Digi TX54 User Manual Download | Manualshive

Page: 456 / 1087

background image

Virtual Private Networks (VPN)

OpenVPN

TX54 User Guide

456

n

OpenVPN managed—The TX54 device creates the interface and then uses its standard
configuration to set up the connection (for example, its standard DHCP server configuration).

n

Device only—IP addressing is controlled by the system, not by OpenVPN.

Additional OpenVPN information

For more information on OpenVPN, see these resources:

Bridging vs. routing

OpenVPN/Routing

Configure an OpenVPN server

Required configuration items

n

Enable the OpenVPN server.

The OpenVPN server is enabled by default.

n

The mode used by the OpenVPN server, one of:

l

TUN (OpenVPN managed)

—Also known as routing mode. Each OpenVPN client is assigned

a different IP subnet from the OpenVPN server and other OpenVPN clients. OpenVPN
clients use Network Address Translation (NAT) to route traffic from devices connected on
its LAN interfaces to the OpenVPN server.

l

TAP - OpenVPN managed

—Also know as bridging mode. A more advanced

implementation of OpenVPN. The TX54 device creates an OpenVPN interface and uses
standard interface configuration (for example, a standard DHCP server configuration).

l

TAP - Device only

—An alternate form of OpenVPN bridging mode, in which the device,

rather than OpenVPN, controls the interface configuration. If this method is is, the
OpenVPN server must be included as a device in either an interface or a bridge.

n

The firewall zone to be used by the OpenVPN server.

n

The IP network and subnet mask of the OpenVPN server.

n

The server's Certificate authority (CA) certificate, and public, private and Diffie-Hellman (DH)
keys.

n

An OpenVPN authentication group and an OpenVPN user.

n

Determine the method of certificate management:

l

Certificates managed by the server.

l

Certificates created externally and added to the server.

n

If certificates are created and added to the server, determine the level of authentication:

l

Certificate authentication only.

l

Username and password authentication only.

l

Certificate and username and password authentication.

If username and password authentication is used, you must create an OpenVPN authentication
group and user. See

Configure an OpenVPN Authentication Group and User

for instructions.

n

Certificates and keys:

l

The

CA certificate

(usually in a ca.crt file).

l

The

Public key

(for example, server.crt)

«
...
454
455
456
457
458
...
»

Summary of Contents for TX54

Page 1: ...TX54 User Guide Firmware version 22 2 ...

Page 2: ...r listing available carriers for the current modem and SIM l Manual carrier selection option to allow you to lock the SIM to a specific carrier n Enhanced serial support l Certificate management control for TCP and autoconnect serial port setups l Autoconnect n Enhanced Wi Fi support l Support 5GHz DFS Wi Fi channels in client mode Only available for devices with 5GHz Wi Fi radio support l Added 5...

Page 3: ...play active DNS servers and their associated interface n Added a show ntp command to the Admin CLI to display the status of the NTP service n Expanded Port forwarding option to support a range of ports including one to one and many to one port mappings n Added options to control packet filtering for the network analyzer n VPN enhancements l IPsec enhancements o Added support for multiple remote en...

Page 4: ...ce l Added support for 40Mhz channel bandwidth on 2 4GHz n VPN enhancements l Added support for L2TPv3 tunneling l New option to enable disable or force IPsec IKE fragmentation n Improved options for creating a custom default configuration l system backup CLI commands for generating a custom default config file based on the active config settings on the device l New section on the File System page...

Page 5: ... lease command to remove all dynamic DHCP leases or certain DHCP leases based on MAC address or IP address n Added speedtest command for performing on demand iPerf or nuttcp speedtests n Local users are now required to be assigned to an authentication group n New Network Advanced Sequential DHCP address allocation configuration setting for controlling if DHCP addresses are assigned sequentially or...

Page 6: ...Include the mode indicator field in NMEA messages constructed when a GPS fix isn t obtained n SureLink enhancments l Added new settings under cellular Surelink options to have the device reset the cellular modem if a specified number of Surelink tests fail l Added show surelink Admin CLI command n Serial port enhancements l New option to add and configure an external USB to serial adapter l Disabl...

Page 7: ...SureLink failures are required prior to switching to the alternate SIM n New Socket ID string option to send the configured text to the remote server s when a TCP socket connection is opened to the serial port n New system power ignition off_delay CLI command for manually adjusting the power off delay from ignition sensors without having to adjust the configuration settings of the Digi device n Ne...

Page 8: ...ollowing information Product name and model Product serial number s Firmware version Operating system browser if applicable Logs from time of reported issue Trace if possible Description of issue Steps to reproduce Contact Digi technical support Digi offers multiple technical support plans and service packages Contact us at 1 952 912 3444 or visit us at www digi com support Feedback To provide fee...

Page 9: ...27 TX54 front view 27 TX54 LEDs 28 Single cellular models 28 Dual cellular models 28 Dual Wi Fi models 28 Power 28 GNSS Service 29 Wi Fi Service single Wi Fi models 29 Wi Fi1 Service dual Wi Fi models 29 Wi Fi2 Service dual Wi Fi models 29 WWAN Signal 29 WWAN Service 29 Ethernet 1 4 Link and Activity on rear panel 29 Power sensor and button behavior 30 TX54 back view 30 Digi TX54 serial connector ...

Page 10: ... parameters and list arrays 52 Use the DELETE method to remove items from a list array 53 Using the command line 55 Access the command line interface 55 Log in to the command line interface 55 Exit the command line interface 56 Interfaces Wide Area Networks WANs 58 Wide Area Networks WANs and Wireless Wide Area Networks WWANs 60 Configure WAN WWAN priority and default route metrics 60 WAN WWAN fai...

Page 11: ... 199 Configure Application mode 204 Configure UDP serial mode 206 Configure Modbus mode 211 Add a USB serial port 215 Show serial status and statistics 229 Log serial port messages 230 Wi Fi Wi Fi configuration 232 Default access point SSID and password 232 Default Wi Fi configuration 232 Configure the Wi Fi radio s channel 234 Configure the Wi Fi radio to support DFS channels in client mode 236 R...

Page 12: ...tomize the hotspot login page 334 Edit sample hotspot HTML pages 335 Upload custom hotspot HTML pages 336 Restore hotspot default sample pages 338 Hotspot RADIUS attributes 339 Routing IP routing 341 Configure a static route 342 Delete a static route 345 Policy based routing 347 Configure a routing policy 347 Example Dual WAN policy based routing 356 Example Route traffic to a specific WAN interfa...

Page 13: ...s 492 Example GRE tunnel over an IPSec tunnel 493 L2TP 508 Configure a PPP over L2TP tunnel 508 Configure SureLink active recovery for PPP over L2TP 518 L2TP with IPsec 526 Show L2TP tunnel status 526 L2TPv3 Ethernet 528 Configure an L2TPv3 tunnel 528 Show L2TPV3 tunnel status 533 NEMO 534 Configure a NEMO tunnel 534 Show NEMO status 540 Services Allow remote access for web administration and SSH ...

Page 14: ...ation to run automatically 676 Start a manual script 679 Stop a script that is currently running 680 Show script information 681 Run a Python application at the shell prompt 682 Start an interactive Python session 684 Digidevice module 686 Use digidevice cli to execute CLI commands 687 Use digidevice datapoint to upload custom datapoints to Digi Remote Manager 688 Use digidevice config for device ...

Page 15: ... device to use an LDAP server 770 Configure serial authentication 775 Disable shell access 777 Set the idle timeout for TX54 users 779 Example user configuration 782 Example 1 Administrator user with local authentication 782 Example 2 RADIUS TACACS and local authentication for one user 784 Firewall Firewall configuration 792 Create a custom firewall zone 792 Configure the firewall zone for a netwo...

Page 16: ...boot your device immediately 873 Schedule reboots of your device 874 Erase device configuration and reset to factory defaults 875 Configure the TX54 device to use custom factory default settings 879 Locate the device by using the Find Me feature 881 Configure power button behavior 882 Configure power input voltage 883 Power ignition sensor 885 Configure power delays for power ignition sensor 886 T...

Page 17: ...l file system 956 Display directory contents 956 Create a directory 957 Display file contents 958 Copy a file or directory 958 Move or rename a file or directory 959 Delete a file or directory 960 Upload and download files 961 Upload and download files by using the WebUI 961 Upload and download files by using the Secure Copy command 962 Upload and download files using SFTP 963 Diagnostics Perform ...

Page 18: ...rnings English 1006 Bulgarian български 1007 Croatian Hrvatski 1008 French Français 1009 Greek Ε λληνικά 1010 Hungarian Magyar 1011 Italian Italiano 1012 Latvian Latvietis 1013 Lithuanian Lietuvis 1014 Polish Polskie 1015 Portuguese Português 1016 Slovak Slovák 1017 Slovenian Esloveno 1018 Spanish Español 1019 DigiTX54 Certifications International EMC Electromagnetic Compatibility and safety stand...

Page 19: ... 1042 Enter strings in configuration commands 1044 Example Create a new user by using the command line 1044 Example Configure multiple WANs and LANs by using the command line 1046 Command line reference 1056 analyzer clear 1057 analyzer save 1058 analyzer start 1058 analyzer stop 1058 clear dhcp lease ip address 1058 clear dhcp lease mac 1059 container create 1059 container delete 1059 cp 1059 hel...

Page 20: ...nvpn server 1076 show route 1076 show serial 1076 show scripts 1077 show surelink interface 1077 show surelink ipsec 1077 show surelink openvpn 1077 show system 1078 show usb 1078 show version 1078 show vrrp 1078 show web filter 1078 show wifi ap 1079 show wifi client 1079 show wifi scanner 1079 show wifi scanner blocklist 1080 show wifi scanner candidates 1080 show wifi scanner log 1080 speedtest...

Page 21: ... script start 1083 system script stop 1084 system serial clear 1084 system serial save 1084 system serial show 1084 system serial start 1085 system serial stop 1085 system support report 1085 system time set 1085 system time sync 1085 system time test 1086 telnet 1086 traceroute 1086 ...

Page 22: ...munications with Digi Remote Manager by using client side certificates l The default URL for the device s Remote Manager connection is now edp12 devicecloud com This URL is required to utilize the client side certificate support n New Switch SIM SureLink action for WWAN interfaces which allows SureLink to be configured to switch to the alternate SIM if the modem is connected but SureLink test are ...

Page 23: ... cover b Insert the SIM card s into the SIM sockets Insert the end of each SIM card with the chamfered corner positioned as indicated Push the SIM in until it clicks into place c After SIM cards are installed replace the SIM slot cover 2 Attach cellular antennas Securely finger tighten each antenna to the threaded barrel using the nut at the base of the antenna TX54 User Guide 23 ...

Page 24: ...rt Step 2 Connect DC power TX54 User Guide 24 3 Using an Ethernet cable connect the TX54 s WAN ETH1 port to the internet such as a home internet router or LAN Ethernet port in an office environment Step 2 Connect DC power ...

Page 25: ...ur device Register the device as instructed by the getting started wizard Step 5 Complete setup 1 The device should connect within a couple of minutes 2 If newer firmware is available Remote Manager will prompt you to update the device Click Update to update the firmware Remote Manager will perform the update in the background and let you know when the device is up to date 3 Click Done when the fi...

Page 26: ...Digi TX54 Quick Start Step 6 Configure cellular APN TX54 User Guide 26 5 Click Apply 6 Navigate back to the Details tab and watch for confirmation of cellular connectivity ...

Page 27: ...lowing TX54 accessories and accessory kits Digi part number Description 24000140 Power supply Standard temp AC DC power for installations up to 40 C 76002079 Power supply Extended temp AC DC power supply for installations up to 70 C 76002081 Accessory kit Extended temp AC DC power supply for installations up to 70 C Ethernet cable Cellular antennas 2 Note For installations up to 74 C use TRACO Pow...

Page 28: ...wer sensor and button behavior TX54 LEDs The TX54 LEDs are located on the top front panel The number of LEDs varies by model During bootup the front panel LEDs light up in sequence to indicate boot progress Single cellular models Dual cellular models Dual Wi Fi models Power n Off No power n Blinking Blue Unit is powering on n Blue Unit has power ...

Page 29: ...re enabled Wi Fi2 Service dual Wi Fi models n Solid Green Wi Fi access points or Wi Fi clients using Wi Fi2 radio are enabled n Off No Wi Fi access points or Wi Fi clients using Wi Fi2 radio are enabled WWAN Signal Indicates strength of cellular signal n Off No service n Yellow Poor Fair signal n Green Good Excellent signal WWAN Service Indicates the presence and level of cellular service running ...

Page 30: ...device when the ignition line is on You can also power on the TX54 using the Power button If the TX54 does not automatically restart when the power ignition sense is on press the Power button to restore power TX54 back view The following figure shows the back view of the TX54 dual cellular model Other models will look slightly different n Antenna connectors n WAN ETH1 n ETH2 ETH3 ETH4 n USB 3 0 n ...

Page 31: ... In Out 1 Data Terminal Ready DTR Out In 4 Ring Indicate RI In Out 9 QR code definition A QR code is printed on the label attached to the device and on the loose label included in the box with the device components The QR code contains information about the device QR code items Semicolon separated list of ProductName DeviceID Password SerialNumber SKUPartNumber SKUPartRevision Example TX54 0000000...

Page 32: ...Hardware setup This chapter contains the following topics Install SIM cards 33 Connect data cables 34 Connect antennas 34 Mount the TX54 to a mounting surface 34 Connect power 35 TX54 User Guide 32 ...

Page 33: ...s prior to installing the SIM cards See Apply Dielectric Grease over SIM Contacts for instructions 3 Insert the SIM card s into the SIM sockets in the positions shown on the SIM gasket n Single cellular models n Dual cellular models 4 After all SIM cards are in place replace the SIM slot cover Apply Dielectric Grease over SIM Contacts Note Digi recommends using either the Loctite LB 8423 Dielectri...

Page 34: ...available n Purchase a Digi Antenna Extender Kit Antenna Extender Kit 1m Connect data cables The TX54 provides two types of data ports n Ethernet RJ 45 Use a Cat 5e or Cat 6 Ethernet cable n Serial 9 pin RS 232 Use a serial cable with a 9 pin RS 232 connector Connect antennas Connect antennas to the appropriate antenna connector n Wi Fi 1 and Wi Fi 2 Wi Fi enabled models only n WWAN 1 and WWAN 2 M...

Page 35: ...be powered by a Certified ITE LPS power supply or a Direct Plugin Class 2 output transformer rated at either 12 VDC 2 5 A or 24 VDC 1 25 A minimum Supplies shall be suitable for the ambient for which they are installed Maximum ambient operating temperature is limited to the lower of the maximum ambient operating temperature of the power supply or 74 C Digi recommends the power supplies in the foll...

Page 36: ...uge wire to the upper right grounding hole and connect the other end to the vehicle chassis Special considerations n Separate Ethernet and power cables from other wiring in the vehicle and route the cables away from sharp edges n Use cable strain relief for installations in high vibration environments TX54 electrical rating The TX54 device requires connection to a conditioned power system that mee...

Page 37: ... recommends that you use the ignition sense line This allows the device to properly shutdown when the vehicle is turned off By default the TX54 device automatically powers on when it detects power on the ignition sensor and powers off when it detects that there is no power on the ignition sensor and there is no delay for either power on or power off based on the power ignition sensor You can confi...

Page 38: ...e shared keys for the preconfigured Wi Fi access points 45 Configuration methods 47 Using Digi Remote Manager 49 Access Digi Remote Manager 49 Using the web interface 49 Use the local REST API to configure the TX54 device 50 Using the command line 55 Access the command line interface 55 Log in to the command line interface 55 Exit the command line interface 56 TX54 User Guide 38 ...

Page 39: ... If you have not already done so connect to your Digi Remote Manager account 2 Click Device Management to display a list of your devices 3 Locate and select your device as described in Use Digi Remote Manager to view and manage your device 4 Click Configure The following tables list important factory default settings for the TX54 Default interface configuration Interface type Preconfigured interfa...

Page 40: ...IM failover after 5 attempts n SureLink enabled for IPv4 n Dual cellular models only WWAN2 n Dual cellular models only WWAN2 cellular modem n Firewall zone External n WAN priority Metric 3 n SIM failover after 5 attempts n SureLink enabled for IPv4 Local Area Networks LANs n LAN1 n Bridge LAN1 n Firewall zone Internal n IP address 192 168 2 1 24 n DHCP server enabled n LAN priority Metric 5 n LAN ...

Page 41: ...ssword printed on the bottom label of the device n Wi Fi access point l Dual Wi Fi models only Digi AP Wi Fi2 n Dual Wi Fi models only Wi Fi2 radio n Enabled n SSID Digi TX54 serial_number n Encryption WPA2 Personal PSK n Pre shared key The unique password printed on the bottom label of the device n Hotspot access point l Single Wi Fi models Digi Hotspot AP Wi Fi1 l Dual Wi Fi models Digi Hotspot ...

Page 42: ... models Wi Fi access point Digi AP Wi Fi n Dual Wi Fi models Wi Fi access point Digi AP Wi Fi n Dual Wi Fi models Wi Fi access point Digi AP Wi Fi2 n Enabled n Used by the LAN1 interface n hotspot_bridge n Single Wi Fi models Wi Fi access point Digi Hotspot AP Wi Fi n Dual Wi Fi models Wi Fi access point Digi Hotspot AP Wi Fi1 n Dual Wi Fi models Wi Fi access point Digi Hotspot AP Wi Fi2 n Disable...

Page 43: ...fic n SSH and web administration l Enabled for local administration l Firewall zone Internal Monitoring n Device heath metrics uploaded to Digi Remote Manager at 60 minute interval n SNMP Disabled Serial port n Enabled n Serial mode Login n Label None n Baud rate 115000 n Data bits 8 n Parity None n Stop bits 1 n Flow control None Change the default password for the admin user The unique factory a...

Page 44: ...ication Users admin 4 Enter a new password for the admin user The password must be at least eight characters long and must contain at least one uppercase letter one lowercase letter one number and one special character 5 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configura...

Page 45: ...e config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Reset default SSIDs and pre shared keys for the preconfigured Wi Fi access points By default the SSIDs and pre shared keys for the preconfigured Wi Fi access points are n Enabled n SSID Digi TX54 serial...

Page 46: ...Pre shared key 5 Dual Wi Fi models only Repeat the above steps for the Digi AP Wi Fi2 access point 6 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type co...

Page 47: ...gement and data enablement platform that allows you to connect any device to any application anywhere With the Remote Manager you can configure your TX54 device and use the configuration as a basis for a profile which can be applied to other similar devices See Using Digi Remote Manager for more information about using the Remote Manager to manage and configure your TX54 device l The local web int...

Page 48: ... for more information about using the command line to manage and configure your TX54 device In this guide task topics show how to perform tasks WebUI Shows how to perform a task by using the local web interface Command line Shows how to perform a task by using the command line interface ...

Page 49: ...anager login instructions 2 Go to remotemanager digi com 1 Enter your username and password The Digi Remote Manager Dashboard appears Using the web interface To connect to the TX54 local WebUI 1 Use an Ethernet cable to connect the TX54 s ETH2 port to a laptop or PC 2 Open a browser and go to 192 168 2 1 3 Log into the device using a configured user name and password The default user name is admin...

Page 50: ...Your TX54 device includes a REST API that can be used to return information about the device s configuration and to make modifications to the configuration You can view the REST API specification from your web browser by opening the URL https ip address cgi bin config cgi For example https 192 168 210 1 cgi bin config cgi Use the GET method to return device configuration information To return devi...

Page 51: ...d values for path are listed in the first left column 4 To determine further allowed path location values by using the question mark with the path name config service Services Additional Configuration dns DNS iperf IPerf location Location mdns Service Discovery mDNS modbus_gateway Modbus Gateway multicast Multicast ntp NTP ping Ping responder snmp SNMP ssh SSH telnet Telnet web_admin Web administr...

Page 52: ...n config cgi keys service ssh X GET Enter host password for user admin ok true result acl enable key mdns port protocol Use the POST method to modify device configuration parameters and list arrays Use the POST method to modify device configuration parameters To modify configuration parameters use the POST method with the path and value parameters curl k u admin https ip address cgi bin config cgi...

Page 53: ...s well to instruct curl to turn off globbing The below example would add a new static route for the WAN interface for the 1 2 4 0 24 destination network curl g k u admin https 192 168 210 1 cgi bin config cgi value path network route static append true collapsed dst 1 2 4 0 24 collapsed interface network interface wan X POST Enter host password for user admin ok true result network route static 1 ...

Page 54: ... TX54 device TX54 User Guide 54 1 edge 2 ipsec 3 setup 4 external 2 Use the DELETE method to remove the external zone list item 4 curl k u admin https 192 168 210 1 cgi bin config cgi value path service ssh acl zone 4 X DELETE Enter host password for user admin ok true ...

Page 55: ...ne your device must be configured to allow access and you must log in as a user who has been configured for the appropriate access For further information about configuring access to these services see n Serial Serial port n WebUI Configure the web administration service n SSH Configure SSH access n Telnet Configure telnet access Log in to the command line interface Command line 1 Connect to the T...

Page 56: ...Connecting now Press Tab to autocomplete commands Press for a list of commands and details Type help for details on navigating the CLI Type exit to disconnect from the Admin CLI See Command line interface for detailed instructions on using the command line interface Exit the command line interface Command line 1 At the command prompt type exit exit 2 Depending on the device configuration you may b...

Page 57: ...ces vary by device model These interfaces can be bridged in a Local Area Network LAN or assigned to a Wide Area Network WAN This chapter contains the following topics Wide Area Networks WANs 58 Local Area Networks LANs 140 Bridging 183 Show Surelink status and statistics 192 TX54 User Guide 57 ...

Page 58: ...y Metric 1 n IP Address DHCP client n Digi SureLinkTM enabled for IPv4 Wireless Wide Area Networks WWANs n Single cellular models WWAN or WWAN1 n Dual cellular models WWAN1 n Single cellular models WWAN cellular modem or WWAN1 cellular modem n Dual cellular models WWAN1 cellular modem n Firewall zone External n WAN priority Metric 3 n SIM failover after 5 attempts n SureLink enabled for IPv4 n Dua...

Page 59: ...rics 60 WAN WWAN failover 63 Configure SureLink active recovery to detect WAN WWAN failures 64 Configure the device to reboot when a failure is detected 75 Disable SureLink 83 Example Use a ping test for WAN failover from Ethernet to cellular 87 Using Ethernet devices in a WAN 91 Using cellular modems in a Wireless WAN WWAN 92 Configure a Wide Area Network WAN 116 Configure a Wireless Wide Area Ne...

Page 60: ...e WAN s IPv4 and IPv6 metric settings Assigning priority to WANs By default the TX54 device s WAN WAN1 is configured with the lowest metric 1 and is therefor the highest priority WAN By default the Wireless WANs WWAN or WWAN1 and WWAN2 are configured with a metric of 3 which means they have an equal priority between themselves and a lower priority than WAN1 You can assign priority to WANs based on...

Page 61: ...1 3 Set the metrics for WWAN or WWAN1 a Click Network Interfaces WWAN or WWAN1 IPv4 b For Metric type 1 c Click IPv6 d For Metric type 1 4 Set the metrics for WAN1 a Click Network Interfaces WAN1 IPv4 b For Metric type 2 c Click IPv6 d For Metric type 2 ...

Page 62: ...X54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Set the metrics for WWAN or WWAN1 a Set the IPv4 metric for WWAN or WWAN1 to 1 For example config network interface wwan1 ipv4 metric 1 conf...

Page 63: ...tion There are two ways to detect WAN or WWAN failure active detection and passive detection n Active detection uses Digi SureLinkTM technology to send probe tests to a target host or to test the status of the interface The WAN WWAN is considered to be down if there are no responses for a configured amount of time See Configure SureLink active recovery to detect WAN WWAN failures for more informat...

Page 64: ...r IPv6 When SureLink is configured for Wireless WANs SureLink tests are only run if the cellular modem is connected and has an IP address Use the SIM failover options to configure the TX54 device to automatically recover the modem in the event that it cannot obtain an IP address See Configure a Wireless Wide Area Network WWAN for details about SIM failover n The type of probe test to be performed ...

Page 65: ... test targets n If more than one test target is configured determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets Order of precedence for SureLink actions If multiple SureLink actions such as restarting the interface and rebooting the device are enabled the following order of precedence is used 1 Restart interface 2 Switch to the...

Page 66: ...r option 6 Sixth SureLink failure The interface will restart again 7 Seventh Surelink failure The device will reboot WebUI SureLink can be configured for both IPv4 and IPv6 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Create a new WAN or ...

Page 67: ...eset modem n Optional For Reset modem fail count type or select the number of times that the Surelink test must fail before the modem is reset The default is 1 9 If the interface is a WWAN Switch SIM is enabled by default Click to disable n If Switch SIM is enabled for Switch SIM fail count type or select the number of times that the Surelink test must fail before the modem switches to the alterna...

Page 68: ... GET request to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this interface Tests connectivity by sending a DNS query to the DNS servers configured for this interface n Test the interface status The interface is considered to be down based on l Down time The amount of time that the interface can be down before this test i...

Page 69: ...guration and apply the change Command line Active recovery can be configured for both IPv4 and IPv6 These instructions are for IPv4 to configure IPv6 active recovery replace ipv4 in the command line with ipv6 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Adm...

Page 70: ... The default is 1 6 Optional If the interface is a WWAN set the device to reset the modem config network interface my_wan ipv4 surelink reset_modem true config network interface my_wan ipv4 surelink n If reset_modem is enabled set the number of times that Surelink tests must fail prior to resetting the modem config network interface my_wan ipv4 surelink reset_modem_ attempts int config network int...

Page 71: ... is 1 9 Add a test target config network interface my_wan add ipv4 surelink target end config network interface my_wan ipv4 surelink target 0 10 Set the test type config network interface my_wan ipv4 surelink target 0 test value config network interface my_wan ipv4 surelink target 0 where value is one of n ping Tests connectivity by sending an ICMP echo request to a specified hostname or IP addres...

Page 72: ...link target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interface_down_time to ten minutes enter either 10m or 600s config network interface my_wan ipv4 surelink target 0 interface_down_time 600s config network interface my_wan ipv4 surelink target 0 The default is 60 seconds l Optional Set the amount of time to wait f...

Page 73: ...ce For example config network interface my_wan ipv4 surelink target 0 other_interface network interface wan1 config network interface my_wan ipv4 surelink target 0 o Set the alternate interface s IP version This allows you to determine the alternate interface s status for a particular IP version config network interface my_wan ipv4 surelink target 0 other_ip_version value config network interface ...

Page 74: ...rgets or all of the test targets config network interface my_wan ipv4 surelink success_condition value config network interface my_wan ipv4 surelink Where value is either one or all d Set the number of probe attempts before the WAN is considered to have failed config network interface my_wan ipv4 surelink attempts num config network interface my_wan ipv4 surelink The default is 3 e Set the amount ...

Page 75: ...ot obtain an IP address See Configure a Wireless Wide Area Network WWAN for details about SIM failover n Enable device reboot upon interface failure n The type of probe test to be performed one of l Test another interface s status Used to create a failover or coupled relationship between two interfaces Requires the name of the alternate interface the IP version to be tested and the expected status...

Page 76: ...k System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Create a new interface or select an existing one n To create a new interface see Configure a LAN Configure a Wide Area Network WAN or Configure a Wireless Wide Area Network WWAN n To edit an existing interface click to expand the appropriate interface 5 After creating or selec...

Page 77: ...e s status to create a failover or coupled relationship between interfaces If Test another interface s status is selected l For Test Interface select the alternate interface to be tested l For IP version select the alternate interface s IP version This allows you to determine the alternate interface s status for a particular IP version l For Expected status select whether the expected status of th...

Page 78: ... the test targets or all of the test targets c For Pass threshold type or select the number of times that the test must pass after failure before the interface is determined to be working and is reinstated d For Failed attempts type the number of probe attempts before the WAN is considered to have failed e For Response timeout type the amount of time that the device should wait for a response to a...

Page 79: ...eLink tests are only run if the cellular modem is connected and has an IP address Use the SIM failover options to configure the TX54 device to automatically recover the modem in the event that it cannot obtain an IP address See Configure a Wireless Wide Area Network WWAN for details about SIM failover config network interface my_wan ipv4 surelink enable true config network interface my_wan 5 By de...

Page 80: ...o a specified hostname or IP address l Specify the hostname or IP address config network interface my_wan ipv4 surelink target 0 ping_ host host config network interface my_wan ipv4 surelink target 0 l Optional Set the size in bytes of the ping packet config network interface my_wan ipv4 surelink target 0 ping_ size num config network interface my_wan ipv4 surelink target 0 n dns Tests connectivit...

Page 81: ...link target 0 The default is 60 seconds l Optional Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed config network interface my_wan ipv4 surelink target 0 interface_timeout value config network interface my_wan ipv4 surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w ...

Page 82: ...ig network interface my_wan ipv4 surelink target 0 other_ip_version value config network interface my_wan ipv4 surelink target 0 where value is one of any both ipv4 or ipv6 o Set the expected status of the alternate interface config network interface my_wan ipv4 surelink target 0 other_status value config network interface my_wan ipv4 surelink target 0 where value is either up or down For example ...

Page 83: ... 3 e Set the amount of time that the device should wait for a response to a probe attempt before considering it to have failed config network interface my_wan ipv4 surelink timeout value config network interface my_wan ipv4 surelink where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set timeout to ten minutes enter either 10m or 60...

Page 84: ... as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Select the appropriate WAN or WWAN on which SureLink should be disabled 5 After selecting the WAN or WWAN click IPv4 SureLink 6 Toggle off Enable to disable SureLink 7 Click Apply to save the configuration and apply th...

Page 85: ...config network interface my_wwan ipv4 surelink save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Disable DNS lookup Alternatively you can disable DNS lookup or other internet activity for device that use a private APN with no Internet access or that have restri...

Page 86: ...e disabled 5 After selecting the WAN or WWAN click IPv4 SureLink 6 Click to expand Test targets 7 Click to expand the second test target This test target has its Test type set to Test DNS servers configured for this interface 8 Click the menu icon next to the target and select Delete 9 Click Apply to save the configuration and apply the change ...

Page 87: ...w ipv4 surelink target 0 interface_down_time 600s interface_timeout 120s test interface_up 1 test dns_configured config network interface my_wan 5 Delete the target config network interface my_wan del ipv4 surelink target 1 config network interface my_wan 6 Save the configuration and apply the change config network interface my_wan ipv4 surelink save Configuration saved 7 Type exit to exit the Adm...

Page 88: ...4 device cannot get a connection on the WWAN1 interface it attempts to use the WWAN2 interface It continues to regularly test the connection to WAN1 and WWAN1 and when tests on one of those WANs succeeds the device falls back to the successful highest priority WAN To achieve this WAN failover from the WAN1 to the WWAN1 and WWAN2 interfaces the WAN failover configuration is WebUI 1 Log into the TX5...

Page 89: ...For Add Test Target click f For Test type select Ping test g For Ping host type 43 66 93 111 h For Ping payload size type 256 4 Repeat the above step for WWAN1 and WWAN2 to enable SureLink on those interfaces 5 Configure WWAN1 to have priority over WWAN2 The default configurations for WWAN1 and WWAN2 both have the metric set to 3 while WAN1 has a metric of 1 To configure WWAN1 to have priority ove...

Page 90: ...on mode config config 3 Configure SureLink on WAN1 a Set the interval to ten seconds config network interface wan1 ipv4 surelink interval 10s config b Delete the existing test targets config network interface wan1 del ipv4 surelink target 0 config network interface wan1 del ipv4 surelink target 1 config network interface wan1 c Add a test target config add network interface wan1 ipv4 surelink targ...

Page 91: ...tric for WWAN1 config network interface wwan1 ipv4 metric 2 config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Using Ethernet devices in a WAN The TX54 device has four Ethernet devices named ETH1 ETH2 E...

Page 92: ...s The dual cellular variants of the TX54 device can have two cellular interfaces up at one time one for each modem Typically an administrator would route traffic to different destinations over a specific cellular interface Configure cellular modems Configuring the TX54 s cellular modems involves configuring the following items Required configuration items n Enable the cellular modem Cellular modem...

Page 93: ...e to off to disable 5 For Active SIM slot select the SIM slot that should be used by the modem or select Any to use any SIM slot The default is Any 6 If Active SIM slot is set to Any for Preferred SIM slot select the SIM slot that should be considered the preferred slot for this modem or select None In the event of a failover to a non preferred SIM or if manual SIM switching is used to switch to a...

Page 94: ...LI 2 At the command line type config to enter configuration mode config config 3 Depending on the model of the TX54 device there may be one cellular modem named either wwan or wwan1 or there may be two cellular modems wwan1 and wwan2 which correspond to each cellular modem Use the appropriate cellular modem name to configure the modem The examples in this section will use the wwan1 modem Modem con...

Page 95: ...rier switching allows the modem to automatically match the carrier for the active SIM Carrier switching is enabled by default To disable config network modem wwan1 carrier_switch false config 8 Set the type of cellular technology that this modem should use to access the cellular network config network modem wwan1 access_tech value config Available options for value vary depending on the modem type...

Page 96: ...me After the device has successfully connected it will remember the correct APN As a result it is generally not necessary to configure APNs However you can configure the system to use a specified APN To configure the APN WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displ...

Page 97: ...ntication is required n Automatic The device will attempt to connect using CHAP first and then PAP n CHAP Uses the Challenge Handshake Authentication Profile CHAP to authenticate n PAP Uses the Password Authentication Profile PAP to authenticate If Automatic CHAP or PAP is selected enter the Username and Password required to authenticate The default is None 7 To add additional APNs for Add APN cli...

Page 98: ...Use the add command to add a new APN entry For example config add network interface wwan1 modem apn end config network interface wwan1 modem apn 1 b Set the value of the APN config network interface wwan1 modem apn 1 apn value config network interface wwan1 modem apn 1 where value is the APN for the SIM card 5 Optional Set the IP version config network interface wwan1 modem apn 0 ip_version versio...

Page 99: ...ously For example Verizon offers this service as its Split Data Routing feature This feature provides two separate networking paths through a single cellular modem and SIM card and allows for configurations such as n Segregating public and private traffic including policy based routes to ensure that your internal network traffic always goes through the private connection n Separation of untrusted ...

Page 100: ...or the modem a Click Network Modems WWAN1 cellular modem for certain models this will be WWAN cellular modem b For Maximum number of interfaces type 2 4 Create the WWAN interfaces In this example we will create two interfaces named WWAN_Public and WWAN_Private a Click Network Interfaces b For Add Interface type WWAN_Public and click c For Interface type select Modem d For Zone select External e Fo...

Page 101: ...APN list APN ii For APN type the public APN for your cellular carrier g For Add Interface type WWAN_Private and click h For Interface type select Modem i For Zone select External j For Device select WWAN1 cellular modem for certain models this will be WWAN cellular modem This should be the same modem selected for the WWAN_Public WWAN k Enable APN list only l Click to expand APN list APN ...

Page 102: ...d LAN2 through the private APN a Click Network Routes Policy based routing b Click the to add a new route policy c For Label enter Route through public APN d For Interface select Interface WWAN_Public e Configure the source address i Click to expand Source address ii For Type select Interface iii For Interface select LAN1 f Configure the destination address i Click to expand Destination address ii...

Page 103: ...address ii For Type select Interface iii For Interface select LAN2 k Configure the destination address i Click to expand Destination address ii For Type select Interface iii For Interface select Interface WWAN_Private 6 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configurat...

Page 104: ...WANPublic modem device wwan1 config network interface WWANPublic d Optional Set the public APN If the public APN is not configured the TX54 will attempt to determine the APN config network interface WWANPublic modem apn public_apn config network interface WWANPublic e Use to periods to move back one level in the configuration config network interface WWANPublic config network interface f Create th...

Page 105: ...s route policy config network route policy 0 label Route through public apn config network route policy 0 c Set the interface config network route policy 0 interface network interface WWANPublic config network route policy 0 d Configure the source address i Set the source type to interface config network route policy 0 src type interface config network route policy 0 ii Set the interface to LAN1 c...

Page 106: ...dress i Set the source type to interface config network route policy 1 src type interface config network route policy 1 ii Set the interface to LAN2 config network route policy 1 src interface LAN2 config network route policy 1 k Configure the destination address i Set the type to interface config network route policy 1 dst type interface config network route policy 1 ii Set the interface to WWANP...

Page 107: ...configuration items n Select Manual or Manual Automatic carrier selection mode n The Network PLMN ID WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 For single cellular models click Network Interfaces WWAN or WWAN1 For dual cellular variants there are two WWANs ...

Page 108: ... details 6 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Depending on the model of the TX54 device...

Page 109: ...m operator plmn_ID config Note You can use the modem scan command at the Admin CLI to scan for available carriers and determine their PLMN ID See Scan for available cellular carriers for details 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Typ...

Page 110: ...llow the device to use automatic carrier selection if this carrier is not available Note If Manual is selected your modem must support the Network technology or the modem will lose cellular connectivity If you are using a cellular connection to perform this procedure you may lose your connection and the device will no longer be accessible Command line 1 Log into the TX54 command line as a user wit...

Page 111: ...layed Command line 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the show modem command n To view a status summary for all modems show modem Modem SIM Status APN Signal Strength wwan1 1 ready connected 1234 Good 84 dBm wwan2 1 ready connected 1234 Good 8...

Page 112: ... 81a8 f1ea IPv6 gateway ff50 d95d 7e98 abe8 3030 9138 4f25 f51b IPv6 MTU 1500 TX bytes 127941 RX bytes 61026 Uptime 10 hrs 56 mins 39360s SIM SIM Slot 1 SIM Status ready IMSI 61582122197895 ICCID 26587628655003992180 SIM Provider AT T 4G RSRQ Good 11 0 dB RSRP Good 93 0 dBm RSSI Excellent 64 0 dBm SNR Good 6 4 dB Unlock a SIM card A SIM card can be locked if a user tries to set an invalid PIN for ...

Page 113: ...connect from the device Note If the SIM remains in a locked state after using the unlock command contact your cellular carrier Signal strength for cellular connections See Show cellular status and statistics for procedures to view this information Signal strength for 4G connections For 4G connections the RSRP value determines signal strength n Excellent 90 dBm n Good 90 dBm to 105 dBm n Fair 106 d...

Page 114: ...nnect disconnect and or reconnect to the cellular network 3 At the Admin CLI prompt use the modem at interactive command to begin an interactive AT command session modem at interactive Do you want exclusive access to the modem y n y If the device has more than one modem identify the modem by name for example modem at interactive name wwan1 Do you want exclusive access to the modem y n y 4 Type n i...

Page 115: ...03 00 r6978 CARMD EV FRMWR2 2017 03 02 13 36 45 MEID 35907206045169 IMEI 359072060451693 IMEI SV 9 FSN LQ650551070110 GCAP CGSM OK 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 116: ...default route l When to use DNS servers for this interface l Whether to include the TX54 device s hostname in DHCP requests l SureLink active recovery configuration See Configure SureLink active recovery to detect WAN WWAN failures for further information n IPv6 configuration l The metric for IPv6 routes associated with the WAN l The relative weight for IPv6 routes associated with the WAN l The IP...

