Digi Connect EZ Mini Скачать руководство пользователя страница 176

Страница: 176 / 659

Page 176

Digi Connect EZ Mini Скачать руководство пользователя страница 176

Virtual Private Networks (VPN)

OpenVPN

Digi Connect EZ Mini User Guide

176

5. For

Device type

, select the mode used by the OpenVPN server, either:

TUN (OpenVPN managed)

TAP - OpenVPN managed

TAP - Device only

See

OpenVPN

for information about OpenVPN server modes.

6. If

TUN (OpenVPN managed)

TAP - OpenVPN managed

is selected for

Device type

a. For

Zone

, select the firewall zone for the OpenVPN server. For TUN device types, this

should be set to

Internal

to treat clients as LAN devices.

b. (Optional) Select the

Metric

for the OpenVPN server. If multiple active routes match a

destination, the route with the lowest metric will be used. The default setting is

c. For

Address

, type the IP address and subnet mask of the OpenVPN server.

d. (Optional) For

First IP address

and

Last IP address

, set the range of IP addresses that the

OpenVPN server will use when providing IP addresses to clients. The default is from

7. (Optional) Set the

VPN port

that the OpenVPN server will use. The default is

1194

8. For

Server managed certificates

, determine the method of certificate management. If

enabled, the server will manage certificates. If not enabled, certificates must be created
externally and added to the server.

9. If

Server managed certificates

is not enabled:

a. Select the

Authentication

type:

Certificate only

: Uses only certificates for client authentication. Each client

requires a public and private key.

Username/password only

: Uses a username and password for client

authentication. You must create an OpenVPN authentication group and user. See

Configure an OpenVPN Authentication Group and User

for instructions.

Certificate and username/password

: Uses both certificates and a username and

password for client authentication. Each client requires a public and private key,
and you must create an OpenVPN authentication group and user. See

Configure an

OpenVPN Authentication Group and User

for instructions.

b. Paste the contents of the

CA certificate

(usually in a ca.crt file), the

Public key

(for

example, server.crt), the

Private key

(for example, server.key), and the

Diffie Hellman

key

(usually in dh2048.pem) into their respective fields. The contents will be hidden when

the configuration is saved.

10. (Optional) Click to expand

Access control list

to restrict access to the OpenVPN server:

To limit access to specified IPv4 addresses and networks:

a. Click

IPv4 Addresses

b. For

Add Address

, click



c. For

Address

, enter the IPv4 address or network that can access the device's

service-type. Allowed values are:

A single IP address or host name.

A network designation in CIDR notation, for example, 192.168.1.0/24.

any

: No limit to IPv4 addresses that can access the service-type.

Содержание Connect EZ Mini

Страница 1: ...Connect EZ Mini User Guide Firmware version 22 2...

Страница 2: ...fault URL for the device s Remote Manager connection is now edp12 devicecloud com This URL is required to utilize the client side certificate support n New Socket ID string option to send the configur...

Страница 3: ...rademarks or registered trademarks in the United States and other countries worldwide All other trademarks mentioned in this document are the property of their respective owners 2022 Digi Internationa...

Страница 4: ...chnical support Digi offers multiple technical support plans and service packages Contact us at 1 952 912 3444 or visit us at www digi com support Feedback To provide feedback on this document email y...

Страница 5: ...EZ 21 Step 7 Connect to Digi Remote Manager 22 Connect equipment to the Connect EZ serial port Serial Status page 23 Serial connector pinout Connect EZ Mini 23 Serial Status page 24 Hardware Top panel...

Страница 6: ...line interface 48 Interfaces Wide Area Networks WANs 49 Wide Area Networks WANs 50 Configure WAN priority and default route metrics 50 Configure SureLink active recovery to detect WAN failures 52 Con...

Страница 7: ...ation 124 Configure an IPsec tunnel 124 Configure IPsec failover 150 Configure SureLink active recovery for IPsec 153 Show IPsec status and statistics 160 Debug an IPsec configuration 161 Configure a...

Страница 8: ...system time 331 Manually set the system date and time 334 Network Time Protocol 335 Configure the device as an NTP server 335 Show status and statistics of the NTP server 340 Configure a multicast rou...

Страница 9: ...Access Control System Plus TACACS 437 TACACS user configuration 438 TACACS server failover and fallback to local authentication 439 Configure your Connect EZ device to use a TACACS server 439 Remote...

Страница 10: ...hanges 520 Save configuration to a file 521 Restore the device configuration 522 Schedule system maintenance tasks 525 Disable device encryption 529 Re enable cryptography after it has been disabled 5...

Страница 11: ...le filters for capturing data traffic 598 Capture packets from the command line 599 Stop capturing packets 600 Show captured traffic data 600 Save captured data traffic to a file 602 Download captured...

Страница 12: ...dmin CLI prompt 621 Display help for the config command from the root Admin CLI prompt 621 Configuration mode 623 Enable configuration mode 623 Enter configuration commands in configuration mode 623 S...

Страница 13: ...ow surelink ipsec 651 show surelink openvpn 651 show system 651 show usb 651 show version 652 show vrrp 652 show web filter 652 speedtest 652 ssh 653 system backup 653 system disable cryptography 653...

Страница 14: ...Digi Connect EZ Mini User Guide 14 system time test 658 telnet 658 traceroute 658...

Страница 15: ...tions Digi Connect EZ Mini The Digi Connect EZ Mini has 1 serial port and is specifically designed to make it simple to implement and support machine to machine automation applications to allow enterp...

Страница 16: ...e Manager Optional n Change the password on the Connect EZ n Mount the Connect EZ n Connect equipment to the Connect EZ serial port Administrators only n Additional configuration to the device can be...

Страница 17: ...nd two screws that meet these requirements n M4 in diameter n 5 mm in length n Countersunk n Phillips 2 n Black Steel Loose label A loose label sticker that includes information about the device is in...

Страница 18: ...cover the IP address for the Connect EZ Make sure you have the device powered and connected the device to your network or computer with an Ethernet cable See Connect to and access the Digi Navigator N...

Страница 19: ...your network or computer 2 Download and install the Digi Navigator 3 Launch the Digi Navigator 4 Select the device you want to configure using one of the following methods n Specify a device Expand th...

Страница 20: ...the COM ports on your computer that are configured for RealPort from within the Digi Navigator a Launch the Digi Navigator if it is not currently open A list of Connect EZ devices that have RealPort e...

Страница 21: ...Description Network activity Summarizes network statistics the total number of bytes sent and received over all configured bridges and Ethernet devices Digi Remote Manager Displays the device connect...

Страница 22: ...ware updates and security notices From Remoter Manager you can also easily update firmware ensure consistent configuration across a large group of devices and manage and monitor cellular connectivity...

Страница 23: ...rt is enabled by default The network devices connected to the serial port may be accessed using RealPort Digi Remote Manager the local web user interface TCP telnet or SSH connections TCP telnet and S...

Страница 24: ...ge 1 Click the link to connect to the port in the terminal page 2 In the terminal screen enter b to display additional commands See Access the terminal screen from the web UI for more information abou...

Страница 25: ...Mini User Guide 25 Item Description TX RX Bytes Displays the total number of bytes that have been transmitted and received Signals Indicates the types of communication that the device is ready to sen...

Страница 26: ...is being supplied to the device n Flashing green The Find Me feature has been activated 3 Serial port LED Use the serial port to connect to devices and equipment to the Connect EZ See Connect equipme...

Страница 27: ...able 5 Ethernet port Indicates connection to Ethernet WAN network The LED lights up when an Ethernet cable is attached n Left yellow There is activity on the port n Right green The port is in use Bott...

Страница 28: ...e Use round head M4 size screws The type and length are dependent on the mounting surface type Screws are not provided If you choose not to mount the device you can permanently remove the mounting tab...

Страница 29: ...nu click System Device Configuration The Configuration window appears 3 Click Authentication Users Admin 4 For Password enter the new password The password must be at least eight characters long and m...

Страница 30: ...thread screw n 12 mm in length The length should clear the mounting tab thickness and leave at least 1 cm of screw shank to bite into the mounting material Attach to DIN rail with clip The DIN rail cl...

Страница 31: ...re version remains the same 1 Make sure that the Connect EZ has been powered on for at least 30 seconds 2 Locate the Erase button on the back of the device 3 Using a pinhole tool press and briefly hol...

Страница 32: ...n n Password The unique password printed on the device label c Type a to enter the Admin CLI d Type show network to show all devices currently connected to the network e Scroll down until you discover...

Страница 33: ...Subnet mask and Default gateway You will need this information to complete the final step of the process 5 Configure with the following details n IP address for PC 192 168 210 2 n Subnet 255 255 255 0...

Страница 34: ...ludes information about the device is included in the box You should retain this label sticker with your hardware records Item Description 1 QR code Scan the QR code to display a semicolon separated l...

Страница 35: ...ord will be needed if the device is factory reset and you want to access the web UI on the device 6 MAC address The MAC address for the device 7 Serial number The unique serial number assigned to the...

Страница 36: ...ethods 39 Using Digi Remote Manager 41 Access Digi Remote Manager 41 Using the web interface 41 Use the local REST API to configure the Connect EZ device 42 Access the terminal screen from the web UI...

Страница 37: ...y a list of your devices 3 Locate and select your device as described in Use Digi Remote Manager to view and manage your device 4 Click Configure The following tables list important factory default se...

Страница 38: ...he bottom label of the device and on the loose label included in the package If you erase the device configuration or reset the device to factory defaults the password for the admin user will revert t...

Страница 39: ...ation saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configuration methods Th...

Страница 40: ...face n Command line A robust command line allows you to perform all configuration and management tasks from within a command shell Both the Remote Manager and the local web interface also have the opt...

Страница 41: ...nect EZ local WebUI 1 Use an Ethernet cable to connect the Connect EZ s ETH port to a laptop or PC 2 Open a browser and go to 192 168 2 1 3 Log into the device using a configured user name and passwor...

Страница 42: ...ation information To return device configuration issue the GET method For example using curl curl k u admin https ip address cgi bin config cgi value path X GET where n ip address is the IP address of...

Страница 43: ...dns DNS iperf IPerf location Location mdns Service Discovery mDNS modbus_gateway Modbus Gateway multicast Multicast ntp NTP ping Ping responder snmp SNMP ssh SSH telnet Telnet web_admin Web administr...

Страница 44: ...value parameters curl k u admin https ip address cgi bin config cgi value path path value new_value X POST where n path is the path to the configuration parameter in dot notation for example ssh servi...

Страница 45: ...lt network route static 1 Use the DELETE method to remove items from a list array To remove items from a list array use the DELETE method For example using curl curl k u admin https 192 168 210 1 cgi...

Страница 46: ...Terminal The Terminal screen displays 3 When prompted enter your user name and password 4 Enter the number of the port that you want to access 5 Information about the port you are connected to displa...

Страница 47: ...le To access the command line your device must be configured to allow access and you must log in as a user who has been configured for the appropriate access For further information about configuring...

Страница 48: ...Admin CLI Connecting now Press Tab to autocomplete commands Press for a list of commands and details Type help for details on navigating the CLI Type exit to disconnect from the Admin CLI See Command...

Страница 49: ...xisting WAN and you can create new WANs This section contains the following topics Wide Area Networks WANs 50 Configure WAN priority and default route metrics 50 Configure SureLink active recovery to...

Страница 50: ...lt the Connect EZ device s WAN ETH1 is configured with the lowest metric 1 and is therefor the highest priority WAN By default the Wireless WAN Modem is configured with a metric of 3 which means it ha...

Страница 51: ...WWAN Modem as its highest priority WAN and its Ethernet WAN ETH1 as its secondary WAN Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your dev...

Страница 52: ...detect that the WAN has failed because the connection continues to work while the core problem exists somewhere else in the network Using Digi SureLink you can configure the Connect EZ device to regul...

Страница 53: ...e failed n If the type of probe test is l Ping Configure the number of bytes in the ping packet l Interface status Configure the amount of time that the interface is down before it is considered to ha...

Страница 54: ...est to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this interface Tests connectivity by sending a DNS query to the DNS ser...

Страница 55: ...ured for Success condition determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets e For Attempts type the number of probe attempts...

Страница 56: ...ig network interface my_wan 5 Add a test target config network interface my_wan add ipv4 surelink target end config network interface my_wan ipv4 surelink target 0 6 Set the test type config network i...

Страница 57: ...k interface my_wan ipv4 surelink target 0 interface_down_time value config network interface my_wan ipv4 surelink target 0 where value is any number of weeks days hours minutes or seconds and takes th...

Страница 58: ...connectivity tests config network interface my_wan ipv4 surelink interval value config network interface my_wan ipv4 surelink where value is any number of weeks days hours minutes or seconds and take...

Страница 59: ...device to reboot when a failure is detected Using SureLink you can configure the Connect EZ device to reboot when it has determined that an interface has failed Required configuration items n Enable S...

Страница 60: ...2 Select the Test type n Ping test Tests connectivity by sending an ICMP echo request to the hostname or IP address specified in Ping host You can also optionally change the number of bytes in the Pin...

Страница 61: ...more than one test target is configured for Success condition determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets f For Attempts...

Страница 62: ...ig network interface my_wan 5 Set the device to reboot when the interface is considered to have failed config network interface my_wan ipv4 surelink reboot true config network interface my_wan ipv4 su...

Страница 63: ...is considered to be down based on the interfaces down time and the amount of time an initial connection to the interface takes before this test is considered to have failed l Optional Set the amount...

