed manually using the Flush button Entries in the IP hash table are automatically deleted if it is not used for 10 seconds Src IP Address The source IP address of the routed IP packet Src Port The source TCP UDP port of the routed IP packet If the IP protocol is not TCP or UDP then this field is 0 Destination IP Address The destinat...

Page 734: ...er Guide 734 Idx The index in the IP hash table of the entry Usage The number of times the entry has been used Related CLI commands Command Options Equivalent Web Parameter route hash Displays the IP hash table route flush Flushes the IP hash table ...

Page 735: ...Address The destination IP address of the modified IP packet IP Protocol The IP protocol field of the modified IP packet Src Port The source TCP UDP port of the modified IP packet For ICMP packets this defines the ICMP Echo identifier value NAPT Port The new destination TCP UDP of the modified IP packet For ICMP packets this defines the ICMP Echo identifier value Dest Port The original destination...

Page 736: ...rsized Packets The number of packets received by the firewall that are too small Oversized Packets The number of packets received by the firewall that are too large Return TCP RST The number of times the firewall has returned a TCP Reset packet Return ICMP The number of times the firewall has returned an ICMP packet Stateful rule shortages The number of times there has been a shortage of entries s...

Page 737: ...d against the firewall rule Direction The direction of the IP packets that match the firewall rule Src IP Addr The source IP address of the IP packets that match the firewall rule Src Port The source TCP UDP port of the IP packets that match the firewall rule Dest IP Addr The destination IP address of the IP packets that match the firewall rule Dest Port The destination TCP UDP port of the IP pack...

Page 738: ...ackets that match the firewall this defines the new destination TCP UDP port of the IP packets Protocol The IP protocol of the IP packets that match the entry Interface The interface over which the IP packets that match the entry are sent or received Related CLI commands Command Options Equivalent Web Parameter fwall show Displays the Firewall Stateful Inspection table ...

Page 739: ... IP 217 34 133 21 ID 35372 TTL 136 PROTO TCP 6 Src Port FTP CTL 21 Dst Port 16794 block log break end This output shows two example logged packets The output of the 1st logged packet is as follows 5 10 2009 23 12 08 This is the time stamp of the blocked packet FW LOG Dir IN Line 37 Hits 4730 IFACE ETH 3 Dir is the direction of the packet that was logged either IN or OUT of the router Line is the l...

Page 740: ...o which the IP address has been assigned Lease time left mins The length of time in minutes the IP address lease is valid for After this time the DHCP client will need to renew its IP address Mac Address The MAC address Related CLI commands Command Options Equivalent Web Parameter type fwlog txt n a Displays the current Firewall trace Entity Instance Parameter Equivalent Web Parameter dhcp 0 statu...

Page 741: ... has been resolved IP Address The IP address of the hostname TTL The time to live in seconds for the DNS entry When the TTL reaches zero the entry is deleted Related CLI commands Entity Instance Parameter Equivalent Web Parameter dns 0 status Displays the current status of the DNS table dns 0 clear Deletes all the entries in the DNS table ...

Page 742: ... table for a particular interface Priority Q The priority queue in the table TX rate kbps The current transmit rate in kbps of the queue Limit The current transmit rate limit in kbps of the queue Weighted Q length The weighted queue length using the Weighted Random Early Discard WRED algorithm Q length The number of packets on the queue ...

Page 743: ...age has several menu options Manage IP connections This page displays the current status of the TCP sockets on the router The router has two types of sockets Socket type Use TCP Sockets Reserved for WEB and FTP connections General Purpose Sockets Can be used by any application for TCP connections ...

Page 744: ...g used for the TCP connection or is being listened on Remote IP Address The IP address of the remote device that has the TCP connection to the router Remote Port The TCP port being used by the connected remote device SYNs Waiting The number of TCP SYN packets that are currently being processed by the router s Free SYN entries The number of entries available to process an incoming TCP SYN packet Re...