Page 117: ...r the WAN and click n To edit an existing WAN click to expand the WAN The Interface configuration window is displayed New WANs are enabled by default To disable click Enable 5 For Interface type leave at the default setting of Ethernet 6 For Zone select External 7 For Device select an Ethernet device a Wi Fi client or a bridge See Bridging for more information about bridging 8 Optional Click to ex...

Page 118: ...ion about metrics ii For Weight type the relative weight for default routes associated with this interface For multiple active interfaces with the same metric Weight is used to load balance traffic to the interfaces iii Set the Management priority This determines which interface will have priority for central management activity The interface with the highest number will be used iv Set the MTU v F...

Page 119: ...number will be used i Set the MTU j For Use DNS n Always DNS will always be used for this WAN when multiple interfaces have the same DNS server the interface with the lowest metric will be used for DNS requests n When primary default route Only use the DNS servers provided for this interface when the interface is the primary route n Never Never use DNS servers for this interface k Enable DHCP Host...

Page 120: ...create a new WAN named my_wan config add network interface my_wan config network interface my_wan n To edit an existing WAN named my_wan change to the my_wan node in the configuration schema config network interface my_wan config network interface my_wan 4 Set the appropriate firewall zone config network interface my_wan zone zone config network interface my_wan See Firewall configuration for furt...

Page 121: ...client config network interface my_wan ipv4 type dhcp config network interface my_wan a Optional IPv4 configuration items i Set the IP metric config network interface my_wan ipv4 metric num config network interface my_wan See Configure WAN WWAN priority and default route metrics for further information about metrics ii Set the relative weight for default routes associated with this interface For m...

Page 122: ...er can then be configured to register the device s hostname and IP address with an associated DNS server config network interface my_wan ipv4 dhcp_hostname true config network interface my_wan n See RFC4702 for further information about DHCP server support for the Client FQDN option n See Configure system information for information about setting the TX54 device s system name b See Configure SureL...

Page 123: ...r prefix will be used See Configure WAN WWAN priority and default route metrics for further information about metrics 8 Optional To configure 802 1x port based network access control Note The TX54 can function as an 802 1x authenticator it does not function as an 802 1x supplicant a Enable the 802 1x authenticator on the TX54 device config network interface my_wan 802_1x authentication enable true...

Page 124: ...counting ip IPv4_ address config network interface my_wan iii Set the password for the accounting server config network interface my_wan 802_1x accounting password password config network interface my_wan iv The accounting server port number defaults to 1813 To set an alternate port number config network interface my_wan 802_1x accounting port port config network interface my_wan 9 Optional Config...

Page 125: ... The interface type Modem n The firewall zone External n The cellular modem that is used by the WWAN Additional configuration items n SIM selection for this WWAN n The SIM PIN n The SIM phone number for SMS connections n Enable or disable roaming n SIM failover configuration n APN configuration n The custom gateway netmask n IPv4 configuration l The metric for IPv4 routes associated with the WAN l...

Page 126: ...When to use DNS always never or only when this interface is the primary default route l SureLink active recovery configuration See Configure SureLink active recovery to detect WAN WWAN failures for further information WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displaye...

Page 127: ...he International Mobile Subscriber Identity IMSI that must be in active for this WWAN to be used n If ICCID is selected for Match ICCID type the unique SIM card ICCID that must be in active for this WWAN to be used 11 Type the PIN for the SIM Leave blank if no PIN is required 12 Type the Phone number for the SIM for SMS connections Normally this should be left blank It is only necessary to complet...

Page 128: ...is unavailable n Reboot device The device will reboot if automatic SIM switching is unavailable 16 For APN list and APN list only the TX54 device uses a preconfigured list of Access Point Names APNs when attempting to connect to a cellular carrier for the first time After the device has successfully connected it will remember the correct APN As a result it is generally not necessary to configure A...

Page 129: ...t is used to load balance traffic to the interfaces e Set the Management priority This determines which interface will have priority for central management activity The interface with the highest number will be used f Set the MTU g For Use DNS n Always DNS will always be used for this WWAN when multiple interfaces have the same DNS server the interface with the lowest metric will be used for DNS r...

Page 130: ...ar modem a Enter modem device to view available modems and the proper syntax config network interface my_wwan modem device Device The modem used by this network interface Format wwan1 wwan2 Current value config network interface my_wwan device b Set the device config network interface my_wwan modem device device config network interface my_wwan 6 Set theSIM matching criteria to determine when this...

Page 131: ...g network interface my_wwan n imsi Set the International Mobile Subscriber Identity IMSI that must be in active for this WWAN to be used config network interface my_wwan modem imsi IMSI config network interface my_wwan n plmn_id Set the PLMN id that must be in active for this WWAN to be used config network interface my_wwan modem plmn_id PLMN_ID config network interface my_wwan n sim_slot Set whic...

Page 132: ...is manually configured If the configured network is not available automatic carrier selection is used If manual or manual_automatic is set a Set the Network PLMN ID config network interface my_wwan modem operator PLMN_ID config network interface my_wwan b Set the cellular network technology config network interface my_wwan modem operator_technology value config network interface my_wwan where valu...

Page 133: ...n reboot The device will reboot if automatic SIM switching is unavailable 12 The TX54 device uses a preconfigured list of Access Point Names APNs when attempting to connect to a cellular carrier for the first time After the device has successfully connected it will remember the correct APN As a result it is generally not necessary to configure APNs See Configure cellular modem APNs for further inf...

Page 134: ...ace my_wwan ipv4 mgmt num config network interface my_wwan e Set the MTU config network interface my_wwan ipv4 mtu num config network interface my_wwan f Configure when the WWAN s DNS servers will be used config network interface my_wwan ipv4 dns value config network interface my_wwan Where value is one of n always DNS will always be used for this WWAN when multiple interfaces have the same DNS se...

Page 135: ...figure when the WWAN s DNS servers will be used config network interface my_wwan ipv4 dns value config network interface my_wwan Where value is one of n always DNS will always be used for this WWAN when multiple interfaces have the same DNS server the interface with the lowest metric will be used for DNS requests n never Never use DNS servers for this WWAN n primary Only use the DNS servers provid...

Page 136: ...erbose Interface Proto Status Type Zone Device Metric Weight defaultip IPv4 up static setup lan1 10 10 defaultlinklocal IPv4 up static setup lan1 0 10 lan1 IPv4 up static internal lan1 5 10 lan1 IPv6 up static internal lan1 5 10 loopback IPv4 up static loopback loopback 0 10 wan1 IPv4 up dhcp external wan1 1 10 wan1 IPv6 up dhcp external wan1 1 10 wwan1 IPv4 up modem external wwan1 3 10 wwan1 IPv6...

Page 137: ...4 1 fe80 234 f3f4 fe0e 4320 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a WAN or WWAN Follow this procedure to delete any WANs and WWANs that have been added to the system You cannot delete the preconfigured WAN WAN1 or the preconfigured WWANs WWAN single cellular models o...

Page 138: ...configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Use the del command to delete the WAN or WWAN For example to delete a WWAN named my_wwan config del network interface my_wwan 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exi...

Page 139: ... outbound network communications for TX54 WAN WWAN interfaces Description TCP UDP Port number Digi Remote Manager connection to my devicecloud com TCP 3199 NTP date time sync to time devicecloud com UDP 123 DNS resolution using WAN provided DNS servers UDP 53 HTTPS for modem firmware downloads from firmware accns com TCP 443 ...

Page 140: ...server disabled n Loopback n Ethernet Loopback n Firewall zone Loopback n IP address 127 0 0 1 8 n Default IP n Bridge LAN1 n Firewall zone Setup n IP address 192 168 210 1 24 n Default Link local IP n Bridge LAN1 n Firewall zone Setup n IP address 169 254 100 100 16 You can modify configuration settings for LAN1 and you can create new LANs This section contains the following topics About Local Ar...

Page 141: ...you want to send traffic from other networks to the LAN you must configure an IP address Note By default LAN1 is set to an IP address of 192 168 2 1 and uses the IP subnet of 192 168 2 0 24 If the WAN ETH1 Ethernet device is being used by a WAN with the same IP subnet you should change the default IP address and subnet of LAN1 Additional configuration items n Additional IPv4 configuration l The me...

Page 142: ...l The IPv6 prefix length and ID l IPv6 DHCP server configuration See DHCP servers for more information n MAC address denylist and allowlist To create a new LAN or edit an existing LAN WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Cre...

Page 143: ... Password for the authentication server f Set the Reauth period g Optional Click to expand Accounting h Click Enable server to enable 802 1x authentication auditing on the TX54 device i Type the Server IP address of the auditing server j Server Port number defaults to 1813 Type a new port number for the auditing server if different than the default k Type the Server Password for the auditing serve...

Page 144: ...e weight for default routes associated with this interface For multiple active interfaces with the same metric Weight is used to load balance traffic to the interfaces h Set the Management priority This determines which interface will have priority for central management activity The interface with the highest number will be used i Set the MTU 12 Optional Click to expand MAC address denylist Incom...

Page 145: ... config network interface my_lan 4 Set the appropriate firewall zone config network interface my_lan zone zone config network interface my_lan See Firewall configuration for further information 5 Select an Ethernet device a Wi Fi device or a bridge See Bridging for more information about bridging a Enter device to view available devices and the proper syntax config network interface my_lan device ...

Page 146: ...k for example 192 168 2 1 24 config network interface my_lan ipv4 address ip_address netmask config network interface my_lan b Optional IPv4 configuration items i Set the IP metric config network interface my_lan ipv4 metric num config network interface my_lan ii Set the relative weight for default routes associated with this interface For multiple active interfaces with the same metric the weight...

Page 147: ...e default IPv6 settings by using the question mark config network interface my_lan ipv6 IPv6 Parameters Current Value enable true Enable metric 0 Metric mgmt 0 Management priority mtu 1500 MTU prefix_id 1 Prefix ID prefix_length 48 Prefix length type prefix_delegation Type weight 10 Weight Additional Configuration connection_monitor Active recovery dhcpv6_server DHCPv6 server config network interf...

Page 148: ...k interface my_lan b Set the IP address of the authentication server config network interface my_lan 802_1x authentication ip IPv4_ address config network interface my_lan c Set the password for the authentication server config network interface my_lan 802_1x authentication password password config network interface my_lan d The authentication server port number defaults to 1812 To set an alternat...

Page 149: ...rated MAC address for example 32 A6 84 2E 81 58 b Repeat for each additional MAC address 10 Optional Configure the MAC address allowlist If allowlist entries are specified incoming packets will only be accepted from the listed MAC addresses a Add a MAC address to the allowlist config network interface my_lan add mac_allowlist end mac_address config network interface my_lan where mac_address is a h...

Page 150: ...blems with access to the device while performing these procedures you should use an Ethernet connection connected to LAN1 through the ETH2 Ethernet port or if using the command line use the serial port Task one Configure bridges In this task we will create a new bridge and configure the LAN1 and LAN2 bridges to use the following devices n LAN1 bridge l ETH2 l WWAN cellular modem for single Wi Fi m...

Page 151: ...s displayed 3 Click Configuration Network Bridges LAN1 Devices 4 Delete the ETH3 ETH4 and Digi AP Wi Fi2 dual Wi Fi models only devices from the bridge a Click the menu icon next to the ETH3 device and select Delete b Repeat for the ETH4 and Digi AP Wi Fi2 devices 5 Create a new bridge a For Add Bridge type LAN2 and click b Add the ETH3 and Digi AP Wi Fi2 devices to the bridge i Click to expand De...

Page 152: ...ration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Display a list of devices currently configured for the LAN1 bridge config show network bridge lan1 device 0 network device eth2 1 network device eth3 2 network device eth4 3 network wireless ap digi_ap1 4 network wireless ap digi...

Page 153: ...ridge LAN2 6 Add devices to the bridge a View available devices and the proper syntax by using the add device command with the TAB autocomplete feature config network bridge LAN2 add device end TAB config network bridge LAN2 add device end network TAB network device eth1 network device eth2 network device eth3 network device eth4 network device loopback network bridge LAN2 network bridge lan1 netw...

Page 154: ...vice eth3 1 network wireless ap digi_ap2 config network bridge LAN2 7 Save the configuration and apply the change config network bridge LAN2 save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 155: ...I as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 For Add Interface type LAN2 and click 5 Configure the LAN2 LAN a For Zone select Internal b For Device select Bridge LAN2 c Click to expand IPv4 d For Address type 192 168 3 1 24 e Click to expand DHCP server f Click ...

Page 156: ...Fi single Wi Fi models or Digi AP Wi Fi1 dual Wi Fi models ii Click Enable iii For SSID type Example1 iv For Pre shared key enter a password that clients will use to connect to this access point b Configure Digi AP Wi Fi2 dual Wi Fi models only i Click Network Wi Fi Access points Digi AP Wi Fi2 ii Click Enable iii For SSID type Example2 iv For Pre shared key enter a password that clients will use ...

Page 157: ...election menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a new network interface named LAN2 config add network interface LAN2 config network interface LAN2 4 Configure the device for the LAN2 interface a Enter device to view available devices and the proper syntax config network interface LAN2 device Device The network devic...

Page 158: ...LAN2 interface config network interface LAN2 ipv4 dhcp_server enable true config network interface LAN2 8 Enable the access points and set the SSIDs a Move to the root of the configuration schema by typing three periods config network interface LAN2 config b Enable the Digi AP Wi Fi1 access point config network wifi ap digi_ap1 enable true config c Set the SSID for the Digi AP Wi Fi1 access point ...

Page 159: ...nnect a device to LAN1 through the ETH2 Ethernet port or by connecting to the Digi AP Wi Fi single WiFi models or Digi AP Wi Fi1 dual WiFi models access point b Verify that the device has been provided an IP address from the LAN1 DHCP server in the 192 168 2 subnet 3 Verify that LAN2 is operating correctly a Connect a device to LAN2 through the ETH3 Ethernet port or by connecting to the Digi AP Wi...

Page 160: ...erbose Interface Proto Status Type Zone Device Metric Weight defaultip IPv4 up static setup lan1 10 10 defaultlinklocal IPv4 up static setup lan1 0 10 lan1 IPv4 up static internal lan1 5 10 lan1 IPv6 up static internal lan1 5 10 loopback IPv4 up static loopback loopback 0 10 wan1 IPv4 up dhcp external wan1 1 10 wan1 IPv6 up dhcp external wan1 1 10 wwan1 IPv4 up modem external wwan1 3 10 wwan1 IPv6...

Page 161: ...Pv6 Weight 10 IPv6 DNS Server s 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a LAN Follow this procedure to delete any LANs that have been added to the system You cannot delete the preconfigured LAN LAN1 WebUI 1 Log into the TX54 WebUI as a user with full Admin access right...

Page 162: ...ocal Area Networks LANs TX54 User Guide 162 3 Click Network Interfaces 4 Click the menu icon next to the name of the LAN to be deleted and select Delete 5 Click Apply to save the configuration and apply the change ...

Page 163: ...assigns IP addresses to clients on the device s local network Addresses are assigned from a specified pool of IP addresses For a local network the device uses the DHCP server that has the IP address pool in the same IP subnet as the local network When a host receives an IP configuration the configuration is valid for a particular amount of time known as the lease time After this lease time expires...

Page 164: ...ccess rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Click to expand an existing LAN or create a new LAN See Configure a LAN 5 Click to expand IPv4 DHCP server 6 Enable the DHCP server 7 Optional For Lease time type the amount of time that a DHCP lease is valid Allowed values are any number of week...

Page 165: ... default is Automatic d For Domain name suffix type the domain name that should be appended to host names e For Primary and Secondary DNS Primary and Secondary NTP server and Primary and Secondary WINS server select either n None No server is broadcast n Automatic Broadcasts the TX54 device s server n Custom Allows you to identify the IP address of the server f For Bootfile name type the relative ...

Page 166: ...n to a client This value represents the low order byte of the address the final triplet in an IPv4 address for example 192 168 2 xxx The remainder of the IP address will be based on the LAN s static IP address as defined in the address parameter config network interface my_lan ipv4 dhcp_server lease_start num config Allowed values are between 1 and 254 and the default is 100 6 Optional Set the hig...

Page 167: ... The default is auto d Set the domain name that should be appended to host names config network interface my_lan ipv4 dhcp_server advanced domain_ suffix name config e Set the IP address or host name of the primary and secondary DNS the primary and secondary NTP server and the primary and secondary WINS servers config network interface my_lan ipv4 dhcp_server advanced primary_ dns value config net...

Page 168: ...options for information about custom DHCP options 9 See Map static IP addresses to hosts for information about static leases 10 Save the configuration and apply the change config network interface my_lan ipv4 dhcp_server advanced static_lease 0 save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type ...

Page 169: ...associated with this static lease 8 Type the IP address for the static lease Note The IP address here should be outside of the DHCP server s configured lease range See Configure a DHCP server for further information about the lease range 9 Optional For Hostname type a label for the static lease This does not have to be the device s actual hostname 10 Repeat for each additional DHCP static lease 11...

Page 170: ...5 Set the IP address for the static lease config network interface my_lan ipv4 dhcp_server advanced static_lease 0 ip 10 01 01 10 network interface my_lan ipv4 dhcp_server advanced static_lease 0 Note The IP address here should be outside of the DHCP server s configured lease range See Configure a DHCP server for further information about the lease range 6 Optional Set a label for this static leas...

Page 171: ...lease configuration For example to show the static leases for a lan named my_lan config show network interface my_lan ipv4 dhcp_server advanced static_ lease 0 ip 192 168 2 10 mac BF C3 46 24 0E D9 no name 1 ip 192 168 2 11 mac E3 C1 1F 65 C3 0E no name config 4 Type cancel to exit configuration mode config cancel 5 Type exit to exit the Admin CLI Depending on your device configuration you may be ...

Page 172: ...y the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Show the static lease configuration For example to show the static leases for a lan named my_lan c...

Page 173: ...ented with an Access selection menu Type quit to disconnect from the device Configure DHCP options You can configure DHCP servers running on your TX54 device to send certain specified DHCP options to DHCP clients You can also set the user class which enables you to specify which specific DHCP clients will receive the option You can also force the command to be sent to the clients DHCP options can ...

Page 174: ...able 7 For Option number type the DHCP option number 8 For Value type the value of the DHCP option 9 Optional For Label type a label for the custom option 10 Optional If Forced send is enabled the DHCP option will always be sent to the client even if the client does not ask for it 11 Optional For Data type select the data type that the option uses If the incorrect data type is selected the device ...

Page 175: ...twork interface my_lan ipv4 dhcp_server advanced custom_option 0 option 210 config network interface my_lan ipv4 dhcp_server advanced custom_option 0 6 Set the value for the DHCP option config network interface my_lan ipv4 dhcp_server advanced custom_option 0 value_str value network interface my_lan ipv4 dhcp_server advanced custom_option 0 7 Optional Set a label for this custom option config netw...

Page 176: ...e LAN to a separate DHCP server typically connected to a different LAN For the TX54 device DHCP relay is configured by providing the IP address of a DHCP relay server rather than an IP address range If both the DHCP relay server and an IP address range are specified DHCP relay is used and the specified IP address range is ignored Multiple DHCP relay servers can be provided for each LAN If multiple...

Page 177: ...o expand IPv4 DHCP server b Click Enable to toggle off the DHCP server 6 Click to expand DHCP relay 7 For Add DHCP Server click 8 For DHCP server address type the IP address of the relay server 9 Repeat for each additional DHCP relay server 10 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending o...

Page 178: ...fig network interface lan1 ipv4 dhcp_relay add end config network interface lan1 ipv4 dhcp_relay 1 c Set the IP address of the DHCP relay server config network interface my_lan ipv4 dhcp_relay 1 address 10 10 10 11 config network interface my_lan ipv4 dhcp_relay 1 d Repeat for each additional relay server 1 Disable the DHCP server if it is enabled config network interface my_lan ipv4 dhcp_relay 1 ...

Page 179: ...dhcp lease verbose command show dhcp lease verbose IP Address Hostname Expires Type Active MAC Address 192 168 2 194 MTK ENG USER1 May 19 08 25 11 UTC 2021 Dynamic Yes ba ba 2c 13 8c 71 192 168 2 195 MTK ENG USER2 May 20 11 32 12 UTC 2021 Dynamic Yes 09 eb 10 f0 bc 16 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type qu...

Page 180: ...min access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Virtual LAN 4 Type a name for the VLAN and click 5 Select the Device 6 Type or select a unique numeric ID for the VLAN ID 7 Click Apply to save the configuration and apply the change ...

Page 181: ... of available devices config network vlan vlan1 device Device The Ethernet device to use for this virtual LAN Format network device wan1 network device lan1 network device eth3 network device eth4 network device loopback network vlan vlan1 network bridge lan1 network wireless ap digi_ap1 network wireless ap digi_ap2 Current value config network vlan vlan1 b Add the device config network vlan vlan1...

Page 182: ...s selection menu Type quit to disconnect from the device Default services listening on LAN ports The following table lists the default services listening on the specified ports on the TX54 LAN interfaces Description TCP UDP Port numbers DNS server UDP 53 DHCP server UDP 67 and 68 SSH server TCP 22 Web UI TCP 443 also listens on port 80 then redirects to port 443 ...

Page 183: ...lt the TX54 has the following preconfigured bridges Interface type Preconfigured interfaces Devices Default configuration Bridges n Bridge LAN1 n Ethernet ETH2 n Ethernet ETH3 n Ethernet ETH4 n Single Wi Fi models Wi Fi access point Digi AP Wi Fi n Dual Wi Fi models Wi Fi access point Digi AP Wi Fi n Dual Wi Fi models Wi Fi access point Digi AP Wi Fi2 n Enabled n Used by the LAN1 interface ...

Page 184: ...spot AP Wi Fi n Dual Wi Fi models Wi Fi access point Digi Hotspot AP Wi Fi1 n Dual Wi Fi models Wi Fi access point Digi Hotspot AP Wi Fi2 n Disabled n Used by the hotspot interface You can modify configuration settings for the existing bridge and you can create new bridges This section contains the following topics Edit the preconfigured LAN1 bridge 185 Configure a bridge 188 ...

Page 185: ...e menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Bridges LAN1 4 The LAN1 bridge is enabled by default To disable uncheck Enable 5 Modify the list of devices that are a part of the bridge By default the LAN1 bridge includes the following devices n Ethernet ETH2 n Ethernet ETH3 n Ethernet ETH4 n Wi Fi access point Digi AP Wi Fi ...

Page 186: ...ill spend in each of the listening and learning states before the bridge begins forwarding data The default is 2 seconds 7 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At th...

Page 187: ...rk wireless ap digi_ap2 config ii Use the index number to delete the appropriate device For example to delete the Digi AP Wi Fi Wi Fi access point from the bridge config del network bridge lan1 device 3 config Note If you are deleting multiple devices from the bridge the device index may be reordered after each deletion As a result best practice is to perform a show network bridge lan1 device comm...

Page 188: ...a Enable STP config network bridge lan1 stp enable true b Set the number of seconds that the device will spend in each of the listening and learning states before the bridge begins forwarding data config network bridge lan1 stp forward_delay num config The default is 2 seconds 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending ...

Page 189: ...nd Devices b For Add device click c Select the Device d Repeat to add additional devices Note The MAC address of the bridge is taken from the first available device in the list 7 Optional Enable Spanning Tree Protocol STP STP is used when using multiple LANs on the same device to prevent bridge loops and other routing conflicts a Click STP b Click Enable c For Forwarding delay enter the number of ...

Page 190: ...Interfaces Bridging TX54 User Guide 190 ...

Page 191: ... config network bridge my_bridge n To enable if it has been disabled config network bridge my_bridge enable true config network bridge my_bridge 5 Add devices to the bridge a Determine available devices config network bridge my_bridge interface lan1 device Device The network device used by this network interface Format network device eth1 network device eth2 network device eth3 network device eth4...

Page 192: ...network bridge my_bridge stp forward_delay num config The default is 2 seconds 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show Surelink status and statistics You can show Surelink status for all interf...

Page 193: ...name command 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the show surelink interface name name command to show the Surelink status of a specific interface for example show surelink interface name wan1 Interface Test Proto Last Response Status wan1 Inte...

Page 194: ...ith Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the show surelink ipsec tunnel name command to show the Surelink status of a specific tunnel for example show surelink ipsec tunnel test IPsec Test Last Response Status test 194 43 79 74 Ping 29 seconds Passed test 194 43 79 75 Ping 5 seconds Passed 3 ...

Page 195: ...c OpenVPN client To show the Surelink status a specific OpenVPN client use the show surelink openvpn client name command 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the show surelink openvpn client name command to show the Surelink status of a specific...

Page 196: ...rts n Application Provides access to the serial device from Python applications n UDP serial Provides access to the serial port using UDP n Modbus Allows the device to function as a Modbus protocol gateway Add a USB serial port Your TX54 can be configured to support USB to serial adapters for serial access to the device remote serial out of band OOB access to other devices or for use in python app...

Page 197: ...nfiguration The Serial Configuration page is displayed Note You can also configure the serial port by using Device Configuration Serial Changes made by using either Device Configuration or Serial Configuration will be reflected in both 3 Click the name of the port that you want to configure The serial port is enabled by default To disable toggle off Enable 4 For Mode select Login This is the defau...

Page 198: ...ontrol used by the device to which you want to connect The default is None 7 Click Apply to save the configuration and apply the change The Apply button is located at the top of the WebUI page You may need to scroll to the top of the page to locate it Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented wi...

Page 199: ... device to which you want to connect config path paramstopbits bits config 10 Save the configuration and apply the change config save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure Remote Access mode Remote Access mode allows for remote access to anoth...

Page 200: ...to connect The default is 115000 b Data bits For Data bits select the number of data bits used by the device to which you want to connect The default is 8 c Parity For Parity select the type of parity used by the device to which you want to connect The default is None d Stop bits For Stop bits select the number of stop bits used by the device to which you want to connect The default is 1 e Flow co...

Page 201: ...g Click Enable TCP nodelay to enable TCP nodelay on the connection 14 Expand Session Settings a Enable Exclusive access to limit access to the serial port to a single active session b For Escape sequence type the characters used to start an escape sequence If no characters are defined the escape sequence is disabled The default is b c For History size type or select the number of bytes of output f...

Page 202: ...s enabled by default To disable config serial port1 enable false config 4 Set the mode config serial port1 mode remoteaccess config 5 Optional Set a label that will be used when referring to this port config path paramlabel label config 6 Set the baud rate used by the device to which you want to connect config path parambaudrate rate config 7 Set the number of data bits used by the device to which...

Page 203: ...e config c Set the number of bytes of output from the serial port that are written to buffer These bytes are redisplayed when a user connects to the serial port config path paramhistory bytes config The default is 4000 bytes d Set the amount of time to wait before disconnecting due to user inactivity config path paramidle_timeout value config where value is any number of weeks days hours minutes o...

Page 204: ...vice from Python applications See Add a USB serial port for information about creating serial ports in Application mode See Use Python to access serial ports for information about creating Python applications that access the serial port To change the configuration to match the serial configuration of the device to which you want to connect WebUI 1 Log into the TX54 WebUI as a user with Admin acces...

Page 205: ...f the WebUI page You may need to scroll to the top of the page to locate it Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 The serial port is enabled by defau...

Page 206: ...To change the configuration to match the serial configuration of the device to which you want to connect WebUI 1 Log into the TX54 WebUI as a user with Admin access 2 On the menu click System Under Configuration click Serial Configuration The Serial Configuration page is displayed Note You can also configure the serial port by using Device Configuration Serial Changes made by using either Device C...

Page 207: ... For Stop bits select the number of stop bits used by the device to which you want to connect e For Flow control select the type of flow control used by the device to which you want to connect 7 Expand Data Framing Settings a Click Enable to enable the data framing feature b For Maximum Frame Count enter the maximum size of the packet The default is 1024 c For Idle Time enter the length of time th...

Page 208: ...dd a destination i Click Add Destination A destination row is added ii Optional For Description enter a description of the destination iii For Hostname enter the host name or IP address of the remote site to which data should be sent iv For Port enter the port number of the remote site to which data should be sent 9 Click Apply to save the configuration and apply the change The Apply button is loc...

Page 209: ...ice to which you want to connect config serial port1 label baudrate rate config 7 Set the number of data bits used by the device to which you want to connect config serial port1 label databits bits config 8 Set the type of parity used by the device to which you want to connect config serial port1 label parity parity config Allowed values are n even n odd n none The default is none 9 Set the stop b...

Page 210: ...The packet is sent when this pattern is received from the serial port config serial port1 framing end_pattern backslash escaped string config 15 Set the strip end pattern if you want to remove the end pattern from the packet before it is sent config serial port1 framing strip_pattern true config 16 Set the UDP port config serial port1 udp port port config The default is 4001 17 Optional Enter a st...

Page 211: ...to which data should be sent config serial port1 udp destination 0 port port config serial port1 udp destination 0 19 Save the configuration and apply the change config save Configuration saved 20 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure Modbus mode Modbus mode allows ...

Page 212: ...tries a Baud rate For Baud rate select the baud rate used by the device to which you want to connect The default is 115000 b Data bits For Data bits select the number of data bits used by the device to which you want to connect The default is 8 c Parity For Parity select the type of parity used by the device to which you want to connect The default is None d Stop bits For Stop bits select the numb...

Page 213: ...n and apply the change The Apply button is located at the top of the WebUI page You may need to scroll to the top of the page to locate it Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configu...

Page 214: ...o connect The default is None d Stop bits For Stop bits select the number of stop bits used by the device to which you want to connect The default is 1 e Flow control For Flow control select the type of flow control used by the device to which you want to connect The default is None 1 Set the baud rate used by the device to which you want to connect config path parambaudrate rate config 2 Set the ...

Page 215: ...al access to the device remote serial out of band OOB access to other devices or for use in python applications The following USB to serial chipsets are supported n FTDI n Prolific To add a USB serial port WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Se...

Page 216: ...r Leave this option at the default of 0 for USB devices with only one serial port 9 For Serial mode select one of the following n Login Allows the user to log into the device through the serial port n Remote access Allows for remote access to another device that is connected to the serial port n Application Provides access to the serial device from Python applications See Use Python to access seri...

Page 217: ...timeout to ten minutes enter 10m or 600s The default is 15m e Optional Click to expand Monitor i Enable CTS to monitor CTS Clear to Send changes on this port ii Enable DCD to monitor DCD Data Carrier Detect changes on this port f Click to expand TCP connection i Click Enable to allow TCP access to this port CAUTION This connection is not authenticated or encrypted ii For Port type or select the ap...

Page 218: ...tworks that do not have a DNS server g Click to expand Telnet connection i Click Enable to allow telnet access to this port ii For Connection type select one of i Raw TCP connection The TCP connection is unencrypted ii Encrypted connection The TCP connection uses Transport Layer Security TLS encryption iii Encrypted connection with authentication The TCP connection uses TLS encryption with authent...

Page 219: ...lick again to allow access through additional firewall zones v Optional Click to enable mDNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server h Click to expand SSH connection i Click Enable to allow ssh access to this port ii For Port type or select the appropriate ssh port iii Optional Click to expand Access control list to limit access to the ssh connec...

Page 220: ...ick iii For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones iv Click again to allow access through additional firewall zones iv Optional Click to enable mDNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server 13 Click Apply to save the configuration and apply the change Command line...

Page 221: ... when referring to this port config serial USB_port label label config serial USB_port 6 If mode is set to login or remote a Set the baud rate used by the device to which you want to connect config serial USB_port baudrate rate config serial USB_port b Set the number of data bits used by the device to which you want to connect config serial USB_port databits bits config serial USB_port c Set the t...

Page 222: ...to the serial port config serial USB_port history bytes config serial USB_port The default is 4000 bytes d Set the amount of time to wait before disconnecting due to user inactivity config serial USB_port idle_timeout value config serial USB_port where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set idle_timeout to ten minutes ent...

Page 223: ... n To limit access to specified IPv4 addresses and networks config serial USB_port add service tcp acl address end value config serial USB_port Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the tcp port Repeat this step to list additional IP addresses or networks n To limit ...

Page 224: ...P lan1 LAN1 loopback Loopback wan1 WAN1 wwan1 WWAN1 wwan2 WWAN2 config serial USB_port Repeat this step to list additional interfaces n To limit access based on firewall zones config serial USB_port add service tcp acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config ser...

Page 225: ...Set the telnet port config serial USB_port service telnet port port config serial USB_port iii Optional Configure the access control list to limit access to the telnet connection n To limit access to specified IPv4 addresses and networks config serial USB_port add service telnet acl address end value config serial USB_port Where value can be l A single IP address or host name l A network designati...

Page 226: ...ces Use network interface to display interface information config serial USB_port network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP lan1 LAN1 loopback Loopback wan1 WAN1 wwan1 WWAN1 wwan2 WWAN2 config serial USB_port Repeat this step to list additional interfaces n To limit access based on firewall zones config serial USB_port add ser...

Page 227: ...serial USB_port service ssh enable false config serial USB_port ii Set the ssh port config serial USB_port service ssh port port config serial USB_port iii Optional Configure the access control list to limit access to the ssh connection n To limit access to specified IPv4 addresses and networks config serial USB_port add service ssh acl address end value config serial USB_port Where value can be l...

Page 228: ... config serial USB_port Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config serial USB_port network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP lan1 LAN1 loopback Loopback wan1 WAN1 wwan1 WWAN1 wwan2 WWAN2 config serial USB_port Repeat th...

Page 229: ...ost names in small networks that do not have a DNS server config serial USB_port service ssh mdns enable true config serial USB_port 8 Save the configuration and apply the change config serial USB_port save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show seri...

Page 230: ...be presented with an Access selection menu Type quit to disconnect from the device Log serial port messages To display and configure the serial port log WebUI 1 Log into the TX54 WebUI as a user with Admin access 2 On the main menu click Status 3 Under Connections click Serial 4 Click Log The Serial port log window displays 5 Click Start to start serial port logging 6 Click Stop to stop serial por...

Page 231: ... and protocol 238 Configure the Wi Fi radio s transmit power 241 Configure an open Wi Fi access point 242 Configure a Wi Fi access point with personal security 249 Configure a Wi Fi access point with enterprise security 256 Isolate Wi Fi clients 265 Configure a Wi Fi client and add client networks 273 Show Wi Fi access point status and statistics 282 Show Wi Fi client status and statistics 284 TX5...

Page 232: ...nd password By default the TX54 device has one single or dual cellular models or two dual Wi Fi models access points enabled The default SSID for the access point is Digi TX54 serial_number The password for the default access point is the unique password as found on the device s label See Reset default SSIDs and pre shared keys for the preconfigured Wi Fi access points for information about changi...

Page 233: ...cess points Digi AP Wi Fi single cellular and dual cellular models Digi AP Wi Fi1 dual Wi Fi models Digi AP Wi Fi2 dual Wi Fi models only Enabled or disabled Enabled Enabled Radio Wi Fi radio for single cellular and dual cellular models Wi Fi1 radio for dual Wi Fi models Wi Fi2 radio SSID Digi TX54 serial number Digi TX54 serial_number SSID broadcast Enabled Enabled Encyrption WPA2 Personal PSK WP...

Page 234: ... are not supported n 5 GHz band By default only non Dynamic Frequency Selection DFS channels are supported You can also enable support for DFS channels in client mode See Configure the Wi Fi radio to support DFS channels in client mode for information about enabling DFS support WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration cl...

Page 235: ...ess rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Set the channel for the radio a Determine available radios config network wifi radio Additional Configuration wifi1 Wi Fi1 radio wifi2 Wi Fi2 radio config network wifi radio b Determine ...

Page 236: ... 5 GHz frequencies that are normally reserved for non Wi Fi proposes In addition to the standard non DFS channels 36 40 44 and 48 your TX54 can be configured to have one or more Wi Fi clients that can connect to external Wi Fi access points that support DFS channels n DFS channels 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 and 144 n Higher 5GHz non DFS channels 149 153 157 161 and 165...

Page 237: ...ne radio listed 5 For Frequency band select 5 GHz 6 Click to enable DFS Client Support Note When DFS Client Support is enabled any enabled access points that use this radio will not be started and cannot be used as access points 7 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device...

Page 238: ...ints that use this radio will not be started and cannot be used as access points 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the Wi Fi radio s band and protocol For Wi Fi radios that support b...

Page 239: ...guration The Configuration window is displayed 3 Click Network WiFi 4 Click to expand the appropriate Wi Fi radio For single Wi Fi models there is only one radio listed 5 For Frequency band select either 2 4 GHz or 5 GHz 6 For Access point mode select the appropriate mode Only modes appropriate for the selected band are displayed 7 Click Apply to save the configuration and apply the change Command...

Page 240: ...wifi radio b Set the band for the appropriate radio config network wifi radio wifi1 band value config where value is either 2400mhz or 5000mhz c Set the mode for the Wi Fi radio For example n If the Wi Fi radio has a band of 2400mhz config network wifi radio wifi1 2400mhz mode value config where value is one of b bg bgn g gn or n n If the Wi Fi radio has a band of 5000mhz config network wifi radio...

Page 241: ...wer power WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network WiFi 4 Click to expand the appropriate Wi Fi radio For single Wi Fi models there is only one radio listed 5 For Tx power percentage type or select the appropriate percentage for the Wi Fi ra...

Page 242: ...io wifi1 tx_power value config where value is any integer between 1 and 100 and represents the percentage of transmit power that the Wi Fi module should use 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device C...

Page 243: ...dditional configuration items n Determine whether to broadcast the access point s SSID n Determine whether to isolate clients connected to this access point so that they cannot communicate with each other n The amount of time to wait before changing the group key To configure a Wi Fi access point with no security WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu...

Page 244: ...rotection Note Only select WPA3 Enhanced Open OWE if you know that all Wi Fi clients connecting to this device will have WPA3 capabilities 9 Optional For Group rekey interval type the amount of time to wait before changing the group key The group key is shared by all in clients of the access point and after a client has disconnected it will be able to use the group key to decrypt broadcast packets...

Page 245: ...enter configuration mode config config 3 Create a new access point config add network wifi ap new_AP config network wifi ap new_AP New access points are enabled by default 4 Set the Wi Fi radio for the new access point a Show available radios config network wifi ap new_AP radio Radio The Wi Fi radio to run this access point on Format wifi1 wifi2 Current value config network wifi ap new_AP b Set th...

Page 246: ... group key is shared by all in clients of the access point and after a client has disconnected it will be able to use the group key to decrypt broadcast packets until the key is changed config network wifi ap new_AP encryption group_rekey value config network wifi ap new_AP where value is any number of days hours minutes or seconds and takes the format number d h m s For example to set group rekey...

Page 247: ...tion digi_ap1 Digi AP Wi Fi1 digi_ap2 Digi AP Wi Fi2 config 4 Set the SSID for the appropriate access point config network wifi ap digi_ap1 ssid my_SSID config 5 SSID broadcasting is enabled by default for the preconfigured access points If SSID broadcasting is disabled config network wifi ap digi_ap1 ssid_broadcast true config 6 Set the security for the access point to an open security method con...

Page 248: ...of the access point and after a client has disconnected it will be able to use the group key to decrypt broadcast packets until the key is changed config network wifi ap digi_ap1 encryption group_rekey value config where value is any number of days hours minutes or seconds and takes the format number d h m s For example to set group rekey interval to ten minutes enter either 10m or 600s config net...