Страница 64: ...interface my_wan ipv4 surelink reboot enable config network interface my_wan ipv4 surelink Note If both the restart and reboot parameters are enabled the reboot parameter takes precedence d Set the In...

Страница 65: ...onal Repeat this procedure for IPv6 10 Save the configuration and apply the change config network interface my_wan ipv4 surelink save Configuration saved 11 Type exit to exit the Admin CLI Depending o...

Страница 66: ...ay be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Change to the WAN s node in the configura...

Страница 67: ...rface test The SureLink interface test determines if the interface has an IP address assigned to it that the physical link is up and that a route is present to send traffic out of the network interfac...

Страница 68: ...with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Change to WAN s node in the configuration schema For exa...

Страница 69: ...Pv4 configuration n The metric for IPv4 routes associated with the WAN n The relative weight for IPv4 routes associated with the WAN n The IPv4 management priority of the WAN The active interface with...

Страница 70: ...abled by default To disable click Enable 6 For Interface type leave at the default setting of Ethernet 7 For Zone select External 8 For Device select an Ethernet device 9 Configure IPv4 settings a Cli...

Страница 71: ...he prefix to the assigned length Leave blank to use a random identifier f Set the Metric g See Configure WAN priority and default route metrics for further information about metrics h For Weight type...

Страница 72: ...lick c Type the MAC address 13 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your...

Страница 73: ...a Optional IPv4 configuration items i Set the IP metric config network interface my_wan ipv4 metric num config network interface my_wan See Configure WAN priority and default route metrics for furthe...

Страница 74: ...t route metrics for further information about metrics 7 Optional Configure IPv6 settings a Enable IPv6 support config network interface my_wan ipv6 enable true config network interface my_wan b Set th...

Страница 75: ...iguration you may be presented with an Access selection menu Type quit to disconnect from the device Show WAN status and statistics WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2...

Страница 76: ...mation about a specific WAN For example to display information about ETH1 enter show network interface eth1 show network interface eth1 wan1 Interface Status Device eth1 Zone external IPv4 Status up I...

Страница 77: ...ck Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be pr...

Страница 78: ...th1 Interface s DNS servers DNS IPv4 28 seconds Passing eth2 Interface is up IPv4 21 seconds Passing eth2 Interface s DNS servers DNS IPv4 20 seconds Passing modem Interface is up IPv4 115 seconds Pas...

Страница 79: ...e Status test 194 43 79 74 Ping 29 seconds Passed test 194 43 79 75 Ping 5 seconds Passed test1 194 43 79 74 Ping 21 seconds Failed test2 194 43 79 75 Ping 21 seconds Waiting for result 3 Type exit to...

Страница 80: ...est_client1 194 43 79 75 Ping 5 seconds Passed test_client2 194 43 79 74 Ping 21 seconds Failed test_client2 194 43 79 75 Ping 21 seconds Waiting for result 3 Type exit to exit the Admin CLI Depending...

Страница 81: ...k status and statistics Digi Connect EZ Mini User Guide 81 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disc...

Страница 82: ...on Provides access to the serial device from Python applications n RealPort Used in conjunction with the Digi RealPort driver RealPort can also be configured using the Digi Navigator For more informat...

Страница 83: ...using Device Configuration Serial Changes made by using either Device Configuration or Serial Configuration will be reflected in both 3 Click the name of the port that you want to configure The serial...

Страница 84: ...erial port The default is RS 232 8 Expand Serial Settings The entries in the following fields must match the information for the power controller Refer to your power controller manual for the correct...

Страница 85: ...ect When enabled the DTR on pin 1 drives DCD If altpin is disabled the hardware signal on RJ45 pin 1 becomes DSR instead of DCD This alternative can be used if DCD is not required and DSR is needed in...

Страница 86: ...is port config path paramlabel label config 8 Set the baud rate used by the device to which you want to connect config path parambaudrate rate config 9 Set the number of data bits used by the device t...

Страница 87: ...3 Click the name of the port that you want to configure The serial port is enabled by default To disable toggle off Enable 4 For Mode select Remote Access This is the default 5 Enable Altpin to use t...

Страница 88: ...f data bits used by the device to which you want to connect The default is 8 c Parity For Parity select the type of parity used by the device to which you want to connect The default is None d Stop bi...

Страница 89: ...For Escape sequence type the characters used to start an escape sequence If no characters are defined the escape sequence is disabled The default is b c For History size type or select the number of...

Страница 90: ...is not required and DSR is needed instead 6 n rs 232 l Enable rts_toggle if you want to enable RTS toggling during transmission on this serial port If enabled this setting overrides RTS CTS flow contr...

Страница 91: ...bits config 10 Set the type of parity used by the device to which you want to connect config path paramparity parity config Allowed values are n even n odd n none The default is none 11 Set the stop b...

Страница 92: ...monitor settings a Optional Enable monitoring of CTS Clear to Send changes on this port config path parammonitor cts true config b Optional Enable monitoring of DCD Data Carrier Detect changes on this...

Страница 93: ...tect When enabled the DTR on pin 1 drives DCD If altpin is disabled the hardware signal on RJ45 pin 1 becomes DSR instead of DCD This alternative can be used if DCD is not required and DSR is needed i...

Страница 94: ...rt is enabled by default To disable config serial port1 enable false config 4 Set the mode config serial port1 mode application config 5 Enable Altpin to use the Altpin feature Altpin is disabled by d...

Страница 95: ...config l Enable full_duplex if you want to enable full duplex communication on this serial port config serial port1 full_duplex true config The default is rs 232 7 Optional Set a label that will be us...

Страница 96: ...options appears 3 Click the desired RealPort for Windows version The file is downloaded and a Windows Explorer window launches showing the RealPort files 4 When the download is complete open the zip...

Страница 97: ...ort setting You can verify the setting on the device using the web interface on the device a Open browser window b Enter the IP address in the URL address bar to access the web interface c Choose Netw...

Страница 98: ...rier Detect When enabled the DTR on pin 1 drives DCD If altpin is disabled the hardware signal on RJ45 pin 1 becomes DSR instead of DCD This alternative can be used if DCD is not required and DSR is n...

Страница 99: ...ig 3 The serial port is enabled by default To disable config serial port1 enable false config 4 Set the signal mode config serial port1 signal mode value config where value is one of n rs 232 l Enable...

Страница 100: ...rrier Detect When enabled the DTR on pin 1 drives DCD If altpin is disabled the hardware signal on RJ45 pin 1 becomes DSR instead of DCD This alternative can be used if DCD is not required and DSR is...

Страница 101: ...RealPort keepalive packets This is enabled by default 11 Enable TCP Port Keepalive to send TCP keepalive packets This is disabled by default 12 Click Apply to save the configuration and apply the cha...

Страница 102: ...l For RTS Post delay enter the amount of time RTS is deasserted before completing data transmission The time is measured in milliseconds The default is 0ms n RS 422 l Enable Termination if you want t...

Страница 103: ...rial Settings a For Local port enter the UDP port The default is 4001 or serial port 1 4002 for serial port 2 etc b Optional For Socket String ID enter a string that should be added at the beginning o...

Страница 104: ...l port is enabled by default To disable config serial port1 enable false config 4 Set the mode config serial port1 mode udp config 5 Enable Altpin to use the Altpin feature Altpin is disabled by defau...

Страница 105: ...le termination if you want to enable electrical termination on this serial port config serial port1 termination true config l Enable full_duplex if you want to enable full duplex communication on this...

Страница 106: ...size of the packet config serial port1 framing max_count int config The default is 1024 15 Set the length of time the device should wait before sending the packet config serial port1 framing idle_tim...

Страница 107: ...fig serial port1 udp destination 0 iii Set the host name or IP address of the remote site to which data should be sent config serial port1 udp destination 0 hostname hostanme or IP address config seri...

Страница 108: ...DSR instead of DCD This alternative can be used if DCD is not required and DSR is needed instead 6 Optional For Label enter a label that will be used when referring to this port 7 For Signalling sele...

Страница 109: ...which you want to connect The default is 1 e Flow control For Flow control select the type of flow control used by the device to which you want to connect The default is None 1 Set the baud rate used...

Страница 110: ...feature Altpin is disabled by default config serial port1 altpin true config This feature should be enabled when you are using a modem and an 8 pin cable and you need CD Carrier Detect When enabled th...

Страница 111: ...when referring to this port config path paramlabel label config 8 Expand Serial Settings The entries in the following fields must match the information for the power controller Refer to your power co...

Страница 112: ...uration and apply the change config save Configuration saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to d...

Страница 113: ...ndow displays 5 Click Start to start serial port logging 6 Click Stop to stop serial port logging if it has been started 7 Click Refresh to refresh the log display 8 Click Download to download the ser...

Страница 114: ...rom the Digi Navigator You must enable RealPort on the device and then configure your computer for RealPort In this step all serial ports on the device are set to RealPort mode and the RealPort servic...

Страница 115: ...isplays e Determine your final step n Close Click Close to close the message Configuration is complete n Open Device Manager Click Open Device Maanger if you want to do further configuration to the CO...

Страница 116: ...e situations a default IP address is assigned to the device You can specify the filters used to assign an IP address See Discover the IP address when not on a network 4 Expand a device to display the...

Страница 117: ...the web UI for the device and configure the device to use RealPort n Access web UI Click Open to access the web UI for the device n Configure RealPort Click Configure device for Realport and Configure...

Страница 118: ...tions 4 In the Services Filters section click the enable button to enable the services that you want to use to find an IP address 5 Click Filters at the bottom of the expanded toolbar to minimize the...

Страница 119: ...es displays at the bottom of the Digi Navigator application screen Using the available buttons you can refresh the list and easily access the COM port configuration on your computer Refresh Click Refr...

Страница 120: ...es a Enter the user name and password for the Connect EZ in the Username and Password fields b Click Login Filter devices for display in the Digi Navigator You can use the Digi Navigator filters to de...

Страница 121: ...to minimize the toolbar and hide the filters Access Digi Remote Manager from the Digi Navigator You can access Digi Remote Manager from the Digi Navigator Within the Remote Manager you can configure...

Страница 122: ...nect two private networks together so that devices can connect from one network to the other using secure channels This chapter contains the following topics IPsec 123 OpenVPN 173 Generic Routing Enca...

Страница 123: ...modes IPsec can run in two different modes Tunnel and Transport Tunnel The entire IP packet is encrypted and or authenticated and then encapsulated as the payload in a new IP packet Transport Only th...

Страница 124: ...key authentication mode provides additional security by using client authentication credentials in addition to the standard pre shared key The Connect EZ device can be configured to authenticate with...

Страница 125: ...on See Configure SureLink active recovery for IPsec for information about IPsec active recovery Additional configuration items The following additional configuration settings are not typically configu...

Страница 126: ...is renegotiated WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is disp...

Страница 127: ...more than one active route matches a destination the route with the lowest metric is used The metric can also be used in tandem with SureLink to configure IPsec failover behavior See Configure IPsec...

Страница 128: ...tificate Enrollment Protocol client for instructions i For SCEP Client select the SCEP client n X 509 certificate Uses private key and X 509 certificates to authenticate with the remote peer i For Pri...

Страница 129: ...ID_IPV6_ADDR IKE identity For IPv6 ID value type an IPv6 formatted ID This can be a fully qualified domain name or an IPv6 address n RFC822 Email The ID will be interpreted as an RFC822 email address...

Страница 130: ...ed domain name or an IPv4 address n IPv6 The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ ADDR IKE identity For IPv6 ID value type an IPv6 formatted ID This can be a fully qualifi...

Страница 131: ...t one of the following n Any Matches any protocol n TCP Matches TCP protocol only n UDP Matches UDP protocol only n ICMP Matches ICMP requests only n Other protocol Matches an unlisted protocol If Oth...

Страница 132: ...orted by the peer n Never Do not send oversized IKE messages in fragments n Accept Do not send oversized IKE messages in fragments but announce support for fragmentation to the peer The default is Alw...

Страница 133: ...clicking next to Add Phase 2 Proposal 22 Optional Click to expand Dead peer detection Dead peer detection is enabled by default Dead peer detection uses periodic IKE transmissions to the remote endpo...

Страница 134: ...alse config vpn ipsec tunnel ipsec_example 4 Optional Set the tunnel to use UDP encapsulation even when it does not detect that NAT is being used config vpn ipsec tunnel ipsec_example force_udp_encap...

Страница 135: ...more than one active route matches a destination the route with the lowest metric is used The metric can also be used in tandem with SureLink to configure IPsec failover behavior See Configure IPsec...

Страница 136: ...es asymmetric pre shared keys to authenticate with the remote peer a Set the local pre shared key This must be the same as the remote key on the remote host config vpn ipsec tunnel ipsec_example auth...

Страница 137: ...ipsec tunnel ipsec_example d Set the method for verifying the peer s X 509 certificate config vpn ipsec tunnel ipsec_example auth peer_verify value config vpn ipsec tunnel ipsec_example where value is...

Страница 138: ...g the local network interface config vpn ipsec tunnel ipsec_example local type value config vpn ipsec tunnel ipsec_example where value is either n defaultroute Uses the same network interface as the d...

Страница 139: ...be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity Set the key ID config vpn ipsec tunnel ipsec_example local id type keyid_id id config vpn ipsec tunnel ipsec_example n mac_address The...

Страница 140: ...el ipsec_example n any Any ID will be accepted n ipv4 The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity Set an IPv4 formatted ID This can be a fully qualified doma...

Страница 141: ...default the device will initiate the key exchange This must be disabled if remote hostname is set to any To disable config vpn ipsec tunnel ipsec_example ike initiate false config vpn ipsec tunnel ip...