Page 745: ... TransPort User Guide 745 General Purpose Sockets ID The ID of the general purpose socket Owner The software task that created the socket Protocol The protocol being used by the socket Mode The mode of operation of the socket ...

Page 746: ...ice Inactivity Timeout The socket s inactivity timeout in seconds If the timer reaches zero seconds the TCP connection is closed Total Number of Sockets The total number of general purpose sockets available on the router Number of Free Sockets The number of free general purpose sockets available on the router Related CLI commands Command Options Description gpstat Displays the current status of th...

Page 747: ...mote device that is the other end of the IPsec tunnel Local Network The local IP network of the IPsec tunnel that is connected to the router Remote Network The remote IP network of the IPsec tunnel that is connected to the remote device First Rem IP Last Rem IP For IPsec tunnels that have been negotiated using IKEv2 this is the range IP addresses available on the remote IP network First Loc IP Las...

Page 748: ...e time duration is negotiated between the router and the remote device Interface The interface over which the IPsec tunnel operates Related CLI commands Command Options Description sastat dyn Displays the current status of all of the IPsecs tunnels The optional dyn parameter can be used to display the status of the dynamic IPsec tunnels sastat dyn first last Displays the current status of the IPse...

Page 749: ... that have successfully negotiated an IPsec tunnel with the router Peer IP Address The IP address of the remote device Our ID The ID of the router Peer ID The ID of the remote device Dead Peer Detection DPD The DPD status and the time until the next DPD request NATT Local Port The local NAT Traversal port NATT Remote Port The remote NAT Traversal port ...

Page 750: ...er Peer ID The ID of the remote device with which the IKE SA has been negotiated Peer IP Address The IP address of the remote device Our IP Address The IP address the router used to negotiate the IKE SA Time Left The time remaining in seconds for the IKE SA to remain in force Session ID The ID of the IKE SA Internal ID An internal identifier for the IKE SA ...

Page 751: ...dule No of Satellites The current number of satellites being used as indicated in the last GGA message from the GPS module Type of fix The current fix status as indicated in the last GGA GLL or RMC message followed by the type of fix such as 2D 3D or no fix as indicated in the last GSA message UTC The current UTC time as indicated in the last ZDA GGA GLL or RMC message from the GPS module True Hea...

Page 752: ...ndicated in the last RMC message from the GPS module It can be either Valid or Not Valid IP Connections The current IP address port number connection type and status of the IP connections Related CLI commands Command Options Description at mibs gps 0 stats Displays the current status of the GPS receiver ...

Page 753: ...ining the date time and a brief description of the event In some case it may also identify The type number of the protocol instance the generated the message such as PPP 0 A reason code Additional information such as an X 25 address or ISDN telephone number The specific events that generate a log entry are pre defined and cannot be altered although the text and priority of each event can be modifi...

Page 754: ...re captured and included in the analyzer trace You can choose to capture Layer 1 physical PPP Layer 2 Layer protocol the Network Layer Layer 3 protocol or any combination by checking or clearing the appropriate check boxes In addition you may select XOT X 25 over TCP IP tracing if this feature is included on the router Enable IKE debug Enables or disables including IKE packets in the analyser trac...

Page 755: ... with a reason for why the packet was discarded Trace loopback packets Enables or disables the capture of IP loopback packets IP Packet Filters Discarded IP Packet Filters TCP UDP Ports This parameter filters out TCP or UDP packets with particular source or destination port numbers The format of this parameter is a comma separated list of port numbers For example you may wish to exclude the captur...

Page 756: ...ntity Instance Parameter Values Equivalent Web Parameter ana 0 anon on off Enable Analyser ana 0 maxdata 16 2000 Maximum packet capture size ana 0 logsize 3 180 Log Size ana 0 l1on on off Protocol Layers Layer 1 ana 0 l2on on off Protocol Layers Layer 2 ana 0 l3on on off Protocol Layers Layer 3 ana 0 xoton on off Protocol Layers XOT ana 0 ikeon on off Enable IKE debug ana 0 qmion on off Enable QMI...