Page 249: ...ault access points but you can modify them or you can create your own access points Required configuration items n Enable the Wi Fi access point n Select a Wi Fi radio for the access point dual Wi Fi models only n The Service Set Identifier SSID for the access point n Configure security for the access point to use personal security n The password preshared key that clients will used to connect to ...

Page 250: ...ayed 3 Click Network WiFi Access points 4 Create a new access point or modify an existing access point n To create a new access point for Add WiFi access point type a name for the access point and click n To modify an existing access point click to expand the access point The Wi Fi access point configuration window is displayed 5 For SSID type the SSID Up to 32 characters are allowed 6 Enable SSID...

Page 251: ...r Group rekey interval type the amount of time to wait before changing the group key The group key is shared by all in clients of the access point and after a client has disconnected it will be able to use the group key to decrypt broadcast packets until the key is changed Allowed values are any number of days hours minutes or seconds and take the format number d h m s For example to set Group rek...

Page 252: ...int Up to 32 characters are allowed config network wifi ap new_AP ssid my_SSID config network wifi ap new_AP SSID broadcasting is enabled by default for new access points 6 Set the security for the access point to a personal security option config network wifi ap new_AP encryption type value config network wifi ap new_AP where value is one of n psk Uses WPA Personal PSK All Wi Fi clients must supp...

Page 253: ...t key_psk2sae to the appropriate password config network wifi ap new_AP encryption type psk2sae config network wifi ap new_AP encryption key_psk2sae abcd1234 config network wifi ap new_AP Note The encryption key type must correspond to the configured encryption type If you set an encyrption key type that does not correspond to the configured encryption type you will not be able to save the configu...

Page 254: ...nted with an Access selection menu Type quit to disconnect from the device Edit an existing Access point 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Show available acce...

Page 255: ...e All Wi Fi clients must support WPA3 to be able to authenticate config network wifi ap new_AP encryption type psk2sae config network wifi ap new_AP 7 Optional Determine whether to prevent clients that are connected to this access point from communicating with each other config network wifi ap digi_ap1 isolate_client true config See Isolate Wi Fi clients for information about how to prevent client...

Page 256: ...to a bridge See Configure a LAN and Configure a bridge for more information The access point must be assigned to an active LAN or a bridge that is assigned to an active LAN 2 Save the configuration and apply the change config save Configuration saved 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect f...

Page 257: ... Fi access point to a LAN interface or to a bridge See Configure a LAN and Configure a bridge for more information Additional configuration items n Determine whether to broadcast the access point s SSID n Determine whether to isolate clients connected to this access point so that they cannot communicate with each other n The server port for one or more RADIUS server n The amount of time to wait be...

Page 258: ...ed 6 Enable SSID broadcast to configure the radio to broadcast the SSID 7 Optional Enable Isolate clients to prevent clients that are connected to this access point from communicating with each other See Isolate Wi Fi clients for information about how to prevent clients connected to different access points from communicating with each other 8 For Encryption select WPA2 Enterprise 9 Configure one o...

Page 259: ...s enter 10m or 600s Increasing the time between rekeys can improve connectivity issues in noisy environments To disable group rekeys set to 0 This will allow any client that has previously connected to see all broadcast traffic on the wireless network until the Wi Fi radio is restarted The default is 10 minutes 11 Assign the Wi Fi access point to a LAN interface or to a bridge See Configure a LAN ...

Page 260: ...io config network wifi ap new_AP radio wifi1 config network wifi ap new_AP 5 Set the SSID for the Wi Fi access point Up to 32 characters are allowed config network wifi ap new_AP ssid my_SSID config network wifi ap new_AP SSID broadcasting is enabled by default for new access points 6 Set the security for the access point to wpa2 config network wifi ap new_AP encryption type wpa2 config network wi...

Page 261: ...ork wifi ap new_AP encryption radius_servers 1 host IP_address config network wifi ap new_AP encryption radius_servers 1 iii Repeat for additional radius servers 9 Optional Set the amount of time to wait before changing the group key The group key is shared by all in clients of the access point and after a client has disconnected it will be able to use the group key to decrypt broadcast packets un...

Page 262: ...he TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Show available access points config network wifi ap Additional Configuration digi_ap1 Digi AP Wi Fi1 digi_ap2 Digi AP Wi Fi2 config 4 Se...

Page 263: ...S server s port The default is 1812 config network wifi ap digi_ap1 encryption port_wpa2 port config 11 Optional Change the Wi Fi radio for the access point dual Wi Fi models only a Show available radios config network wifi radio Additional Configuration wifi1 Wi Fi1 radio wifi2 Wi Fi2 radio config b Set the appropriate radio config network wifi ap digi_ap1 radio wifi1 config 12 Optional Set the a...

Page 264: ...ffic on the wireless network until the Wi Fi radio is restarted The default is 10 minutes 1 Assign the Wi Fi access point to a LAN interface or to a bridge See Configure a LAN and Configure a bridge for more information The access point must be assigned to an active LAN or a bridge that is assigned to an active LAN 2 Save the configuration and apply the change config save Configuration saved 3 Typ...

Page 265: ...echanisms Isolate clients connected to the same access point WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network WiFi Access points 4 Create a new access point or modify an existing access point See Configure an open Wi Fi access point Configure a Wi F...

Page 266: ...p1 isolate_client true config 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Isolate clients connected to different access points Isolating clients that are on different access points involves the followin...

Page 267: ...nts b For Add WiFi access point type a name for the access point and click c For Radio select the appropriate Wi Fi radio d For SSID type the SSID Up to 32 characters are allowed e Select the appropriate type of Encryption and complete the encryption related fields as appropriate See Configure an open Wi Fi access point Configure a Wi Fi access point with personal security or Configure a Wi Fi acc...

Page 268: ... applied in the order that they are listed As a result in order to drop traffic from the Internal zone to the LAN2_isolation_zone this filter must be listed prior to the Allow all outgoing traffic filter which allows the Internal zone to have access to any zone To move the Drop traffic from Internal to LAN2_isolation_zone filter to the top of the list i Click the filter title ii Drag and drop the ...

Page 269: ... for the LAN g Click to expand DHCP server h Enable the DHCP server 6 Remove the Digi AP Wi Fi2 access point from the LAN1 bridge This step applies to dual Wi Fi models only and only if you are using both preconfigured access points rather than creating a new access point a Click Network Bridges LAN1 b Click the down arrow next to the the Digi AP Wi Fi2 access point and select Delete 7 Click Apply...

Page 270: ...rk wifi ap new_AP ii Set the appropriate radio config network wifi ap new_AP radio wifi1 config network wifi ap new_AP c Set the SSID for the Wi Fi access point Up to 32 characters are allowed config network wifi ap new_AP ssid my_SSID config network wifi ap new_AP d Set the security for the access point config network wifi ap new_AP encryption type value config network wifi ap new_AP where value ...

Page 271: ...filter 2 label Allow LAN2_isolation_zone to External config firewall filter 2 iv Set the source zone to LAN2_isolation_zone config firewall filter 2 src_zone LAN2_isolation_zone config firewall filter 2 v Set the destination zone to external config firewall filter 2 dst_zone external config firewall filter 2 d Create a firewall filter to drop traffic from the Internal zone used by the LAN1 interfa...

Page 272: ...ult access points We will use that LAN for the default access point or for dual Wi Fi models the Digi AP Wi Fi access point and create a new LAN for the second access point a Return to the root config prompt by typing three periods config firewall filter 0 config b Add the new LAN config add network interface LAN2 config network interface LAN2 c Set the device to the new Wi Fi access point or for ...

Page 273: ...k interface LAN2 del bridge lan1 device 4 config network interface LAN2 7 Save the configuration and apply the change config network interface LAN2 save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure a Wi Fi client and add client networks Required confi...

Page 274: ...onfigure a Wi Fi client you must assign the Wi Fi client to a WAN See Wide Area Networks WANs and Wireless Wide Area Networks WWANs for further information Additional configuration items n Enable and configure background scanning which allows the Wi Fi client to move between access points that have the same SSID as their signal strength varies n Additional access points that client will attempt to...

Page 275: ...n If a personal or mixed mode is selected for Pre shared key enter the password that the client will use to connect to the access point n If WPA2 Enterprise is selected l Select the Extensible Authentication Protocol EAP one of o TLS Client certificate authentication If TLS is selected include o The Username o The CA certificate in PEM format o The Client certificate in PEM format o The Private ke...

Page 276: ...ger the Scan threshold it will use the Long interval to determine how often to scan for available access points n If Short interval and Long interval are set to the same value Scan threshold is ignored For example the default configuration has both Short interval and Long interval set to 1 second which means that the device will scan for access points once per second regardless of the Scan thresho...

Page 277: ...configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Create a new Wi Fi client config add network wifi client new_client config network wifi client new_client New clients are enabled by default 4 Set the Wi Fi radio for the new client a Show available radios config network w...

Page 278: ...d by the access point Allowed values are n none no encryption n owe WPA3 Enhanced Open which uses Opportunistic Wireless Encryption OWE technology to provide encryption for Wi Fi networks that do not use password protection n psk WPA personal encryption n mixedpsk Uses both WPA and WPA2 personal encryption n psk2 WPA2 personal encryption n psk2sae Uses WPA2 PSK WPA3 AES mixed mode n sae Uses WPA3 ...

Page 279: ... config network wifi client new_client ssid 0 encryption id_wpa2 username config network wifi client new_client ii Set the SCEP client i Use the to determine available SCEP clients config network wifi client new_client ssid 0 encryption scep_client SCEP Client The SCEP client which this Wi Fi client will use to download the necessary keys and certificates from the SCEP server Format SCEP_test_clie...

Page 280: ...and pasting the private key in PEM format config network wifi client new_client ssid 0 encryption private_key key config network wifi client new_client v Optional Set the private key passphrase config network wifi client new_client ssid 0 encryption private_key_passphrase passphrase config network wifi client new_client 6 Optional Configure background scanning Background scanning allows the device...

Page 281: ...he number of seconds to wait between scans for access points when the signal strength from the access point to which the client is currently connected is below the value of bgscan_strength config network wifi client new_client bgscan_short_interval value config network wifi client new_client where value is any integer greater than 0 The default is 1 d Set the number of seconds to wait between scan...

Page 282: ...2432 2437 2442 2447 2452 2457 2462 Current value 2437 ii Add the appropriate frequency For example to add the 2457 frequency to the end of the list config network wifi client new_client add background_scanning scan_freq end 2457 config network wifi client new_client 7 Save the configuration and apply the change config network wireless client new_client save Configuration saved 8 Type exit to exit ...

Page 283: ...SID my_AP true up my_SSID 01 41 D1 14 36 37 digi_ap1 true up Digi2 00 40 D0 13 35 36 3 To view information about both active and inactive access points include the all parameter show wifi ap all AP Enabled Status SSID BSSID my_AP true up my_SSID 01 41 D1 14 36 37 digi_ap1 true up Digi2 00 40 D0 13 35 36 digi_ap2 false down Show detailed status and statistics of a specific Wi Fi access point To sho...

Page 284: ...ns click Wi Fi Clients Command line Show summary of Wi Fi clients To show the status and statistics for Wi Fi client use the show wifi client command 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type show wifi client show wifi client...

Page 285: ...mand 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type show wifi cleint name name show wifi client name my_client Client my_client Enabled true SSID my_SSID Status up Signal 43 MAC Address 91 fe 86 d1 0e 81 Channel 48 Radio wifi1 TX ...

Page 286: ... Authentication of hotspot users can be performed by the device itself by an external RADIUS server or other remote server or by HotspotSystem a cloud based hotspot management and billing service The device provides sample html pages to be used for authentication and you can modify these pages add your own pages or host HTML login pages on a remote web server Note Sample HTML pages provided by you...

Page 287: ...ADIUS server The credentials are validated by the RADIUS server The RADIUS server should be white listed by including it in the Walled garden Allowed domains or Walled garden Allowed subnets setting for the hotspot which allows unauthenticated hotspot clients to access the server for authentication The sample HTML page included with your TX54 device for RADIUS shared password authentication is log...

Page 288: ... is an open network This means that traffic transferred between the hotspot and the hotspot clients is not encrypted and can be intercepted by a packet sniffer or similar technology However the sample HTML login pages provided with your TX54 device use CHAP MD5 authentication providing a level of security during the authentication process Additionally websites that use the HTTPS protocol provide e...

Page 289: ...nable hotspot using the default configuration 290 Change the default hotspot SSID 295 Change the default hotspot IP address and subnet 297 Change the default hotspot bandwidth limits 300 Add an Ethernet port to the default hotspot 302 Use policy routes with hotspot 304 Create a new hotspot 305 Configure the hotspot to use local shared password authentication 318 Configure the hotspot to use RADIUS...

Page 290: ...Wi Fi models Access points n Name l Digi Hotspot AP Wi Fi single Wi Fi models l Digi Hotspot AP Wi Fi1 dual Wi Fi models l Digi Hotspot AP Wi Fi2 dual Wi Fi models n Disabled n SSID Digi Hotspot n Encryption Open unencrypted n Hotspot access points should be set to open unencrypted See Hotspot security for further information LAN n Name LAN hotspot n Disabled n Device hotspot_bridge n IP address 1...

Page 291: ...Configure the hotspot to use HotspotSystem authentication n Change the default hotspot IP address and subnet n Modify the sample local HTML page that the TX54 device uses by default for click through authentication See Edit sample hotspot HTML pages for information WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Co...

Page 292: ...odels or Digi Hotspot AP Wi Fi1 dual Wi Fi models b Click Enable c Dual Wi Fi models only Click Digi Hotspot AP Wi Fi2 d Click Enable 5 Enable the hotspot bridge a Click Network Bridges hotspot_bridge b Click Enable 6 Enable the hotspot LAN a Click Network Interface LAN LAN hotspot b Click Enable 7 Click Apply to save the configuration and apply the change ...

Page 293: ...Hotspot Hotspot configuration TX54 User Guide 293 ...

Page 294: ...otspot access points n Single Wi Fi models config network ap digi_hotspot_ap enable true config n Dual Wi Fi models config network ap digi_hotspot_ap1 enable true config network ap digi_hotspot_ap2 enable true config 5 Enable the hotspot bridge config network bridge hotspot_bridge enable true config 6 Enable the hotspot LAN config network interface lan_hotspot enable true config 7 Save the configu...

Page 295: ...the hotspot WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Wi Fi Access points Digi Hotspot AP Wi Fi single Wi Fi models or Digi Hotspot AP Wi Fi1 dual Wi Fi models 4 Change the default SSID Digi Hotspot to your preferred value 5 Dual Wi Fi models...

Page 296: ... to enter configuration mode config config 3 Change the SSID for digi_hotspot_ap single Wi Fi models or digi_hotspot_ap1 dual Wi Fi models to your preferred value config network wifi ap digi_hotspot_ap1 ssid value where value is a string of 1 to 32 characters If the value contains spaces enclose in quote marks 4 Dual Wi Fi models Change the SSID for digi_hotspot_ap2 to your preferred value config ...

Page 297: ...configuration See Enable hotspot using the default configuration for instructions n An IP address and subnet for the hotspot Additional configuration items n Hotspot DHCP server settings l Lease time l Lease range start and end To change the default hotspot IP address and subnet WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration c...

Page 298: ...ple to set Lease time to ten minutes enter 10m or 600s c For Lease range start type the lowest IP address in the range to assign to hotspot clients The value entered here represents the low order byte of the IP address and is combined with the subnet of the hotspot s static IP address The default is 100 d For Lease range end type the highest IP address in the range to assign to hotspot clients The...

Page 299: ...any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set lease_time to ten minutes enter either 10m or 600s config network hotspot hotspot ipv4 dhcp_server lease_time 600s config The default is 10 minutes b Set the lowest IP address in the range to assign to hotspot clients This value represents the low order byte of the IP address and is combined ...

Page 300: ...onfiguration items n Enable default hotspot configuration See Enable hotspot using the default configuration for instructions n Maximum download speed in Kbps n Maximum upload speed in Kbps To change the default hotspot IP address and subnet WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configur...

Page 301: ...in to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Change the default maximum download speed config network hotspot hotspot bandwidth_max_down value config where value is an integer between 1 and 100000 and represents the maximum download speed in Kbps 4 Change the default maximum upload speed config network hotspot hotspot bandwidth_max_up val...

Page 302: ...guration items n Enable default hotspot configuration See Enable hotspot using the default configuration for instructions n Ethernet port to be added to the hotspot To add an Ethernet port to the default hotspot WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Cl...

Page 303: ...rnet ETH4 device entry and select Delete 6 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Display a...

Page 304: ...e current LAN1 bridge configuration config show network bridge lan1 device 0 network device eth2 1 network device eth3 2 network device eth4 3 network wifi ap digi_ap1 4 network wifi ap digi_ap2 config b Use the index number 2 to remove the ETH4 device from the LAN1 bridge config del network bridge lan1 device 2 config 5 Save the configuration and apply the change config save Configuration saved 6...

Page 305: ... to disconnect from the device Create a new hotspot Required configuration items n A device or bridge for the hotstpot l If a bridge is used it must be included in an interface with an assigned IP address n The authentication mode l If Local shared password is selected for the authentication mode include the password l If RADIUS shared password or RADIUS users is selected for the authentication mo...

Page 306: ...l Domains that clients connected to the hotspot can access prior to the client being authenticated l Subnets that clients connected to the hotspot can access prior to the client being authenticated n Maximum download speed in Kbps n Maximum upload speed in Kbps n Enable verbose logging To create a new hotspot WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu cli...

Page 307: ... additional access points by following the above instructions 4 Optional Create a new bridge and interface for the hotspot Note Hotspot bridges must also be part of an interface with a configured IP address a Click Network Bridges b For Add Bridge type a name for the bridge and click c Add devices to the bridge i Click to expand Devices ii For Add device click iii Select the Device iv Repeat to ad...

Page 308: ...local shared password authentication for information about configuring hotspot for local shared password authentication n RADIUS shared password Requires each user to enter a password This password is validated by an external RADIUS server and the password is the same for all users See Configure the hotspot to use RADIUS shared password authentication for information about configuring hotspot for ...

Page 309: ...ge used for each authentication mode If you upload a custom HTML file that uses a filename other than the default filename type the custom filename here See Upload custom hotspot HTML pages for more information about creating and uploading custom HTML files 13 Optional For Authentication port type the port number that the hotspot authentication server will used The default is 3990 14 Optional For ...

Page 310: ... be included in the walled garden settings If Remote has been selected for Login page source the domain for the web server that is being use to serve the remote HTML files must be included in the white list defined in these fields n To add domains that can be accessed by the client prior to authentication a Click to expand Allowed domains b Click to add a domain c For Domain type the hostname of t...

Page 311: ...y other purpose If more than one access point is being used by the hotspot you must create a bridge that includes the access points a Create a new access point config add network wifi ap new_hotspot_AP1 config network wifi ap new_hotspot_AP1 New access points are enabled by default b Set the Wi Fi radio for the new access point i Show available radios config network wifi ap new_hotspot_AP1 radio R...

Page 312: ...onal Create a new bridge and interface for the hotspot Note Hotspot bridges must also be part of an interface with a configured IP address a Create a bridge config add network bridge new_hotspot_bridge config network bridge new_hotspot_bridge b Add devices to the bridge i Determine available devices config network bridge new_hotspot_bridge interface lan1 device Device The network device used by th...

Page 313: ... interface hotspot_bridge_interface f Set an IP address for the interface Note This IP address is not the IP address of the hotspot The hotspot IP address is configured during hotspot configuration config network interface hotspot_bridge_interface ipv4 address ip_ address netmask config network interface hotspot_bridge_interface g Type to return to the config prompt config network interface hotspo...

Page 314: ...k bridge new_hotspot_bridge b Add the appropriate device For example to add the Digi AP Wi Fi Wi Fi access point config network bridge new_hotspot_bridge add device end network wireless ap digi_ap1 config 7 Set an access point and Ethernet port or a bridge for the hotspot s device a Determine available devices config network hotspot new_hotspot device Device Device to use for this hotspot interfac...

Page 315: ...o enter username and password credentials that are established on an external RADIUS server The credentials are validated by the RADIUS server See Configure the hotspot to use RADIUS users authentication for information about configuring hotspot for RADIUS users authentication n hotspotsystem Requires each user to be authenticated by HotspotSystem a cloud hotspot service that supports various free...

Page 316: ...ort config network hotspot new_hotspot The default is 4990 13 If remote is selected for login a Set the IP address or fully qualified domain name or the remote web server that will be used for client authentication config network hotspot new_hotspot remote url address config network hotspot new_hotspot a Optional Set the shared secret that the remote server and the hotspot Used with cloud based ho...

Page 317: ... settings define the white list of domains and subnets that unauthenticated clients are able to access If external servers are used for client authentication such as a RADIUS server or HotspotSystem they should be included in the walled garden settings n Add domains that can be accessed by the client prior to authentication config network hotspot new_hotspot add walled_garden domains end domain_na...

Page 318: ...assword is the same for all users By default the router redirects unauthenticated users to the HTML authentication page located on the router at etc config hotspot password html You can customize the authentication page as needed or host an authentication page on a remote server See Customize the hotspot login page for further information Required configuration items n Create a new hotspot or Enab...

Page 319: ...red to enter to authentication with the hotspot 6 Click Apply to save the configuration and apply the change Configure hotspot for local shared password authentication from the Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the com...

Page 320: ... page located on the router at etc config hotspot password html You can customize the authentication page as needed or host an authentication page on a remote server See Customize the hotspot login page for further information Required configuration items n Create a new hotspot or Enable hotspot using the default configuration n Select RADIUS shared password authentication n IP address or hostname...

Page 321: ...pot users if the primary RADIUS server is not available c Optional For Port type the port number to use for RADIUS authentication requests The default is 1812 d Optional For Accounting port type the port number to use for RADIUS accounting requests The default is 1813 e For Secret enter the shared secret for the RADIUS server This is configured on the RADIUS server f For NAS ID enter the unique Ne...

Page 322: ...and line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Create a new hotspot or Enable hotspot using the default configuration 4 Set the authentication mode to radius shar...

Page 323: ...RADIUS attributes This can fix issues if the data limits and or accounting reports appear to be reversed on the RADIUS server config network hotspot hotspot_name radius swap octets true config The default is disabled 6 Set walled garden settings Walled garden settings define the white list of domains and subnets that unauthenticated clients are able to access Include the domain or subnet of the RA...

Page 324: ...tspot login page for further information Required configuration items n Create a new hotspot or Enable hotspot using the default configuration n Select RADIUS users authentication n IP address or hostname of the primary RADIUS server n Users configured on the RADIUS server n RADIUS server secret n RADIUS NAS ID n Domain name or subnet of the RADIUS server included in the white list of servers that...

Page 325: ...ot available c Optional For Port type the port number to use for RADIUS authentication requests The default is 1812 d Optional For Accounting port type the port number to use for RADIUS accounting requests The default is 1813 e For Secret enter the shared secret for the RADIUS server This is configured on the RADIUS server f For NAS ID enter the unique Network Access Server NAS identifier used by ...

Page 326: ... Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Create a new hotspot or Enable hotspot using the default configuration 4 Set the authentication mode to radius...

Page 327: ...RADIUS attributes This can fix issues if the data limits and or accounting reports appear to be reversed on the RADIUS server config network hotspot hotspot_name radius swap octets true config The default is disabled 6 Set walled garden settings Walled garden settings define the white list of domains and subnets that unauthenticated clients are able to access Include the domain or subnet of the RA...

Page 328: ...reate a new hotspot or Enable hotspot using the default configuration n Select HotspotSystem authentication n Create and configure a HotspotSystem account n The Operator name and location ID for the HotspotSystem Additional configuration items n Modify the local HTML authentication page etc config hotspot login html or enter the name of an alternative HTML authentication page stored in the same di...

Page 329: ... whitelisted n FREE Social login requires a number of domains depending on which services you select Refer to the following page for an up to date list of social login domains that need to be whitelisted Whitelist for hotspot free social login Configure hotspot for HotspotSystem authentication from the WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click Syst...

Page 330: ...4_ address netmask or the keyword any d Repeat to add additional subnets 7 Click Apply to save the configuration and apply the change Configure hotspot for HotspotSystem authentication from the Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin...

Page 331: ...ins n Add IP addresses and subnets that can be accessed by the client prior to authentication config network hotspot new_hotspot add walled_garden subnets end value config network hotspot new_hotspot where value is an IPv4 address and optional subnet mask using the format IPv4_ address netmask or the keyword any Repeat to add additional IP addresses or subnets 7 Save the configuration and apply th...

Page 332: ...Hotspot Show hotspot status and statistics TX54 User Guide 332 ...

Page 333: ... to a specific hotspot show hotspot name hotspot MAC Address IP Address Auth Username Duration max sec Idle max sec max up bandwidth max down bandwidth 8C 2D 2D C8 41 AA 10 1 0 101 yes mariev 0 0 0 0 0 0 0 0 E5 8A FC D3 DC 7E 10 1 0 100 no 0 0 0 0 0 0 0 0 4 Enter the show hotspot ip ip_address command at the Admin CLI prompt to display information about clients connected to a specific hotspot show...

Page 334: ... about which HTML file is used for each authentication mode The sample HTML webpages use ChilliLibrary js to perform authentication Do not modify ChilliLibrary js You can customize the sample HTML pages or replace them with your own page so that hotspot users will be redirected to your custom HTML page when they log into the hotspot You can also host the HTML pages on an external web server rather...

Page 335: ...e sample HTML file a Log into the TX54 WebUI as a user with Admin access b On the menu click System Under Administration click File System The File System page appears c Highlight the hotspot directory and click to open the directory d Select the HTML file you want to edit and click download Note The files in the hotspot directory are only available after hotspot has been enabled for the first tim...

Page 336: ... scp host 192 168 4 1 user admin remote home admin temp local etc config hotspot login html to local admin 192 168 4 1 s password adminpwd login html Upload custom hotspot HTML pages Rather than editing the sample HTML pages you can upload a custom login page with a different filename The new page should include ChilliLibrary js and call the same JavaScript functions that the sample HTML pages do ...

Page 337: ... to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the scp command to upload the edited file from your local machine the the TX54 device For example scp host 192 168 4 1 user admin remote home admin...

Page 338: ...ing the following 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the mv command to change the name of the existing hotspot directory mv etc config hotspot etc config hotspot_modified 3 Use the WebUI or the command line to disable all hotspots and then ree...

Page 339: ...ion For example here are some of the RADIUS attributes that the hotspot handles n Session Timeout n Idle Timeout n Acct Interim Interval n WISPr Redirection URL n WISPr Session Terminate Time n ChilliSpot Max Input Octets n ChilliSpot Max Output Octets n ChilliSpot Max Total Octets Also if the RADIUS server requests it the hotspot will send accounting information back to the RADIUS server For exam...

Page 340: ...Routing This chapter contains the following topics IP routing 341 Show the routing table 367 Dynamic DNS 369 Virtual Router Redundancy Protocol VRRP 375 TX54 User Guide 340 ...

Page 341: ...ay or interface 3 If it cannot find a route for the destination it uses a default route 4 If there are two or more routes to a destination the device uses the route with the longest mask 5 If there are two or more routes to a destination with the same mask the device uses the route with the lowest metric This section contains the following topics Configure a static route 342 Delete a static route ...

Page 342: ...ms n A label used to identify this route n The IPv4 address of the gateway used to reach the destination n The metric for the route When multiple routes are available to reach the same destination the route with the lowest metric is used n The Maximum Transmission Units MTU of network packets using this route To configure a static route WebUI 1 Log into the TX54 WebUI as a user with full Admin acc...

Page 343: ...erface on the TX54 device that will be used with this static route 8 Optional For Gateway type the IPv4 address of the gateway used to reach the destination Set to blank if the destination can be accessed without a gateway 9 Optional For Metric type the metric for the route When multiple routes are available to reach the same destination the route with the lowest metric is used 10 Optional For MTU...

Page 344: ... static 0 dst 192 168 47 0 24 config network route static 0 The any keyword can also be used to route packets to any destination with this static route 6 Set the interface on the TX54 device that will be used with this static route a Use the to determine available interfaces config network route static 0 interface Interface The network interface to use to reach the destination Format network inter...

Page 345: ...aximum Transmission Units MTU of network packets using this route config network route static 0 mtu integer config network route static 0 10 Save the configuration and apply the change config save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a static ro...

Page 346: ...Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Determine the index number of the static route to be deleted config show network route static 0 dst 10 0 0 1 enable true no gateway interface network interface lan1 label new_static_route metric 0 mtu 0 1 dst 192 168 5 1 enable true gateway 192 168 5 1 interface network interface lan2 l...

Page 347: ...d traffic external inbound traffic or IPSec tunnel traffic n Network interface for example the cellular connection the WAN or the LAN n IPv4 address n IPv6 address n MAC address n Domain n Protocol type TCP UDP ICMP or all The order of the policies is important Routing policies are processed sequentially as a result if a packet matches an earlier policy it will be routed using that policy s rules ...

Page 348: ...nfiguration window is displayed 3 Click Network Routes Policy based routing 4 Click the to add a new route policy The new route policy page is displayed New route policies are enabled by default To disable click to toggle Enable to off 5 Optional For Label type a label that will be used to identify this route policy 6 For Interface select the interface on the TX54 device that will be used with thi...

Page 349: ... the specified IP address or network Use the format IPv6_address prefix_length or use any to match any IPv6 address n MAC address Matches the source MAC address to the specified MAC address 12 Configure the destination address information a Click to expand Destination address b For Type select one of the following n Zone Matches the destination IP address to the selected firewall zone See Firewall...

Page 350: ... will be used to identify this route policy config network route policy 0 label New route policy config network route policy 0 5 Set the interface on the TX54 device that will be used with this route policy a Use the to determine available interfaces config network route policy 0 interface Interface The network interface used to reach the destination Packets that satisfy the matching criteria will...

Page 351: ...nfig network route policy 0 protocol value config network route policy 0 where value is one of n any All protocols are matched n tcp Source and destination ports are matched a Set the source port config network route policy 0 src_port value config network route policy 0 where value is the port number or the keyword any to match any port as the source port b Set the destination port config network ...

Page 352: ... 0 src type value config network route policy 0 where value is one of n zone Matches the source IP address to the selected firewall zone Set the zone a Use the to determine available zones config network route policy 0 src zone Zone Match the IP address to the specified firewall zone Format any dynamic_routes edge external hotspot internal ipsec loopback setup Default value any Current value any c...

Page 353: ...o the specified IP address or network Set the address that will be matched config network route policy 0 src address value config network route policy 0 where value uses the format IPv4_address netmask or any to match any IPv4 address n address6 Matches the source IPv6 address to the specified IP address or network Set the address that will be matched config network route policy 0 src address6 val...

Page 354: ...ple config network route policy 0 dst zone external config network route policy 0 See Firewall configuration for more information about firewall zones n interface Matches the destination IP address to the selected interface s network address Set the interface a Use the to determine available interfaces config network route policy 0 dst interface Interface The network interface Format network inter...

Page 355: ...n IPv6 address to the specified IP address or network Set the address that will be matched config network route policy 0 dst address6 value config network route policy 0 where value uses the format IPv6_address prefix_length or any to match any IPv6 address n mac Matches the destination MAC address to the specified MAC address Set the MAC address to be matched config network route policy 0 dst mac...

Page 356: ...rface while all other traffic uses the Ethernet WAN interface WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Routes Policy based routing 4 Click the to add a new route policy 5 For Label enter Route through cellular ...

Page 357: ... IP address that will be the destination for outgoing traffic routed through the WWAN interface In the above example this is 241 236 162 59 9 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access th...

Page 358: ...y 0 ii Set the zone to internal config network route policy 0 src zone internal config network route policy 0 e Configure the destination address i Set the destination to use an IPv4 address config network route policy 0 dst type address config network route policy 0 ii Set the IP address that will be the destination for outgoing traffic routed through the WWAN interface In the above example this ...

Page 359: ... MAC address while all other client devices are routed through the Ethernet WAN WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Create new firewall zones a Create a firewall zone named CellularWAN with Source NAT enabled i Click Firewall Zones ii For Add Zone ty...

Page 360: ...named WWAN ii For Zone select CellularWAN b Configure the Ethernet WAN interface i Click Network Interfaces WAN1 ii For Zone select EthernetWAN 5 Configure the policy based route for traffic from the client device that will be sent over the cellular WAN a Click Network Routes Policy based routing b Click the to add a new route policy c For Label type VoIP phone d For Interface select WWAN1 or WWAN...

Page 361: ...at rejects all other LAN packets on the cellular WAN interface a Click Firewall Packet filtering b Click the to add a new packet filtering rule c For Label type Reject LAN traffic to cellular WAN d For Action select Drop e For Source zone select Internal f For Destination zone select CellularWAN 7 Click Apply to save the configuration and apply the change Command line ...

Page 362: ..._nat true config firewall zone CellularWAN b Create second firewall zone named EthernetWAN with Source NAT enabled i Type to move back one node in the configuration config firewall zone CellularWAN config firewall zone ii Create the firewall zone config firewall zone add EthernetWAN config firewall zone EthernetWAN i Enable Source NAT on the new zone config firewall zone EthernetWAN src_nat true c...

Page 363: ...policy 0 interface network interface wwan1 config network route policy 0 Note On certain single cellular TX54 devices the cellular WAN interface may be named wwan d Configure the source as the MAC address of the VoIP phone i Set the source type to mac config network route policy 0 src type mac config network route policy 0 ii Set the MAC address to the MAC address of the VoIP phone config network ...

Page 364: ... config firewall filter 2 d Set the source zone to internal config firewall filter 2 src_zone internal config firewall filter 2 e Set the destination zone to CellularWAN config firewall filter 2 dst_zone CellularWAN config firewall filter 2 7 Save the configuration and apply the change config firewall filter 2 save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device conf...

Page 365: ...Border Gateway Protocol BGP service supports BGP 4 RFC1771 IS IS The IPv4 and IPv6 Intermediate System to Intermediate System IS IS service Configure routing services Required configuration items n Enable routing services n Enable and configure the types of routing services that will be used WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Co...

Page 366: ...y the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable routing services config network route service enable true config 4 Configure routing servic...

Page 367: ...ple use the to view the available parameters for the RIP service config network route service rip Parameters Current Value ecmp false Allow ECMP enable true Enable Additional Configuration interface Interfaces neighbour Neighbours redis Route redistribution timer Timers config 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending ...

Page 368: ...splayed 3 Click Status Routes The Network Routing window is displayed 4 Click IPv4 Load Balance to view IPv4 load balancing 5 Click IPv6 Load Balance to view IPv6 load balancing Command line 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prom...

Page 369: ...can limit the display to only IPv4 entries by using show route ipv4 or to IPv6 entries by using show route ipv6 You can also display more information by adding the verbose option to the show route and show route ip_type commands 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Dynamic...

Page 370: ...name of a Dynamic DNS provider n The domain name that is linked to the interface s IP address n The username and password to authenticate with the Dynamic DNS provider Additional configuration items n If the Dynamic DNS service provider is set to custom identify the URL that should be used to update the IP address with the Dynamic DNS provider n The amount of time to wait to check if the interface...

Page 371: ... with the Dynamic DNS provider 6 For Service select the Dynamic DNS provider or select custom to enter a custom URL for the Dynamic DNS provider 7 If custom is selected for Service type the Custom URL that should be used to update the IP address with the Dynamic DNS provider 8 Type the Domain name that is linked to the interface s IP address 9 Type the Username and Password used to authenticate wi...

Page 372: ... s For example to set Retry interval to ten minutes enter 10m or 600s 13 Optional For Retry count type the number of times to retry a failed IP address update 14 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Typ...

Page 373: ...mine available services config network ddns new_ddns_instance service Service The provider of the dynamic DNS service Format custom 3322 org changeip com ddns com br dnsdynamic org Default value custom Current value custom config network ddns new_ddns_instance service b Set the service config network ddns new_ddns_instance service service_name config network ddns new_ddns_instance 6 If custom is c...

Page 374: ...t check_interval to ten minutes enter either 10m or 600s config network ddns new_ddns_instance check_interval 600s config network ddns new_ddns_instance The default is 10m 11 Optional Set the amount of time to wait to force an update of the interface s IP address config network ddns new_ddns_instance force_interval value config network ddns new_ddns_instance where value is any number of weeks days...

Page 375: ...lure without requiring configuration of dynamic routing or router discovery protocols on every host Multiple TX54 devices can be configured as VRRP devices and assigned a priority The router with the highest priority will be used as the master router If the master router fails then the IP address of the virtual router is mapped to the backup device with the next highest priority Each VRRP router i...

Page 376: ...e this virtual IP address as their default gateway See Configure VRRP for information about configuring VRRP an extension to VRRP that uses network probing to monitor connections through VRRP enabled devices and dynamically change the VRRP priorty of devices based on the status of their network connectivity WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click...

Page 377: ...VRRP pool then the priority of this device should be set to 255 Allowed values are from 1 and 255 and it is configured to 100 by default 9 Optional For Password type a password that will be used to authenticate this VRRP router with VRRP peers If the password length exceeds 8 characters it will be truncated to 8 characters 10 Configure the virtual IP addresses associated with this VRRP instance a ...

Page 378: ...back network interface wan1 network interface wwan1 network interface wwan2 Current value config network vrrp VRRP_test interface b Set the interface for example config network vrrp VRRP_test interface network interface lan1 config network vrrp VRRP_test c Repeat for additional interfaces 6 Set the router ID The Router ID must be the same on all VRRP devices that participate in the same VRRP devic...

Page 379: ...aved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure VRRP VRRP is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP enabled devices and adjust devices VRRP priority based on the status of the SureLink tests This sectio...

Page 380: ...ice Additional configuration items n For backup VRRP devices enable the ability to monitor the VRRP master so that a backup device can increase its priority when the master device fails SureLink tests WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network...

Page 381: ... promote itself to master 9 For Priority modifier type or select the amount that the device s priority should be decreased due to SureLink connectivity failure and increased when SureLink succeeds again Along with the priority settings for devices in this VRRP pool the amount entered here should be large enough to automatically demote a master device when SureLink connectivity fails For example if...

Page 382: ...k to expand DHCP Server Advanced settings ii For Gateway select Custom iii For Custom gateway enter the IP address of one of the virtual IPs used by this VRRP instance e For backup devices enable and configure SureLink on the VRRP interface Generally this should be a LAN interface VRRP will then monitor the LAN using SureLink to determine if the interface has network connectivity and promote a bac...

Page 383: ...ick Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Create a new VRRP instance or edit an existing one See...

Page 384: ...e should be large enough to automatically demote a master device when SureLink connectivity fails For example if the VRRP master device has a priority of 100 and the backup device has a priority of 80 then weight should be set to an amount greater than 20 so that if SureLink fails on the master it will lower its priority to below 80 and the backup device will assume the master role 7 Optional For ...

Page 385: ...nerally this should be a LAN interface VRRP will then monitor the LAN using SureLink to determine if the interface has network connectivity and promote a backup to master if SureLink fails config show network vrrp VRRP_test interface network interface lan1 config ii Enable SureLink on the interface config network interface lan1 ipv4 surelink enable true config iii Set the amount of time to wait be...