Страница 142: ...value config vpn ipsec tunnel ipsec_example where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set phase2_lifetime to ten minutes en...

Страница 143: ...determine available Diffie Hellman group types config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 dh_group curve25519 curve448 ecp192 ecp224 config vpn ipsec tunnel ipsec_example ike phase1_p...

Страница 144: ...28 aes192 aes256 or null The default is 3des iv Set the type of hash to use during phase 2 to verify communication integrity config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 hash value conf...

Страница 145: ...ccurs a Change to the root of the configuration schema config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 config b To disable dead peer detection config vpn ipsec tunnel ipsec_example dpd ena...

Страница 146: ...ess The address of a local network interface Set the address i Use the to determine available interfaces ii Set the interface For example config vpn ipsec tunnel ipsec_example policy 0 local address e...

Страница 147: ...onfig vpn ipsec tunnel ipsec_example policy 0 local protocol_other int config vpn ipsec tunnel ipsec_example policy 0 Allowed values are an integer between 1 and 255 f Set the IP address and optional...

Страница 148: ...b Use the to determine available options config vpn ipsec advanced Advanced Advanced configuration that applies to all IPsec tunnels Parameters Current Value debug none Debug level ike_fragment_size 1...

Страница 149: ...ser Guide 149 20 Save the configuration and apply the change config save Configuration saved 21 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Acce...

Страница 150: ...ration both tunnels are active simultaneously and there is minimal downtime due to failover l Identify the preferred tunnel during configuration of the backup tunnel In this scenario the backup tunnel...

Страница 151: ...0 1 endpoint WebUI 1 Configure the primary IPsec tunnel See Configure an IPsec tunnel for instructions n During configuration of the IPsec tunnel set the metric to a low value for example 10 n Configu...

Страница 152: ...ric to a value that is higher than the metric of the primary tunnel for example 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel metric 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel IPsec f...

Страница 153: ...p tunnel See Configure IPsec failover for further information Required configuration items n A valid IPsec configuration See Configure an IPsec tunnel for configuration instructions n Enable IPsec act...

Страница 154: ...enable to configure the device to restart the interface when its connection is considered to have failed This is useful for interfaces that may regain connectivity after restarting 8 For Reboot devic...

Страница 155: ...Down For example if Expected status is set to Down but the alternate interface is determined to be up then this test will fail n Ping test Tests connectivity by sending an ICMP echo request to the hos...

Страница 156: ...sec tunnel see Configure an IPsec tunnel n To edit an existing IPsec tunnel change to the IPsec tunnel s node in the configuration schema For example for an IPsec tunnel named ipsec_example change to...

Страница 157: ...probe attempts before the WAN is considered to have failed config vpn ipsec tunnel ipsec_example surelink attempts num config vpn ipsec tunnel ipsec_example The default is 3 10 Set the amount of time...

Страница 158: ...0 n dns_configured Tests connectivity by sending a DNS query to the DNS servers configured for this interface n http Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL l...

Страница 159: ...sec tunnel ipsec_example surelink target 0 The default is 60 seconds l other Allows you to test another interface s status to create a failover or coupled relationship between interfaces config vpn ip...

Страница 160: ...menu Type quit to disconnect from the device Show IPsec status and statistics WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the menu select Status IPsec The IPsec page appear...

Страница 161: ...ation about viewing the system log WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configura...

Страница 162: ...uration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to di...

Страница 163: ...me for the SCEP client and click The new SCEP client configuration is displayed 5 Click Enable to enable the SCEP client 6 For Renewable Time type the number of days that the certificate enrollment ca...

Страница 164: ...default of cgi bin pkiclient exe unless directed by the CA to use another path 12 For Password type the challenge password as configured on the SCEP server 13 Click to expand Distinguished Name 14 Typ...

Страница 165: ...me 7 Set the HTTP URL path required for accessing the certificate authority You should leave this option at the default of cgi bin pkiclient exe unless directed by the CA to use another path config ne...

Страница 166: ...determine when to start attempting to auto renew an existing certificate The default is 7 config network scep_client scep_client_name renewable_time integer config network scep_client scep_client_name...

Страница 167: ...ord enter a password The password entered here must correspond to the challenge password configured for the SCEP client on the Connect EZ device d The remaining fields can be left at their defaults or...

Страница 168: ...of days that the certificate enrollment can be renewed prior to the request expiring This value must match the setting of the Allow renewal x days before the certified is expired option on the Fortine...

Страница 169: ...Click to expand Distinguished Name 12 Type the value for each appropriate Distinguished Name attribute The values entered here must correspond to the DN attributes in the Enrollment Request on the For...

Страница 170: ...inet_SCEP_client server url https fortinet example com config network scep_client Fortinet_SCEP_client 6 Set the challenge password as configured on the SCEP server This corresponds to the Default enr...

Страница 171: ...he Allow renewal x days before the certified is expired option on the Fortinet server config network scep_client Fortinet_SCEP_client renewable_time integer config network scep_client Fortinet_SCEP_cl...

Страница 172: ...into the Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2...

Страница 173: ...net from the OpenVPN server and other OpenVPN clients OpenVPN clients use Network Address Translation NAT to route traffic from devices connected on its LAN interfaces to the OpenVPN server The manner...

Страница 174: ...d uses standard interface configuration for example a standard DHCP server configuration l TAP Device only An alternate form of OpenVPN bridging mode in which the device rather than OpenVPN controls t...

Страница 175: ...will provide to clients n The TCP UDP port to use By default the Connect EZ device uses port 1194 n Access control list configuration to restrict access to the OpenVPN server through the firewall n Ad...

Страница 176: ...s is not enabled a Select the Authentication type n Certificate only Uses only certificates for client authentication Each client requires a public and private key n Username password only Uses a user...

Страница 177: ...interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate...

Страница 178: ...ces to the OpenVPN server n TAP OpenVPN managed Also know as bridging mode A more advanced implementation of OpenVPN The Connect EZ device creates an OpenVPN interface and uses standard interface conf...

Страница 179: ...rst address in the range limit config vpn openvpn server name server_first_ip value config vpn openvpn server name where value is a number between 1 and 255 The number entered here will represent the...

Страница 180: ...er See Configure an OpenVPN Authentication Group and User for instructions n cert_passwd Uses both certificates and a username and password for client authentication Each client requires a public and...

Страница 181: ...can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the service type Repeat this step to list ad...

Страница 182: ...rue config vpn openvpn server name c Set the additional OpenVPN parameters config vpn openvpn server name extra parameters config vpn openvpn server name 10 Save the configuration and apply the change...

Страница 183: ...an OpenVPN authentication group a Click Authentication Groups b For Add Group type a name for the group for example OpenVPN_Group and click The new authentication group configuration is displayed c C...

Страница 184: ...a password for the user This password is used for local authentication of the user You can also configure the user to use RADIUS or TACACS authentication by configuring authentication methods See Use...

Страница 185: ...ss rights for users of this group config auth group OpenVPN_Group acl openvpn enable true 5 Add an OpenVPN tunnel to which users of this group will have access a Determine available tunnels config aut...

Страница 186: ...or the OpenVPN client n The login credentials for the OpenVPN client if configured on the OpenVPN server See Configure SureLink active recovery for OpenVPN for information about OpenVPN active recover...

Страница 187: ...PN file paste the content of the client ovpn file 11 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rig...

Страница 188: ...n openvpn client name password value config vpn openvpn client name 7 Paste the content of the client ovpn file into the value of the config_file parameter config vpn openvpn client name config_file v...

Страница 189: ...ials for the OpenVPN client if configured on the OpenVPN server n Additional OpenVPN parameters See Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery WebUI 1...

Страница 190: ...1 For VPN server IP type the IP address of the OpenVPN server 12 Optional Set the VPN port used by the OpenVPN server The default is 1194 13 Paste the contents of the CA certificate usually in a ca cr...

Страница 191: ...type config vpn openvpn client name enable false config vpn openvpn client name 4 The default behavior is to use an OVPN file for client configuration To disable this behavior and configure the client...

Страница 192: ...nvpn client name 10 Optional Set the port used by the OpenVPN server config vpn openvpn client name port port config vpn openvpn client name The default is 1194 11 Paste the contents of the CA certifi...

Страница 193: ...PN client connections to determine if the connection has failed and take remedial action Required configuration items n A valid OpenVPN client configuration See Configure an OpenVPN client by using an...

Страница 194: ...electing the OpenVPN client click Active recovery 6 Enable active recovery 7 For Restart interface enable to configure the device to restart the interface when its connection is considered to have fai...

Страница 195: ...r a particular IP version l For Expected status select whether the expected status of the alternate interface is Up or Down For example if Expected status is set to Down but the alternate interface is...

Страница 196: ...e a new OpenVPN client see Configure an OpenVPN client by using an ovpn file or Configure an OpenVPN client without using an ovpn file n To edit an existing OpenVPN client change to the OpenVPN client...

Страница 197: ...lient1 Where value is either one or all 9 Set the number of probe attempts before the WAN is considered to have failed config vpn openvpn client openvpn_client1 surelink attempts num config vpn openvp...

Страница 198: ...ied DNS server l Specify the DNS server Allowed value is the IP address of the DNS server config vpn openvpn client openvpn_client1 surelink target 0 dns_server ip_address config vpn openvpn client op...

Страница 199: ...nt1 surelink target 0 interface_timeout value config vpn openvpn client openvpn_client1 surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w...

Страница 200: ...he alternate interface is determined to be up then this test will fail 12 Save the configuration and apply the change config vpn openvpn client openvpn_client1 connection_monitor target 0 save Configu...

Страница 201: ...n server name OpenVPN_server1 Server OpenVPN_server1 Enable true Type tun Zone internal IP Address 192 168 30 1 24 Port 1194 Use File true Metric 0 Protocol udp First IP 80 Last IP 99 4 Type exit to e...

Страница 202: ...Status Username Use File Zone OpenVPN_Client1 true connected true internal OpenVPN_Client2 true pending true internal 3 To display details about a specific client show openvpn client name OpenVPN_cli...

Страница 203: ...le the GRE tunnel The GRE tunnels are enabled by default l The local endpoint interface l The IP address of the remote device peer Additional configuration items n A GRE key n Enable the device to res...

Страница 204: ...network interface gre_interface config network interface gre_interface 4 Set the interface zone to internal config network interface gre_interface zone internal config network interface gre_interface...

Страница 205: ...the GRE endpoint on the remote peer 8 Optional For Key enter a key that will be inserted in GRE packets created by this tunnel It must match the key set by the remote endpoint Allowed value is an int...

Страница 206: ...nfig vpn iptunnel gre_example 6 Optional Set a key that will be inserted in GRE packets created by this tunnel The key must match the key set by the remote endpoint config vpn iptunnel gre_example key...

Страница 207: ...To view information about currently configured GRE tunnels WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the menu click Status IP tunnels The IP Tunnelspage appears 3 To view...

Страница 208: ...b Device set to Ethernet Loopback c IPv4 Address set to the IP address of the local GRE tunnel 172 30 0 1 32 3 Create a GRE tunnel named gre_tunnel1 a Local endpoint set to the IPsec endpoint interfa...

Страница 209: ...nnel2 c IPv4 Address set to a virtual IP address on the GRE tunnel 172 31 1 1 30 Configuration procedures Configure the Connect EZ 1 device Task one Create an IPsec tunnel WebUI 1 Log into the Connect...

Страница 210: ...onnect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the com...

Страница 211: ...olicy 0 8 Set the local network address to the IP address and subnet of the local GRE tunnel 172 30 0 1 32 config vpn ipsec tunnel ipsec_gre1 policy 0 local custom 172 30 0 1 32 config vpn ipsec tunne...

Страница 212: ...endpoint interface WebUI 1 Click Network Interface 2 For Add Interface type ipsec_endpoint1 and click 3 For Zone select Internal 4 For Device select Ethernet loopback 5 Click to expand IPv4 6 For Add...

Страница 213: ...network device loopback config network interface ipsec_endpoint1 device network device loopback config network interface ipsec_endpoint1 5 Set the IPv4 address to the IP address of the local GRE tunn...

Страница 214: ...tunnel1 config add vpn iptunnel gre_tunnel1 config vpn iptunnel gre_tunnel1 3 Set the local endpoint to the IPsec endpoint interface created in Task two network interface ipsec_endpoint1 config vpn ip...

Страница 215: ...ce WebUI 1 Click Network Interfaces 2 For Add Interface type gre_interface1 and click 3 For Zone select Internal 4 For Device select the GRE tunnel created in Task three IP tunnel gre_tunnel1 5 Click...

Страница 216: ..._ tunnel1 config network interface gre_interface1 5 Set 172 31 0 1 30 as the virtual IP address on the GRE tunnel config network interface gre_interface1 ipv4 address 172 31 0 1 30 config network inte...

Страница 217: ...ick to expand Remote endpoint 8 For Hostname type public IP address of the Connect EZ 1 device 9 Click to expand Policies 10 For Add Policy click to add a new policy 11 Click to expand Local network 1...

Страница 218: ...e config vpn ipsec tunnel ipsec_gre2 remote hostname 192 168 100 1 config vpn ipsec tunnel ipsec_gre2 6 Add a policy config vpn ipsec tunnel ipsec_gre2 add policy end config vpn ipsec tunnel ipsec_gre...

Страница 219: ...rface type ipsec_endpoint2 and click 3 For Zone select Internal 4 For Device select Ethernet loopback 5 Click to expand IPv4 6 For Address type the IP address of the local GRE tunnel 172 30 0 2 32 7 C...