Page 757: ...list Discarded IP Packet Filters IP Protocols ana 0 discipaddfilt Comma separated list Discarded IP Packet Filters IP Addresses eth n ethanon on off Ethernet Interfaces eth n ipanon on off IP Sources ovpn n ipanon on off IP Sources ppp n ipanon on off IP Sources ppp n pppanon on off PPP Interfaces tun n ipanon on off GRE IP Sources tun n tunanon on off GRE Tunnel Interfaces Entity Instance Paramet...

Page 758: ...lowmsgcmd Command String Run this command when the number of free system messages match lowmsglvel ana 0 lowmsglev Integer Free system message threshold used by lowmsgcmd ana 0 logdrive String Specifies an alternate file system drive on which to store the analyser trace To use an external USB flash device this should be set to u If the router has an internal SDIO flash device it can be selected wi...

Page 759: ...ransPort User Guide 759 ISDN Sources LAPB Links LAPD2 LAPD1 LAPD0 Value OFF OFF OFF 0 OFF OFF ON 1 OFF ON OFF 2 OFF ON ON 3 ON OFF OFF 4 ON OFF ON 5 ON ON OFF 6 ON ON ON 7 LAPD1 LAPD0 Value OFF OFF 0 OFF ON 1 ON OFF 2 ON ON 3 ...

Page 760: ... on which hardware and software options are available Raw Sync Interfaces To enable the analyser on multiple serial interfaces add the appropriate values together For example to enable the analyser on Physical Ports 0 and 1 the value should 24 8 16 Interface Value Serial 0 1 Serial 1 2 Serial 2 4 Serial 3 8 Serial 4 16 Serial 5 32 Serial 6 64 Serial 7 128 Serial 8 256 Serial 9 512 Serial 10 1024 S...

Page 761: ...de 761 Display analyser trace Management Analyser Trace displays the current analyser trace Related CLI commands Command Options Description type ana txt Displays the contents of the event log ana 0 anaclr Clears the contents of the event log ...

Page 762: ...bility to diagnose network protocol issues with relative ease There are several PCAP files which are available to download Each file contains a different set of captured packets Wireshark is free software and can be obtained from http www wireshark org Option PCAP File Contents IP anaip pcap IP traffic captured from all enabled IP sources Ethernet anaeth pcap Ethernet traffic captured from all ena...

Page 763: ...them from using bandwidth The Management Top Talkers page has the following menu options Top Talkers settings Management Top Talkers Settings displays the current settings for the Top Talkers monitor Ethernet Interfaces The checkboxes under this heading are used to select the Ethernet interfaces that Top Talkers will monitor PPP Interfaces The checkboxes under this heading are used to select the P...

Page 764: ...Monitor and manage network top talkers Digi TransPort User Guide 764 Display Top Talkers trace Management Top Talkers Trace displays the current top talkers trace For example ...

Page 765: ...ming the following topics from the web interface and command line View system information on page 766 Manage files on page 769 Manage X 509 certificates and host key pairs on page 788 Update firmware on page 797 Reset the router to factory default settings on page 798 Execute a command on page 799 Save configuration settings to a file on page 800 Reboot the router on page 801 ...

Page 766: ...gi part number of the router Ethernet 0 MAC Address The MAC address of the Ethernet 0 interface Firmware Version The firmware version that is currently running on the router SBIOS Version The SBIOS firmware version that is currently running on the router Build Version The build configuration of the firmware that is currently running on the router HW Version The hardware version on the router This ...

Page 767: ... of RAM that is fitted on the router Used Memory The amount of RAM that is currently being used on the router Free Memory The amount of RAM that is currently free on the router Mobile Module Which mobile module is fitted on the router SW Opts Which firmware options are enabled on the router SW Cnts Configuration parameters used by firmware Switch Mode The current setting of the Ethernet switch on ...

Page 768: ...nd Options Equivalent Web Parameter ati5 n a Model Firmware Version SBIOS Version Build Version Mobile Module SW Opts hw n a Part Number Ethernet 0 MAC Address HW Version cpu n a CPU Utilization uptime n a Up Time time n a Date and Time mem n a Total Memory Used Memory Free Memory ...