Page 386: ...ork interface lan1 ipv4 surelinktarget 0 dns_server ip_address config network interface lan1 ipv4 surelinktarget 0 n dns_configured Tests connectivity by sending a DNS query to the DNS servers configured for this interface n http Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL l Specify the url config network interface lan1 ipv4 surelink target 0 http_url value conf...

Page 387: ...rk interface lan1 ipv4 surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interface_timeout to ten minutes enter either 10m or 600s config network interface lan1 ipv4 surelink target 0 interface_timeout 600s config network interface lan1 ipv4 surelink target 0 The default is 60 seconds 9 Save the configuration...

Page 388: ...figure device one master device WebUI Task 1 Configure VRRP on device one 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network VRRP ...

Page 389: ...ce LAN1 7 For Router ID leave at the default setting of 50 8 For Priority leave at the default setting of 100 9 Click to expand Virtual IP addresses 10 Click to add a virtual IP address 11 For Virtual IP type 192 168 3 3 Task 2 Configure VRRP on device one 1 Click to expand VRRP 2 Click Enable 3 Click to expand Monitor interfaces 4 Click to add an interface for monitoring 5 Select Interface WWAN1 ...

Page 390: ...art leave at the default of 100 3 For Lease range end type 199 4 Click to expand Advanced settings 5 For Gateway select Custom 6 For Custom gateway enter 192 168 3 3 7 Click Apply to save the configuration and apply the change Command line Task 1 Configure VRRP on device one 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be p...

Page 391: ...ure VRRP on device one 1 Enable VRRP config network vrrp VRRP_test vrrp_plus enable true config network vrrp VRRP_test 2 Add the interface to monitor config network vrrp VRRP_test add vrrp_plus monitor_interface end network interface wwan1 config network vrrp VRRP_test 3 Set the amount that the device s priority should be decreased or increased due to SureLink connectivity failure or success to 30...

Page 392: ...ace lan1 ipv4 dhcp_server advanced gateway custom config 3 Set the custom gateway to 192 168 3 3 config network interface lan1 ipv4 dhcp_server advanced gateway_custom 192 168 3 3 config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit t...

Page 393: ...he new VRRP instance configuration is displayed 5 Click Enable 6 For Interface select Interface LAN1 7 For Router ID leave at the default setting of 50 8 For Priority type 80 9 Click to expand Virtual IP addresses 10 Click to add a virtual IP address 11 For Virtual IP type 192 168 3 3 Task 2 Configure VRRP on device two 1 Click to expand VRRP 2 Click Enable ...

Page 394: ...VRRP interface LAN1 on device two 1 Click Network Interfaces LAN1 IPv4 2 For Address type 192 168 3 2 24 3 For Default gateway type the IP address of the VRRP interface on the master device configured above in Task 3 step 2 192 168 3 1 Task 4 Configure SureLink for LAN1 on device two 1 Click Network Interfaces LAN1 IPv4 SureLink 2 Click Enable 3 For Interval type 15s 4 Click to expand Test targets...

Page 395: ...1 Configure VRRP on device two 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Create the VRRP instance config add network vrrp VRRP_test config network vrrp VRRP_test 4 En...

Page 396: ...ig network vrrp VRRP_test vrrp_plus monitor_master true config network vrrp VRRP_test 4 Set the amount that the device s priority should be decreased or increased due to SureLink connectivity failure or success to 30 config network vrrp VRRP_test network vrrp VRRP_test vrrp_plus weight 30 config network vrrp VRRP_test Task 3 Configure the IP address for the VRRP interface LAN1 on device two 1 Type...

Page 397: ...arget 0 ping_host my devicecloud com config network interface lan1 ipv4 surelink target 0 Task 5 Configure the DHCP server for LAN1 on device two 1 Type to return to the root of the configuration prompt config network interface lan1 ipv4 surelink target 0 config 2 Set the start and end addresses of the DHCP pool to use to assign DHCP addresses to clients a Set the start address to 200 config netwo...

Page 398: ...enu Type quit to disconnect from the device Show VRRP status and statistics This section describes how to display VRRP status and statistics for a TX54 device VRRP status is available from the Web UI only WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Sta...

Page 399: ...tate Virtual IP VRRP_test Up IPv4 Backup 10 10 10 1 VRRP_test Up IPv4 Backup 100 100 100 1 3 To display additional information about a specific VRRP instance at the Admin CLI prompt type show vrrp name name show vrrp name VRRP_test VRRP_test VRRP Status Enabled True Status Up Interface lan IPv4 Virtual IP address es 10 10 10 1 100 100 100 1 Current State Master Current Priority 100 Last Transition...

Page 400: ...y connect two private networks together so that devices can connect from one network to the other using secure channels This chapter contains the following topics IPsec 401 OpenVPN 455 Generic Routing Encapsulation GRE 487 L2TP 508 L2TPv3 Ethernet 528 NEMO 534 TX54 User Guide 400 ...

Page 401: ...ec can run in two different modes Tunnel and Transport Tunnel The entire IP packet is encrypted and or authenticated and then encapsulated as the payload in a new IP packet Transport Only the payload of the IP packet is encrypted and or authenticated The IP header is left untouched This mode has limitations when using an authentication header because the IP addresses in the IP header cannot be tra...

Page 402: ...d key authentication mode provides additional security by using client authentication credentials in addition to the standard pre shared key The TX54 device can be configured to authenticate with the remote peer as an XAUTH client RSA Signatures With RSA signatures authentication the TX54 device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key Cert...

Page 403: ...Configure SureLink active recovery for IPsec for information about IPsec active recovery Additional configuration items The following additional configuration settings are not typically configured to get an IPsec tunnel working but can be configured as needed n Determine whether the device should use UDP encapsulation even when it does not detect that NAT is being used n If using IPsec failover id...

Page 404: ...h the networks for a WAN internet connection wired cellular or otherwise you must configure a static route to direct the traffic either through the IPsec tunnel or through the WAN outside of the IPsec tunnel See Configure a static route for information about configuring a static route WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configura...

Page 405: ...on your network configuration you may need to add a packet filtering rule to allow incoming traffic For example for the IPsec zone a Click to expand Firewall Packet filtering b For Add packet filter click c For Label type Allow incoming IPsec traffic d For Source zone select IPsec Leave all other fields at their default settings 10 For Metric enter or select the priority of routes associated with ...

Page 406: ... pre shared key This must be the same as the local key on the remote host n RSA signature Uses a private RSA key to authenticate with the remote peer i For Private key paste the device s private RSA key in PEM format ii Type the Private key passphrase that is used to decrypt the private key Leave blank if the private key is not encrypted iii For Peer public key paste the peer s public RSA key in P...

Page 407: ...ration information such as the private IP address from the remote peer 18 Click to expand Local endpoint a For Type select either n Default route Uses the same network interface as the default route n Interface Select the Interface to be used as the local endpoint b Click to expand ID i Select the ID type n Auto The ID will be automatically determined from the value of the tunnels endpoints n Raw ...

Page 408: ...type a hostname or IPv4 address If your device is not configured to initiate the IPsec connection see IKE Initiate connection you can also use the keyword any which means that the hostname is dynamic or unknown iii Click again to add additional hostnames d Click to expand ID i Select the ID type n Auto The ID will be automatically determined from the value of the tunnels endpoints n Raw Enter an I...

Page 409: ...figuration is displayed b Click to expand Local traffic selector c For Type select one of the following n Address The address of a local network interface For Address select the appropriate interface n Network The subnet of a local network interface For Address select the appropriate interface n Custom network A user defined network For Custom network enter the IPv4 address and optional netmask n ...

Page 410: ...or Port type the port matching criteria Allowed values are a port number a range of port numbers or any 21 Click to expand IKE a For IKE version select either IKEv1 or IKEv2 This setting must match the peer s IKE version b Initiate connection instructs the device to initiate the key exchange rather than waiting for an incoming request This must be disabled if Remote endpoint Hostname is set to any...

Page 411: ...c tunnel is renegotiated Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Lifetime margin to ten minutes enter 10m or 600s i Click to expand Phase 1 Proposals i Click to create a new phase 1 proposal ii For Cipher select the type of encryption iii For Hash select the type of hash to use to verify communication integrity iv...

Page 412: ...ck to expand NAT to create a list of destination networks that require source NAT a Click next to Add NAT destination b For Destination network type the IPv4 address and optional netmask of a destination network that requires source NAT You can also use any meaning that any destination network connected to the tunnel will use source NAT 24 See Configure SureLink active recovery for IPsec for infor...

Page 413: ...n ipsec tunnel ipsec_example 4 Optional Set the tunnel to use UDP encapsulation even when it does not detect that NAT is being used config vpn ipsec tunnel ipsec_example force_udp_encap true config vpn ipsec tunnel ipsec_example 5 Set the firewall zone for the IPsec tunnel Generally this should be left at the default of ipsec config vpn ipsec tunnel ipsec_example zone zone config vpn ipsec tunnel ...

Page 414: ...han one active route matches a destination the route with the lowest metric is used The metric can also be used in tandem with SureLink to configure IPsec failover behavior See Configure IPsec failover for more information config vpn ipsec tunnel ipsec_example metric value config vpn ipsec tunnel ipsec_example where value is any integer between 0 and 65535 7 Set the mode config vpn ipsec tunnel ip...

Page 415: ...metric pre shared keys to authenticate with the remote peer a Set the local pre shared key This must be the same as the remote key on the remote host config vpn ipsec tunnel ipsec_example auth local_secret key config vpn ipsec tunnel ipsec_example b Set the remote pre shared key This must be the same as the local key on the remote host config vpn ipsec tunnel ipsec_example auth remote_secret key c...

Page 416: ...unnel ipsec_example d Set the method for verifying the peer s X 509 certificate config vpn ipsec tunnel ipsec_example auth peer_verify value config vpn ipsec tunnel ipsec_example where value is either l cert Uses the peer s X 509 certificate in PEM format for verification o For the peer_cert parameter paste the peer s X 509 certificate in PEM format config vpn ipsec tunnel ipsec_example auth peer_...

Page 417: ...ocal network interface config vpn ipsec tunnel ipsec_example local type value config vpn ipsec tunnel ipsec_example where value is either n defaultroute Uses the same network interface as the default route n interface Select the Interface to be used as the local endpoint b Set the ID type config vpn ipsec tunnel ipsec_example local id type value config vpn ipsec tunnel ipsec_example where value is...

Page 418: ...erpreted as a Key ID and sent as an ID_KEY_ID IKE identity Set the key ID config vpn ipsec tunnel ipsec_example local id type keyid_id id config vpn ipsec tunnel ipsec_example n mac_address The device s MAC address will be used for the Key ID and sent as an ID_KEY_ID IKE identity n serial_number The ID device s serial number will be used for the Key ID and sent as an ID_KEY_ID IKE identity 14 Conf...

Page 419: ...c_example n any Any ID will be accepted n ipv4 The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity Set an IPv4 formatted ID This can be a fully qualified domain name or an IPv4 address config vpn ipsec tunnel ipsec_example remote id type ipv4_id id config vpn ipsec tunnel ipsec_example n ipv6 The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_AD...

Page 420: ...t the device will initiate the key exchange This must be disabled if remote hostname is set to any To disable config vpn ipsec tunnel ipsec_example ike initiate false config vpn ipsec tunnel ipsec_example c Set the IKE phase 1 mode config vpn ipsec tunnel ipsec_example ike mode value config vpn ipsec tunnel ipsec_example where value is either aggressive or main d Set the IKE fragmentation config v...

Page 421: ...config vpn ipsec tunnel ipsec_example where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set phase2_lifetime to ten minutes enter either 10m or 600s config vpn ipsec tunnel ipsec_example ike phase2_lifetime 600s config vpn ipsec tunnel ipsec_example The default is one hour h Set a randomizing amount of time before the IPsec tunnel ...

Page 422: ...ne available Diffie Hellman group types config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 dh_group curve25519 curve448 ecp192 ecp224 config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 ii Set the Diffie Hellman group type config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 dh_group value config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 The default is modp2048 v...

Page 423: ...92 aes256 or null The default is 3des iv Set the type of hash to use during phase 2 to verify communication integrity config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 hash value config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 where value is one of md5 sha1 sha256 sha384 or sha512 The default is sha1 v Set the type of Diffie Hellman group to use for key exchange during phase ...

Page 424: ... Change to the root of the configuration schema config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 config b To disable dead peer detection config vpn ipsec tunnel ipsec_example dpd enable false config c Set the number of seconds between transmissions of dead peer packets Dead peer packets are only sent when the tunnel is idle The default is 60 config vpn ipsec tunnel ipsec_example dpd del...

Page 425: ...fig vpn ipsec tunnel ipsec_example policy 0 local type value config vpn ipsec tunnel ipsec_example policy 0 where value is one of n address The address of a local network interface Set the address i Use the to determine available interfaces config vpn ipsec tunnel ipsec_example policy 0 local address Address The local network interface to use the address of This field must be set when Type is set ...

Page 426: ...er defined network Set the custom network config vpn ipsec tunnel ipsec_example policy 0 local custom value config vpn ipsec tunnel ipsec_example policy 0 where value is the IPv4 address and optional netmask The keyword any can also be used n request Requests a network from the remote peer n dynamic Uses the address of the local endpoint d Set the port matching criteria for the local traffic selec...

Page 427: ...ote traffic selector config vpn ipsec tunnel ipsec_example policy 0 remote port value config vpn ipsec tunnel ipsec_example policy 0 where value is the port number a range of port numbers or the keyword any h Set the protocol matching criteria for the remote traffic selector config vpn ipsec tunnel ipsec_example policy 0 remote protocol value config vpn ipsec tunnel ipsec_example policy 0 where va...

Page 428: ... time Additional Configuration connection_retry_timeout Connection retry timeout connection_try_interval Connection try interval ike_timeout IKE timeout config Generally the default settings for these should be sufficient c You can also enable debugging for IPsec config vpn ipsec advanced debug value config where value is one of n none n basic_auditing n detailed_control n generic_control n raw_da...

Page 429: ...h tunnels are active simultaneously and there is minimal downtime due to failover l Identify the preferred tunnel during configuration of the backup tunnel In this scenario the backup tunnel is not active until the preferred tunnel fails IPsec failover using SureLink With this configuration when two IPsec tunnels are configured with the same local and remote endpoints but different metrics traffic...

Page 430: ...point WebUI 1 Configure the primary IPsec tunnel See Configure an IPsec tunnel for instructions n During configuration of the IPsec tunnel set the metric to a low value for example 10 n Configure SureLink for the primary IPsec tunnel and enable Restart interface See Configure SureLink active recovery for IPsec for instructions 2 Create a backup IPsec tunnel Configure this tunnel to use the same lo...

Page 431: ...a value that is higher than the metric of the primary tunnel for example 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel metric 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel IPsec failover using Preferred tunnel WebUI 1 Configure the primary IPsec tunnel See Configure an IPsec tunnel for instructions 2 Create a backup IPsec tunnel See Configure an IPsec tunnel for instructions 3 During...

Page 432: ...nnel See Configure IPsec failover for further information Required configuration items n A valid IPsec configuration See Configure an IPsec tunnel for configuration instructions n Enable IPsec active recovery n The behavior of the TX54 device upon IPsec failure either l Restart the IPsec interface l Reboot the device Additional configuration items n The interval between connectivity tests n Whethe...

Page 433: ... select an existing one n To create a new IPsec tunnel see Configure an IPsec tunnel n To edit an existing IPsec tunnel click to expand the appropriate tunnel 5 After creating or selecting the IPsec tunnel click Active recovery 6 Enable active recovery 7 For Restart interface enable to configure the device to restart the interface when its connection is considered to have failed This is useful for...

Page 434: ...ault is 15 seconds 13 Add a test target a Click to expand Test targets b For Add Test target click c Select the Test type n Test another interface s status Allows you to test another interface s status to create a failover or coupled relationship between interfaces If Test another interface s status is selected l For Test Interface select the alternate interface to be tested l For IP version selec...

Page 435: ... format number w d h m s For example to set Initial connection time to ten minutes enter 10m or 600s The default is 60 seconds 14 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI ...

Page 436: ...ipsec tunnel ipsec_example surelink interval 600s config vpn ipsec tunnel ipsec_example The default is 15 minutes 8 Determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets config vpn ipsec tunnel ipsec_example surelink success_condition value config vpn ipsec tunnel ipsec_example Where value is either one or all 9 Set the number o...

Page 437: ...ipsec_example surelink target 0 n dns Tests connectivity by sending a DNS query to the specified DNS server l Specify the DNS server Allowed value is the IP address of the DNS server config vpn ipsec tunnel ipsec_example surelink target 0 dns_server ip_address config vpn ipsec tunnel ipsec_example surelink target 0 n dns_configured Tests connectivity by sending a DNS query to the DNS servers confi...

Page 438: ...alue config vpn ipsec tunnel ipsec_example surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set timeout to ten minutes enter either 10m or 600s config vpn ipsec tunnel ipsec_example surelink target 0 interface_timeout 600s config vpn ipsec tunnel ipsec_example surelink target 0 The default is 60 seconds l other ...

Page 439: ...ple surelink target 0 other_ip_version value config vpn ipsec tunnel ipsec_example surelink target 0 where value is one of any both ipv4 or ipv6 o Set the expected status of the alternate interface config vpn ipsec tunnel ipsec_example surelink target 0 other_status value config vpn ipsec tunnel ipsec_example surelink target 0 where value is either up or down For example if other_status is set to ...

Page 440: ...e the following at the prompt show ipsec all Name Enable Status Hostname ipsec1 true up 192 168 2 1 vpn1 false pending 192 168 3 1 3 To display details about a specific tunnel show ipsec tunnel ipsec1 Tunnel ipsec1 Enable true Status pending Hostname 192 168 2 1 Zone ipsec Mode tunnel Type esp 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Acc...

Page 441: ...ing information for example SA up SA down n Generic control flow Select this for basic debugging information n Detailed control flow More detailed debugging control flow n Raw data Includes raw data dumps in hexadecimal format n Sensitive material Also includes sensitive material in dumps for example encryption keys 6 Click Apply to save the configuration and apply the change Command line 1 Log in...

Page 442: ...ss selection menu Type quit to disconnect from the device Configure a Simple Certificate Enrollment Protocol client Simple Certificate Enrollment Protocol SCEP is a mechanism that allows for large scale X 509 certificate deployment You can configure TX54 device to function as a SCEP client that will connect to a SCEP server that is used to sign Certificate Signing Requests CSRs provide Certificate...

Page 443: ...nt configuration is displayed 5 Click Enable to enable the SCEP client 6 For Renewable Time type the number of days that the certificate enrollment can be renewed prior to the request expiring This value is configured on the SCEP server and is used by the TX54 device to determine when to start attempting to auto renew an existing certificate The default is 7 7 Optional For CRL file name type the f...

Page 444: ...essing the certificate authority You should leave this option at the default of cgi bin pkiclient exe unless directed by the CA to use another path 12 For Password type the challenge password as configured on the SCEP server 13 Click to expand Distinguished Name 14 Type the value for each appropriate Distinguished Name attribute 15 Click Apply to save the configuration and apply the change Command...

Page 445: ... required config network scep_client scep_client_name server ca_ident string config network scep_client scep_client_name 7 Set the HTTP URL path required for accessing the certificate authority You should leave this option at the default of cgi bin pkiclient exe unless directed by the CA to use another path config network scep_client scep_client_name server path path config network scep_client sce...

Page 446: ...Set the number of days that the certificate enrollment can be renewed prior to the request expiring This value is configured on the SCEP server and is used by the TX54 device to determine when to start attempting to auto renew an existing certificate The default is 7 config network scep_client scep_client_name renewable_time integer config network scep_client scep_client_name 11 Optional Set the f...

Page 447: ...left at their defaults or changed as appropriate f Click OK 3 Edit SCEP settings a From the menu click SCEP General b Click Enable SCEP if it is not enabled c For Default enrollment password enter a password The password entered here must correspond to the challenge password configured for the SCEP client on the TX54 device d The remaining fields can be left at their defaults or changed as appropr...

Page 448: ...TX54 device WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network SCEP Client 4 For Add clients enter a name for the SCEP client and click The new SCEP client configuration is displayed 5 Click Enable to enable the SCEP client ...

Page 449: ... corresponds to the Certificate ID of the CA created on the Fortinet server for example fortinet_example_ca crl 8 Click to expand SCEP server 9 For FQDN type the fully qualified domain name or IP address of the Fortinet server 10 For Password type the challenge password This corresponds to the Default enrollment password on the Fortinet server 11 Click to expand Distinguished Name 12 Type the valu...

Page 450: ...client server url https fortinet example com config network scep_client Fortinet_SCEP_client 6 Set the challenge password as configured on the SCEP server This corresponds to the Default enrollment password on the Fortinet server config network scep_client Fortinet_SCEP_client server password challenge_password config network scep_client Fortinet_SCEP_client 7 Set Distinguished Name attributes The...

Page 451: ...ertified is expired option on the Fortinet server config network scep_client Fortinet_SCEP_client renewable_time integer config network scep_client Fortinet_SCEP_client 9 Optional Set the filename of the Certificate Revocation List CRL from the CA The CRL is stored on the TX54 device in the etc config scep_client client_name directory config network scep_client Fortinet_SCEP_client crl_name name c...

Page 452: ...Apply to save the configuration and apply the change The device must be rebooted for the change to take effect See Reboot your TX54 device Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configu...

Page 453: ... This option is only available for the TX54 Dual Cellular device If you are experiencing problems when using IPSEC such as the kernel crashing or unexpected package loss disabling hardware cryptographic acceleration may correct the problem WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configurat...

Page 454: ...the command line type config to enter configuration mode config config 3 Disable hardware cryptographic acceleration config system hycrypto false 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device The device m...

Page 455: ...ubnet from the OpenVPN server and other OpenVPN clients OpenVPN clients use Network Address Translation NAT to route traffic from devices connected on its LAN interfaces to the OpenVPN server The manner in which the IP subnets are defined depends on the OpenVPN topology in use The TX54 device supports two types of OpenVPN topology OpenVPN Topology Subnet definition method net30 Each OpenVPN client...

Page 456: ...rd interface configuration for example a standard DHCP server configuration l TAP Device only An alternate form of OpenVPN bridging mode in which the device rather than OpenVPN controls the interface configuration If this method is is the OpenVPN server must be included as a device in either an interface or a bridge n The firewall zone to be used by the OpenVPN server n The IP network and subnet m...

Page 457: ...resses that the OpenVPN server will provide to clients n The TCP UDP port to use By default the TX54 device uses port 1194 n Access control list configuration to restrict access to the OpenVPN server through the firewall n Additional OpenVPN parameters WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration T...

Page 458: ...server will use when providing IP addresses to clients The default is from 80 to 99 7 Optional Set the VPN port that the OpenVPN server will use The default is 1194 8 For Server managed certificates determine the method of certificate management If enabled the server will manage certificates If not enabled certificates must be created externally and added to the server 9 If Server managed certific...

Page 459: ...v6 address or network that can access the device s service type Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the service type d Click again to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the TX54 device a Click...

Page 460: ...d Also known as routing mode Each OpenVPN client is assigned a different IP subnet from the OpenVPN server and other OpenVPN clients OpenVPN clients use Network Address Translation NAT to route traffic from devices connected on its LAN interfaces to the OpenVPN server n TAP OpenVPN managed Also know as bridging mode A more advanced implementation of OpenVPN The TX54 device creates an OpenVPN inter...

Page 461: ...ctive routes match a destination the route with the lowest metric will be used config vpn openvpn server name metric value config vpn openvpn server name where value is an interger between 0 and 65535 The default is 0 d Optional Set the range of IP addresses that the OpenVPN server will use when providing IP addresses to clients i Set the first address in the range limit config vpn openvpn server ...

Page 462: ...uthentication type config vpn openvpn server name authentication value config vpn openvpn server name where value is one of n cert Uses only certificates for client authentication Each client requires a public and private key n passwd Uses a username and password for client authentication You must create an OpenVPN authentication group and user See Configure an OpenVPN Authentication Group and Use...

Page 463: ...r example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the service type Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config vpn openvpn server name add acl address6 end value config vpn openvpn server name Where value can be l A single IP address or host name l A network designation in CIDR notation for e...

Page 464: ...keyword Display a list of available firewall zones Type firewall zone at the config prompt config vpn openvpn server name firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external hotspot internal ipsec loopback setup config vpn openvpn server name Repeat this step ...

Page 465: ...e configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure an OpenVPN Authentication Group and User If username and password authentication is used for the OpenVPN server you must create an OpenVPN authentication group and user See Configure an OpenVPN server for information about configuring an OpenVPN server to use username and password a...

Page 466: ...group for example OpenVPN_Group and click The new authentication group configuration is displayed c Click OpenVPN access to enable OpenVPN access rights for users of this group d Click to expand the OpenVPN node e Click to add a tunnel f For Tunnel select an OpenVPN tunnel to which users of this group will have access g Repeat to add additional OpenVPN tunnels ...

Page 467: ...word for the user This password is used for local authentication of the user You can also configure the user to use RADIUS or TACACS authentication by configuring authentication methods See User authentication methods for information d Click to expand the Groups node e Click to add a group to the user f Select a Group with OpenVPN access enabled 5 Click Apply to save the configuration and apply th...

Page 468: ...for users of this group config auth group OpenVPN_Group acl openvpn enable true 5 Add an OpenVPN tunnel to which users of this group will have access a Determine available tunnels config auth group OpenVPN_Group vpn openvpn server Servers A list of openvpn servers Additional Configuration OpenVPN_server1 OpenVPN server config auth group OpenVPN_Group b Add a tunnel config auth group OpenVPN_Group ...

Page 469: ...he OpenVPN client n The login credentials for the OpenVPN client if configured on the OpenVPN server See Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click VPN OpenVP...

Page 470: ... be used 9 Optional For Username and Password type the login credentials as configured on the OpenVPN server 10 For OVPN file paste the content of the client ovpn file 11 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection...

Page 471: ...ll be used config vpn openvpn client name metric value config vpn openvpn client name where value is an interger between 0 and 65535 The default is 0 6 Optional Set the login credentials as configured on the OpenVPN server config vpn openvpn client name username value config vpn openvpn client name password value config vpn openvpn client name 7 Paste the content of the client ovpn file into the v...

Page 472: ...rtificate usually in a ca crt file l The Public key for example client crt l The Private key for example client key Additional configuration items n The route metric for the OpenVPN client n The login credentials for the OpenVPN client if configured on the OpenVPN server n Additional OpenVPN parameters See Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery...

Page 473: ... client 9 Optional Select the Metric for the OpenVPN client If multiple active routes match a destination the route with the lowest metric will be used 10 Optional For Username and Password type the login credentials as configured on the OpenVPN server 11 For VPN server IP type the IP address of the OpenVPN server 12 Optional Set the VPN port used by the OpenVPN server The default is 1194 13 Paste...

Page 474: ...t the command line type config to enter configuration mode config config 3 At the config prompt type config add vpn openvpn client name config vpn openvpn client name where name is the name of the OpenVPN server The OpenVPN client is enabled by default To disable the client type config vpn openvpn client name enable false config vpn openvpn client name 4 The default behavior is to use an OVPN file...

Page 475: ... Optional Set the login credentials as configured on the OpenVPN server config vpn openvpn client name username value config vpn openvpn client name password value config vpn openvpn client name 9 Set the IP address of the OpenVPN server config vpn openvpn client name server ip_address config vpn openvpn client name 10 Optional Set the port used by the OpenVPN server config vpn openvpn client name...

Page 476: ...l OpenVPN parameters config vpn openvpn client name advanced_options extra parameters config vpn openvpn client name 15 Save the configuration and apply the change config save Configuration saved 16 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure SureLink active recovery for ...

Page 477: ... a probe attempt before considering it to have failed To configure the TX54 device to regularly probe the OpenVPN connection WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click VPN OpenVPN Clients 4 Create a new OpenVPN client or select an existing one n To cr...

Page 478: ...or seconds and take the format number w d h m s For example to set Interval to ten minutes enter 10m or 600s The default is 15 minutes 10 For Success condition determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets 11 For Attempts type the number of probe attempts before the WAN is considered to have failed 12 For Response timeou...

Page 479: ...ding a DNS query to the specified DNS server n HTTP test Tests connectivity by sending an HTTP or HTTPS GET request to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this interface Tests connectivity by sending a DNS query to the DNS servers configured for this interface n Test the interface status The interface is consider...

Page 480: ...covery config vpn openvpn client openvpn_client1 surelink enable true config vpn openvpn client openvpn_client1 5 To configure the device to restart the interface when its connection is considered to have failed config vpn openvpn client openvpn_client1 surelink restart true config vpn openvpn client openvpn_client1 This is useful for interfaces that may regain connectivity after restarting such a...

Page 481: ...vpn client openvpn_client1 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set timeout to ten minutes enter either 10m or 600s config vpn openvpn client openvpn_client1 surelink timeout 600s config vpn openvpn client openvpn_client1 The default is 15 seconds 11 Configure test targets a Add a test target config vpn openvpn client...

Page 482: ...pn client openvpn_client1 surelink target 0 http_url value config vpn openvpn client openvpn_client1 surelink target 0 where value uses the format http s hostname path n interface_up The interface is considered to be down based on the interfaces down time and the amount of time an initial connection to the interface takes before this test is considered to have failed l Optional Set the amount of t...

Page 483: ...lient1 surelink target 0 The default is 60 seconds l other Allows you to test another interface s status to create a failover or coupled relationship between interfaces config vpn openvpn client openvpn_client1 surelink target 0 other value config vpn openvpn client openvpn_client1 surelink target 0 If other is set o Set the alternate interface to be tested i Use the to determine available interfa...

Page 484: ...fig vpn openvpn client openvpn_client1 surelink target 0 where value is either up or down For example if other_status is set to down but the alternate interface is determined to be up then this test will fail 12 Save the configuration and apply the change config vpn openvpn client openvpn_client1 connection_monitor target 0 save Configuration saved 13 Type exit to exit the Admin CLI Depending on y...

Page 485: ...tun internal 192 168 30 1 24 1194 OpenVPN_server2 false tun internal 192 168 40 1 24 1194 3 To display details about a specific server show openvpn server name OpenVPN_server1 Server OpenVPN_server1 Enable true Type tun Zone internal IP Address 192 168 30 1 24 Port 1194 Use File true Metric 0 Protocol udp First IP 80 Last IP 99 4 Type exit to exit the Admin CLI Depending on your device configurati...

Page 486: ... the following at the prompt show openvpn client all Client Enable Status Username Use File Zone OpenVPN_Client1 true connected true internal OpenVPN_Client2 true pending true internal 3 To display details about a specific client show openvpn client name OpenVPN_client1 Client OpenVPN_client1 Enable true Status up Username user1 IP address 123 122 121 120 Remote 120 121 122 123 MTU 1492 Zone inter...

Page 487: ...RE tunnel Configuring a GRE tunnel involves the following items Required configuration items n A GRE loopback endpoint interface n GRE tunnel configuration l Enable the GRE tunnel The GRE tunnels are enabled by default l The local endpoint interface l The IP address of the remote device peer Additional configuration items n A GRE key n Enable the device to respond to keepalive packets Task One Cre...

Page 488: ...expand IPv4 10 For Address enter the IP address and subnet mask of the local GRE endpoint for example 10 10 1 1 24 11 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the com...

Page 489: ...GRE endpoint s IP address and subnet mask to 10 10 1 1 24 config network interface gre_interface ipv4 address 10 10 1 1 24 config network interface gre_interface 7 Save the configuration and apply the change config network interface gre_interface save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type...

Page 490: ... Cisco GRE keepalive packets 10 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add the GRE endpoint...

Page 491: ...mote ip_address config vpn iptunnel gre_example 6 Optional Set a key that will be inserted in GRE packets created by this tunnel The key must match the key set by the remote endpoint config vpn iptunnel gre_example key value config vpn iptunnel gre_example where value is an interger between 0 and 4294967295 or an IP address 7 Optional Enable the device to reply to Cisco GRE keepalive packets confi...

Page 492: ...iew information about currently configured GRE tunnels WebUI 1 Log into the TX54 WebUI as a user with Admin access 2 On the menu click Status IP tunnels The IP Tunnelspage appears 3 To view configuration details about a GRE tunnel click the configuration icon in the upper right of the tunnel s status pane ...

Page 493: ... 0 2 32 2 Create an IPsec endpoint interface named ipsec_endpoint1 a Zone set to Internal b Device set to Ethernet Loopback c IPv4 Address set to the IP address of the local GRE tunnel 172 30 0 1 32 3 Create a GRE tunnel named gre_tunnel1 a Local endpoint set to the IPsec endpoint interface Interface ipsec_endpoint1 b Remote endpoint set to the IP address of the GRE tunnel on TX54 2 172 30 0 2 4 C...

Page 494: ...set to the IP address of the GRE tunnel on TX54 1 172 30 0 1 4 Create an interface named gre_interface2 and add it to the GRE tunnel a Zone set to Internal b Device set to IP tunnel gre_tunnel2 c IPv4 Address set to a virtual IP address on the GRE tunnel 172 31 1 1 30 Configuration procedures Configure the TX54 1 device Task one Create an IPsec tunnel WebUI 1 Log into the TX54 WebUI as a user with...

Page 495: ...r Type select Custom network 13 For Address type the IP address and subnet of the local GRE tunnel 172 30 0 1 32 14 For Remote network type the IP address and subnet of the remote GRE tunnel 172 30 0 2 32 15 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may ...

Page 496: ...licy end config vpn ipsec tunnel ipsec_gre1 policy 0 7 Set the local network policy type to custom config vpn ipsec tunnel ipsec_gre1 policy 0 local type custom config vpn ipsec tunnel ipsec_gre1 policy 0 8 Set the local network address to the IP address and subnet of the local GRE tunnel 172 30 0 1 32 config vpn ipsec tunnel ipsec_gre1 policy 0 local custom 172 30 0 1 32 config vpn ipsec tunnel i...

Page 497: ...nt interface WebUI 1 Click Network Interface 2 For Add Interface type ipsec_endpoint1 and click 3 For Zone select Internal 4 For Device select Ethernet loopback 5 Click to expand IPv4 6 For Address type the IP address of the local GRE tunnel 172 30 0 1 32 7 Click Apply to save the configuration and apply the change ...

Page 498: ...k device loopback config network interface ipsec_endpoint1 device network device loopback config network interface ipsec_endpoint1 5 Set the IPv4 address to the IP address of the local GRE tunnel 172 30 0 1 32 config network interface ipsec_endpoint1 ipv4 address 172 30 0 1 32 config network interface ipsec_endpoint1 6 Save the configuration and apply the change config vpn ipsec tunnel ipsec_endpo...

Page 499: ...nnel1 config vpn iptunnel gre_tunnel1 3 Set the local endpoint to the IPsec endpoint interface created in Task two network interface ipsec_endpoint1 config vpn iptunnel gre_tunnel1 local network interface ipsec_ endpoint1 config vpn iptunnel gre_tunnel1 4 Set the remote endpoint to the IP address of the GRE tunnel on TX54 2 172 30 0 2 config vpn iptunnel gre_tunnel1 remote 172 30 0 2 config vpn ip...

Page 500: ...ick 3 For Zone select Internal 4 For Device select the GRE tunnel created in Task three IP tunnel gre_tunnel1 5 Click to expand IPv4 6 For Address type 172 31 0 1 30 for a virtual IP address on the GRE tunnel 7 Click Apply to save the configuration and apply the change Command line 1 At the command line type config to enter configuration mode config config ...

Page 501: ...ce gre_interface1 5 Set 172 31 0 1 30 as the virtual IP address on the GRE tunnel config network interface gre_interface1 ipv4 address 172 31 0 1 30 config network interface gre_interface1 6 Save the configuration and apply the change config network interface gre_interface1 save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with a...

Page 502: ...t was configured for the TX54 1 testkey 7 Click to expand Remote endpoint 8 For Hostname type public IP address of the TX54 1 device 9 Click to expand Policies 10 For Add Policy click to add a new policy 11 Click to expand Local network 12 For Type select Custom network 13 For Address type the IP address and subnet of the local GRE tunnel 172 30 0 2 32 14 For Remote network type the IP address and...

Page 503: ...unnel ipsec_gre2 4 Set the pre shared key to the same pre shared key that was configured for the TX54 1 testkey config vpn ipsec tunnel ipsec_gre2 auth secret testkey config vpn ipsec tunnel ipsec_gre2 5 Set the remote endpoint to public IP address of the TX54 1 device config vpn ipsec tunnel ipsec_gre2 remote hostname 192 168 100 1 config vpn ipsec tunnel ipsec_gre2 6 Add a policy config vpn ipse...

Page 504: ... GRE tunnel 172 30 0 1 32 config vpn ipsec tunnel ipsec_gre2 policy 0 remote network 172 30 0 1 32 config vpn ipsec tunnel ipsec_gre2 policy 0 10 Save the configuration and apply the change config vpn ipsec tunnel ipsec_gre2 policy 0 save Configuration saved Task two Create an IPsec endpoint interface WebUI 1 Click Network Interfaces 2 For Add Interface type ipsec_endpoint2 and click 3 For Zone se...

Page 505: ...k interface ipsec_endpoint2 3 Set the zone to internal config network interface ipsec_endpoint2 zone internal config network interface ipsec_endpoint2 4 Set the device to network device loopback config network interface ipsec_endpoint2 device network device loopback config network interface ipsec_endpoint2 5 Set the IPv4 address to the IP address of the local GRE tunnel 172 30 0 2 32 config networ...

Page 506: ...figuration and apply the change Command line 1 At the command line type config to enter configuration mode config config 2 Add a GRE tunnel named gre_tunnel2 config add vpn iptunnel gre_tunnel2 config vpn iptunnel gre_tunnel2 3 Set the local endpoint to the IPsec endpoint interface created in Task two network interface ipsec_endpoint2 config vpn iptunnel gre_tunnel2 local network interface ipsec_ ...

Page 507: ...r Create an interface for the GRE tunnel device WebUI 1 Click Network Interfaces 2 For Add Interface type gre_interface2 and click 3 For Zone select Internal 4 For Device select the GRE tunnel created in Task three IP tunnel gre_tunnel2 5 Click to expand IPv4 6 For Address type 172 31 1 1 30 for a virtual IP address on the GRE tunnel 7 Click Apply to save the configuration and apply the change ...

Page 508: ...e gre_interface2 5 Set 172 31 0 1 30 as the virtual IP address on the GRE tunnel config network interface gre_interface2 ipv4 address 172 31 1 1 30 config network interface gre_interface2 6 Save the configuration and apply the change config network interface gre_interface2 save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an...

Page 509: ...rs l L2TP network server port l The username and password of the L2TP server l The metric for the tunnel l Enable custom PPP configuration options for the tunnel o Whether to override the default configuration and only use the custom options o Optional configuration data in the format of a pppd options file l SureLink options for the tunnel n For L2TP network servers l The Authentication method l ...

Page 510: ... to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s service type Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that ca...