Страница 220: ...terface ipsec_endpoint2 5 Set the IPv4 address to the IP address of the local GRE tunnel 172 30 0 2 32 config network interface ipsec_endpoint2 ipv4 address 172 30 0 2 32 config network interface ipse...

Страница 221: ...ork interface ipsec_endpoint2 config vpn iptunnel gre_tunnel2 local network interface ipsec_ endpoint2 config vpn iptunnel gre_tunnel2 4 Set the remote endpoint to the IP address of the GRE tunnel on...

Страница 222: ...ange Command line 1 At the command line type config to enter configuration mode config config 2 Add an interface named gre_interface2 config add network interface gre_interface2 config network interfa...

Страница 223: ...L2TP Network Servers LNS Each endpoint terminates the PPP session Required configuration items n For L2TP access concentrators l The hostname or IP address of the L2TP network server l The firewall z...

Страница 224: ...IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the IPv4 address or network that can access the device s service type Allowed values are l A single IP a...

Страница 225: ...the Metric for the tunnel if other than the default of 1 i Select a firewall Zone for the tunnel This is used by packet filtering rules and access control lists to restrict network traffic on the tun...

Страница 226: ...tion Profile PAP to authenticate n If Automatic CHAP or PAP is selected enter the Username and Password required to authenticate n The default is None i Optional Type the Metric for the tunnel if othe...

Страница 227: ...ecified IPv6 addresses and networks config add vpn l2tp acl address6 end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 2001 db...

Страница 228: ...g add vpn l2tp lac name config add vpn l2tp lac name where name is the name of the LAC For example to add an LAC named lac_tunnel config add vpn l2tp lac lac_tunnel config vpn l2tp lac lac_tunnel LACs...

Страница 229: ...the firewall zone for the tunnel This is used by packet filtering rules and access control lists to restrict network traffic on the tunnel i Use the to determine available zones config vpn l2tp lac l...

Страница 230: ...o add an LNS named lns_server config add vpn l2tp lns lns_server config vpn l2tp lns lns_server LACs are enabled by default To disable config vpn l2tp lns lns_server enable false config vpn l2tp lns l...

Страница 231: ...pn l2tp lns lns_server password password config vpn l2tp lns lns_server The default is none f Optional Set the metric for the tunnel config vpn l2tp lns lns_server metric int config vpn l2tp lns lns_s...

Страница 232: ...change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the dev...

Страница 233: ...iguration window is displayed 3 Click VPN PPP over L2TP 4 Create a new PPP over L2TP access concatenator or select an existing one n To create a new L2TP access concatenator see Configure a PPP over L...

Страница 234: ...e n Test another interface s status Allows you to test another interface s status to create a failover or coupled relationship between interfaces If Test another interface s status is selected l For T...

Страница 235: ...configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Acces...

Страница 236: ...tp lac lac_tunnel The default is 15 minutes 8 Determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets config vpn l2tp lac lac_tunnel...

Страница 237: ...k target 0 n dns Tests connectivity by sending a DNS query to the specified DNS server l Specify the DNS server Allowed value is the IP address of the DNS server config vpn l2tp lac lac_tunnel surelin...

Страница 238: ...arget 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interval to ten minutes enter either 10m or 600s config vpn l2tp lac l...

Страница 239: ...etween the two endpoints and then an L2TP tunnel with its LNS and LAC configured the same as the IPsec tunnel s endpoints See Configure an IPsec tunnel for information about configuring an IPsec tunne...

Страница 240: ...access the Admin CLI 2 To display details about all configured L2TP access connectors type the following at the prompt show l2tp lac Name Enabled Status Device lac_test1 true up test_device0 lac_test2...

Страница 241: ...connect from the device L2TPv3 Ethernet Your Connect EZ device supports Layer 2 Tunneling Protocol Version 3 L2TPv3 static unmanaged Ethernet tunnels Configure an L2TPv3 tunnel Your Connect EZ device...

Страница 242: ...the source UDP port to be used for the tunnel b For UDP destination port type the number of the destination UDP port to be used for the tunnel c Optional Click to enable UDP checksum to calculate and...

Страница 243: ...xample to add a tunnel named L2TPv3_example config add vpn l2tpv3 L2TPv3_example config vpn l2tpeth L2TPv3_example The tunnel is enabled by default To disable config vpn l2tpeth L2TPv3_example enable...

Страница 244: ...heck the UDP checksum config vpn l2tpeth L2TPv3_example udp_checksum true config vpn l2tpeth L2TPv3_example 9 Add a session carried by the parent tunnel config vpn l2tpeth L2TPv3_example add session s...

Страница 245: ...pn l2tpeth L2TPv3_example session_example where value is one of n none No sequence numbering n send Add a sequence number to each outgoing packet n recv Reorder packets if they are received out of ord...

Страница 246: ...led Device Status test session test true le_test_test up 3 To display details about a specific tunnel show l2tpeth name vpn l2tpeth test session test test session test Tunnel Session Status Enabled tr...

Страница 247: ...e SSH with key authentication 267 Configure telnet access 269 Configure DNS 273 Simple Network Management Protocol SNMP 280 Location information 286 Modbus gateway 314 System time 331 Network Time Pro...

Страница 248: ...rewall configuration for information on zones n See Set the idle timeout for Connect EZ users for information about setting the inactivity timeout for the web administration and SSH services To allow...

Страница 249: ...administration service config add service web_admin acl zone end external config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Dependi...

Страница 250: ...Services Allow remote access for web administration and SSH Digi Connect EZ Mini User Guide 250 4 For Add Zone click 5 Select External 6 Click Apply to save the configuration and apply the change...

Страница 251: ...EZ device by using the WebUI a browser based interface By default the web administration service is enabled and uses the standard HTTPS port 443 The default access control for the service uses the Int...

Страница 252: ...Web administration 4 Click Enable 5 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on...

Страница 253: ...vice s web administration service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can ac...

Страница 254: ...cate paste the certificate and private key If SSL certificate is blank the device will use an automatically generated self signed certificate n The SSL certificate and private key must be in PEM forma...

Страница 255: ...ss selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure access control n To limit access to specified IPv4 addresse...

Страница 256: ...prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge ext...

Страница 257: ...GJ7gHt rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi dRyRi4vr7EkjGDr0Vb NVT0L5w UzcMeT 71DYvKYm6GpcWx LoKqFTjbMFBIze5pbBfru SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK...

Страница 258: ...JcRihh3AoGAey0BGi4xLqSJESqZZ58p e71JHg4M46rLlrxi 4FXaop64LCxM8kPpROfasJJu5nlPpYHye959BBQnYcAheZZ 0siGswIauBd8BrZMIWf8JBUIC5EGkMiIyNpLJqPbGEImMUXk4Zane cL7e06U8ft BUtOtMefbBDDxpP E iIiuM END PRIVATE KE...

Страница 259: ...enabled by default and normally these settings should not be changed To disable legacy port redirection config service web_admin legacy enable false config 9 Save the configuration and apply the chang...

Страница 260: ...ditional configuration items n Port to use for communications with the SSH service n Multicast DNS mDNS support n A private key to use for communications with the SSH service n Create custom SSH confi...

Страница 261: ...onfiguration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit...

Страница 262: ...EZ device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access...

Страница 263: ...admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure access control n To limit access to specified IPv4 addresses and networks config...

Страница 264: ...the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet...

Страница 265: ...y use the config_file parameter config service ssh custom override true config n If override is set to true entries in Configuration file will be used in place of the standard SSH configuration n If o...

Страница 266: ...ure SSH access Digi Connect EZ Mini User Guide 266 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect f...

Страница 267: ...the user s ssh directory The private and public keys are named id_rsa and id_rsa pub If you need to generate an SSH key pair you can use the ssh keygen application For example the following entry gene...

Страница 268: ...as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config...

Страница 269: ...the idle timeout for Connect EZ users for information about setting the inactivity timeout for the telnet service Enable the telnet service The telnet service is disabled by default To enable the ser...

Страница 270: ...ation click Device Configuration The Configuration window is displayed 3 Click Services telnet 4 Optional For Port enter the port number for the service Normally this should not be changed 5 Click Acc...

Страница 271: ...a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones d Click again to allow access throu...

Страница 272: ...list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the Connect EZ device config add service telnet acl interface end value config Where valu...

Страница 273: ...ice configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure DNS The Connect EZ device includes a caching DNS server which forwards queries to...

Страница 274: ...l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the DNS service d Click again to list additiona...

Страница 275: ...ck Rebind protection 8 Optional Allow localhost rebinding is enabled by default if Rebind protection is enabled This is useful for Real time Black List RBL servers 9 Optional To add additional DNS ser...

Страница 276: ...ple 2001 db8 48 l any No limit to IPv6 addresses that can access the DNS service Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified i...

Страница 277: ...vailable DNS servers Disabling this option may improve performance on networks with transient DNS results when one or more DNS servers may have positive results To disable config service dns query_all...

Страница 278: ...9 Optional Add host names and their IP addresses that the device s DNS server will resolve a Add a host config add service dns host end config service dns host 0 b Set the IP address of the host conf...

Страница 279: ...selection menu Type admin to access the Admin CLI 2 Use the show dns command at the system prompt show dns Interface Label Server Domain eth1 192 168 3 1 eth1 fd00 2704 1 eth1 fe80 227 4ff fe2b ae12...

Страница 280: ...ve SNMP packets you must configure the SNMP access control list to allow the device to receive the packets See Configure Simple Network Management Protocol SNMP Configure Simple Network Management Pro...

Страница 281: ...nterface on the Connect EZ device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional inter...

Страница 282: ...an be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the SNMP service Repeat this step to list...

Страница 283: ...be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external internal ipsec loopback setup config Repeat this step to list additional fi...

Страница 284: ...le read only access to to SNMP version 2c config service snmp enable 2c true config 13 Save the configuration and apply the change config save Configuration saved 14 Type exit to exit the Admin CLI De...

Страница 285: ...ol SNMP Digi Connect EZ Mini User Guide 285 3 On the main menu click Status Under Services click SNMP Note If you have recently enabled SNMP and the SNMP option is not visible refresh your browser The...

Страница 286: ...ither from the Connect EZ device or from external sources to a remote host Additionally the device can be configured to use a geofence to allow you to determine actions that will be taken based on the...

Страница 287: ...e any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Location update interval to ten minutes enter 10m or 600s 6 For information about configurin...

Страница 288: ...at the Connect EZ device will wait before polling location sources for updated location data config service location interval value config where value is any number of hours minutes or seconds and tak...

Страница 289: ...type the altitude of the device Allowed values are an integer followed by m or km for example 100m or 1km 9 The location source is enabled by default Click Enable the location source to disable the l...

Страница 290: ...g on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the device to accept location messages from external sources You can...

Страница 291: ...ess or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the location server UDP port d Click again to list additional IP a...

Страница 292: ...end config service location source 0 4 Optional Set a label for this location source config service location source 0 label label config service location source 0 5 Set the type of location source to...

Страница 293: ...ig add service location source 1 acl interface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface inf...

Страница 294: ...DP n The destination port on the remote host to which the messages will be forwarded n Message protocol type of the messages being forwarded either NMEA or TAIP Additional configuration items n Additi...

Страница 295: ...wn arrow next to the appropriate message type b Click Delete n To add a message type a For Add NMEA filter or Add TAIP filter click b Select the filter type Allowed values are l GGA Reports time posit...

Страница 296: ...er and vehicle ID in the prepend message you can enter the following in the Prepend field __ s __ v __ 14 Type a four digit alphanumeric Vehicle ID that will be included with to location messages If n...

Страница 297: ...service location forward 0 n Optional If the protocol type is set to nmea configure a Talker ID The talker ID is a two character prefix in the NMEA message that identifies the source type The talker I...

Страница 298: ...ward 0 12 Optional Specify types of messages that will be forwarded Allowed values vary depending on the message protocol type By default all message types are forwarded n If the message protocol type...

Страница 299: ...horizontal and vertical speed and heading l pv Position velocity reports the latitude longitude and heading To remove a message type a Use the show command to determine the index number of the messag...

Страница 300: ...Guide 300 13 Save the configuration and apply the change config save Configuration saved 14 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access...

Страница 301: ...etc Complex polygons can be defined n Actions that will be taken when the device s location triggers a geofence event You can define actions for two types of events l Actions taken when the device ent...

Страница 302: ...take the format number w d h m s For example to set Update interval to ten minutes enter 10m or 600s 6 For Boundary type select the type of boundary that the geofence will have n If Circular is selec...

Страница 303: ...le to configure a square polygon around the Digi headquarters configure a polygon with four points This defines a square shaped polygon equivalent to the following 7 Define actions to be taken when th...

Страница 304: ...used to invoke the script interpreter If not then the default shell will be used iii Enable Log script output to log the output of the script to the system log iv Enable Log script errors to log error...

Страница 305: ...used to invoke the script interpreter If not then the default shell will be used iii Enable Log script output to log the output of the script to the system log iv Enable Log script errors to log error...

Страница 306: ...e update_interval value config service location geofence test_geofence where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set update_...

Страница 307: ...service location geofence test_geofence coordinates 0 ii Set the latitude and longitude of the vertex config service location geofence test_geofence coordinates 0 latitude int config service location...

Страница 308: ...geofence coordinates add end config service location geofence test_geofence coordinates 1 latitude 44 927220 config service location geofence test_geofence coordinates 1 longitude 93 39589 config serv...

Страница 309: ...place prior to performing the actions config service location geofence test_geofence on_entry num_ intervals int config For example if the update interval is 1m one minute and the num_intervals is se...