Page 769: ...command and S register settings are stored in one file named SREGS DAT Filename Description ana txt Pseudo file for Protocol Analyser output config da0 Data file containing Config 0 settings direct File directory eventlog txt Pseudo file for Event Log output fw txt Firewall script file fwstat txt Firewall script status file image Main system image web File containing compressed Web pages for your ...

Page 770: ...of AT command and S register settings are called a profile Two such profiles profile 0 and profile 1 can be stored for each ASY port in a file called SREGS DAT To save the file use the Save Profile button on the relevant Configuration Network Interfaces Serial Serial Port n web page or use the AT W command Saving the settings for one ASY port does not save the settings for the other ports You must...

Page 771: ...d from default and the configuration is saved The encrypted versions of the default passwords are then removed from the config da0 file and the new pwds da0 is created and used instead If the pwds da0 file is deleted all remote access to the router that requires authentication will fail a serial cable connection will be required to re configure passwords to gain access to the router If both the pw...

Page 772: ...ers followed by the separator and a 3 character extension The filing system is used to store the system software Web pages configuration information and statistics in a single root directory Files appear as hyperlinks which can be downloaded and displayed in the web browser as long an appropriate viewer is installed and a file association with the viewer has been made The directory listing of file...

Page 773: ...Manage files Digi TransPort User Guide 773 For example ...

Page 774: ...file for deletion File The name of the file in the flash file system Size bytes The size of the file in bytes This is not a fixed value When downloaded the size of the downloaded file will be different Access This is the access settings for the file Last Modified The date and time of when the file was last modified Delete Selected Files This button is used to delete the selected files Related CLI ...

Page 775: ...le The web file is shown on the FLASH file system as a single file This file is compressed and holds approximately 300 files Direct access to these files by an engineer is not normally required File The name of the file in web file Size Bytes The size of the file in bytes Compressed Size Bytes The compressed size of the file in bytes ...

Page 776: ...it text files on the router Filename The name of the file to edit In this field you can create a new file by typing in the filename and clicking on the Save File button Load File Load the file specified in the Filename field into the editor box Save File Save the file to the flash file system ...

Page 777: ...The del command returns OK if files have been deleted or ERROR if no matching files have been found DIR command List the file directory The dir command displays the file directory For example dir direct 60720 ro 11 30 41 31 Jan 2011 CRC sbios 524288 ro 11 30 43 31 Jan 2011 CRC 6ba8 mirror 60720 ro 11 30 41 31 Jan 2011 CRC image 4300995 rw 15 22 23 31 Jan 2011 CRC ab19 sregs dat 4096 rw 11 30 41 31...

Page 778: ...ces one file with another while retaining the original filename The format is move fromfile tofile For example the command move fw temp txt fw txt deletes the file called fw txt and then rename the file called fw temp txt as fw txt REN command Rename a file The ren command renames files in the filing system The format is ren oldfilename newfilename SCAN SCANR command Scan the file system The scan ...

Page 779: ... 3 eth 4 descr ATM PVC 0 XMODEM command Initiate an XMODEM file upload The xmodem command initiates an XMODEM file upload from the port at which the command is entered The format is xmodem filename filename The name under which the file will be saved when the upload is complete After the xmodem command is entered the router waits for your terminal program to start transmitting the file When the up...

Page 780: ...he reset button one or more times The batch file to be executed must be called pb n bat where n is the number of times the reset button is to be pressed to execute the file SD memory card support Some TransPort routers are available with internal SD memory card the drive letter assigned to this card is s To access the SD memory using an FTP client the subdirectory assigned is sdmmc The SD card can...

Page 781: ...rage device enter the command dir u SERIALS TXT 1843 EVENTL 1 TXT 1449 USB TXT 4278 MASSR1 1 TXT 1255 OK If the USB storage device is empty the following message is displayed No files If no USB device is present the following message is displayed No USB flash directory Example 2 To copy a file named image from the main flash memory onto the USB device enter the command copy image u image To copy a...