Page 511: ...f the custom configuration should override the default configuration and only use the custom options iii For Configuration file paste or type the configuration data in the format of a pppd options file k For SureLink see Configure SureLink active recovery for PPP over L2TP 7 To add an L2TP network server a Click to expand L2TP network servers b For Add L2TP network server type a name for the LNS a...

Page 512: ...ed by packet filtering rules and access control lists to restrict network traffic on the tunnel k Optional Custom PPP configuration i Enable custom PPP configuration ii Enable Override if the custom configuration should override the default configuration and only use the custom options iii For Configuration file paste or type the configuration data in the format of a pppd options file 8 Click Appl...

Page 513: ...A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the service type Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the TX54 device config add vpn l2tp acl interface end value config Where value is an interface defined on...

Page 514: ... Configuration any dynamic_routes edge external hotspot internal ipsec loopback setup config Repeat this step to list additional firewall zones 5 To add an L2TP access concentrator a Add an LAC config add vpn l2tp lac name config add vpn l2tp lac name where name is the name of the LAC For example to add an LAC named lac_tunnel config add vpn l2tp lac lac_tunnel config vpn l2tp lac lac_tunnel LACs ...

Page 515: ...et the metric for the tunnel config vpn l2tp lac lac_tunnel metric int config vpn l2tp lac lac_tunnel where int is an integer between 0 and 65535 The default is 1 g Set the firewall zone for the tunnel This is used by packet filtering rules and access control lists to restrict network traffic on the tunnel i Use the to determine available zones config vpn l2tp lac lac_tunnel zone Zone The firewall...

Page 516: ...er L2TP 6 To add an L2TP network server a Add an LNS config add vpn l2tp lns name config add vpn l2tp lac name where name is the name of the LNS For example to add an LNS named lns_server config add vpn l2tp lns lns_server config vpn l2tp lns lns_server LACs are enabled by default To disable config vpn l2tp lns lns_server enable false config vpn l2tp lns lns_server b Set the IP address of the L2TP...

Page 517: ...Username and Password required to authenticate config vpn l2tp lns lns_server username username config vpn l2tp lns lns_server password password config vpn l2tp lns lns_server The default is none f Optional Set the metric for the tunnel config vpn l2tp lns lns_server metric int config vpn l2tp lns lns_server where int is an integer between 0 and 65535 The default is 1 g Set the firewall zone for t...

Page 518: ...onfig vpn l2tp lns lns_server custom config_file data config vpn l2tp lns lns_server 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure SureLink active recovery for PPP over L2TP You can configure th...

Page 519: ...for a response to a probe attempt before considering it to have failed To configure the TX54 device to regularly probe the PPP over L2TP connection WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click VPN PPP over L2TP 4 Create a new PPP over L2TP access concat...

Page 520: ...minutes or seconds and take the format number w d h m s For example to set Interval to ten minutes enter 10m or 600s The default is 15 minutes 10 For Success condition determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets 11 For Attempts type the number of probe attempts before the WAN is considered to have failed 12 For Respons...

Page 521: ...ing a DNS query to the specified DNS server n HTTP test Tests connectivity by sending an HTTP or HTTPS GET request to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this interface Tests connectivity by sending a DNS query to the DNS servers configured for this interface n Test the interface status The interface is considere...

Page 522: ...fig vpn l2tp lac lac_tunnel 4 Enable active recovery config vpn l2tp lac lac_tunnel surelink enable true config vpn l2tp lac lac_tunnel 5 To configure the device to restart the interface when its connection is considered to have failed config vpn l2tp lac lac_tunnel surelink restart true config vpn l2tp lac lac_tunnel This is useful for interfaces that may regain connectivity after restarting such...

Page 523: ...ac_tunnel where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interval to ten minutes enter either 10m or 600s config vpn l2tp lac lac_tunnel surelink timeout 600s config vpn l2tp lac lac_tunnel The default is 15 seconds 11 Configure test targets a Add a test target config vpn l2tp lac lac_tunnel add surelink target end config v...

Page 524: ...th n interface_up The interface is considered to be down based on the interfaces down time and the amount of time an initial connection to the interface takes before this test is considered to have failed l Optional Set the amount of time that the interface can be down before this test is considered to have failed config vpn l2tp lac lac_tunnel surelink target 0 interface_down_time value config vp...

Page 525: ...Use the to determine available interfaces config vpn l2tp lac lac_tunnel surelink target 0 other_interface Interface The network interface Format network interface defaultip network interface defaultlinklocal network interface lan1 network interface lan_hotspot network interface loopback network interface wan1 network interface wwan1 network interface wwan2 Current value config vpn l2tp lac lac_tu...

Page 526: ...pport the configuration of IPsec protocol port traffic selectors This means that you cannot restrict traffic on the IPsec tunnel to L2TP traffic typically UDP port 1701 While multiple L2TP clients are supported on the TX54 by configuring a separate LNS for each client multiple clients behind a Network Address Translation NAT device are not supported because they will all appear to have the same IP...

Page 527: ...ls about a specific tunnel show l2tp lac name lac_test2 lac_test2 L2TP Access Concentrator Status Enabled true Status pending 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show the status of L2TP network servers from the Admin CLI 1 Log into the TX54 command line as a user with Adm...

Page 528: ...ion 3 L2TPv3 static unmanaged Ethernet tunnels Configure an L2TPv3 tunnel Your TX54 device supports Layer 2 Tunneling Protocol Version 3 L2TPv3 static unmanaged Ethernet tunnels Required configuration items n A name for the L2TPv3 tunnel n Enable the tunnel n The remote endpoint IP address n The local endpoint IP address n The session ID n The peer session ID Additional configuration items n Encap...

Page 529: ...ct either UDP or IP If UDP is selected a For UDP source port type the number of the source UDP port to be used for the tunnel b For UDP destination port type the number of the destination UDP port to be used for the tunnel c Optional Click to enable UDP checksum to calculate and check the UDP checksum 10 Click to expand Sessions a For Add Sesssion type a name for a session carried by the parent tu...

Page 530: ...dmin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a L2TPv3 Ethernet tunnel For example to add a tunnel named L2TPv3_example config add vpn l2tpv3 L2TPv3_example config vpn l2tpeth L2TPv3_example The tunnel is enabled by defa...

Page 531: ...le where value is any integer between 1 and 4294967295 7 Set the tunnel ID of the remote peer config vpn l2tpeth L2TPv3_example peer_tunnel_id value config vpn l2tpeth L2TPv3_example where value is any integer between 1 and 4294967295 8 Optional Set the encapsulation type config vpn l2tpeth L2TPv3_example encapsulation value config vpn l2tpeth L2TPv3_example where value is either udp or ip The def...

Page 532: ...lue config vpn l2tpeth L2TPv3_example session_example Allowed value is 8 or 16 hex digits 13 Optional Set the cookie value of the remote peer config vpn l2tpeth L2TPv3_example session_example peer cookie value config vpn l2tpeth L2TPv3_example session_example Allowed value is 8 or 16 hex digits 14 Set the Layer2Specific header type This must match what is configured on the remote peer config vpn l...

Page 533: ...ation details about an L2TPV3 tunnel click the configuration icon in the upper right of the tunnel s status pane Command line 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 To display details about all configured L2TPv3 Ethernet tunnels type the following at ...

Page 534: ...the home agent on the mobile private network and the TX54 device isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management Dynamic Mobile Network Routing DMNR is the implementation of NEMO for Verizon Wireless Private Networks DMNR support requires the use of Verizon SIM cards that have DMNR enabled Configure a NEMO tunnel Con...

Page 535: ...for dual cellular models WWAN2 l If set to IP address enter the IP address n The local network of the GRE endpoint negotiated by NEMO l If the local network is set to Interface identify the local interface to be used WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed...

Page 536: ...al WAN interface of the internet facing network a For Type select the method to determine the local network interface that is used to communicate with the peer n If Default route is selected the network interface that is used will be the same as the default route n If Interface is selected specify the local network interface n If IP address is selected type the IP address The default is Default ro...

Page 537: ... carrier config vpn nemo nemo_example home_agent IPv4_address config vpn nemo nemo_example 6 Set the key used to authenticate to the home agent This is provided by your cellular carrier config vpn nemo nemo_example key value config vpn nemo nemo_example 7 Set the the number of seconds number of seconds until the authorization key expires This is provided by your cellular carrier config vpn nemo ne...

Page 538: ...ugh the network 11 Configure the Care of Address the local WAN interface of the internet facing network a Set the method to determine the Care of Address config vpn nemo nemo_example coaddress type value config vpn nemo nemo_example where value is one of n defaultroute Uses the same network interface as the default route n interface If interface is used set the interface i Use the to determine ava...

Page 539: ...o_example tun_local interface Interface The network interface to use to communicate with the peer Set this field to blank if using the default route Format defaultip defaultlinklocal lan1 lan_hotspot loopback wan1 wwan1 wwan2 Current value config vpn nemo nemo_example tun_local interface ii Set the interface For example config vpn nemo nemo_example tun_local interface wan1 config vpn nemo nemo_exa...

Page 540: ...nnel click the configuration icon in the upper right of the tunnel s status pane Command line 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 To display details about all configured NEMO tunnels type the following at the prompt show nemo NEMO Enable Status Add...

Page 541: ...time Actual 600 Local Network Subnet Status lan1 192 168 2 1 24 Advertized LAN2 192 168 3 1 24 Advertized 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 542: ... with key authentication 563 Configure telnet access 566 Configure DNS 571 Simple Network Management Protocol SNMP 578 Location information 585 Modbus gateway 619 System time 636 Network Time Protocol 640 Configure a multicast route 647 Ethernet network bonding 651 Enable service discovery mDNS 653 Use the iPerf service 657 Configure the ping responder service 662 TX54 User Guide 542 ...

Page 543: ...inistration or SSH service See Firewall configuration for information on zones n See Set the idle timeout for TX54 users for information about setting the inactivity timeout for the web administration and SSH services To allow web administration or SSH for the External firewall zone Add the External firewall zone to the web administration service WebUI 1 Log into the TX54 WebUI as a user with full...

Page 544: ...guration mode config config 3 Add the external zone to the web administration service config add service web_admin acl zone end external config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Add the Extern...

Page 545: ...te access for web administration and SSH TX54 User Guide 545 3 Click Configuration Services SSH Access Control List Zones 4 For Add Zone click 5 Select External 6 Click Apply to save the configuration and apply the change ...

Page 546: ...ce by using the WebUI a browser based interface By default the web administration service is enabled and uses the standard HTTPS port 443 The default access control for the service uses the Internal firewall zone which means that only devices connected to the TX54 s LAN can access the WebUI If this configuration is sufficient for your needs no further configuration is required See Allow remote acc...

Page 547: ...On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Web administration 4 Click Enable 5 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Ty...

Page 548: ...it to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the service WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Web administration 4 O...

Page 549: ... service d Click again to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the TX54 device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone clic...

Page 550: ... addition to TLS 1 2 and later protocols This option is disabled by default which means that only TLS 1 2 and later encryption protocols are allowed with HTTPS connections 9 View is set to Auto by default and normally should not be changed 10 Legacy port redirection is used to redirect client HTTP requests to the HTTPS service Legacy port redirection is enabled by default and normally these settin...

Page 551: ...d networks config add service web_admin acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the web administratrion service Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on...

Page 552: ...dditional Configuration any dynamic_routes edge external hotspot internal ipsec loopback setup config Repeat this step to list additional firewall zones 4 Optional If you have your own signed SSL certificate if you have your own signed SSL certificate set the certificate and private key by pasting their contents into the service web_ admin cert command Enclose the certificate and private key conte...

Page 553: ...5uwIYw 1fsnD8KDS43Wg57 far9fQ2MIHsgnoAGz w6PIKJR594y MfqQffDFNCh2lJY49F hOqEtA5B9TyXRKwoa3j lIC t5cpIBcCAwEAAaNTMFEwHQYDVR0OBBYEFDVtrWBH E1ZcBg9TRRxMn7chKYjXMB8GA1UdIwQYMBaAFDVtrWBHE1ZcBg9TRRxMn7chKYjX MA8GA1UdEwEB wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj mrgaKDNTspv9 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 Fw7GQNcYIKj aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81 bC8HJQfK9U80e vDV0...

Page 554: ...otocol that resolves host names in small networks that do not have a DNS server mDNS is enabled by default To disable mDNS or enable it if it has been disabled n To enable the mDNS protocol config service web_admin mdns enable true config n To disable the mDNS protocl config service web_admin mdns enable false config 6 Optional Set the port number for this service The default setting of 443 normal...

Page 555: ...ction config service web_admin legacy enable false config 9 Save the configuration and apply the change config save Configuration saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 556: ...re access control for the SSH service Additional configuration items n Port to use for communications with the SSH service n Multicast DNS mDNS support n A private key to use for communications with the SSH service n Create custom SSH configuration settings See Set the idle timeout for TX54 users for information about setting the inactivity timeout for the SSH service Enable or disable the SSH ser...

Page 557: ...ig 3 Enable or disable the SSH service n To enable the service config service ssh enable true config n To disable the sevice config service ssh enable false config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the d...

Page 558: ...n to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s SSH service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that ca...

Page 559: ... Override is enabled entries in Configuration file will be used in place of the standard SSH configuration n If Override is not enabled entries in Configuration file will be added to the standard SSH configuration d For Configuration file type configuration settings in the form of an OpenSSH sshd_config file For example to enable the diffie helman group sha 14 key exchange algorithm i Click Enable...

Page 560: ...lue can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the SSH service Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the TX54 device config add service ssh acl interface end value config Where value is an inter...

Page 561: ..._routes edge external hotspot internal ipsec loopback setup config Repeat this step to list additional firewall zones 4 Optional Set the private key in PEM format If not set the device will use an automatically generated key config service ssh key key pem config 5 Optional Configure Multicast DNS mDNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server mDNS ...

Page 562: ...uration n If override is set to false entries in Configuration file will be added to the standard SSH configuration The default is false c Set the configuration settings config service ssh custom config_file value config where value is one or more entires in the form of an OpenSSH sshd_config file For example to enable the diffie helman group sha 14 key exchange algorithm config service ssh custom...

Page 563: ... Linux host an SSH key pair is usually created automatically in the user s ssh directory The private and public keys are named id_rsa and id_rsa pub If you need to generate an SSH key pair you can use the ssh keygen application For example the following entry generates an RSA key pair in the user s ssh directory ssh keygen t rsa f ssh id_rsa The private key file is named id_rsa and the public key ...

Page 564: ...u can add configure passwordless SSH login for an existing user or include the support when creating a new user See User authentication for information about creating a new user These instructions assume an existing user named temp_user 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu ...

Page 565: ...er by pasting or typing a public encryption key that this user can use for passwordless SSH login 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 566: ...elnet service Additional configuration items n Port to use for communications with the telnet service n Multicast DNS mDNS support See Set the idle timeout for TX54 users for information about setting the inactivity timeout for the telnet service Enable the telnet service The telnet service is disabled by default To enable the service WebUI 1 Log into the TX54 WebUI as a user with full Admin acces...

Page 567: ... to enter configuration mode config config 3 Enable the telnet service config service telnet enable true config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the service WebUI 1 Log into the TX5...

Page 568: ...gain to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s telnet service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses t...

Page 569: ... configuration mode config config 3 Configure access control n To limit access to specified IPv4 addresses and networks config add service telnet acl address end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the telnet service Repeat this step to list additional...

Page 570: ...n1 WWAN1 wwan2 WWAN2 config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service telnet acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be refe...

Page 571: ...NS The TX54 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces and caches the results This server is used within the device and cannot be disabled Use the access control list to restrict external access to this server Required configuration items n Configure access control for the DNS service Additional configuration items...

Page 572: ...etwork designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the DNS service d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s DNS service Allowed values are ...

Page 573: ...tection if enabled prevents upstream DNS servers from returning private IP addresses To enable click Rebind protection 8 Optional Allow localhost rebinding is enabled by default if Rebind protection is enabled This is useful for Real time Black List RBL servers 9 Optional To add additional DNS servers a Click DNS servers b For Add Server click c Optional Enter a label for the DNS server d For DNS ...

Page 574: ...config add service dns acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the DNS service Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the TX54 device config add servi...

Page 575: ...utes edge external hotspot internal ipsec loopback setup config Repeat this step to list additional firewall zones 4 Optional Cache negative responses By default the device s DNS server caches negative responses Disabling this option may improve performance on networks with transient DNS results when one or more DNS servers may have positive results To disable config service dns cache_negative_res...

Page 576: ...r 0 b Set the IP address of the DNS server config service dns server 0 address ip addr config service dns server 0 c To restrict the device s use of this DNS server based on the domain use the domain command If no domain are listed then all queries may be sent to this server config service dns server 0 domain domain config service dns server 0 d Optional Set a label for this DNS server config serv...

Page 577: ... Command line Show DNS information 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the show dns command at the system prompt show dns Interface Label Server Domain wan1 192 168 3 1 wan1 fd00 2704 1 wan1 fe80 227 4ff fe2b ae12 wan1 fe80 227 4ff fe44 105b wa...

Page 578: ...t if you want a TX54 device to receive SNMP packets you must configure the SNMP access control list to allow the device to receive the packets See Configure Simple Network Management Protocol SNMP Configure Simple Network Management Protocol SNMP Required configuration items n Enable SNMP n Firewall configuration using access control to allow remote connections to the SNMP agent n The user name an...

Page 579: ...ses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s SNMP agent Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the SNMP agent d Click...

Page 580: ... used 12 Optional Select the Privacy protocol either DES or AES The default is DES 13 Optional Click Enable version 2c access to enable read only access to SNMP version 2c 14 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selec...

Page 581: ...erface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP lan1 LAN1 loopback Loopback wan1 WAN1 wwan1 WWAN1 wwan2 WWAN2 config Repeat this step to list additional inter...

Page 582: ...sword pwd config 7 Optional Set the port number for the SNMP agent The default is 161 config service snmp port port config 8 Optional Configure Multicast DNS mDNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server For the SNMP agent mDNS is disabled by default To enable config service snmp mdns enable true config 9 Optional Set the authentication type Allow...

Page 583: ...ection menu Type quit to disconnect from the device Download MIBs This procedure is available from the WebUI only Required configuration items n Enable SNMP To download a zip archive of the SNMP MIBs supported by this device WebUI 1 Log into the TX54 WebUI as a user with Admin access 2 Enable SNMP See Configure Simple Network Management Protocol SNMP for information about enabling and configuring ...

Page 584: ...Services Simple Network Management Protocol SNMP TX54 User Guide 584 4 Click Download ...

Page 585: ...GNSS module and the external dead reckoning USB GNSS receiver are enabled You can also configure your TX54 device to forward location messages either from the TX54 device or from external sources to a remote host Additionally the device can be configured to use a geofence to allow you to determine actions that will be taken based on the physical location of the device This section contains the fol...

Page 586: ...een disabled click Enable 5 For Location update interval type the amount of time to wait between polling location sources for new location data The default is ten seconds Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Location update interval to ten minutes enter 10m or 600s 6 For information about configuring Location s...

Page 587: ...to the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable or disable the GNSS module n To enable the module config service location gnss true config n To disable the module config ser...

Page 588: ...en disabled Note In order for the internal GNSS module to be able to provide location information you must connect an antenna to the GNSS antenna connector WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Location Location sources gnss 4 Click Enab...

Page 589: ...imum number of satellites for navigation Allowed values are 3 through 24 The default is 18 10 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to...

Page 590: ...enable_attenuation false config 6 Set the minimum satellite signal level for navigation config service location source 1 min_cno int config Where int is an integer between 1 and 6 The default is 6 7 Set the minimum number of satellites for navigation config service location source 1 min_satellites int config Where int is an integer between 1 and 12 The default is 3 8 Set the maximum number of sate...

Page 591: ... on the TX54 and it will begin providing location information To disable support for the external GNSS receiver or enable it if it has been disabled WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Location Location sources usb 4 Click Enable the l...

Page 592: ...disable the USB module a Use the show command to determine the index number of the USB location source config show service location source 0 enable true no label type usb 1 enable true no label type gnss config b Use the index number to enable or disable the module n To enable the module config service location source 0 enable true config n To disable the module config service location source 0 en...

Page 593: ...figuration window is displayed 3 Click Services Location Location sources 4 Click to add a location source 5 Optional Type a Label for this location source 6 For Latitude type the latitude of the device Allowed values are 90 and 90 with up to six decimal places 7 For Longitude type the longitude of the device Allowed values are 180 and 180 with up to six decimal places 8 For Altitude type the alti...

Page 594: ...ation source 2 6 Set the latitude of the device config service location source 2 coordinates latitude int config service location source 2 where int is any integer between 90 and 90 with up to six decimal places 7 Set the longitude of the device config service location source 2 coordinates longitude int config service location source 2 where int is any integer between 180 and 180 with up to six de...

Page 595: ...d to listen for incoming messages Required configuration items n The location server must be enabled n UDP port that the TX54 device will listen to for incoming location messages n Access control list configuration to provide access to the port through the firewall To configure the device to accept location messages from external sources WebUI 1 Log into the TX54 WebUI as a user with full Admin ac...

Page 596: ... designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the location server UDP port d Click again to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the TX54 device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click agai...

Page 597: ...cified IPv4 addresses and networks config add service location source 2 acl address end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the location server UDP port Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 ad...

Page 598: ...1 wwan2 WWAN2 config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service location source 2 acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be ...

Page 599: ... The destination port on the remote host to which the messages will be forwarded n Message protocol type of the messages being forwarded either NMEA or TAIP Additional configuration items n Additional remote hosts to which the location messages will be forwarded n Location update interval which determines how often the device will forward location information to the remote hosts n A description of...

Page 600: ...e Location update interval 10 For NMEA filters select the filters that represent the types of messages that will be forwarded By default all message types are forwarded n To remove a filter a Click the down arrow next to the appropriate message type b Click Delete n To add a message type a For Add NMEA filter or Add TAIP filter click b Select the filter type Allowed values are l GGA Reports time p...

Page 601: ...nces will use the configured ID The default setting is Default which means that the talker ID provided by the source will be used 13 Optional For Prepend text enter text to prepend to the forwarded message Two variables can be included in the prepended text n s Includes the TX54 device s serial number in the prepended text n v Includes the vehicle ID in the prepended text For example to include bo...

Page 602: ...ion data to this server See Configure the location service for more information about setting the Location update interval config service location forward 0 interval_multiplier int config service location forward 0 8 Set the protocol type for the messages Allowed values are taip or nmea the default is taip config service location forward 0 type nmea config service location forward 0 n Optional If ...

Page 603: ...A3 or 1234 If no vehicle ID is configured this setting defaults to 0000 config service location forward 0 vehicle id 1234 config service location forward 0 11 Optional Provide a description of the remote host config service location forward 0 label Remote host 1 config service location forward 0 12 Optional Specify types of messages that will be forwarded Allowed values vary depending on the messa...

Page 604: ... config service location forward 0 filter_nmea add gsa end config service location forward 0 filter_nmea n If the message protocol type is TAIP Allowed values are l al Reports altitude and vertical velocity l cp Compact position reports time latitude and longitude l id Reports the vehicle ID l ln Long navigation reports the latitude longitude and altitude the horizontal and vertical speed and head...

Page 605: ...tion forward 0 filter_taip b Use the add command to add the message type For example to add the id message type config service location forward 0 filter_taip add id end config service location forward 0 filter_taip 13 Save the configuration and apply the change config save Configuration saved 14 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Acc...

Page 606: ...x polygons can be defined n Actions that will be taken when the device s location triggers a geofence event You can define actions for two types of events l Actions taken when the device enters the boundary of the geofence or is inside the boundary when the device boots l Actions taken when the device exits the boundary of the geofence or is outside the boundary when the device boots For each even...

Page 607: ...ount of time that the geofence should wait between polling for updated location data The default is one minute Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Update interval to ten minutes enter 10m or 600s 6 For Boundary type select the type of boundary that the geofence will have n If Circular is selected a Click to ex...

Page 608: ...lues are l For Latitude any integer between 90 and 90 with up to six decimal places l For Longitude any integer between 180 and 180 with up to six decimal places d Click again to add an additional point and continue adding points to create the desired polygon For example to configure a square polygon around the Digi headquarters configure a polygon with four points This defines a square shaped pol...

Page 609: ...tom script ii For Commands type the script that will be executed when the action is triggered If the script begins with then the proceeding file path will be used to invoke the script interpreter If not then the default shell will be used iii Enable Log script output to log the output of the script to the system log iv Enable Log script errors to log errors from the script to the system log v Opti...

Page 610: ...ted i Click to expand Custom script ii For Commands type the script that will be executed when the action is triggered If the script begins with then the proceeding file path will be used to invoke the script interpreter If not then the default shell will be used iii Enable Log script output to log the output of the script to the system log iv Enable Log script errors to log errors from the script...

Page 611: ...default To disable config service location geofence test_geofence enable false config service location geofence test_geofence 4 Set the amount of time that the geofence should wait between polling for updated location data config service location geofence test_geofence update_interval value config service location geofence test_geofence where value is any number of weeks days hours minutes or seco...

Page 612: ...ius config service location geofence test_geofence where radius is an integer followed by m or km for example 100m or 1km n If boundary is set to polygonal a Set the coordinates of one vertex of the polygon A vertex is the point at which two sides of a polygon meet i Add a vertex config service location geofence test_geofence add coordinates end config service location geofence test_geofence coord...

Page 613: ...s config service location geofence test_geofence add coordinates end config service location geofence test_geofence coordinates 0 latitude 44 927220 config service location geofence test_geofence coordinates 0 longitude 93 399200 config service location geofence test_geofence coordinates 0 config service location geofence test_geofence coordinates add end config service location geofence test_geof...

Page 614: ...nside the geofence when it boots a Optional Configure the device to preform the actions if the device is inside the geofence when it boots config service location geofence test_geofence on_entry bootup true config b Set the number of update_intervals that must take place prior to performing the actions config service location geofence test_geofence on_entry num_ intervals int config For example if...

Page 615: ...0 commands script config service location geofence test_geofence on_entry action 0 If the script begins with then the proceeding file path will be used to invoke the script interpreter If not then the default shell will be used ii To log the output of the script to the system log config service location geofence test_geofence on_entry action 0 syslog_stdout true config service location geofence te...

Page 616: ...peat for any additional actions n To define actions that will be taken when the device exits the geofence or is outside the geofence when it boots a Optional Configure the device to preform the actions if the device is outside the geofence when it boots config service location geofence test_geofence on_exit bootup true config b Set the number of update_intervals that must take place prior to perfo...

Page 617: ... path will be used to invoke the script interpreter If not then the default shell will be used ii To log the output of the script to the system log config service location geofence test_geofence on_exit action 0 syslog_stdout true config service location geofence test_geofence on_exit action 0 iii To log the errors from the script to the system log config service location geofence test_geofence on...

Page 618: ...on saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show location information You can view status and statistics about location information from either the WebUI or the command line WebUI 1 Log into the TX54 WebUI as a user with Admin access 2 On the main menu click Status 3 Und...

Page 619: ...LI 2 Use the show location geofence command at the system prompt show location geofence Geofence Status State Transitions Last Transition test_geofence Up Inside 0 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Modbus gateway The TX54 supports the ability to function as a Modbus gat...

Page 620: ...ection type is serial o The serial port to be used l Modbus address or addresses to determine if messages should be forwarded to a destination device Additional configuration items n Server configuration l The packet mode l The maximum time between bytes in a packet l If the connection type is set to socket o The port to use o The inactivity timeout o Access control list l If the connection type i...

Page 621: ...h full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Modbus Gateway 4 Click Enable to enable the gateway 5 Click Debug to allow verbose logging in the system log Configure gateway servers 1 Click to expand Gateway Servers 2 For Add Modbus server type a name for the server and click The new Modbus...

Page 622: ... and take the format number ms s For example to set Packet idle gap to 20 milliseconds enter 20ms 7 If Connection type is set to Socket for Inactivity timeout type the amount of time to wait before disconnecting the socket when it has become inactive Allowed values are any number of minutes or seconds up to a maximum of 15 minutes and take the format number m s For example to set Inactivity timeou...

Page 623: ...s to hosts connected through a specified interface on the TX54 device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See Firewall co...

Page 624: ...on type is set to Socket for Inactivity timeout type the amount of time to wait before disconnecting the socket when it has become inactive Allowed values are any number of minutes or seconds up to a maximum of 15 minutes and take the format number m s For example to set Inactivity timeout to ten minutes enter 10m or 600s 8 Optional If Connection type is set to Serial click Half duplex to enable h...

Page 625: ...ded to a destination device If the Modbus address in the message matches one or more of the filters the message is forwarded If it does not match the filters the message is not forwarded 13 For Address or address range type a Modbus address or range of addresses Allowed values are 1 through 255 or a hyphen separated range For example to have this client filter for incoming messages that contain th...

Page 626: ...eat these steps to configure additional clients 17 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 E...

Page 627: ...e port is an integer between 1 and 65535 The default is 502 iii Set the packet mode config service modbus_gateway server test_modbus_server socket packet_mode value config service modbus_gateway server test_modbus_server where value is either rtu or raw The default is rtu iv Set the maximum allowable time between bytes in a packet config service modbus_gateway server test_modbus_server socket idle...

Page 628: ...odbus_ server ii Set the port config service modbus_gateway server test_modbus_ server serial port config service modbus_gateway server test_modbus_ server ii Set the packet mode config service modbus_gateway server test_modbus_server serial packet_mode value config service modbus_gateway server test_modbus_server where value is either rtu or ascii The default is rtu iii Set the maximum allowable ...

Page 629: ...way client test_modbus_client The Modbus client is enabled by default To disable config service modbus_gateway client test_modbus_client enable false config service modbus_gateway client test_modbus_client c Set the connection type config service modbus_gateway client test_modbus_client connection_ type type config service modbus_gateway client test_modbus_client where type is either socket or ser...

Page 630: ...config service modbus_gateway client test_modbus_client inactivity_timeout value config service modbus_gateway client test_modbus_client where value is any number of minutes or seconds up to a maximum of 15 minutes and takes the format number m s For example to set inactivity_timeout to ten minutes enter either 10m or 600s config service modbus_gateway client test_modbus_client inactivity_timeout ...

Page 631: ...nt test_modbus_client where value is any number between 10 milliseconds and one second and take the format number ms s For example to set idle_gap to one second enter 1000ms or 1s iv Optional Enable half duplex two wire mode config service modbus_gateway client test_modbus_client serial half_duplex true config service modbus_gateway client test_modbus_client d Optional Enable the gateway to send b...

Page 632: ...set the index 0 entry to 20 30 config service modbus_gateway client test_modbus_client filter 0 20 30 config service modbus_gateway client test_modbus_client To add additional filters increment the index number For example to add an additional filter for addresses in the range of 50 100 config service modbus_gateway client test_modbus_client filter 1 50 100 config service modbus_gateway client tes...

Page 633: ...er address address of 20 to the device with address 10 i Repeat the above instructions for additional clients 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show Modbus gateway status and statistics You ca...

Page 634: ...1 139 49568 13 Client Uptime modbus_socket_41 0 modbus_socket_21 0 modbus_serial_client 428 If the message Server connections not available is displayed this indicates that there are no connected clients 3 Use the show modbus gateway verbose command at the system prompt to display more information show modbus gateway verbose Client Uptime modbus_socket_41 0 modbus_socket_21 0 modbus_serial_client ...

Page 635: ...ts 0 TX Broadcasts 0 TX Requests 4 modbus_socket_21 Address Translation Errors 0 Connection Errors 0 Packet Errors 0 RX Responses 4 RX Timeouts 0 TX Broadcasts 0 TX Requests 4 modbus_serial_client Address Translation Errors 0 Connection Errors 0 Packet Errors 0 RX Responses 4 RX Timeouts 0 TX Broadcasts 0 TX Requests 4 4 Type exit to exit the Admin CLI Depending on your device configuration you ma...

Page 636: ...TX54 device can also be configured to serve as an NTP server providing NTP services to downstream devices See Network Time Protocol for more information about NTP server support You can also set the local date and time manually if there is no access to NTP servers See Manually set the system date and time for information Configure the system time This procedure is optional The TX54 device s defaul...

Page 637: ...er the hostname of the upstream NTP server that the device will use to synchronize its time d Click to add additional NTP servers If multiple servers are included servers are tried in the order listed until one succeeds Note This list is synchronized with the list of servers included with NTP server configuration and changes made to one will be reflected in the other See Configure the device as an...

Page 638: ...list of NTP servers The default setting is time devicecloud com n To delete the default NTP server time devicecloud com config del service ntp server 0 config n To add the NTP server to the beginning of the list use the index value of 0 to indicate that it should be added as the first server config add service ntp server 0 time server com config n To add the NTP server to the end of the list use t...

Page 639: ...P port 123 server 52 2 40 158 stratum 2 offset 0 000216 delay 0 05800 server 35 164 164 69 stratum 2 offset 0 000991 delay 0 07188 24 Aug 22 01 20 ntpdate 28496 adjust time server 52 2 40 158 offset 0 000216 sec NTP test sync successful Testing NTP server time accns com on UDP port 123 server 128 136 167 120 stratum 3 offset 0 001671 delay 0 08455 24 Aug 22 01 20 ntpdate 28497 adjust time server 1...

Page 640: ...3 03 10 16 23 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Network Time Protocol Network Time Protocol NTP enables devices connected on local and worldwide networks to synchronize their internal software and hardware clocks to the same time source The TX54 device can be configured...

Page 641: ...ting of UTC is not appropriate To configure the TX54 device s NTP service WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services NTP 4 Enable the TX54 device s NTP service by clicking Enable 5 Optional Configure the access control list to limit downstrea...

Page 642: ...ain to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones d Click again to allow access through additional firewall zones Note By default the access control list for the NTP service is empty which mean...

Page 643: ...cess selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable the ntp service config service ntp enable true config 4 Optional Add an upstream NTP server that the device will use to synchronize its time to the appropriate location in the list of NTP servers The default setting is time devicecloud com n To delete the defa...

Page 644: ...d networks config add service ntp acl address end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the NTP server agent Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config add service ntp ac...

Page 645: ...aces n To limit access based on firewall zones config add service ntp acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Con...

Page 646: ...vice This is used to adjust the time for log messages It also affects actions that occur at a specific time of day Format Africa Abidjan Africa Accra Africa Addis_Ababa config 9 Save the configuration and apply the change config save Configuration saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconne...

Page 647: ...3 570 1 561 0 991 128 136 167 120 128 227 205 3 3 u 153 1024 1 43 583 1 895 0 382 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure a multicast route Multicast routing allows a device to transmit data to a single multicast address which is then distributed to a group of devic...

Page 648: ... will send mutlicast packets to a Click to expand Destination interfaces b Click c For Destination interface select the interface d Repeat for additional destination interfaces 9 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access s...

Page 649: ...stream Format network interface defaultip network interface defaultlinklocal network interface lan1 network interface lan_hotspot network interface loopback network interface wan1 network interface wwan1 network interface wwan2 Current value config service multicast test src_interface b Set the interface For example config service multicast test src_interface network interface wan1 config service ...

Page 650: ...st test add interface end network interface wan1 config service multicast test c Repeat for each additional destination interface 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 651: ... items n Enable Ethernet bonding n The mode either l Active backup Provides fault tolerance l Round robin Provides load balancing as well as fault tolerance n The Ethernet devices in the bonded pool WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network E...

Page 652: ...articipate in the bond pool c Repeat for each appropriate Ethernet device 8 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configurati...

Page 653: ... name network device Additional Configuration eth1 eth2 eth3 eth4 loopback config network bond name b Add a device config network bond name add device network device eth1 config network bond name c Repeat to add additional devices 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be present...

Page 654: ... IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the mDNS service d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s ...

Page 655: ...ss rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable the mDNS service config service mdns enable true config 4 Configure access control n To limit access to specified IPv4 addresses and networks config add service mdns acl address en...

Page 656: ...erfaces Use network interface to display interface information config network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP lan1 LAN1 loopback Loopback wan1 WAN1 wwan1 WWAN1 wwan2 WWAN2 config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service mdns acl zone end value Where value is ...

Page 657: ...xpected throughput The TX54 implementation of iPerf3 supports testing with both TCP and UDP Note Using iPerf clients that are at a version earlier than iPerf3 to connect to the TX54 device s iPerf3 server may result in unpredictable results As a result Digi recommends using an iPerf client at version 3 or newer to connect to the TX54 device s iPerf3 server Required configuration items n Enable the...

Page 658: ...he iPerf server n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the IPv4 address or network that can access the device s iperf service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the iperf servic...

Page 659: ...opdown See Firewall configuration for information about firewall zones d Click again to allow access through additional firewall zones 7 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Adm...

Page 660: ...e type Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the TX54 device config add service iperf acl interface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network interface Interfaces Additiona...

Page 661: ...the device Example performance test using iPerf3 On a remote host with iPerf3 installed enter the following command iperf3 c device_ip where device_ip is the IP address of the TX54 device For example iperf3 c 192 168 2 1 Connecting to host 192 168 2 1 port 5201 4 local 192 168 3 100 port 54934 connected to 192 168 1 1 port 5201 ID Interval Transfer Bandwidth Retr Cwnd 4 0 00 1 00 sec 26 7 MBytes 2...

Page 662: ... access control list to limit the service to specified IP address interfaces and or zones To enable the iPerf3 server WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Ping responder The ping responder service is enabled by default Click Enable to d...

Page 663: ...tional IP addresses or networks n To limit access to hosts connected through a specified interface on the TX54 device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate...

Page 664: ...ce type Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks config add service iperf acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the service type Repeat this step to list additio...

Page 665: ...ones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external hotspot internal ipsec loopback setup config Repeat this step to list additional firewall zones 6 Save the configuration and apply the change config save Co...

Page 666: ...8 2 68 MBytes 4 1 00 2 00 sec 28 4 MBytes 238 Mbits sec 29 1 39 MBytes 4 2 00 3 00 sec 29 8 MBytes 250 Mbits sec 0 1 46 MBytes 4 3 00 4 00 sec 31 2 MBytes 262 Mbits sec 0 1 52 MBytes 4 4 00 5 00 sec 32 1 MBytes 269 Mbits sec 0 1 56 MBytes 4 5 00 6 00 sec 32 5 MBytes 273 Mbits sec 0 1 58 MBytes 4 6 00 7 00 sec 33 9 MBytes 284 Mbits sec 0 1 60 MBytes 4 7 00 8 00 sec 33 7 MBytes 282 Mbits sec 0 1 60 ...

Page 667: ...ecified time This chapter contains the following topics Configure scripts to run automatically 668 Configure scripts to run manually 674 Start a manual script 679 Stop a script that is currently running 680 Show script information 681 Run a Python application at the shell prompt 682 Start an interactive Python session 684 Digidevice module 686 Use the Human Interface Device HID module 716 Use Pyth...

Page 668: ... a specified time l At a specified interval l During system maintenance Additional configuration items n A label used to identify the script n The action to take if the script finishes The actions that can be taken are l None l Restart the script l Reboot the device n Whether to write the script output and errors to the system log n If the script is set to run at a specified interval whether anoth...

Page 669: ...ocal path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied to the TX54 device n local path is the location on the TX54 device where the copied file will be placed For example To upload a script from a remote host with an IP ...