Страница 310: ...onfig service location geofence test_geofence on_entry action 0 syslog_stdout true config service location geofence test_geofence on_entry action 0 iii To log the errors from the script to the system...

Страница 311: ...e location geofence test_geofence on_exit bootup true config b Set the number of update_intervals that must take place prior to performing the actions config service location geofence test_geofence on...

Страница 312: ...g service location geofence test_geofence on_exit action 0 iii To log the errors from the script to the system log config service location geofence test_geofence on_exit action 0 syslog_stderr true co...

Страница 313: ...can view status and statistics about location information from either the WebUI or the command line WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the main menu click Status 3...

Страница 314: ...ocation geofence Geofence Status State Transitions Last Transition test_geofence Up Inside 0 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Acces...

Страница 315: ...he connection type is serial o The serial port to be used l Modbus address or addresses to determine if messages should be forwarded to a destination device Additional configuration items n Server con...

Страница 316: ...he Configuration window is displayed 3 Click Services Modbus Gateway 4 Click Enable to enable the gateway 5 Click Debug to allow verbose logging in the system log Configure gateway servers 1 Click to...

Страница 317: ...Inactivity timeout to ten minutes enter 10m or 600s 8 Optional If Connection type is set to Serial click Half duplex to enable half duplex two wire mode 9 Optional If Connection type is set to Socket...

Страница 318: ...nts 1 Click to expand Clients 2 For Add Modbus client type a name for the client and click The new Modbus gateway client configuration is displayed 3 The new Modbus gateway client is enabled by defaul...

Страница 319: ...list n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the IPv4 address or network that can access the device s web administ...

Страница 320: ...ter for incoming messages that contain the Modbus address of 10 type 10 To filter for all messages with addresses in the range of 20 to 30 type 20 30 To add additional address filters for this client...

Страница 321: ...access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable the Modbus gateway config service modbus_gateway enable true config 4 Configure servers a Add...

Страница 322: ...rtu or raw The default is rtu iv Set the maximum allowable time between bytes in a packet config service modbus_gateway server test_modbus_server socket idle_gap value config service modbus_gateway s...

Страница 323: ...st_modbus_server serial packet_mode value config service modbus_gateway server test_modbus_server where value is either rtu or ascii The default is rtu iii Set the maximum allowable time between bytes...

Страница 324: ...nection type config service modbus_gateway client test_modbus_client connection_ type type config service modbus_gateway client test_modbus_client where type is either socket or serial The default is...

Страница 325: ...t where value is any number of minutes or seconds up to a maximum of 15 minutes and takes the format number m s For example to set inactivity_timeout to ten minutes enter either 10m or 600s config ser...

Страница 326: ...et idle_gap to one second enter 1000ms or 1s iv Optional Enable half duplex two wire mode config service modbus_gateway client test_modbus_client serial half_duplex true config service modbus_gateway...

Страница 327: ...st_modbus_client filter 1 50 100 config service modbus_gateway client test_modbus_client g If request messages handled by this client should always be forwarded to a specific device use fixed_server_a...

Страница 328: ...isconnect from the device Show Modbus gateway status and statistics You can view status and statistics about location information from either the WebUI or the command line WebUI 1 Log into the Connect...

Страница 329: ...layed this indicates that there are no connected clients 3 Use the show modbus gateway verbose command at the system prompt to display more information show modbus gateway verbose Client Uptime modbus...

Страница 330: ...t_21 Address Translation Errors 0 Connection Errors 0 Packet Errors 0 RX Responses 4 RX Timeouts 0 TX Broadcasts 0 TX Requests 4 modbus_serial_client Address Translation Errors 0 Connection Errors 0 P...

Страница 331: ...evice can also be configured to serve as an NTP server providing NTP services to downstream devices See Network Time Protocol for more information about NTP server support You can also set the local d...

Страница 332: ...ronized with the list of servers included with NTP server configuration and changes made to one will be reflected in the other See Configure the device as an NTP server for more information about NTP...

Страница 333: ...er end time server com config n To add the NTP server in another location in the list use an index value to indicate the appropriate position For example config add service ntp server 1 time server co...

Страница 334: ...min CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Manually synchronize with the NTP server The following procedu...

Страница 335: ...ize with the device When the device is configured as an NTP server it also functions as an NTP client The NTP client will be consistently synchronized with one or more upstream NTP servers which means...

Страница 336: ...d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address...

Страница 337: ...ize its time d Click to add additional NTP servers If multiple servers are included servers are tried in the order listed until one succeeds Note This list is synchronized with the list of servers inc...

Страница 338: ...add service ntp server 1 time server com config Note This list is synchronized with the list of servers included with NTP client configuration and changes made to one will be reflected in the other S...

Страница 339: ...list additional interfaces n To limit access based on firewall zones config add service ntp acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list o...

Страница 340: ...nfig save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show s...

Страница 341: ...smit data to a single multicast address which is then distributed to a group of devices that are configured to be members of that group To configure a multicast route WebUI 1 Log into the Connect EZ W...

Страница 342: ...d test config add service multicast test config service multicast test 4 The multicast route is enabled by default If it has been disabled enable the route config service multicast test enable true co...

Страница 343: ...rface eth1 config service multicast test c Repeat for each additional destination interface 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin...

Страница 344: ...S service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the mDNS service d...

Страница 345: ...At the command line type config to enter configuration mode config config 3 Enable the mDNS service config service mdns enable true config 4 Configure access control n To limit access to specified IP...

Страница 346: ...g add service mdns acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config...

Страница 347: ...dictable results As a result Digi recommends using an iPerf client at version 3 or newer to connect to the Connect EZ device s iPerf3 server Required configuration items n Enable the iPerf server on t...

Страница 348: ...single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the iperf service d Click again to list additional...

Страница 349: ...he command line type config to enter configuration mode config config 3 Enable the iPerf server config service iperf enable true config 4 Optional Set the port number for the iPerf server listening po...

Страница 350: ...fined on your device Display a list of available interfaces Use network interface to display interface information Repeat this step to list additional interfaces n To limit access based on firewall zo...

Страница 351: ...Mbits sec 29 1 39 MBytes 4 2 00 3 00 sec 29 8 MBytes 250 Mbits sec 0 1 46 MBytes 4 3 00 4 00 sec 31 2 MBytes 262 Mbits sec 0 1 52 MBytes 4 4 00 5 00 sec 32 1 MBytes 269 Mbits sec 0 1 56 MBytes 4 5 00...

Страница 352: ...limit to IPv4 addresses that can access the ping responder d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses...

Страница 353: ...201 config service iperf port port_number config 5 Optional Set the access control list to restrict access to the iPerf server n To limit access to specified IPv4 addresses and networks config add ser...

Страница 354: ...e end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A lis...

Страница 355: ...Mbits sec 8 2 68 MBytes 4 1 00 2 00 sec 28 4 MBytes 238 Mbits sec 29 1 39 MBytes 4 2 00 3 00 sec 29 8 MBytes 250 Mbits sec 0 1 46 MBytes 4 3 00 4 00 sec 31 2 MBytes 262 Mbits sec 0 1 52 MBytes 4 4 00...

Страница 356: ...ervals or at a specified time This chapter contains the following topics Configure scripts to run automatically 357 Configure scripts to run manually 363 Start a manual script 368 Stop a script that i...

Страница 357: ...l At a specified time l At a specified interval l During system maintenance Additional configuration items n A label used to identify the script n The action to take if the script finishes The actions...

Страница 358: ...al local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file...

Страница 359: ...lick The script configuration window is displayed Custom scripts are enabled by default To disable click Enable to toggle off 5 Optional For Label provide a label for the script 6 For Run mode select...

Страница 360: ...to bin sh 8 Script logging options a Click to enable Log script output to log the script s output to the system log b Click to enable Log script errors to log script errors to the system log If neith...

Страница 361: ...of the following n boot The script will run once each time the device boots l If boot is selected set the action that will be taken when the script completes config system schedule script 0 exit_actio...

Страница 362: ...any related command line information If the script begins with then the script will be invoked in the location specified by the path for the script command Otherwise the default shell will be used eq...

Страница 363: ...12 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure scripts to run manually...

Страница 364: ...ce configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line use the scp command to upload the Python application script to the Connect...

Страница 365: ...ect from the device Note You can also create scripts by using the vi command when logged in with shell access Task two Configure the application to run automatically Note This feature does not provide...

Страница 366: ...pt and its subprocesses using the format number b bytes KB k MB MB M GB G TB T 10 Sandbox is enabled by default which restricts access to the file system and available commands that can be used by the...

Страница 367: ...oked in the location specified by the path for the script command Otherwise the default shell will be used equivalent to bin sh 7 Script logging options n To log the script s output to the system log...

Страница 368: ...epending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Start a manual script You can start a script that is enabled and config...

Страница 369: ...your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Stop a script that is currently running You can stop a script that is currently ru...

Страница 370: ...cript stop script1 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an A...

Страница 371: ...disconnect from the device Run a Python application at the shell prompt Python applications can be run from a file at the shell prompt The Python application will run until it completes displaying ou...

Страница 372: ...te host that will be copied to the Connect EZ device n local path is the location on the Connect EZ device where the copied file will be placed For example To upload a script from a remote host with a...

Страница 373: ...into the Connect EZ command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the sh...

Страница 374: ...llowing topics Use digidevice cli to execute CLI commands 375 Use digidevice datapoint to upload custom datapoints to Digi Remote Manager 376 Use digidevice config for device configuration 379 Use Pyt...

Страница 375: ...Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the cli submodule from digidevice import cli 4 Execute a CLI command u...

Страница 376: ...linux Type help copyright credits or license for more information 3 Import the cli submodule from digidevice import cli 4 Use the help command with cli execute help cli execute Help on function execut...

Страница 377: ...Type help copyright credits or license for more information 3 Import the datapoint submodule and other necessary modules from digidevice import datapoint import time 4 Upload the datapoints to Remote...

Страница 378: ...nformation on web services and datapoints Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help fo...

Страница 379: ...ce configuration Read the device configuration 1 Log into the Connect EZ command line as a user with shell access Depending on your device configuration you may be presented with an Access selection m...

Страница 380: ...address Which returns 192 168 2 1 24 Modify the device configuration Use the set and commit methods to modify the device configuration 1 Log into the Connect EZ command line as a user with shell acce...

Страница 381: ...device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyri...

Страница 382: ...se for more information 3 Import the device_request module from digidevice import device_request 4 Create a function to handle the request from Remote Manager def handler target request print received...

Страница 383: ...vice_request register function in the Python script In this example the two are the same 4 Click Send Once that the request has been sent to the device the handler on the device is executed n On the d...

Страница 384: ...uests while True time sleep 10 2 Upload the showsystem py application to the etc config scripts directory on two or more Digi devices In this example we will upload it to two devices and use the same...

Страница 385: ...wsystem py ix Click Apply to save the configuration and apply the change Command line i Log into the Connect EZ command line as a user with full Admin access rights Depending on your device configurat...

Страница 386: ...he application config system schedule script 0 commands python etc config scripts showsystem py config system schedule script 0 viii Save the configuration and apply the change config save Configurati...

Страница 387: ...F A83CF6A3 device id 00000000 00000000 0000FFFF 485740BC targets requests device_request target_name myTarget my payload string device_request requests data_service sci_request 7 For the device_reques...

Страница 388: ...evice id 00000000 00000000 0000FFFF 485740BC requests device_request target_name showSystem status 0 Model Digi Connect EZ Serial Number Connect EZ 000023 Hostname Connect EZ MAC 00 40 D0 26 79 1C Har...

Страница 389: ...linux Type help copyright credits or license for more information 3 Import the device_request submodule from digidevice import device_request 4 Use the help command with device_request help device_req...

Страница 390: ...python command with no parameters to enter an interactive Python session python Python 3 6 13 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information...

Страница 391: ...be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3...

Страница 392: ...thon session You can also exit the session using exit or quit Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi...

Страница 393: ...n you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python...

Страница 394: ...to access the device location data The location submodule enables access to the location data for the Connect EZ device The module takes a snapshot of location data stored in the runt database The lo...

Страница 395: ...e object to return the longitude loc longitude 93 397084499999999 n Use the altitude object to return the altitude in meters loc altitude 292 39999399999999 7 Use Ctrl D to exit the Python session You...

Страница 396: ...ent location and stores it in the runtime database You can update this snapsot 1 Log into the Connect EZ command line as a user with shell access Depending on your device configuration you may be pres...

Страница 397: ...urce_idx 0 num_satellites 12 source_idx 0 quality Standard GNSS 2D 3D source_idx 0 utc_date_time Mar 03 2022 10 16 23 source_idx 0 vertical_velocity 0 0 source_idx 1 label gnss source_idx 1 quality No...

Страница 398: ...state of a device When the module sets the device to out of service this can be used as trigger to begin maintenance activity See Schedule system maintenance tasks for more details 1 Log into the Conn...

Страница 399: ...nance module 1 Log into the Connect EZ command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the devic...

Страница 400: ...ity to schedule SMS scripting Enable the ability to schedule SMS scripting WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration...

Страница 401: ...Example digidevice sms code The following example code receives an SMS message and sends a response usr bin python3 6 import os import threading import sys from digidevice sms import Callback send CON...

Страница 402: ...o the Connect EZ command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 Determine th...

Страница 403: ...cs from runt Reporting DHCP clients Firmware update feature simple implementation read TODO in cmd_fwupdate import sys import time import paho mqtt client as mqtt import json from acl import runt conf...