Page 782: ...ivate the new firmware Use USB devices with all files The following functionality is available from firmware version 4910 onwards A all file is a special file that contains all of the firmware and configuration files in a single file that has the file extension all and is an exact copy of the TransPort router in its current state This all file can then be applied to another TransPort router as lon...

Page 783: ...hen using the uflash command the filename should not be prefixed with u as the uflash command can only act on files stored on a USB storage device For example To create a key enter the command usbcon 0 flashkey To encode this key onto a file called autoexec bat on the USB storage device enter the command uflash autoexec bat put To remove a key from a file use the uflash command parameter clr uflas...

Page 784: ...op port p port if connected to a USB hub the port numbers can increase DRIVER MSD for Mass Storage Device SERIAL for serial devices or HUB for hub devices For example To disable a Flash Stick on the top port only usbcon 0 dislist usb 2 2 MSD To use wildcards to disable flash devices entirely usbcon 0 dislist usb MSD This will match on ALL MSD devices even if in another HUB To disable both external...

Page 785: ...er line that are parsed at boot The commands in this file differ depending on the model of the router the firmware in use and the hardware options installed You can create a single universal configuration file using tags defining sections that only relate to a specific hardware type or firmware version The tag values that can be used are The base model for example DR6410 The complete model for exa...

Page 786: ...nsPort DR64 dr6410 8W OPTION_3G ISDN DSL 61690 OK Example scenario A single configuration file is required for a range of DR6410 routers there is a mix of three types of 3G WWAN modules and some have GPRS modules installed Different W WAN modules need different modemcc commands to correctly configure the ASY ports All these modules can have their own specific commands in one config file ...

Page 787: ...ific config modemcc 0 asy_add 7 modemcc 0 info_asy_add 8 End of Novatel specific config NOVATEL_3G OPTION_3G Start of Option specific config modemcc 0 asy_add 7 modemcc 0 info_asy_add 9 End of Option specific config OPTION_3G SIERRA_3G Start of Sierra specific config modemcc 0 asy_add 7 modemcc 0 info_asy_add 10 End of Sierra specific config SIERRA_3G End of DR6410 H0A config DR6410 H0A DR6410 E0A...

Page 788: ...ertificates issued by the CA contain a public key The certificate also contains information about the individual or organization to which the public key belongs A CA verifies digital certificate applicant s credentials The CA certificate allows verification of digital certificates and the information contained therein issued by that CA Installed Certificate Authority Certificates This table lists ...

Page 789: ...g If the port is 0 the default port of 80 will be used Path The path on the server to the SCEP application The path can either be entered manually if known or select from cgi bin or Microsoft SCEP from the drop down list Application The SCEP application running on the server CA identifier The identifier for the CA server The CA identifier to use to identify a particular CA when multiple CAs might ...

Page 790: ...routers and support SSH and HTTPS connections For more information on using certificates with the router See the Application Note 22 IPSec VPN tunnel between two Digi Routers using Certificates and SCEP available at www digi com Installed Certificates This table lists the current certificates that have been installed onto the router It is possible to view the contents of each certificate using the...

Page 791: ...ify a CA encryption certificate by looking at the X 509 Key Usage section in the certificate It should display something like the following X509v3 Key Usage critical Key Encipherment Data Encipherment If a CA encryption certificate has been installed by the CA you wish to use for the certificate request enter the CA encryption certificate If no CA encryption certificate has been installed for the ...

Page 792: ...r is important as the common name will be used as the router s ID for IKE negotiations Country Code C The two character county code of where the router is located A list of valid country codes can be found at http www iso org iso english_country_names_and_code_elements State or Province ST The state county or province of where the router is located Locality L The town or city of where the router i...

Page 793: ...0 cafile Filename CA certificate scep 0 caencfile Filename CA encryption certificate scep 0 casigfile Filename CA signature certificate creq 0 challenge_pwd String Enrolment Password creq 0 commonname String Common Name CN creq 0 country String Country Code C creq 0 state String State or Province ST creq 0 locality String Locality L creq 0 orgname String Organisation O creq 0 org_unit String Organ...