Page 670: ...der the device inoperable Use with care WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Scheduled tasks Custom scripts 4 For Add Script click The script configuration window is displayed Custom scripts are enabled by default To disable click Enable ...

Page 671: ...ecify the time that the script should run in Run time using the format HH MM n During system maintenance The script will run during the system maintenance time window 7 For Commands enter the commands that will execute the script If the script begins with then the script will be invoked in the location specified by the path for the script command Otherwise the default shell will be used equivalent...

Page 672: ...script 0 label value config system schedule script 0 where value is any string if spaces are used enclose value within double quotes 5 Set the mode that will be used to run the script config system schedule script 0 when mode config system schedule script 0 where mode is one of the following n boot The script will run once each time the device boots l If boot is selected set the action that will b...

Page 673: ... set the time that the script should run using the format HH MM config system schedule script 0 run_time HH MM config system schedule script 0 n maintenance_time The script will run during the system maintenance time window 6 Set the commands that will execute the script config system schedule script 0 commands filename config system schedule script 0 where filename is the path and filename of the...

Page 674: ...default This option protects the script from accidentally destroying the system it is running on config system schedule script 0 sandbox true config system schedule script 0 11 Save the configuration and apply the change config save Configuration saved 12 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnec...

Page 675: ...ctory Command line 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line use the scp command to upload the Python application script to the TX54 device scp host hostname or ip user username remote remote path local local path to local where n hos...

Page 676: ...LI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Note You can also create scripts by using the vi command when logged in with shell access Task two Configure the application to run automatically Note This feature does not provide syntax or error checking Certain commands can render the device inoperable Use with ca...

Page 677: ...s to log script errors to the system log If neither option is selected only the script s exit code is written to the system log 9 For Maximum memory enter the maximum amount of memory available to be used by the script and its subprocesses using the format number b bytes KB k MB MB M GB G TB T 10 Sandbox is enabled by default which restricts access to the file system and available commands that ca...

Page 678: ...g system schedule script 0 label value config system schedule script 0 where value is any string if spaces are used enclose value within double quotes 5 Set the run mode to manual config system schedule script 0 when manual config system schedule script 0 6 Set the commands that will execute the script config system schedule script 0 commands filename config system schedule script 0 where filename...

Page 679: ...ed rebooting the device will cause the script to run again The only way to re run the script is to n Remove the script from the device and add it again n Make a change to the script n Disable once 10 Sandbox is enabled by default This option protects the script from accidentally destroying the system it is running on config system schedule script 0 sandbox true config system schedule script 0 11 S...

Page 680: ... to access the Admin CLI 2 Determine the name of scripts that are currently running show scripts Index Label Enabled Status Run time 0 script1 true active 1 script2 true idle 01 00 3 Start the script system script start script1 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented ...

Page 681: ...CLI 2 Determine the name of scripts that are currently running show scripts Index Label Enabled Status Run time 0 script1 true active 1 script2 true idle 01 00 Scripts that are currently running have the status of active 3 Stop the appropriate script system script stop script1 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending ...

Page 682: ... 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Run a Python application at the shell prompt Python applications can be run from a file at the shell prompt The Python application will run until it completes displaying output and prompting for additional user input if needed To inter...

Page 683: ... device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI b At the command line use the scp command to upload the Python application script to the TX54 device scp host hostname or ip user username remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user o...

Page 684: ...interactive Python session Use the python command without specifying any parameters to start an interactive Python session The Python session operates interactively using REPL Read Evaluate Print Loop to allow you to write Python code on the command line Note The Python interactive session is not available from the Admin CLI You must access the device shell in order to run Python applications from...

Page 685: ...e 685 digidevice Digi device python extensions DESCRIPTION This module includes various extensions that allow Python to interact with additional features offered by the device 4 Use Ctrl D to exit the Python session You can also exit the session using exit or quit ...

Page 686: ...evice cli to execute CLI commands 687 Use digidevice datapoint to upload custom datapoints to Digi Remote Manager 688 Use digidevice config for device configuration 691 Use Python to respond to Digi Remote Manager SCI requests 693 Use digidevice runtime to access the runtime database 702 Use Python to upload the device name to Digi Remote Manager 704 Use Python to access the device location data 7...

Page 687: ...n Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the cli submodule from digidevice import cli 4 Execute a CLI command using the cli execute command function For example to print the system status and statistics to stdout using the show system command response cli execute show system print response Model Digi TX54 Se...

Page 688: ...lp copyright credits or license for more information 3 Import the cli submodule from digidevice import cli 4 Use the help command with cli execute help cli execute Help on function execute in module digidevice cli execute command timeout 5 Execute a CLI command with the timeout specified returning the results 5 Use Ctrl D to exit the Python session You can also exit the session using exit or quit ...

Page 689: ...elp copyright credits or license for more information 3 Import the datapoint submodule and other necessary modules from digidevice import datapoint import time 4 Upload the datapoints to Remote Manager datapoint upload Velocity 69 units mph datapoint upload Temperature 24 geo_location 54 409469 1 718836 129 datapoint upload Emergency_Door closed timestamp time time 5 Use Ctrl D to exit the Python ...

Page 690: ...mation on web services and datapoints Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint upload and datapoint upload_multiple 1 Log into the TX54 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type...

Page 691: ...onfiguration Read the device configuration 1 Log into the TX54 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on lin...

Page 692: ...v4 address Which returns 192 168 2 1 24 Modify the device configuration Use the set and commit methods to modify the device configuration 1 Log into the TX54 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter ...

Page 693: ...ll 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the config submodule from digidevice import config 4 Use the help command with config help config Help on module acl config in acl NAME acl config Python int...

Page 694: ...vice_request module from digidevice import device_request 4 Create a function to handle the request from Remote Manager def handler target request print received request s for target s request target return OK 5 Register a callbackup function that will be called when the device receives a SCI request from Remote Manager device_request register myTarget handler Note Leave the interactive Python ses...

Page 695: ...e the handler on the device is executed n On the device you will receive the following output received request my payload string for target myTarget n In Remote Manager you will receive a response similar to the following sci_reply version 1 0 data_service device id 00000000 00000000 0000FFFF A83CF6A3 requests device_request target_name myTarget status 0 OK device_request requests device data_serv...

Page 696: ...ctory on two or more Digi devices In this example we will upload it to two devices and use the same request in Remote Manager to query both devices See Configure scripts to run automatically for information about uploading Python applications to your device You can also create the script on the device by using the vi command when logged in with shell access 3 For both devices a Configure the devic...

Page 697: ...c config scripts showsystem py ix Click Apply to save the configuration and apply the change Command line i Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI ii At the command line type config to enter configuration mode config config iii Add an applicat...

Page 698: ...pplication config system schedule script 0 commands python etc config scripts showsystem py config system schedule script 0 viii Save the configuration and apply the change config save Configuration saved b Run the showsystem py application You can run the application by either rebooting the device or by running it from the shell prompt n To reboot the device i From the WebUI i From the main menu ...

Page 699: ...FFF A83CF6A3 device id 00000000 00000000 0000FFFF 485740BC targets requests device_request target_name myTarget my payload string device_request requests data_service sci_request 7 For the device_request element replace the value of target_name with showSystem This matches the target parameter of the device_request register function in the showsystem py application device_request target_name showS...

Page 700: ... device id 00000000 00000000 0000FFFF 485740BC requests device_request target_name showSystem status 0 Model Digi TX54 Serial Number TX54 000023 Hostname TX54 MAC 00 40 D0 26 79 1C Hardware Version 50001959 01 A Firmware Version 22 2 9 85 Bootloader Version 1 Firmware Build Date Thurs 03 March 2022 10 16 23 Schema Version 461 Timezone UTC Current Time Thurs 03 March 2022 10 16 23 CPU 1 1 Uptime 4 ...

Page 701: ... help copyright credits or license for more information 3 Import the device_request submodule from digidevice import device_request 4 Use the help command with device_request help device_request Help on module digidevice device_request in digidevice NAME digidevice device_request APIs for registering device request handlers You can also use the help command with available device_request functions ...

Page 702: ...mand with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the runt submodule from digidevice import runt 4 Use the start method to open the runtime database runt start 5 Use the keys method to display available keys in the runtime database and use the get me...

Page 703: ...ted with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the runt submodule from digidevice import runt 4 Use start method to open the runtime da...

Page 704: ...on You can also exit the session using exit or quit Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager When you use the name submodule to upload a custom device name to Remote Manager the following issues apply n If the name is being used by to another device in your Remote Manager account the na...

Page 705: ...ay be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the name submodule from digidevice import name 4 Upload the name to Remote M...

Page 706: ...to access the device location data The location submodule enables access to the location data for the TX54 device The module takes a snapshot of location data stored in the runt database The location data snapshot can be subsequently updated by using the update method Determine if the device s location 1 Log into the TX54 command line as a user with shell access Depending on your device configurat...

Page 707: ...ject to return the longitude loc longitude 93 397084499999999 n Use the altitude object to return the altitude in meters loc altitude 292 39999399999999 7 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Update the location data The location submodule takes a snapshot of the current location and stores it in the runtime database You can update this snapsot 1 L...

Page 708: ...location and stores it in the runtime database You can update this snapsot 1 Log into the TX54 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May ...

Page 709: ..._idx 0 num_satellites 12 source_idx 0 quality Standard GNSS 2D 3D source_idx 0 utc_date_time Mar 03 2022 10 16 23 source_idx 0 vertical_velocity 0 0 source_idx 1 label gnss source_idx 1 quality No Fix Invalid state Enabled signal utc_date_time Mar 03 2022 10 16 23 vertical_velocity 0 0 6 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Help for the digidevice ...

Page 710: ...e of a device When the module sets the device to out of service this can be used as trigger to begin maintenance activity See Schedule system maintenance tasks for more details 1 Log into the TX54 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the pyth...

Page 711: ...e module 1 Log into the TX54 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or ...

Page 712: ...g these methods Available LEDs LED Available colors Attribute name Power Blue Led POWER GNSS Green Led GNSS WIFI1 Green Led WIFI1 WIFI2 Dual Wi Fi models only Green Led WIFI2 WWAN1 Signal Green Yellow Led WWAN1_SIGNAL_GREEN Led WWAN1_SIGNAL_YELLOW WWAN1 Service Green Yellow Led WWAN1_SERVICE_GREEN Led WWAN1_SERVICE_YELLOW WWAN2 Signal Dual cellular models only Green Yellow Led WWAN2_SIGNAL_GREEN L...

Page 713: ...that acquires control of the power LED sets it to a state of fast flashing and then releases control when the function has completed use the following code in a python application with use Led POWER as pwr pwr State FLASH Releasing the LEDs to system control During a Python interactive session or from within a Python script you can release control of the LED from Python to system control using the...

Page 714: ...o send or receive SMS messages you must also enable the ability to schedule SMS scripting Enable the ability to schedule SMS scripting WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Scheduled tasks 4 Click to enable Allow scheduled scripts to handl...

Page 715: ...g on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device See Configure scripts to run automatically for more information about scheduling scripts Example digidevice sms code The following example code receives an SMS message and sends a response usr bin python3 6 import os import threading import sys from digidevice sms import Callba...

Page 716: ...within a Python script For example to determine information about a USB connected keyboard 1 Log into the TX54 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6...

Page 717: ...ion using exit or quit Help for the hid module Get help for the hid module 1 Log into the TX54 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May ...

Page 718: ...e to function as serial ports To use Python to access serial ports 1 Log into the TX54 command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 Determine the path to the serial port ls dev serial by id by path by usb port1 USB_port1 USB_port2 3 At the shell prompt use the python comman...

Page 719: ...Firmware update feature simple implementation read TODO in cmd_fwupdate import sys import time import paho mqtt client as mqtt import json from acl import runt config from http import HTTPStatus import urllib request import tempfile import os from digidevice import cli POLL_TIME 60 def cmd_reboot params print Rebooting unit try cli execute reboot 10 except print Failed to run reboot command return...

Page 720: ...cid cmd status if not status or not cid return if cmd_path startswith PREFIX_CMD path cmd_path len PREFIX_CMD else print Invalid command path cannot send reply format cmd_path return reply cmd cmd status status client publish PREFIX_RSP path cid json dumps reply separators def on_connect client userdata flags rc print Connected to MQTT server client subscribe PREFIX_CMD system def on_message clien...

Page 721: ...d_cmd_reply client msg topic cid cmd status def publish_dhcp_leases leases try with open etc config dhcp leases r as f for line in f elems line split if len elems 5 continue leases append mac elems 1 ip elems 2 host elems 3 if leases client publish PREFIX_EVENT leases json dumps leases separators except print Failed to open DHCP leases file def publish_system avg1 avg5 avg15 runt get system load_a...

Page 722: ...ial PREFIX router serial PREFIX_EVENT event PREFIX PREFIX_CMD cmd PREFIX PREFIX_RSP rsp PREFIX client mqtt Client client on_connect on_connect client on_message on_message try client connect 192 168 1 100 1883 60 client loop_start except print Failed to connect to MQTT server sys exit 1 while True publish_dhcp_leases publish_system time sleep POLL_TIME ...

Page 723: ...4 Authentication groups 732 Local users 742 Terminal Access Controller Access Control System Plus TACACS 755 Remote Authentication Dial In User Service RADIUS 762 LDAP 767 Configure serial authentication 775 Disable shell access 777 Set the idle timeout for TX54 users 779 Example user configuration 782 TX54 User Guide 723 ...

Page 724: ...ns for a group You can modify the released groups and create additional groups as needed for your site A user can be assigned to more than one group n admin Provides the logged in user with administrative and shell access n serial Provides the logged in user with access to serial ports Users Defines local users for the TX54 n admin Belongs to both the admin and serial groups TACACS Configures supp...

Page 725: ...tion Dial In User Service RADIUS for information about configuring RADIUS authentication n TACACS Users authenticated by using a remote TACACS server for authentication See Terminal Access Controller Access Control System Plus TACACS for information about configuring TACACS authentication n LDAP Users authenticated by using a remote LDAP server for authentication See LDAP for information about con...

Page 726: ...o be used To add an authentication method WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Methods 4 For Add Method click 5 Select the appropriate authentication type for the new method from the Method drop down ...

Page 727: ...n you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add the new authentication method to the appropriate location in the list n To determine the current list of authentication methods a Log into the TX54 command line as a user with full Admin access rights Depending on your device conf...

Page 728: ...radius tacacs or ldap n You can also use the move command to rearrange existing methods See Rearrange the position of authentication methods for information about how to reorder the authentication methods 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selectio...

Page 729: ...user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Use the show auth method command to determine the index number of the authentication method to be deleted config show auth method 0 local 1 radius 2 tacacs config...

Page 730: ...sented with an Access selection menu Type quit to disconnect from the device Rearrange the position of authentication methods WebUI Authentication methods are reordered by changing the method type in the Method drop down for each authentication method to match the appropriate order For example the following configuration has Local users as the first method and RADIUS as the second To reorder these...

Page 731: ...ine as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Use the show command to display current configuration config show auth method 0 local 1 radius config 4 Use the move command to rearrange the methods con...

Page 732: ...e the ability to access the shell when logging into the TX54 via ssh telnet or the serial console Shell access is not available if the Allow shell parameter has been disabled See Disable shell access for more information about the Allow shell parameter n Serial access Users with Serial access have the ability to log into the TX54 device by using the serial console Preconfigured authentication grou...

Page 733: ...o expand its configuration node 5 Click the box next to the following options as appropriate to enable or disable access rights for each n Admin access For groups assigned Admin access you can also determine whether the Access level should be Full access or Read only access l Full access provides users of this group with the ability to manage the TX54 device by using the WebUI or the Admin CLI l R...

Page 734: ...e Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable or disable access rights for the group For example n Admin access l To set the access level for Admin access of the admin group config auth group admin acl admin level value config where value is either o full provides users of this group with the ability to manage the TX54 device by using the WebUI or...

Page 735: ... auth group admin acl serial enable true config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Add an authentication group Required configuration items n The access rights to be assigned to users that are ...

Page 736: ...ps 4 For Add type a name for the group and click The group configuration window is displayed 5 Click the following options as appropriate to enable or disable access rights for each n Admin access For groups assigned Admin access you can also determine whether the Access level should be Full access or Read only access where value is either l Full access full provides users of this group with the a...

Page 737: ...tive portal access b Click Captive portals to expand the Captive portal node c For Add Captive portal click d In the Captive portal dropdown select a captive portal to which users of this group will have access e Click again to add additional captive portals 9 Optional Enable users that belong to this group to query the device for Nagios monitoring by checking the box next to Nagios access 10 Opti...

Page 738: ...vides users of this group with read only access to the WebUI and Admin CLI The default is full n Shell access config auth group test acl shell enable true config Shell access is not available if the Allow shell parameter has been disabled See Disable shell access for more information about the Allow shell parameter n Serial access config auth group test acl serial enable true config 5 Optional Con...

Page 739: ... group test acl bluetooth_scanner enable true config 8 Optional Enable users that belong to this group to access the Wi Fi scanning service config auth group group test acl wifi_scanner enable true config 9 Save the configuration and apply the change config save Configuration saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selecti...

Page 740: ...ick the menu icon next to the group to be deleted and select Delete 5 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mod...

Page 741: ... Guide 741 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 742: ... the device and is the most critical security feature for the device If you reset the device to factory defaults you must log in using the default user and password and you should immediately change the password to a custom password Before deploying or mounting the TX54 device record the default password so you have the information available when you need it even if you cannot physically access th...

Page 743: ...assword The password must be at least eight characters long and must contain at least one uppercase letter one lowercase letter one number and one special character For the admin user the password field can be left blank n If the password field for the admin user is left blank the admin user s password will be the default password printed on the device s label n If the admin user s password has be...

Page 744: ...de 744 You can also change the password for the active user by clicking the user name in the menu bar The active user must have full Admin access rights to be able to change the password 6 Click Apply to save the configuration and apply the change ...

Page 745: ...n you may be presented with an Access selection menu Type quit to disconnect from the device Configure a local user Required configuration items n A username n A password The password must be at least eight characters long and must contain at least one uppercase letter one lowercase letter one number and one special character For security reasons passwords are stored in hash form There is no way t...

Page 746: ... type for two factor authentication Either time based or counter based l The security key l Whether to allow passcode reuse time based verification only l The passcode refresh interval time based verification only l The valid code window size l The login limit l The login limit period l One time use eight digit emergency scratch codes To configure a local user WebUI 1 Log into the TX54 WebUI as a ...

Page 747: ...ne uppercase letter one lowercase letter one number and one special character 7 Click to expand Login failure lockout The login failure lockout feature is enabled by default To disable click to toggle off Enable a For Lockout tries type the number of unsuccessful login attempts before the user is locked out of the device The default is 5 b For Lockout duration type the amount of time that the user...

Page 748: ...er c Select the Verification type n Time based TOTP Time based One Time Password TOTP authentication uses the current time to generate a one time password n Counter based HOTP HMAC based One Time Password HOTP uses a counter to validate a one time password d Generate a Secret key i Click next to the field label and select Generate secret key ii Copy the secret key for use with an application or mo...

Page 749: ...od to ten minutes enter 10m or 600s j Scratch codes are emergency codes that may be used once at any time To add a scratch code i Click Scratch codes ii For Add Code click iii For Code enter the scratch code The code must be eight digits with a minimum of 10000000 iv Click again to add additional scratch codes 11 Click Apply to save the configuration and apply the change Command line 1 Log into th...

Page 750: ...is locked out of the device where value is any integer The minimum value is 1 and the default value is 5 b Set the amount of time that the user is locked out after the number of unsuccessful login attempts defined in lockout tries config auth user new_user lockout duration value config auth user new_user where value is any number of minutes or seconds and takes the format number m s For example to...

Page 751: ...w_user ssh_key b Add the key by using the ssh_key command and pasting or typing a public encryption key that this user can use for passwordless SSH login config auth user new_user ssh_key ssh_key key config auth user new_user ssh_key 9 Optional Configure two factor authentication for SSH telnet and serial console login a Change to the user s two factor authentication node config auth user new_user...

Page 752: ...h_interval 600s config auth user name 2fa The default is 30s g Configure the valid code window size This represents the allowed number of concurrently valid codes In cases where TOTP is being used increasing the valid code window size may be necessary when the clocks used by the server and client are not synchronized config auth user new_user 2fa window_size 3 config auth user new_user 2fa h Confi...

Page 753: ...ew_user 2fa scratch_code Where code is an digit number with a minimum of 10000000 iii To add additional scratch codes use the add end code command again 10 Save the configuration and apply the change config auth user new 2fa scratch_code save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to...

Page 754: ...ights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth user username 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your devic...

Page 755: ...nd connection parameters to a TACACS server over TCP The TACACS server then authenticates the TACACS client requests and sends back a response message to the device When you are using TACACS authentication you can have both local users and TACACS users able to log in to the device To use TACACS authentication you must set up a TACACS server that is accessible by the TX54 device prior to configurat...

Page 756: ... sudo gedit etc tacacs tac_plus conf 2 Add users to the file using the following format This example will create two users one with admin and serial access and one with only serial access user user1 name User1 for TX54 pap cleartext password1 service system groupname admin serial user user2 name User2 for TX54 pap cleartext password2 service system groupname serial The groupname attribute is optio...

Page 757: ...lable or if the user is not defined on the TACACS server then you should list the TACACS authentication method prior to the Local users authentication method See User authentication methods for more information about authentication methods If the TACACS servers are unavailable and the TX54 device falls back to local authentication only users defined locally on the device are able to log in TACACS ...

Page 758: ...lick Device Configuration The Configuration window is displayed 3 Click Authentication TACACS Servers 4 Add TACACS servers a For Add server click b For Hostname type the hostname or IP address of the TACACS server c Optional Change the default Port setting to the appropriate port Normally this should be left at the default setting of port 49 d For Secret type the TACACS server s shared secret This...

Page 759: ...al Enable Command authorization which instructs the device to communicate with the TACACS server to determine if the user is authorized to execute a specific command Only the first configured TACACS server will be used for command authorization 9 Optional Enable Command accounting which instructs the device to communicate with the TACACS server to log commands that the user executes Only the first...

Page 760: ...ue of the service attribute in the the TACACS server s configuration For example in TACACS user configuration the value of the service attribute in the sample tac_plus conf file is system which is also the default setting in the TX54 configuration config auth tacacs service service name config 6 Optional Enable command authorization which instructs the device to communicate with the TACACS server ...

Page 761: ...n methods are attempted in the order they are listed until the first successful authentication result is returned This example will add TACACS to the end of the list See User authentication methods for information about adding methods to the beginning or middle of the list config add auth method end tacacs config 10 Save the configuration and apply the change config save Configuration saved 11 Typ...

Page 762: ...erver over UDP The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device When you are using RADIUS authentication you can have both local users and RADIUS users able to log in to the device To use RADIUS authentication you must set up a RADIUS server that is accessible by the TX54 device prior to configuration The process of setting up a RADIUS...

Page 763: ...ely if the user is also configured as a local user on the TX54 device and the RADIUS server authenticates the user but does not return any groups the local configuration determines the list of groups See Authentication groups for more information about authentication groups The Unix FTP Group Names attribute can contain one group or multiple groups in a comma separated list 3 Save and close the fi...

Page 764: ... This section describes how to configure a TX54 device to use a RADIUS server for authentication and authorization Required configuration items n Define the RADIUS server IP address or domain name n Define the RADIUS server shared secret n Add RADIUS as an authentication method for your TX54 device Additional configuration items n Whether other user authentication methods should be used in additio...

Page 765: ...RADIUS server to respond Allowed value is any integer from 3 to 60 The default value is 3 f Optional Click again to add additional RADIUS servers 5 Optional Enable Authoritative to prevent other authentication methods from being used if RADIUS authentication fails Other authentication methods will only be used if the RADIUS server is unavailable 6 Optional Click RADIUS debug to enable additional d...

Page 766: ...the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Optional Prevent other authentication methods from being used if RADIUS authentication fails Other authentication methods will only be ...

Page 767: ...meout value config auth radius server 0 e Optional Repeat the above steps to add additional RADIUS servers 7 Add RADIUS to the authentication methods Authentication methods are attempted in the order they are listed until the first successful authentication result is returned This example will add RADIUS to the end of the list See User authentication methods for information about adding methods to...

Page 768: ...u are using LDAP authentication you can have both local users and LDAP users able to log in to the device To use LDAP authentication you must set up a LDAP server that is accessible by the TX54 device prior to configuration The process of setting up a LDAP server varies by the server environment This section contains the following topics LDAP user configuration 769 LDAP server failover and fallbac...

Page 769: ...ng the following format dn uid john dc example dc com objectClass inetOrgPerson cn John Smith sn Smith uid john userPassword password ou admin serial n The value of uid and userPassword must correspond to the username and password used to log into the TX54 device n The ou attribute is optional If used the value must correspond to authentication groups configured on your TX54 Alternatively if the u...

Page 770: ... server then you should list the LDAP authentication method prior to the Local users authentication method See User authentication methods for more information about authentication methods If the LDAP servers are unavailable and the TX54 device falls back to local authentication only users defined locally on the device are able to log in LDAP users cannot log in until the LDAP servers are brought ...

Page 771: ...server click b For Hostname type the hostname or IP address of the LDAP server c Optional Change the default Port setting to the appropriate port Normally this should be left at the default setting of port 389 for non TLS and 636 for TLS d Optional Click again to add additional LDAP servers 5 Optional Enable Authoritative to prevent other authentication methods from being used if LDAP authenticati...

Page 772: ...ons 10 For User search base type the distinguished name DN on the server to search for users This can be the root of the directory tree for example dc example dc com or a sub tree for example ou People dc example dc com 11 For Login attribute enter the user attribute containing the login of the authenticated user For example in the LDAP user configuration the login attribute is uid If this attribu...

Page 773: ... non secure TCP connection on the LDAP standard port 389 n on Uses an SSL TLS encrypted connection on port 636 n start_tls Makes a non secure TCP connection to the LDAP server on port 389 then sends a request to upgrade the connection to a secure TLS connection This is the preferred method for LDAP The default is off 5 If tls is set to on or start_tls configure whether to verify the server certifi...

Page 774: ...s the user attribute containing the login of the authenticated user For example in the LDAP user configuration the login attribute is uid If this attribute is not set the user will be denied access 10 Optional Set the name of the user attribute that contains the list of TX54 authentication groups that the authenticated user has access to See LDAP user configuration for further information about th...

Page 775: ...result is returned This example will add LDAP to the end of the list See User authentication methods for information about adding methods to the beginning or middle of the list config add auth method end ldap config 14 Save the configuration and apply the change config save Configuration saved 15 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Ac...

Page 776: ... add the public certificates of custom CAs a For Add CA certificate type the name of a custom CA and click b Paste the public certificate for the custom CA in PEM format c Repeat for additional custom CA certificates 8 Click to expand Peer certificates to add the public certificates of trusted peers a For Add Peer certificate type the name of a trusted peer and click b Paste the public certificate...

Page 777: ...authority config add auth serial ca_certs CA cert name cert and private key config where n CA cert name is the name of the certificate for the custom certificate authority n cert and private key is the certificate and private key for the custom certificate authority Repeat for additional custom certificate authorities 7 Save the configuration and apply the change config save Configuration saved 8 ...

Page 778: ... 3 Click Authentication 4 Click to disable Allow shell Note If shell access is disabled re enabling it will erase the device s configuration and perform a factory reset 5 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection...

Page 779: ...figuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Set the idle timeout for TX54 users To configure the amount of time that the user s active session can be inactive before it is automatically disconnected set the Idle timeout parameter By default the Idle timeout is se...

Page 780: ...the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config auth idle_timeout value where value is any number of weeks days hou...

Page 781: ... Set the idle timeout for TX54 users TX54 User Guide 781 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 782: ...ith administrator rights who is authenticated locally on the device WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users 4 In Add User enter a name for the user and click The user configuration window is displayed ...

Page 783: ...tication methods i Click Authentication Methods ii Verify that Local users is one of the methods listed in the list If not i For Add Method click ii For Method select Local users 7 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access...

Page 784: ...dmin config auth user adminuser 8 Save the configuration and apply the change config auth user adminuser save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Example 2 RADIUS TACACS and local authentication for one user Goal To create a user with administrator rig...

Page 785: ... configuration TX54 User Guide 785 This example uses a FreeRadius 3 0 server running on ubuntu and a TACACS server running on ubuntu Server configuration may vary depending on the platforms or type of servers used in your environment ...

Page 786: ... Group Names parameter c Save and close the users file 2 Configure a user on the TACACS server a On the ubuntu machine hosting the TACACS server open the etc tacacs tac_plus conf file sudo gedit etc tacacs tac_plus conf b Add a TACACS user to the tac_plus conf file user admin1 name Admin1 for TX64 pap cleartext password1 service system groupname admin In this example n The user s username is admin...

Page 787: ... methods a Click Authentication Methods b For Method select RADIUS c For Add Method click to add a new method d For the new method select TACACS e Click to add another new method f For the new method select Local users 6 Create the local user a Click Authentication Users b In Add User type admin1 and click c For password type password1 ...

Page 788: ... set to Full access If not select Full access 7 Click Apply to save the configuration and apply the change Command line 1 Configure a user on the RADIUS server a On the ubuntu machine hosting the FreeRadius server open the etc freeradius 3 0 users file sudo gedit etc freeradius 3 0 users b Add a RADIUS user to the users file admin1 Cleartext Password password1 Unix FTP Group Names admin In this ex...

Page 789: ...ameter c Save and close the tac_plus conf file 3 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 4 At the command line type config to enter configuration mode config config 5 Configure the authentication methods a Determine the current authentication m...

Page 790: ...h group admin acl admin level full config 7 Configure the local user a Create a local user with the username admin1 config add auth user admin1 config auth user admin1 b Assign a password to the user config auth user adminuser password password1 config auth user adminuser c Assign the user to the admin group config auth user adminuser add group end admin config auth user adminuser 8 Save the confi...

Page 791: ... following topics Firewall configuration 792 Port forwarding rules 797 Packet filtering 805 Configure custom firewall rules 813 Configure captive portals 815 Configure Quality of Service options 820 Web filtering 831 TX54 User Guide 791 ...

Page 792: ...p of the device By default the firewall will only allow this zone to access administration services l IPsec The default zone for IPsec tunnels l hotspot The default zone for hotspots l Dynamic routes Used for routes learned using routing services n Port forwarding A list of rules that allow network connections to the TX54 to be forwarded to other servers by translating the destination address n Pa...

Page 793: ...rewall Zones 4 In Add Zone enter a name for the zone and click The firewall configuration window is displayed 5 Optional If traffic on this zone will be forwarded from a private network to the internet enable Network Address Translation NAT 6 Click Apply to save the configuration and apply the change See Configure the firewall zone for a network interface for information about how to configure net...

Page 794: ... on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device See Configure the firewall zone for a network interface for information about how to configure network interfaces to use a zone Configure the firewall zone for a network interface Firewall zones allow you to group network interfaces for the purpose of packet filtering and access...

Page 795: ...ommand line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config network interface lan1 zone my_zone config 4 Save the configuration and apply the change config save Configurati...

Page 796: ...he TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Zones 4 Click the menu icon next to the appropriate custom firewall zone and select Delete 5 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full...

Page 797: ...g rules Port forwarding rules provide mapping instructions that direct incoming traffic to the proper device on a LAN Configure port forwarding Required configuration items n The network interface for the rule Network connections will only be forwarded if their destination address matches the IP address of the selected network interface n The public facing port number that network connections must...

Page 798: ... rules are enabled by default To disable click to toggle off Enable 5 Optional Type a Label that will be used to identify the rule 6 For Interface select the network interface for the rule Network connections will only be forwarded if their destination address matches the IP address of the selected network interface 7 For IP version select either IPv4 or IPv6 Network connections will only be forwa...

Page 799: ...ll zone n To white list IP addresses a Click Addresses b For Add Address enter an IP address and click c Repeat for each additional IP address that should be white listed n To specify firewall zones for white listing a Click Zones b For Add zone click c For Zone select the appropriate zone d Repeat for each additional zone 13 Click Apply to save the configuration and apply the change Command line ...

Page 800: ...lan1 lan_hotspot loopback wan1 wwan1 wwan2 Current value config firewall dnat 0 interface b Set the interface For example config firewall dnat 0 interface wan1 config firewall dnat 0 5 Set the IP version Allowed values are ipv4 and ipv6 The default is ipv4 config firewall dnat 0 ip_version ipv6 config firewall dnat 0 6 Set the public facing port number that network connections must use for their t...

Page 801: ...ne three and five through ten enter 1 3 5 10 10 Optional To create a white list of devices that are authorized to leverage this forwarding rule based on either the IP address or firewall zone change to the acl node config firewall dnat 0 acl config firewall dnat 0 acl n To white list an IP address l For IPv4 addresses config firewall dnat 0 acl add address end ip address config firewall dnat 0 acl...

Page 802: ...e Configuration saved 12 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a port forwarding rule To delete a port forwarding rule WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The ...

Page 803: ...ser with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Determine the index number of the port forwarding rule you want to delete config show firewall dnat 0 acl no address no zone enable true interface eth2 ip_version ...

Page 804: ...c097 4533 bd63 bb12 9a6f 5569 4b53 c29a to_port 10003 config 4 To delete the rule use the index number with the del command For example config del firewall dnat 1 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the de...

Page 805: ...uired configuration items n The action that the packet filtering rule will perform either Accept Reject or Drop n The source firewall zone Packets originating from interfaces on this zone will be monitored by this rule n The destination firewall zone Packets destined for interfaces on this zone will be accepted rejected or dropped by this rule Additional configuration requirements n A label for th...

Page 806: ...n Reject Blocks matching network connections and sends an ICMP error if appropriate n Drop Blocks matching network connections and does not send a reply 6 Select the IP version 7 Select the Protocol 8 For Source zone select the firewall zone that will be monitored by this rule for incoming connections from network interfaces that are a member of this zone See Firewall configuration for more inform...

Page 807: ...x number of the appropriate packet filtering rule config show firewall filter 0 action accept dst_zone any enable true ip_version any label Allow all outgoing traffic protocol any src_zone internal 1 action drop dst_zone internal enable true ip_version any label myfilter protocol any src_zone external config b Select the appropriate rule by using its index number config firewall filter 1 config fi...

Page 808: ...ons from network interfaces that are a member of this zone See Firewall configuration for more information about firewall zones config firewall filter 1 src_zone my_zone config firewall filter 1 6 Set the destination firewall zone Packets destined for network interfaces that are members of this zone will either be accepted rejected or dropped by this rule See Firewall configuration for more inform...

Page 809: ...ay be presented with an Access selection menu Type quit to disconnect from the device Enable or disable a packet filtering rule To enable or disable a packet filtering rule WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Packet filtering 4 Click t...

Page 810: ...ess the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Determine the index number of the appropriate port forwarding rule config show firewall filter 0 action accept dst_zone any enable true ip_version any label Allow all outgoing traffic protocol any src_zone internal 1 action drop dst_zone internal enable true ip_version any label My packet filter protoco...

Page 811: ...Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a packet filtering rule To delete a packet filtering rule WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Pack...

Page 812: ...ering rule you want to delete config show firewall filter 0 action accept dst_zone any enable true ip_version any label Allow all outgoing traffic protocol any src_zone internal 1 action drop dst_zone internal enable true ip_version any label My packet filter protocol any src_zone external config 4 To delete the rule use the index number with the del command For example config del firewall filter ...

Page 813: ... To configure custom firewall rules WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Custom rules 4 Enable the custom rules 5 Optional Enable Override to override all preconfigured firewall behavior and rely solely on the custom firewall rules 6 Fo...

Page 814: ...s config firewall custom enable true config 4 Optional Instruct the device to override all preconfigured firewall behavior and rely solely on the custom firewall rules config firewall custom override true config 5 Set the shell command that will execute the custom firewall rules script config firewall custom rules shell command config 6 Save the configuration and apply the change config save Confi...

Page 815: ...ration The Configuration window is displayed 3 Click Firewall Captive portals 4 For Add captive portal enter a name for the portal and click The captive portal configuration window is displayed The captive portal is enabled by default To disable click to toggle off Enable 5 For Interface select the network interface for the portal Traffic received on this interface s network device will not be for...

Page 816: ...Users must be part of a user group that allows access to this portal n Collect user information Users are required to complete a form to continue The form fields may be customize 9 Optional For Title enter the title of the portal page that the user will see when accessing the portal 10 Optional For Message enter a message that will appear on the portal page 11 Optional For Terms and Conditions ent...

Page 817: ...ient has been granted access Format network interface defaultip network interface defaultlinklocal network interface lan1 network interface lan_hotspot network interface loopback network interface wan1 network interface wwan1 network interface wwan2 Current value config firewal portal portal1 interface b Set the interface For example config firewal portal portal1 interface network interface wan1 c...

Page 818: ...evice Users must be part of a user group that allows access to this portal n info Users are required to complete a form to continue The form fields may be customize 8 Optional Set the title of the portal page that the user will see when accessing the portal config firewall portal portal1 title Corporate portal config firewall portal portal1 9 Optional Set a message that will appear on the portal p...

Page 819: ... Type quit to disconnect from the device Delete captive portals To delete captive portals WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Captive portals 4 Click the down caret next to the appropriate captive portal and select Delete 5 Click Apply...

Page 820: ...as Voice over IP VoIP cloud computing traffic shaping traffic prioritizing and bandwidth allocation When configuring QOS you can only control the queue for outgoing packets on each interface egress packets not what is received on the interface packet ingress A QoS binding contains the policies and rules that apply to packets exiting the TX54 device on the binding s interface By default the TX54 de...

Page 821: ...ommand line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable one of the preconfiged bindings n To enable the Outbound binding config firewall qos 0 enable true config n To enable the Inbound binding ...

Page 822: ...nterface b Set the interface For example config firewall qos 0 interface network interface wan1 config 5 Examine the remaining default settings and modify as appropriate for your network 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit t...

Page 823: ...s packets on The binding will only match traffic that is being sent out on this interface 8 Optional For Interface bandwidth Mbit set the maximum egress bandwidth of the interface in megabits allocated to this binding Typically this should be 95 of the available bandwidth Allowed value is any integer between 1 and 1000 9 Create a policy for the binding At least one policy is required for each bind...

Page 824: ...h e For Latency type the maximum delay before the transmission of packets A lower latency means that the packets will be scheduled more quickly for transmission f Select Default to identify this policy as a fall back policy The fall back policy will be used for traffic that is not matched by any other policy If there is no default policy associated with this binding packets that do not match any p...

Page 825: ...address n IPv6 address Only traffic from the IP address typed in IPv6 address will be matched Use the format IPv6_address prefix_length or use any to match any IPv6 address n MAC address Only traffic from the MAC address typed in MAC address will be matched ix Click to expand Destination address and select the Type n Any Traffic destined for anywhere will be matched n Interface Only traffic destin...

Page 826: ...config firewall qos 2 label my_binding config firewall qos 2 5 Set the interface to queue egress packets on The binding will only match traffic that is being sent out on this interface a Use the to determine available interfaces config firewall qos 2 interface Interface The network interface Format network interface defaultip network interface defaultlinklocal network interface lan1 network interf...