Страница 404: ...ef send_cmd_reply client cmd_path cid cmd status if not status or not cid return if cmd_path startswith PREFIX_CMD path cmd_path len PREFIX_CMD else print Invalid command path cannot send reply format...

Страница 405: ...TED send_cmd_reply client msg topic cid cmd status def publish_dhcp_leases leases try with open etc config dhcp leases r as f for line in f elems line split if len elems 5 continue leases append mac e...

Страница 406: ...tem serial PREFIX router serial PREFIX_EVENT event PREFIX PREFIX_CMD cmd PREFIX PREFIX_RSP rsp PREFIX client mqtt Client client on_connect on_connect client on_message on_message try client connect 19...

Страница 407: ...ication groups 415 Local users 424 Terminal Access Controller Access Control System Plus TACACS 437 Remote Authentication Dial In User Service RADIUS 444 LDAP 449 Configure serial authentication 457 D...

Страница 408: ...permissions for a group You can modify the released groups and create additional groups as needed for your site A user can be assigned to more than one group n admin Provides the logged in user with...

Страница 409: ...hentication Dial In User Service RADIUS for information about configuring RADIUS authentication n TACACS Users authenticated by using a remote TACACS server for authentication See Terminal Access Cont...

Страница 410: ...onfiguration The Configuration window is displayed 3 Click Authentication Methods 4 For Add Method click 5 Select the appropriate authentication type for the new method from the Method drop down Note...

Страница 411: ...g on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI b At the command line type config to enter configuration mode config config c Use t...

Страница 412: ...cess selection menu Type quit to disconnect from the device Delete an authentication method WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu click System Und...

Страница 413: ...tication method as displayed by the example show command above config del auth method 2 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI...

Страница 414: ...n the Method drop down select Local users 7 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depen...

Страница 415: ...Admin CLI n Shell access Users with Shell access have the ability to access the shell when logging into the Connect EZ via ssh telnet or the serial console Shell access is not available if the Allow...

Страница 416: ...erial to expand its configuration node 5 Click the box next to the following options as appropriate to enable or disable access rights for each n Admin access For groups assigned Admin access you can...

Страница 417: ...cess the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable or disable access rights for the group For example n Admin access l To set the access level for...

Страница 418: ...config auth group admin acl serial enable true config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configur...

Страница 419: ...ssigned Admin access you can also determine whether the Access level should be Full access or Read only access where value is either l Full access full provides users of this group with the ability to...

Страница 420: ...ext to Bluetooth scanner access 10 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on y...

Страница 421: ...fig 5 Optional Configure captive portal access a Return to the config prompt by typing three periods config auth group test config b Enable captive portal access rights for users of this group config...

Страница 422: ...ion menu Type quit to disconnect from the device Delete an authentication group By default the Connect EZ device has two preconfigured authentication groups admin and serial These groups cannot be del...

Страница 423: ...s selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth group groupname 4 Save the c...

Страница 424: ...ord for the device and is the most critical security feature for the device If you reset the device to factory defaults you must log in using the default user and password and you should immediately c...

Страница 425: ...least one uppercase letter one lowercase letter one number and one special character For the admin user the password field can be left blank n If the password field for the admin user is left blank th...

Страница 426: ...User authentication Local users Digi Connect EZ Mini User Guide 426 6 Click Apply to save the configuration and apply the change...

Страница 427: ...nfiguration you may be presented with an Access selection menu Type quit to disconnect from the device Configure a local user Required configuration items n A username n A password The password must b...

Страница 428: ...security key l Whether to allow passcode reuse time based verification only l The passcode refresh interval time based verification only l The valid code window size l The login limit l The login limi...

Страница 429: ...me that the user is locked out after the number of unsuccessful login attempts defined in Lockout tries Allowed values are any number of minutes or seconds and take the format number m s For example t...

Страница 430: ...val to ten minutes enter 10m or 600s g In Valid code window size type the allowed number of concurrently valid codes In cases where TOTP is being used increasing the Valid code window size may be nece...

Страница 431: ...ows the user to log in using a name that contains special characters For security purposes if two users have the same alias the alias will be disabled config auth user new_user username username_alias...

Страница 432: ...min config auth user new_user Note Every user must be configured with at least one group b Optional Add additional groups by repeating the add group command config auth user new_user add group end ser...

Страница 433: ...rd HOTP uses a counter to validate a one time password The default value is totp config auth user new_user 2fa type totp config auth user new_user 2fa d Add a secret key config auth user new_user 2fa...

Страница 434: ...at the user is allowed to attempt to log in config auth user new_user 2fa login_limit_period value config auth user new_user 2fa where value is any number of weeks days hours minutes or seconds and ta...

Страница 435: ...evice Delete a local user To delete a user from your Connect EZ WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu click System Under Configuration click Devic...

Страница 436: ...cess selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth user username 4 Save the...

Страница 437: ...tials and connection parameters to a TACACS server over TCP The TACACS server then authenticates the TACACS client requests and sends back a response message to the device When you are using TACACS au...

Страница 438: ...e sudo gedit etc tacacs tac_plus conf 2 Add users to the file using the following format This example will create two users one with admin and serial access and one with only serial access user user1...

Страница 439: ...ilable or if the user is not defined on the TACACS server then you should list the TACACS authentication method prior to the Local users authentication method See User authentication methods for more...

Страница 440: ...the key parameter of the TACACS server s tac_plus conf file for example key testing123 e Optional Click again to add additional TACACS servers 5 Optional Enable Authoritative to prevent other authent...

Страница 441: ...in the order they are listed until the first successful authentication result is returned See Rearrange the position of authentication methods for information about rearranging the position of the met...

Страница 442: ...d TACACS server will be used for command authorization config auth tacacs command_authorization true config 7 Optional Enable command accounting which instructs the device to communicate with the TACA...

Страница 443: ...User Guide 443 config add auth method end tacacs config 10 Save the configuration and apply the change config save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device conf...

Страница 444: ...ADIUS server over UDP The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device When you are using RADIUS authentication you can have both local u...

Страница 445: ...ernatively if the user is also configured as a local user on the Connect EZ device and the RADIUS server authenticates the user but does not return any groups the local configuration determines the li...

Страница 446: ...es how to configure a Connect EZ device to use a RADIUS server for authentication and authorization Required configuration items n Define the RADIUS server IP address or domain name n Define the RADIU...

Страница 447: ...The default value is 3 f Optional Click again to add additional RADIUS servers 5 Optional Enable Authoritative to prevent other authentication methods from being used if RADIUS authentication fails O...

Страница 448: ...Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Optional Prevent other authentication methods from being used if RADIUS authentication...

Страница 449: ...bout adding methods to the beginning or middle of the list config add auth method end radius config 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit th...

Страница 450: ...igi Connect EZ Mini User Guide 450 This section contains the following topics LDAP user configuration 451 LDAP server failover and fallback to local configuration 452 Configure your Connect EZ device...

Страница 451: ...using the following format dn uid john dc example dc com objectClass inetOrgPerson cn John Smith sn Smith uid john userPassword password ou admin serial n The value of uid and userPassword must corre...

Страница 452: ...P server then you should list the LDAP authentication method prior to the Local users authentication method See User authentication methods for more information about authentication methods If the LDA...

Страница 453: ...only be used if the LDAP server is unavailable 6 For TLS connection select the type of TLS connection used by the server n Disable TLS Uses a non secure TCP connection on the LDAP standard port 389 n...

Страница 454: ...ser has access to See LDAP user configuration for further information about the group attribute 13 For Timeout type or select the amount of time in seconds to wait for the LDAP server to respond Allow...

Страница 455: ...ls configure whether to verify the server certificate config auth ldap verify_server_cert value config where value is either n true Verifies the server certificate with a known Certificate Authority n...

Страница 456: ...e the amount of time in seconds to wait for the LDAP server to respond config auth ldap timeout value config where value is any integer from 3 to 60 The default value is 3 12 Add an LDAP server a Add...

Страница 457: ...ate and private key in PEM format If empty the certificate for the web administration service is used See Configure the web administration service for more information 5 For Peer authentication select...

Страница 458: ...remote peer config auth serial verify value config where value is either n ca Uses certificate authorities CAs to verify n peer Uses the remote peer s public certificate to verify 5 By default peers...

Страница 459: ...prevent access to the Admin CLI Note If shell access is disabled re enabling it will erase the device s configuration and perform a factory reset WebUI 1 Log into the Connect EZ WebUI as a user with...

Страница 460: ...pending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Set the idle timeout for Connect EZ users To configure the amount of tim...

Страница 461: ...he command line type config to enter configuration mode config config 3 At the config prompt type config auth idle_timeout value where value is any number of weeks days hours minutes or seconds and ta...

Страница 462: ...System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users 4 In Add User enter a name for the user and click The user configuration windo...

Страница 463: ...t EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command...

Страница 464: ...may be presented with an Access selection menu Type quit to disconnect from the device Example 2 RADIUS TACACS and local authentication for one user Goal To create a user with administrator rights who...

Страница 465: ...FTP Group Names parameter c Save and close the users file 2 Configure a user on the TACACS server a On the ubuntu machine hosting the TACACS server open the etc tacacs tac_plus conf file sudo gedit e...

Страница 466: ...method d For the new method select TACACS e Click to add another new method f For the new method select Local users 6 Create the local user a Click Authentication Users b In Add User type admin1 and...

Страница 467: ...a RADIUS user to the users file admin1 Cleartext Password password1 Unix FTP Group Names admin In this example n The user s username is admin1 n The user s password is password1 n The authentication g...

Страница 468: ...ication methods a Determine the current authentication method configuration config show auth method 0 local config This output indicates that on this example system only local authentication is config...

Страница 469: ...r admin1 b Assign a password to the user config auth user adminuser password password1 config auth user adminuser c Assign the user to the admin group config auth user adminuser add group end admin co...

Страница 470: ...er contains the following topics Firewall configuration 471 Port forwarding rules 475 Packet filtering 482 Configure custom firewall rules 489 Configure Quality of Service options 491 Digi Connect EZ...

Страница 471: ...sed for interfaces involved in the initial setup of the device By default the firewall will only allow this zone to access administration services l IPsec The default zone for IPsec tunnels l Dynamic...

Страница 472: ...interfaces to use a zone Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selectio...

Страница 473: ...lected during interface configuration This example procedure uses an existing network interface named ETH2 and changes the firewall zone from the default zone Internal to External WebUI 1 Log into the...

Страница 474: ...nect from the device Delete a custom firewall zone You cannot delete preconfigured firewall zones To delete a custom firewall zone WebUI 1 Log into the Connect EZ WebUI as a user with full Admin acces...

Страница 475: ...users on a public network from accessing servers on the private network To allow a computer on the Internet to connect to a specific server on a private network set up one or more port forwarding rul...

Страница 476: ...by default To disable click to toggle off Enable 5 Optional Type a Label that will be used to identify the rule 6 For Interface select the network interface for the rule Network connections will only...

Страница 477: ...ting a Click Zones b For Add zone click c For Zone select the appropriate zone d Repeat for each additional zone 13 Click Apply to save the configuration and apply the change Command line 1 Log into t...

Страница 478: ...tcpudp or upd The default is tcp 8 Set the IP address of the server to which traffic should be forwarded n For IPv4 addresses config firewall dnat 0 to_address ip address config firewall dnat 0 n For...

Страница 479: ...eat for each appropriate zone To view a list of available zones config firewall dnat 0 acl zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and acces...

Страница 480: ...y to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented...

Страница 481: ...ess6 c097 4533 bd63 bb12 9a6f 5569 4b53 c29a to_port 10003 config 4 To delete the rule use the index number with the del command For example config del firewall dnat 1 5 Save the configuration and app...

Страница 482: ...red configuration items n The action that the packet filtering rule will perform either Accept Reject or Drop n The source firewall zone Packets originating from interfaces on this zone will be monito...

Страница 483: ...hing network connections and does not send a reply 6 Select the IP version 7 Select the Protocol 8 For Source zone select the firewall zone that will be monitored by this rule for incoming connections...

Страница 484: ...p dst_zone internal enable true ip_version any label myfilter protocol any src_zone external config b Select the appropriate rule by using its index number config firewall filter 1 config firewall fil...

Страница 485: ...ne my_zone config firewall filter 1 6 Set the destination firewall zone Packets destined for network interfaces that are members of this zone will either be accepted rejected or dropped by this rule S...

Страница 486: ...menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Firewall Packet filtering 4 Click the appropriate packet filtering rule 5 Click Enable t...

Страница 487: ...config 4 To enable a packet filtering rule use the index number with the enable true command For example config firewall filter 1 enable true 5 To disable a packet filtering rule use the index number...

Страница 488: ...change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin...

Страница 489: ...t of a script of shell commands that can be used to install firewall rules ipsets and other system configuration These commands are run whenever system configuration changes occur that might cause cha...

Страница 490: ...Firewall Configure custom firewall rules Digi Connect EZ Mini User Guide 490 7 Click Apply to save the configuration and apply the change...

Страница 491: ...your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure Quality of Service options Quality of Service QoS options allow you to ma...

Страница 492: ...ate for your network 8 Click Apply to save the configuration and apply the change Command line 1 Log into the Connect EZ command line as a user with full Admin access rights Depending on your device c...

Страница 493: ...tion saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Create a new binding WebU...

Страница 494: ...able click Enable c Optional Type a Label for the binding policy d For Weight type a value for the amount of available bandwidth allocated to the policy relative to other policies for this binding The...

Страница 495: ...y as a destination traffic matching criteria viii Click to expand Source address and select the Type n Any Source traffic from any address will be matched n Interface Only traffic from the selected In...