Page 794: ...tificate request enter the command creq new k priv key file o cert request file To generate a private key and a certificate request enter the command creq new b priv key length k priv key file o cert req file For example to generate a certificate request file called request pem from a private key called priv001 pem enter creq new kpriv001 pem o request pem To generate a 512 bit private key called ...

Page 795: ...ey filename A name for the private key The filename must be prefixed with priv and have a pem extension Key size The size of the private key in bits The larger the key the more secure the connection But also the larger the key the slower the connection The key size can be one of the following 384 512 768 1024 1536 2048 Save in SSHv1 format If this checkbox is checked the private key will be genera...

Page 796: ... enter genkey 1024 privkey pem You will see the following output OK Starting 1024 bit key generation Please wait This may take some time Key generated saving to FLASH file privkey pem Closing file Private key file created All tasks completed Private key files Splitting certificates For increased security you can split the private key file between the router flash and an USB memory stick Once a pri...

Page 797: ...nload the zip file to your PC before starting the firmware update Note Do not navigate away from the Update Firmware page while an update is in progress as that action can cause the update to abort prematurely CAUTION Do not remove the power from the router while an update is in progress as it can corrupt the router s flash file system and might leave the router unable to boot up Model The model o...

Page 798: ... network settings that are preserved are Ethernet 0 IP address Ethernet 0 Mask Ethernet 0 Gateway Ethernet 0 DHCP Client Ethernet 0 DNS Server Default Route 0 Interface PPP 1 Username PPP 1 Password PPP 3 Username PPP 3 Password Mobile APN Mobile SIM PIN Restore Initiates a factory reset of the router Related CLI commands To reset the router s configuration to the factory defaults use the followin...

Page 799: ... once the factory reset is complete Do not remove the power while the router is running this reset procedure Using this method will not preserve any settings To disable the reset button enter cmd 0 pbreset off To re enable the reset button functionality enter cmd 0 pbreset on Execute a command The Administration Execute a Command page allows CLI commands to be entered via the web browser Almost al...

Page 800: ...n box The default power up profile is profile 0 Save all configuration The Save All button saves the router s entire configuration The current configuration parameters are saved to config da0 or config da1 file The ciphered versions of the passwords are saved to the pwds da0 or pwds da1 file The Firewall configuration is saved to the fw txt file The serial port configuration is saved to profile 0 ...

Page 801: ...een created and sent TCP sockets have been closed PPP interfaces have been disconnected Immediately Causes the router to reboot after a few seconds The router will cleanly terminate any TCP and VPN connections before rebooting In h hrs m mins s secs Cause as reboot to be scheduled after the configured period of time A scheduled reboot can be canceled by clicking the Cancel button Related CLI comma...

Page 802: ...ting your Digi TransPort device and covers resolution of several common issues It covers the following topics Troubleshooting Resources on page 803 Download the debug txt file on page 804 Cannot open the web interface on page 805 Cannot log into the web interface on page 805 Troubleshoot the LTE MIMO antenna orientation on page 805 ...

Page 803: ...ase Digi TransPort support documents If the knowledge base or support forums do not have the information you need fill out an Online Support Request via https mydigi secure force com customers You will need to create a user account if one is not already set up When submitting a support request please include a copy of the debug txt file from the device s flash This will greatly improve the quality...

Page 804: ...o Administration File Management FLASH Directory 3 The debug txt file is usually the last file listed Right click on debug txt and click Save target as 4 Send the debug txt file as an attachment Note For Digi TransPort WR44 RR there are several ways to download the debug txt file For information on the other methods see Quick Note 24 Extracting the debug txt file from a Digi TransPort or Sarian ro...