Page 827: ...licy config firewall qos 2 policy 0 d Set a value for the amount of available bandwidth allocated to the policy relative to other policies for this binding The larger the weight with respect to the other policy weights the larger portion of the maximum bandwidth is available for this policy For example if a binding contains three policies and each policy contains a weight of 10 each policy will be...

Page 828: ...licy 0 rule 0 label my_binding_policy_ rule config firewall qos 2 policy 0 rule 0 iv Set the value of the Type of Service ToS packet header that defines packet priority If unspecified this field is ignored config firewall qos 2 policy 0 rule 0 tos value config firewall qos 2 policy 0 rule 0 where value is a hexadecimal number See https www tucny com Home dscp tos for a list of common TOS values v ...

Page 829: ...terface s network address Format network interface defaultip network interface defaultlinklocal network interface lan1 network interface lan_hotspot network interface loopback network interface wan1 network interface wwan1 network interface wwan2 Current value config network qos 2 policy 0 rule 0 src interface ii Set the interface For example config network qos 2 policy 0 rule 0 src interface netw...

Page 830: ...ration for more information about firewall zones n interface Only traffic destined for the selected Interface will be matched Set the interface i Use the to determine available interfaces config network qos 2 policy 0 rule 0 dst interface Interface Match the IP address with the specified interface s network address Format network interface defaultip network interface defaultlinklocal network inter...

Page 831: ...ess selection menu Type quit to disconnect from the device Web filtering Web filtering allows you to control access to services that can be accessed through the TX54 device by forwarding all Domain Name System DNS traffic to a web filtering service This allows the network security administrator to configure a set of policies with the web filtering service that are applied to all routing devices wi...

Page 832: ...en Task two Configure web filtering WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Web filtering service 4 Click Enable web filtering to enable 5 For Web filtering service select Cisco Umbrella 6 Paste the API token that was generated in Task one...

Page 833: ...la_token to the API token generated in Task one Generate a Cisco Umbrella API token config firewall web filter umbrella_token token config 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Clear the Cisco Umb...

Page 834: ...ng with manual DNS servers Required configuration items n Enable web filtering n The IP address of one or more DNS servers Cisco provides two open DNS servers for web filtering l 208 67 222 220 l 208 67 220 222 See https www opendns com setupguide for more information about using Cisco DNS servers for web filtering To configure web filtering with manual DNS servers WebUI 1 Log into the TX54 WebUI ...

Page 835: ...ver 9 Optional Repeat for additional DNS servers 10 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 ...

Page 836: ...pen DNS servers a Enable web filtering config firewall web filter enable true config b Set the web filter service type to manual config firewall web filter service manual config c Add the first DNS server i Add the server config add firewall web filter server end config firewall web filter server 0 ii Set the server s IP address config firewall web filter server 0 ip 208 67 222 220 config firewall...

Page 837: ...o use manual DNS servers and uses the Cisco open DNS servers you can verify the web filtering implementation by using the Cisco test site www internetbadguys com To verify the implementation WebUI This procedure assumes you have already configured web filtering to use either Cisco Umbrella or the Cisco open DNS servers n See Configure web filtering with Cisco Umbrella for information about configu...

Page 838: ...e web filtering a Click Firewall Web filtering service b Click Enable web filtering to enable c Click Apply to save the configuration and apply the change 6 From your browser attempt to connect to http www internetbadguys com again The connection attempt should fail with the message This site is blocked due to a phishing threat Command line This procedure assumes you have already configured web fi...

Page 839: ...curl I http www internetbadguys com HTTP 1 1 200 OK Server Apache Content Type text html charset UTF 8 Accept Ranges bytes Date Thurs 03 March 2022 10 16 23 X Varnish 4201397492 Age 0 Via 1 1 varnish Connection keep alive You should receive an HTTP 1 1 200 OK message as highlighted above 4 Return to the Admin CLI and enable web filtering config firewall web filter enable true 5 Attempt to connect ...

Page 840: ...CLI prompt use the show web filtercommand to view information about the web filter service show web filter Enabled true Service umbrella Device ID 0004b5s63f5e2de7aa If the device is configured to use Cisco Umbrella for web filtering a device ID is displayed The device ID is a unique ID assigned to the device by Cisco Umbrella If there is a problem with the device ID you can clear the ID See Clear...

Page 841: ...rs 3 Click Upload New Container 4 From your local file system select the container file in tgz format You can download a simple example container file test_lxc tgz from the Digi website 5 Create Configuration is selected by default This will create a configuration on the device for the container when it is installed If deselected you will need to create the configuration manually 6 Click Apply 7 I...

Page 842: ...he device should including virtual networking capabilities Additional configuration items n If virtual networking is enabled l The bridge to be used to provide network connectivity l A static IP address for the container l The network gateway n Serial ports on the device that the container will have access to WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu cli...

Page 843: ...way type the IP address of the network gateway 7 Click to expand Serial ports to sssign serial ports that the container will have access to a For Add Port click b For Port select the serial port 8 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presente...

Page 844: ...ge Device Containers require a bridge to access the network Choose which bridge to connect the container to Format lan1 Current value config system container name ii Set the bridge config system container name bridge lan1 config system container name c Optional Set the IP address and netmask for the container config system container name address IP_address netmask config system container name d Op...

Page 845: ...uring authentication groups that include shell access Starting the container There are two methods to start containers n Non persistent Changes made to the container file system will be lost when the container is stopped n Persistent Changes made to the container file system when not be lost when the container is stopped Starting a container in non persistent mode To start the container in non per...

Page 846: ...the shell profile This is useful when you use the Clone DAL option when uploading the container which includes the devices s system libraries In this case the command without any additional parameters will use the device s shell See Upload a new LXC container for more information For example to start a container and run a python script called my_python_script py in the default shell type lxc test_...

Page 847: ...ytest1 True enabled STOPPED test_lxc True enabled RUNNING PID 19327 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show status of a specific container Use the show containers container name command to show the status of the specified container 1 Log into the TX54 command line as a u...

Page 848: ... run in the container This simple example will 1 Start the container in non persistent mode 2 Execute a ping command every ten seconds from inside the container WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Scheduled tasks Custom scripts 4 For Add...

Page 849: ...container is used 10 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a script config add system ...

Page 850: ...d config system schedule script 0 sandbox false config system schedule script 0 9 Save the configuration and apply the change config save Configuration saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Create a custom container This example creates a simple custom container that...

Page 851: ... rootfs Test the custom container file 1 Add the new container to your TX54 device i Log into the TX54 WebUI as a user with Admin access ii From the main menu click Status Under Services click Containers iii Click Upload New Container iv From your local file system select the container file You can download a simple example container file test_lxc tgz from the Digi website v Create Configuration i...

Page 852: ...Containers Create a custom container TX54 User Guide 852 3 At the shell prompt type lxc python_lxc lxc 4 Execute the python command lxc python etc test py Hello world lxc ...

Page 853: ...oot your TX54 device 873 Erase device configuration and reset to factory defaults 875 Locate the device by using the Find Me feature 881 Configure power button behavior 882 Configure power input voltage 883 Power ignition sensor 885 Configuration files 890 Schedule system maintenance tasks 895 Disable device encryption 900 Configure the speed of your Ethernet ports 902 TX54 User Guide 853 ...

Page 854: ...rmation use the show system command n Show basic system information 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Enter show system at the prompt show system Model Digi TX54 Serial Number TX54 000065 SKU TX54 Hostname TX54 MAC Address DF DD E2 AE 21 18 Hardw...

Page 855: ... 9 85 Alt Firmware Build Date Thurs 03 March 2022 10 16 23 Bootloader Version 19 7 23 0 15f936e0ed Schema Version 715 Timezone UTC Current Time Thurs 03 March 2022 10 16 23 0000 CPU 1 4 Uptime 6 days 6 hours 21 minutes 57 seconds 541317s Load Average 0 01 0 03 0 02 RAM Usage 119 554MB 1878 984MB 6 Temperature 40C Power Voltage 19 040000 V Ignition Sense off Disk Load Average 0 09 0 10 0 08 RAM Usa...

Page 856: ...I as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System 4 For Name type a name for the device This name will appear in log messages and at the command prompt 5 For Contact type the name of a contact for the device 6 For Location type the location of the device 7 For Banner type a banner...

Page 857: ...2 168 3 1 config 6 Set the banner for the device This is displayed when users access terminal services on the device 192 168 3 1 config system banner Welcome to the Digi TX54 192 168 3 1 config 7 Save the configuration and apply the change 192 168 3 1 config save Configuration saved 192 168 3 1 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Ac...

Page 858: ...figuration being erased Downgrading from firmware version 22 2 9 x Beginning with firmware version 22 2 9 x the TX54 device uses certificate based communication for enhanced security when connecting to Digi Remote Manager If you downgrade your firmware from version 22 2 9 x to version 21 11 x or previous your device will no longer be able to communicate with Remote Manager To remedy this issue sel...

Page 859: ...2 9 85 4 Perform an OTA firmware update n To perform an OTA firmware update by using the most recent available firmware from the Digi firmware repository a Update the firmware system firmware ota update Downloading firmware version 22 2 9 85 Downloaded firmware tmp cli_firmware bin remaining Applying firmware version 22 2 9 85 41388K netflash got tmp cli_firmware bin length 42381373 netflash authe...

Page 860: ...evice reboot Update firmware from a local file WebUI 1 Download the TX54 operating system firmware from the Digi Support FTP site to your local machine Note For TX54 devices there are three platform variants n TX54 Dual Cellular n TX54 Dual Wi Fi n TX54 Single Cellular Download the correct firmware for your variant of the TX54 device 2 Log into the TX54 WebUI as a user with Admin access 3 On the m...

Page 861: ...he remote host n remote path is the path and filename of the file on the remote host that will be copied to the TX54 device n local path is the location on the TX54 device where the copied file will be placed For example scp host 192 168 4 1 user admin remote home admin bin TX54 Dual Cellular 22 2 9 85 bin local etc config to local admin 192 168 4 1 s password adminpwd TX54 Dual Cellular 22 2 9 85...

Page 862: ...es two copies of firmware in two flash memory banks n The current firmware version that is used to boot the device n A copy of the firmware that was in use prior to your most recent firmware update When the device reboots it will attempt to use the current firmware version If the current firmware version fails to load after three consecutive attempts it is marked as invalid and the device will use...

Page 863: ...rmware system duplicate firmware How to recover a TX54 that will not boot This section describes the process for recovering a TX54 device that cannot boot because both firmware images stored in flash memory have become corrupted When a TX54 device is in this state the device will continually reboot as it attempts to boot one of the firmware images that are stored on the device The LED state will b...

Page 864: ...ease the reset button The following will now occur a The device downloads the firmware image from the TFTP server Once the firmware image is downloaded the WWAN2 Signal SIM 1 LED briefly lights b The device verifies the firmware image c The device reboots loading and running the new firmware image 7 After the device is finished rebooting update the device to the latest firmware The recovery proces...

Page 865: ...ks for details 8 Click Update Command line Update modem firmware over the air OTA You can update your modem firmware by querying the Digi firmware repository to determine if there is new firmware available for your modem and performing an OTA modem firmware update 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access...

Page 866: ...ts name or imei to select a modem Available modems wwan2 IMEI 73342482496112 Telit LM940 wwan1 IMEI 83152092446664 Telit LM940 b Use the name or imei parameter to query the Digi firmware repository for the specified modem For example modem firmware ota check name wwan1 Checking for latest ATT firmware Retrieving modem firmware list Newest firmware version available to download is 24 01 5x4_ATT Mod...

Page 867: ...496112 Telit LM940 wwan1 IMEI 83152092446664 Telit LM940 b Use the name or imei parameter to query the Digi firmware repository for the specified modem For example modem firmware ota list name wwan1 Retrieving modem firmware list 24 01 5x2 24 01 5x4 24 01 5x4_ATT 24 01 5x4_Verizon 24 01 5x4_VZW 4 Perform an OTA firmware update n To perform an OTA firmware update by using the most recent available ...

Page 868: ... parameter to update the modem firmware For example modem firmware ota update name wwan1 Checking for latest ATT firmware Retrieving modem firmware list Newest firmware version available to download is 24 01 5x4_ ATT Retrieving download location for modem firmware 24 01 5x4_ ATT n To perform an OTA firmware update by using a specific version from the Digi firmware repository l For single cellular ...

Page 869: ...ermine the name and IMEI of the appropriate modem modem firmwware ota update version Multiple modems available Please run the command with the modem identifier arguments name or imei to select a modem Available modems wwan2 IMEI 73342482496112 Telit LM940 wwan1 IMEI 83152092446664 Telit LM940 b Use the name or imei parameter to update the modem firmware and use the version parameter to identify th...

Page 870: ...n be unzipped with tar or a similar tool See Use the scp command for information about uploading files to the TX54 device 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the modem firmware check command to determine if new modem firmware is available on lo...

Page 871: ...list command to list available firmware on the TX54 device n For single cellular variants type modem firmware list ATT 24 01 544_ATT current Generic 24 01 514_Generic image Verizon 24 01 524_Verizon image ATT 24 01 544_ATT image Sprint 24 01 531 B003_Sprint image n For dual cellular variants use either the name or the imei parameter to list available firmware a To determine the name and IMEI of th...

Page 872: ...xample modem firmware update version 24 01 5x4_ATT Updating modem firmware Successfully updated firmware Modem firmware update complete n For dual cellular variants use either the name or the imei parameter to update the modem firmware a To determine the name and IMEI of the appropriate modem modem firmwware ota update version Multiple modems available Please run the command with the modem identif...

Page 873: ... TX54 device immediately or schedule a reboot for a specific time every day Note You may want to save your configuration settings to a file before rebooting See Save configuration to a file Reboot your device immediately WebUI 1 Log into the TX54 WebUI as a user with Admin access 2 From the main menu click System 3 Click Reboot 4 Click Reboot to confirm that you want to reboot the device Command l...

Page 874: ...ot time is set but the device is unable to synchronize its time with an NTP server the device will reboot after it has been up for 24 hours See System time for information about configuring NTP servers If Reboot window is set the reboot will occur during a random time within the reboot window 5 For Reboot window enter the maximum random delay that will be added to Reboot Time Allowed values are an...

Page 875: ...n about configuring NTP servers If reboot_window is set the reboot will occur during a random time within the reboot window 4 Set the maximum random delay that will be added to reboot_time config system schedule reboot_window value config where value is any number of hours minutes or seconds and takes the format number h m s For example to set reboot_window to ten minutes enter either 10m or 600s ...

Page 876: ...ware release 22 2 9 x and newer by default the device uses a client side certificate for communication with Remote Manager If the client side certificate is erased you must use the Remote Manager interface to reset the certificate You can also reset the device to the default configuration without removing scripts keys and logfiles by using the revert command WebUI 1 Log into the TX54 WebUI as a us...

Page 877: ...ted with an Access selection menu Type admin to access the Admin CLI 2 Enter the following system factory erase 3 After resetting the device a Connect to the TX54 by using the serial port or by using an Ethernet cable to connect the TX54 LAN1 port to your PC b Log into the TX54 User name Use the default user name admin Password Use the unique password printed on the bottom label of the device or t...

Page 878: ...ed in the package When you first log into the WebUI or the command line you will be required the change the SSIDs and pre shared keys passwords for the preconfigured Wi Fi access points before you can save any configuration changes See Reset default SSIDs and pre shared keys for the preconfigured Wi Fi access points for instructions c Optional Reset the default password for the admin account See C...

Page 879: ...ustom configuration rather than to the original factory defaults Note To clear the custom default configuration press the RESET button wait for the device to reboot then press the RESET button again Required configuration items n Custom factory default file WebUI 1 Log into the TX54 WebUI as a user with Admin access 2 Configure your TX54 device to match the desired custom factory default configura...

Page 880: ...downloaded rename the file to custom default config bin 6 Upload the file to the device a From the main menu select System Filesystem b Under Default device configuration click c Select the file from your local file system Command line 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to...

Page 881: ...at the LED is flashing on the device Click the x in the message to close it 3 On the menu click System again Ablue circle next to Find Me is blinking indicating that the Find Me feature is active 4 To deactivate the Find Me feature click System and click Find Me again A notification message appears noting that the LED is no longer flashing on the device Click the x in the message to close it Comma...

Page 882: ...wn behavior to prevent powering down the device when the Power button is accidentally pressed You can also disable the power button entirely so that both the short and long press power down behavior is disabled and the device cannot be powered down by using the Power button WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click ...

Page 883: ...e is one of n normal The default behavior in which both short press and long press Power button actions shut down the device n forced_only Disables the short press behavior of the Power button A long press action will still shut down the device n disabled Disables the Power button entirely so that neither the short or long press actions will shut down the device 4 Save the configuration and apply ...

Page 884: ...put power is above 11 5 volts l Powers down if input power drops below 10 5 volts n 24 l Powers up if the input power is above 23 volts l Powers down if the power drops below 21 volts n 9 36 l Powers up if the input power is above 8 5 volts l Powers down if the input power drops below 8 volts 5 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line...

Page 885: ... l Powers down if the input power drops below 8 volts 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Power ignition sensor When the TX54 device is used in a vehicle Digi recommends that you use the ignitio...

Page 886: ... with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Power Ignition sense control 4 For Ignition power on delay type the amount of time to wait to power on the device after the device detects that there is power on the ignition sensor Allowed values are any number of hours minutes or seconds an...

Page 887: ... to set the ignition power on delay to ten minutes enter either 10m or 600s config system power ignition on_delay 600s config The default is 0s meaning that there is no power on delay 4 To set the ignition power off delay config system power ignition off_delay value where value is any number of hours minutes or seconds and takes the format number h m s For example to set the ignition power off del...

Page 888: ...you may be presented with an Access selection menu Type admin to access the Admin CLI 2 To temporarily override the configured ignition power on delay system power ignition off_delay OFF_DELAY where OFF_DELAY is any number of hours minutes or seconds and takes the format number h m s For example to set the ignition power on delay to ten minutes enter either 10m or 600s config system power ignition...

Page 889: ...ce configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config system power auto_reboot false 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you ...

Page 890: ...ation the changes are not automatically saved You must explicitly save configuration changes which also applies the changes If you do not save configuration changes the system discards the changes WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Make any necessar...

Page 891: ... to a file You can save your TX54 device s configuration to a file and use this file to restore the configuration either to the same device or to similar devices WebUI This procedure creates a binary archive file containing the device s configuration certificates and keys and other information 1 Log into the TX54 WebUI as a user with Admin access 2 On the main menu click System Under Configuration...

Page 892: ...ation certificates and keys and other information l cli config Creates a text file containing only the configuration changes For example system backup etc config scripts type archive 3 Optional Use scp to copy the file from your device to another host scp host hostname or ip user username remote remote path local local path to remote where n hostname or ip is the hostname or ip address of the remo...

Page 893: ...The configuration will be restored and the device will be rebooted Command line 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 If the configuration backup is on a remote host use scp to copy the file from the host to your device scp host hostname or ip user u...

Page 894: ... the following system restore filepath passphrase passphrase where n filepath is the the path and filename of the configuration backup file on the TX54 s filesystem local path in the previous step n passphrase optional is the passphrase to restore the configuration backup if a passphrase was used when the backup was created For example system restore opt backup archive 0040FF800120 22 2 9 85 19 23...

Page 895: ...uired configuration items n Events that trigger the maintenance window to begin n Whether all configured triggers or only one of the triggers must be met n The tasks to be performed Options are l Firmware updates l Digi Remote Manager configuration check n Whether the device will check for updates to the device firmware n Whether the device will check for updates to the modem firmware n The freque...

Page 896: ...Immediately all scheduled tasks will begin at the exact time specified in Start time l If Duration window is set to 24 hours Start time is effectively obsolete and the maintenance tasks will be scheduled to run at any time Setting Duration window to 24 hours can potentially overstress the device and should be used with caution l If Duration window is set to any value other than to Immediately or 2...

Page 897: ...ellular connection 9 Optional Click to enable Configuration check to allow for the configuration to be updated including by custom scripts during the maintenance window 10 Optional Configure automated checking for device firmware updates a Click to expand Firmware update check b Device firmware update check is enabled by default This enables to automated checking for device firmware updates c Mode...

Page 898: ...k interface loopback network interface wan1 network interface wwan1 network interface wwan2 Current value config system schedule maintenance trigger 0 interface ii Set the interface For example config system schedule maintenance trigger 0 interface network interface wan1 config system schedule maintenance trigger 0 n out_of_service The maintenance window will only start if the Python Out of Servic...

Page 899: ...tem schedule maintenance trigger 0 length num config system schedule maintenance trigger 0 where num is any whole number between 0 and 24 iii Configure the frequency that the maintenance tasks should be run config system schedule maintenance trigger 0 frequency value config system schedule maintenance trigger 0 where value is either daily or weekly Daily is the default 4 Optional Configure the dev...

Page 900: ...h an Access selection menu Type quit to disconnect from the device Disable device encryption You can disable the cryptography on your TX54 device This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped When device encryption is disabled the following occurs n The device is reset to the default configuration and r...

Page 901: ...LI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Re enable cryptography after it has been disabled To re enable cryptography 1 Configure your PC network to connect to the 192 168 210 subnet For example on a Windows PC a Select the Properties of the relevant network connection on the Windows PC b Click the Internet ...

Page 902: ...net session and connect to the TX54 device at the IP address of 192 168 210 1 4 Log into the device n Username admin n Password The default unique password for your device is printed on the device label 5 At the shell prompt type rm etc config nocrypt flatfsd i This will re enable encryption and leave the device at its factory default setting Configure the speed of your Ethernet ports You can conf...

Page 903: ... the Ethernet port or select Auto to automatically detect the speed The default is Auto 6 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to ent...

Page 904: ...ly for devices with Gigabit Ethernet ports auto Configures the device to automatically determine the best speed for the Ethernet port The default is auto 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Page 905: ...Monitoring This chapter contains the following topics intelliFlow 906 Configure NetFlow Probe 913 Enable the Bluetooth scanner 918 Enable the Wi Fi scanner 925 TX54 User Guide 905 ...

Page 906: ...me intelliFlow charts are dymanic at any point you can click inside the chart to drill down to view more granular information and menu options allow you to change various aspects of the information being displayed Note When intelliFlow is enabled and the device is connected to Digi aView it adds an estimated 50MB of data usage for the device by reporting the metrics to aView intelliflow does not c...

Page 907: ...he configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable IntelliFlow config monitoring intelliflow enable true 4 Set the fi...

Page 908: ... clients are present on the zone specified Format any dynamic_routes edge external hotspot internal ipsec loopback setup Default value internal Current value internal config b Set the zone to be used by IntelliFlow config monitoring intelliflow zone my_zone 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device confi...

Page 909: ... into the TX54 WebUI as a user with Admin access 2 If you have not already done so enable intelliFlow See Enable intelliFlow 3 From the menu click Status intelliFlow The System Utilisation chart is displayed n Display more granular information 1 Click and drag over an area in the chart to zoom into that area and provide more granular information 2 Release to display the selected portion of the cha...

Page 910: ...Select the time period to be displayed n Save or print the chart 1 Click the menu icon 2 To save the chart to your local filesystem select Export to PNG 3 To print the chart select Print chart Use intelliFlow to display top data usage information With intelliFlow you can display top data usage information based on the following n Top data usage by host n Top data usage by server n Top data usage b...

Page 911: ... the Top Data Usage by Server chart click Top Data Usage by Server n To display the Top Data Usage by Service chart click Top Data Usage by Service 5 Change the type of chart that is used to display the data a Click the menu icon b Select the type of chart 6 Change the number of top users displayed You can display the top five top ten or top twenty data users ...

Page 912: ...Use intelliFlow to display data usage by host over time To generate a chart displaying a host s data usage over time WebUI 1 Log into the TX54 WebUI as a user with Admin access 2 If you have not already done so enable intelliFlow See Enable intelliFlow 3 From the menu click Status intelliFlow 4 Click Host Data Usage Over Time n Display more granular information a Click and drag over an area in the...

Page 913: ...d configuration items n Enable NetFlow n The IP address of a NetFlow collector Additional configuration items n The NetFlow version n Enable flow sampling and select the flow sampling technique n The number of flows from which the flow sampler can sample n The number of seconds that a flow is inactive before it is exported to the NetFlow collectors n The number of seconds that a flow is active bef...

Page 914: ...e options are n NetFlow v5 Supports IPv4 only n NetFlow v9 Supports IPv4 and IPv6 n NetFlow v10 IPFIX Supports both IPv4 and IPv6 and includes IP Flow Information Export IPFIX The default is NetFlow v10 IPFIX 6 Enable Flow sampler by selecting a sampling technique Flow sampling can reduce flow processing and transmission overhead by providing a representative subset of all flows Available options ...

Page 915: ...een 1 and 1800 The default is 1800 10 For Maximum flows type the maximum number of flows to probe simultaneously Allowed value is any number between 0 and 2000000 The default is 2000000 11 Add collectors a Click to expand Collectors b For Add Collector click c Optional Type a Label for the collector d For Address type the IP address of the collector e Optional For Port enter the port number used b...

Page 916: ...w sample population n hash Randomly selects one out of every n flows using the hash of the flow key where n is the value of the flow sample population 5 If you are using a flow sampler set the number of flows for the sampler config monitoring netflow sampler_population value config where value is any number between 2 and 16383 The default is 100 6 Set the number of seconds that a flow can be inact...

Page 917: ...lector config monitoring netflow collector 0 port port config monitoring netflow collector 0 d Optional Set a label for the collector config monitoring netflow collector 0 label This is a collector config monitoring netflow collector 0 Repeat to add additional collectors 10 Save the configuration and apply the change config monitoring netflow collector 0 save Configuration saved 11 Type exit to ex...

Page 918: ...the record of a device connection is kept before the device is considered out of range and the record is expired from the database n A remote host to view the output of the service n The SSH port used by the Bluetooth scanner to stream output to a remote host n The access control list for the SSH port used by the Bluetooth scanner to stream output to a remote host When the Bluetooth scanner is ena...

Page 919: ...r example to set Update interval to ten minutes enter 10m or 600s The minimum value is 5 seconds and the default is 15 seconds 6 Configure the device to open an SSH port that remote hosts can access a Click to expand SSH stream service b Click Enable c Optional For Port type the port that the Bluetooth scanner will use The default is 3102 d Click Access control list to configure access control n T...

Page 920: ...or Interface select the appropriate interface from the dropdown iv Click again to allow access through additional interfaces n To limit access based on firewall zones i Click Zones ii For Add Zone click iii For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones iv Click again to allow access through additional firewall zones ...

Page 921: ...ds 5 Enable the device to open an SSH port that remote hosts can access config monitoring bluetooth_scanner ssh enable true config 6 Optional Set the number of the port that the Bluetooth scanner will use The default is 3102 config monitoring bluetooth_scanner ssh port port config 7 Configure access control n To limit access to specified IPv4 addresses and networks config add monitoring bluetooth_...

Page 922: ...nterfaces Use network interface to display interface information config network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP lan1 LAN1 loopback Loopback wan1 WAN1 wwan1 WWAN1 wwan2 WWAN2 config Repeat this step to list additional interfaces n To limit access based on firewall zones config add monitoring bluetooth_scanner ssh acl zone end...

Page 923: ...ice configuration you may be presented with an Access selection menu Type quit to disconnect from the device Display the output of the Bluetooth scanner You can use one of the following methods to view the output of the Bluetooth scanner n From the Status page of the WebUI n From the System Logs page of the WebUI You can also search the output as well as download the output in text format from the...

Page 924: ... for information about the displayed fields Command line To view output of the Bluetooth scanner from the command line the user must be a member of an authentication group that has Bluetooth scanner access enabled See Add an authentication group for details 1 Log into the TX54 command line 2 At the Access selection menu type bluetooth The bluetooth option is only available if the Bluetooth scanner...

Page 925: ... Fi enabled devices that are nearby and then opens an SSH port that remote hosts can access to read basic information about those devices For users to view the output of the Wi Fi scanner they must be a member of an authentication group that has Wi Fi scanner access enabled See Add an authentication group for authentication group configuration information Required configuration n Enable the Wi Fi ...

Page 926: ...ile of blocklisted MAC addresses and Organizationally Unique Identifiers OUIs Devices listed in the blocklist file will not be reported l Whether to filter out devices that are considered to be stationary l Parameters associated with determining whether a devices is stationary o The amount of time to observe devices before determining if they are stationary o The maximum allowed variance of the RS...

Page 927: ...econds 8 Optional Click Secondary antenna to disable the use of the secondary Wi Fi antenna 9 For Wi Fi Radio select the appropriate Wi Fi radio dual Wi Fi models only 10 Optional Set parameters that allow you to filter what devices appear in the output log a Click to expand Output log filtering b For Minimum RSSI level to report type the minimum RSSI signal strength that a device must have to be ...

Page 928: ...nsidered to be mobile v For Minimum percentage of observation period type the percentage of times that a device must be observed during the observation period Devices that are observed less that the minimum number will be considered to be mobile Allowed values are 1 to 100 The default is 50 meaning that a device must appear at least half of the time during the observation period in order to be con...

Page 929: ...ses that can access the SSH service iv Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks i Click IPv6 Addresses ii For Add Address click iii For Address enter the IPv6 address or network that can access the device s SSH service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example ...

Page 930: ...ccess selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable the Wi Fi scanner config monitoring wifi_scanner enable true config 4 Set the appropriate Wi Fi radio dual Wi Fi models only config monitoring wifi_scanner radio value config where value is either wifi1 or wifi2 5 Optional Set the Wi Fi channels that will be ...

Page 931: ... access to specified IPv4 addresses and networks config add wifi scanner ssh acl address end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the SSH service Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addresses ...

Page 932: ...st additional interfaces n To limit access based on firewall zones config add wifi scanner ssh acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access con...

Page 933: ...f the Wi Fi scanning service you must first enable the service See Enable the Wi Fi scanner for instructions For users to view the output of the Wi Fi scanner they must be a member of an authentication group that has Wi Fi scanner access enabled See Add an authentication group for authentication group configuration information WebUI n To view the output of the Wi Fi scanning service from the Statu...

Page 934: ...scanner command n To view the output of the Wi Fi scanner from either the Admin CLI menu 1 Log into the TX54 command line 2 At the Access selection menu type Wi Fi The Wi Fi option is only available if the Wi Fi scanning service is enabled See Enable the Wi Fi scanner for instructions n To use the command l To view the output of the Wi Fi scanner from the last scan use the show wifi scanner log co...

Page 935: ...servation Min Signal Strength Max Signal Strength Variance 5D 0C D2 C6 12 0E AP 1 1 88 88 0 00 84 8F 2D 0F 65 80 client 1 1 86 86 0 00 29 2C EA EB DB A4 client 7 11 91 87 2 69 99 64 9D 0C A1 DA AP 60 100 86 79 1 87 View the Wi Fi scanning service output from a remote host Use SSH from a remote host to connect to the device by using the configure Wi Fi scanning service port For example to view the ...

Page 936: ...for the system Field 3 The most recent time this device was seen by the scanner Time is in seconds since January 1 1970 Field 4 The MAC address of the Wi Fi access point or the Wi Fi client Field 5 If the device is a Wi Fi client the MAC address of the access point to which the Wi Fi client is connected Field 6 The channel being used by the access point or the client If the device is a Wi Fi acces...

Page 937: ...Collect device health data and set the sample interval 945 Enable event log upload to Digi Remote Manager 948 Log into Digi Remote Manager 950 Use Digi Remote Manager to view and manage your device 951 Add a device to Digi Remote Manager 952 View Digi Remote Manager connection status 952 Configure multiple devices using profiles 953 Learn more 954 TX54 User Guide 937 ...

Page 938: ...icecloud com n If your Digi device is configured to use a non default URL to connect to Remote Manager updating the firmware will not change your configuration However if you erase the device s configuration the Remote Manager URL will change to the default of edp12 devicecloud com n If you perform a factory reset by pressing the RESET twice the client side certificate will be erased and you must ...

Page 939: ...e 939 n SMS support n HTTP proxy server support To configure Digi Remote Manager WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed ...

Page 940: ...ault is 3199 7 Optional For Retry interval type the amount of time that the TX54 device should wait before reattempting to connect to remote cloud services after being disconnected The default is 30 seconds Allowed values are any number of hours minutes or seconds and take the format number h m s For example to set Retry interval to ten minutes enter 10m or 600s 8 Optional For Keep alive interval ...

Page 941: ...ption is disabled Allowed values are any number of hours minutes or seconds and take the format number h m s For example to set Reboot Timeout to ten minutes enter 10m or 600s The minimum value is 30 minutes and the maximum is 48 hours If not set this option is disabled The default is disabled 13 Optional Enable Locally authenticate CLI to require a login and password to authenticate the user from...

Page 942: ...com config cloud drm drm_url url config 6 Optional Set the amount of time that the TX54 device should wait before reattempting to connect to the remote cloud services after being disconnected The minimum value is ten seconds The default is 30 seconds config cloud drm retry_interval value where value is any number of hours minutes or seconds and takes the format number h m s For example to set the ...

Page 943: ...te cloud services If the connection is down you can configure the device to restart the connection or to reboot The watchdog is enabled by default To disable config cloud drm watchdog false config 11 If watchdog is enabled a Optional Set the amount of time to wait before restarting the connection to the remote cloud services once the connection is down where value is any number of hours minutes or...

Page 944: ...TX54 device to communicate with remote cloud services by using SMS a Enable SMS messaging config cloud drm sms enable true config b Set the phone number for Digi Remote Manager config cloud drm sms destination drm_phone_number config c Optional Set the service identifier config cloud drm sms sercice_id id config 1 Optional Configure the TX54 device to communicate with remote cloud services by usin...

Page 945: ...ice health data upload is enabled and the health sample interval is set to 60 minutes To avoid a situation where several devices are uploading health metrics information to Remote Manager at the same time the TX54 device includes a preconfigured randomization of two minutes for uploading metrics For example if Health sample interval is set to five minutes the metrics will be uploaded to Remote Man...

Page 946: ...hen disabled all metrics are uploaded every Health sample interval 6 Device health data upload is enabled by default To disable click to toggle off Enable Device Health samples upload 7 For Health sample interval select the interval between health sample uploads 8 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin acce...

Page 947: ...port health metrics This is useful to reduce the bandwidth used to report health metrics Even if enabled all metrics are uploaded once every hour To disable config monitoring devicehealth only_send_deltas false config When disabled all metrics are uploaded every Health sample interval 6 Optional Tuning parameters allow to you configure what data are uploaded to the Digi Remote Manager By default a...

Page 948: ...ion saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Enable event log upload to Digi Remote Manager You can configure your device to upload the event log to Digi Remote Manager and configure the interval between event log uploads To enable the event log upload or disable it if i...

Page 949: ... apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Device health data upload is enabled by default To enable or disable n To enable config monit...

Page 950: ...the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Log into Digi Remote Manager To start Digi Remote Manager 1 If you have not already done so click here to sign up for a Digi Remote Manager account 2 Check your emai...

Page 951: ...o view and manage your device 1 If you have not already done so connect to your Digi Remote Manager account 2 Click Device Management to display a list of your devices 3 Use the Search bar to locate the device you want to manage 4 Select the device and click Properties to view general information for the device 5 Click the More menu to perform a task ...

Page 952: ...n the label affixed to the bottom of the device 6 Click Add 7 Click OK Digi Remote Manager adds your TX54 device to your account and it appears in the Device Management view View Digi Remote Manager connection status To view the current Digi Remote Manager configuration WebUI 1 Log into the TX54 WebUI as a user with Admin access 2 The dashboard includes a Digi Remote Manager status pane Command li...

Page 953: ...icecloud com Device ID 00000000 00000000 0040FFFF FF0F4594 The Device ID is the unique identifier for the device as used by the Remote Manager Configure multiple devices using profiles Digi recommends you take advantage of Digi Remote Manager profiles to manage multiple TX54 routers Typically if you want to provision multiple TX54 routers 1 Using the TX54 local WebUI configure one TX54 router to u...

Page 954: ... more n For information on using Digi Remote Manager to configure and manage TX54 routers see the Digi Remote Manager User Guide n For information on using Digi Remote Manager APIs to develop custom applications see the Digi Remote Manager Programmer Guide ...

Page 955: ...he TX54 local file system 956 Display directory contents 956 Create a directory 957 Display file contents 958 Copy a file or directory 958 Move or rename a file or directory 959 Delete a file or directory 960 Upload and download files 961 TX54 User Guide 955 ...

Page 956: ...oots but are deleted if a factory reset of the system is performed See Erase device configuration and reset to factory defaults for more information Display directory contents To display directory contents by using the WebUI or the Admin CLI WebUI 1 Log into the TX54 WebUI as a user with Admin access 2 On the menu click System Under Administration click File System The File System page appears 3 H...

Page 957: ...ing the name of the directory For example 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type mkdir path dir_name For example to create a directory named temp in etc config mkdir etc config temp 3 Verify that the directory was created ...

Page 958: ...gr6ewr1yerHtXQdbafsatGswKg0YUm schema version 461 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Copy a file or directory This procedure is not available through the WebUI To copy a file or directory by using the Admin CLI use the cp command specifying the existing path and filename...

Page 959: ...ripts to final py 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type mv etc config scripts test py etc config scripts final py 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Acces...

Page 960: ...t py in etc config scripts 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type rm etc config scripts test py rm remove etc config scripts test py yes 3 Type exit to exit the Admin CLI Depending on your device configuration you may be p...

Page 961: ...using the WebUI or from the command line by using the scp Secure Copy command or by using a utility such as SSH File Transfer Protocol SFTP or an SFTP application like FileZilla Upload and download files by using the WebUI Upload files 1 Log into the TX54 WebUI as a user with Admin access 2 On the menu click System Under Administration click File System The File System page appears 3 Highlight the...

Page 962: ...t hostname or ip user username remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied to the TX54 device n local path is the location on the TX54 device where the copied file will be placed For ...

Page 963: ...ar log support report 0040D0133536 22 03 03 10 16 23 bin Support report saved 2 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var log support report 00 40 D0 13 35 36 22 03 03 10 16 23 bin to remote admin 192 168 4 1 s password adminpwd support report 0040D0133536 22 03 03 10 16 23 bin Upload and download files using SFTP T...

Page 964: ...File system Upload and download files TX54 User Guide 964 sftp ahmed 192 168 2 1 Password Connected to 192 168 2 1 sftp get test py Fetching test py to test py test py 100 254 0 3KB s 00 00 sftp exit ...

Page 965: ...rt report 966 View system and event logs 968 Configure syslog servers 972 Configure options for the event and system logs 974 Analyze network traffic 979 Use the ping command to troubleshoot network connections 997 Use the traceroute command to diagnose IP routing problems 997 TX54 User Guide 965 ...

Page 966: ...erage 44 7588 Mbps Rx latency 30 05 ms 3 To output the result in json format use the output parameter speedtest host output json tx_avg 51 8510 tx_avg_units Mbps tx_latency 31 07 tx_latency_units ms rx_avg 39 5770 rx_avg_units Mbps rx_latency 34 19 rx_latency_units ms 4 To change the size of the speedtest packet use the size parameter speedtest host size int 5 By default the speedtest uses nuttcp ...

Page 967: ... access the Admin CLI 2 Use the system support report command to generate the report system support report var log Saving support report to var log support report 0040D0133536 22 03 03 10 16 23 bin Support report saved 3 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var log support report 00 40 D0 13 35 36 22 03 03 10 16 23...