Страница 496: ...6 address Only traffic destined for the IP address typed in IPv6 address will be matched Use the format IPv6_address prefix_length or use any to match any IPv6 address Repeat to add a new rule Up to 3...

Страница 497: ...l my_binding config firewall qos 2 5 Set the interface to queue egress packets on The binding will only match traffic that is being sent out on this interface a Use the to determine available interfac...

Страница 498: ...bandwidth config firewall qos 2 policy 0 weight int config firewall qos 2 policy 0 where int is any integer between 1 and 65535 The default is 10 e Set the maximum delay before the transmission of pa...

Страница 499: ...qos 2 policy 0 rule 0 protocol value config firewall qos 2 policy 0 rule 0 where value is one of tcp udp or any vi Set the source port to define a source traffic matching criteria config firewall qos...

Страница 500: ...0 where value uses the format IPv6_address prefix_length or any to match any IPv6 address n mac Only traffic from the MAC address typed in MAC address will be matched Set the MAC address to be matched...

Страница 501: ...ll be matched Set the address that will be matched config network qos 2 policy 0 rule 0 src address6 value config network qos 2 policy 0 rule 0 where value uses the format IPv6_address prefix_length o...

Страница 502: ...m firmware 506 Reboot your Connect EZ device 511 Erase device configuration and reset to factory defaults 514 Locate the device by using the Find Me feature 518 Configuration files 520 Schedule system...

Страница 503: ...on use the show system command n Show basic system information 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Ac...

Страница 504: ...9 85 Alt Firmware Build Date Thurs 03 March 2022 10 16 23 Bootloader Version 19 7 23 0 15f936e0ed Schema Version 715 Timezone UTC Current Time Thurs 03 March 2022 10 16 23 0000 CPU 1 4 Uptime 6 days...

Страница 505: ...s and at the command prompt 5 For Contact type the name of a contact for the device 6 For Location type the location of the device 7 For Banner type a banner message that will be displayed when users...

Страница 506: ...The Connect EZ operating system firmware images consist of a single file with the following naming convention platform version bin For example Connect EZ 22 2 9 85 bin Manage firmware updates using Di...

Страница 507: ...he Digi firmware server WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the main menu click System Under Administration click Firmware Update 3 Click Download from server 4 For...

Страница 508: ...ash authentication successful netflash vendor and product names are verified netflash programming FLASH device dev flash image1 41408K 100 Firmware update completed reboot device b Reboot the device r...

Страница 509: ...nnect EZ operating system firmware from the Digi Support FTP site to your local machine 2 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you ma...

Страница 510: ...fig Connect EZ 22 2 9 85 bin length 37511229 netflash authentication successful netflash programming FLASH device dev flash image 36633K 100 Firmware update completed reboot device 6 Reboot the device...

Страница 511: ...on of the firmware As a result of this behavior you can use the following procedure to guarantee that the same firmware is stored in both memory banks WebUI 1 Log into the Connect EZ WebUI as a user w...

Страница 512: ...ne 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At...

Страница 513: ...ng on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Set...

Страница 514: ...scripts n Clears event and system log files Additionally if the RESET button is used to erase the configuration pressing the RESET button a second time immediately after the device has rebooted n Eras...

Страница 515: ...d for the admin user for further information Command line 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access...

Страница 516: ...ort to your PC b Log into the Connect EZ User name Use the default user name admin Password Use the unique password printed on the bottom label of the device or the printed label included in the packa...

Страница 517: ...to the original factory defaults Note To clear the custom default configuration press the RESET button wait for the device to reboot then press the RESET button again Required configuration items n Cu...

Страница 518: ...le system Command line 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access...

Страница 519: ...ature click System and click Find Me again A notification message appears noting that the LED is no longer flashing on the device Click the x in the message to close it Command line 1 Log into the Con...

Страница 520: ...s which also applies the changes If you do not save configuration changes the system discards the changes WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu cl...

Страница 521: ...keys and other information 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the main menu click System Under Configuration click Configuration Maintenance The Configuration Maintenance...

Страница 522: ...me or ip user username remote remote path local local path to remote where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n rem...

Страница 523: ...nted with an Access selection menu Type admin to access the Admin CLI 2 If the configuration backup is on a remote host use scp to copy the file from the host to your device scp host hostname or ip us...

Страница 524: ...ename of the configuration backup file on the Connect EZ s filesystem local path in the previous step n passphrase optional is the passphrase to restore the configuration backup if a passphrase was us...

Страница 525: ...s that trigger the maintenance window to begin n Whether all configured triggers or only one of the triggers must be met n The tasks to be performed Options are l Firmware updates l Digi Remote Manage...

Страница 526: ...ow will begin at the beginning of the specified hour c For Duration window select the amount of time that the maintenance tasks will be run If Immediately is selected all scheduled tasks will begin at...

Страница 527: ...o access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure a system maintenance trigger a Add a trigger config add system schedule maintenance trigg...

Страница 528: ...tasks will run at a random time during the time allotted for the duration window l If the duration length is set to one or more hours the minutes field in the start time is ignored and the duration w...

Страница 529: ...ance frequency value config where value is either daily weekly or monthly daily is the default 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Adm...

Страница 530: ...ser with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Disable encryption with the following command syste...

Страница 531: ...e relevant network connection on the Windows PC b Click the Internet Protocol Version 4 TCP IPv4 parameter c Click Properties The Internet Protocol Version 4 TCP IPv4 Properties dialog appears d Confi...

Страница 532: ...EZ device at the IP address of 192 168 210 1 4 Log into the device n Username admin n Password The default unique password for your device is printed on the device label 5 At the shell prompt type rm...

Страница 533: ...mmand line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line ty...

Страница 534: ...the speed of your Ethernet port Digi Connect EZ Mini User Guide 534 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type qui...

Страница 535: ...Monitoring This chapter contains the following topics intelliFlow 536 Configure NetFlow Probe 543 Digi Connect EZ Mini User Guide 535...

Страница 536: ...at any point you can click inside the chart to drill down to view more granular information and menu options allow you to change various aspects of the information being displayed Note When intelliFl...

Страница 537: ...nu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable IntelliFlow config monitoring intelliflow enable true 4 Set the firewall zone...

Страница 538: ...t the zone to be used by IntelliFlow config monitoring intelliflow zone my_zone 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Dependin...

Страница 539: ...Log into the Connect EZ WebUI as a user with Admin access 2 If you have not already done so enable intelliFlow See Enable intelliFlow 3 From the menu click Status intelliFlow The System Utilisation c...

Страница 540: ...n 2 Select the time period to be displayed n Save or print the chart 1 Click the menu icon 2 To save the chart to your local filesystem select Export to PNG 3 To print the chart select Print chart Use...

Страница 541: ...display the Top Data Usage by Server chart click Top Data Usage by Server n To display the Top Data Usage by Service chart click Top Data Usage by Service 5 Change the type of chart that is used to di...

Страница 542: ...art Use intelliFlow to display data usage by host over time To generate a chart displaying a host s data usage over time WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 If you have...

Страница 543: ...rs Required configuration items n Enable NetFlow n The IP address of a NetFlow collector Additional configuration items n The NetFlow version n Enable flow sampling and select the flow sampling techni...

Страница 544: ...is used Each flow is accounted n Deterministic Selects every nth flow where n is the value of Flow sampler population n Random Randomly selects one out of every n flows where n is the value of Flow s...

Страница 545: ...ration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable NetFlow config monitor...

Страница 546: ...ve before sent to a collector config monitoring netflow inactive_timeout value config where value is any is any number between 1 and 15 The default is 15 7 Set the number of seconds that a flow can be...

Страница 547: ...s a collector config monitoring netflow collector 0 Repeat to add additional collectors 10 Save the configuration and apply the change config monitoring netflow collector 0 save Configuration saved 11...

Страница 548: ...evice health data and set the sample interval 555 Enable event log upload to Digi Remote Manager 558 Log into Digi Remote Manager 559 Use Digi Remote Manager to view and manage your device 561 Add a d...

Страница 549: ...fault URL was my devicecloud com n If your Digi device is configured to use a non default URL to connect to Remote Manager updating the firmware will not change your configuration However if you erase...

Страница 550: ...Guide 550 n SMS support n HTTP proxy server support To configure Digi Remote Manager WebUI 1 Log into the Connect EZ WebUI as a user with full Admin access rights 2 On the menu click System Under Conf...

Страница 551: ...ptional For Management port type the destination port for the remote cloud services connection The default is 3199 7 Optional For Retry interval type the amount of time that the Connect EZ device shou...

Страница 552: ...hours minutes or seconds and take the format number h m s For example to set Reboot Timeout to ten minutes enter 10m or 600s The minimum value is 30 minutes and the maximum is 48 hours If not set this...

Страница 553: ...oud com config cloud drm drm_url url config 6 Optional Set the amount of time that the Connect EZ device should wait before reattempting to connect to the remote cloud services after being disconnecte...

Страница 554: ...at number h m s For example to set restart_timeout to ten minutes enter either 10m or 600s config cloud drm restart_timeout 600s config The minimum value is 30 minutes and the maximum is 48 hours If n...

Страница 555: ...oxy host hostname config c Optional Set the port number on the proxy server that the device should connect to The default is 2138 config cloud drm proxy port integer config 13 Save the configuration a...

Страница 556: ...igure what data are uploaded to the Digi Remote Manager All options are enabled by default 5 Only report changed values to Digi Remote Manager is enabled by default When enabled n The device only repo...

Страница 557: ...sample data 5 By default the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded This is useful to reduce the bandwidth used to rep...

Страница 558: ...8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Enable event log upload to Digi Remo...

Страница 559: ...e config config 3 Device health data upload is enabled by default To enable or disable n To enable config monitoring events enable true config n To disable config monitoring events enable false config...

Страница 560: ...nnect EZ Mini User Guide 560 1 If you have not already done so click here to sign up for a Digi Remote Manager account 2 Check your email for Digi Remote Manager login instructions 3 Go to remotemanag...

Страница 561: ...evice To view and manage your device 1 If you have not already done so connect to your Digi Remote Manager account 2 Click Device Management to display a list of your devices 3 Use the Search bar to l...

Страница 562: ...r account and it appears in the Device Management view View Digi Remote Manager connection status To view the current Digi Remote Manager configuration WebUI 1 Log into the Connect EZ WebUI as a user...

Страница 563: ...nect EZ routers Typically if you want to provision multiple Connect EZ routers 1 Using the Connect EZ local WebUI configure one Connect EZ router to use as the model configuration for all subsequent C...

Страница 564: ...Z local file system 565 Display directory contents 565 Create a directory 566 Display file contents 567 Copy a file or directory 567 Move or rename a file or directory 568 Delete a file or directory 5...

Страница 565: ...ut are deleted if a factory reset of the system is performed See Erase device configuration and reset to factory defaults for more information Display directory contents To display directory contents...

Страница 566: ...cifying the name of the directory For example 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection me...

Страница 567: ...4J0XT Rgr6ewr1yerHtXQdbafsatGswKg0YUm schema version 461 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to discon...

Страница 568: ...cripts to final py 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin to access the...

Страница 569: ...test py in etc config scripts 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection menu Type admin t...

Страница 570: ...by using the WebUI or from the command line by using the scp Secure Copy command or by using a utility such as SSH File Transfer Protocol SFTP or an SFTP application like FileZilla Upload and downloa...

Страница 571: ...follows scp host hostname or ip user username remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on...

Страница 572: ...g support report 0040D0133536 22 03 03 10 16 23 bin Support report saved 2 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var...

Страница 573: ...tem Upload and download files Digi Connect EZ Mini User Guide 573 sftp ahmed 192 168 2 1 Password Connected to 192 168 2 1 sftp get test py Fetching test py to test py test py 100 254 0 3KB s 00 00 sf...

Страница 574: ...575 View system and event logs 577 Configure syslog servers 581 Configure options for the event and system logs 583 Analyze network traffic 588 Use the ping command to troubleshoot network connection...

Страница 575: ...ownload average 44 7588 Mbps Rx latency 30 05 ms 3 To output the result in json format use the output parameter speedtest host output json tx_avg 51 8510 tx_avg_units Mbps tx_latency 31 07 tx_latency_...

Страница 576: ...Type admin to access the Admin CLI 2 Use the system support report command to generate the report system support report var log Saving support report to var log support report 0040D0133536 22 03 03 10...

Страница 577: ...ion about configuring the information displayed in event and system logs View System Logs WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the main menu click System Logs The sys...

Страница 578: ...l Use the show log number num command to limit the number of lines that are displayed For example to limit the log to the most recent ten lines show log number 10 Timestamp Message Nov 26 21 54 34 Con...

Страница 579: ...u Type quit to disconnect from the device View Event Logs WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the main menu click System Logs 3 Click System Logs to collapse the sys...

Страница 580: ...mit the event list to the most recent ten lines show event number 10 Timestamp Type Category Message Nov 26 21 42 37 status stat intf eth1 type ethernet rx 11332435 tx 5038762 Nov 26 21 42 35 status s...

Страница 581: ...full Admin access rights 2 On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Log 4 Add and configure a remote syslog server...

Страница 582: ...e Connect EZ command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the...

Страница 583: ...em log remote 0 protocol value config system log remote 0 where value is either tcp or udp The default is udp 6 Save the configuration and apply the change config save Configuration saved 7 Type exit...

Страница 584: ...l To disable event categories or to enable them if they have been disabled a Click to expand Event Categories b Click an event category to expand c Depending on the event category you can enable or di...

Страница 585: ...and takes the format number w d h m s For example to set the heartbeat interval to ten minutes enter either 10m or 600s config system log heartbeat_interval 600s config To disable the heartbeat inter...

Страница 586: ...disable informational events status events and error events Some categories also allow you to set the status interval which is the time interval between periodic status events For example to configure...

Страница 587: ...seconds and takes the format number w d h m s For example to set the status interval to ten minutes enter either 10m or 600s config system log event dhcpserver status_interval 600s config 6 Optional S...

Страница 588: ...perform a more detailed analysis you can download the captured data traffic from the device and view it using a third party application Note Data traffic is captured to RAM and the captured data is l...

Страница 589: ...a specified event or at a particular time l The events or time that will trigger the analyzer to run using this capture configuration l The amount of time that the analyzer session will run l The freq...

Страница 590: ...etwork By default is option is disabled which means that the filter will capture packets from this IP address network vi Click to add additional IP address network filters c To create a filter that ei...

Страница 591: ...apture packets that use this port vi Click to add additional MAC address filters f To create a filter that either captures or ignores packets from one or more VLANs i Click to expand Filter VLANs ii C...

Страница 592: ...un during the system maintenance time window b Enable the capture filter schedule c For Duration type the amount of time that the scheduled analyzer session will run Allowed values are any number of w...

Страница 593: ...address ip_ address netmask config network analyzer name filter address 0 iii Set whether the filter should apply to packets when the IP address network is the source the destination or both config ne...

Страница 594: ...lter protocol 0 protocol value config network analyzer name filter protocol 0 iv If other is set for the protocol set the number of the protocol config network analyzer name filter protocol 0 protocol...

Страница 595: ...tional Set the filter should ignore packets from this port config network analyzer name filter port 0 ignore true config network analyzer name filter port 0 By default is option is set to false which...

Страница 596: ...Set the VLAN that should be be captured or ignored config network analyzer name filter vlan 0 vlan value config network analyzer name filter vlan 0 where value is number o the VLAN iii Optional Set th...

Страница 597: ...t_time Runs the script at a specified time of the day If set_time is set set the time that the script should run using the format HH MM config network analyzer name run_time HH MM config network analy...

Страница 598: ...bpf html for detailed information about BPF syntax Example IPv4 capture filters n Capture traffic to and from IP host 192 168 1 1 ip host 192 168 1 1 n Capture traffic from IP host 192 168 1 1 ip src...

Страница 599: ...apturing Additional analyzer commands allow you to n Stop capturing packets n Save captured data traffic to a file n Clear captured data Required configuration items n A configured packet capture See...

Страница 600: ...Access selection menu Type admin to access the Admin CLI 2 Type the following at the Admin CLI prompt analyzer stop name capture_filter where capture_filter is the name of a packet capture configurati...

Страница 601: ...red Length 60 bytes Received on interface eth1 00 40 ff 80 01 20 b4 b6 86 21 b5 73 08 00 45 00 s E 00 28 3d 36 40 00 80 06 14 bc 0a 0a 4a 82 0a 0a 6 J 4a 48 cd ae 00 16 a4 4b ff 5f ee 1f d8 23 50 10 J...

Страница 602: ...save captured traffic data to a file use the analyzer save command Command line 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be pre...

Страница 603: ...e you can download the file from the WebUI or from the command line by using the scp secure copy file command WebUI 1 Log into the Connect EZ WebUI as a user with Admin access 2 On the menu click Syst...

Страница 604: ...ria remote home maria local etc config analyzer eth0 pcpng to remote maria 192 168 210 2 s password eth0 pcpng 100 11KB 851 3KB s 00 00 Clear captured data To clear captured data traffic in RAM use th...

Страница 605: ...configuration you may be presented with an Access selection menu Type quit to disconnect from the device Stop ping commands To stop pings when the number of pings to send the count parameter has been...

Страница 606: ...routing hops were required to reach the host 1 Log into the Connect EZ command line as a user with Admin access Depending on your device configuration you may be presented with an Access selection me...

Страница 607: ...issued Declarations of Conformity for the Connect EZ concerning emissions EMC and safety For more information see www digi com resources certifications Important note Digi customers assume full respon...

Страница 608: ...gibly and indelibly UK Conformity Assessed UKCA labeling requirements See guidance using the ukca marking for further details You must make sure that n If you reduce or enlarge the size of your markin...

Страница 609: ...ntee that inventory held by distributors or other third parties is RoHS compliant Safety notices n Read all instructions before installing and powering the router You should keep these instructions in...

Страница 610: ...at electrical electronic products are recycled using the best available recovery techniques to minimize the impact on the environment This product contains high quality materials and components which...

Страница 611: ...interface 613 Display help for commands and parameters 614 Auto complete commands and parameters 616 Available commands 617 Use the scp command 618 Display status and statistics using the show command...

Страница 612: ...bUI Configure the web administration service n SSH Configure SSH access n Telnet Configure telnet access Log in to the command line interface Command line 1 Connect to the Connect EZ device by using a...

Страница 613: ...he command line interface Command line 1 At the command prompt type exit exit 2 Depending on the device configuration you may be presented with another menu for example Access selection menu a Admin C...

Страница 614: ...d is found Ctrl A Move cursor to start of line Ctrl E Move cursor to end of line Ctrl W Delete word under cursor until start of line or Ctrl R If the current input is invalid then characters will be d...

Страница 615: ...help show Commands analyzer Show analyzer arp Show ARP tables cloud Show drm statistics config Show config deltas dhcp lease Show DHCP leases dns Show DNS servers event Show event list ipsec Show IPse...

Страница 616: ...possible Typing the space bar has similar behavior If multiple commands are available that will match the entered text auto complete is not performed and the available commands are displayed instead A...

Страница 617: ...s and parameters for information about the help command ls Lists the contents of a directory mkdir Creates a directory more Displays the contents of a file mv Moves a file or directory ping Pings a re...

Страница 618: ...is being copied to a remote host from the Connect EZ device o The path and filename of the file on the Connect EZ device that will be copied to the remote host o The location on the remote host where...

Страница 619: ...g support report to var log support report 0040D0133536 22 03 03 10 16 23 bin Support report saved 2 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote...

Страница 620: ...23 0 15f936e0ed Current Time Thurs 03 March 2022 10 16 23 0000 CPU 1 4 Uptime 6 days 6 hours 21 minutes 57 seconds 541317s Temperature 40C show network The show network command displays status and st...

Страница 621: ...h enable false The Connect EZ device s ssh service is now disabled Note When the config command is executed at the root prompt certain configuration actions that are available in configuration mode ca...

Страница 622: ...NTP remote_control Remote control snmp SNMP ssh SSH telnet Telnet web_admin Web administration config service 3 Next display help for the config service ssh command config service ssh SSH An SSH serv...

Страница 623: ...e Enter configuration commands in configuration mode There are two ways to enter configuration commands while in configuration mode n Enter the full command string from the config prompt For example t...

Страница 624: ...and config cancel After using cancel to discard unsaved changes to the configuration you will automatically exit configuration mode Configuration actions In configuration mode configuration actions ar...

Страница 625: ...or example 1 Enter at the config prompt config This will display the following help information config Additional Configuration application Custom scripts auth Authentication cloud Central management...

Страница 626: ...ext to display help for the service ssh command use one of the following methods n At the config prompt enter service ssh config service ssh n At the config prompt a Enter service to move to the servi...

Страница 627: ...ervice config service b Enter ssh to move to the ssh node config service ssh config service ssh c Enter enable to display help for the enable parameter config service ssh enable config service ssh Eit...

Страница 628: ...configuration by entering two periods config service ssh acl zone config service ssh acl You can also move back multiples nodes in the configuration by typing multiple sets of two periods config serv...

Страница 629: ...the end keyword is used to add an element to the end of a list Additionally the end keyword is used to add an element to a list that does not have any elements For example to add an authentication gro...

Страница 630: ...r elements in a list For example to reorder the authentication methods 1 Use the show command to display current authentication method configuration config show auth method 0 local 1 tacacs 2 radius c...

Страница 631: ...user admin password pwd config 3 Save the configuration and apply the change config save Configuration saved 4 Type exit to exit the Admin CLI Depending on your device configuration you may be present...

Страница 632: ...he auth node config auth config auth 2 Enter the revert command with the path set to method config auth revert method config auth 3 Save the configuration and apply the change config auth save Configu...

Страница 633: ...of the config prompt config add auth user user1 config auth user user1 n Method two Create a user by moving through the configuration a At the config prompt enter auth to move to the auth node config...

Страница 634: ...ls serial enable true ports 0 port1 shell enable false config auth user user1 6 Add the user to the admin group config auth user user1 add group end admin config auth user user1 7 Save the configurati...

Страница 635: ...v 641 ping 641 reboot 643 rm 644 scp 645 show analyzer 645 show arp 645 show cloud 645 show config 646 show dhcp lease 646 show dns 646 show event 646 show hotspot 646 show ipsec 647 show l2tp lac 647...

Страница 636: ...t stop 656 system serial clear 656 system serial save 656 system serial show 656 system serial start 657 system serial stop 657 system support report 657 system time set 657 system time sync 657 syste...

Страница 637: ...s name Name of the capture filter to use clear dhcp lease ip address Clear the DHCP lease for the specified IP address Syntax clear dhcp lease ip address ADDRESS Parameters address An IPv4 or IPv6 add...

Страница 638: ...Digi Connect EZ Mini User Guide 638 destination The destination path to copy the source file or directory to force Do not ask to overwrite the destination file if it exists help Show CLI editing and n...

Страница 639: ...line reference Digi Connect EZ Mini User Guide 639 ls List a directory Syntax ls path show hidden Parameters path List files and directories under this path show hidden Show hidden files and directori...

Страница 640: ...I command on modem puk unlock Unlock the SIM with a PUK code from the SIM provider Syntax modem puk unlock puk new pin name STRING imei STRING Parameters puk The SIM s PUK code new pin The PIN code to...

Страница 641: ...metrics upload Immediately upload current device health metrics Functions as if a scheduled upload was triggered Syntax monitoring metrics upload Parameters None more View a file Syntax more path Para...

Страница 642: ...host is reachable over a default route If not specified the system s primary default route will be used source The ping command will send a packet with the source address set to the IP address of this...

Страница 643: ...Command line interface Command line reference Digi Connect EZ Mini User Guide 643 reboot Reboot the system Parameters None...

Страница 644: ...ine interface Command line reference Digi Connect EZ Mini User Guide 644 rm Remove a file or directory Syntax rm path force Parameters path The path to remove force Force the file to be removed withou...

Страница 645: ...remote host or from the remote host to the local device port The SSH port to use to connect to the remote host Minimum 1 Maximum 65535 Default 22 show analyzer Show packets from a specified analyzer...

Страница 646: ...ividual output lines maybe context sensitive and unable to be entered in isolation show dhcp lease Show DHCP leases Syntax show dhcp lease all verbose Parameters all Show all leases active and inactiv...

Страница 647: ...and config data for a specific IPsec tunnel all Display all tunnels including disabled tunnels verbose Display status of one or all tunnels in plain text show l2tp lac Show L2TP access concentrator st...

Страница 648: ...om log Minimum 1 Default 20 filter Filters for type of log message displayed critical warning info debug Note filters from the number of messages retrieved not the whole log this can be very time cons...

Страница 649: ...face Display more details and config data for a specific network interface all Display all interfaces including disabled interfaces verbose Display more information less concise more detail show ntp S...

Страница 650: ...show route ipv4 ipv6 verbose Parameters ipv4 Display IPv4 routes ipv6 Display IPv6 routes verbose Display more information less concise more detail show serial Show serial status statistics Syntax sho...

Страница 651: ...ING all Parameters tunnel The name of a specific IPsec tunnel all Show all IPsec tunnels show surelink openvpn Show SureLink status statistics for OpenVPN clients Syntax show surelink openvpn client S...

Страница 652: ...ics including disabled instances show web filter Show web filter status statistics Syntax show web filter Parameters None speedtest Perform a speed test to a remote host using nuttcp or iPerf The syst...

Страница 653: ...ig archive path STRING passphrase STRING remove custom defaults Parameters type The type of backup file to create Archives are full backups including generated SSH keys and dynamic DHCP lease informat...

Страница 654: ...ase Parameters None system find me Find Me function to flash LEDs on this device to help users locate the unit Syntax system find me state Parameters state Find Me control to flash cellular related LE...

Страница 655: ...system firmware update file Parameters file Firmware filename and path system power ignition off_delay Update the current ignition off delay without changing the configuration Syntax system power igni...

Страница 656: ...ain Syntax system script stop script Parameters script Script to stop system serial clear Clears the serial log Syntax system serial clear port Parameters port Serial port system serial save Saves the...

Страница 657: ...port Serial port system support report Save a support report to a file and include with support requests Syntax system support report path STRING Parameters path The file path to save the support repo...

Страница 658: ...network host Syntax traceroute host ipv6 gateway STRING interface STRING first_ttl INTEGER max_ttl INTEGER port INTEGER nqueries INTEGER src_addr STRING tos INTEGER waittime INTEGER pausemsecs INTEGER...

Страница 659: ...he Type of Service ToS and Precedence value Useful values are 16 low delay and 8 high throughput Note that in order to use some TOS precedence values you have to be super user For IPv6 set the Traffic...

Результаты поиска

Содержание Connect EZ Mini

Отзывы:

Бренды по названию

Популярные бренды

Digi Connect EZ Mini, Руководство пользователя

Результаты поиска

Содержание Connect EZ Mini

Отзывы:

Бренды по названию

Популярные бренды