Page 805: ...ck the PC s IP configuration Make sure it is set to obtain an IP address automatically If not configure it to automatically obtain the IP address Refresh the PC s IP settings by opening a command window and entering the following commands ipconfig release ipconfig renew Check the PC s LAN connection and any LAN device such as an Ethernet switch that connects to the router Make sure the PC is conne...

Page 806: ...SL Asymmetric Digital Subscriber Line AES Advanced Encryption Standard AFE Analogue Front End AH Authentication Header AIS Alarm Indication Signal AODI Always On Dynamic ISDN APACS Association of Payment Clearing Services the UK payments association APN Access Point Name ATM Asynchronous Transfer Mode or Automatic Teller Machine ARFCN Absolute Radio Frequency Channel Number ...

Page 807: ...col CLI Calling Line Identification or Command Line Interface CRC Cyclic Redundancy Code CTS Clear To Send CUD Call User Data CUG Call User Group D DCE Data Communication Equipment DER Distinguished Encoding Rules DES Data Encryption Standard DHCP Dynamic Host Configuration Protocol DLSw Data Link Switching DNS Domain Name Server DPD Dead Peer Detection DSCP Differentiated Services Code Point DSL ...

Page 808: ...st Out FQDN Fully Qualified Domain Name FTP File Transfer Protocol G GPRS General Packet Radio System GPS Global Positioning System GRE Generic Routing Encapsulation GSM Global System for Mobile Communications H HDLC High Level Data Link Control HEC Header Error Control HMAC Hash Message Authentication Code HSDPA High Speed Downlink Packet Access HSUPA High Speed Uplink Packet Access ...

Page 809: ...ity IP Internet Protocol IPCP Internet Protocol Control Protocol IPSec Internet Protocol Security ISAKMP Internet Security Association and Key Management Protocol ISDN Integrated Services Digital Network L L2TP Layer 2 Tunnelling Protocol LAC Location Area Code LAI Location Area Identity LAN Local Area Network LAPB Link Access Procedure Balanced LAPD Link Access Protocol D channel LCN Logical Chan...

Page 810: ...oint to Point Encryption MRU Maximum Receive Unit MSN Multiple Subscriber Number MSS Maximum Segment Size MTU Maximum Transmit Unit N NAPT Network Address and Port Translation NAS Network Access Server NAT Network Address Translation NCC Network Colour Code NOM Network Operation Mode NUA Network User Address NUI Network User Identifier O OAM Operation Administration and Maintenance OOS Out Of Serv...

Page 811: ...FC Protocol Field Compression PFS Perfect Forwarding Security PID Protocol Identifier PIN Personal Identity Number PLMN Public Land Mobile Network PPP Point to Point Protocol PPPoA Point to Point Protocol over ATM PPPoE Point to Point Protocol over Ethernet PSDN Packet Switched Data Network PSI Packet System Information PSTN Public Switched Telephone Network PUK Power Up Key PVC Permanent Virtual ...

Page 812: ...ronous Balanced Mode SABME Set Asynchronous Balanced Mode Extended SCEP Simple Certificate Enrolment Protocol SDLC Synchronous Data Link Control SHA 1 Secure Hash Algorithm 1 SMS Short Message Service SMTP Simple Mail Transfer Protocol SNA Systems Network Architecture SNAIP Systems Network Architecture over Internet Protocol SNMP Simple Network Management Protocol SNTP Simple Network Time Protocol...

Page 813: ...assembler U UBR Unspecified Bit Rate UDP User Datagram Protocol UMTS Universal Mobile Telecommunications System USB Universal Serial Bus V VLAN Virtual Local Area Network VPN Virtual Private Network VRRP Virtual Router Redundancy Protocol W WAN Wide Area Network WCDMA Wide band Code Division Multiple Access WRED Weighted Random Early Dropping W WAN Wireless Wide Area Network X XOT X 25 Over TCP ...

Search results

Summary of Contents for TransPort

Reviews:

Related manuals for TransPort

Brands by name

Popular brands

Digi TransPort, User Manual

Search results

Summary of Contents for TransPort

Reviews:

Related manuals for TransPort

Brands by name

Popular brands