Page 968: ...about configuring the information displayed in event and system logs View System Logs WebUI 1 Log into the TX54 WebUI as a user with Admin access 2 On the main menu click System Logs The system log displays 3 Limit the display in the system log by using the Find search tool 4 Use filters to configure the types of information displayed in the system logs ...

Page 969: ...show log number num command to limit the number of lines that are displayed For example to limit the log to the most recent ten lines show log number 10 Timestamp Message Nov 26 21 54 34 TX54 netifd Interface interface_wan is setting up now Nov 26 21 54 35 TX54 firewalld 621 reloading status 4 Optional Use the show log filter value command to limit the number of lines that are displayed Allowed va...

Page 970: ...er with Admin access 2 On the main menu click System Logs 3 Click System Logs to collapse the system logs viewer or scroll down to Events 4 Click Events to expand the event viewer 5 Limit the display in the event log by using the Find search tool 6 Click to download the event log Command line 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you ma...

Page 971: ...v 26 21 42 37 status stat intf eth1 type ethernet rx 11332435 tx 5038762 Nov 26 21 42 35 status system local_time Thu 08 Aug 2019 21 42 35 0000 uptime 3 hours 0 minutes 48 seconds 4 Optional Use the show event table value command to limit the number of lines that are displayed Allowed values are error info and status For example to limit the event list to only info messages show event table info T...

Page 972: ...logs WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Log 4 Add and configure a remote syslog server a Click to expand Server list b For Add Server click The log server configuration window is displayed ...

Page 973: ...n with the syslog server Available options are TCP and UPD The default is UPD 5 Click Apply to save the configuration and apply the change Command line 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configu...

Page 974: ...The default is 514 5 Set the IP protocol to use for communication with the syslog server config system log remote 0 protocol value config system log remote 0 where value is either tcp or udp The default is udp 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access sel...

Page 975: ...e any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Heartbeat interval to ten minutes enter 10m or 600s To disable the Heartbeat interval enter 0s 5 Optional To disable event categories or to enable them if they have been disabled a Click to expand Event Categories b Click an event category to expand c Depending on the event category you can ...

Page 976: ...figuration mode config config 3 Optional To change the heartbeat interval from the default of 30 minutes set a new value The heartbeat interval determines the amount of time to wait before sending a heartbeat event if no other events have been sent config system log heartbeat_interval value config where value is any number of weeks days hours minutes or seconds and takes the format number w d h m ...

Page 977: ...tal Captive portal remote Remote control restart Restart serial Serial sms SMS commands speed Speed stat Network statistics user User wireless WiFi wol Wake On LAN config system log event b Depending on the event category you can enable or disable informational events status events and error events Some categories also allow you to set the status interval which is the time interval between periodi...

Page 978: ...terval value config where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set the status interval to ten minutes enter either 10m or 600s config system log event dhcpserver status_interval 600s config 6 Optional See Configure syslog servers for information about configuring remote syslog servers to which log messages will be sent 7 Sa...

Page 979: ... more detailed analysis you can download the captured data traffic from the device and view it using a third party application Note Data traffic is captured to RAM and the captured data is lost when the device reboots unless you save the data to a file See Save captured data traffic to a file This section contains the following topics Configure packet capture for the network analyzer 980 Example f...

Page 980: ...yzer to run based on a specified event or at a particular time l The events or time that will trigger the analyzer to run using this capture configuration l The amount of time that the analyzer session will run l The frequency with which captured events will be saved To configure a packet capture configuration WebUI 1 Log into the TX54 WebUI as a user with full Admin access rights 2 On the menu cl...

Page 981: ...her the filter should apply to packets when the IP address network is the source the destination or both v Click Ignore this IP address or network if the filter should ignore packets from this IP address network By default is option is disabled which means that the filter will capture packets from this IP address network vi Click to add additional IP address network filters c To create a filter th...

Page 982: ...ernet MAC addresses ii Click to add a MAC address iii For Ethernet MAC address type the MAC address to be captured or ingored iv For Source or destination Ethernet MAC address select whether the filter should apply to packets when the Ethernet MAC address is the source the destination or both v Click Ignore this MAC address if the filter should ignore packets that use this port By default is optio...

Page 983: ...f Interval is selected in Interval type the interval Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Interval to ten minutes enter 10m or 600s n Set time Runs the capture filter at a specified time of the day l If Set Time is selected specify the time that the capture filter should run in Run time using the format HH MM n...

Page 984: ...ork device eth3 network device eth4 network device loopback network bridge hotspot_bridge network bridge lan1 network wifi ap digi_ap1 network wifi ap digi_ap2 network wifi ap digi_hotspot_ap1 network wifi ap digi_hotspot_ap2 network interface defaultip network interface defaultlinklocal network interface lan1 network interface lan_hotspot network interface loopback network interface wan1 network ...

Page 985: ...m this IP address network config network analyzer name filter address 0 ignore true config network analyzer name filter address 0 By default is option is set to false which means that the filter will capture packets from this IP address network v Repeat these steps to add additional IP address filters b To create a filter that either captures or ignores packets that use a particular IP protocol i ...

Page 986: ... i Add a new port filter config network analyzer name add filter port end config network analyzer name filter port 0 ii Set the transport protocol that should be filtered for the port config network analyzer name filter port 0 protocol value config network analyzer name filter port 0 where value is one of tcp udp or either The default is either iii Set whether the filter should apply to packets wh...

Page 987: ...name filter mac_address 0 where value is one of n source The filter will apply to packets when the MAC address is the source n destination The filter will apply to packets when the MAC address is the destination n either The filter will apply to packets when the MAC address is either the source or the destination iv Optional Set the filter should ignore packets from this port config network analyz...

Page 988: ...nfig network analyzer name schedule enable true config network analyzer name b Set the mode that will be used to run the capture filter config network analyzer name when mode config network analyzer name where mode is one of the following n boot The script will run once each time the device boots n interval The script will start running at the specified interval within 30 seconds after the configu...

Page 989: ...r w d h m s For example to set save_interval to ten minutes enter either 10m or 600s config network analyzer name save_interval 600s config network analyzer name 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the dev...

Page 990: ...0 13 35 36 ether host 00 40 D0 13 35 36 n Capture Ethernet packets from host 00 40 D0 13 35 36 ether src 00 40 D0 13 35 36 n Capture Ethernet packets to host 00 40 D0 13 35 36 ether dst 00 40 D0 13 35 36 Capture packets from the command line You can start packet capture at the command line with the analyzer start command Alternatively you can schedule the network analyzer to run based on a specifi...

Page 991: ...to 10 MB of data traffic in two 5 MB files per interface Note Data traffic is captured to RAM and the captured data is lost when the device reboots unless you save the data to a file See Save captured data traffic to a file Stop capturing packets You can stop packet capture at the command line with the analyzer stop command To stop packet capture from the command line Command line 1 Log into the T...

Page 992: ...6 bytes n Decoded information of the packet To show captured data traffic Command line 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Type the following at the Admin CLI prompt show analyzer name capture_filter Packet 1 Mar 03 2022 10 16 23 287682 Length 60 b...

Page 993: ...iguration See Configure packet capture for the network analyzer for more information To determine available packet capture configurations use the show anaylzer name name Name of the capture filter to use Format test_capture capture_ping show anaylzer name Save captured data traffic to a file Data traffic is captured to RAM and when the device reboots the data is lost To retain the captured data fi...

Page 994: ...capture for the network analyzer for more information To determine available packet capture configurations use the analyzer save name name Name of the capture filter to use Format test_capture capture_ping analyzer save name The file is stored in the etc config analyzer directory To transfer the file to your PC see Download captured data to your PC Download captured data to your PC After saving ca...

Page 995: ... on the remote host n remote path is the location on the remote host where the file will be copied n local path is the path and filename on the TX54 device For example To download the traffic saved in the file etc config analyzer eth0 pcpng to a PC with the IP 192 168 210 2 for a user named maria to the home maria directory scp host 192 168 210 2 user maria remote home maria local etc config analy...

Page 996: ...ion See Configure packet capture for the network analyzer for more information To determine available packet capture configurations use the anaylzer clear name name Name of the capture filter to use Format test_capture capture_ping anaylzer clear name Note You can remove data traffic saved to a file using the rm command ...

Page 997: ...tion you may be presented with an Access selection menu Type quit to disconnect from the device Stop ping commands To stop pings when the number of pings to send the count parameter has been set to a high value enter Ctrl C Use the traceroute command to diagnose IP routing problems Use the traceroute command to diagnose IP routing problems This command traces the route to a remote IP host and disp...

Page 998: ...ting hops were required to reach the host 1 Log into the TX54 command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt use the traceroute command to view IP routing information traceroute 8 8 8 8 traceroute to 8 8 8 8 8 8 8 8 30 hops max 52 byte packets 1 192 168 8...

Page 999: ...to correct the interference by one or more of the following measures n Reorient or relocate the receiving antenna n Increase the separation between the equipment and the receiver n Connect the equipment into an outlet that is on a circuit different from the receiver n Consult the dealer or an experienced radio TV technician for help Labeling Requirements FCC 15 19 TX54 complies with Part 15 of FCC...

Page 1000: ...ation of Conformity DoC TX54 User Guide 1000 Digi customers assume full responsibility for learning and meeting the required guidelines for each country in their distribution market Refer to the radio regulatory agency in the desired countries of operation for more information ...

Page 1001: ...1001 ANATEL Brazil Modelo TX54 A106 TX54 A206 04208 19 01209 Para maiores informações consulte o site da ANATEL www anatel gov br Este equipamento não tem direito à proteção contra interferência prejudicial e não pode causar interferência em sistemas devidamente autorizados ...

Page 1002: ...nds Maximum transmit power 13 overlapping channels at 22 MHz or 40 MHz wide spaced at 5 MHz Centered at 2 412 MHz to 2 472 MHz 651 784 mW 165 overlapping channels at 22 MHz or 40 MHz or 80 MHz wide spaced at 5 MHz Centered at 5180 MHz to 5825 MHz 351 295 mW Innovation Science and Economic Development Canada IC certifications This digital apparatus does not exceed the Class B limits for radio noise...

Page 1003: ... Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment Use only the accessories attachments and power supplies provided by the manufacturer connecting non approved antennas or power supplies may damage the router cause interference or create an electric shock hazard and will void the warranty n Do not attemp...

Page 1004: ... of cellular services to the offender legal action or both As with any electrical equipment do not operate the router in the presence of flammable gases fumes or potentially explosive atmospheres Do not use radio devices anywhere that blasting operations occur Wireless routers receive and transmit radio frequency energy when power is on Interference can occur when using the router close to TV sets...

Page 1005: ...ългарски Croatian Hrvatski French Français Greek Ε λληνικά Hungarian Magyar Italian Italiano Latvian Latvietis Lithuanian Lietuvis Polish Polskie Portuguese Português Slovak Slovák Slovenian Esloveno Spanish Español TX54 User Guide 1005 ...

Page 1006: ...le parts Never open the equipment For safety reasons the equipment should be opened only by qualified personnel The unit must be powered off where blasting is in progress where explosive atmospheres are present or near medical or life support equipment Do not power on the unit in any aircraft Operation of this equipment in a residential environment could cause radio interference For ambient temper...

Page 1007: ... потребителя Н икога не отваряйте оборудването О т съображения за безопасност оборудването трябва да се отваря само от квалиф ициран персонал У редът трябва да се изключи там където се извърш ва взривяване където има експлозивна атмосф ера или в близост до медицинско оборудване или оборудване за поддържане на живота Н е включвайте устройството в самолет Р аботата с това оборудване в жилищ на среда...

Page 1008: ...servisirati Nikada ne otvarajte opremu Iz sigurnosnih razloga opremu bi trebalo otvarati samo kvalificirano osoblje Uređaj se mora isključiti tamo gdje je u tijeku miniranje gdje su prisutne eksplozivne atmosfere ili u blizini medicinske opreme ili opreme za održavanje života Nemojte uključivati jedinicu ni u jednom zrakoplovu Rad ove opreme u stambenom okruženju mogao bi prouzročiti radio smetnje...

Page 1009: ... Ne jamais ouvrir l équipement Pour des raisons de sécurité l équipement ne doit être ouvert que par du personnel qualifié L unité doit être éteinte là où le dynamitage est en cours où des atmosphères explosives sont présentes ou à proximité d équipements médicaux ou de survie N allumez pas l appareil dans un avion L utilisation de cet équipement dans un environnement résidentiel peut provoquer de...

Page 1010: ...οίγετ ε ποτ έ τ ον εξ οπλισμό Γ ια λόγους ασφαλείας ο εξ οπλισμός πρέπει να ανοίγει μόνο από εξ ειδικευμένο προσωπικό Η μονάδα πρέπει να είναι απενεργοποιημένη ότ αν βρίσκετ αι σε εξ έλιξ η η έκρηξ η όπου υπάρχουν εκρηκτ ικές ατ μόσφαιρες ή κοντ ά σε ιατ ρικό εξ οπλισμό ή εξ οπλισμό υποστ ήριξ ης τ ης ζ ωής Μην ενεργοποιείτ ε τ η μονάδα σε κανένα αεροσκάφος Η λειτ ουργία αυτ ού τ ου εξ οπλισμού σε...

Page 1011: ... személyzet nyithatja meg Az egységet ki kell kapcsolni ha robbantás folyik ahol robbanásveszélyes környezet van vagy orvosi vagy életmentő berendezések közelében Semmilyen repülőgépen ne kapcsolja be az egységet A berendezés lakókörnyezetben történő működtetése rádiózavarokat okozhat 60 C feletti környezeti hőmérséklet esetén ezt a berendezést csak korlátozott hozzáférésű helyre kell telepíteni A...

Page 1012: ...re mai l apparecchiatura Per motivi di sicurezza l apparecchiatura deve essere aperta solo da personale qualificato L unità deve essere spenta dove sono in corso esplosioni dove sono presenti atmosfere esplosive o vicino ad apparecchiature mediche o di supporto vitale Non accendere l unità in nessun aereo Il funzionamento di questa apparecchiatura in un ambiente residenziale potrebbe causare inter...

Page 1013: ...etotāja apkalpojamas daļas Nekad neatveriet aprīkojumu Drošības apsvērumu dēļ aprīkojumu drīkst atvērt tikai kvalificēts personāls Iekārtai jābūt izslēgtai ja notiek spridzināšana sprādzienbīstama vide vai medicīnas vai dzīvības uzturēšanas aprīkojuma tuvumā Nevienā lidmašīnā neieslēdziet ierīci Šīs ierīces darbība dzīvojamā vidē var izraisīt radio traucējumus Ja apkārtējā temperatūra pārsniedz 60...

Page 1014: ...tojui prižiūrimų dalių Niekada neatidarykite įrangos Saugumo sumetimais įrangą turėtų atidaryti tik kvalifikuotas personalas Įrenginys turi būti išjungtas ten kur vyksta sprogdinimas sprogi aplinka arba šalia medicinos ar gyvybės palaikymo įrangos Neįjunkite įrenginio jokiuose orlaiviuose Naudojant šią įrangą gyvenamojoje aplinkoje gali kilti radijo trukdžių Esant aukštesnei nei 60 C aplinkos temp...

Page 1015: ...e otwieraj urządzenia Ze względów bezpieczeństwa urządzenie powinno być otwierane wyłącznie przez wykwalifikowany personel Urządzenie musi być wyłączone w miejscach w których trwają prace wybuchowe w atmosferze wybuchowej lub w pobliżu sprzętu medycznego lub podtrzymującego życie Nie włączaj urządzenia w żadnym samolocie Praca tego sprzętu w środowisku mieszkalnym może powodować zakłócenia radiowe...

Page 1016: ...er feita pelo usuário Nunca abra o equipamento Por razões de segurança o equipamento deve ser aberto apenas por pessoal qualificado A unidade deve ser desligada onde houver detonações em andamento onde houver presença de atmosferas explosivas ou próximo a equipamentos médicos ou de suporte à vida Não ligue a unidade em nenhuma aeronave A operação deste equipamento em um ambiente residencial pode c...

Page 1017: ...ateľom Nikdy neotvárajte zariadenie Z bezpečnostných dôvodov by malo zariadenie otvárať iba kvalifikovaný personál Jednotka musí byť vypnutá tam kde prebiehajú trhacie práce kde je prítomné výbušné prostredie alebo v blízkosti lekárskych prístrojov alebo zariadení na podporu života Jednotku nezapínajte v žiadnom lietadle Prevádzka tohto zariadenia v obytnom prostredí by mohla spôsobiť rádiové ruše...

Page 1018: ...ih lahko uporabljal uporabnik Nikoli ne odpirajte opreme Iz varnostnih razlogov naj opremo odpira samo usposobljeno osebje Enoto je treba izklopiti tam kjer poteka razstreljevanje kjer so prisotne eksplozivne atmosfere ali v bližini medicinske opreme ali opreme za vzdrževanje življenja Enote ne vklopite v nobenem letalu Delovanje te opreme v stanovanjskem okolju lahko povzroči radijske motnje Pri ...

Page 1019: ... que pueda reparar el usuario Nunca abra el equipo Por razones de seguridad el equipo debe ser abierto únicamente por personal calificado La unidad debe estar apagada donde se estén realizando explosiones cuando haya atmósferas explosivas o cerca de equipos médicos o de soporte vital No encienda la unidad en ningún avión El funcionamiento de este equipo en un entorno residencial puede provocar int...

Page 1020: ...able parts inside the product Contact your Digi representative for repair information Certification category Standards Electromagnetic Compatibility EMC compliance standards n EN 300 328 v1 8 1 n EN 301 893 v1 7 2 n EN 301 489 n FCC Part 15 Subpart B Class B n FCC Part 15 Subpart C certification Integrated Wi Fi Cellular Modules Safety compliance standards EN 62368 E UTRA CA E UTRA FDD E UTRA TDD ...

Page 1021: ... web interface 1023 Display help for commands and parameters 1024 Auto complete commands and parameters 1026 Available commands 1028 Use the scp command 1029 Display status and statistics using the show command 1030 Device configuration using the command line interface 1032 Execute configuration commands at the root Admin CLI prompt 1032 Configuration mode 1034 Command line reference 1056 TX54 Use...

Page 1022: ... the web administration service n SSH Configure SSH access n Telnet Configure telnet access Log in to the command line interface Command line 1 Connect to the TX54 device by using a serial connection SSH or telnet or the Terminal in the WebUI or the Console in the Digi Remote Manager See Access the command line interface for more information n For serial connections the default configuration is l ...

Page 1023: ...ace Exit the command line interface Command line 1 At the command prompt type exit exit 2 Depending on the device configuration you may be presented with another menu for example Access selection menu a Admin CLI s Shell q Quit Select access or quit admin Type q or quit to exit Execute a command from the web interface 1 Log into the TX54 WebUI as a user with Admin access 2 At the main menu click T...

Page 1024: ... start of line Ctrl E Move cursor to end of line Ctrl W Delete word under cursor until start of line or Ctrl R If the current input is invalid then characters will be deleted until a prefix for a valid command is found Ctrl left Jump cursor left until start of line or Ctrl right Jump cursor right until start of line or The question mark command When executed from the root command prompt displays a...

Page 1025: ...atistics location Show loction information log Show syslog manufacture Show manufacturer information modbus gateway Show modbus gateway status statistics modem Show modem statistics network Show network interface statistics ntp Show NTP information openvpn Show OpenVPN statistics route Show IP routing information scripts Show scheduled scripts serial Show serial statistics surelink Show Surelink s...

Page 1026: ...splays an abbreviated list of available commands space config exit cp help ls mkdir modem more mv ping reboot rm scp show system traceroute update Similar behavior is available with any command name config network interface space defaultip defaultlinklocal lan1 loopback wan1 wwan1 wwan2 config network interface Auto complete commands and parameters When entering a command and parameter press the T...

Page 1027: ...letes the parameter as interface l system b Tab auto completes the parameter as backup n Parameter values where the value is one of an enumeration or an on off type for example config serial port1 enable t Tab auto completes to config serial port1 enable true Auto complete does not function for n Parameter values that are string types n Integer values n File names n Select parameters passed to com...

Page 1028: ... for information about the help command ls Lists the contents of a directory mkdir Creates a directory modem Executes modem commands more Displays the contents of a file mv Moves a file or directory ping Pings a remote host using Internet Control Message Protocol ICMP Echo Request messages reboot Reboots the TX54 device rm Removes a file scp Uses the secure copy protocol SCP to transfer files betw...

Page 1029: ... to a remote host from the TX54 device o The path and filename of the file on the TX54 device that will be copied to the remote host o The location on the remote host where the file will be copied Copy a file from a remote host to the TX54 device To copy a file from a remote host to the TX54 device use the scp command as follows scp host hostname or ip user username remote remote path local local ...

Page 1030: ...t report 0040D0133536 22 03 03 10 16 23 bin Support report saved 2 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var log support report 00 40 D0 13 35 36 22 03 03 10 16 23 bin to remote admin 192 168 4 1 s password adminpwd support report 0040D0133536 22 03 03 10 16 23 bin Display status and statistics using the show comman...

Page 1031: ... Alt Firmware Version 22 2 9 85 Alt Firmware Build Date Thurs 03 March 2022 10 16 23 Bootloader Version 19 7 23 0 15f936e0ed Current Time Thurs 03 March 2022 10 16 23 0000 CPU 1 4 Uptime 6 days 6 hours 21 minutes 57 seconds 541317s Temperature 40C show network The show network command displays status and statistics for network interfaces show network Interface Proto Status Address defaultip IPv4 u...

Page 1032: ... this way changes to the device s configuration are automatically saved when the command is executed For example to disable the SSH service from the root prompt enter the following command config service ssh enable false The TX54 device s ssh service is now disabled Note When the config command is executed at the root prompt certain configuration actions that are available in configuration mode ca...

Page 1033: ...y help for the config service command config service Services Additional Configuration dns DNS mdns Service Discovery mDNS multicast Multicast ntp NTP remote_control Remote control snmp SNMP ssh SSH telnet Telnet web_admin Web administration config service 3 Next display help for the config service ssh command config service ssh SSH An SSH server for managing the device Parameters Current Value en...

Page 1034: ...and without any parameters config config When the command line is in configuration mode the prompt will change to include config to indicate that you are currently in configuration mode Enter configuration commands in configuration mode There are two ways to enter configuration commands while in configuration mode n Enter the full command string from the config prompt For example to disable the ss...

Page 1035: ...iguration mode To return to configuration mode type config again Exit configuration mode without saving changes You can discard any unsaved configuration changes and exit configuration mode by using the cancel command config cancel After using cancel to discard unsaved changes to the configuration you will automatically exit configuration mode Configuration actions In configuration mode configurat...

Page 1036: ...splay command line help in configuration mode Display additional configuration commands as well as available parameters and values by entering the question mark character at the config prompt For example 1 Enter at the config prompt config This will display the following help information config Additional Configuration application Custom scripts auth Authentication cloud Central management firewal...

Page 1037: ...NS mdns Service Discovery mDNS multicast Multicast ntp NTP remote_control Remote control snmp SNMP ssh SSH telnet Telnet web_admin Web administration config service 3 Next to display help for the service ssh command use one of the following methods n At the config prompt enter service ssh config service ssh n At the config prompt a Enter service to move to the service node config service config se...

Page 1038: ...mation for the enable parameter use one of the following methods n At the config prompt enter service ssh enable config service ssh enable n At the config prompt a Enter service to move to the service node config service config service b Enter ssh to move to the ssh node config service ssh config service ssh c Enter enable to display help for the enable parameter config service ssh enable config s...

Page 1039: ...to the acl node config service ssh acl config service ssh acl 4 Type zone to move to the zone node config service ssh acl zone config service ssh acl zone You can also enter multiple nodes at once to move multiple steps in the configuration config service ssh acl zone config service ssh acl zone n Move backward one node in the configuration by entering two periods config service ssh acl zone confi...

Page 1040: ...ing of the list use the index number 0 config add auth method 0 tacacs config show auth method 0 tacacs 1 local config n To add the TACACS authentication method to the end of the list use the end keyword config add auth method end tacacs config show auth method 0 local 1 tacacs config The end keyword As demonstrated above the end keyword is used to add an element to the end of a list Additionally ...

Page 1041: ...el index_number command For example a To delete the local authentication method use the index number 0 config del auth method 0 config b Use the show command to verify that the local authentication method was removed config show auth method 0 tacacs 1 radius config Move elements within a list Use the move command to reorder elements in a list For example to reorder the authentication methods 1 Use...

Page 1042: ...ation not only unsaved changes Revert all configuration changes to default settings To discard all configuration changes and revert to default settings use the revert command at the config prompt without the optional path parameter 1 At the config prompt enter revert config revert config 2 Set the password for the admin user prior to saving the changes config auth user admin password pwd config 3 ...

Page 1043: ...ter For example 1 Change to the auth method node config auth method config auth method 2 Enter the revert command config auth method revert config auth method 3 Save the configuration and apply the change config auth method save Configuration saved 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect fro...

Page 1044: ...uthentication groups 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt create a new user with the username user1 n Method one Create a user at the root o...

Page 1045: ...o portals serial enable false no ports shell enable false serial acl admin enable true nagios enable false openvpn enable false no tunnels portal enable false no portals serial enable true ports 0 port1 shell enable false config auth user user1 6 Add the user to the admin group config auth user user1 add group end admin config auth user user1 7 Save the configuration and apply the change config au...

Page 1046: ...lar models only LAN1 is configured to use the LAN1 bridge Its default IP address is 192 168 2 1 and it has its DHCP server enabled The default configuration of the LAN1 bridge consists of the following devices n ETH2 n ETH3 n ETH4 n WWAN cellular modem for single Wi Fi models or WWAN2 cellular modem for dual Wi Fi models n WWAN2 cellular modem dual Wi Fi models only In this example we will use the...

Page 1047: ...s a single WiFi model 1 Log into the TX54 command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Display a list of devices currently configured for the LAN1 bridge n Method one Enter the full command...

Page 1048: ...xample configuration can also be performed by moving within the configuration to the appropriate location method two above 4 Remove devices from the LAN1 bridge that will be used by other interfaces in this configuration a If your device is a dual WiFi model remove the Digi AP Wi Fi2 access point network wireless ap digi_ap2 from the bridge using its index number 4 as determined above with the sho...

Page 1049: ...etwork wireless ap digi_ap2 config network bridge LAN2 b Add the ETH3 device to the bridge config network bridge LAN2 add device end network device eth3 config network bridge LAN2 c If your device is a dual WiFi model add the Digi AP Wi Fi2 access point to the bridge config network bridge LAN2 add device end network wireless ap digi_ap2 config network bridge LAN2 d Use the show command again to ve...

Page 1050: ...interface named LAN2 config add network interface LAN2 config network interface LAN2 4 Configure the device for the LAN2 interface a Enter device to view available devices and the proper syntax config network interface LAN2 device Device The network device used by this network interface Format network device eth1 network device eth2 network device eth3 network device eth4 network device loopback n...

Page 1051: ...Wi Fi1 access point config network wifi ap digi_ap1 enable true config c Set the SSID for the Digi AP Wi Fi1 access point config network wifi ap digi_ap1 ssid Example1 config d Set the password for the Digi AP Wi Fi1 access point config network wifi ap digi_ap1 encryption key_psk2 password1 config e Enable the Digi AP Wi Fi2 access point config network wifi ap digi_ap2 enable true config f Set the...

Page 1052: ...nterface WAN2 config network interface WAN2 4 Enter device to view available devices and the proper syntax config network interface WAN2 device Device The network device used by this network interface Format network device eth1 network device eth2 network device eth3 network device eth4 network device loopback network bridge LAN2 network bridge lan1 network wireless ap digi_ap1 network wireless ap...

Page 1053: ... network interface WAN2 ipv4 type Type The method for configuring IPv4 on this interface Format dhcp static Default value static Current value static config network interface WAN2 ipv4 type c Set the IPv4 type to dhcp config network interface WAN2 ipv4 type dhcp config network interface WAN2 8 Configure the IPv4 WAN priority Because the TX54 device now has two WANs we need to determine which WAN w...

Page 1054: ...onfiguration and apply the change config network bridge bridge2 save Configuration saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Task four Verify the new configuration The final step in this example is to verify the new configuration 1 Connect an Ethernet cable from an inter...

Page 1055: ...ions correctly between WAN1 and WAN2 i Disconnect the WAN1 Ethernet cable from the WAN ETH1 Ethernet port and verify that devices connected to the TX54 have internet access through WAN2 ii Reconnect the WAN1 Ethernet cable to the WAN ETH1 Ethernet port and verify that devices connected to the TX54 have internet access through WAN1 d Verify that failover functions correctly if both WAN1 and WAN2 ar...

Page 1056: ...irmware ota list 1063 modem firmware ota update 1063 modem firmware update 1063 modem pin change 1064 modem pin disable 1064 modem pin enable 1064 modem pin status 1065 modem pin unlock 1065 modem puk status 1065 modem puk unlock 1065 modem reset 1066 modem scan 1066 modem sim slot 1066 monitoring 1066 monitoring metrics upload 1067 more 1067 mv 1067 ping 1067 reboot 1069 rm 1070 scp 1071 show ana...

Page 1057: ...t 1080 show wifi scanner candidates 1080 show wifi scanner log 1080 speedtest 1080 ssh 1081 system backup 1081 system disable cryptography 1081 system duplicate firmware 1081 system factory erase 1082 system find me 1082 system firmware ota check 1082 system firmware ota list 1082 system firmware ota update 1083 system firmware update 1083 system power ignition off_delay 1083 system restore 1083 s...

Page 1058: ...ilename to save captured traffic to The file will be saved to the device s etc config analyzer directory analyzer start Start a capture session of packets on this devices interfaces Syntax analyzer start name Parameters name Name of the capture filter to use analyzer stop Stops the traffic capture session Syntax analyzer stop name Parameters name Name of the capture filter to use clear dhcp lease ...

Page 1059: ...Syntax container create path Parameters path Filepath for container image to be created container delete Delete a LXC container This will remove the LXC container configuration and the container image Syntax container delete container Parameters container Filepath for container image to be created This process creates a copy of the image so the orginal image may be deleted after creating the conta...

Page 1060: ...Command line interface Command line reference TX54 User Guide 1060 help Show CLI editing and navigation commands Syntax help Parameters None ...

Page 1061: ... Command line reference TX54 User Guide 1061 ls List a directory Syntax ls path show hidden Parameters path List files and directories under this path show hidden Show hidden files and directories Hidden filenames begin with ...

Page 1062: ...CLI command on modem at interactive Start an AT command session on the modem s AT serial port Syntax modem at interactive name STRING imei STRING Parameters name The configured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem firmware check Inspect opt MODEM_MODEL Custom_Firmware directory for new modem firmware file Syntax modem firm...

Page 1063: ...versions Syntax modem firmware ota list name STRING imei STRING Parameters name The configured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem firmware ota update Perform FOTA firmware over the air update The modem will be updated to the latest modem firmware image unless a specific firmware version is specified Syntax modem firmware...

Page 1064: ...ured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem pin disable Disable the PIN lock on the SIM card that is active in the modem Warning Attempting to use an incorrect PIN code may PUK lock the SIM Syntax modem pin disable pin name STRING imei STRING Parameters pin The SIM s PIN code name The configured name of the modem to execute ...

Page 1065: ...th a PIN code Set the PIN field in the modem interface s configuration to unlock the SIM card automatically before use Warning Attempting to use an incorrect PIN code may PUK lock the SIM Syntax modem pin unlock pin name STRING imei STRING Parameters pin The SIM s PIN code name The configured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on...

Page 1066: ...execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem scan List of carriers present in the network Syntax modem scan name STRING imei STRING Parameters name The configured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem sim slot Show or change the modem s active SIM slot This applies only to mode...

Page 1067: ...rrent device health metrics Functions as if a scheduled upload was triggered Syntax monitoring metrics upload Parameters None more View a file Syntax more path Parameters path The file to view mv Move a file or directory Syntax mv source destination force Parameters source The source file or directory to move destination The destination path to move the source file or directory to force Do not ask...

Page 1068: ... reachable over a default route If not specified the system s primary default route will be used source The ping command will send a packet with the source address set to the IP address of this interface rather than the address of the interface the packet is sent from ipv6 If a hostname is defined as the value of the host parameter use the hosts IPV6 address size The number of bytes sent in the IC...

Page 1069: ...Command line interface Command line reference TX54 User Guide 1069 reboot Reboot the system Parameters None ...

Page 1070: ...Command line interface Command line reference TX54 User Guide 1070 rm Remove a file or directory Syntax rm path force Parameters path The path to remove force Force the file to be removed without asking ...

Page 1071: ...e host or from the remote host to the local device port The SSH port to use to connect to the remote host Minimum 1 Maximum 65535 Default 22 show analyzer Show packets from a specified analyzer capture Syntax show analyzer name Parameters name Name of the capture filter to use show arp Show ARP tables If no IP version is specified IPv4 IPV6 will be displayed Syntax show arp ipv4 ipv6 verbose Param...

Page 1072: ...I session although individual output lines maybe context sensitive and unable to be entered in isolation show containers Show container status statistics Syntax show containers container STRING Parameters container Display more details and config data for a specific container show dhcp lease Show DHCP leases Syntax show dhcp lease all verbose Parameters all Show all leases active and inactive not ...

Page 1073: ...ss of a specific client to limit the status display to only this client show ipsec Show IPsec status statistics Syntax show ipsec tunnel STRING all verbose Parameters tunnel Display more details and config data for a specific IPsec tunnel all Display all tunnels including disabled tunnels verbose Display status of one or all tunnels in plain text show l2tp lac Show L2TP access concentrator status ...

Page 1074: ...rmation show log Show system log low level Syntax show log number INTEGER filter critical warning debug info Parameters number Number of lines to retrieve from log Minimum 1 Default 20 filter Filters for type of log message displayed critical warning info debug Note filters from the number of messages retrieved not the whole log this can be very time consuming If you require more messages of the f...

Page 1075: ... modem to execute this CLI command on verbose Display more information less concise more detail show nemo Show NEMO status and statistics Syntax show nemo name STRING Parameters name Display more details and configuration data for a specific NEMO instance show network Show network interface status statistics Syntax show network interface STRING all verbose Parameters interface Display more details...

Page 1076: ...disabled clients show openvpn server Show OpenVPN server status statistics Syntax show openvpn server name STRING all Parameters name Display more details and config data for a specific OpenVPN server all Display all servers including disabled servers show route Show IP routing information Syntax show route ipv4 ipv6 verbose Parameters ipv4 Display IPv4 routes ipv6 Display IPv6 routes verbose Disp...

Page 1077: ...surelink interface name STRING all Parameters name The name of a specific network interface all Show all network interfaces show surelink ipsec Show SureLink status statistics for IPsec tunnels Syntax show surelink ipsec tunnel STRING all Parameters tunnel The name of a specific IPsec tunnel all Show all IPsec tunnels show surelink openvpn Show SureLink status statistics for OpenVPN clients Syntax...

Page 1078: ...w version Show firmware version Syntax show version verbose Parameters verbose Display more information build date show vrrp Show VRRP status statistics Syntax show vrrp name STRING all verbose Parameters name Display more details and config data for a specific VRRP instance all Display all VRRP instances including disabled instances verbose Display all VRRP status and statistics including disable...

Page 1079: ... mode connections Syntax show wifi client name STRING all Parameters name Display more details for a specific Wi Fi client mode connection all Display all Wi Fi clients including disabled Wi Fi client mode connections show wifi scanner Show Wi Fi scanner information wifi scanner blocklist Show transmitters that have been evaluated as static and not included in the output log Parameters None wifi s...

Page 1080: ...anner log Show output log for the last update interval Syntax show wifi scanner log Parameters None speedtest Perform a speed test to a remote host using nuttcp or iPerf The system s primary default route will be used The speed test will take approximately 30 seconds to complete Syntax speedtest host size INTEGER mode nuttcp iperf output text json Parameters host The name or address of the remote ...

Page 1081: ...ive path STRING passphrase STRING remove custom defaults Parameters type The type of backup file to create Archives are full backups including generated SSH keys and dynamic DHCP lease information CLI configuration backups are a list of CLI commands used to build the device s configuration Default archive path The file path to save the backup to Default var log passphrase Encrypt the archive with ...

Page 1082: ...ameters None system find me Find Me function to flash LEDs on this device to help users locate the unit Syntax system find me state Parameters state Find Me control to flash cellular related LEDs system firmware ota check Query the Digi firmware server for the latest device firmware version Syntax system firmware ota check Parameters None system firmware ota list Query the Digi firmware server for...

Page 1083: ...firmware update file Parameters file Firmware filename and path system power ignition off_delay Update the current ignition off delay without changing the configuration Syntax system power ignition off_delay off_delay Parameters off_delay Ignition power off delay Format number h m s Max 18h Minimum 0s Maximum 18h system restore Restore the device s configuration from a backup archive or CLI comman...

Page 1084: ...tax system script stop script Parameters script Script to stop system serial clear Clears the serial log Syntax system serial clear port Parameters port Serial port system serial save Saves the current serial log to a file Syntax system serial save port filename Parameters port Serial port filename The filename to save the serial log The file will be saved to the device s etc config serial directo...

Page 1085: ...erial port system support report Save a support report to a file and include with support requests Syntax system support report path STRING Parameters path The file path to save the support report to Default var log system time set Set the local date and time using the timezone set in the system time timezone config setting Syntax system time set datetime Parameters datetime The date in year month...

Page 1086: ... host Syntax traceroute host ipv6 gateway STRING interface STRING first_ttl INTEGER max_ttl INTEGER port INTEGER nqueries INTEGER src_addr STRING tos INTEGER waittime INTEGER pausemsecs INTEGER packetlen INTEGER debug dontfragment icmp nomap bypass Parameters host The host that we wish to trace the route packets for ipv6 If a hostname is defined as the value of the host parameter use the hosts IPV...

Page 1087: ...e of Service ToS and Precedence value Useful values are 16 low delay and 8 high throughput Note that in order to use some TOS precedence values you have to be super user For IPv6 set the Traffic Control value A value of 1 specifies that no value will be used Minimum 1 Default 1 waittime Determines how long to wait for a response to a probe Minimum 1 Default 5 pausemsecs Minimal time interval betwe...

Reviews:

No comments

Related manuals for TX54

Brand: D-Link Pages: 2

Brand: NEC Pages: 8

ZyXEL EES-1024AF

Brand: ZyXEL Communications Pages: 99

Brand: Winext Pages: 37

Brand: TP-Link Pages: 2

Brand: US Robotics Pages: 36

Brand: H3C Pages: 12

Brand: ZyXEL Communications Pages: 116

Brand: H3C Pages: 9

SW-UNM-24FE2GC-24POE

Brand: Morrell Pages: 8

Sinus 154 data II

Brand: T-COM Pages: 12

Brand: US Robotics Pages: 180

Brand: Modecom Pages: 16

Brand: Valcom Pages: 4

Brand: Edge-Core Pages: 64

Brand: LevelOne Pages: 83

Brand: Paradyne Pages: 6

EdgePoint EP-R8

Brand: Ubiquiti Pages: 22

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands